Documentation
¶
Index ¶
- Constants
- Variables
- func AutoActive() bool
- func AutoAlwaysRemote() bool
- func AutoModeStr() string
- func DefaultTunMode()
- func DupTunFd(yn bool) (prev bool)
- func L3(engine int) string
- func SetAutoDialsParallel(y bool) (prev bool)
- func SetAutoMode(m int32) (prev int32)
- func SetDialerOpts(strat, retry, timeoutsec int32, keepalive bool) bool
- func SetPlusStrategy(new int) bool
- func SetTunMode(d, b, pt int32)
- type AutoModeType
- type DNSOptions
- type DialerOpts
- type ProxyOptions
Constants ¶
const ( // SplitAuto is the default dial strategy; chosen by the engine. SplitAuto int32 = iota // SplitTCPOrTLS splits first TCP segment or fragments the TLS SNI header. SplitTCPOrTLS // SplitTCP splits the first TCP segment. SplitTCP // SplitDesync splits the first TCP segment after desynchronizing the connection // by sending a different, but fixed, first TCP segement to the censor. SplitDesync // SplitNever doesn't muck; connects as-is. SplitNever )
Dial strategies
const ( // RetryAfterSplit retries connection as-is after split fails. RetryAfterSplit int32 = iota // RetryWithSplit connects as-is, but retries with split. RetryWithSplit // RetryNever never retries. RetryNever )
Retry strategies
const ( PlusFilterSafest = iota PlusOrderRandom PlusOrderFastest PlusOrderRobust )
const ( Ns4 = 0b010 // 2 Ns46 = 0b110 // 6 Ns6 = 0b100 // 4 )
msb to lsb: ipv6, ipv4, lwip(1) or netstack(0)
const ( IP4 = "4" IP46 = "46" IP6 = "6" )
IP4, IP46, IP6 are string'd repr of Ns4, Ns46, Ns6
const ( // local mode: backend.Auto uses local proxies (ex: ipn.Exit) only. AutoModeLocal int32 = iota // remote mode: backend.Auto uses remote proxies (ex: RPN) only. AutoModeRemote // hybrid mode: backend.Auto uses local and remote proxies. AutoModeHybrid )
const ( // DNSModeNone does not redirect DNS queries sent to the tunnel. DNSModeNone int32 = 0 // DNSModeIP redirects DNS requests sent to the IP endpoint set by VPN. DNSModeIP int32 = 1 // DNSModePort redirects all DNS requests on port 53. DNSModePort int32 = 2 )
const ( // BlockModeNone filters no packet. BlockModeNone int32 = 0 // BlockModeFilter filters packets on connection establishment. BlockModeFilter int32 = 1 // BlockModeSink blackholes all packets. BlockModeSink int32 = 2 // BlockModeFilterProc determines owner-uid of a tcp/udp connection // from procfs before filtering BlockModeFilterProc int32 = 3 )
const ( // PtModeAuto does not enforce (but may still use) 6to4 protocol translation. PtModeAuto int32 = 0 // PtModeForce64 enforces 6to4 protocol translation. PtModeForce64 int32 = 1 // Android implements 464Xlat out-of-the-box, so this zero userspace impl PtModeNo46 int32 = 2 )
const AndroidCcUa = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36"
Android's default user-agent as set for connectivity checks PROBE_HTTPS https://www.google.com/generate_204 time=183ms ret=204 request={Connection=[close], User-Agent=[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36]} headers={null=[HTTP/1.1 204 No Content], Alt-Svc=[h3=":443"; ma=2592000,h3-29=":443"; ma=2592000], Connection=[close], Content-Length=[0], Cross-Origin-Resource-Policy=[cross-origin], Date=[Fri, 27 Jun 2025 10:56:24 GMT], X-Android-Received-Millis=[1751021784573], X-Android-Response-Source=[NETWORK 204], X-Android-Selected-Protocol=[http/1.1], X-Android-Sent-Millis=[1751021784495]}
const IntraUa = "Intra"
const NICID = 0x01
NICID is the default network interface card ID for the network stack.
Variables ¶
var AutoDialsParallel atomic.Bool
AutoDialsParallel is a global variable to instruct ipn.Auto proxy to use parallel dialing for all proxies.
var AutoMode atomic.Int32
AutoMode is a global variable to instruct if backend.Auto proxy is in local, remote, or hybrid mode. In local mode, backend.Auto uses local proxies (ex: ipn.Exit) only. In remote mode, backend.Auto uses remote proxies (ex: RPN).
var BlockMode atomic.Int32
BlockMode instructs change in firewall behaviour.
var DNSMode atomic.Int32
DNSMode specifies the kind of DNS traffic to be trapped and routed to DoH servers
var Debug bool = false
Debug is a global flag to enable debug behaviour.
var EndpointIndependentFiltering = atomic.Bool{}
EndpointIndependentFiltering is a global flag to enable endpoint-independent filtering for UDP as per RFC 4787.
var EndpointIndependentMapping = atomic.Bool{}
EndpointIndependentMapping is a global flag to enable endpoint-independent mapping for UDP as per RFC 4787.
var ExperimentalWireGuard = atomic.Bool{}
ExperimentalWireGuard is a global flag to enable experimental settings for WireGuard.
var Loopingback = atomic.Bool{}
Loopingback is a global flag to adjust netstack behaviour wrt preventing split dialing, closing tunfd without delay etc.
var OwnTunFd = atomic.Bool{}
OwnTunFd is a global flag to indicate that the TUN fd is fully owned by netstack.
var PanicAtRandom = atomic.Bool{}
PanicAtRandom is a global flag to panic the network engine every once in a while (for testing).
var PlusStrat = atomic.Int32{}
var PortForward = atomic.Bool{}
PortForward is a global flag to enable bound to the same port for the outgoing conn as the incoming sockisfied conn.
var PtMode atomic.Int32
PtMode determines 6to4 translation heuristics.
var SetUserAgent = atomic.Bool{}
SetUserAgent is a global flag to set User-Agent for DoH requests to "Intra" and for HTTP "Reaches" checks to the Android default.
var SingleThreaded = atomic.Bool{}
SingleThreaded is a global flag to run Netstack's packet forwarder in a single-threaded mode.
var SystemDNSForUndelegatedDomains = atomic.Bool{}
SystemDNSForUndelegatedDomains is a global flag to always use System DNS for undelegated domains.
Functions ¶
func AutoAlwaysRemote ¶
func AutoAlwaysRemote() bool
backend.Auto must use remote proxies and never use local (ex: ipn.Exit) ones.
func AutoModeStr ¶
func AutoModeStr() string
func DefaultTunMode ¶
func DefaultTunMode()
DefaultTunMode returns a new default TunMode with IP-only DNS capture and replay (not all DNS traffic but only the DNS traffic sent to [tcp/udp]handler.fakedns is captured and replayed to the remote DoH server) and with firewall disabled.
func DupTunFd ¶
DupTunFd instructs whether the TUN fd should be duplicated (netstack to own a clone of the TUN fd, and will not assume ownership of the TUN fd shared with it).
func SetAutoDialsParallel ¶
SetAutoDialsParallel puts backend.Auto in parallel-dial mode if y is true. That is, backend.Auto will dial all (available) RPN proxies in parallel.
func SetAutoMode ¶
SetAutoMode sets the global AutoMode variable to y. Indicates if backend.Auto proxy is in local, remote, or hybrid mode.
func SetDialerOpts ¶
SetDialerOpts sets the dialer options to use.
func SetPlusStrategy ¶
SetPlusStrategy returns the order strategy for Plus DNS transports.
func SetTunMode ¶
func SetTunMode(d, b, pt int32)
SetMode re-assigns d to DNSMode, b to BlockMode, pt to NatPtMode.
Types ¶
type AutoModeType ¶
type AutoModeType int32
func (AutoModeType) String ¶
func (m AutoModeType) String() string
type DNSOptions ¶
type DNSOptions struct {
// contains filtered or unexported fields
}
DNSOptions define https or socks5 proxy options
func NewDNSOptions ¶
func NewDNSOptions(ipport string) (*DNSOptions, error)
NewDNSOptions returns a new DNSOpitons object.
func NewDNSOptionsFromHostname ¶
func NewDNSOptionsFromHostname(hostOrHostPort, ipcsv string) (*DNSOptions, error)
func NewDNSOptionsFromNetIp ¶
func NewDNSOptionsFromNetIp(ipp netip.AddrPort) (*DNSOptions, error)
func (*DNSOptions) AddrPort ¶
func (d *DNSOptions) AddrPort() string
AddrPort returns the ip:port or host:port.
func (*DNSOptions) Port ¶
func (d *DNSOptions) Port() uint16
func (*DNSOptions) ResolvedAddrs ¶
func (d *DNSOptions) ResolvedAddrs() string
func (*DNSOptions) String ¶
func (d *DNSOptions) String() string
type DialerOpts ¶
type DialerOpts struct {
// Strat is the dialing strategy.
Strat int32
// Retry is the retry strategy.
Retry int32
// LowerKeepAlive is the flag to enable low TCP keep-alive.
// Currently, 600s for idle, 5s for interval, and 4 probes.
LowerKeepAlive bool
// Read timeout for outgoing tcp & udp connections.
ReadTimeoutSec int32
// Write timeout for outgoing tcp & udp connections.
WriteTimeoutSec int32
}
DialerOpts define dialer options.
func (DialerOpts) String ¶
func (d DialerOpts) String() string
type ProxyOptions ¶
type ProxyOptions struct {
Auth *proxy.Auth
IP string // just the ip
Host string // just the hostname (no port)
Port string // just the port number
IPPort string // may be a url or ip:port
Scheme string // http, https, socks5, pip
Addrs []string // list of ips if ipport is a url; may be nil
}
ProxyOptions define https or socks5 proxy options
func NewAuthProxyOptions ¶
func NewAuthProxyOptions(scheme, username, password, ip, port string, addrs []string) *ProxyOptions
NewAuthProxyOptions returns a new ProxyOptions object with authentication object.
func NewProxyOptions ¶
func NewProxyOptions(ip string, port string) *ProxyOptions
NewProxyOptions returns a new ProxyOptions object.
func (*ProxyOptions) FullUrl ¶
func (p *ProxyOptions) FullUrl() string
FullUrl returns the full url with auth.
func (*ProxyOptions) HasAuth ¶
func (p *ProxyOptions) HasAuth() bool
HasAuth returns true if p has auth params.
func (*ProxyOptions) String ¶
func (p *ProxyOptions) String() string
Source Files