internal

package
v0.55.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2025 License: BSD-3-Clause Imports: 81 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PeerConnectionTimeoutMax = 45000 // ms
	PeerConnectionTimeoutMin = 30000 // ms

)

PeerConnectionTimeoutMax is a timeout of an initial connection attempt to a remote peer. E.g. this peer will wait PeerConnectionTimeoutMax for the remote peer to respond, if not successful then it will retry the connection attempt. Todo pass timeout at EnginConfig

Variables

View Source 
var ErrResetConnection = fmt.Errorf("reset connection")

Functions

func CheckUIApp added in v0.26.3 

func CheckUIApp() bool

CheckUIApp checks whether UI application is running.

func CtxGetState 

func CtxGetState(ctx context.Context) *contextState

CtxGetState object to get/update state/errors of process.

func CtxInitState 

func CtxInitState(ctx context.Context) context.Context

CtxInitState setup context state into the context tree.

This function should be used to initialize context before CtxGetState will be executed.

func IsLoginRequired added in v0.14.5 

func IsLoginRequired(ctx context.Context, config *profilemanager.Config) (bool, error)

IsLoginRequired check that the server is support SSO or not

func Login 

func Login(ctx context.Context, config *profilemanager.Config, setupKey string, jwtToken string) error

Login or register the client

Types

type ConnMgr added in v0.45.0 

type ConnMgr struct {
	// contains filtered or unexported fields
}

ConnMgr coordinates both lazy connections (established on-demand) and permanent peer connections.

The connection manager is responsible for: - Managing lazy connections via the lazyConnManager - Maintaining a list of excluded peers that should always have permanent connections - Handling connection establishment based on peer signaling

The implementation is not thread-safe; it is protected by engine.syncMsgMux.

func NewConnMgr added in v0.45.0 

func NewConnMgr(engineConfig *EngineConfig, statusRecorder *peer.Status, peerStore *peerstore.Store, iface lazyconn.WGIface) *ConnMgr

func (*ConnMgr) ActivatePeer added in v0.50.0 

func (e *ConnMgr) ActivatePeer(ctx context.Context, conn *peer.Conn)

func (*ConnMgr) AddPeerConn added in v0.45.0 

func (e *ConnMgr) AddPeerConn(ctx context.Context, peerKey string, conn *peer.Conn) (exists bool)

func (*ConnMgr) Close added in v0.45.0 

func (e *ConnMgr) Close()

func (*ConnMgr) DeactivatePeer added in v0.50.0 

func (e *ConnMgr) DeactivatePeer(conn *peer.Conn)

DeactivatePeer deactivates a peer connection in the lazy connection manager. If locally the lazy connection is disabled, we force the peer connection open.

func (*ConnMgr) RemovePeerConn added in v0.45.0 

func (e *ConnMgr) RemovePeerConn(peerKey string)

func (*ConnMgr) SetExcludeList added in v0.45.0 

func (e *ConnMgr) SetExcludeList(ctx context.Context, peerIDs map[string]bool)

SetExcludeList sets the list of peer IDs that should always have permanent connections.

func (*ConnMgr) Start added in v0.45.0 

func (e *ConnMgr) Start(ctx context.Context)

Start initializes the connection manager and starts the lazy connection manager if enabled by env var or cmd line option.

func (*ConnMgr) UpdateRouteHAMap added in v0.47.0 

func (e *ConnMgr) UpdateRouteHAMap(haMap route.HAMap)

UpdateRouteHAMap updates the route HA mappings in the lazy connection manager

func (*ConnMgr) UpdatedRemoteFeatureFlag added in v0.45.0 

func (e *ConnMgr) UpdatedRemoteFeatureFlag(ctx context.Context, enabled bool) error

UpdatedRemoteFeatureFlag is called when the remote feature flag is updated. If enabled, it initializes the lazy connection manager and start it. Do not need to call Start() again. If disabled, then it closes the lazy connection manager and open the connections to all peers.

type ConnectClient added in v0.27.5 

type ConnectClient struct {
	// contains filtered or unexported fields
}

func NewConnectClient added in v0.27.5 

func NewConnectClient(
	ctx context.Context,
	config *profilemanager.Config,
	statusRecorder *peer.Status,

) *ConnectClient

func (*ConnectClient) Engine added in v0.27.5 

func (c *ConnectClient) Engine() *Engine

func (*ConnectClient) GetLatestSyncResponse added in v0.53.0 

func (c *ConnectClient) GetLatestSyncResponse() (*mgmProto.SyncResponse, error)

GetLatestSyncResponse returns the latest sync response from the engine.

func (*ConnectClient) Run added in v0.27.5 

func (c *ConnectClient) Run(runningChan chan struct{}) error

Run with main logic.

func (*ConnectClient) RunOnAndroid added in v0.27.5 

func (c *ConnectClient) RunOnAndroid(
	tunAdapter device.TunAdapter,
	iFaceDiscover stdnet.ExternalIFaceDiscover,
	networkChangeListener listener.NetworkChangeListener,
	dnsAddresses []netip.AddrPort,
	dnsReadyListener dns.ReadyListener,
) error

RunOnAndroid with main logic on mobile system

func (*ConnectClient) RunOniOS added in v0.27.5 

func (c *ConnectClient) RunOniOS(
	fileDescriptor int32,
	networkChangeListener listener.NetworkChangeListener,
	dnsManager dns.IosDnsManager,
	stateFilePath string,
) error

func (*ConnectClient) SetSyncResponsePersistence added in v0.53.0 

func (c *ConnectClient) SetSyncResponsePersistence(enabled bool)

SetSyncResponsePersistence enables or disables sync response persistence. When enabled, the last received sync response will be stored and can be retrieved through the Engine's GetLatestSyncResponse method. When disabled, any stored sync response will be cleared.

func (*ConnectClient) Status added in v0.34.0 

func (c *ConnectClient) Status() StatusType

Status returns the current client status

func (*ConnectClient) Stop added in v0.29.0 

func (c *ConnectClient) Stop() error

type DeviceAuthProviderConfig added in v0.22.0 

type DeviceAuthProviderConfig struct {
	// ClientID An IDP application client id
	ClientID string
	// ClientSecret An IDP application client secret
	ClientSecret string
	// Domain An IDP API domain
	// Deprecated. Use OIDCConfigEndpoint instead
	Domain string
	// Audience An Audience for to authorization validation
	Audience string
	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
	TokenEndpoint string
	// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
	DeviceAuthEndpoint string
	// Scopes provides the scopes to be included in the token request
	Scope string
	// UseIDToken indicates if the id token should be used for authentication
	UseIDToken bool
}

DeviceAuthProviderConfig has all attributes needed to initiate a device authorization flow

type DeviceAuthorizationFlow 

type DeviceAuthorizationFlow struct {
	Provider       string
	ProviderConfig DeviceAuthProviderConfig
}

DeviceAuthorizationFlow represents Device Authorization Flow information

func GetDeviceAuthorizationFlowInfo 

func GetDeviceAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL) (DeviceAuthorizationFlow, error)

GetDeviceAuthorizationFlowInfo initialize a DeviceAuthorizationFlow instance and return with it

type Engine 

type Engine struct {

	// STUNs is a list of STUN servers used by ICE
	STUNs []*stun.URI
	// TURNs is a list of STUN servers used by ICE
	TURNs []*stun.URI
	// contains filtered or unexported fields
}

Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.

func NewEngine 

func NewEngine(
	clientCtx context.Context,
	clientCancel context.CancelFunc,
	signalClient signal.Client,
	mgmClient mgm.Client,
	relayManager *relayClient.Manager,
	config *EngineConfig,
	mobileDep MobileDependency,
	statusRecorder *peer.Status,
	checks []*mgmProto.Checks,
) *Engine

NewEngine creates a new Connection Engine with probes attached

func (*Engine) Address added in v0.37.0 

func (e *Engine) Address() (netip.Addr, error)

func (*Engine) GetFirewallManager added in v0.36.6 

func (e *Engine) GetFirewallManager() firewallManager.Manager

GetFirewallManager returns the firewall manager

func (*Engine) GetLatestSyncResponse added in v0.53.0 

func (e *Engine) GetLatestSyncResponse() (*mgmProto.SyncResponse, error)

GetLatestSyncResponse returns the stored sync response if persistence is enabled

func (*Engine) GetNet added in v0.37.0 

func (e *Engine) GetNet() (*netstack.Net, error)

func (*Engine) GetRouteManager added in v0.27.4 

func (e *Engine) GetRouteManager() routemanager.Manager

GetRouteManager returns the route manager

func (*Engine) GetWgAddr added in v0.36.6 

func (e *Engine) GetWgAddr() netip.Addr

GetWgAddr returns the wireguard address

func (*Engine) RunHealthProbes added in v0.36.5 

func (e *Engine) RunHealthProbes() bool

RunHealthProbes executes health checks for Signal, Management, Relay and WireGuard services and updates the status recorder with the latest states.

func (*Engine) SetSyncResponsePersistence added in v0.53.0 

func (e *Engine) SetSyncResponsePersistence(enabled bool)

SetSyncResponsePersistence enables or disables sync response persistence

func (*Engine) Start 

func (e *Engine) Start() error

Start creates a new WireGuard tunnel interface and listens to events from Signal and Management services Connections to remote peers are not established here. However, they will be established once an event with a list of peers to connect to will be received from Management Service

func (*Engine) Stop 

func (e *Engine) Stop() error

type EngineConfig 

type EngineConfig struct {
	WgPort      int
	WgIfaceName string

	// WgAddr is a Wireguard local address (Netbird Network IP)
	WgAddr string

	// WgPrivateKey is a Wireguard private key of our peer (it MUST never leave the machine)
	WgPrivateKey wgtypes.Key

	// NetworkMonitor is a flag to enable network monitoring
	NetworkMonitor bool

	// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
	IFaceBlackList       []string
	DisableIPv6Discovery bool

	PreSharedKey *wgtypes.Key

	// UDPMuxPort default value 0 - the system will pick an available port
	UDPMuxPort int

	// UDPMuxSrflxPort default value 0 - the system will pick an available port
	UDPMuxSrflxPort int

	// SSHKey is a private SSH key in a PEM format
	SSHKey []byte

	NATExternalIPs []string

	CustomDNSAddress string

	RosenpassEnabled    bool
	RosenpassPermissive bool

	ServerSSHAllowed bool

	DNSRouteInterval time.Duration

	DisableClientRoutes bool
	DisableServerRoutes bool
	DisableDNS          bool
	DisableFirewall     bool
	BlockLANAccess      bool
	BlockInbound        bool

	LazyConnectionEnabled bool
}

EngineConfig is a config for the Engine

type MobileDependency added in v0.17.0 

type MobileDependency struct {
	// Android only
	TunAdapter            device.TunAdapter
	IFaceDiscover         stdnet.ExternalIFaceDiscover
	NetworkChangeListener listener.NetworkChangeListener
	HostDNSAddresses      []netip.AddrPort
	DnsReadyListener      dns.ReadyListener

	//	iOS only
	DnsManager     dns.IosDnsManager
	FileDescriptor int32
	StateFilePath  string
}

MobileDependency collect all dependencies for mobile platform

type PKCEAuthProviderConfig added in v0.22.0 

type PKCEAuthProviderConfig struct {
	// ClientID An IDP application client id
	ClientID string
	// ClientSecret An IDP application client secret
	ClientSecret string
	// Audience An Audience for to authorization validation
	Audience string
	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
	TokenEndpoint string
	// AuthorizationEndpoint is the endpoint of an IDP manager where clients can obtain authorization code
	AuthorizationEndpoint string
	// Scopes provides the scopes to be included in the token request
	Scope string
	// RedirectURL handles authorization code from IDP manager
	RedirectURLs []string
	// UseIDToken indicates if the id token should be used for authentication
	UseIDToken bool
	// ClientCertPair is used for mTLS authentication to the IDP
	ClientCertPair *tls.Certificate
	// DisablePromptLogin makes the PKCE flow to not prompt the user for login
	DisablePromptLogin bool
	// LoginFlag is used to configure the PKCE flow login behavior
	LoginFlag common.LoginFlag
}

PKCEAuthProviderConfig has all attributes needed to initiate pkce authorization flow

type PKCEAuthorizationFlow added in v0.22.0 

type PKCEAuthorizationFlow struct {
	ProviderConfig PKCEAuthProviderConfig
}

PKCEAuthorizationFlow represents PKCE Authorization Flow information

func GetPKCEAuthorizationFlowInfo added in v0.22.0 

func GetPKCEAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL, clientCert *tls.Certificate) (PKCEAuthorizationFlow, error)

GetPKCEAuthorizationFlowInfo initialize a PKCEAuthorizationFlow instance and return with it

type Peer 

type Peer struct {
	WgPubKey     string
	WgAllowedIps string
}

Peer is an instance of the Connection Peer

type SessionWatcher added in v0.26.3 

type SessionWatcher struct {
	// contains filtered or unexported fields
}

func NewSessionWatcher added in v0.26.3 

func NewSessionWatcher(ctx context.Context, peerStatusRecorder *peer.Status) *SessionWatcher

NewSessionWatcher creates a new instance of SessionWatcher.

func (*SessionWatcher) SetOnExpireListener added in v0.26.3 

func (s *SessionWatcher) SetOnExpireListener(onExpire func())

SetOnExpireListener sets the callback func to be called when the session expires.

type StatusType 

type StatusType string
const (
	StatusIdle StatusType = "Idle"

	StatusConnecting     StatusType = "Connecting"
	StatusConnected      StatusType = "Connected"
	StatusNeedsLogin     StatusType = "NeedsLogin"
	StatusLoginFailed    StatusType = "LoginFailed"
	StatusSessionExpired StatusType = "SessionExpired"
)

type WGIface added in v0.37.0 

type WGIface interface {
	// contains filtered or unexported methods
}

Source Files

View all Source files

Directories

Path Synopsis
acl
id
mocks
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.
dns
local
test
types
manager
Package lazyconn provides mechanisms for managing lazy connections, which activate on demand to optimize resource usage and establish connections efficiently.
 Package lazyconn provides mechanisms for managing lazy connections, which activate on demand to optimize resource usage and establish connections efficiently.
activity
inactivity
manager
conntrack
logger
store
types
conntype
dispatcher
guard
ice
id
worker
client
common
dnsinterceptor
dynamic
fakeip
iface
ipfwdstate
notifier
refcounter
server
static
sysctl
systemops
util
vars
Package stdnet is an extension of the pion's stdnet.
 Package stdnet is an extension of the pion's stdnet.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.