apply

package
v0.14.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 9, 2024 License: AGPL-3.0 Imports: 11 Imported by: 0

Documentation

Overview

Package apply contains code for applying changes to network interfaces and wireguard configurations.

Index

Constants

View Source 
const HandshakeValidity = HandshakeValidityBase + HealthHysteresisBandaid

HandshakeValidity is how long we thing a handshake should be valid for, including tolerances

View Source 
const HandshakeValidityBase = device.RekeyAfterTime +
	device.RekeyTimeout +
	device.KeepaliveTimeout +
	device.RekeyTimeoutJitterMaxMs*time.Millisecond

HandshakeValidityBase is the base amount of time we think a handshake should be valid for, without accounting for tolerances

View Source 
const HealthHysteresisBandaid = 30 * time.Second

HealthHysteresisBandaid is an extra delay to add before considering a peer unhealthy, based on as-yet undiagnosed observations of handshakes not refreshing as often as documentation seems to suggest they should

Variables

This section is empty.

Functions

func EnsureAllowedIPs 

func EnsureAllowedIPs(
	peer *wgtypes.Peer,
	facts []*fact.Fact,
	cfg *wgtypes.PeerConfig,
	allowDeconfigure bool,
) *wgtypes.PeerConfig

EnsureAllowedIPs updates the device config if needed to add all the AllowedIPs from the facts to the peer. This assumes that facts have already been filtered to be just the trusted ones.

func EnsureLocalAutoIP added in v0.8.2 

func EnsureLocalAutoIP(env networking.Environment, dev *wgtypes.Device) (bool, error)

EnsureLocalAutoIP makes sure that the automatic IPv6 link-local IP is present on the interface that matches the device It returns whether it had to add it, and if any errors happened

func EnsurePeerAutoIP 

func EnsurePeerAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) (peerConfig *wgtypes.PeerConfig, added bool)

EnsurePeerAutoIP ensures that the config (if any) for the given peer key includes its automatic IPv6-LL address.

func IsHandshakeHealthy added in v0.2.1 

func IsHandshakeHealthy(lastHandshake time.Time) bool

IsHandshakeHealthy returns whether the handshake looks recent enough that the peer is likely to be in communication.

func OnlyAutoIP 

func OnlyAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) *wgtypes.PeerConfig

OnlyAutoIP configures a peer to have _only_ its IPv6-LL IP in its AllowedIPs it returns whether a change was attempted and any error that happens

Types

type PeerConfigState 

type PeerConfigState struct {
	// contains filtered or unexported fields
}

PeerConfigState stores state to remember peer info so we can cycle through configurations effectively

func (*PeerConfigState) AliveSince added in v0.1.2 

func (pcs *PeerConfigState) AliveSince() time.Time

AliveSince gives the time since which the peer has been healthy and alive, or a _very_ far future value if it is not healthy and alive.

func (*PeerConfigState) AliveUntil added in v0.10.0 

func (pcs *PeerConfigState) AliveUntil() time.Time

AliveUntil gives the time until which the peer will be considered alive, or zero value if it is not healthy or alive.

func (*PeerConfigState) Clone added in v0.9.0 

func (pcs *PeerConfigState) Clone() *PeerConfigState

Clone makes a deep clone of the receiver

func (*PeerConfigState) Describe added in v0.3.0 

func (pcs *PeerConfigState) Describe(now time.Time) string

Describe gives a textual summary of the state. Note that this is not done as String() because it doesn't represent the whole object.

func (*PeerConfigState) EnsureNotNil added in v0.7.2 

func (pcs *PeerConfigState) EnsureNotNil() *PeerConfigState

EnsureNotNil returns either its receiver if not nil, or else a new object suitable to be its receiver

func (*PeerConfigState) IsAlive added in v0.0.2 

func (pcs *PeerConfigState) IsAlive() bool

IsAlive returns if the peer looked alive on the last call to `Update`. note that a peer can be alive but unhealthy!

func (*PeerConfigState) IsBasic added in v0.11.1 

func (pcs *PeerConfigState) IsBasic() bool

IsBasic checks if there is a MemberIsBasic attribute present and its value is truthy. If no attribute is present, it returns false.

func (*PeerConfigState) IsHealthy 

func (pcs *PeerConfigState) IsHealthy() bool

IsHealthy returns if the peer looked healthy on the last call to `Update`

func (*PeerConfigState) NextEndpoint 

func (pcs *PeerConfigState) NextEndpoint(
	peerName string,
	peerFacts []*fact.Fact,
	now time.Time,
	filter func(*fact.Fact) bool,
) *net.UDPAddr

NextEndpoint recommends the next endpoint to try configuring on the peer, if any, based on the available facts (assumed to all be about the peer!) Note that this does _not_ embed the logic for whether a new endpoint _should_ be attempted (i.e. it doesn't call `TimeForNextEndpoint` internally).

func (*PeerConfigState) TimeForNextEndpoint 

func (pcs *PeerConfigState) TimeForNextEndpoint() bool

TimeForNextEndpoint returns if we should try another endpoint for the peer (or if we should wait for the current endpoint to test out)

func (*PeerConfigState) TryGetMetadata added in v0.11.0 

func (pcs *PeerConfigState) TryGetMetadata(attr fact.MemberAttribute) (string, bool)

TryGetMetadata fetches the value of the given member metadata attribute, if it is known.

func (*PeerConfigState) Update 

func (pcs *PeerConfigState) Update(
	peer *wgtypes.Peer,
	configName string,
	newAlive bool,
	aliveUntil time.Time,
	bootID *uuid.UUID,
	now time.Time,
	facts []*fact.Fact,
	quiet bool,
) *PeerConfigState

Update returns a cloned PeerConfigState with new data from the wireguard device. NOTE: It is safe to call this on a `nil` pointer, it will return a new state. TODO: give this access to the `peerKnowledgeSet` instead of passing in the alive state

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.