Documentation ¶
Overview ¶
Package apply contains code for applying changes to network interfaces and wireguard configurations.
Index ¶
- Constants
- func EnsureAllowedIPs(peer *wgtypes.Peer, facts []*fact.Fact, cfg *wgtypes.PeerConfig, ...) *wgtypes.PeerConfig
- func EnsureLocalAutoIP(env networking.Environment, dev *wgtypes.Device) (bool, error)
- func EnsurePeerAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) (peerConfig *wgtypes.PeerConfig, added bool)
- func IsHandshakeHealthy(lastHandshake time.Time) bool
- func OnlyAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) *wgtypes.PeerConfig
- type PeerConfigState
- func (pcs *PeerConfigState) AliveSince() time.Time
- func (pcs *PeerConfigState) AliveUntil() time.Time
- func (pcs *PeerConfigState) Clone() *PeerConfigState
- func (pcs *PeerConfigState) Describe(now time.Time) string
- func (pcs *PeerConfigState) EnsureNotNil() *PeerConfigState
- func (pcs *PeerConfigState) IsAlive() bool
- func (pcs *PeerConfigState) IsBasic() bool
- func (pcs *PeerConfigState) IsHealthy() bool
- func (pcs *PeerConfigState) NextEndpoint(peerName string, peerFacts []*fact.Fact, now time.Time, ...) *net.UDPAddr
- func (pcs *PeerConfigState) TimeForNextEndpoint() bool
- func (pcs *PeerConfigState) TryGetMetadata(attr fact.MemberAttribute) (string, bool)
- func (pcs *PeerConfigState) Update(peer *wgtypes.Peer, configName string, newAlive bool, aliveUntil time.Time, ...) *PeerConfigState
Constants ¶
const HandshakeValidity = HandshakeValidityBase + HealthHysteresisBandaid
HandshakeValidity is how long we thing a handshake should be valid for, including tolerances
const HandshakeValidityBase = device.RekeyAfterTime + device.RekeyTimeout + device.KeepaliveTimeout + device.RekeyTimeoutJitterMaxMs*time.Millisecond
HandshakeValidityBase is the base amount of time we think a handshake should be valid for, without accounting for tolerances
const HealthHysteresisBandaid = 30 * time.Second
HealthHysteresisBandaid is an extra delay to add before considering a peer unhealthy, based on as-yet undiagnosed observations of handshakes not refreshing as often as documentation seems to suggest they should
Variables ¶
This section is empty.
Functions ¶
func EnsureAllowedIPs ¶
func EnsureAllowedIPs( peer *wgtypes.Peer, facts []*fact.Fact, cfg *wgtypes.PeerConfig, allowDeconfigure bool, ) *wgtypes.PeerConfig
EnsureAllowedIPs updates the device config if needed to add all the AllowedIPs from the facts to the peer. This assumes that facts have already been filtered to be just the trusted ones.
func EnsureLocalAutoIP ¶ added in v0.8.2
func EnsureLocalAutoIP(env networking.Environment, dev *wgtypes.Device) (bool, error)
EnsureLocalAutoIP makes sure that the automatic IPv6 link-local IP is present on the interface that matches the device It returns whether it had to add it, and if any errors happened
func EnsurePeerAutoIP ¶
func EnsurePeerAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) (peerConfig *wgtypes.PeerConfig, added bool)
EnsurePeerAutoIP ensures that the config (if any) for the given peer key includes its automatic IPv6-LL address.
func IsHandshakeHealthy ¶ added in v0.2.1
IsHandshakeHealthy returns whether the handshake looks recent enough that the peer is likely to be in communication.
func OnlyAutoIP ¶
func OnlyAutoIP(peer *wgtypes.Peer, cfg *wgtypes.PeerConfig) *wgtypes.PeerConfig
OnlyAutoIP configures a peer to have _only_ its IPv6-LL IP in its AllowedIPs it returns whether a change was attempted and any error that happens
Types ¶
type PeerConfigState ¶
type PeerConfigState struct {
// contains filtered or unexported fields
}
PeerConfigState stores state to remember peer info so we can cycle through configurations effectively
func (*PeerConfigState) AliveSince ¶ added in v0.1.2
func (pcs *PeerConfigState) AliveSince() time.Time
AliveSince gives the time since which the peer has been healthy and alive, or a _very_ far future value if it is not healthy and alive.
func (*PeerConfigState) AliveUntil ¶ added in v0.10.0
func (pcs *PeerConfigState) AliveUntil() time.Time
AliveUntil gives the time until which the peer will be considered alive, or zero value if it is not healthy or alive.
func (*PeerConfigState) Clone ¶ added in v0.9.0
func (pcs *PeerConfigState) Clone() *PeerConfigState
Clone makes a deep clone of the receiver
func (*PeerConfigState) Describe ¶ added in v0.3.0
func (pcs *PeerConfigState) Describe(now time.Time) string
Describe gives a textual summary of the state. Note that this is not done as String() because it doesn't represent the whole object.
func (*PeerConfigState) EnsureNotNil ¶ added in v0.7.2
func (pcs *PeerConfigState) EnsureNotNil() *PeerConfigState
EnsureNotNil returns either its receiver if not nil, or else a new object suitable to be its receiver
func (*PeerConfigState) IsAlive ¶ added in v0.0.2
func (pcs *PeerConfigState) IsAlive() bool
IsAlive returns if the peer looked alive on the last call to `Update`. note that a peer can be alive but unhealthy!
func (*PeerConfigState) IsBasic ¶ added in v0.11.1
func (pcs *PeerConfigState) IsBasic() bool
IsBasic checks if there is a MemberIsBasic attribute present and its value is truthy. If no attribute is present, it returns false.
func (*PeerConfigState) IsHealthy ¶
func (pcs *PeerConfigState) IsHealthy() bool
IsHealthy returns if the peer looked healthy on the last call to `Update`
func (*PeerConfigState) NextEndpoint ¶
func (pcs *PeerConfigState) NextEndpoint( peerName string, peerFacts []*fact.Fact, now time.Time, filter func(*fact.Fact) bool, ) *net.UDPAddr
NextEndpoint recommends the next endpoint to try configuring on the peer, if any, based on the available facts (assumed to all be about the peer!) Note that this does _not_ embed the logic for whether a new endpoint _should_ be attempted (i.e. it doesn't call `TimeForNextEndpoint` internally).
func (*PeerConfigState) TimeForNextEndpoint ¶
func (pcs *PeerConfigState) TimeForNextEndpoint() bool
TimeForNextEndpoint returns if we should try another endpoint for the peer (or if we should wait for the current endpoint to test out)
func (*PeerConfigState) TryGetMetadata ¶ added in v0.11.0
func (pcs *PeerConfigState) TryGetMetadata(attr fact.MemberAttribute) (string, bool)
TryGetMetadata fetches the value of the given member metadata attribute, if it is known.
func (*PeerConfigState) Update ¶
func (pcs *PeerConfigState) Update( peer *wgtypes.Peer, configName string, newAlive bool, aliveUntil time.Time, bootID *uuid.UUID, now time.Time, facts []*fact.Fact, quiet bool, ) *PeerConfigState
Update returns a cloned PeerConfigState with new data from the wireguard device. NOTE: It is safe to call this on a `nil` pointer, it will return a new state. TODO: give this access to the `peerKnowledgeSet` instead of passing in the alive state