Documentation
¶
Index ¶
- Constants
- Variables
- func RandomDecoyURL() string
- func TunnelDir(tag string) string
- func ValidatePassword(p string) error
- func ValidateTagName(tag string) error
- type BackendConfig
- type Config
- func (c *Config) AddTunnel(t TunnelConfig)
- func (c *Config) AddUser(u UserConfig)
- func (c *Config) GetBackend(tag string) *BackendConfig
- func (c *Config) GetTunnel(tag string) *TunnelConfig
- func (c *Config) GetUser(username string) *UserConfig
- func (c *Config) NextAvailablePort() int
- func (c *Config) RemoveTunnel(tag string) bool
- func (c *Config) RemoveUser(username string) bool
- func (c *Config) Save() error
- func (c *Config) SaveTo(path string) error
- func (c *Config) UniqueTag(base string) string
- func (c *Config) UpdateTunnel(t TunnelConfig)
- func (c *Config) Validate() error
- func (c *Config) ValidateNewTunnel(t *TunnelConfig) error
- type DNSTTConfig
- type ListenConfig
- type NaiveConfig
- type RouteConfig
- type SOCKSConfig
- type SlipstreamConfig
- type StunTLSConfig
- type TunnelConfig
- type UserConfig
- type VayDNSConfig
- type WarpConfig
Constants ¶
const ( BackendSOCKS = "socks" BackendSSH = "ssh" )
Backend types.
const ( DefaultConfigDir = "/etc/slipgate" DefaultConfigFile = "/etc/slipgate/config.json" DefaultTunnelDir = "/etc/slipgate/tunnels" DefaultBinDir = "/usr/local/bin" SystemUser = "slipgate" SystemGroup = "slipgate" SSHGroup = "slipgate-ssh" )
const ( TransportDNSTT = "dnstt" TransportSlipstream = "slipstream" TransportVayDNS = "vaydns" TransportNaive = "naive" TransportStunTLS = "stuntls" TransportSSH = "direct-ssh" TransportSOCKS = "direct-socks5" TransportExternal = "external" )
Transport types.
const BasePort = 5310
BasePort is the starting port for DNS tunnel forwarding.
const DefaultMTU = 1232
DefaultMTU for DNS tunnels.
Variables ¶
var TransportBinaries = map[string]string{
TransportDNSTT: "dnstt-server",
TransportSlipstream: "slipstream-server",
TransportVayDNS: "vaydns-server",
TransportNaive: "caddy-naive",
}
TransportBinaries maps transport types to their required binaries.
var ValidVayDNSRecordTypes = []string{"txt", "cname", "a", "aaaa", "mx", "ns", "srv", "null", "caa"}
ValidVayDNSRecordTypes lists the valid DNS record types for VayDNS.
Functions ¶
func ValidatePassword ¶ added in v1.6.3
ValidatePassword rejects characters that can't round-trip through every place slipgate serializes a password: `chpasswd` stdin (`user:pass` lines, so ':' splits and '\n' terminates), and the SOCKS5 creds file (same `user:pass\n` framing). Also rejects control characters, which are generally unsafe in shadow-file passwords.
func ValidateTagName ¶ added in v1.4.1
ValidateTagName checks if a tag name is valid.
Types ¶
type BackendConfig ¶
type BackendConfig struct {
Tag string `json:"tag"`
Type string `json:"type"`
Address string `json:"address"`
SOCKS *SOCKSConfig `json:"socks,omitempty"`
}
BackendConfig defines a backend service.
func DefaultBackends ¶
func DefaultBackends() []BackendConfig
DefaultBackends returns the standard backend configs.
type Config ¶
type Config struct {
Listen ListenConfig `json:"listen"`
Tunnels []TunnelConfig `json:"tunnels"`
Backends []BackendConfig `json:"backends"`
Users []UserConfig `json:"users,omitempty"`
Route RouteConfig `json:"route"`
Warp WarpConfig `json:"warp,omitempty"`
// contains filtered or unexported fields
}
Config is the top-level slipgate configuration.
func (*Config) AddTunnel ¶
func (c *Config) AddTunnel(t TunnelConfig)
AddTunnel adds a tunnel to the config.
func (*Config) AddUser ¶
func (c *Config) AddUser(u UserConfig)
AddUser adds a user to the config. If a user with the same username already exists, it is updated in place instead of creating a duplicate.
func (*Config) GetBackend ¶
func (c *Config) GetBackend(tag string) *BackendConfig
GetBackend returns a backend by tag.
func (*Config) GetTunnel ¶
func (c *Config) GetTunnel(tag string) *TunnelConfig
GetTunnel returns a tunnel by tag.
func (*Config) GetUser ¶
func (c *Config) GetUser(username string) *UserConfig
GetUser returns a user by username.
func (*Config) NextAvailablePort ¶
NextAvailablePort returns the next unused port starting from BasePort.
func (*Config) RemoveTunnel ¶
RemoveTunnel removes a tunnel by tag.
func (*Config) RemoveUser ¶
RemoveUser removes a user by username.
func (*Config) UniqueTag ¶ added in v1.4.1
UniqueTag returns a tag that doesn't conflict with existing tunnels. If base is available it is returned as-is, otherwise a numeric suffix is appended.
func (*Config) UpdateTunnel ¶
func (c *Config) UpdateTunnel(t TunnelConfig)
UpdateTunnel replaces a tunnel config by tag.
func (*Config) ValidateNewTunnel ¶
func (c *Config) ValidateNewTunnel(t *TunnelConfig) error
ValidateNewTunnel checks a tunnel against the existing config.
type DNSTTConfig ¶
type DNSTTConfig struct {
MTU int `json:"mtu"`
PrivateKey string `json:"private_key"` // path to key file
PublicKey string `json:"public_key"` // hex-encoded public key
}
DNSTTConfig holds config for DNSTT transport (serves both DNSTT and NoizDNS clients).
type ListenConfig ¶
type ListenConfig struct {
Address string `json:"address"`
}
ListenConfig defines the DNS listen address.
type NaiveConfig ¶
type NaiveConfig struct {
Email string `json:"email"`
DecoyURL string `json:"decoy_url"`
Port int `json:"port"` // typically 443
User string `json:"user,omitempty"`
Password string `json:"password,omitempty"`
}
NaiveConfig holds config for naiveproxy transport.
type RouteConfig ¶
type RouteConfig struct {
Mode string `json:"mode"` // "single" or "multi"
Active string `json:"active"` // active tunnel tag (single mode)
Default string `json:"default"` // default tunnel tag (multi mode fallback)
}
RouteConfig defines routing behavior.
type SOCKSConfig ¶
type SOCKSConfig struct {
User string `json:"user,omitempty"`
Password string `json:"password,omitempty"`
}
SOCKSConfig holds SOCKS-specific settings.
type SlipstreamConfig ¶
type SlipstreamConfig struct {
Cert string `json:"cert"` // path to cert file
Key string `json:"key"` // path to key file
}
SlipstreamConfig holds config for slipstream transport.
type StunTLSConfig ¶ added in v1.6.0
type StunTLSConfig struct {
Cert string `json:"cert"` // path to TLS certificate
Key string `json:"key"` // path to TLS private key
Port int `json:"port"` // listen port (typically 443)
}
StunTLSConfig holds config for the TLS + WebSocket SSH proxy transport. Accepts both raw TLS connections (stunnel-style) and WebSocket upgrades, forwarding traffic to the SSH daemon.
type TunnelConfig ¶
type TunnelConfig struct {
Tag string `json:"tag"`
Transport string `json:"transport"`
Backend string `json:"backend"`
Domain string `json:"domain"`
Port int `json:"port,omitempty"` // DNS tunnels: internal forwarding port (5310+)
Enabled bool `json:"enabled"`
// Transport-specific configs (only one set per tunnel)
DNSTT *DNSTTConfig `json:"dnstt,omitempty"`
Slipstream *SlipstreamConfig `json:"slipstream,omitempty"`
VayDNS *VayDNSConfig `json:"vaydns,omitempty"`
Naive *NaiveConfig `json:"naive,omitempty"`
StunTLS *StunTLSConfig `json:"stuntls,omitempty"`
}
TunnelConfig defines a single tunnel.
func (*TunnelConfig) HasManagedService ¶ added in v1.6.0
func (t *TunnelConfig) HasManagedService() bool
HasManagedService returns true if slipgate manages a systemd service for this tunnel.
func (*TunnelConfig) IsDNSTunnel ¶
func (t *TunnelConfig) IsDNSTunnel() bool
IsDNSTunnel returns true if the transport uses DNS port 53.
func (*TunnelConfig) IsDirectTransport ¶
func (t *TunnelConfig) IsDirectTransport() bool
IsDirectTransport returns true for transports that expose a service directly (no tunnel).
type UserConfig ¶
UserConfig tracks a managed user (same credentials for SSH + SOCKS).
type VayDNSConfig ¶ added in v1.4.0
type VayDNSConfig struct {
MTU int `json:"mtu"`
PrivateKey string `json:"private_key"` // path to key file
PublicKey string `json:"public_key"` // hex-encoded public key
IdleTimeout string `json:"idle_timeout,omitempty"` // e.g. "10s", "2m"
KeepAlive string `json:"keep_alive,omitempty"` // e.g. "2s"
Fallback string `json:"fallback,omitempty"` // fallback DNS address
DnsttCompat bool `json:"dnstt_compat,omitempty"` // dnstt wire-format compatibility
ClientIDSize int `json:"clientid_size,omitempty"` // client ID bytes (default 2)
QueueSize int `json:"queue_size,omitempty"` // KCP queue size (default 512)
KCPWindowSize int `json:"kcp_window_size,omitempty"`
QueueOverflow string `json:"queue_overflow,omitempty"` // "drop" or "block"
RecordType string `json:"record_type,omitempty"` // txt, cname, a, aaaa, mx, ns, srv, null, caa
}
VayDNSConfig holds config for VayDNS transport (KCP + Curve25519).
func (*VayDNSConfig) ResolvedClientIDSize ¶ added in v1.4.0
func (v *VayDNSConfig) ResolvedClientIDSize() int
ResolvedClientIDSize returns the clientid-size flag value, or 0 if omitted (dnstt-compat).
func (*VayDNSConfig) ResolvedIdleTimeout ¶ added in v1.4.0
func (v *VayDNSConfig) ResolvedIdleTimeout() string
ResolvedIdleTimeout returns the idle-timeout value, applying defaults.
func (*VayDNSConfig) ResolvedKeepAlive ¶ added in v1.4.0
func (v *VayDNSConfig) ResolvedKeepAlive() string
ResolvedKeepAlive returns the keepalive value, applying defaults.
type WarpConfig ¶ added in v1.4.0
type WarpConfig struct {
Enabled bool `json:"enabled"`
}
WarpConfig tracks Cloudflare WARP outbound state.
Source Files