Documentation
¶
Overview ¶
Package spoofer provides a network stack spoofer built on top of gVisor's netstack. It enables intercepting and forwarding TCP/UDP traffic from a TUN device or arbitrary io.ReadWriteCloser, with support for address spoofing, promiscuous mode, and extensive TCP tuning options.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewIOEndpoint ¶
func NewIOEndpoint(rwc io.ReadWriteCloser, mtu uint32, qlen int) *ioEndpoint
NewIOEndpoint creates a new link-layer endpoint that wraps an io.ReadWriteCloser. Packets are read from the RWC and injected into the netstack, and outbound packets are written to the RWC. If mtu is 0, it defaults to 1500. If qlen is less than 1, it defaults to 1024.
func NewTunEndpoint ¶
NewTunEndpoint creates a new link-layer endpoint that wraps a TUN device directly. It uses the TUN's native batch operations and MTU for better performance compared to the io.ReadWriteCloser wrapper. If qlen is less than 1, it defaults to 1024.
Types ¶
type Opts ¶
type Opts struct {
// OnTCPConn is called when a new TCP connection is forwarded.
// The callback receives the connection and the transport endpoint ID
// containing local/remote addresses and ports.
OnTCPConn func(net.Conn, stack.TransportEndpointID)
// OnUDPConn is called when a new UDP stream is forwarded.
// The callback receives a packet connection and the transport endpoint ID.
OnUDPConn func(gonnect.PacketConn, stack.TransportEndpointID)
// Endpoint is the link-layer endpoint used by the netstack.
// Set it via WithRWCEndpoint or WithTunEndpoint before calling Launch.
Endpoint stack.LinkEndpoint
// TCPSendBufferSize sets the default TCP send buffer size.
TCPSendBufferSize int
// TCPReceiveBufferSize sets the default TCP receive buffer size.
TCPReceiveBufferSize int
// TTL sets the default TTL for outgoing packets.
TTL int
// ICMPBurst sets the ICMP rate limiter burst size.
ICMPBurst int
// ICMPLimit sets the ICMP rate limit (packets per second).
ICMPLimit float64
// CongestionControlAlg sets the TCP congestion control algorithm name
// (e.g., "cubic", "reno").
CongestionControlAlg string
// DisableNagle disables Nagle's algorithm (TCP_NODELAY).
DisableNagle bool
// DisableTCPModRecBuff disables TCP moderate receive buffer auto-tuning.
DisableTCPModRecBuff bool
// TCPRec sets the TCP recovery option for tail loss probe.
TCPRec *tcpip.TCPRecovery
// TCPKeepAlive enables TCP keep-alive on forwarded connections.
TCPKeepAlive bool
// TCPKeepAliveIdle sets the time before sending keep-alive probes.
TCPKeepAliveIdle time.Duration
// TCPKeepaliveInterval sets the interval between keep-alive probes.
TCPKeepaliveInterval time.Duration
// TCPKeepaliveCount sets the maximum number of unacknowledged keep-alive probes.
TCPKeepaliveCount int
// TCPForwardWnd sets the TCP receive window size for forwarded connections.
TCPForwardWnd int
// TCPForwardAttempts sets the maximum concurrent TCP connection forwarding attempts.
TCPForwardAttempts int
// NetStackOpts provides additional netstack configuration options.
NetStackOpts *helpers.Opts
}
Opts holds configuration options for the spoofer. It controls network stack behavior, TCP/UDP forwarding, and endpoint setup.
func (*Opts) Launch ¶
Launch initializes and starts the network stack with the configured options. It creates a NIC, sets up TCP and UDP forwarders, enables promiscuous mode and spoofing, and configures routing for IPv4 and IPv6. Returns the initialized stack or an error if setup fails.
func (*Opts) WithRWCEndpoint ¶
func (o *Opts) WithRWCEndpoint(rwc io.ReadWriteCloser, qlen int) *Opts
WithRWCEndpoint configures the spoofer to use an io.ReadWriteCloser as the link-layer endpoint. It wraps the RWC in an IOEndpoint with the given MTU and queue length. If mtu is 0, it defaults to 1500. If qlen is less than 1, it defaults to 1024. Returns the Opts for method chaining.
func (*Opts) WithTunEndpoint ¶
WithTunEndpoint configures the spoofer to use a TUN device as the link-layer endpoint. It creates a TunEndpoint with the given queue length. If qlen is less than 1, it defaults to 1024. Returns the Opts for method chaining.
Source Files