intra

package
v0.0.0-...-cabb48b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 22, 2025 License: MPL-2.0 Imports: 38 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	UNKNOWN_UID         = core.UNKNOWN_UID
	UNKNOWN_UID_STR     = core.UNKNOWN_UID_STR
	SELF_UID            = protect.UidSelf
	UNSUPPORTED_NETWORK = core.UNSUPPORTED_NETWORK
)
View Source 
const (
	HDLOK = iota
	HDLEND
)
View Source 
const (
	ProtoTypeUDP  = "udp"
	ProtoTypeTCP  = "tcp"
	ProtoTypeICMP = "icmp"
)

Variables

This section is empty.

Functions

func AddDNSCryptRelay 

func AddDNSCryptRelay(t Tunnel, stamp *x.Gostr) error

AddDNSCryptRelay adds a DNSCrypt relay transport to the tunnel's resolver.

func AddDNSCryptTransport 

func AddDNSCryptTransport(t Tunnel, id, stamp *x.Gostr) (err error)

AddDNSCryptTransport creates and adds a DNSCrypt transport to the tunnel's resolver.

func AddDNSProxy 

func AddDNSProxy(t Tunnel, id, ip, port *x.Gostr) error

AddDNSProxy creates and adds a DNS53 transport to the tunnel's resolver.

func AddDefaultTransport 

func AddDefaultTransport(t Tunnel, typ, ippOrUrl, ips *x.Gostr) error

AddDefaultTransport adds a special default transport to the tunnel's resolver It may be either a DoH or a DNS53 transport.

func AddDoHTransport 

func AddDoHTransport(t Tunnel, id, url, ipcsv *x.Gostr) error

AddDoHTransport creates and adds a Transport that connects to the specified DoH server. `url` is the URL of a DoH server (no template, POST-only).

func AddDoTTransport 

func AddDoTTransport(t Tunnel, id, url, ipcsv *x.Gostr) error

AddDoTTransport creates and adds a Transport that connects to the specified DoT server.

func AddODoHTransport 

func AddODoHTransport(t Tunnel, id, endpoint, resolver, epipcsv *x.Gostr) error

AddODoHTransport creates and adds a Transport that connects to the specified ODoH server. `endpoint` is the entry / proxy for the ODoH server, `resolver` is the URL of the target ODoH server.

func AddProxyDNS 

func AddProxyDNS(t Tunnel, p x.Proxy) error

AddProxyDNS creates and adds a DNS53 transport as defined in Proxy's configuration.

func Build 

func Build(full bool) (v string)

Build returns the build information.

func ControlledRouter 

func ControlledRouter(c Controller, id, addrport string) x.Router

ControlledRouter creates a [backend.Router] over a [backend.Internet] proxy (like [backend.Exit]), but one that uses custom Controller c. id and addrport are used only for diagnostics and logging, and could be left empty. Typical usage is to use Router.Reaches() to check if a host:port is reachable over this Controller c.

func Experimental 

func Experimental(y bool)

Experimental enables/disables experimental features. For testing only.

func LogLevel 

func LogLevel(gologLevel, consolelogLevel int32)

Change log level to very verbose (0), verbose (1), debug (2), info (3), warn (4), error (5), stacktraces (6), user notifications (7), or no logs (8). gologLevel and consolelogLevel can be set independently; ex: LogLevel(2, 6) or LogLevel(8, 0) etc.

func Loopback 

func Loopback(y bool)

Loopback informs the network stack that it must deal with packets originating from its own process routed back into the tunnel.

func LowMem 

func LowMem(limitBytes int64)

LowMem triggers garbage collection cycle & allows for setting maximum memory limit, if limit > 0.

func NewICMPHandler 

func NewICMPHandler(pctx context.Context, resolver dnsx.Resolver, prox ipn.ProxyProvider, listener Listener) netstack.GICMPHandler

func NewTCPHandler 

func NewTCPHandler(pctx context.Context, resolver dnsx.Resolver, prox ipn.ProxyProvider, listener SocketListener) netstack.GTCPConnHandler

NewTCPHandler returns a TCP forwarder with Intra-style behavior. Connections to `fakedns` are redirected to DOH. All other traffic is forwarded using `dialer`. `listener` is provided with a summary of each socket when it is closed.

func NewUDPHandler 

func NewUDPHandler(pctx context.Context, resolver dnsx.Resolver, prox ipn.ProxyProvider, listener SocketListener) netstack.GUDPConnHandler

NewUDPHandler makes a UDP handler with Intra-style DNS redirection: All packets are routed directly to their destination. `timeout` controls the effective NAT mapping lifetime. `config` is used to bind new external UDP ports. `listener` receives a summary about each UDP binding when it expires.

func PanicAtRandom 

func PanicAtRandom(y bool)

PanicAtRandom instruct portions under test of the network engine to panic at random.

func PrintStack 

func PrintStack(onConsole bool)

PrintStack logs the stack trace of all active goroutines to stdout if onConsole is false, otherwise to Console. For testing only.

func SetCrashFd 

func SetCrashFd(fp string) (ok bool)

SetCrashFd sets output file to go runtime crashes to.

func SetSystemDNS 

func SetSystemDNS(t Tunnel, ipcsvx *x.Gostr) error

SetSystemDNS creates and adds a DNS53 transport of the specified IP addresses.

func Slowdown 

func Slowdown(y bool)

Slowdown sets the TUN forwarder in single-threaded mode.

func Transparency 

func Transparency(eim, eif bool)

Transparency enables/disables endpoint-independent mapping/filtering. Currently applies only for UDP (RFC 4787).

func UndelegatedDomains 

func UndelegatedDomains(useSystemDNS bool)

If set, use SystemDNS to resolve undelegated (.lan, .internal, .arpa etc) domains.

Types

type Bridge 

type Bridge interface {
	Listener
	Controller
	Console
}

type Console 

type Console x.Console

type Controller 

type Controller x.Controller

type DNSListener 

type DNSListener x.DNSListener

type DefaultDNS 

type DefaultDNS interface {
	x.DNSTransport
	// contains filtered or unexported methods
}

DefaultDNS is the resolver used by all dialers.

func NewBuiltinDefaultDNS 

func NewBuiltinDefaultDNS() (DefaultDNS, error)

NewBuiltinDefaultDNS creates a new DefaultDNS resolver of type dnsx.DNS53. It may either use OS provided or network provided DNS resolver, & will not work if the tunnel is in "Loopback" mode; create w/ NewDefaultDNS instead.

func NewDefaultDNS 

func NewDefaultDNS(typ, url, ips *x.Gostr) (DefaultDNS, error)

NewDefaultDNS creates a new DefaultDNS resolver of type typ. For typ DOH, url scheme is http or https; for typ DNS53, url is ipport or csv(ipport). ips is a csv of ipports for typ DOH, and nil for typ DNS53.

type Listener 

type Listener interface {
	SocketListener
	DNSListener
	ServerListener
	ProxyListener
}

Listener receives usage statistics when a UDP or TCP socket is closed, or a DNS query is completed.

type Mark 

type Mark struct {
	// PIDCSV is a list of proxies to forward the flow over.
	PIDCSV string
	// CID uniquely identifies the flow.
	CID string
	// UID of the app which owns the flow.
	UID string
	// Preferred IP (for egress) to use for the flow (not guaranteed
	// as the flow may prefer IPv4 or IPv6 and the IP may not be of that family).
	IP string
}

type PreMark 

type PreMark struct {
	// UID of the app which owns the flow.
	// Set it to "-1" if unknown.
	UID string
	// Is the UID us (our app / process)?
	IsUidSelf bool
}

type ProxyListener 

type ProxyListener x.ProxyListener

type ServerListener 

type ServerListener rnet.ServerListener

type SocketListener 

type SocketListener interface {
	// Preflow is called before a new connection is established; return owner "uid", which is
	// later used by dnsx.Resolver to determine the DNS transport to use for that "uid".
	Preflow(protocol, uid int32, src, dst *x.Gostr) *PreMark
	// Flow is called on a new connection; return Proxy IDs to forward the connection
	// to a pre-registered proxy; "Base" or "Exit" to allow the connection; "Block" to block it.
	// "connid" is used to uniquely identify a connection across all proxies, and a summary of the
	// connection is sent back to a pre-registered listener.
	// protocol is 6 for TCP, 17 for UDP, 1 for ICMP.
	// uid is -1 in case owner-uid of the connection couldn't be determined.
	// src and dst are string'd representation of net.TCPAddr and net.UDPAddr.
	// origdsts is a comma-separated list of original source IPs, this may be same as dst.
	// origdsts may contain unspecified IPv4 or IPv6 addresses, which denote that the domain
	// was blocked by a rdns blocklist (but the resolution was allowed to go through). Listener
	// may choose to "Block" this connection based on that information.
	// domains is a comma-separated list of domain names associated with origdsts, if any.
	// probableDomains is a comma-separated list of probable domain names associated with origdsts, if any.
	// blocklists is a comma-separated list of rdns blocklist names that apply, if any.
	Flow(protocol, uid int32, src, dst, origdsts, domains, probableDomains, blocklists *x.Gostr) *Mark
	// Inflow is called on a new incoming connection. Returned *Mark values have no discernable effect on these connections,
	// except for the CID field, which is sent back via OnSocketClosed, and "Block" proxy which
	// will drop this connection on the floor.
	Inflow(protocol, uid int32, src, dst *x.Gostr) *Mark
	// PostFlow is called after a flow is marked by Flow or Inflow.
	// It denotes the final Mark that was applied to the flow.
	// The only major discernable effect is PIDCSV has a single PID.
	PostFlow(m *Mark)
	// OnSocketClosed reports summary after a socket closes.
	OnSocketClosed(*SocketSummary)
}

type SocketSummary 

type SocketSummary struct {
	// tcp, udp, or icmp.
	Proto string
	// Unique ID for this socket.
	ID string
	// Proxy ID that handled this socket.
	PID string
	// Relay Proxy ID that tunneled PID.
	RPID string
	// UID of the app that owns this socket (sans ICMP).
	UID string
	// Remote IP, if dialed in.
	Target string
	// Total bytes downloaded.
	Rx int64
	// Total bytes uploaded.
	Tx int64
	// Duration in milliseconds.
	Duration int64

	// Round-trip time (millis).
	Rtt int64
	// Err or other messages, if any.
	Msg string
	// contains filtered or unexported fields
}

SocketSummary reports information about each TCP socket or a non-DNS UDP association, or ICMP echo when it is closed.

func (*SocketSummary) String 

func (s *SocketSummary) String() string

String implements fmt.Stringer.

type Tunnel 

type Tunnel interface {
	tunnel.Tunnel

	// Get the resolver.
	GetResolver() (x.DNSResolver, error)

	// Get proxies.
	GetProxies() (x.Proxies, error)

	// Get local services.
	GetServices() (x.Services, error)

	// SetLinkAndRoutes sets the tun fd as link with mtu & engine as routes for the tunnel.
	// where engine is one of the constants (Ns4, Ns6, Ns46) defined in package settings.
	SetLinkAndRoutes(fd, mtu, engine int) error
	// Restart restarts the tunnel with the given fd, mtu, and engine.
	Restart(fd, mtu, engine int) error

	// Close connections by pid, cid, uid.
	CloseConns(activecsv string) (closedcsv string)

	// Sets pcap output to fpcap which is the absolute filepath
	// to which a PCAP file will be written to.
	// If len(fpcap) is 0, no PCAP file will be written.
	// If len(fpcap) is 1, PCAP be written to stdout.
	SetPcap(fpcap string) error
	// NIC, IP, TCP, UDP, and ICMP stats.
	Stat() (*x.NetStat, error)
	// contains filtered or unexported methods
}

Tunnel represents an Intra session.

func Connect 

func Connect(fd, mtu int, ifaddrs, fakedns string, dtr DefaultDNS, bdg Bridge) (t Tunnel, err error)

Connect creates firestack-administered tunnel. `fd` is the TUN device. The tunnel acquires an additional reference to it, which is released by Disconnect(), so the caller must close `fd` and Disconnect() to close the TUN device. `mtu` is the MTU of the TUN device. `ifaddrs` is a comma-separated list of interface addresses with prefix lengths, "ip/prefixlen". `fakedns` is a comman-separated list of the nameservers that the system believes it is using, in "host:port" style. `bdg` is a kotlin object that implements the Bridge interface. `dtr` is the DefaultDNS (see: intra.NewDefaultDNS); can be nil. Changeable via intra.AddDefaultTransport. Throws an exception if the TUN file descriptor cannot be opened, or if the tunnel fails to connect.

func Connect2 

func Connect2(fd, mtu int, dtr DefaultDNS, bdg Bridge) (t Tunnel, err error)

Connect2 is like Connect, but assumes defaults for ifaddrs and fakedns as ["10.111.222.1/24", "fd66:f83a:c650::0/120"] and ["10.111.222.3", "fd66:f83a:c650::3"] respectively.

func Connect3 

func Connect3(fd, mtu int, bdg Bridge) (t Tunnel, err error)

Connect3 is like Connect2, but does not require passing a Default DNS resolver. The tunnel will instead attempt to use the system DNS resolver (best effort).

func NewTunnel 

func NewTunnel(fd, mtu int, ifaddrs, fakedns string, dtr DefaultDNS, bdg Bridge) (t Tunnel, err error)

Source Files

View all Source files

Directories

Path Synopsis
brsa
Package blindrsa implements the RSA Blind Signature Protocol as defined in [RFC9474].
 Package blindrsa implements the RSA Blind Signature Protocol as defined in [RFC9474].
wire
example command
ipn
h1
multihost
rpn
seasy
wg
Package netstack provides the implemention of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets).
 Package netstack provides the implemention of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets).
ipmap
adopted from: github.com/DNSCrypt/dnscrypt-proxy/blob/df3fb0c9/dnscrypt-proxy/plugin_dns64.go
 adopted from: github.com/DNSCrypt/dnscrypt-proxy/blob/df3fb0c9/dnscrypt-proxy/plugin_dns64.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.