Documentation
¶
Index ¶
- Constants
- Variables
- func CheckIfname(name string) error
- func DefaultQuicConfig(keepalivePeriod time.Duration, initialPacketSize uint16) *quic.Config
- func FormatLevel(level Level) string
- func GenerateCert(privKey *ecdsa.PrivateKey, pubKey *ecdsa.PublicKey) ([][]byte, error)
- func GenerateEcKeyPair() ([]byte, []byte, error)
- func GenerateRandomAndroidSerial() (string, error)
- func GenerateRandomWgPubkey() (string, error)
- func GetLogWriter() io.Writer
- func GetProxyResolver(localDNS, systemDNS bool, tunNet *netstack.Net, dnsAddrs []netip.Addr, ...) *net.Resolver
- func InstallDefaultLogTZStamp()
- func LoginToBase64(username, password string) string
- func NewLogger(tag string) logger.ContextLogger
- func NewNetstackResolver(tunNet *netstack.Net, dnsAddrs []netip.Addr) *net.Resolver
- func NewStaticResolver(dnsAddrs []netip.Addr) *net.Resolver
- func NewTZStampWriter(w io.Writer) io.Writer
- func SetLogLevel(level Level)
- func SetupLogging(filePath string) error
- func TimeAsCfString(t time.Time) string
- type Level
- type PortMapping
- type SOCKS5Config
- type SOCKS5Server
- type TunnelDNSResolver
Constants ¶
const ( ApiUrl = "https://api.cloudflareclient.com" ApiVersion = "v0a4471" ConnectSNI = "consumer-masque.cloudflareclient.com" // unused for now ZeroTierSNI = "zt-masque.cloudflareclient.com" ConnectURI = "https://cloudflareaccess.com" DefaultModel = "PC" KeyTypeWg = "curve25519" TunTypeWg = "wireguard" KeyTypeMasque = "secp256r1" TunTypeMasque = "masque" DefaultLocale = "en_US" )
Variables ¶
var Headers = map[string]string{
"User-Agent": "WARP for Android",
"CF-Client-Version": "a-6.35-4471",
"Content-Type": "application/json; charset=UTF-8",
"Connection": "Keep-Alive",
}
Functions ¶
func CheckIfname ¶
CheckIfname validates a network interface name according to the following rules:
- Must not be empty.
- Should not exceed 15 characters (warning if it does).
- Should not contain non-ASCII characters (warning if it does).
- Should not contain invalid characters: '/', whitespace, or control characters.
Parameters:
- name: string - The interface name to validate.
Returns:
- error: An error if the name is invalid, or nil if valid.
func DefaultQuicConfig ¶
DefaultQuicConfig returns a MASQUE-compatible default QUIC configuration.
When initialPacketSize is 0, Path MTU Discovery remains enabled.
Parameters:
- keepalivePeriod: time.Duration - The duration for sending QUIC keep-alive packets.
- initialPacketSize: uint16 - The custom initial size of QUIC packets (0 = auto with PMTU discovery).
Returns:
- *quic.Config: A pointer to a configured QUIC configuration object.
func FormatLevel ¶
FormatLevel converts a Level into its string representation
func GenerateCert ¶
GenerateCert creates a self-signed certificate using the provided ECDSA private and public keys.
The certificate is valid for 24 hours.
Parameters:
- privKey: *ecdsa.PrivateKey - The private key to sign the certificate.
- pubKey: *ecdsa.PublicKey - The public key to include in the certificate.
Returns:
- [][]byte: A slice containing the certificate in DER format.
- error: An error if certificate generation fails.
func GenerateEcKeyPair ¶
GenerateEcKeyPair generates a new ECDSA key pair using the P-256 curve.
Returns:
- []byte: The marshalled private key in ASN.1 DER format.
- []byte: The marshalled public key in PKIX format.
- error: An error if key generation or marshalling fails.
func GenerateRandomAndroidSerial ¶
GenerateRandomAndroidSerial generates a random 8-byte Android-like device identifier and returns it as a hexadecimal string.
Returns:
- string: A randomly generated 16-character hexadecimal serial number.
- error: An error if random data generation fails.
func GenerateRandomWgPubkey ¶
GenerateRandomWgPubkey generates a random 32-byte WireGuard like public key and returns it as a base64-encoded string.
Returns:
- string: A randomly generated WireGuard like public key in base64 format.
- error: An error if random data generation fails.
func GetLogWriter ¶
GetLogWriter returns the currently configured log writer (e.g., stderr or a multi-writer with a file).
func GetProxyResolver ¶
func GetProxyResolver(localDNS, systemDNS bool, tunNet *netstack.Net, dnsAddrs []netip.Addr, timeout time.Duration) *net.Resolver
GetProxyResolver returns the appropriate *net.Resolver for HTTP proxy CONNECT handling.
- localDNS: do not use the tunnel for DNS; use dnsAddrs on the host, or OS if systemDNS.
- systemDNS: with localDNS, use net.DefaultResolver (ignores dnsAddrs for lookups).
func InstallDefaultLogTZStamp ¶
func InstallDefaultLogTZStamp()
InstallDefaultLogTZStamp rewires the stdlib default logger so every record is prefixed with "YYYY/MM/DD HH:MM:SS <TZ> ", regardless of whether the host has zoneinfo available. This addresses log lines being indistinguishable between local time and UTC on systems where time.Local silently falls back to UTC (e.g. OpenWrt/busybox).
It also redirects gVisor's global logger (used by the netstack) away from the default Google/glog-style emitter so tunnel-related lines match the same prefix and stderr stream.
func LoginToBase64 ¶
LoginToBase64 encodes a username and password into a base64-encoded string in "username:password" format. This is commonly used for HTTP Basic Authentication.
Parameters:
- username: string - The username to encode.
- password: string - The password to encode.
Returns:
- string: The base64-encoded "username:password" string.
func NewLogger ¶
func NewLogger(tag string) logger.ContextLogger
NewLogger creates a new logger.ContextLogger with the given tag
func NewNetstackResolver ¶
NewNetstackResolver returns a *net.Resolver that uses the tunnel network stack and provided DNS servers for DNS queries.
Parameters:
- tunNet: *netstack.Net - The tunnel network stack.
- dnsAddrs: []netip.Addr - DNS server addresses.
Returns:
- *net.Resolver - A resolver that routes queries through the tunnel.
func NewStaticResolver ¶
NewStaticResolver returns a *net.Resolver that sends DNS to dnsAddrs over the system network.
func NewTZStampWriter ¶
NewTZStampWriter wraps w so every record written to it is prefixed with a local timestamp plus timezone abbreviation.
func SetLogLevel ¶
func SetLogLevel(level Level)
SetLogLevel updates the active global log filtering level
func SetupLogging ¶
SetupLogging configures both standard logging and gVisor logging to write only to the given file (and not to the terminal/stderr), falling back to stderr if no file is configured.
func TimeAsCfString ¶
TimeAsCfString formats a given time.Time into a Cloudflare-compatible string format.
The format follows the standard: "YYYY-MM-DDTHH:MM:SS.sss-07:00".
Parameters:
- t: time.Time to format.
Returns:
- string: The formatted time string.
Types ¶
type Level ¶
type Level int
Level represents the log severity level
func ParseLevel ¶
ParseLevel converts a string into a Level representation
type PortMapping ¶
type PortMapping struct {
BindAddress string // The address to bind the local port.
LocalPort int // The local port number.
RemoteIP string // The remote destination IP address.
RemotePort int // The remote destination port number.
}
PortMapping represents a network port forwarding rule.
func ParsePortMapping ¶
func ParsePortMapping(port string) (PortMapping, error)
ParsePortMapping parses a port mapping string into a structured PortMapping.
The expected format is: `[bind_address:]local_port:remote_host:remote_port`.
Parameters:
- port: string - The port mapping string.
Returns:
- PortMapping: A structured representation of the parsed port mapping.
- error: An error if the parsing fails.
type SOCKS5Config ¶
type SOCKS5Config struct {
Addr string
Username string
Password string
Resolver *TunnelDNSResolver
TunNet *netstack.Net
TCPTimeout time.Duration // 0 = no deadline on TCP CONNECT relay
UDPTimeout time.Duration // 0 = no deadline on remote UDP reads
Logger logger.ContextLogger
}
SOCKS5Config holds listen address, auth, tunnel dialers, and timeouts for SOCKS5Server.
type SOCKS5Server ¶
type SOCKS5Server struct {
// contains filtered or unexported fields
}
SOCKS5Server wraps SagerNet SOCKS5 protocol handler.
func NewSOCKS5Server ¶
func NewSOCKS5Server(cfg SOCKS5Config) (*SOCKS5Server, error)
NewSOCKS5Server creates a new SOCKS5Server with the given configuration.
func (*SOCKS5Server) Start ¶
func (s *SOCKS5Server) Start() error
Start launches the SOCKS5 server listening loop.
type TunnelDNSResolver ¶
type TunnelDNSResolver struct {
// TunNet is the network stack for the tunnel you want to use for DNS resolution.
// If nil, DNS queries are sent over the system network.
TunNet *netstack.Net
// DNSAddrs is the list of DNS servers to use for resolution.
DNSAddrs []netip.Addr
// Timeout is the timeout for DNS queries on a specific server before trying the next one.
Timeout time.Duration
// UseOSResolver, when true, uses net.DefaultResolver for Resolve instead of DNSAddrs.
// Set when -l and --system-dns; otherwise with -l, DNSAddrs are queried over the host.
UseOSResolver bool
}
TunnelDNSResolver implements a DNS resolver that uses the provided DNS servers either inside a MASQUE tunnel (if TunNet is set) or over the system network (if TunNet is nil).
func (TunnelDNSResolver) Resolve ¶
func (r TunnelDNSResolver) Resolve(ctx context.Context, name string) (context.Context, net.IP, error)
Resolve performs a DNS lookup using the provided DNS resolvers. It tries each resolver in order until one succeeds, sending queries either through the tunnel or over the system network depending on TunNet.
Parameters:
- ctx: context.Context - The context for the DNS lookup.
- name: string - The domain name to resolve.
Returns:
- context.Context: The original context for the DNS lookup.
- net.IP: The resolved IP address.
- error: An error if the lookup fails.
Source Files
Directories