extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-25 21:45:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Share kernel Wireguard port with raw socket (#826)

Browse Source 
This PR brings support of a shared port between stun (ICE agent) and
the kernel WireGuard

It implements a single port mode for execution with kernel WireGuard
interface using a raw socket listener.

BPF filters ensure that only STUN packets hit the NetBird userspace app

Removed a lot of the proxy logic and direct mode exchange.

Now we are doing an extra hole punch to the remote WireGuard 
port for best-effort cases and support to old client's direct mode.
This commit is contained in:
Maycon Santos
2023-05-03 14:47:44 +02:00
committed by GitHub
parent 59372ee159
commit ecac82a5ae
15 changed files with 663 additions and 563 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
sharedsock/filter.go Normal file
View File

@@ -0,0 +1,11 @@
package sharedsock
import "golang.org/x/net/bpf"
const magicCookie uint32 = 0x2112A442
// BPFFilter is a generic filter that provides ipv4 and ipv6 BPF instructions
type BPFFilter interface {
// GetInstructions returns raw BPF instructions for ipv4 and ipv6
GetInstructions(port uint32) (ipv4 []bpf.RawInstruction, ipv6 []bpf.RawInstruction, err error)
}