diff --git a/connection/connection.go b/connection/connection.go index 13fdf932d..129653c40 100644 --- a/connection/connection.go +++ b/connection/connection.go @@ -11,14 +11,16 @@ import ( ) var ( + // DefaultWgKeepAlive default Wireguard keep alive constant DefaultWgKeepAlive = 20 * time.Second ) +// ConnConfig Connection configuration struct type ConnConfig struct { // Local Wireguard listening address e.g. 127.0.0.1:51820 WgListenAddr string // A Local Wireguard Peer IP address in CIDR notation e.g. 10.30.30.1/24 - WgPeerIp string + WgPeerIP string // Local Wireguard Interface name (e.g. wg0) WgIface string // Wireguard allowed IPs (e.g. 10.30.30.2/32) @@ -31,11 +33,13 @@ type ConnConfig struct { StunTurnURLS []*ice.URL } +// IceCredentials ICE protocol credentials struct type IceCredentials struct { uFrag string pwd string } +// Connection Holds information about a connection and handles signal protocol type Connection struct { Config ConnConfig // signalCandidate is a handler function to signal remote peer about local connection candidate @@ -61,6 +65,7 @@ type Connection struct { remoteAuthCond sync.Once } +// NewConnection Creates a new connection and sets handling functions for signal protocol func NewConnection(config ConnConfig, signalCandidate func(candidate ice.Candidate) error, signalOffer func(uFrag string, pwd string) error, @@ -151,6 +156,7 @@ func (conn *Connection) Open(timeout time.Duration) error { } } +// Close Closes a peer connection func (conn *Connection) Close() error { var err error conn.closeCond.Do(func() { @@ -176,6 +182,7 @@ func (conn *Connection) Close() error { return err } +// OnAnswer Handles the answer from the other peer func (conn *Connection) OnAnswer(remoteAuth IceCredentials) error { conn.remoteAuthCond.Do(func() { @@ -185,23 +192,25 @@ func (conn *Connection) OnAnswer(remoteAuth IceCredentials) error { return nil } +// OnOffer Handles the offer from the other peer func (conn *Connection) OnOffer(remoteAuth IceCredentials) error { conn.remoteAuthCond.Do(func() { log.Debugf("OnOffer from peer %s", conn.Config.RemoteWgKey.String()) conn.remoteAuthChannel <- remoteAuth uFrag, pwd, err := conn.agent.GetLocalUserCredentials() - if err != nil { + if err != nil { //nolint } err = conn.signalAnswer(uFrag, pwd) - if err != nil { + if err != nil { //nolint } }) return nil } +// OnRemoteCandidate Handles remote candidate provided by the peer. func (conn *Connection) OnRemoteCandidate(candidate ice.Candidate) error { log.Debugf("onRemoteCandidate from peer %s -> %s", conn.Config.RemoteWgKey.String(), candidate.String()) diff --git a/connection/engine.go b/connection/engine.go index 5399c9b21..e9e66f217 100644 --- a/connection/engine.go +++ b/connection/engine.go @@ -12,6 +12,7 @@ import ( "time" ) +// Engine is an instance of the Connection Engine type Engine struct { // a list of STUN and TURN servers stunsTurns []*ice.URL @@ -22,27 +23,31 @@ type Engine struct { // Wireguard interface wgIface string // Wireguard local address - wgIp string + wgIP string } +// Peer is an instance of the Connection Peer type Peer struct { WgPubKey string WgAllowedIps string } +// NewEngine creates a new Connection Engine func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string) *Engine { return &Engine{ stunsTurns: stunsTurns, signal: signal, wgIface: wgIface, - wgIp: wgAddr, + wgIP: wgAddr, conns: map[string]*Connection{}, } } +// Start creates a new tunnel interface and listens to signals from the Signal service. +// It also creates an Go routine to handle each peer communication from the config file func (e *Engine) Start(myKey wgtypes.Key, peers []Peer) error { - err := iface.Create(e.wgIface, e.wgIp) + err := iface.Create(e.wgIface, e.wgIP) if err != nil { log.Errorf("error while creating interface %s: [%s]", e.wgIface, err.Error()) return err @@ -102,7 +107,7 @@ func (e *Engine) openPeerConnection(wgPort int, myKey wgtypes.Key, peer Peer) (* remoteKey, _ := wgtypes.ParseKey(peer.WgPubKey) connConfig := &ConnConfig{ WgListenAddr: fmt.Sprintf("127.0.0.1:%d", wgPort), - WgPeerIp: e.wgIp, + WgPeerIP: e.wgIP, WgIface: e.wgIface, WgAllowedIPs: peer.WgAllowedIps, WgKey: myKey, @@ -161,7 +166,9 @@ func signalAuth(uFrag string, pwd string, myKey wgtypes.Key, remoteKey wgtypes.K msg, err := signal.MarshalCredential(myKey, remoteKey, &signal.Credential{ UFrag: uFrag, Pwd: pwd}, t) - + if err != nil { + return err + } err = s.Send(msg) if err != nil { return err diff --git a/connection/wgproxy.go b/connection/wgproxy.go index f29d13eea..ef65de683 100644 --- a/connection/wgproxy.go +++ b/connection/wgproxy.go @@ -7,6 +7,7 @@ import ( "net" ) +// WgProxy an instance of an instance of the Connection Wireguard Proxy type WgProxy struct { iface string remoteKey string @@ -16,6 +17,7 @@ type WgProxy struct { wgConn net.Conn } +// NewWgProxy creates a new Connection Wireguard Proxy func NewWgProxy(iface string, remoteKey string, allowedIps string, wgAddr string) *WgProxy { return &WgProxy{ iface: iface, @@ -26,6 +28,7 @@ func NewWgProxy(iface string, remoteKey string, allowedIps string, wgAddr string } } +// Close closes the proxy func (p *WgProxy) Close() error { close(p.close) @@ -39,6 +42,7 @@ func (p *WgProxy) Close() error { return nil } +// Start starts a new proxy using the ICE connection func (p *WgProxy) Start(remoteConn *ice.Conn) error { wgConn, err := net.Dial("udp", p.wgAddr) @@ -78,7 +82,7 @@ func (p *WgProxy) proxyToRemotePeer(remoteConn *ice.Conn) { continue } - n, err = remoteConn.Write(buf[:n]) + _, err = remoteConn.Write(buf[:n]) if err != nil { //log.Warnln("failed writing to remote peer: ", err.Error()) } @@ -102,7 +106,7 @@ func (p *WgProxy) proxyToLocalWireguard(remoteConn *ice.Conn) { //log.Errorf("failed reading from remote connection %s", err) } - n, err = p.wgConn.Write(buf[:n]) + _, err = p.wgConn.Write(buf[:n]) if err != nil { //log.Errorf("failed writing to local Wireguard instance %s", err) }