-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvpn.proto
204 lines (177 loc) · 6 KB
/
vpn.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
syntax = "proto3";
option go_package = "github.com/coder/coder/v2/vpn";
option csharp_namespace = "Coder.Desktop.Vpn.Proto";
import "google/protobuf/timestamp.proto";
package vpn;
// The CoderVPN protocol operates over a bidirectional stream between a "manager" and a "tunnel."
// The manager is part of the Coder Desktop application and written in OS native code. It handles
// configuring the VPN and displaying status to the end user. The tunnel is written in Go and
// handles operating the actual tunnel, including reading and writing packets, & communicating with
// the Coder server control plane.
// RPC allows a very simple unary request/response RPC mechanism. The requester generates a unique
// msg_id which it sets on the request, the responder sets response_to that msg_id on the response
// message
message RPC {
uint64 msg_id = 1;
uint64 response_to = 2;
}
// ManagerMessage is a message from the manager (to the tunnel).
message ManagerMessage {
RPC rpc = 1;
oneof msg {
GetPeerUpdate get_peer_update = 2;
NetworkSettingsResponse network_settings = 3;
StartRequest start = 4;
StopRequest stop = 5;
}
}
// TunnelMessage is a message from the tunnel (to the manager).
message TunnelMessage {
RPC rpc = 1;
oneof msg {
Log log = 2;
PeerUpdate peer_update = 3;
NetworkSettingsRequest network_settings = 4;
StartResponse start = 5;
StopResponse stop = 6;
}
}
// Log is a log message generated by the tunnel. The manager should log it to the system log. It is
// one-way tunnel -> manager with no response.
message Log {
enum Level {
// these are designed to match slog levels
DEBUG = 0;
INFO = 1;
WARN = 2;
ERROR = 3;
CRITICAL = 4;
FATAL = 5;
}
Level level = 1;
string message = 2;
repeated string logger_names = 3;
message Field {
string name = 1;
string value = 2;
}
repeated Field fields = 4;
}
// GetPeerUpdate asks for a PeerUpdate with a full set of data.
message GetPeerUpdate {}
// PeerUpdate is an update about workspaces and agents connected via the tunnel. It is generated in
// response to GetPeerUpdate (which dumps the full set). It is also generated on any changes (not in
// response to any request).
message PeerUpdate {
repeated Workspace upserted_workspaces = 1;
repeated Agent upserted_agents = 2;
repeated Workspace deleted_workspaces = 3;
repeated Agent deleted_agents = 4;
}
message Workspace {
bytes id = 1; // UUID
string name = 2;
enum Status {
UNKNOWN = 0;
PENDING = 1;
STARTING = 2;
RUNNING = 3;
STOPPING = 4;
STOPPED = 5;
FAILED = 6;
CANCELING = 7;
CANCELED = 8;
DELETING = 9;
DELETED = 10;
}
Status status = 3;
}
message Agent {
bytes id = 1; // UUID
string name = 2;
bytes workspace_id = 3; // UUID
repeated string fqdn = 4;
repeated string ip_addrs = 5;
// last_handshake is the primary indicator of whether we are connected to a peer. Zero value or
// anything longer than 5 minutes ago means there is a problem.
google.protobuf.Timestamp last_handshake = 6;
}
// NetworkSettingsRequest is based on
// https://developer.apple.com/documentation/networkextension/nepackettunnelnetworksettings for
// macOS. It is a request/response message with response NetworkSettingsResponse
message NetworkSettingsRequest {
uint32 tunnel_overhead_bytes = 1;
uint32 mtu = 2;
message DNSSettings {
repeated string servers = 1;
repeated string search_domains = 2;
// domain_name is the primary domain name of the tunnel
string domain_name = 3;
repeated string match_domains = 4;
// match_domains_no_search specifies if the domains in the matchDomains list should not be
// appended to the resolver’s list of search domains.
bool match_domains_no_search = 5;
}
DNSSettings dns_settings = 3;
string tunnel_remote_address = 4;
message IPv4Settings {
repeated string addrs = 1;
repeated string subnet_masks = 2;
// router is the next-hop router in dotted-decimal format
string router = 3;
message IPv4Route {
string destination = 1;
string mask = 2;
// router is the next-hop router in dotted-decimal format
string router = 3;
}
repeated IPv4Route included_routes = 4;
repeated IPv4Route excluded_routes = 5;
}
IPv4Settings ipv4_settings = 5;
message IPv6Settings {
repeated string addrs = 1;
repeated uint32 prefix_lengths = 2;
message IPv6Route {
string destination = 1;
uint32 prefix_length = 2;
// router is the address of the next-hop
string router = 3;
}
repeated IPv6Route included_routes = 3;
repeated IPv6Route excluded_routes = 4;
}
IPv6Settings ipv6_settings = 6;
}
// NetworkSettingsResponse is the response from the manager to the tunnel for a
// NetworkSettingsRequest
message NetworkSettingsResponse {
bool success = 1;
string error_message = 2;
}
// StartRequest is a request from the manager to start the tunnel. The tunnel replies with a
// StartResponse.
message StartRequest {
int32 tunnel_file_descriptor = 1;
string coder_url = 2;
string api_token = 3;
// Additional HTTP headers added to all requests
message Header {
string name = 1;
string value = 2;
}
repeated Header headers = 4;
}
message StartResponse {
bool success = 1;
string error_message = 2;
}
// StopRequest is a request from the manager to stop the tunnel. The tunnel replies with a
// StopResponse.
message StopRequest {}
// StopResponse is a response to stopping the tunnel. After sending this response, the tunnel closes
// its side of the bidirectional stream for writing.
message StopResponse {
bool success = 1;
string error_message = 2;
}