Showing preview only (4,924K chars total). Download the full file or copy to clipboard to get everything.
Repository: OpenNHP/opennhp
Branch: main
Commit: 7e71ebe80c93
Files: 295
Total size: 4.6 MB
Directory structure:
gitextract_9zkaptpu/
├── CHANGELOG.md
├── CLAUDE.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── README.de.md
├── README.es.md
├── README.fr.md
├── README.ja.md
├── README.md
├── README.zh-cn.md
├── SECURITY.md
├── build.bat
├── codecov.yml
├── docker/
│ ├── Dockerfile.ac
│ ├── Dockerfile.agent
│ ├── Dockerfile.app
│ ├── Dockerfile.base
│ ├── Dockerfile.server
│ ├── certs/
│ │ ├── server.crt
│ │ └── server.key
│ ├── docker-compose.dhp.yaml
│ ├── docker-compose.yaml
│ ├── iptables_defaults_ubuntu.sh
│ ├── iptables_defaults_x86.sh
│ ├── nhp-ac/
│ │ ├── etc/
│ │ │ ├── config.toml
│ │ │ ├── resource.toml
│ │ │ └── server.toml
│ │ └── traefik/
│ │ └── etc/
│ │ ├── provider.toml
│ │ └── traefik.toml
│ ├── nhp-agent/
│ │ └── etc/
│ │ ├── certs/
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── config.toml
│ │ ├── dhp.toml
│ │ ├── resource.toml
│ │ └── server.toml
│ ├── nhp-db/
│ │ ├── demo/
│ │ │ ├── allow.policy.wasm
│ │ │ ├── metadata.json
│ │ │ ├── metadata.schema.json
│ │ │ ├── risk.involved.accounts.csv
│ │ │ ├── smart.policy.json
│ │ │ └── smart.policy.schema.json
│ │ └── etc/
│ │ ├── config.toml
│ │ ├── server.toml
│ │ └── tee.toml
│ ├── nhp-enter-nginx.conf
│ ├── nhp-server/
│ │ ├── etc/
│ │ │ ├── ac.toml
│ │ │ ├── agent.toml
│ │ │ ├── config.toml
│ │ │ ├── db.toml
│ │ │ ├── http.toml
│ │ │ ├── resource.toml
│ │ │ ├── srcip.toml
│ │ │ └── tee.toml
│ │ ├── plugins/
│ │ │ └── example/
│ │ │ └── etc/
│ │ │ ├── config.toml
│ │ │ └── resource.toml
│ │ └── templates/
│ │ └── example/
│ │ ├── example_acdemo.html
│ │ └── example_login.html
│ ├── quick_start.sh
│ └── web-app/
│ ├── entrypoint.sh
│ ├── go.mod
│ └── main.go
├── docs/
│ ├── 404.html
│ ├── CNAME
│ ├── Gemfile
│ ├── README.md
│ ├── _config.yml
│ ├── about.md
│ ├── agent_sdk.md
│ ├── build.md
│ ├── code.md
│ ├── comparison.md
│ ├── cryptography.md
│ ├── deploy.md
│ ├── dhp_quick_start.md
│ ├── features.md
│ ├── index.md
│ ├── logo_openNHP.xd
│ ├── nhp_quick_start.md
│ ├── server_plugin.md
│ └── zh-cn/
│ ├── about.zh-cn.md
│ ├── agent_sdk.zh-cn.md
│ ├── build.zh-cn.md
│ ├── code.zh-cn.md
│ ├── comparison.zh-cn.md
│ ├── cryptography.zh-cn.md
│ ├── deploy.zh-cn.md
│ ├── dhp_quick_start.zh-cn.md
│ ├── features.zh-cn.md
│ ├── index.zh-cn.md
│ ├── nhp_quick_start.zh-cn.md
│ ├── overview.zh-cn.md
│ ├── remo_config.zh-cn.md
│ └── server_plugin.zh-cn.md
├── endpoints/
│ ├── ac/
│ │ ├── config.go
│ │ ├── constants.go
│ │ ├── ebpf/
│ │ │ ├── ebpf_other.go
│ │ │ └── ebpfegine.go
│ │ ├── httpac.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ ├── config.toml
│ │ │ │ ├── http.toml
│ │ │ │ ├── nhp_ebpf_xdp.o
│ │ │ │ ├── remote.toml
│ │ │ │ └── server.toml
│ │ │ └── main.go
│ │ ├── msghandler.go
│ │ ├── tokenstore.go
│ │ └── udpac.go
│ ├── agent/
│ │ ├── config.go
│ │ ├── constants.go
│ │ ├── iossdk/
│ │ │ └── export.go
│ │ ├── knock.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ ├── certs/
│ │ │ │ │ ├── server.crt
│ │ │ │ │ └── server.key
│ │ │ │ ├── config.toml
│ │ │ │ ├── dhp.toml
│ │ │ │ ├── resource.toml
│ │ │ │ └── server.toml
│ │ │ ├── export.go
│ │ │ └── main.go
│ │ ├── msghandler.go
│ │ ├── request.go
│ │ ├── service.go
│ │ ├── ta.go
│ │ └── udpagent.go
│ ├── db/
│ │ ├── config.go
│ │ ├── constants.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ ├── config.toml
│ │ │ │ ├── server.toml
│ │ │ │ └── tee.toml
│ │ │ └── main.go
│ │ ├── udpdevice.go
│ │ └── utils.go
│ ├── go.mod
│ ├── go.sum
│ ├── kgc/
│ │ ├── curve/
│ │ │ └── curve.go
│ │ ├── kgc.go
│ │ ├── kgc_test.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ └── config.toml
│ │ │ └── main.go
│ │ ├── user/
│ │ │ └── user.go
│ │ └── utils.go
│ ├── relay/
│ │ └── tcprelay.go
│ ├── server/
│ │ ├── config.go
│ │ ├── constants.go
│ │ ├── httpauth.go
│ │ ├── httpserver.go
│ │ ├── httpstorage.go
│ │ ├── kbs/
│ │ │ ├── attest/
│ │ │ │ └── attest.go
│ │ │ ├── auth/
│ │ │ │ └── auth.go
│ │ │ ├── error/
│ │ │ │ └── error.go
│ │ │ └── resource/
│ │ │ └── resource.go
│ │ ├── kbs.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ ├── ac.toml
│ │ │ │ ├── agent.toml
│ │ │ │ ├── config.toml
│ │ │ │ ├── db.toml
│ │ │ │ ├── http.toml
│ │ │ │ ├── remote.toml.example
│ │ │ │ ├── resource.toml
│ │ │ │ ├── srcip.toml
│ │ │ │ └── tee.toml
│ │ │ └── main.go
│ │ ├── msghandler.go
│ │ ├── nhpauth.go
│ │ ├── tokenstore.go
│ │ ├── udpserver.go
│ │ └── webrtcserver.go
│ └── test/
│ ├── gin_test.go
│ ├── json_test.go
│ └── toml_test.go
├── examples/
│ ├── client_sdk/
│ │ ├── android/
│ │ │ ├── java/
│ │ │ │ ├── MainActivity.java
│ │ │ │ └── OpennhpLibrary.java
│ │ │ └── kotlin/
│ │ │ └── MainActivity.kt
│ │ ├── desktop/
│ │ │ ├── c/
│ │ │ │ └── nhp-agent-demo.c
│ │ │ ├── java/
│ │ │ │ ├── App.java
│ │ │ │ └── OpennhpLibrary.java
│ │ │ └── python/
│ │ │ └── nhp-agent-demo.py
│ │ └── ios/
│ │ ├── objectivec/
│ │ │ ├── FileCopyManager.h
│ │ │ ├── FileCopyManager.m
│ │ │ └── ViewController.m
│ │ └── swift/
│ │ ├── FileCopyManager.swift
│ │ └── ViewController.swift
│ └── server_plugin/
│ ├── authenticator/
│ │ ├── Makefile
│ │ ├── etc/
│ │ │ ├── config.toml
│ │ │ └── resource.toml
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── main.go
│ │ ├── qrauth.go
│ │ └── templates/
│ │ ├── authenticator_acdemo.html
│ │ └── authenticator_login.html
│ ├── basic/
│ │ ├── Makefile
│ │ ├── etc/
│ │ │ ├── config.toml
│ │ │ └── resource.toml
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── main.go
│ │ └── templates/
│ │ ├── example_acdemo.html
│ │ └── example_login.html
│ └── oidc/
│ ├── Makefile
│ ├── auth.go
│ ├── etc/
│ │ ├── config.toml
│ │ └── resource.toml
│ ├── go.mod
│ ├── go.sum
│ ├── main.go
│ └── templates/
│ └── auth0home.html
└── nhp/
├── common/
│ ├── constants.go
│ ├── errors.go
│ ├── global.go
│ ├── nhpmsg.go
│ ├── packet.go
│ ├── tokenstore.go
│ └── types.go
├── core/
│ ├── benchmark/
│ │ ├── ecc_rsa_test.go
│ │ └── rsa_utils.go
│ ├── constants.go
│ ├── crypto.go
│ ├── device.go
│ ├── errors.go
│ ├── initiator.go
│ ├── kdf.go
│ ├── main/
│ │ ├── main.go
│ │ ├── nhpdevice.go
│ │ └── nhpdevicedef.h
│ ├── packet.go
│ ├── peer.go
│ ├── responder.go
│ ├── scheme/
│ │ ├── curve/
│ │ │ ├── curve.go
│ │ │ ├── header.go
│ │ │ └── responder.go
│ │ └── gmsm/
│ │ ├── gmsm.go
│ │ ├── header.go
│ │ └── responder.go
│ ├── tcpconn.go
│ ├── transaction.go
│ ├── udpconn.go
│ ├── verifier/
│ │ ├── csv/
│ │ │ └── csv.go
│ │ └── verifier.go
│ ├── wasm/
│ │ ├── engine/
│ │ │ ├── engine.go
│ │ │ ├── host.go
│ │ │ └── host_test.go
│ │ └── policy/
│ │ ├── host.go
│ │ ├── impl/
│ │ │ └── policy.go
│ │ ├── interface.go
│ │ ├── main/
│ │ │ └── main.go
│ │ └── memory/
│ │ └── memory.go
│ └── ztdo/
│ ├── noise.go
│ ├── ztdo.go
│ └── ztdo_test.go
├── ebpf/
│ └── xdp/
│ ├── nhp_ebpf_xdp.c
│ ├── tc_egress.c
│ └── vmlinux.h
├── etcd/
│ └── etcdconn.go
├── go.mod
├── go.sum
├── log/
│ ├── globalLog.go
│ └── logger.go
├── plugins/
│ └── serverpluginhandler.go
├── test/
│ ├── api_test.go
│ ├── conn_test.go
│ ├── ecdh_test.go
│ ├── ecdsa_test.go
│ ├── fuzz_json_test.go
│ ├── fuzz_test.go
│ ├── iputils_test.go
│ ├── ipv6_support_test.go
│ ├── log_test.go
│ ├── packet_test.go
│ ├── pkcs7_test.go
│ ├── tokenstore_test.go
│ └── utils_test.go
├── utils/
│ ├── cache.go
│ ├── cmd.go
│ ├── compress.go
│ ├── constant.go
│ ├── crypto.go
│ ├── crypto_test.go
│ ├── ebpf/
│ │ ├── ebpf.go
│ │ ├── ebpf_linux.go
│ │ └── ebpf_other.go
│ ├── encoding.go
│ ├── file.go
│ ├── host.go
│ ├── iptables.go
│ ├── iputils.go
│ ├── parser.go
│ ├── request.go
│ ├── utils.go
│ ├── uuid.go
│ └── waitpool.go
└── version/
├── VERSION
└── version.go
================================================
FILE CONTENTS
================================================
================================================
FILE: CHANGELOG.md
================================================
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [0.6.0] - 2025-06-11
### Added
- eBPF/XDP packet filtering support for high-performance knocking
- Docker local debugging environment
- `PASS_KNOCKIP_WITH_RANGE` mode for AC to include IP address ranges
### Changed
- Refactored peer hostname resolve logic
- Aligned UDP open resource behavior with HTTP version
- Server now continues when AC connections are lost in resource groups
### Fixed
- CGO compilation issues
- Escape mod bug
- Possible nil pointer dereference
- Size comparison error
## [0.5.0] - 2025-04-13
### Added
- Plugin system for NHP-Server with separate modules
- Improved build system for server plugins
### Changed
- Separated modules to accommodate building of nhp-serverd and its plugins
## [0.4.1] - 2025-04-06
### Added
- DHP (Data Hiding Protocol) function code
- SM2 P256 ECDH curve support
- Default cipher scheme configuration for DE
### Changed
- Using GMSM as default cipher scheme
- Updated Makefile for building DE on Linux
### Fixed
- Removed redundant logging
- Fixed SM2 P256 ECDH curve usage
## [0.4.0] - 2024-09-04
### Added
- Initial public release
- Jekyll-based documentation site
- GitHub Pages deployment
### Changed
- Updated code structure and symbols to be more self-explanatory
## [0.3.6] - 2024-09-03
### Added
- Pre-release version with core NHP protocol implementation
- Agent, Server, and AC components
- Noise Protocol Framework integration
- Curve25519 and SM2 cipher scheme support
[Unreleased]: https://github.com/OpenNHP/opennhp/compare/v0.6.0...HEAD
[0.6.0]: https://github.com/OpenNHP/opennhp/compare/v0.5.0...v0.6.0
[0.5.0]: https://github.com/OpenNHP/opennhp/compare/v0.4.1...v0.5.0
[0.4.1]: https://github.com/OpenNHP/opennhp/compare/v0.4.0...v0.4.1
[0.4.0]: https://github.com/OpenNHP/opennhp/compare/v0.3.6...v0.4.0
[0.3.6]: https://github.com/OpenNHP/opennhp/releases/tag/v0.3.6
================================================
FILE: CLAUDE.md
================================================
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
OpenNHP is a Go-based Zero Trust security toolkit implementing two core protocols:
- **NHP (Network-infrastructure Hiding Protocol)**: Conceals server ports, IPs, and domains from unauthorized access
- **DHP (Data-object Hiding Protocol)**: Ensures data security via encryption and confidential computing
The system follows NIST Zero Trust Architecture with three core components that communicate via encrypted UDP packets using the Noise Protocol Framework.
## Git Commit Requirements
All commits must be signed with a verified GPG or SSH key. Unsigned commits will fail CI checks.
```bash
# Sign commits (if not configured globally)
git commit -S -m "your message"
# Amend to sign an existing commit
git commit --amend --no-edit -S
```
## Build Commands
```bash
# Full build (all components + SDKs + plugins + archive)
make
# Build individual components
make agentd # Build nhp-agent daemon
make serverd # Build nhp-server daemon
make acd # Build nhp-ac (access controller) daemon
make db # Build nhp-db daemon
make kgc # Build nhp-kgc (key generation center)
# Build with eBPF support (requires clang)
make ebpf
# Build plugins
make plugins
# Initialize/tidy modules
make init
```
## Running Tests
```bash
# Run tests in the nhp module
cd nhp && go test ./...
# Run tests in the endpoints module
cd endpoints && go test ./...
# Run specific test file
cd nhp && go test -v ./test/packet_test.go
# Run benchmark tests
cd nhp && go test -bench=. ./core/benchmark/
```
## Code Formatting
**IMPORTANT**: All Go code must be properly formatted before committing. CI will fail if formatting is incorrect.
### Before Committing
Always run these commands on modified Go files:
```bash
# Format code with gofmt
gofmt -w <file.go>
# Fix import grouping with goimports
goimports -w <file.go>
# Or format all files in a directory
gofmt -w ./path/to/package/
goimports -w ./path/to/package/
```
### Import Grouping Style
Imports must be organized into three groups separated by blank lines:
1. Standard library imports
2. External third-party imports
3. Internal project imports
```go
import (
"fmt"
"net/http"
"github.com/gin-gonic/gin"
"github.com/pelletier/go-toml/v2"
"github.com/OpenNHP/opennhp/nhp/common"
"github.com/OpenNHP/opennhp/nhp/log"
)
```
### Verify Formatting
Check if files need formatting (no output means properly formatted):
```bash
gofmt -l <file.go>
goimports -l <file.go>
```
### Install goimports
If `goimports` is not installed:
```bash
go install golang.org/x/tools/cmd/goimports@latest
```
## Docker Development
```bash
# Build and run the full stack
cd docker && docker-compose up --build
# Individual service testing
docker-compose up nhp-server
docker-compose up nhp-ac
docker-compose up nhp-agent
```
## Architecture
### Module Structure
The codebase uses two separate Go modules with a local replace directive:
- **`nhp/`**: Core protocol library
- `core/`: Packet handling, cryptography, device management, Noise Protocol implementation
- `common/`: Shared types and message definitions (AgentKnockMsg, ServerKnockAckMsg, etc.)
- `utils/`: Utility functions
- `plugins/`: Plugin handler interfaces (PluginHandler interface)
- `log/`: Logging infrastructure
- `etcd/`: Distributed configuration support
- **`endpoints/`**: Daemon implementations (depends on nhp module)
- `agent/`: NHP-Agent - client that sends knock requests
- `server/`: NHP-Server - authenticates and authorizes requests
- `ac/`: NHP-AC - access controller that manages firewall rules
- `db/`: NHP-DB - data object management for DHP
- `kgc/`: Key Generation Center for IBC (Identity-Based Cryptography)
- `relay/`: TCP relay functionality
### Core Concepts
**Device Types** (defined in `nhp/core/device.go`):
- `NHP_AGENT`: Client initiating access requests
- `NHP_SERVER`: Central authentication/authorization server
- `NHP_AC`: Access controller managing network rules
- `NHP_DB`: Data object backend for DHP
- `NHP_RELAY`: Packet relay
**Packet Types** (defined in `nhp/core/packet.go`):
- `NHP_KNK`: Agent knock request
- `NHP_ACK`: Server knock acknowledgment
- `NHP_AOP`: Server-to-AC operation request
- `NHP_ART`: AC operation result
- `NHP_REG`/`NHP_RAK`: Agent registration flow
- `DHP_*`: Data Hiding Protocol messages
**Cipher Schemes** (in `nhp/core/crypto.go`):
- `CIPHER_SCHEME_CURVE`: Curve25519 + ChaCha20-Poly1305 + BLAKE2s
- `CIPHER_SCHEME_GMSM`: SM2 + SM4-GCM + SM3 (Chinese national standards)
### Configuration
All daemons use TOML configuration files in their respective `etc/` directories:
- `config.toml`: Base configuration (private key, listen address, log level)
- `server.toml`: Remote server/peer definitions
- `resource.toml`: Protected resources and auth service providers
- `http.toml`: HTTP server settings (for nhp-server)
### Plugin System
Server plugins implement the `PluginHandler` interface (`nhp/plugins/serverpluginhandler.go`) and are built as Go plugins (`.so` files). See `examples/server_plugin/` for reference implementation.
Key plugin methods:
- `AuthWithNHP()`: Handle NHP protocol authentication
- `AuthWithHttp()`: Handle HTTP-based authentication
- `RegisterAgent()`: Agent registration
- `ListService()`: Service discovery
### Key Generation
All daemons support the `keygen` command:
```bash
./nhp-serverd keygen --curve # Generate Curve25519 keys
./nhp-serverd keygen --sm2 # Generate SM2 keys (default)
```
## Protocol Flow
1. Agent sends encrypted knock (`NHP_KNK`) to Server
2. Server validates, sends operation request (`NHP_AOP`) to AC
3. AC opens firewall, responds (`NHP_ART`) to Server
4. Server sends acknowledgment (`NHP_ACK`) with access info to Agent
5. Agent can now access the protected resource through AC
================================================
FILE: CODE_OF_CONDUCT.md
================================================
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
opennhp@gmail.com.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within
the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing to OpenNHP
Thank you for your interest in contributing to OpenNHP! This document provides guidelines and information for contributors.
## Code of Conduct
Please read and follow our [Code of Conduct](CODE_OF_CONDUCT.md) to maintain a welcoming and inclusive community.
## Getting Started
### Prerequisites
- **Go 1.24+** - Required for building the project
- **Make** - Build automation
- **Git** - Version control
- **golangci-lint** (optional) - For code linting
### Clone and Build
```bash
# Clone the repository
git clone https://github.com/OpenNHP/opennhp.git
cd opennhp
# Initialize dependencies
make init
# Build all binaries
make
```
### Project Structure
```
opennhp/
├── nhp/ # Core NHP protocol library
│ ├── core/ # Protocol implementation
│ ├── common/ # Shared types and utilities
│ ├── utils/ # Helper functions
│ ├── plugins/ # Plugin system
│ └── test/ # Unit tests
├── endpoints/ # Network daemon implementations
│ ├── agent/ # NHP Agent (client)
│ ├── server/ # NHP Server
│ ├── ac/ # Access Controller
│ ├── db/ # Database component
│ └── kgc/ # Key Generation Center
├── examples/ # Example implementations
│ ├── server_plugin/ # Example server plugin
│ └── client_sdk/ # SDK usage examples
├── docs/ # Documentation
├── docker/ # Docker configurations
└── release/ # Build outputs
```
### Running Tests
```bash
# Run all tests
make test
# Run tests with race detection
make test-race
# Run tests with coverage
make coverage
```
### Code Style
- Use `gofmt` for code formatting: `make fmt`
- Follow [Go Code Review Comments](https://github.com/golang/go/wiki/CodeReviewComments)
- Write clear, descriptive commit messages
- Add tests for new functionality
- Document exported functions and types
## Development Workflow
### Making Changes
1. **Fork** the repository on GitHub
2. **Clone** your fork locally
3. **Create a branch** for your changes:
```bash
git checkout -b feature/your-feature-name
```
4. **Make your changes** and commit them
5. **Test** your changes:
```bash
make test
make fmt
```
6. **Push** to your fork:
```bash
git push origin feature/your-feature-name
```
7. **Open a Pull Request** on GitHub
### Commit Messages
Write clear, concise commit messages that explain the "why" behind your changes:
```
feat(server): add health check endpoint
Add /health and /ready endpoints for Kubernetes liveness
and readiness probes.
```
Use conventional commit prefixes:
- `feat:` - New features
- `fix:` - Bug fixes
- `docs:` - Documentation changes
- `test:` - Test additions or modifications
- `refactor:` - Code refactoring
- `ci:` - CI/CD changes
- `build:` - Build system changes
### Pull Request Guidelines
- Keep PRs focused on a single change
- Update documentation if needed
- Add tests for new functionality
- Ensure all tests pass
- Request review from maintainers
## Reporting Issues
### Bug Reports
When reporting bugs, please include:
- Go version (`go version`)
- Operating system and version
- Steps to reproduce the issue
- Expected vs actual behavior
- Relevant logs or error messages
### Feature Requests
For feature requests, please:
- Check existing issues to avoid duplicates
- Clearly describe the use case
- Explain the proposed solution
## Security Issues
For security vulnerabilities, please see our [Security Policy](SECURITY.md) and report issues privately.
## Getting Help
- **GitHub Issues** - For bugs and feature requests
- **Discussions** - For questions and community support
- **Documentation** - See the [docs/](docs/) directory
## License
By contributing to OpenNHP, you agree that your contributions will be licensed under the [Apache 2.0 License](LICENSE).
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: Makefile
================================================
export GO111MODULE := on
CUSTOM_LD_FLAGS ?=
all: generate-version-and-build
# Repo settings
GOMODULE = github.com/OpenNHP/opennhp/nhp
# Version and build settings
MAKEFLAGS += --no-print-directory
OS_NAME = $(shell uname -s | tr A-Z a-z)
GOPATH = $(shell go env GOPATH)
GOMOBILE = $(shell which gomobile 2>/dev/null || echo $(GOPATH)/bin/gomobile)
XCODE_APP = $(shell test -d /Applications/Xcode.app && echo found || echo "")
XCODE_SELECT = $(shell xcode-select -p 2>/dev/null | grep -q Xcode.app && echo found || echo "")
# Version number auto increment
TIMESTAMP=$(shell date +%y%m%d%H%M%S)
VERSION = $(shell cat nhp/version/VERSION).$(TIMESTAMP)
# Other version settings
COMMIT_ID = $(shell git show -s --format=%H)
COMMIT_TIME = $(shell git show -s --format=%cd --date=format:'%Y-%m-%d %H:%M:%S')
BUILD_TIME = $(shell date "+%Y-%m-%d %H:%M:%S")
# Built Package File Name
PACKAGE_FILE = opennhp-$(VERSION).tar.gz
# Go build flags
LD_FLAGS = "${CUSTOM_LD_FLAGS} -s -w -X '${GOMODULE}/version.Version=${VERSION}' -X '${GOMODULE}/version.CommitId=${COMMIT_ID}' -X '${GOMODULE}/version.CommitTime=${COMMIT_TIME}' -X '${GOMODULE}/version.BuildTime=${BUILD_TIME}'"
# Color definition
COLOUR_GREEN=\033[0;32m
COLOUR_RED=\033[0;31m
COLOUR_BLUE=\033[0;34m
END_COLOUR=\033[0m
# Plugins
NHP_SERVER_PLUGINS = ./examples/server_plugin/basic
NHP_AUTHENTICATOR_PLUGINS = ./examples/server_plugin/authenticator
# Android environment settings
ANDROID_CC='${TOOLCHAIN}/bin/aarch64-linux-android21-clang'
ANDROID_CXX='${TOOLCHAIN}/bin/aarch64-linux-android21-clang++'
# eBPF compile
ifneq (,$(findstring ebpf,$(MAKECMDGOALS)))
CLANG := $(shell command -v clang 2>/dev/null)
ifeq ($(CLANG),)
$(error "clang is not installed. Please install clang to compile eBPF programs.")
endif
endif
EBPF_SRC_XDP = ./nhp/ebpf/xdp/nhp_ebpf_xdp.c
EBPF_SRC_TC_EGRESS = ./nhp/ebpf/xdp/tc_egress.c
EBPF_OBJ_XDP = ./release/nhp-ac/etc/nhp_ebpf_xdp.o
EBPF_OBJ_TC_EGRESS = ./release/nhp-ac/etc/tc_egress.o
CLANG_OPTS = -O2 -target bpf -g -Wall -I.
.PHONY: ebpf
ebpf: $(EBPF_OBJ_XDP) $(EBPF_OBJ_TC_EGRESS) generate-version-and-build
@echo "$(COLOUR_GREEN)[eBPF] Full build completed$(END_COLOUR)"
$(EBPF_OBJ_XDP): $(EBPF_SRC_XDP)
@mkdir -p $(@D)
@echo "$(COLOUR_BLUE)[eBPF] Compiling: $< -> $@ $(END_COLOUR)"
$(CLANG) $(CLANG_OPTS) -c $(EBPF_SRC_XDP) -o $(EBPF_OBJ_XDP)
$(EBPF_OBJ_TC_EGRESS): $(EBPF_SRC_TC_EGRESS)
@mkdir -p $(@D)
@echo "$(COLOUR_BLUE)[eBPF] Compiling: $< -> $@ $(END_COLOUR)"
$(CLANG) $(CLANG_OPTS) -c $(EBPF_SRC_TC_EGRESS) -o $(EBPF_OBJ_TC_EGRESS)
clean_ebpf:
@rm -f $(EBPF_OBJ_XDP) $(EBPF_OBJ_TC_EGRESS)
@echo "$(COLOUR_GREEN)[Clean] Removed eBPF object file$(END_COLOUR)"
generate-version-and-build:
@echo "$(COLOUR_BLUE)[OpenNHP] Start building... $(END_COLOUR)"
@echo "$(COLOUR_BLUE)Version: ${VERSION} $(END_COLOUR)"
@echo "$(COLOUR_BLUE)Commit id: ${COMMIT_ID} $(END_COLOUR)"
@echo "$(COLOUR_BLUE)Commit time: ${COMMIT_TIME} $(END_COLOUR)"
@echo "$(COLOUR_BLUE)Build time: ${BUILD_TIME} $(END_COLOUR)"
@$(MAKE) init
@$(MAKE) agentd
@$(MAKE) acd
@$(MAKE) serverd
@$(MAKE) db
@$(MAKE) kgc
@$(MAKE) linuxagentsdk
@$(MAKE) androidagentsdk
@$(MAKE) macosagentsdk
@$(MAKE) iosagentsdk
@$(MAKE) devicesdk
@$(MAKE) plugins
@$(MAKE) archive
@echo "$(COLOUR_GREEN)[OpenNHP] Build for platform ${OS_NAME} successfully done!$(END_COLOUR)"
init:
@echo "$(COLOUR_BLUE)[OpenNHP] Initializing... $(END_COLOUR)"
git clean -df release
cd nhp && go mod download
cd endpoints && go mod download
@for dir in ./examples/server_plugin/*/; do \
if [ -f "$$dir/go.mod" ]; then \
echo "$(COLOUR_BLUE)[Plugin-$$(basename $$dir)] Running go mod download... $(END_COLOUR)"; \
cd "$$dir" && go mod download && cd - > /dev/null; \
else \
for subdir in "$$dir"/*/; do \
if [ -f "$$subdir/go.mod" ]; then \
echo "$(COLOUR_BLUE)[Plugin-$$(basename $$subdir)] Running go mod download... $(END_COLOUR)"; \
cd "$$subdir" && go mod download && cd - > /dev/null; \
fi \
done \
fi \
done
# Use this target when you need to update dependencies (will modify go.sum)
tidy:
@echo "$(COLOUR_BLUE)[OpenNHP] Running go mod tidy... $(END_COLOUR)"
cd nhp && go mod tidy
cd endpoints && go mod tidy
@for dir in ./examples/server_plugin/*/; do \
if [ -f "$$dir/go.mod" ]; then \
echo "$(COLOUR_BLUE)[Plugin-$$(basename $$dir)] Running go mod tidy... $(END_COLOUR)"; \
cd "$$dir" && go mod tidy && cd - > /dev/null; \
else \
for subdir in "$$dir"/*/; do \
if [ -f "$$subdir/go.mod" ]; then \
echo "$(COLOUR_BLUE)[Plugin-$$(basename $$subdir)] Running go mod tidy... $(END_COLOUR)"; \
cd "$$subdir" && go mod tidy && cd - > /dev/null; \
fi \
done \
fi \
done
@echo "$(COLOUR_GREEN)[OpenNHP] go mod tidy complete. Remember to commit go.sum files!$(END_COLOUR)"
agentd:
@echo "$(COLOUR_BLUE)[OpenNHP] Building nhp-agent... $(END_COLOUR)"
cd endpoints && \
go build -trimpath -ldflags ${LD_FLAGS} -v -o ../release/nhp-agent/nhp-agentd ./agent/main/main.go && \
cp ./agent/main/etc/*.toml ../release/nhp-agent/etc/ && \
cp -rf ./agent/main/etc/certs ../release/nhp-agent/etc/
acd:
@echo "$(COLOUR_BLUE)[OpenNHP] Building nhp-ac... $(END_COLOUR)"
cd endpoints && \
go build -trimpath -ldflags ${LD_FLAGS} -v -o ../release/nhp-ac/nhp-acd ./ac/main/main.go && \
cp ./ac/main/etc/*.toml ../release/nhp-ac/etc/
serverd:
@echo "$(COLOUR_BLUE)[OpenNHP] Building nhp-server... $(END_COLOUR)"
cd endpoints && \
go build -trimpath -ldflags ${LD_FLAGS} -v -o ../release/nhp-server/nhp-serverd ./server/main/main.go && \
mkdir -p ../release/nhp-server/etc; \
cp ./server/main/etc/*.toml ../release/nhp-server/etc/
db:
@echo "$(COLOUR_BLUE)[OpenNHP] Building nhp-db... $(END_COLOUR)"
cd endpoints && \
go build -trimpath -ldflags ${LD_FLAGS} -v -o ../release/nhp-db/nhp-db ./db/main/main.go && \
mkdir -p ../release/nhp-db/etc; \
cp ./db/main/etc/*.toml ../release/nhp-db/etc/
kgc:
@echo "$(COLOUR_BLUE)[OpenNHP] Building nhp-kgc... $(END_COLOUR)"
cd endpoints && \
go build -trimpath -ldflags ${LD_FLAGS} -v -o ../release/nhp-kgc/nhp-kgc ./kgc/main/main.go && \
mkdir -p ../release/nhp-kgc/etc; \
cp ./kgc/main/etc/*.toml ../release/nhp-kgc/etc/
linuxagentsdk:
@echo "$(COLOUR_BLUE)[OpenNHP] Building Linux agent SDK... $(END_COLOUR)"
ifeq ($(OS_NAME), linux)
cd endpoints && \
go build -a -trimpath -buildmode=c-shared -ldflags ${LD_FLAGS} -v -o ../release/nhp-agent/nhp-agent.so ./agent/main/main.go ./agent/main/export.go
endif
androidagentsdk:
@echo "$(COLOUR_BLUE)[OpenNHP] Building Android agent SDK... $(END_COLOUR)"
ifeq ($(OS_NAME), linux)
ifeq ($(TOOLCHAIN),)
@echo "Android NDK is not installed. Please install Android NDK to compile Android SDK."
else
cd endpoints && \
GOOS=android GOARCH=arm64 CGO_ENABLED=1 \
CC=${ANDROID_CC} CXX=${ANDROID_CXX} \
go build -a -trimpath -buildmode=c-shared -ldflags ${LD_FLAGS} -v -o ../release/nhp-agent/libnhpagent.so ./agent/main/main.go ./agent/main/export.go
endif
endif
macosagentsdk:
@echo "$(COLOUR_BLUE)[OpenNHP] Building MacOS agent SDK... $(END_COLOUR)"
ifeq ($(OS_NAME), darwin)
ifeq (, $(shell test -f $(GOMOBILE) && echo found))
$(error "No gomobile found, consider doing `go install golang.org/x/mobile/cmd/gomobile@latest`")
endif
cd endpoints && \
GOOS=darwin GOARCH=arm64 CGO_ENABLED=1 \
go build -a -trimpath -buildmode=c-shared -ldflags ${LD_FLAGS} -v -o ../release/nhp-agent/nhp-agent.dylib ./agent/main/main.go ./agent/main/export.go
endif
iosagentsdk:
@echo "$(COLOUR_BLUE)[OpenNHP] Building IOS agent SDK... $(END_COLOUR)"
ifeq ($(OS_NAME), darwin)
ifeq (, $(shell test -f $(GOMOBILE) && echo found))
@echo "$(COLOUR_RED)[Warning] No gomobile found, skipping iOS SDK build$(END_COLOUR)"
@echo "$(COLOUR_RED)Consider doing: go install golang.org/x/mobile/cmd/gomobile@latest$(END_COLOUR)"
else
ifeq (, $(XCODE_APP))
@echo "$(COLOUR_RED)[Warning] Xcode is not installed, skipping iOS SDK build$(END_COLOUR)"
@echo "$(COLOUR_RED)iOS SDK requires full Xcode installation (not just Command Line Tools)$(END_COLOUR)"
else
ifeq (, $(XCODE_SELECT))
@echo "$(COLOUR_RED)[Warning] xcode-select is not pointing to Xcode.app, skipping iOS SDK build$(END_COLOUR)"
@echo "$(COLOUR_RED)Please run: sudo xcode-select --switch /Applications/Xcode.app/Contents/Developer$(END_COLOUR)"
else
cd endpoints && \
PATH=$(GOPATH)/bin:$$PATH $(GOMOBILE) bind -target ios -o ../release/nhp-agent/nhpagent.xcframework ./agent/iossdk
endif
endif
endif
endif
devicesdk:
@echo "$(COLOUR_BLUE)[OpenNHP] Building nhp SDK... $(END_COLOUR)"
ifeq ($(OS_NAME), linux)
cd nhp && \
go build -a -trimpath -buildmode=c-shared -ldflags ${LD_FLAGS} -v -o ../release/nhp-device/nhpdevice.so ./core/main/main.go ./core/main/nhpdevice.go
# gcc ./core/sdkdemo/nhp-device-demo.c -I ./release/nhp-device -I ./core/main -l:nhpdevice.so -L./release/nhp-device -Wl,-rpath=. -o ./release/nhp-device/nhp-device-demo
endif
plugins:
@echo "$(COLOUR_BLUE)[OpenNHP] Building plugins... $(END_COLOUR)"
@for dir in ./examples/server_plugin/*/; do \
if [ -f "$$dir/Makefile" ]; then \
echo "$(COLOUR_BLUE)[Plugin-$$(basename $$dir)] Building... $(END_COLOUR)"; \
$(MAKE) -C "$$dir" || exit 1; \
else \
for subdir in "$$dir"/*/; do \
if [ -f "$$subdir/Makefile" ]; then \
echo "$(COLOUR_BLUE)[Plugin-$$(basename $$subdir)] Building... $(END_COLOUR)"; \
$(MAKE) -C "$$subdir" || exit 1; \
fi \
done \
fi \
done
# Development build (faster, no version injection)
dev:
@echo "$(COLOUR_BLUE)[OpenNHP] Development build...$(END_COLOUR)"
cd nhp && go build ./...
cd endpoints && go build ./...
@echo "$(COLOUR_GREEN)[OpenNHP] Development build complete$(END_COLOUR)"
# Run all tests (excludes wasm/policy which requires WASM build tags)
test:
@echo "$(COLOUR_BLUE)[OpenNHP] Running tests...$(END_COLOUR)"
cd nhp && go test -v $$(go list ./... | grep -v /wasm/policy)
cd endpoints && go test -v ./...
@echo "$(COLOUR_GREEN)[OpenNHP] All tests passed!$(END_COLOUR)"
# Run tests with race detection
test-race:
@echo "$(COLOUR_BLUE)[OpenNHP] Running tests with race detection...$(END_COLOUR)"
cd nhp && go test -race -v $$(go list ./... | grep -v /wasm/policy)
cd endpoints && go test -race -v ./...
@echo "$(COLOUR_GREEN)[OpenNHP] Race detection tests passed!$(END_COLOUR)"
# Format code
fmt:
@echo "$(COLOUR_BLUE)[OpenNHP] Formatting code...$(END_COLOUR)"
cd nhp && go fmt ./...
cd endpoints && go fmt ./...
cd examples/server_plugin/basic && go fmt ./...
@echo "$(COLOUR_GREEN)[OpenNHP] Code formatted$(END_COLOUR)"
# Lint code (requires golangci-lint: https://golangci-lint.run/usage/install/)
lint:
@echo "$(COLOUR_BLUE)[OpenNHP] Linting code...$(END_COLOUR)"
@which golangci-lint > /dev/null || (echo "$(COLOUR_RED)golangci-lint not found. Install: https://golangci-lint.run/usage/install/$(END_COLOUR)" && exit 1)
cd nhp && golangci-lint run ./...
cd endpoints && golangci-lint run ./...
@echo "$(COLOUR_GREEN)[OpenNHP] Linting complete$(END_COLOUR)"
# Clean build artifacts
clean:
@echo "$(COLOUR_BLUE)[OpenNHP] Cleaning build artifacts...$(END_COLOUR)"
rm -rf release/
cd nhp && go clean
cd endpoints && go clean
@echo "$(COLOUR_GREEN)[OpenNHP] Clean complete$(END_COLOUR)"
# Show available targets
help:
@echo ""
@echo "$(COLOUR_BLUE)OpenNHP Makefile$(END_COLOUR)"
@echo ""
@echo "$(COLOUR_GREEN)Development:$(END_COLOUR)"
@echo " make dev - Quick development build (no version injection)"
@echo " make test - Run all tests"
@echo " make test-race - Run tests with race detection"
@echo " make fmt - Format code with gofmt"
@echo " make lint - Lint code with golangci-lint"
@echo " make clean - Remove build artifacts"
@echo ""
@echo "$(COLOUR_GREEN)Build:$(END_COLOUR)"
@echo " make - Build all binaries (default)"
@echo " make init - Download dependencies (preserves go.sum)"
@echo " make tidy - Update dependencies (modifies go.sum)"
@echo " make agentd - Build nhp-agent"
@echo " make serverd - Build nhp-server"
@echo " make acd - Build nhp-ac"
@echo " make db - Build nhp-db"
@echo " make kgc - Build nhp-kgc"
@echo " make plugins - Build server plugins"
@echo ""
@echo "$(COLOUR_GREEN)SDK:$(END_COLOUR)"
@echo " make linuxagentsdk - Build Linux agent SDK (.so)"
@echo " make macosagentsdk - Build macOS agent SDK (.dylib)"
@echo " make iosagentsdk - Build iOS agent SDK (.xcframework)"
@echo " make androidagentsdk - Build Android agent SDK (.so)"
@echo " make devicesdk - Build device SDK"
@echo ""
@echo "$(COLOUR_GREEN)Other:$(END_COLOUR)"
@echo " make ebpf - Compile eBPF programs (requires clang)"
@echo " make archive - Package binaries for distribution"
@echo " make help - Show this help message"
@echo ""
# Run fuzz tests (60 seconds each by default)
fuzz:
@echo "$(COLOUR_BLUE)[OpenNHP] Running fuzz tests...$(END_COLOUR)"
cd nhp && go test -fuzz=FuzzECDHFromKey -fuzztime=60s ./test/
cd nhp && go test -fuzz=FuzzAESDecrypt -fuzztime=60s ./test/
cd nhp && go test -fuzz=FuzzHeaderTypeToDeviceType -fuzztime=60s ./test/
cd nhp && go test -fuzz=FuzzAgentKnockMsg -fuzztime=60s ./test/
@echo "$(COLOUR_GREEN)[OpenNHP] Fuzz tests completed$(END_COLOUR)"
# Run fuzz tests briefly (for CI)
fuzz-quick:
@echo "$(COLOUR_BLUE)[OpenNHP] Running quick fuzz tests...$(END_COLOUR)"
cd nhp && go test -fuzz=FuzzECDHFromKey -fuzztime=10s ./test/
cd nhp && go test -fuzz=FuzzAESDecrypt -fuzztime=10s ./test/
cd nhp && go test -fuzz=FuzzAgentKnockMsg -fuzztime=10s ./test/
@echo "$(COLOUR_GREEN)[OpenNHP] Quick fuzz tests completed$(END_COLOUR)"
# Run tests with coverage
coverage:
@echo "$(COLOUR_BLUE)[OpenNHP] Running tests with coverage...$(END_COLOUR)"
cd nhp && go test -coverprofile=coverage.out -covermode=atomic ./...
cd endpoints && go test -coverprofile=coverage.out -covermode=atomic ./...
@echo "$(COLOUR_GREEN)[OpenNHP] Coverage reports generated$(END_COLOUR)"
# View coverage report in browser
coverage-html:
@echo "$(COLOUR_BLUE)[OpenNHP] Generating HTML coverage reports...$(END_COLOUR)"
cd nhp && go tool cover -html=coverage.out -o coverage.html
cd endpoints && go tool cover -html=coverage.out -o coverage.html
@echo "$(COLOUR_GREEN)[OpenNHP] Coverage reports: nhp/coverage.html, endpoints/coverage.html$(END_COLOUR)"
archive:
@echo "$(COLOUR_BLUE)[OpenNHP] Start archiving... $(END_COLOUR)"
@cd release && mkdir -p archive && tar -czvf ./archive/$(PACKAGE_FILE) nhp-agent nhp-ac nhp-db nhp-server
@echo "$(COLOUR_GREEN)[OpenNHP] Package ${PACKAGE_FILE} archived!$(END_COLOUR)"
.PHONY: all generate-version-and-build init tidy agentd acd serverd db linuxagentsdk androidagentsdk macosagentsdk iosagentsdk devicesdk plugins dev test test-race fmt lint clean help fuzz fuzz-quick coverage coverage-html archive ebpf clean_ebpf
================================================
FILE: README.de.md
================================================
[](https://github.com/OpenNHP/opennhp/blob/master/README.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.zh-cn.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.de.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.ja.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.fr.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.es.md)
# OpenNHP: Zero Trust Netzwerk-Infrastruktur-Verbergungsprotokoll
Ein leichtgewichtiges, kryptographisch getriebenes Zero Trust Netzwerkprotokoll auf der OSI-Schicht 5, um Ihren Server und Ihre Daten vor Angreifern zu verbergen.
---
## Herausforderung: KI verwandelt das Internet in einen "Dunklen Wald"
Der schnelle Fortschritt der **KI**-Technologien, insbesondere großer Sprachmodelle (LLMs), verändert die Cybersicherheitslandschaft erheblich. Das Aufkommen der **autonomen Ausnutzung von Schwachstellen (AVE)** stellt einen großen Fortschritt im KI-Zeitalter dar, indem es die Ausnutzung von Schwachstellen automatisiert, wie in [diesem Forschungspapier](https://arxiv.org/abs/2404.08144) gezeigt wird. Diese Entwicklung erhöht das Risiko für alle exponierten Netzwerkdienste erheblich und erinnert an die [Dunkle Wald-Hypothese](https://de.wikipedia.org/wiki/Dunkler_Wald) des Internets. KI-gesteuerte Tools scannen kontinuierlich die digitale Umgebung, identifizieren schnell Schwachstellen und nutzen sie aus. Folglich entwickelt sich das Internet zu einem **"dunklen Wald"**, in dem **Sichtbarkeit Verwundbarkeit bedeutet**.
Gartner prognostiziert einen [schnellen Anstieg von KI-gesteuerten Cyberangriffen](https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025). Dieser Wandel erfordert eine Neubewertung traditioneller Cybersicherheitsstrategien mit einem Fokus auf proaktive Verteidigungsmaßnahmen, schnelle Reaktionsmechanismen und die Einführung von Netzwerkverbergungstechnologien zum Schutz kritischer Infrastrukturen.
---
## Schnelle Demo: OpenNHP in Aktion sehen
Bevor wir in die Details von OpenNHP eintauchen, beginnen wir mit einer kurzen Demonstration, wie OpenNHP einen Server vor unbefugtem Zugriff schützt. Sie können dies in Aktion sehen, indem Sie den geschützten Server unter https://acdemo.opennhp.org aufrufen.
### 1) Der geschützte Server ist für nicht authentifizierte Benutzer "unsichtbar"
Standardmäßig führt jeder Versuch, eine Verbindung zum geschützten Server herzustellen, zu einem TIME OUT-Fehler, da alle Ports geschlossen sind, wodurch der Server *"unsichtbar"* und scheinbar offline wird.
Das Scannen der Ports des Servers führt ebenfalls zu einem TIME OUT-Fehler.
### 2) Nach der Authentifizierung wird der geschützte Server zugänglich
OpenNHP unterstützt eine Vielzahl von Authentifizierungsmethoden, wie OAuth, SAML, QR-Codes und mehr. Für diese Demonstration verwenden wir einen einfachen Benutzernamen/Passwort-Authentifizierungsdienst unter https://demologin.opennhp.org.
Sobald Sie auf die Schaltfläche "Login" klicken, ist die Authentifizierung erfolgreich und Sie werden zum geschützten Server weitergeleitet. Zu diesem Zeitpunkt wird der Server *"sichtbar"* und auf Ihrem Gerät zugänglich.
---
## Vision: Das Internet vertrauenswürdig machen
Die Offenheit der TCP/IP-Protokolle hat das explosive Wachstum von Internetanwendungen vorangetrieben, aber auch Schwachstellen offengelegt, die es böswilligen Akteuren ermöglichen, unbefugten Zugriff zu erhalten und jede exponierte IP-Adresse auszunutzen. Obwohl das [OSI-Netzwerkmodell](https://de.wikipedia.org/wiki/OSI-Modell) die *5. Schicht (Sitzungsschicht)* zur Verwaltung von Verbindungen definiert, wurden bisher nur wenige effektive Lösungen hierfür implementiert.
**NHP**, oder das **"Netzwerk-Infrastruktur-Verbergungsprotokoll"**, ist ein leichtgewichtiges, kryptographisch getriebenes Zero Trust Netzwerkprotokoll, das auf der *OSI-Sitzungsschicht* arbeitet und sich ideal zur Verwaltung der Netzwerkvisibilität und Verbindungen eignet. Das Hauptziel von NHP ist es, geschützte Ressourcen vor unbefugten Entitäten zu verbergen und den Zugriff nur verifizierten, autorisierten Benutzern durch kontinuierliche Überprüfung zu gewähren, um so zu einem vertrauenswürdigeren Internet beizutragen.
---
## Lösung: OpenNHP stellt die Kontrolle über die Netzwerkvisibilität wieder her
**OpenNHP** ist die Open-Source-Implementierung des NHP-Protokolls. Es basiert auf der Kryptographie und wurde mit Sicherheitsprinzipien im Vordergrund entwickelt, um eine echte Zero Trust-Architektur auf der *OSI-Sitzungsschicht* zu implementieren.
OpenNHP baut auf früheren Forschungen zur Netzwerkverbergungstechnologie auf und nutzt moderne kryptographische Rahmenwerke und Architektur, um Sicherheit und hohe Leistung zu gewährleisten und die Einschränkungen früherer Technologien zu überwinden.
| Netzwerk-Infrastruktur-Verbergungsprotokoll | 1. Generation | 2. Generation | 3. Generation |
|:---|:---|:---|:---|
| **Kerntechnologie** | [Port Knocking](https://de.wikipedia.org/wiki/Port_knocking) | [Single Packet Authorization (SPA)](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2) | Netzwerk-Infrastruktur-Verbergungsprotokoll (NHP) |
| **Authentifizierung** | Port-Sequenzen | Geteilte Geheimnisse | Modernes Kryptographie-Rahmenwerk |
| **Architektur** | Kein Kontrollplan | Kein Kontrollplan | Skalierbarer Kontrollplan |
| **Fähigkeit** | Ports verbergen | Ports verbergen | Ports, IPs und Domains verbergen |
| **Zugriffskontrolle** | IP-Ebene | Port-Ebene | Anwendungsebene |
| **Open-Source-Projekte** | [knock](https://github.com/jvinet/knock) *(C)* | [fwknop](https://github.com/mrash/fwknop) *(C++)* | [OpenNHP](https://github.com/OpenNHP/opennhp) *(Go)* |
> Es ist entscheidend, eine **speichersichere** Sprache wie *Go* für die Entwicklung von OpenNHP zu wählen, wie im [technischen Bericht der US-Regierung](https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf) betont wird. Für einen detaillierten Vergleich zwischen **SPA und NHP** lesen Sie bitte die [Abschnitt unten](#comparison-between-spa-and-nhp).
## Sicherheitsvorteile
Da OpenNHP Zero Trust-Prinzipien auf der *OSI-Sitzungsschicht* implementiert, bietet es erhebliche Vorteile:
- Reduziert die Angriffsfläche durch Verbergen der Infrastruktur
- Verhindert unbefugte Netzwerkaufklärung
- Mildert die Ausnutzung von Schwachstellen
- Verhindert Phishing durch verschlüsseltes DNS
- Schützt vor DDoS-Angriffen
- Ermöglicht granulare Zugriffskontrolle
- Bietet verbindungsbasierte Identitätsverfolgung
- Angriffszurechnung
## Architektur
Die Architektur von OpenNHP orientiert sich an der [NIST Zero Trust-Architektur](https://www.nist.gov/publications/zero-trust-architecture). Sie folgt einem modularen Design mit drei Hauptkomponenten: **NHP-Server**, **NHP-AC** und **NHP-Agent**, wie in der folgenden Abbildung dargestellt.
> Weitere Informationen zur Architektur und zum Workflow finden Sie in der [OpenNHP-Dokumentation](https://docs.opennhp.org/).
## Kern: Kryptographische Algorithmen
Kryptographie steht im Mittelpunkt von OpenNHP und bietet robuste Sicherheit, hervorragende Leistung und Skalierbarkeit durch den Einsatz modernster kryptographischer Algorithmen. Nachfolgend sind die wichtigsten kryptographischen Algorithmen und Frameworks aufgeführt, die von OpenNHP verwendet werden:
- **[Elliptische Kurvenkryptographie (ECC)](https://de.wikipedia.org/wiki/Elliptische-Kurven-Kryptographie)**: Wird für effiziente asymmetrische Kryptographie verwendet.
> Im Vergleich zu RSA bietet ECC eine höhere Effizienz mit stärkerer Verschlüsselung bei kürzeren Schlüssellängen, was sowohl die Netzwerkübertragung als auch die Rechenleistung verbessert. Die folgende Tabelle zeigt die Unterschiede in der Sicherheitsstärke, den Schlüssellängen und dem Verhältnis zwischen RSA und ECC sowie die jeweiligen Gültigkeitszeiträume.
| Sicherheitsstärke (Bits) | DSA/RSA-Schlüssellänge (Bits) | ECC-Schlüssellänge (Bits) | Verhältnis: ECC zu DSA/RSA | Gültigkeit |
|:------------------------:|:-----------------------------:|:------------------------:|:--------------------------:|:---------:|
| 80 | 1024 | 160-223 | 1:6 | Bis 2010 |
| 112 | 2048 | 224-255 | 1:9 | Bis 2030 |
| 128 | 3072 | 256-383 | 1:12 | Nach 2031 |
| 192 | 7680 | 384-511 | 1:20 | |
| 256 | 15360 | 512+ | 1:30 | |
- **[Noise Protocol Framework](https://noiseprotocol.org/)**: Ermöglicht sicheren Schlüsselaustausch, Nachrichtenverschlüsselung/-entschlüsselung und gegenseitige Authentifizierung.
> Das Noise-Protokoll basiert auf dem [Diffie-Hellman-Schlüsselaustausch](https://de.wikipedia.org/wiki/Diffie-Hellman-Schl%C3%BCsselaustausch) und bietet moderne kryptographische Lösungen wie gegenseitige und optionale Authentifizierung, Identitätsverbergung, Vorwärtsgeheimnis und null Round-Trip-Verschlüsselung. Es hat sich bereits durch seine Sicherheit und Leistung bewährt und wird von beliebten Anwendungen wie [WhatsApp](https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf), [Slack](https://github.com/slackhq/nebula) und [WireGuard](https://www.wireguard.com/) verwendet.
- **[Identitätsbasierte Kryptographie (IBC)](https://de.wikipedia.org/wiki/Identit%C3%A4tsbasierte_Kryptographie)**: Vereinfacht die Schlüsselverteilung im großen Maßstab.
> Eine effiziente Schlüsselverteilung ist entscheidend für die Umsetzung von Zero Trust. OpenNHP unterstützt sowohl PKI als auch IBC. Während PKI seit Jahrzehnten weit verbreitet ist, hängt es von zentralisierten Zertifizierungsstellen (CA) zur Identitätsprüfung und Schlüsselverwaltung ab, was zeitaufwändig und kostspielig sein kann. Im Gegensatz dazu ermöglicht IBC einen dezentralisierten und selbstverwalteten Ansatz für die Identitätsprüfung und Schlüsselverwaltung, was es kostengünstiger für die Zero Trust-Umgebung von OpenNHP macht, in der Milliarden von Geräten oder Servern in Echtzeit geschützt und eingebunden werden müssen.
- **[Zertifikatslose Kryptographie (CL-PKC)](https://de.wikipedia.org/wiki/Zertifikatslose_Kryptographie)**: Empfohlener IBC-Algorithmus
> CL-PKC ist ein Schema, das die Sicherheit verbessert, indem es die Schlüsselverwaltung vermeidet und die Einschränkungen der identitätsbasierten Kryptographie (IBC) angeht. In den meisten IBC-Systemen wird der private Schlüssel eines Benutzers von einer Schlüsselgenerierungsstelle (KGC) erstellt, was erhebliche Risiken birgt. Ein kompromittierter KGC kann zur Offenlegung der privaten Schlüssel aller Benutzer führen, wodurch volles Vertrauen in den KGC erforderlich ist. CL-PKC mindert dieses Problem, indem der Schlüsselerstellungsprozess aufgeteilt wird, sodass der KGC nur einen Teil des privaten Schlüssels kennt. Dadurch kombiniert CL-PKC die Stärken von PKI und IBC und bietet eine stärkere Sicherheit ohne die Nachteile der zentralisierten Schlüsselverwaltung.
Weiterführende Informationen:
> Weitere Details zu den in OpenNHP verwendeten kryptographischen Algorithmen finden Sie in der [OpenNHP-Dokumentation](https://docs.opennhp.org/cryptography/).
## Hauptfunktionen
- Mildert die Ausnutzung von Schwachstellen, indem standardmäßig "deny-all"-Regeln angewendet werden
- Verhindert Phishing-Angriffe durch verschlüsselte DNS-Auflösung
- Schützt vor DDoS-Angriffen, indem die Infrastruktur verborgen wird
- Ermöglicht Angriffszurechnung durch identitätsbasierte Verbindungen
- Standardmäßig verweigerter Zugriff auf alle geschützten Ressourcen
- Authentifizierung basierend auf Identität und Geräten vor dem Netzwerkzugang
- Verschlüsselte DNS-Auflösung, um DNS-Hijacking zu verhindern
- Verteilte Infrastruktur zur Minderung von DDoS-Angriffen
- Skalierbare Architektur mit entkoppelten Komponenten
- Integration mit bestehenden Systemen zur Verwaltung von Identitäten und Zugriffen
- Unterstützung für verschiedene Bereitstellungsmodelle (Client-zu-Gateway, Client-zu-Server usw.)
- Kryptographisch sicher unter Verwendung moderner Algorithmen (ECC, Noise Protocol, IBC)
<details>
<summary>Klicken Sie hier, um die Funktionsdetails zu erweitern</summary>
- **Standardmäßig verweigerter Zugriff**: Alle Ressourcen sind standardmäßig verborgen und werden nur nach Authentifizierung und Autorisierung zugänglich.
- **Authentifizierung basierend auf Identität und Geräten**: Stellt sicher, dass nur bekannte Benutzer auf zugelassenen Geräten Zugriff erhalten.
- **Verschlüsselte DNS-Auflösung**: Verhindert DNS-Hijacking und damit verbundene Phishing-Angriffe.
- **DDoS-Minderung**: Das verteilte Infrastruktursystem hilft beim Schutz vor DDoS-Angriffen.
- **Skalierbare Architektur**: Entkoppelte Komponenten ermöglichen flexiblen Einsatz und Skalierung.
- **IAM-Integration**: Funktioniert mit Ihren bestehenden Systemen zur Verwaltung von Identitäten und Zugriffen.
- **Flexibler Einsatz**: Unterstützt verschiedene Modelle, einschließlich Client-zu-Gateway, Client-zu-Server und mehr.
- **Starke Kryptographie**: Nutzt moderne Algorithmen wie ECC, Noise Protocol und IBC für robuste Sicherheit.
</details>
## Bereitstellung
OpenNHP unterstützt mehrere Bereitstellungsmodelle für unterschiedliche Anwendungsfälle:
- Client-zu-Gateway: Sichert den Zugriff auf mehrere Server hinter einem Gateway
- Client-zu-Server: Sichert direkt einzelne Server/Anwendungen
- Server-zu-Server: Sichert die Kommunikation zwischen Backend-Diensten
- Gateway-zu-Gateway: Sichert Standort-zu-Standort-Verbindungen
> Weitere Details zur Bereitstellung finden Sie in der [OpenNHP-Dokumentation](https://docs.opennhp.org/deploy/).
## Vergleich zwischen SPA und NHP
Das Single Packet Authorization (SPA)-Protokoll ist in der vom [Cloud Security Alliance (CSA)](https://cloudsecurityalliance.org/) veröffentlichten [Software Defined Perimeter (SDP)-Spezifikation](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2) enthalten. NHP verbessert die Sicherheit, Zuverlässigkeit, Skalierbarkeit und Erweiterbarkeit durch ein modernes kryptographisches Framework und eine moderne Architektur, wie im [AHAC-Forschungspapier](https://www.mdpi.com/2076-3417/14/13/5593) gezeigt.
| - | SPA | NHP | Vorteile von NHP |
|:---|:---|:---|:---|
| **Architektur** | Das SPA-Paketentschlüsselungs- und Benutzer-/Geräteauthentifizierungskomponente ist mit der Netzwerkzugriffskontrollkomponente im SPA-Server gekoppelt. | NHP-Server (die Paketentschlüsselungs- und Benutzer-/Geräteauthentifizierungskomponente) und NHP-AC (die Zugriffskontrollkomponente) sind entkoppelt. Der NHP-Server kann auf separaten Hosts bereitgestellt werden und unterstützt horizontale Skalierung. | <ul><li>Performance: Die ressourcenintensive Komponente NHP-Server ist vom geschützten Server getrennt.</li><li>Skalierbarkeit: Der NHP-Server kann im verteilten oder Cluster-Modus bereitgestellt werden.</li><li>Sicherheit: Die IP-Adresse des geschützten Servers ist für den Client nicht sichtbar, solange die Authentifizierung nicht erfolgreich war.</li></ul>|
| **Kommunikation** | Einfache Richtung | Bidirektional | Bessere Zuverlässigkeit durch Statusbenachrichtigung der Zugriffskontrolle |
| **Kryptographisches Framework** | Geteilte Geheimnisse | PKI oder IBC, Noise Framework | <ul><li>Sicherheit: Bewährter Schlüsselvereinbarungsmechanismus zur Abschwächung von MITM-Bedrohungen</li><li>Niedrige Kosten: Effiziente Schlüsselverteilung für das Zero Trust-Modell</li><li>Performance: Hochleistungs-Verschlüsselung/Entschlüsselung</li></ul>|
| **Fähigkeit zur Verbergung der Netzwerkinfrastruktur** | Nur Serverports | Domains, IPs und Ports | Stärker gegen verschiedene Angriffe (z.B. Schwachstellen, DNS-Hijacking und DDoS-Angriffe) |
| **Erweiterbarkeit** | Keine, nur für SDP | Universell | Unterstützt jedes Szenario, das eine Dienstverschleierung erfordert |
| **Interoperabilität** | Nicht verfügbar | Anpassbar | NHP kann nahtlos mit bestehenden Protokollen (z.B. DNS, FIDO usw.) integriert werden |
## Beitrag leisten
Wir begrüßen Beiträge zu OpenNHP! Bitte lesen Sie unsere [Beitragsrichtlinien](CONTRIBUTING.md), um mehr darüber zu erfahren, wie Sie sich beteiligen können.
## Lizenz
OpenNHP wird unter der [Apache 2.0-Lizenz](LICENSE) veröffentlicht.
## Kontakt
- Projekt-Website: [https://github.com/OpenNHP/opennhp](https://github.com/OpenNHP/opennhp)
- E-Mail: [opennhp@gmail.com](mailto:opennhp@gmail.com)
- Discord: [Treten Sie unserem Discord bei](https://discord.gg/CpyVmspx5x)
Für eine detaillierte Dokumentation besuchen Sie bitte unsere [Offizielle Dokumentation](https://opennhp.org).
## Referenzen
- [Software-Defined Perimeter (SDP) Specification v2.0](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2). Jason Garbis, Juanita Koilpillai, Junaid lslam, Bob Flores, Daniel Bailey, Benfeng Chen, Eitan Bremler, Michael Roza, Ahmed Refaey Hussein. [*Cloud Security Alliance (CSA)*](https://cloudsecurityalliance.org/). März 2022.
- [AHAC: Fortschrittliches Netzwerk-Verbergung-Zugriffskontroll-Framework](https://www.mdpi.com/2076-3417/14/13/5593). Mudi Xu, Benfeng Chen, Zhizhong Tan, Shan Chen, Lei Wang, Yan Liu, Tai Io San, Sou Wang Fong, Wenyong Wang und Jing Feng. *Zeitschrift für Angewandte Wissenschaften*. Juni 2024.
- [STALE: Ein skalierbares und sicheres grenzüberschreitendes Authentifizierungssystem, das E-Mail und ECDH-Schlüsselaustausch nutzt](https://www.mdpi.com/2079-9292/14/12/2399) Jiexin Zheng, Mudi Xu, Jianqing Li, Benfeng Chen, Zhizhong Tan, Anyu Wang, Shuo Zhang, Yan Liu, Kevin Qi Zhang, Lirong Zheng, Wenyong Wang. *Elektronik*. Juni 2025
- [DRL-AMIR: Intelligent Flow Scheduling für Software-Defined Zero Trust Networks](https://www.techscience.com/cmc/v84n2/62920). Wenlong Ke, Zilong Li, Peiyu Chen, Benfeng Chen, Jinglin Lv, Qiang Wang, Ziyi Jia und Shigen Shen. *CMC*. Juli 2025.
- [auf tiefe zu lernen NHP netzwerke den kontrolle zu](https://www.nature.com/articles/s41598-025-31556-3). Qinglin Huang, Zhizhong Tan, Qiang Wang, Ziyi Jia und Benfeng Chen. *Wissenschaftliche Berichte der Zeitschrift Nature* dezember 2025.
- Noise Protocol Framework. https://noiseprotocol.org/
- Vulnerability Management Framework-Projekt. https://phoenix.security/web-vuln-management/
---
🌟 Vielen Dank für Ihr Interesse an OpenNHP! Wir freuen uns auf Ihre Beiträge und Ihr Feedback.
================================================
FILE: README.es.md
================================================
[](https://github.com/OpenNHP/opennhp/blob/master/README.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.zh-cn.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.de.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.ja.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.fr.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.es.md)
# OpenNHP: Protocolo de Ocultación de Infraestructura de Red Zero Trust
Un protocolo de red de confianza cero impulsado por criptografía en la capa 5 del modelo OSI para ocultar su servidor y sus datos de los atacantes.
---
## Desafío: La IA transforma Internet en un "Bosque Oscuro"
El rápido avance de las tecnologías de **IA**, especialmente los grandes modelos de lenguaje (LLM), está transformando significativamente el panorama de la ciberseguridad. El surgimiento de la **Explotación Autónoma de Vulnerabilidades (AVE)** representa un gran avance en la era de la IA, al automatizar la explotación de vulnerabilidades, como se muestra en [este artículo de investigación](https://arxiv.org/abs/2404.08144). Este desarrollo aumenta significativamente el riesgo para todos los servicios de red expuestos, evocando la [Hipótesis del Bosque Oscuro](https://es.wikipedia.org/wiki/Hip%C3%B3tesis_del_bosque_oscuro) en Internet. Las herramientas impulsadas por IA escanean continuamente el entorno digital, identifican rápidamente las debilidades y las explotan. Como resultado, Internet está evolucionando hacia un **"bosque oscuro"** donde **la visibilidad equivale a vulnerabilidad**.
La investigación de Gartner pronostica un [rápido aumento de los ciberataques impulsados por IA](https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025). Este cambio de paradigma requiere una reevaluación de las estrategias tradicionales de ciberseguridad, con un enfoque en defensas proactivas, mecanismos de respuesta rápida y la adopción de tecnologías de ocultación de red para proteger la infraestructura crítica.
---
## Demostración rápida: Ver OpenNHP en acción
Antes de profundizar en los detalles de OpenNHP, comencemos con una breve demostración de cómo OpenNHP protege un servidor del acceso no autorizado. Puede verlo en acción accediendo al servidor protegido en https://acdemo.opennhp.org.
### 1) El servidor protegido es "invisible" para los usuarios no autenticados
Por defecto, cualquier intento de conectar con el servidor protegido resultará en un error TIME OUT, ya que todos los puertos están cerrados, haciendo que el servidor parezca *"invisible"* y efectivamente fuera de línea.
El escaneo de puertos del servidor también devolverá un error TIME OUT.
### 2) Después de la autenticación, el servidor protegido se vuelve accesible
OpenNHP admite una variedad de métodos de autenticación, como OAuth, SAML, códigos QR, y más. Para esta demostración, utilizamos un servicio de autenticación básica de nombre de usuario/contraseña en https://demologin.opennhp.org.
Una vez que haga clic en el botón "Login", la autenticación se completará con éxito y será redirigido al servidor protegido. En ese momento, el servidor se vuelve *"visible"* y accesible en su dispositivo.
---
## Visín: Hacer de Internet un lugar confiable
La apertura de los protocolos TCP/IP ha impulsado el crecimiento explosivo de las aplicaciones de Internet, pero también ha expuesto vulnerabilidades, permitiendo que actores malintencionados obtengan acceso no autorizado y exploten cualquier dirección IP expuesta. Aunque el [modelo de red OSI](https://es.wikipedia.org/wiki/Modelo_OSI) define la *capa 5 (capa de sesión)* para la gestión de conexiones, pocas soluciones efectivas se han implementado para abordar este problema.
**NHP**, o el **"Protocolo de Ocultación de la Infraestructura de Red"**, es un protocolo de red ligero y basado en criptografía Zero Trust, diseñado para funcionar en la *capa de sesión OSI*, óptimo para gestionar la visibilidad y las conexiones de la red. El objetivo principal de NHP es ocultar los recursos protegidos de entidades no autorizadas, otorgando acceso solo a los usuarios verificados y autorizados mediante una verificación continua, contribuyendo así a un Internet más confiable.
---
## Solución: OpenNHP restablece el control de la visibilidad de la red
**OpenNHP** es la implementación de código abierto del protocolo NHP. Está impulsado por criptografía y diseñado con principios de seguridad en primer lugar, implementando una verdadera arquitectura de confianza cero en la *capa de sesión OSI*.
OpenNHP se basa en investigaciones anteriores sobre tecnología de ocultación de redes, utilizando un marco criptográfico moderno y una arquitectura que garantiza seguridad y alto rendimiento, superando las limitaciones de tecnologías anteriores.
| Protocolo de Ocultación de Infraestructura de Red | 1ª Generación | 2ª Generación | 3ª Generación |
|:---|:---|:---|:---|
| **Tecnología Clave** | [Port Knocking](https://es.wikipedia.org/wiki/Port_knocking) | [Single Packet Authorization (SPA)](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2) | Protocolo de Ocultación de Infraestructura de Red (NHP) |
| **Autenticación** | Secuencias de puertos | Secretos compartidos | Marco Criptográfico Moderno |
| **Arquitectura** | Sin plano de control | Sin plano de control | Plano de control escalable |
| **Capacidad** | Ocultar puertos | Ocultar puertos | Ocultar puertos, IPs y dominios |
| **Control de Acceso** | Nivel IP | Nivel de Puertos | Nivel de Aplicación |
| **Proyectos de Código Abierto** | [knock](https://github.com/jvinet/knock) *(C)* | [fwknop](https://github.com/mrash/fwknop) *(C++)* | [OpenNHP](https://github.com/OpenNHP/opennhp) *(Go)* |
> Es crucial elegir un lenguaje **seguro para la memoria** como *Go* para el desarrollo de OpenNHP, como se destaca en el [informe técnico del gobierno de los EE.UU.](https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf). Para una comparación detallada entre **SPA y NHP**, consulte la [sección a continuación](#comparison-between-spa-and-nhp).
## Beneficios de Seguridad
Dado que OpenNHP implementa los principios de confianza cero en la *capa de sesión OSI*, ofrece beneficios significativos:
- Reduce la superficie de ataque ocultando la infraestructura
- Evita el reconocimiento no autorizado de la red
- Mitiga la explotación de vulnerabilidades
- Previene ataques de phishing mediante DNS cifrado
- Protege contra ataques DDoS
- Permite el control de acceso granular
- Proporciona seguimiento de conexiones basado en identidad
- Atribución de ataques
## Arquitectura
La arquitectura de OpenNHP se inspira en el [estándar de Arquitectura de Confianza Cero del NIST](https://www.nist.gov/publications/zero-trust-architecture). Sigue un diseño modular con los tres componentes principales: **NHP-Server**, **NHP-AC** y **NHP-Agent**, como se ilustra en el siguiente diagrama.
> Consulte la [documentación de OpenNHP](https://docs.opennhp.org/) para obtener información detallada sobre la arquitectura y el flujo de trabajo.
## Centro: Algoritmos Criptográficos
La criptografía es el centro de OpenNHP, proporcionando seguridad robusta, un excelente rendimiento y escalabilidad mediante el uso de algoritmos criptográficos de vanguardia. A continuación se muestran los principales algoritmos y marcos criptográficos utilizados por OpenNHP:
- **[Criptografía de Curva Elíptica (ECC)](https://es.wikipedia.org/wiki/Criptograf%C3%ADa_de_curva_el%C3%ADptica)**: Utilizada para criptografía asimétrica eficiente.
> En comparación con RSA, ECC ofrece una mayor eficiencia con una encriptación más fuerte en longitudes de clave más cortas, mejorando tanto la transmisión en la red como el rendimiento computacional. La tabla a continuación muestra las diferencias en la fortaleza de la seguridad, las longitudes de clave y la proporción de longitud de clave entre RSA y ECC, junto con sus respectivos períodos de validez.
| Fortaleza de Seguridad (bits) | Longitud de Clave DSA/RSA (bits) | Longitud de Clave ECC (bits) | Relación: ECC vs. DSA/RSA | Validez |
|:----------------------------:|:-------------------------------:|:---------------------------:|:--------------------------:|:-------:|
| 80 | 1024 | 160-223 | 1:6 | Hasta 2010 |
| 112 | 2048 | 224-255 | 1:9 | Hasta 2030 |
| 128 | 3072 | 256-383 | 1:12 | Después de 2031 |
| 192 | 7680 | 384-511 | 1:20 | |
| 256 | 15360 | 512+ | 1:30 | |
- **[Marco de Protocolo Noise](https://noiseprotocol.org/)**: Permite el intercambio seguro de claves, el cifrado/descifrado de mensajes y la autenticación mutua.
> El Protocolo Noise se basa en el [acuerdo de clave Diffie-Hellman](https://es.wikipedia.org/wiki/Intercambio_de_claves_Diffie-Hellman) y proporciona soluciones criptográficas modernas como la autenticación mutua y opcional, el ocultamiento de identidad, la confidencialidad directa y el cifrado de ida y vuelta. Probado por su seguridad y rendimiento, ya es utilizado por aplicaciones populares como [WhatsApp](https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf), [Slack](https://github.com/slackhq/nebula) y [WireGuard](https://www.wireguard.com/).
- **[Criptografía Basada en Identidad (IBC)](https://es.wikipedia.org/wiki/Criptograf%C3%ADa_basada_en_la_identidad)**: Simplifica la distribución de claves a escala.
> Una distribución eficiente de claves es esencial para implementar Zero Trust. OpenNHP admite tanto PKI como IBC. Mientras que PKI se ha utilizado ampliamente durante décadas, depende de Autoridades Certificadoras (CA) centralizadas para la verificación de identidad y la gestión de claves, lo que puede ser costoso y llevar tiempo. En contraste, IBC permite un enfoque descentralizado y autogestionado para la verificación de identidad y la gestión de claves, haciéndolo más rentable para el entorno Zero Trust de OpenNHP, donde miles de millones de dispositivos o servidores pueden necesitar protección e integración en tiempo real.
- **[Criptografía sin Certificados (CL-PKC)](https://es.wikipedia.org/wiki/Criptograf%C3%ADa_sin_certificado)**: Algoritmo IBC recomendado
> CL-PKC es un esquema que mejora la seguridad al evitar la custodia de claves y abordar las limitaciones de la Criptografía Basada en Identidad (IBC). En la mayoría de los sistemas IBC, la clave privada de un usuario es generada por un Centro de Generación de Claves (KGC), lo cual conlleva riesgos significativos. Un KGC comprometido puede llevar a la exposición de todas las claves privadas de los usuarios, requiriendo plena confianza en el KGC. CL-PKC mitiga este problema dividiendo el proceso de generación de claves, de modo que el KGC solo tiene conocimiento de una clave privada parcial. Como resultado, CL-PKC combina las fortalezas de PKI e IBC, ofreciendo una mayor seguridad sin los inconvenientes de la gestión centralizada de claves.
Lectura adicional:
> Consulte la [documentación de OpenNHP](https://docs.opennhp.org/cryptography/) para una explicación detallada de los algoritmos criptográficos utilizados en OpenNHP.
## Características Clave
- Mitiga la explotación de vulnerabilidades mediante la aplicación de reglas "denegar todo" por defecto
- Previene ataques de phishing mediante la resolución DNS cifrada
- Protege contra ataques DDoS ocultando la infraestructura
- Permite la atribución de ataques mediante conexiones basadas en identidad
- Control de acceso predeterminado para todos los recursos protegidos
- Autenticación basada en identidad y dispositivos antes del acceso a la red
- Resolución DNS cifrada para prevenir secuestro de DNS
- Infraestructura distribuida para mitigar ataques DDoS
- Arquitectura escalable con componentes desacoplados
- Integración con sistemas de gestión de identidades y accesos existentes
- Compatible con varios modelos de despliegue (cliente a puerta de enlace, cliente a servidor, etc.)
- Seguridad criptográfica con algoritmos modernos (ECC, Noise Protocol, IBC)
<details>
<summary>Haga clic para expandir los detalles de las características</summary>
- **Control de acceso predeterminado**: Todos los recursos están ocultos por defecto, solo siendo accesibles tras la autenticación y autorización.
- **Autenticación basada en identidad y dispositivos**: Garantiza que solo los usuarios conocidos en dispositivos aprobados puedan acceder.
- **Resolución DNS cifrada**: Evita el secuestro de DNS y los ataques de phishing asociados.
- **Mitigación de DDoS**: El diseño de infraestructura distribuida ayuda a proteger contra los ataques de denegación de servicio distribuidos.
- **Arquitectura escalable**: Los componentes desacoplados permiten un despliegue y escalado flexibles.
- **Integración IAM**: Funciona con sus sistemas de gestión de identidades y accesos existentes.
- **Despliegue flexible**: Compatible con varios modelos, incluido cliente a puerta de enlace, cliente a servidor y más.
- **Criptografía robusta**: Utiliza algoritmos modernos como ECC, Noise Protocol e IBC para una seguridad robusta.
</details>
## Despliegue
OpenNHP admite varios modelos de despliegue para adaptarse a diferentes casos de uso:
- Cliente a puerta de enlace: Asegura el acceso a varios servidores detrás de una puerta de enlace
- Cliente a servidor: Asegura directamente servidores/aplicaciones individuales
- Servidor a servidor: Asegura la comunicación entre servicios backend
- Puerta de enlace a puerta de enlace: Asegura conexiones entre sitios
> Consulte la [documentación de OpenNHP](https://docs.opennhp.org/deploy/) para obtener instrucciones detalladas de despliegue.
## Comparación entre SPA y NHP
El protocolo Single Packet Authorization (SPA) está incluido en la [especificación del Perímetro Definido por Software (SDP)](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2) publicada por la [Cloud Security Alliance (CSA)](https://cloudsecurityalliance.org/). NHP mejora la seguridad, la fiabilidad, la escalabilidad y la extensibilidad mediante un marco criptográfico moderno y una arquitectura moderna, como se demuestra en el [artículo de investigación AHAC](https://www.mdpi.com/2076-3417/14/13/5593).
| - | SPA | NHP | Ventajas de NHP |
|:---|:---|:---|:---|
| **Arquitectura** | El componente de descifrado de paquetes SPA y autenticación de usuario/dispositivo está acoplado con el componente de control de acceso a la red en el servidor SPA. | NHP-Server (el componente de descifrado de paquetes y autenticación de usuario/dispositivo) y NHP-AC (el componente de control de acceso) están desacoplados. NHP-Server se puede desplegar en hosts separados y admite la escalabilidad horizontal. | <ul><li>Rendimiento: el componente que consume muchos recursos, NHP-server, está separado del servidor protegido.</li><li>Escalabilidad: NHP-server se puede desplegar en modo distribuido o clúster.</li><li>Seguridad: la dirección IP del servidor protegido no es visible para el cliente a menos que la autenticación sea exitosa.</li></ul>|
| **Comunicación** | Dirección única | Bidireccional | Mejor fiabilidad con la notificación de estado del control de acceso |
| **Marco criptográfico** | Secretos compartidos | PKI o IBC, Marco Noise | <ul><li>Seguridad: mecanismo comprobado de intercambio de claves para mitigar las amenazas MITM</li><li>Bajo costo: distribución de claves eficiente para el modelo de confianza cero</li><li>Rendimiento: cifrado/descifrado de alto rendimiento</li></ul>|
| **Capacidad de Ocultación de Infraestructura de Red** | Solo puertos de servidor | Dominios, IPs y puertos | Más poderoso contra varios ataques (p. ej., vulnerabilidades, secuestro de DNS y ataques DDoS) |
| **Extensibilidad** | Ninguna, solo para SDP | Todo uso | Compatible con cualquier escenario que necesite oscurecimiento del servicio |
| **Interoperabilidad** | No disponible | Personalizable | NHP puede integrarse sin problemas con protocolos existentes (p. ej., DNS, FIDO, etc.) |
## Contribuir
¡Damos la bienvenida a las contribuciones a OpenNHP! Consulte nuestras [Directrices de Contribución](CONTRIBUTING.md) para obtener más información sobre cómo participar.
## Licencia
OpenNHP se publica bajo la [Licencia Apache 2.0](LICENSE).
## Contacto
- Sitio web del proyecto: [https://github.com/OpenNHP/opennhp](https://github.com/OpenNHP/opennhp)
- Correo electrónico: [opennhp@gmail.com](mailto:opennhp@gmail.com)
- Discord: [Únase a nuestro Discord](https://discord.gg/CpyVmspx5x)
Para obtener una documentación más detallada, visite nuestra [Documentación Oficial](https://opennhp.org).
## Referencias
- [Especificación del Perímetro Definido por Software (SDP) v2.0](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2). Jason Garbis, Juanita Koilpillai, Junaid lslam, Bob Flores, Daniel Bailey, Benfeng Chen, Eitan Bremler, Michael Roza, Ahmed Refaey Hussein. [*Cloud Security Alliance (CSA)*](https://cloudsecurityalliance.org/). Marzo 2022.
- [AHAC: Marco Avanzado de Control de Acceso Oculto en Red](https://www.mdpi.com/2076-3417/14/13/5593). Mudi Xu, Benfeng Chen, Zhizhong Tan, Shan Chen, Lei Wang, Yan Liu, Tai Io San, Sou Wang Fong, Wenyong Wang y Jing Feng. *Revista de Ciencias Aplicadas*. Junio 2024.
- [STALE: Un esquema de autenticación transfronteriza escalable y seguro aprovechando el correo electrónico y el intercambio de claves ECDH](https://www.mdpi.com/2079-9292/14/12/2399) Jiexin Zheng, Mudi Xu, Jianqing Li, Benfeng Chen, Zhizhong Tan, Anyu Wang, Shuo Zhang, Yan Liu, Kevin Qi Zhang, Lirong Zheng, Wenyong Wang. *electrónica*. Junio 2025.
- [DRL-AMIR: Programación de flujo inteligente para redes de confianza cero definidas por software](https://www.techscience.com/cmc/v84n2/62920). WenLong Ke, Zilong Li, Peiyu Chen, Benfeng Chen, Jinglin Lv, Qiang Wang, Ziyi Jia y Shigen Shen. *CMC* julio de 2025.
- [método de control de tráfico de red de NHP basado en aprendizaje de refuerzo profundo](https://www.nature.com/articles/s41598-025-31556-3). Qinglin Huang, Zhizhong Tan, Qiang Wang, Ziyi Jia y Benfeng Chen.*Informes científicos de la revista Nature* diciembre de 2025.
- Noise Protocol Framework. https://noiseprotocol.org/
- Proyecto de Marco de Gestión de Vulnerabilidades. https://phoenix.security/web-vuln-management/
---
🌟 ¡Gracias por su interés en OpenNHP! Esperamos sus contribuciones y comentarios.
================================================
FILE: README.fr.md
================================================
[](https://github.com/OpenNHP/opennhp/blob/master/README.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.zh-cn.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.de.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.ja.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.fr.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.es.md)
# OpenNHP : Protocole de Masquage de l'Infrastructure Réseau en Zéro Confiance
Un protocole réseau de zéro confiance, basé sur la cryptographie, au niveau 5 du modèle OSI, permettant de cacher votre serveur et vos données des attaquants.
---
## Défi : L'IA transforme Internet en une "Forêt Sombre"
L'avancement rapide des technologies d'**IA**, en particulier les grands modèles de langage (LLM), transforme de manière significative le paysage de la cybersécurité. L'émergence de l'**exploitation autonome des vulnérabilités (AVE)** représente un bond majeur dans l'ère de l'IA, automatisant l'exploitation des vulnérabilités, comme le montre [cet article de recherche](https://arxiv.org/abs/2404.08144). Ce développement augmente de manière significative le risque pour tous les services réseau exposés, évoquant l'hypothèse de la [forêt sombre](https://fr.wikipedia.org/wiki/For%C3%AAt_sombre) sur Internet. Les outils pilotés par l'IA scannent continuellement l'environnement numérique, identifiant rapidement les faiblesses et les exploitant. Ainsi, Internet devient une **"forêt sombre"** où **la visibilité équivaut à la vulnérabilité**.
Selon les recherches de Gartner, les [cyberattaques pilotées par l'IA vont augmenter rapidement](https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025). Ce paradigme en évolution impose une réévaluation des stratégies de cybersécurité traditionnelles, avec un accent sur les défenses proactives, des mécanismes de réponse rapide, et l'adoption de technologies de masquage réseau pour protéger les infrastructures critiques.
---
## Démo rapide : Voir OpenNHP en action
Avant de plonger dans les détails d'OpenNHP, commençons par une démonstration rapide de la façon dont OpenNHP protège un serveur contre les accès non autorisés. Vous pouvez le voir en action en accédant au serveur protégé à l'adresse suivante : https://acdemo.opennhp.org.
### 1) Le serveur protégé est "invisible" aux utilisateurs non authentifiés
Par défaut, toute tentative de connexion au serveur protégé résultera en une erreur de TYPE OUT, car tous les ports sont fermés, rendant le serveur *"invisible"* et apparemment hors ligne.
Le scan des ports du serveur retournera également une erreur de TYPE OUT.
### 2) Après authentification, le serveur protégé devient accessible
OpenNHP supporte une variété de méthodes d'authentification, telles que OAuth, SAML, QR codes, et plus encore. Pour cette démonstration, nous utilisons un service d'authentification basé sur un nom d'utilisateur/mot de passe simple à l'adresse https://demologin.opennhp.org.
Une fois que vous cliquez sur le bouton "Login", l'authentification est réussie, et vous êtes redirigé vers le serveur protégé. Le serveur devient alors *"visible"* et accessible sur votre appareil.
---
## Vision : Faire d'Internet un espace de confiance
L'ouverture des protocoles TCP/IP a stimulé la croissance des applications Internet, mais a aussi exposé des vulnérabilités, permettant aux acteurs malveillants d'accéder de manière non autorisée à toute adresse IP exposée. Bien que le [modèle réseau OSI](https://fr.wikipedia.org/wiki/Mod%C3%A8le_OSI) définisse la *couche 5 (couche session)* pour la gestion des connexions, peu de solutions efficaces ont été mises en place à cet égard.
**NHP**, ou **"Protocole de Masquage de l'Infrastructure Réseau"**, est un protocole réseau de zéro confiance, basé sur la cryptographie, conçu pour fonctionner au *niveau de la couche session OSI*, idéal pour gérer la visibilité réseau et les connexions. L'objectif principal de NHP est de dissimuler les ressources protégées des entités non autorisées, accordant l'accès uniquement aux utilisateurs vérifiés et autorisés par une vérification continue, contribuant ainsi à un Internet plus digne de confiance.
---
## Solution : OpenNHP rétablit le contrôle de la visibilité réseau
**OpenNHP** est l'implémentation open source du protocole NHP. Il est basé sur la cryptographie et conçu avec des principes de sécurité en priorité, implémentant une véritable architecture de zéro confiance au *niveau de la couche session OSI*.
OpenNHP s'appuie sur des recherches antérieures sur la technologie de masquage réseau, en utilisant des cadres et une architecture modernes de cryptographie pour garantir la sécurité et des performances élevées, surmontant ainsi les limitations des technologies précédentes.
| Protocole de Masquage de l'Infrastructure | 1ère Génération | 2ème Génération | 3ème Génération |
|:---|:---|:---|:---|
| **Technologie Clé** | [Port Knocking](https://fr.wikipedia.org/wiki/Port_knocking) | [Autorisation par Paquet Unique (SPA)](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2) | Protocole de Masquage de l'Infrastructure Réseau (NHP) |
| **Authentification** | Séquences de ports | Secrets partagés | Cadre cryptographique moderne |
| **Architecture** | Pas de plan de contrôle | Pas de plan de contrôle | Plan de contrôle scalable |
| **Capacité** | Masquer les ports | Masquer les ports | Masquer les ports, IPs et domaines |
| **Contrôle d'Accès** | Niveau IP | Niveau Port | Niveau Application |
| **Projets Open Source** | [knock](https://github.com/jvinet/knock) *(C)* | [fwknop](https://github.com/mrash/fwknop) *(C++)* | [OpenNHP](https://github.com/OpenNHP/opennhp) *(Go)* |
> Il est crucial de choisir un langage **sûr pour la mémoire** comme *Go* pour le développement d'OpenNHP, comme le souligne le [rapport technique du gouvernement des États-Unis](https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf). Pour une comparaison détaillée entre **SPA et NHP**, référez-vous à la [section ci-dessous](#comparison-between-spa-and-nhp).
## Bénéfices en matière de sécurité
Puisqu'OpenNHP implémente les principes de zéro confiance au *niveau de la couche session OSI*, il offre des avantages significatifs :
- Réduit la surface d'attaque en cachant l'infrastructure
- Empêche la reconnaissance réseau non autorisée
- Atténue l'exploitation des vulnérabilités
- Empêche le phishing via DNS chiffré
- Protège contre les attaques DDoS
- Permet un contrôle d'accès granulaire
- Fournit un suivi des connexions basé sur l'identité
- Attribution des attaques
## Architecture
L'architecture d'OpenNHP s'inspire de la [norme d'architecture Zero Trust du NIST](https://www.nist.gov/publications/zero-trust-architecture). Elle suit une conception modulaire avec trois composants principaux : **NHP-Server**, **NHP-AC** et **NHP-Agent**, comme illustré dans le diagramme ci-dessous.
> Veuillez consulter la [documentation d'OpenNHP](https://docs.opennhp.org/) pour des informations détaillées sur l'architecture et le flux de travail.
## Cœur : Algorithmes Cryptographiques
La cryptographie est au cœur d'OpenNHP, fournissant une sécurité robuste, d'excellentes performances et une bonne évolutivité en utilisant des algorithmes cryptographiques de pointe. Voici les principaux algorithmes et cadres cryptographiques employés par OpenNHP :
- **[Cryptographie à Courbes Elliptiques (ECC)](https://fr.wikipedia.org/wiki/Cryptographie_sur_courbe_elliptique)** : Utilisée pour la cryptographie asymétrique efficace.
> Comparée à RSA, l'ECC offre une efficacité supérieure avec un chiffrement plus fort à des longueurs de clé plus courtes, améliorant la transmission réseau et les performances de calcul. Le tableau ci-dessous montre les différences de force de sécurité, de longueurs de clé et du ratio entre RSA et ECC, ainsi que leurs périodes de validité respectives.
| Force de Sécurité (bits) | Longueur de Clé DSA/RSA (bits) | Longueur de Clé ECC (bits) | Ratio : ECC vs DSA/RSA | Validité |
|:--------------------------:|:------------------------------:|:--------------------------:|:-----------------------:|:---------:|
| 80 | 1024 | 160-223 | 1:6 | Jusqu'en 2010 |
| 112 | 2048 | 224-255 | 1:9 | Jusqu'en 2030 |
| 128 | 3072 | 256-383 | 1:12 | Après 2031 |
| 192 | 7680 | 384-511 | 1:20 | |
| 256 | 15360 | 512+ | 1:30 | |
- **[Cadre de Protocole Noise](https://noiseprotocol.org/)** : Permet l'échange de clés sécurisé, le chiffrement/déchiffrement des messages, et l'authentification mutuelle.
> Le protocole Noise est basé sur l'[accord de clé Diffie-Hellman](https://fr.wikipedia.org/wiki/%C3%89change_de_cl%C3%A9_Diffie-Hellman) et offre des solutions cryptographiques modernes telles que l'authentification mutuelle et optionnelle, le masquage de l'identité, la sécurité persistante, et le chiffrement à tour de passezà-tour de zéro. Déjà prouvé pour sa sécurité et ses performances, il est utilisé par des applications populaires comme [WhatsApp](https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf), [Slack](https://github.com/slackhq/nebula), et [WireGuard](https://www.wireguard.com/).
- **[Cryptographie basée sur l'Identité (IBC)](https://fr.wikipedia.org/wiki/Cryptographie_bas%C3%A9e_sur_l%27identit%C3%A9)** : Simplifie la distribution des clés à grande échelle.
> Une distribution efficace des clés est essentielle pour implémenter le Zéro Confiance. OpenNHP prend en charge à la fois PKI et IBC. Alors que PKI est utilisée depuis des décennies, elle dépend de Certificats d'Autorité centralisés (CA) pour la vérification de l'identité et la gestion des clés, ce qui peut être long et coûteux. En revanche, l'IBC permet une approche décentralisée et autonome de la vérification de l'identité et de la gestion des clés, la rendant plus rentable pour l'environnement Zero Trust d'OpenNHP, où des milliards d'appareils ou de serveurs peuvent avoir besoin de protection et d'intégration en temps réel.
- **[Cryptographie à Clé Publique sans Certificat (CL-PKC)](https://fr.wikipedia.org/wiki/Cryptographie_sans_certificat)** : Algorithme IBC recommandé
> CL-PKC est un schéma qui améliore la sécurité en évitant la garde des clés et en répondant aux limites de la cryptographie basée sur l'identité (IBC). Dans la plupart des systèmes IBC, la clé privée d'un utilisateur est générée par un Centre de Génération de Clés (KGC), ce qui introduit des risques importants. Un KGC compromis peut entraîner l'exposition des clés privées de tous les utilisateurs, nécessitant une confiance totale dans le KGC. CL-PKC atténue ce problème en divisant le processus de génération de clés, de sorte que le KGC n'a connaissance que d'une clé privée partielle. En conséquence, CL-PKC combine les forces du PKI et de l'IBC, offrant une sécurité renforcée sans les inconvénients de la gestion centralisée des clés.
Pour en savoir plus :
> Veuillez consulter la [documentation OpenNHP](https://docs.opennhp.org/cryptography/) pour une explication détaillée des algorithmes cryptographiques utilisés dans OpenNHP.
## Principales Fonctionnalités
- Atténue l'exploitation des vulnérabilités en appliquant par défaut des règles "deny-all"
- Empêche les attaques de phishing via la résolution DNS chiffrée
- Protège contre les attaques DDoS en cachant l'infrastructure
- Permet l'attribution des attaques via des connexions basées sur l'identité
- Contrôle d'accès par défaut pour toutes les ressources protégées
- Authentification basée sur l'identité et les appareils avant l'accès au réseau
- Résolution DNS chiffrée pour empêcher le piratage DNS
- Infrastructure distribuée pour atténuer les attaques DDoS
- Architecture évolutive avec des composants découplés
- Intégration avec les systèmes existants de gestion des identités et des accès
- Prend en charge divers modèles de déploiement (client-à-passerelle, client-à-serveur, etc.)
- Sécurité cryptographique avec des algorithmes modernes (ECC, Noise Protocol, IBC)
<details>
<summary>Cliquez pour développer les détails des fonctionnalités</summary>
- **Contrôle d'accès par défaut** : Toutes les ressources sont cachées par défaut, ne devenant accessibles qu'après authentification et autorisation.
- **Authentification basée sur l'identité et les appareils** : Garantit que seuls les utilisateurs connus sur des appareils approuvés peuvent accéder.
- **Résolution DNS chiffrée** : Empêche le piratage DNS et les attaques de phishing associées.
- **Atténuation des DDoS** : Conception d'infrastructure distribuée aide à protéger contre les attaques par DDoS.
- **Architecture évolutive** : Les composants découplés permettent un déploiement et une évolution flexibles.
- **Intégration IAM** : Fonctionne avec vos systèmes de gestion des identités et des accès.
- **Déploiement flexible** : Prend en charge divers modèles, y compris client-à-passerelle, client-à-serveur, et plus encore.
- **Cryptographie forte** : Utilise des algorithmes modernes comme ECC, Noise Protocol, et IBC pour une sécurité robuste.
</details>
## Déploiement
OpenNHP prend en charge plusieurs modèles de déploiement pour répondre à différents cas d'utilisation :
- Client-à-Passerelle : Sécurise l'accès à plusieurs serveurs derrière une passerelle
- Client-à-Serveur : Sécurise directement des serveurs/applications individuels
- Serveur-à-Serveur : Sécurise la communication entre les services backend
- Passerelle-à-Passerelle : Sécurise les connexions site-à-site
> Veuillez consulter la [documentation OpenNHP](https://docs.opennhp.org/deploy/) pour des instructions de déploiement détaillées.
## Comparaison entre SPA et NHP
Le protocole d'Autorisation par Paquet Unique (SPA) est inclus dans la [spécification du Périmètre Défini par Logiciel (SDP)](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2) publiée par l'[Alliance pour la Sécurité Cloud (CSA)](https://cloudsecurityalliance.org/). NHP améliore la sécurité, la fiabilité, la scalabilité et l'extensibilité grâce à un cadre et une architecture de cryptographie modernes, comme démontré dans l'article de recherche [AHAC](https://www.mdpi.com/2076-3417/14/13/5593).
| - | SPA | NHP | Avantages de NHP |
|:---|:---|:---|:---|
| **Architecture** | Le déchiffrement du paquet SPA et le composant d'authentification de l'utilisateur/appareil sont couplés au composant de contrôle d'accès réseau dans le serveur SPA. | NHP-Server (le composant de déchiffrement de paquet et d'authentification utilisateur/appareil) et NHP-AC (le composant de contrôle d'accès) sont découplés. NHP-Server peut être déployé sur des hôtes distincts et prend en charge la mise à l'échelle horizontale. | <ul><li>Performance : le composant gourmand en ressources NHP-server est séparé du serveur protégé.</li><li>Scalabilité : NHP-server peut être déployé en mode distribué ou en cluster.</li><li>Sécurité : l'adresse IP du serveur protégé n'est pas visible par le client tant que l'authentification n'a pas réussi.</li></ul>|
| **Communication** | Simple direction | Bidirectionnelle | Meilleure fiabilité avec la notification d'état du contrôle d'accès |
| **Cadre cryptographique** | Secrets partagés | PKI ou IBC, Cadre Noise | <ul><li>Sécurité : mécanisme éprouvé d'échange de clés pour atténuer les menaces MITM</li><li>Coût faible : distribution efficace des clés pour le modèle de zéro confiance</li><li>Performance : chiffrement/déchiffrement haute performance</li></ul>|
| **Capacité de Masquage de l'Infrastructure Réseau** | Uniquement les ports de serveur | Domaines, IP et ports | Plus puissant contre diverses attaques (e.g., vulnérabilités, piratage DNS, et attaques DDoS) |
| **Extensibilité** | Aucune, uniquement pour SDP | Tout usage | Prise en charge de tout scénario nécessitant un obscurcissement de service |
| **Interopérabilité** | Non disponible | Personnalisable | NHP peut s'intégrer de manière transparente avec les protocoles existants (e.g., DNS, FIDO, etc.) |
## Contribuer
Nous accueillons avec plaisir les contributions à OpenNHP ! Veuillez consulter nos [lignes directrices de contribution](CONTRIBUTING.md) pour plus d'informations sur la manière de participer.
## Licence
OpenNHP est publié sous la [licence Apache 2.0](LICENSE).
## Contact
- Site Web du Projet : [https://github.com/OpenNHP/opennhp](https://github.com/OpenNHP/opennhp)
- E-mail : [opennhp@gmail.com](mailto:opennhp@gmail.com)
- Discord : [Rejoignez notre Discord](https://discord.gg/CpyVmspx5x)
Pour plus de documentation détaillée, veuillez visiter notre [Documentation Officielle](https://opennhp.org).
## Références
- [Spécification du Périmètre Défini par Logiciel (SDP) v2.0](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2). Jason Garbis, Juanita Koilpillai, Junaid lslam, Bob Flores, Daniel Bailey, Benfeng Chen, Eitan Bremler, Michael Roza, Ahmed Refaey Hussein. [*Cloud Security Alliance (CSA)*](https://cloudsecurityalliance.org/). Mar 2022.
- [AHAC : Cadre Avancé de Contrôle d'Accès Caché au Réseau](https://www.mdpi.com/2076-3417/14/13/5593). Mudi Xu, Benfeng Chen, Zhizhong Tan, Shan Chen, Lei Wang, Yan Liu, Tai Io San, Sou Wang Fong, Wenyong Wang, et Jing Feng. *Journal des Sciences Appliquées*. Juin 2024.
- [STALE : Un schéma d'authentification transfrontalière évolutif et sécurisé tirant parti du courrier électronique et de l'échange de clés ECDH](https://www.mdpi.com/2079-9292/14/12/2399) Jiexin Zheng, Mudi Xu, Jianqing Li, Benfeng Chen, Zhizhong Tan, Anyu Wang, Shuo Zhang, Yan Liu, Kevin Qi Zhang, Lirong Zheng, et Wenyong Wang. *électronique*. Juin 2025.
- [DRL-AMIR : Planification intelligente des flux pour les réseaux de confiance zéro définis par logiciel](https://www.techscience.com/cmc/v84n2/62920) WenLong Ke, Zilong Li, Peiyu Chen, Benfeng Chen, Jinglin Lv, Qiang Wang, Ziyi Jia et Shigen Shen. *CMC*. Juillet 2025.
[méthode de contrôle du trafic réseau de NHP basée sur l’apprentissage par renforcement profond](https://www.nature.com/articles/s41598-025-31556-3). Qinglin Huang, Zhizhong Tan, Qiang Wang, Ziyi Jia et Benfeng Chen. *rapports scientifiques par Nature* décembre 2025.
- Noise Protocol Framework. https://noiseprotocol.org/
- Projet de Cadre de Gestion des Vulnérabilités. https://phoenix.security/web-vuln-management/
---
🌟 Merci pour votre intérêt dans OpenNHP ! Nous attendons vos contributions et vos commentaires avec impatience.
================================================
FILE: README.ja.md
================================================
[](https://github.com/OpenNHP/opennhp/blob/master/README.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.zh-cn.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.de.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.ja.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.fr.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.es.md)
# OpenNHP: ゼロトラストネットワークインフラストラクチャ隠蔽プロトコル
攻撃者からサーバーとデータを隠すためのOSI第5層に位置する、軽量の暗号化駆動型ゼロトラストネットワークプロトコルです。
---
## セキュリティの利点
OpenNHPは*OSIセッション層*でゼロトラストの原則を実装しているため、次のような大きな利点があります。
- インフラの隠蔽による攻撃面の削減
- 不正なネットワーク偵察の防止
- 脆弱性の悪用を防ぐ
- 暗号化されたDNSによるフィッシング防止
- DDoS攻撃に対する防御
- 細粒度のアクセス制御を実現
- アイデンティティベースの接続追跡
- 攻撃の帰属
## アーキテクチャ
OpenNHPのアーキテクチャは[NISTゼロトラストアーキテクチャ標準](https://www.nist.gov/publications/zero-trust-architecture)に触発されています。以下の図に示すように、3つの主要なコンポーネント(**NHP-Server**、**NHP-AC**、**NHP-Agent**)を持つモジュール設計に従います。
> アーキテクチャとワークフローの詳細については、[OpenNHPドキュメント](https://docs.opennhp.org/)を参照してください。
## コア: 暗号化アルゴリズム
暗号化はOpenNHPの中心にあり、強力なセキュリティ、高いパフォーマンス、およびスケーラビリティを提供するために最新の暗号化アルゴリズムを利用しています。以下は、OpenNHPで使用されている主要な暗号化アルゴリズムとフレームワークです。
- **[楕円曲線暗号(ECC)](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography)**:効率的な公開鍵暗号に使用されています。
> RSAと比較して、ECCは短い鍵長で強力な暗号化を提供し、ネットワーク伝送と計算パフォーマンスを向上させます。以下の表は、RSAとECCのセキュリティ強度、鍵長、および鍵長の比率の違いを示し、それぞれの有効期間を示しています。
| セキュリティ強度(ビット) | DSA/RSA鍵長(ビット) | ECC鍵長(ビット) | 比率:ECC対DSA/RSA | 有効期限 |
|:------------------------:|:-------------------------:|:---------------------:|:----------------------:|:--------:|
| 80 | 1024 | 160-223 | 1:6 | 2010年まで |
| 112 | 2048 | 224-255 | 1:9 | 2030年まで |
| 128 | 3072 | 256-383 | 1:12 | 2031年以降 |
| 192 | 7680 | 384-511 | 1:20 | |
| 256 | 15360 | 512+ | 1:30 | |
- **[ノイズプロトコルフレームワーク](https://noiseprotocol.org/)**:安全な鍵交換、メッセージの暗号化/復号化、および相互認証を可能にします。
> ノイズプロトコルは[ディフィー・ヘルマン鍵共有](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)に基づいており、相互およびオプションの認証、アイデンティティの隠蔽、前方秘匿性、ゼロラウンドトリップ暗号化などの最新の暗号化ソリューションを提供します。そのセキュリティとパフォーマンスは、[WhatsApp](https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf)、[Slack](https://github.com/slackhq/nebula)、および[WireGuard](https://www.wireguard.com/)などの人気アプリケーションで既に証明されています。
- **[アイデンティティベース暗号(IBC)](https://en.wikipedia.org/wiki/Identity-based_cryptography)**:大規模な鍵配布を簡素化します。
> 効率的な鍵配布は、ゼロトラストの実装に不可欠です。OpenNHPはPKIとIBCの両方をサポートしています。PKIは数十年にわたって広く使用されてきましたが、アイデンティティの確認と鍵管理に中央集権的な認証局(CA)に依存しており、時間とコストがかかることがあります。一方、IBCは、アイデンティティの確認と鍵管理を分散型で自己管理可能な方法で行うことができ、リアルタイムで何十億ものデバイスやサーバーを保護し、オンボーディングする必要があるOpenNHPのゼロトラスト環境において、よりコスト効率的です。
- **[証明書レス公開鍵暗号(CL-PKC)](https://en.wikipedia.org/wiki/Certificateless_cryptography)**:推奨されるIBCアルゴリズム
> CL-PKCは、鍵エスクローを回避し、アイデンティティベース暗号(IBC)の制限に対処することでセキュリティを強化するスキームです。ほとんどのIBCシステムでは、ユーザーの秘密鍵は鍵生成センター(KGC)によって生成され、これは重大なリスクをもたらします。KGCが侵害された場合、すべてのユーザーの秘密鍵が公開される可能性があり、KGCへの完全な信頼が必要です。CL-PKCは鍵生成プロセスを分割し、KGCは部分的な秘密鍵のみを知っているため、CL-PKCはPKIとIBCの両方の強みを組み合わせ、中央集権的な鍵管理の欠点なしに強力なセキュリティを提供します。
詳細について:
> OpenNHPで使用されている暗号化アルゴリズムの詳細な説明については、[OpenNHPドキュメント](https://docs.opennhp.org/cryptography/)を参照してください。
## 主な機能
- デフォルトで「すべて拒否」ルールを適用することにより、脆弱性の悪用を軽減
- 暗号化されたDNS解決を通じてフィッシング攻撃を防止
- インフラの隠蔽によるDDoS攻撃の防御
- アイデンティティベースの接続による攻撃の帰属
- 保護されたリソースに対するすべてのアクセスをデフォルトで拒否
- ネットワークアクセス前にアイデンティティおよびデバイスベースの認証
- DNSハイジャックを防止するための暗号化されたDNS解決
- DDoS攻撃を緩和するための分散インフラ
- 分離されたコンポーネントによるスケーラブルなアーキテクチャ
- 既存のアイデンティティおよびアクセス管理システムとの統合
- さまざまな展開モデルをサポート(クライアント対ゲートウェイ、クライアント対サーバーなど)
- 最新のアルゴリズム(ECC、ノイズプロトコル、IBC)を使用した暗号化によるセキュリティの確保
<details>
<summary>機能の詳細を表示</summary>
- **デフォルト拒否のアクセス制御**:すべてのリソースはデフォルトで隠蔽され、認証と認可が行われた後にのみアクセス可能になります。
- **アイデンティティおよびデバイスベースの認証**:既知のユーザーと承認されたデバイスのみがアクセス可能です。
- **暗号化されたDNS解決**:DNSハイジャックとそれに伴うフィッシング攻撃を防止します。
- **DDoS緩和**:分散型インフラ設計により、分散型サービス拒否攻撃を防御します。
- **スケーラブルなアーキテクチャ**:分離されたコンポーネントにより柔軟な展開とスケーリングが可能です。
- **IAM統合**:既存のアイデンティティおよびアクセス管理システムと連携します。
- **柔軟な展開**:クライアント対ゲートウェイ、クライアント対サーバーなど、さまざまなモデルをサポートします。
- **強力な暗号化**:ECC、ノイズプロトコル、IBCなどの最新アルゴリズムを使用して強力なセキュリティを提供します。
</details>
## 展開
OpenNHPは、さまざまなユースケースに合わせた複数の展開モデルをサポートしています。
- クライアント対ゲートウェイ:ゲートウェイの背後にある複数のサーバーへのアクセスを保護します
- クライアント対サーバー:個々のサーバー/アプリケーションを直接保護します
- サーバー対サーバー:バックエンドサービス間の通信を保護します
- ゲートウェイ対ゲートウェイ:サイト間接続を保護します
> 詳細な展開手順については、[OpenNHPドキュメント](https://docs.opennhp.org/deploy/)を参照してください。
## SPAとNHPの比較
[クラウドセキュリティアライアンス(CSA)](https://cloudsecurityalliance.org/)がリリースした[ソフトウェア定義境界(SDP)仕様](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2)には、シングルパケット認証(SPA)プロトコルが含まれています。NHPは、最新の暗号化フレームワークとアーキテクチャを通じてセキュリティ、信頼性、スケーラビリティ、拡張性を向上させ、[AHAC研究論文](https://www.mdpi.com/2076-3417/14/13/5593)で示されているように従来の技術の限界を克服しています。
| - | SPA |NHP | NHPの利点 |
|:---|:---|:---|:---|
| **アーキテクチャ** | SPAサーバーのパケット復号化およびユーザー/デバイス認証コンポーネントがネットワークアクセス制御コンポーネントと結合されています。 | NHP-Server(パケット復号化およびユーザー/デバイス認証コンポーネント)とNHP-AC(アクセス制御コンポーネント)が分離されています。NHP-Serverは別のホストに展開でき、水平スケーリングをサポートします。 | <ul><li>パフォーマンス:リソース消費の多いコンポーネントNHP-Serverが保護されたサーバーから分離されています。</li><li>スケーラビリティ:NHP-Serverは分散またはクラスター化モードで展開可能です。</li><li>セキュリティ:認証が成功するまでは、保護されたサーバーのIPアドレスがクライアントには見えません。</li></ul>|
| **通信** | 単方向 | 双方向 | アクセス制御のステータス通知による信頼性の向上 |
| **暗号化フレームワーク** | 共有シークレット | PKIまたはIBC、ノイズフレームワーク |<ul><li>セキュリティ:MITM脅威を軽減する証明された安全な鍵交換メカニズム</li><li>低コスト:ゼロトラストモデルにおける効率的な鍵配布</li><li>パフォーマンス:高パフォーマンスの暗号化/復号化</li></ul>|
| **ネットワークインフラストラクチャ隠蔽能力** | サーバーポートのみ | ドメイン、IP、ポート | 脆弱性、DNSハイジャック、DDoS攻撃など、さまざまな攻撃に対する強力な防御 |
| **拡張性** | なし、SDP専用 | 汎用 | あらゆるサービス暗黒化の必要があるシナリオに対応 |
| **相互運用性** | 利用不可 | カスタマイズ可能| NHPは既存のプロトコル(例:DNS、FIDOなど)とシームレスに統合可能 |
## コントリビューション
OpenNHPへの貢献を歓迎します!貢献方法の詳細については、[コントリビューションガイドライン](CONTRIBUTING.md)を参照してください。
## ライセンス
OpenNHPは[Apache 2.0ライセンス](LICENSE)の下でリリースされています。
## 連絡先
- プロジェクトウェブサイト:[https://github.com/OpenNHP/opennhp](https://github.com/OpenNHP/opennhp)
- メール:[opennhp@gmail.com](mailto:opennhp@gmail.com)
- Discord:[Discordに参加する](https://discord.gg/CpyVmspx5x)
詳細なドキュメントについては、[公式ドキュメント](https://opennhp.org)をご覧ください。
## 参考文献
- [ソフトウェア定義境界(SDP)仕様 v2.0](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2)。Jason Garbis、Juanita Koilpillai、Junaid Islam、Bob Flores、Daniel Bailey、Benfeng Chen、Eitan Bremler、Michael Roza、Ahmed Refaey Hussein。[*クラウドセキュリティアライアンス(CSA)*](https://cloudsecurityalliance.org/)。2022年3月。
- [AHAC:高度なネットワーク隠蔽アクセス制御フレームワーク](https://www.mdpi.com/2076-3417/14/13/5593)。Mudi Xu、Benfeng Chen、Zhizhong Tan、Shan Chen、Lei Wang、Yan Liu、Tai Io San、Sou Wang Fong、Wenyong Wang、Jing Feng。*応用科学ジャーナル*。2024年6月。
- [STALE :電子メールと ECDH 鍵交換を活用したスケーラブルでセキュアなクロスボーダー認証スキーム](https://www.mdpi.com/2079-9292/14/12/2399) Jiexin Zheng, Mudi Xu, Jianqing Li, Benfeng Chen, Zhizhong Tan, Anyu Wang, Shuo Zhang, Yan Liu, Kevin Qi Zhang, Lirong Zheng, Wenyong Wang. *電子ジャーナル*。2025 年 6 月。
- [DRL—AMIR:ソフトウェア定義ゼロ信頼ネットワークのインテリジェントストリームスケジューリング](https://www.techscience.com/cmc/v84n2/62920)Wenlong Ke, Zilong Li, Peiyu Chen, Benfeng Chen, Jinglin Lv,Qiang Wang, Ziyi Jia と Shigen Shen 。*コンピュータ材料と連続通信*。2025 年 7 月。
- [深層強化学習に基づくNHPネットワークトラフィック制御手法](https://www.nature.com/articles/s41598-025-31556-3) Qinglin Huang, Zhizhong Tan, Qiang Wang, Ziyi Jia と Benfeng Chen. 『科学報告』。2025年12月。
- ノイズプロトコルフレームワーク。https://noiseprotocol.org/
- 脆弱性管理フレームワークプロジェクト。https://phoenix.security/web-vuln-management/
---
✨ OpenNHPにご関心をお寄せいただき、ありがとうございます!皆様の貢献とフィードバックをお待ちしております。
================================================
FILE: README.md
================================================
[](https://github.com/OpenNHP/opennhp/blob/master/README.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.zh-cn.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.de.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.ja.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.fr.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.es.md)
# OpenNHP: Open Source Zero Trust Security Toolkit
[](https://codecov.io/gh/OpenNHP/opennhp)
[](https://deepwiki.com/OpenNHP/opennhp)
**OpenNHP** is a lightweight, cryptography-powered, open-source toolkit implementing Zero Trust security for infrastructure, applications, and data. It features two core protocols:
- **[Network-infrastructure Hiding Protocol (NHP)](https://cloudsecurityalliance.org/artifacts/stealth-mode-sdp-for-zero-trust-network-infrastructure):** Conceals server ports, IP addresses, and domain names to protect applications and infrastructure from unauthorized access.
- **Data-object Hiding Protocol (DHP):** Ensures data security and privacy via encryption and confidential computing, making data *"usable but not visible."*
**[Website](https://opennhp.org) · [Documentation](https://docs.opennhp.org) · [Live Demo](https://opennhp.org/demo.html) · [Discord](https://discord.gg/CpyVmspx5x)**
---
## Architecture
OpenNHP follows a modular design with three core components, inspired by the [NIST Zero Trust Architecture](https://www.nist.gov/publications/zero-trust-architecture):
| Component | Role |
|-----------|------|
| **NHP-Agent** | Client that sends encrypted knock requests to gain access |
| **NHP-Server** | Authenticates and authorizes requests; decoupled from protected resources |
| **NHP-AC** | Access controller that manages firewall rules on the protected server |
> For protocol details, deployment models, and cryptographic design, see the [documentation](https://docs.opennhp.org).
---
## Repository Structure
```
opennhp/
├── nhp/ # Core protocol library (Go module)
│ ├── core/ # Packet handling, cryptography, Noise Protocol, device management
│ ├── common/ # Shared types and message definitions
│ ├── utils/ # Utility functions
│ ├── plugins/ # Plugin handler interfaces
│ ├── log/ # Logging infrastructure
│ └── etcd/ # Distributed configuration support
└── endpoints/ # Daemon implementations (Go module, depends on nhp)
├── agent/ # NHP-Agent daemon
├── server/ # NHP-Server daemon
├── ac/ # NHP-AC (access controller) daemon
├── db/ # NHP-DB (data object backend for DHP)
├── kgc/ # Key Generation Center (IBC)
└── relay/ # TCP relay
```
---
## Quick Start
### Prerequisites
- Go 1.25.6+
- `make`
- Docker and Docker Compose (for the full-stack demo)
### Build
```bash
# Build all components
make
# Build individual daemons
make agentd # NHP-Agent
make serverd # NHP-Server
make acd # NHP-AC
make db # NHP-DB
make kgc # Key Generation Center
```
### Test
```bash
cd nhp && go test ./...
cd endpoints && go test ./...
```
### Run with Docker
```bash
cd docker && docker-compose up --build
```
Follow the [Quick Start tutorial](https://docs.opennhp.org/nhp_quick_start/) to simulate the full authentication workflow in a Docker environment.
---
## Contributing
We welcome contributions! Please read [CONTRIBUTING.md](CONTRIBUTING.md) before submitting pull requests.
**Note:** All commits must be signed with a verified GPG or SSH key.
```bash
git commit -S -m "your message"
```
---
## Sponsors
<a href="https://layerv.ai">
<img src="docs/images/layerv_logo.png" width="80" alt="LayerV.ai">
<br>
<img src="docs/images/layerv_text.svg" width="120" alt="LayerV.ai">
</a>
---
## License
Released under the [Apache 2.0 License](LICENSE).
## Contact
- Email: [support@opennhp.org](mailto:support@opennhp.org)
- Discord: [Join our Discord](https://discord.gg/CpyVmspx5x)
- Website: [https://opennhp.org](https://opennhp.org)
================================================
FILE: README.zh-cn.md
================================================
[](https://github.com/OpenNHP/opennhp/blob/master/README.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.zh-cn.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.de.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.ja.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.fr.md)
[](https://github.com/OpenNHP/opennhp/blob/master/README.es.md)
# OpenNHP: 零信任网络隐身协议
OpenNHP是一个轻量级、基于加密算法的零信任网络协议,其工作在OSI网络模型第五层,用于隐藏您的服务器和数据,避免被攻击者发现和访问
---
## 挑战:AI 将互联网变为“黑暗森林”
**AI** 技术的快速发展,尤其是大语言模型(LLM),正在显著改变网络安全格局。**自主漏洞利用(AVE)** 的兴起是 AI 时代的一个重大飞跃,大大简化了漏洞的利用,这一点在[这篇研究论文](https://arxiv.org/abs/2404.08144)中有详细说明。这一发展显著增加了任何暴露网络服务的风险,与互联网的[黑暗森林假说](https://en.wikipedia.org/wiki/Dark_forest_hypothesis)不谋而合。AI 驱动的工具不断扫描数字环境,迅速识别和利用弱点。因此,互联网正逐渐成为一个**“黑暗森林”**,**可见性意味着脆弱性**。
Gartner 研究预测,[AI 驱动的网络攻击将迅速增加](https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025)。这一变化要求重新评估传统的网络安全策略,重点放在主动防御、快速响应机制和网络隐藏技术的采用,以保护关键基础设施。
---
## 快速演示:查看 OpenNHP 的工作原理
在深入了解 OpenNHP 的详细信息之前,让我们先来看一个 OpenNHP 如何保护服务器免受未经授权访问的演示。您可以通过访问 https://acdemo.opennhp.org 查看其实际效果。
### 1) 受保护的服务器对未经身份验证的用户“不可见”
默认情况下,任何试图连接受保护服务器的操作都会导致超时错误,因为所有端口都是关闭的,使服务器看起来像是*“离线”*且实际上是“不可见”的。
对服务器进行端口扫描也会返回超时错误。
### 2) 身份验证后,受保护的服务器变得可访问
OpenNHP 支持多种身份验证方法,如 OAuth、SAML、二维码等。为了演示方便,本次演示使用 https://demologin.opennhp.org 上的基本用户名/密码身份验证服务来展示该过程。
点击“登录”按钮后,身份验证成功完成,您会被重定向到受保护的服务器。此时,服务器在您的设备上变得*“可见”*并且可以访问。
---
## 快速开始: 构建和测试 OpenNHP
按照我们的[快速入门教程](https://docs.opennhp.org/zh-cn/nhp_quick_start/) 构建 OpenNHP 源代码,并在 Docker 环境中进行测试。您将启动自己的 OpenNHP 调试环境,模拟“不可见”的网络隐藏行为并测试身份验证工作流。
---
## 愿景:让互联网变得值得信赖
TCP/IP 协议的开放性推动了互联网应用的爆炸式增长,但也暴露了漏洞,使得恶意攻击者可以获得未经授权的访问并利用任何暴露的 IP 地址。尽管 [OSI 网络模型](https://en.wikipedia.org/wiki/OSI_model) 在*第五层(会话层)*定义了连接管理,但在实际中很少有有效的解决方案能够应对这一挑战。
**NHP**,即**“网络基础设施隐藏协议”**,是一种轻量级、基于加密的零信任网络协议,旨在工作于*OSI 会话层*,该层在管理网络可见性和连接方面是最佳选择。NHP 的主要目标是将受保护的资源隐藏于未授权的实体,只允许经过验证的用户通过持续认证访问,从而为更值得信赖的互联网作出贡献。
---
## 解决方案:OpenNHP 解决网络可见性控制问题
**OpenNHP** 是 NHP 协议的开源实现。它基于加密技术,采用安全优先的原则,在*OSI 会话层*实现了真正的零信任架构。
OpenNHP 构建在早期的网络隐藏技术研究基础之上,利用现代加密框架和架构确保安全性和高性能,从而克服了前代技术的局限性。
| 网络隐藏协议 | 第一代 | 第二代 | 第三代 |
|:---|:---|:---|:---|
| **核心技术** | [端口敲门](https://en.wikipedia.org/wiki/Port_knocking) | [单包认证(SPA)](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2) | 网络基础设施隐藏协议(NHP) |
| **身份认证** | 端口序列 | 共享密钥 | 现代加密框架 |
| **架构** | 无控制平面 | 无控制平面 | 可扩展控制平面 |
| **功能** | 隐藏端口 | 隐藏端口 | 隐藏端口、IP 和域名 |
| **访问控制** | IP 层级 | 端口层级 | 应用层级 |
| **开源项目** | [knock](https://github.com/jvinet/knock) *(C)* | [fwknop](https://github.com/mrash/fwknop) *(C++)* | [OpenNHP](https://github.com/OpenNHP/opennhp) *(Go)* |
> 开发 OpenNHP 选择使用**内存安全**的语言如 *Go*,这一点在[美国政府技术报告](https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf)中得到了强调。有关 **SPA 和 NHP** 之间详细的比较,请参见[下文](#comparison-between-spa-and-nhp)。
## 安全性优势
由于 OpenNHP 在 *OSI 会话层*实现了零信任原则,因此具有显著的优势:
- 通过隐藏基础设施减少攻击面
- 防止未经授权的网络侦察
- 减少漏洞利用的可能性
- 通过加密的 DNS 保护防止钓鱼
- 抵御 DDoS 攻击
- 提供细粒度的访问控制
- 实现基于身份的连接追踪
- 支持攻击溯源
## 架构
OpenNHP 的架构受 [NIST 零信任架构标准](https://www.nist.gov/publications/zero-trust-architecture) 启发,采用模块化设计,包含三个核心组件:**NHP-Server**、**NHP-AC** 和 **NHP-Agent**,如下图所示。
> 有关架构和工作流程的详细信息,请参阅 [OpenNHP 文档](https://docs.opennhp.org/)。
## 核心:加密算法
加密是 OpenNHP 的核心,提供强大的安全性、出色的性能和可扩展性,使用了先进的加密算法。以下是 OpenNHP 采用的关键加密算法和框架:
- **[椭圆曲线密码学(ECC)](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography)**:用于高效的公钥密码学。
> 与 RSA 相比,ECC 具有更高的效率,以较短的密钥长度提供更强的加密能力,从而提高网络传输和计算性能。下表显示了 RSA 和 ECC 在安全强度、密钥长度和密钥长度比率上的差异,以及其有效期。
| 安全强度(位) | DSA/RSA 密钥长度(位) | ECC 密钥长度(位) | 比率:ECC 与 DSA/RSA | 有效期 |
|:---------------:|:----------------------:|:-----------------:|:------------------:|:------:|
| 80 | 1024 | 160-223 | 1:6 | 到 2010 年 |
| 112 | 2048 | 224-255 | 1:9 | 到 2030 年 |
| 128 | 3072 | 256-383 | 1:12 | 2031 年后 |
| 192 | 7680 | 384-511 | 1:20 | |
| 256 | 15360 | 512+ | 1:30 | |
- **[Noise 协议框架](https://noiseprotocol.org/)**:用于安全的密钥交换、消息加密/解密和相互身份认证。
> Noise 协议基于[Diffie-Hellman 密钥交换](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange),提供了现代加密解决方案,如相互和可选认证、身份隐藏、前向安全性和零轮次加密。它已被 WhatsApp、Slack 和 WireGuard 等应用广泛验证并使用,证明其安全性和性能。
- **[基于身份的加密(IBC)](https://en.wikipedia.org/wiki/Identity-based_cryptography)**:简化了大规模的密钥分发。
> 高效的密钥分发是实现零信任的关键。OpenNHP 支持 PKI 和 IBC。虽然 PKI 已经被广泛使用,但它依赖于集中式的证书颁发机构(CA)进行身份验证和密钥管理,这在时间和成本上较为昂贵。相比之下,IBC 允许在身份验证和密钥管理方面采用去中心化和自我管理的方法,使其在 OpenNHP 的零信任环境中更具成本效益,尤其是在需要实时保护和管理数十亿设备或服务器的情况下。
- **[无证书公钥加密(CL-PKC)](https://en.wikipedia.org/wiki/Certificateless_cryptography)**:推荐的 IBC 算法。
> CL-PKC 是一种通过避免密钥托管和解决基于身份的加密(IBC)局限性来增强安全性的方案。在大多数 IBC 系统中,用户的私钥由密钥生成中心(KGC)生成,这带来了显著的风险。如果 KGC 被攻破,所有用户的私钥都可能被泄露,这要求对 KGC 完全信任。CL-PKC 通过将密钥生成过程分离,使 KGC 仅了解部分私钥,从而避免这一问题。结果,CL-PKC 结合了 PKI 和 IBC 的优点,在不牺牲安全性的情况下提供更强的保护。
更多阅读:
> 有关 OpenNHP 中使用的加密算法的详细说明,请参阅 [OpenNHP 文档](https://docs.opennhp.org/cryptography/)。
## 主要特性
- 通过强制默认“全部拒绝”规则减少漏洞利用
- 通过加密的 DNS 解决防止钓鱼攻击
- 通过隐藏基础设施保护免受 DDoS 攻击
- 通过身份追踪连接实现攻击溯源
- 对所有受保护资源的默认拒绝访问控制
- 在网络访问前进行基于身份和设备的身份认证
- 加密的 DNS 解决防止 DNS 劫持
- 分布式基础设施抵御 DDoS 攻击
- 解耦组件实现可扩展架构
- 与现有身份和访问管理系统集成
- 支持多种部署模型(客户端到网关、客户端到服务器等)
- 使用现代算法(ECC、Noise 协议、IBC)进行加密确保安全性
<details>
<summary>点击展开特性详情</summary>
- **默认拒绝访问控制**:所有资源默认隐藏,只有通过身份验证和授权后才会变得可访问。
- **基于身份和设备的身份验证**:确保只有已知用户在授权设备上可以访问。
- **加密的 DNS 解决**:防止 DNS 劫持和相关的钓鱼攻击。
- **DDoS 缓解**:分布式基础设施设计有助于抵御分布式拒绝服务攻击。
- **可扩展架构**:解耦组件允许灵活部署和扩展。
- **IAM 集成**:可以与现有身份和访问管理系统配合使用。
- **灵活部署**:支持包括客户端到网关、客户端到服务器等多种模型。
- **强大加密**:使用现代算法如 ECC、Noise 协议和 IBC 确保安全性。
</details>
## 部署
OpenNHP 支持多种部署模型,以适应不同的使用场景:
- 客户端到网关:保护网关后面的多个服务器的访问
- 客户端到服务器:直接保护单个服务器/应用
- 服务器到服务器:保护后端服务之间的通信
- 网关到网关:保护站点到站点的连接
> 有关详细部署说明,请参阅 [OpenNHP 文档](https://docs.opennhp.org/deploy/)。
## SPA 和 NHP 的比较
单包认证(SPA)协议被包含在 [软件定义边界(SDP)规范](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2) 中,由 [云安全联盟(CSA)](https://cloudsecurityalliance.org/) 发布。NHP 通过现代加密框架和架构在安全性、可靠性、可扩展性和可扩展性方面进行了改进,这一点在 [AHAC 研究论文](https://www.mdpi.com/2076-3417/14/13/5593) 中得到了验证。
| - | SPA | NHP | NHP 优势 |
|:---|:---|:---|:---|
| **架构** | SPA 服务器中的 SPA 数据包解密和用户/设备身份验证组件与网络访问控制组件是耦合的。 | NHP-Server(数据包解密和用户/设备身份验证组件)和 NHP-AC(访问控制组件)是解耦的。NHP-Server 可以部署在独立的主机上,并支持水平扩展。 | <ul><li>性能:资源消耗大的组件 NHP-Server 从受保护服务器分离。</li><li>可扩展性:NHP-Server 可以以分布式或集群模式部署。</li><li>安全性:受保护服务器的 IP 地址在身份验证成功之前对客户端是不可见的。</li></ul> |
| **通信** | 单向 | 双向 | 更好的可靠性,访问控制状态通知 |
| **加密框架** | 共享密钥 | PKI 或 IBC,Noise 框架 | <ul><li>安全性:经过验证的安全密钥交换机制,减轻中间人攻击威胁</li><li>低成本:适合零信任模型的高效密钥分发</li><li>性能:高性能加密/解密</li></ul> |
| **隐藏网络基础设施的能力** | 仅服务器端口 | 域名、IP 和端口 | 更强大,针对各种攻击(如漏洞利用、DNS 劫持和 DDoS 攻击) |
| **可扩展性** | 无,仅适用于 SDP | 通用 | 支持任何需要服务暗化的场景 |
| **互操作性** | 不支持 | 可定制 | NHP 可以无缝集成现有协议(如 DNS、FIDO 等) |
## 贡献
我们欢迎对 OpenNHP 的贡献!有关如何参与的更多信息,请参阅我们的[贡献指南](CONTRIBUTING.md)。
## 许可协议
OpenNHP 遵循 [Apache 2.0 许可协议](LICENSE)。
## 联系方式
- 项目网站:[https://github.com/OpenNHP/opennhp](https://github.com/OpenNHP/opennhp)
- 电子邮件:[opennhp@gmail.com](mailto:opennhp@gmail.com)
- Discord:[加入我们的 Discord](https://discord.gg/CpyVmspx5x)
有关更详细的文档,请访问我们的[官方网站](https://opennhp.org)。
## 参考文献
- [软件定义边界(SDP)规范 v2.0](https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-specification-v2)。Jason Garbis、Juanita Koilpillai、Junaid lslam、Bob Flores、Daniel Bailey、Benfeng Chen、Eitan Bremler、Michael Roza、Ahmed Refaey Hussein。[*云安全联盟(CSA)*](https://cloudsecurityalliance.org/)。2022 年 3 月。
- [AHAC:高级网络隐藏访问控制框架](https://www.mdpi.com/2076-3417/14/13/5593)。Mudi Xu、Benfeng Chen、Zhizhong Tan、Shan Chen、Lei Wang、Yan Liu、Tai Io San、Sou Wang Fong、Wenyong Wang 和 Jing Feng。*应用科学杂志*。2024 年 6 月。
- [STALE:利用电子邮件和ECDH密钥交换的可扩展、安全的跨境认证方案](https://www.mdpi.com/2079-9292/14/12/2399).Jiexin Zheng, Mudi Xu, Jianqing Li, Benfeng Chen, Zhizhong Tan, Anyu Wang, Shuo Zhang, Yan Liu, Kevin Qi Zhang, Lirong Zheng, 和 Wenyong Wang.*电子学报*。2025年6月。
- [DRL-AMIR:软件定义的零信任网络的智能流调度](https://www.techscience.com/cmc/v84n2/62920).Wenlong Ke, Zilong Li, Peiyu Chen, Benfeng Chen, Jinglin Lv, Qiang Wang, Ziyi Jia 和 Shigen Shen. *计算机材料和连续通信*。2025年7月。
-- [基于深度强化学习的NHP网络流量控制方法](https://www.nature.com/articles/s41598-025-31556-3)。Qinglin Huang, Zhizhong Tan, Qiang Wang, Ziyi Jia 和 Benfeng Chen. *科学报告*。 2025年12月。
- Noise 协议框架。https://noiseprotocol.org/
- 漏洞管理框架项目。https://phoenix.security/web-vuln-management/
---
🌟 感谢您对 OpenNHP 的关注!我们期待您的贡献和反馈。
================================================
FILE: SECURITY.md
================================================
# Security Policy
## Reporting Security Issues
The OpenNHP team and community take security bugs in OpenNHP seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/opennhp/opennhp/security/advisories/new) tab.
The OpenNHP team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Report security bugs in third-party modules to the person or team maintaining the module.
================================================
FILE: build.bat
================================================
@echo off
cd %~dp0
FOR /F %%i in ('powershell -c "get-date -format yyMMddHHmmss"') do SET BUILD_NO=%%i
FOR /F "tokens=*" %%a in (nhp\version\VERSION) do SET VERSION=%%a.%BUILD_NO%
echo OpenNHP version: %VERSION%
FOR /F "tokens=* usebackq" %%a in (`"git show -s "--format^=%%H""`) do SET COMMIT_ID=%%a
echo Commit id: %COMMIT_ID%
FOR /F "tokens=* usebackq" %%a in (`"git show -s "--format^=%%cd" "--date^=format:%%Y-%%m-%%d %%H:%%M:%%S""`) do SET COMMIT_TIME=%%a
echo Commit time: %COMMIT_TIME%
FOR /F "tokens=1 usebackq" %%a in (`echo %date%`) do SET CURR_DATE=%%a
FOR /F "tokens=1 delims=. usebackq" %%a in (`echo %time%`) do SET CURR_TIME=%%a
SET BUILD_TIME=%CURR_DATE% %CURR_TIME%
echo Build time: %BUILD_TIME%
set LD_FLAGS="-X 'github.com/OpenNHP/opennhp/nhp/version.Version=%VERSION%' -X 'github.com/OpenNHP/opennhp/nhp/version.CommitId=%COMMIT_ID%' -X 'github.com/OpenNHP/opennhp/nhp/version.CommitTime=%COMMIT_TIME%' -X 'github.com/OpenNHP/opennhp/nhp/version.BuildTime=%BUILD_TIME%'"
set CGO_ENABLED=1
cd nhp
go mod tidy
cd ../endpoints
go mod tidy
:agentd
go build -trimpath -ldflags %LD_FLAGS% -v -o ..\release\nhp-agent\nhp-agentd.exe agent\main\main.go
IF %ERRORLEVEL% NEQ 0 goto :exit
if not exist ..\release\nhp-agent\etc mkdir ..\release\nhp-agent\etc
copy agent\main\etc\*.* ..\release\nhp-agent\etc
:acd
go build -trimpath -ldflags %LD_FLAGS% -v -o ..\release\nhp-ac\nhp-acd.exe ac\main\main.go
IF %ERRORLEVEL% NEQ 0 goto :exit
if not exist ..\release\nhp-ac\etc mkdir ..\release\nhp-ac\etc
copy ac\main\etc\*.* ..\release\nhp-ac\etc
:serverd
go build -trimpath -ldflags %LD_FLAGS% -v -o ..\release\nhp-server\nhp-serverd.exe server\main\main.go
IF %ERRORLEVEL% NEQ 0 goto :exit
if not exist ..\release\nhp-server\etc mkdir ..\release\nhp-server\etc
copy server\main\etc\*.* ..\release\nhp-server\etc
:db
go build -trimpath -ldflags %LD_FLAGS% -v -o ..\release\nhp-db\nhp-db.exe db\main\main.go
IF %ERRORLEVEL% NEQ 0 goto :exit
if not exist ..\release\nhp-db\etc mkdir ..\release\nhp-db\etc
copy db\main\etc\*.* ..\release\nhp-db\etc
:kgc
go build -trimpath -ldflags %LD_FLAGS% -v -o ..\release\nhp-kgc\nhp-kgc.exe kgc\main\main.go
IF %ERRORLEVEL% NEQ 0 goto :exit
if not exist ..\release\nhp-kgc\etc mkdir ..\release\nhp-kgc\etc
copy kgc\main\etc\*.* ..\release\nhp-kgc\etc
:agentsdk
go build -trimpath -buildmode=c-shared -ldflags %LD_FLAGS% -v -o ..\release\nhp-agent\nhp-agent.dll agent\main\main.go agent\main\export.go
IF %ERRORLEVEL% NEQ 0 goto :exit
@REM :devicesdk
@REM go build -trimpath -buildmode=c-shared -ldflags %LD_FLAGS% -v -o release\nhp-device\nhpdevice.dll core\main\main.go core\main\nhpdevice.go
@REM IF %ERRORLEVEL% NEQ 0 exit /b 1
@REM REM gcc nhp\sdkdemo\nhp-device-demo.c -I nhp\main -I release\nhp-device -l:nhpdevice.dll -Lrelease\nhp-device -Wl,-rpath=. -o release\nhp-device\nhp-device-demo.exe
@REM IF %ERRORLEVEL% NEQ 0 exit /b 1
@REM cd release\nhp-device
@REM call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvarsall.bat" x64
@REM lib /def:./nhpdevice.def /name:nhpdevice.dll /out:./nhpdevice.lib /MACHINE:X64
@REM cd ..\..
:exit
IF %ERRORLEVEL% NEQ 0 (
echo [Error] %ERRORLEVEL%
) ELSE (
echo [Done] OpenNHP v%VERSION% for platform %OS% built!
)
cd ..
================================================
FILE: codecov.yml
================================================
codecov:
require_ci_to_pass: yes
coverage:
precision: 2
round: down
range: "60...100"
status:
project:
default:
target: auto
threshold: 1%
patch:
default:
target: auto
threshold: 1%
parsers:
gcov:
branch_detection:
conditional: yes
loop: yes
method: no
macro: no
comment:
layout: "reach,diff,flags,files"
behavior: default
require_changes: no
================================================
FILE: docker/Dockerfile.ac
================================================
FROM opennhp-base:latest AS builder
WORKDIR /nhp-server
COPY . .
RUN echo "Building for architecture: ${TARGETARCH}"
RUN cd /nhp-server && make init acd
FROM ubuntu:22.04 AS runtime
ARG APT_MIRROR=
ENV DEBIAN_FRONTEND=noninteractive
# Switch APT mirror if specified
RUN if [ -n "$APT_MIRROR" ]; then \
sed -i "s|ports.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|archive.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|security.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list; \
fi
RUN apt-get update && \
apt-get install -y wget \
ca-certificates \
iptables \
tcpdump \
clang \
ipset \
git \
curl \
telnet \
&& rm -rf /var/lib/apt/lists/*
# Traefik version
ARG TRAEFIK_VERSION=v2.10.4
# traefik config
RUN mkdir -p /opt/traefik/
# Copy the traefik configuration file
COPY --from=builder /nhp-server/docker/traefik_v3.4.0-rc2_linux_amd64.tar.gz /traefik.tar.gz
RUN tar -zxvf traefik.tar.gz && \
mv traefik /opt/traefik/ && \
chmod +x /opt/traefik/traefik && \
rm -rf /tmp/*
COPY --from=builder /nhp-server/release/nhp-ac /nhp-ac
COPY --from=builder /nhp-server/docker/iptables_defaults_ubuntu.sh /iptables_defaults_ubuntu.sh
COPY --from=builder /nhp-server/docker/iptables_defaults_x86.sh /iptables_defaults_x86.sh
RUN if [ "$(uname -m)" = "x86_64" ]; then \
mv /iptables_defaults_x86.sh /iptables_defaults.sh; \
else \
mv /iptables_defaults_ubuntu.sh /iptables_defaults.sh; \
fi && \
chmod +x /iptables_defaults.sh && \
rm -f /iptables_defaults_*.sh
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["/iptables_defaults.sh -f && cd /opt/traefik/ && nohup ./traefik --configFile=traefik.toml 2>&1 & -- & /nhp-ac/nhp-acd run"]
#ENTRYPOINT ["/nhp-ac/nhp-acd", "run"]
================================================
FILE: docker/Dockerfile.agent
================================================
FROM opennhp-base:latest AS builder
WORKDIR /workdir
COPY . .
RUN echo "Building for architecture: ${TARGETARCH}"
RUN cd /workdir && cat Makefile && make init agentd
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
apt-get install -y wget \
ca-certificates \
iptables \
tcpdump \
clang \
ipset \
nginx \
git \
curl \
inetutils-ping \
telnet \
&& rm -rf /var/lib/apt/lists/*
RUN groupadd -r nginx && \
useradd -r -g nginx -s /bin/bash -d /home/nginx -m nginx
RUN mv /workdir/release/nhp-agent /nhp-agent
USER root
CMD ["tail", "-f", "/dev/null"]
#CMD ["nginx && /nhp-agent/nhp-agentd run"]
#CMD ["nginx"]
================================================
FILE: docker/Dockerfile.app
================================================
FROM --platform=$BUILDPLATFORM ubuntu:22.04 AS builder
# Get target platform architecture
ARG TARGETARCH
ARG TARGETOS
ARG APT_MIRROR=
# Switch APT mirror if specified
RUN if [ -n "$APT_MIRROR" ]; then \
sed -i "s|ports.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|archive.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|security.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list; \
fi
# Install basic tools
RUN apt-get update && \
apt-get install -y --no-install-recommends \
build-essential \
wget \
ca-certificates \
clang \
iptables \
tcpdump \
ipset \
git \
&& rm -rf /var/lib/apt/lists/*
# Set Go version
ENV GO_VERSION=1.25.6
# Set Go download URL based on architecture
RUN case "${TARGETARCH}" in \
"amd64") \
GO_ARCH="linux-amd64" \
;; \
"arm64") \
GO_ARCH="linux-arm64" \
;; \
"arm") \
GO_ARCH="linux-armv6l" \
;; \
*) \
echo "Unsupported architecture: ${TARGETARCH}" && exit 1 \
;; \
esac && \
wget https://golang.org/dl/go${GO_VERSION}.${GO_ARCH}.tar.gz -O /tmp/go.tar.gz && \
tar -C /usr/local -xzf /tmp/go.tar.gz && \
rm /tmp/go.tar.gz
# Set Go environment variables
ENV PATH="/usr/local/go/bin:${PATH}"
ENV GOPATH=/go
ENV PATH="${GOPATH}/bin:${PATH}"
ENV GOOS=${TARGETOS}
ENV GOARCH=${TARGETARCH}
ENV CGO_ENABLED=1
# Verify installations
RUN go version && \
gcc --version && \
make --version
# Set working directory
WORKDIR /app
# Copy the source code
COPY ./web-app .
##
# Build the application
RUN CGO_ENABLED=0 GOOS=linux go mod tidy && go build -o app
# Stage 2: Create a minimal runtime image
FROM ubuntu:22.04
ARG APT_MIRROR=
# Switch APT mirror if specified
RUN if [ -n "$APT_MIRROR" ]; then \
sed -i "s|ports.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|archive.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|security.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list; \
fi
RUN apt-get update && \
apt-get install -y --no-install-recommends \
build-essential \
wget \
ca-certificates \
clang \
iptables \
tcpdump \
&& rm -rf /var/lib/apt/lists/*
# Set working directory
WORKDIR /root/
# Copy the binary from builder
COPY --from=builder /app/app /app
COPY ./web-app/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
# Expose port 8080
EXPOSE 8080
# Command to run the application
ENTRYPOINT ["/entrypoint.sh"]
================================================
FILE: docker/Dockerfile.base
================================================
FROM --platform=$BUILDPLATFORM ubuntu:22.04 AS builder
# Get target platform architecture
ARG TARGETARCH
ARG TARGETOS
ARG GOPROXY=https://proxy.golang.org,direct
ARG GO_VERSION=1.25.6
ARG APT_MIRROR=
# Set Proxy
ENV GOPROXY=${GOPROXY}
# Switch APT mirror if specified (for users in China, use mirrors.aliyun.com)
RUN if [ -n "$APT_MIRROR" ]; then \
sed -i "s|ports.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|archive.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|security.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list; \
fi
# Install basic tools
RUN apt-get update && \
apt-get install -y --no-install-recommends \
build-essential \
wget \
ca-certificates \
clang \
iptables \
tcpdump \
ipset \
git \
vim \
&& rm -rf /var/lib/apt/lists/*
# Set Go version
ENV GO_VERSION=${GO_VERSION}
# Set Go download URL based on architecture
RUN case "${TARGETARCH}" in \
"amd64") \
GO_ARCH="linux-amd64" \
;; \
"arm64") \
GO_ARCH="linux-arm64" \
;; \
"arm") \
GO_ARCH="linux-armv6l" \
;; \
*) \
echo "Unsupported architecture: ${TARGETARCH}" && exit 1 \
;; \
esac && \
wget https://golang.org/dl/go${GO_VERSION}.${GO_ARCH}.tar.gz -O /tmp/go.tar.gz && \
tar -C /usr/local -xzf /tmp/go.tar.gz && \
rm /tmp/go.tar.gz
# Set Go environment variables
ENV PATH="/usr/local/go/bin:${PATH}"
ENV GOPATH=/go
ENV PATH="${GOPATH}/bin:${PATH}"
ENV GOOS=${TARGETOS}
ENV GOARCH=${TARGETARCH}
ENV CGO_ENABLED=1
# Force all builds to use go1.25.6 to ensure plugin compatibility
ENV GOTOOLCHAIN=go1.25.6
# Verify installations
RUN go version && \
gcc --version && \
make --version
# Set working directory
WORKDIR /nhp-server
# Default command (keep container running)
CMD ["tail", "-f", "/dev/null"]
================================================
FILE: docker/Dockerfile.server
================================================
FROM opennhp-base:latest AS builder
WORKDIR /nhp-server
COPY . .
RUN echo "Building for architecture: ${TARGETARCH}"
RUN cd /nhp-server && make init serverd plugins
FROM ubuntu:22.04 AS runtime
ARG APT_MIRROR=
ENV DEBIAN_FRONTEND=noninteractive
# Switch APT mirror if specified
RUN if [ -n "$APT_MIRROR" ]; then \
sed -i "s|ports.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|archive.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list && \
sed -i "s|security.ubuntu.com|${APT_MIRROR}|g" /etc/apt/sources.list; \
fi
RUN apt-get update && \
apt-get install -y wget \
ca-certificates \
nginx \
iptables \
tcpdump \
ipset \
git \
curl \
telnet \
vim \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /nhp-server/release/nhp-server /nhp-server
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["nginx & /nhp-server/nhp-serverd run"]
================================================
FILE: docker/certs/server.crt
================================================
-----BEGIN CERTIFICATE-----
MIIFKDCCAxCgAwIBAgIUR0G6YkK3Fjt2uqAEtfjlAgzxxoowDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAwwKb3Blbm5ocC5jbjAeFw0yNTA0MjkwOTQyMTJaFw0yNjA0
MjkwOTQyMTJaMBUxEzARBgNVBAMMCm9wZW5uaHAuY24wggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCr9I9uWvVZU8PU50/T4eN+Qp+B+j9WtGI8vqrT8dMU
NhbCvbx8HCtwlxBnw55TagvDhauiIULD4MAmEjtsFt5AvlB2oiPjmCNVPuQK5FNt
FyO+9DlYAsPm6weF7uKv86CGTb+16SwY++u/oM/8saifTY4oR94GAUqN/RSiutJK
vMbjUcUEGHRdLJCX+soxvWGWAUx3DudssOIoKR2S2AVZB5rBW58gfb5/i0k24Jb6
ryJdIzRA4nWtuRNMht2jxcywtayZaKr0uROajXdW/AP87huowyOCiajvg2wy4jh/
CFDHdb7pcss1H+A7YxEKstHAR+sZbPifLxGP2Ugo3S4k6yjclnRz4q2xpEBEE1/9
umRKnjZrABAUdo0lfTw41xYQCEg3cBglTOnvMtixGdmsjjO1JGvbL6tEY5CWtdMY
7FfToxJVK1TfrSmOoN0A8ahumKjeOPrckgSzxlUVJ0URcxSTnqFGo526JK+ex+OD
096hG9QvLd2KhgJCYAirY5aWVppL23yb/CGRPYmAgDp5EX7kSpDPYKe8fNQyXCVA
lPhE/DZ7D4FpWlQnRtApCGmX1jqN54Cq02srCiBPm1x1aS9VSUKjNDc3LLHFkyTv
EZ8AIGnh032V1diXVK8qSJHoIcsBs2gSiYX3h0BZv3ycv5482JGX9RXG/qi1WzJy
NwIDAQABo3AwbjAdBgNVHQ4EFgQUdwviO9R5EaGw+x802uZYXHCl6MgwHwYDVR0j
BBgwFoAUdwviO9R5EaGw+x802uZYXHCl6MgwDwYDVR0TAQH/BAUwAwEB/zAbBgNV
HREEFDASggpvcGVubmhwLmNuhwR/AAABMA0GCSqGSIb3DQEBCwUAA4ICAQCZ2dzQ
TIDgfGA6TPNF5azvVcxa+KN0ixBKaNh/6ziQLLGkD8clBzWCYzRx8PTxlv7K7Rvw
KwyK5mR2WM53ypfTmOEBoucwnzGMJhTSubCnPcRoUbqE0Lyu9UHnf31u9eYQYVNH
qj9mrpI7aLsqC6OWnR0aaY008rOSeQCEo/YdPszxaPyzZMYrKZ0gzLBF4Jr+i3CQ
6pDFWuj9MyThbqJb8P7+knqoYOGwwCiMRqLmtT1MdFFRtVkJRi1gorYXtzn6Pvnp
C3dU2p73PlVRgyR0Sc23iHVNeG2B9FVU2BOZGfq0hMxjbyCaANvSmuR74JwqWxwO
JSN0Zw4i250X8Bb3tb0krYI2YMTU60phr98cO7Ha8BtL030zWz2VQYyPLNCuo/r7
QVgFit236STHsO1N6K9uE8HGKic3TxmOyPecCXkyjkajJsQtIwzTDbxzeib+w5Ic
lZt4ROyrf+Z6P974at2xVp2E7EfpK7YgflwVRMwCOSylWMLBesrmqGxRCmxwuPoz
BT51S0ijamkRjGoJj+C8/Jwnf6Qj62tmCQAE0ZsiE0Mrb+NBWEwROQt7dB5i8GHR
0w3G4EmmGT/ZQ3QHnodfdcuyD2EvFxm6hzpTOfBoIKIkgTAaUFks3PHlMWncsq9u
Zd0Z5e6C4p/chC0xhkI2e132xejhVprF2EbYHw==
-----END CERTIFICATE-----
================================================
FILE: docker/certs/server.key
================================================
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCr9I9uWvVZU8PU
50/T4eN+Qp+B+j9WtGI8vqrT8dMUNhbCvbx8HCtwlxBnw55TagvDhauiIULD4MAm
EjtsFt5AvlB2oiPjmCNVPuQK5FNtFyO+9DlYAsPm6weF7uKv86CGTb+16SwY++u/
oM/8saifTY4oR94GAUqN/RSiutJKvMbjUcUEGHRdLJCX+soxvWGWAUx3DudssOIo
KR2S2AVZB5rBW58gfb5/i0k24Jb6ryJdIzRA4nWtuRNMht2jxcywtayZaKr0uROa
jXdW/AP87huowyOCiajvg2wy4jh/CFDHdb7pcss1H+A7YxEKstHAR+sZbPifLxGP
2Ugo3S4k6yjclnRz4q2xpEBEE1/9umRKnjZrABAUdo0lfTw41xYQCEg3cBglTOnv
MtixGdmsjjO1JGvbL6tEY5CWtdMY7FfToxJVK1TfrSmOoN0A8ahumKjeOPrckgSz
xlUVJ0URcxSTnqFGo526JK+ex+OD096hG9QvLd2KhgJCYAirY5aWVppL23yb/CGR
PYmAgDp5EX7kSpDPYKe8fNQyXCVAlPhE/DZ7D4FpWlQnRtApCGmX1jqN54Cq02sr
CiBPm1x1aS9VSUKjNDc3LLHFkyTvEZ8AIGnh032V1diXVK8qSJHoIcsBs2gSiYX3
h0BZv3ycv5482JGX9RXG/qi1WzJyNwIDAQABAoICAAE87QLD4ov77OctqnxMM4mX
Vt5Q3BThOUCBCj96uGTRsN9CY3GB+GltRP/M6j5lKeQvTwQx+MY/6ieRWQksWaRI
r9FIKzmlFkKzsGDzB4tmWmpdCBlTR8V0ABAIShcvNK19hiRRTfEjcIKRg1MpP51f
VGcuK/HfdNcfMSoCGKfTbRvPh7tsUPt8vyZroU9eCC5UIGX5CanVf4NU1x2ACFB9
nAZ0BOoZzah4axSwkEBfc2q36VU67ChN3U7fPQhD+8xyj7q5BLC8sQtF+nZ6Blio
qYf7rlfvFXQdU5xC1wT0conFFhSd2ssCnugpN0MG9ONNVpV5HInKL8uuf5+qW/3Y
BuOFpUdOW1JcuhWc81Lw7Dl6h26wG04Aq62YW2jbQfCnf+qwAGxDWn1k0p6Wdghf
eTQ7jnLKuDJIJ9OnKBFtrNQY/D0fQY4yNIqgWzuaWnrMvZUso3u9MLNM1IYFJOAZ
9vrmlC8O0LZgLRPWES1gpCN2eEJPvI6y/jiAj5JToHxTODWcsTMeRZA6hx5+ZZl5
JOsYHzGTuHNf6mL/hVPE/whcCcI8dEDipkegKbn9LVUw1El0sI6Qjx2xIlmniB5G
dOzVpgHpSeRPk3P3HWqSAMqenU26rz2GCq13+sLyeBXwvt8AA6bGiLkzivDcKlk3
XAjR3qelWJARcYpu6z4BAoIBAQDeQ1EDCAcvsuic2VytZbXU2ogP9WArU8S8V0n4
FwSrcHasKX1tL1+RJtcOkkC72YC+EfcKx/XCPbOn+CAgjnUCjSsmpoQ+p1PhaMTF
3t+HIe5lZ2lmlf8aHXjqNCGKh5Iu3AmmPcwNFficbqlIfHNUYkDvlSLM0NOxO2G/
7xlCNKSOOrKw6PRtWZN8WPhaJZzs6vZC+04QEPIFBmd6K9f/rNsOIg/r7ndIIEQ9
MLG4GaHd7Qany0CVuM+hE2g86QZNjEwiMk6q/IuLZ001oszOPRuCyVlJsqYzQlID
zLBvfK3Vru0wMUt0Kzr9Ey2KGxm9fzLnsGrXlUR/XFfIQdQ3AoIBAQDGDmRPzTVI
v54MrPtGACCEa24MoSOtZ1c/CmYJKrHGHepTODdML51Au+gi0jKm6QV37F53rUri
5kkDhE+1VyG/Jr8DVlOYTaDnqBpNAfNXfaVtX7SLJF3H9uEMgzytWFtFzehYMh8q
mBwzdU9N11CefmYsN2PqTJc+ntIYPOYHn0fCHX8tNfvxKHoiHrS4hfb1QLKY1cgT
WskvI6eqi+yc0STOGD+eSiXwSxFeEmhDv80CQxCe6/xPDRm2+dkOGAa2ysGVptwE
OhLqZNpC5YDk3swSDH+AfsYQ+uks81XSvDSxIQLCs8WgV4jC40F94Yfecn8YrnAf
G147glO9QVIBAoIBAQDFQ83E+P0X0pwtiaV9qEYH0qTsNQXTrpdv6bEW5acZWcmZ
54EQxPj25Rf+MMQPdW2URHGUOgDfEtA/BjPNcWJcj1p7BVNeIDiMWOY8ECEn2G+z
xGKB0CMH1JyakQYr40NVH6nYyAQwoQ10GatZUEsz27hya1Tln3ojVObe6KDsZ7id
G2+5ICjAXL5PoM9bgwKSK7/BlzWjgMasuxBgGEWvAIWzN3wWFCH9+9VU0cEJ+oX1
aAd+KSD7QXnWJllfphoX/asctrWngFmBsn+OWR2Y9hdSrs32YP6tg/Eyuhrl+Cx4
+LY/DaFAS5YhQ0Ipzv+7dgeCJsvM5whSWWz3qaVlAoIBABmTXDLN7haR4AgFAoG8
nHZdJR3uZRwMX0Ddx+VhJQnPbSYH+WQWNflZCpYMjMvvBWzCEkTkFOqOEFmq6Vwi
f1Ie38W/jRX62E9x7suI9/KRYB5qoHbjYFTlNZSXEevUoBy4hUt2VX37nJCskmwb
5OZCrlEBah6ke1dzzO+iVZYgZHTVuEmPUhSHRJZJXs8BRa3QCAAigy60p4w1z33/
ibOKcnVGvlhjfNi16O079UjiaMfk/y12jeNrbqmpQ/VE9wD919fKb1kAYtbv5RuE
ZYuolbOy93gRZuRkcl4Cok+PTEKfX6ri6h9VjmyUSi3GRPRd1rnKNOJfd2C56LRk
zgECggEBAKJb6aoGJRT96RwuMrsENJQ0H3STu49zC8O/mEn6Orw/29vo1+qlvT9P
Z+iRBbgG1oQZbceT4zRj22eqYf4lG9pwSd0neUq+Os9jdDv8XPXIS9b7RL1SgQtR
/Y686KX6Rd4Yjyd9zbjpHGJa5iEzSBvbEYoWavC1ayxVp1bBjIOgrHwV3AvlNc50
ZiKZV+C6JCw5EMeYzFJnCeQciY5eUuDp5FbxkowEP7F3c/qQWiEbtaPBqcOmI1Jv
iGjLRoyLbIF/fpE5bRK10MZCQSZy1pOsfAyyBCyZtuNnX3CTnW+b7SvTACnPIClC
+T3/6HbDSpvkk5fhbMR5QkMLg3Tv8RA=
-----END PRIVATE KEY-----
================================================
FILE: docker/docker-compose.dhp.yaml
================================================
networks:
network_default:
ipam:
driver: default
config:
- subnet: '177.7.0.0/16'
volumes:
postgres_data:
services:
nhp-server:
image: opennhp-server
build:
context: ..
dockerfile: ./docker/Dockerfile.server
args:
- GOPROXY=${GOPROXY:-}
container_name: nhp-server
restart: always
networks:
network_default:
ipv4_address: 177.7.0.9
volumes:
- ./nhp-server/etc/:/nhp-server/etc/:rw
- ./nhp-server/logs/:/nhp-server/logs/:rw
- ./nhp-server/templates/:/nhp-server/templates/:rw
- ./nhp-server/plugins/example/etc/:/nhp-server/plugins/example/etc/:rw
nhp-db:
image: opennhp-db
container_name: nhp-db
build:
context: ..
dockerfile: ./docker/Dockerfile.db
args:
- GOPROXY=${GOPROXY:-}
volumes:
- ./nhp-db/etc/:/nhp-db/etc/
- ./nhp-db/logs/:/nhp-db/logs/
- ./nhp-db/demo/:/nhp-db/demo/
restart: always
cap_add:
- NET_ADMIN
depends_on:
- nhp-server
networks:
network_default:
ipv4_address: 177.7.0.12
nhp-agent:
image: opennhp-agent:latest
build:
context: ..
dockerfile: ./docker/Dockerfile.agent
args:
- GOPROXY=${GOPROXY:-}
container_name: nhp-agent
restart: always
#command: []
ports:
- "8443:443"
networks:
network_default:
ipv4_address: 177.7.0.8
depends_on:
- nhp-server
- nhp-db
volumes:
- ./nhp-agent/etc:/nhp-agent/etc:rw
- ./nhp-agent/logs:/nhp-agent/logs:rw
================================================
FILE: docker/docker-compose.yaml
================================================
networks:
network_default:
ipam:
driver: default
config:
- subnet: '177.7.0.0/16'
volumes:
postgres_data:
services:
nhp-server:
image: opennhp-server
build:
context: ..
dockerfile: ./docker/Dockerfile.server
args:
- GOPROXY=${GOPROXY:-}
- APT_MIRROR=${APT_MIRROR:-}
container_name: nhp-server
restart: always
networks:
network_default:
ipv4_address: 177.7.0.9
volumes:
- ./nhp-server/etc/:/nhp-server/etc/:rw
- ./nhp-server/logs/:/nhp-server/logs/:rw
- ./nhp-server/templates/:/nhp-server/templates/:rw
- ./nhp-server/plugins/example/etc/:/nhp-server/plugins/example/etc/:rw
nhp-ac:
image: opennhp-ac
container_name: nhp-ac
build:
context: ..
dockerfile: ./docker/Dockerfile.ac
args:
- GOPROXY=${GOPROXY:-}
- APT_MIRROR=${APT_MIRROR:-}
volumes:
- ./nhp-ac/etc/:/nhp-ac/etc/
- ./nhp-ac/traefik/etc/traefik.toml:/opt/traefik/traefik.toml
- ./nhp-ac/traefik/etc/provider.toml:/opt/traefik/provider.toml
- ./nhp-ac/logs/:/nhp-ac/logs/
restart: always
cap_add:
- NET_ADMIN
depends_on:
- nhp-server
networks:
network_default:
ipv4_address: 177.7.0.10
web-app:
image: web-app
container_name: web-app
build:
context: .
dockerfile: ./Dockerfile.app
args:
- GOPROXY=${GOPROXY:-}
- APT_MIRROR=${APT_MIRROR:-}
restart: always
cap_add:
- NET_ADMIN
networks:
network_default:
ipv4_address: 177.7.0.11
nhp-agent:
image: opennhp-agent:latest
build:
context: ..
dockerfile: ./docker/Dockerfile.agent
args:
- GOPROXY=${GOPROXY:-}
- APT_MIRROR=${APT_MIRROR:-}
container_name: nhp-agent
restart: always
#command: []
ports:
- "443:443"
- "80:80"
networks:
network_default:
ipv4_address: 177.7.0.8
depends_on:
- nhp-server
- nhp-ac
volumes:
- ./nhp-enter-nginx.conf:/etc/nginx/nginx.conf:rw
- ./certs/server.crt:/cert.pem:r
- ./certs/server.key:/key.pem:r
- ./nhp-agent/etc:/nhp-agent/etc:rw
- ./nhp-agent/logs:/nhp-agent/logs:rw
================================================
FILE: docker/iptables_defaults_ubuntu.sh
================================================
#!/bin/bash
CURRENT_DIR=$(cd "$(dirname "$0")" && pwd)
if [ "$1" = "-f" ];then
echo "Flushing existing iptables rules..."
# Set DROP policy first to avoid exposure window during flush
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -F
iptables -X
# Flush ipsets to clear previously authorized tuples
ipset flush 2>/dev/null || true
ipset destroy 2>/dev/null || true
# Flush IPv6 rules as well
if which ip6tables > /dev/null 2>&1; then
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -F
ip6tables -X
fi
fi
### ipset (IPv4) ###
echo "Setting up IPv4 ipset"
echo ""
ipset -exist create defaultset hash:ip,port,ip counters maxelem 1000000 timeout 120
ipset -exist create defaultset_down hash:ip,port,ip counters maxelem 1000000 timeout 121
ipset -exist create tempset hash:net,port counters maxelem 1000000 timeout 5
echo ""
echo "Setting IPv4 ipset OK ..."
### ipset (IPv6) ###
IP6TABLES=$(which ip6tables 2>/dev/null)
IPSET6_OK=0
if [ -n "$IP6TABLES" ]; then
echo "Setting up IPv6 ipset"
ipset -exist create defaultset_v6 hash:ip,port,ip family inet6 counters maxelem 1000000 timeout 120 2>/dev/null || true
ipset -exist create defaultset_down_v6 hash:ip,port,ip family inet6 counters maxelem 1000000 timeout 121 2>/dev/null || true
ipset -exist create tempset_v6 hash:net,port family inet6 counters maxelem 1000000 timeout 5 2>/dev/null || true
# Verify IPv6 ipset creation
IPSET6_OK=1
ipset list defaultset_v6 > /dev/null 2>&1 || IPSET6_OK=0
if [ $IPSET6_OK -eq 1 ]; then
echo "Setting IPv6 ipset OK ..."
fi
fi
### NHP_BLOCK chain ###
echo "Setting up NHP_BLOCK chain ..."
echo ""
iptables -N NHP_BLOCK
iptables -C NHP_BLOCK -j LOG --log-prefix "[NHP-BLOCK] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A NHP_BLOCK -j LOG --log-prefix "[NHP-BLOCK] " --log-level 6 --log-ip-options
fi
iptables -C NHP_BLOCK -j DROP > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A NHP_BLOCK -j DROP
fi
### INPUT chain ###
echo "Setting up INPUT chain ..."
echo ""
# tempset -> defaultset
iptables -C INPUT -m set --match-set tempset src,dst -j SET --add-set defaultset src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set tempset src,dst -j SET --add-set defaultset src,dst,dst
fi
# defaultset -> defaultset_down
iptables -C INPUT -m set --match-set defaultset src,dst,dst -j SET --add-set defaultset_down src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set defaultset src,dst,dst -j SET --add-set defaultset_down src,dst,dst
fi
# defaultset
iptables -C INPUT -m set --match-set defaultset src,dst,dst -j LOG --log-prefix "[NHP-ACCEPT] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set defaultset src,dst,dst -j LOG --log-prefix "[NHP-ACCEPT] " --log-level 6 --log-ip-options
fi
iptables -C INPUT -m set --match-set defaultset src,dst,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set defaultset src,dst,dst -j ACCEPT
fi
# tempset
iptables -C INPUT -m set --match-set tempset src,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set tempset src,dst -j ACCEPT
fi
# loopback interface
iptables -C INPUT -i lo -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -I INPUT -i lo -j ACCEPT
fi
# ssh
# iptables -C INPUT -p tcp --dport 22 -j ACCEPT > /dev/null 2>&1
# if [ $? -ne 0 ]; then
# iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# fi
# established connections
iptables -C INPUT -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
fi
# rest of INPUT
iptables -C INPUT -j NHP_BLOCK > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -j NHP_BLOCK
fi
### OUTPUT chain ###
echo "Setting up OUTPUT chain ..."
echo ""
#iptables -A OUTPUT -m set --match-set defaultset_down dst,src,src -j SET --add-set defaultset_down dst,src,src
### FORWARD chain ###
echo "Setting up FORWARD chain ..."
echo ""
# defaultset -> defaultset_down
iptables -C FORWARD -m set --match-set defaultset src,dst,dst -j SET --add-set defaultset_down src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -m set --match-set defaultset src,dst,dst -j SET --add-set defaultset_down src,dst,dst
fi
# defaultset
iptables -C FORWARD -m set --match-set defaultset src,dst,dst -j LOG --log-prefix "[NHP-FORWARD] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -m set --match-set defaultset src,dst,dst -j LOG --log-prefix "[NHP-FORWARD] " --log-level 6 --log-ip-options
fi
iptables -C FORWARD -m set --match-set defaultset src,dst,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -m set --match-set defaultset src,dst,dst -j ACCEPT
fi
# established connections
iptables -C FORWARD -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
fi
# rest of FORWARD
iptables -C FORWARD -j NHP_BLOCK > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -j NHP_BLOCK
fi
### chain policy (IPv4) ###
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
### IPv6 firewall rules ###
if [ -n "$IP6TABLES" ] && [ $IPSET6_OK -eq 1 ]; then
echo "Setting up IPv6 NHP_BLOCK chain ..."
ip6tables -N NHP_BLOCK 2>/dev/null || true
ip6tables -C NHP_BLOCK -j LOG --log-prefix "[NHP-BLOCK6] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A NHP_BLOCK -j LOG --log-prefix "[NHP-BLOCK6] " --log-level 6 --log-ip-options 2>/dev/null || true
fi
ip6tables -C NHP_BLOCK -j DROP > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A NHP_BLOCK -j DROP 2>/dev/null || true
fi
echo "Setting up IPv6 INPUT chain ..."
# tempset_v6 -> defaultset_v6
ip6tables -C INPUT -m set --match-set tempset_v6 src,dst -j SET --add-set defaultset_v6 src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set tempset_v6 src,dst -j SET --add-set defaultset_v6 src,dst,dst 2>/dev/null || true
fi
# defaultset_v6 -> defaultset_down_v6
ip6tables -C INPUT -m set --match-set defaultset_v6 src,dst,dst -j SET --add-set defaultset_down_v6 src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set defaultset_v6 src,dst,dst -j SET --add-set defaultset_down_v6 src,dst,dst 2>/dev/null || true
fi
# defaultset_v6 accept with logging
ip6tables -C INPUT -m set --match-set defaultset_v6 src,dst,dst -j LOG --log-prefix "[NHP-ACCEPT6] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set defaultset_v6 src,dst,dst -j LOG --log-prefix "[NHP-ACCEPT6] " --log-level 6 --log-ip-options 2>/dev/null || true
fi
ip6tables -C INPUT -m set --match-set defaultset_v6 src,dst,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set defaultset_v6 src,dst,dst -j ACCEPT 2>/dev/null || true
fi
# tempset_v6 accept
ip6tables -C INPUT -m set --match-set tempset_v6 src,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set tempset_v6 src,dst -j ACCEPT 2>/dev/null || true
fi
# loopback interface
ip6tables -C INPUT -i lo -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -I INPUT -i lo -j ACCEPT
fi
# established connections
ip6tables -C INPUT -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT
fi
# rest of INPUT
ip6tables -C INPUT -j NHP_BLOCK > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -j NHP_BLOCK 2>/dev/null || true
fi
echo "Setting up IPv6 FORWARD chain ..."
# defaultset_v6 -> defaultset_down_v6
ip6tables -C FORWARD -m set --match-set defaultset_v6 src,dst,dst -j SET --add-set defaultset_down_v6 src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -m set --match-set defaultset_v6 src,dst,dst -j SET --add-set defaultset_down_v6 src,dst,dst 2>/dev/null || true
fi
# defaultset_v6 forward with logging
ip6tables -C FORWARD -m set --match-set defaultset_v6 src,dst,dst -j LOG --log-prefix "[NHP-FORWARD6] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -m set --match-set defaultset_v6 src,dst,dst -j LOG --log-prefix "[NHP-FORWARD6] " --log-level 6 --log-ip-options 2>/dev/null || true
fi
ip6tables -C FORWARD -m set --match-set defaultset_v6 src,dst,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -m set --match-set defaultset_v6 src,dst,dst -j ACCEPT 2>/dev/null || true
fi
# established connections
ip6tables -C FORWARD -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
fi
# rest of FORWARD
ip6tables -C FORWARD -j NHP_BLOCK > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -j NHP_BLOCK 2>/dev/null || true
fi
### IPv6 chain policy ###
ip6tables -P INPUT DROP
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD DROP
echo "Setting IPv6 iptables OK ..."
fi
### iptables kernel logging ###
if [ -d /etc/rsyslog.d ] && [ ! -f /etc/rsyslog.d/10-nhplog.conf ]; then
echo "Setting up rsyslog ..."
mkdir -p logs
chmod -R 777 logs/
echo ":msg,contains,\"[NHP-ACCEPT]\" -$CURRENT_DIR/logs/nhp_accept.log
& stop
:msg,contains,\"[NHP-FORWARD]\" -$CURRENT_DIR/logs/nhp_forward.log
& stop
:msg,contains,\"[NHP-BLOCK]\" -$CURRENT_DIR/logs/nhp_block.log
& stop" > /etc/rsyslog.d/10-nhplog.conf
systemctl restart rsyslog
fi
echo "Setting iptables default OK ..."
echo ""
### EOF ###
================================================
FILE: docker/iptables_defaults_x86.sh
================================================
#!/bin/bash
CURRENT_DIR=`cd \`dirname $0\`; pwd`
### flush existing rules and set chain policy setting to DROP
if [ "$1" = "-f" ]; then
echo "Flushing existing iptables rules..."
echo ""
# Set DROP policy first to avoid exposure window during flush
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -F
iptables -X
# Flush ipsets to clear previously authorized tuples
ipset flush 2>/dev/null || true
ipset destroy 2>/dev/null || true
# Flush IPv6 rules as well
if which ip6tables > /dev/null 2>&1; then
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -F
ip6tables -X
fi
fi
### ipset (IPv4) ###
echo "Setting up IPv4 ipset"
echo ""
ipset -exist create defaultset hash:ip,port,ip counters maxelem 1000000 timeout 120
ipset -exist create defaultset_down hash:ip,port,ip counters maxelem 1000000 timeout 121
ipset -exist create tempset hash:net,port counters maxelem 1000000 timeout 5
echo ""
echo "Setting IPv4 ipset OK ..."
### ipset (IPv6) ###
IP6TABLES=$(which ip6tables 2>/dev/null)
IPSET6_OK=0
if [ -n "$IP6TABLES" ]; then
echo "Setting up IPv6 ipset"
ipset -exist create defaultset_v6 hash:ip,port,ip family inet6 counters maxelem 1000000 timeout 120 2>/dev/null || true
ipset -exist create defaultset_down_v6 hash:ip,port,ip family inet6 counters maxelem 1000000 timeout 121 2>/dev/null || true
ipset -exist create tempset_v6 hash:net,port family inet6 counters maxelem 1000000 timeout 5 2>/dev/null || true
# Verify IPv6 ipset creation
IPSET6_OK=1
ipset list defaultset_v6 > /dev/null 2>&1 || IPSET6_OK=0
if [ $IPSET6_OK -eq 1 ]; then
echo "Setting IPv6 ipset OK ..."
fi
fi
### NHP_BLOCK chain ###
echo "Setting up NHP_BLOCK chain ..."
echo ""
iptables -N NHP_BLOCK
iptables -C NHP_BLOCK -j LOG --log-prefix "[NHP-BLOCK] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A NHP_BLOCK -j LOG --log-prefix "[NHP-BLOCK] " --log-level 6 --log-ip-options
fi
iptables -C NHP_BLOCK -j DROP > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A NHP_BLOCK -j DROP
fi
### INPUT chain ###
echo "Setting up INPUT chain ..."
echo ""
# tempset -> defaultset
iptables -C INPUT -m set --match-set tempset src,dst -j SET --add-set defaultset src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set tempset src,dst -j SET --add-set defaultset src,dst,dst
fi
# defaultset -> defaultset_down
iptables -C INPUT -m set --match-set defaultset src,dst,dst -j SET --add-set defaultset_down src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set defaultset src,dst,dst -j SET --add-set defaultset_down src,dst,dst
fi
# defaultset
iptables -C INPUT -m set --match-set defaultset src,dst,dst -j LOG --log-prefix "[NHP-ACCEPT] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set defaultset src,dst,dst -j LOG --log-prefix "[NHP-ACCEPT] " --log-level 6 --log-ip-options
fi
iptables -C INPUT -m set --match-set defaultset src,dst,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set defaultset src,dst,dst -j ACCEPT
fi
# tempset
iptables -C INPUT -m set --match-set tempset src,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m set --match-set tempset src,dst -j ACCEPT
fi
# loopback interface
iptables -C INPUT -i lo -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -I INPUT -i lo -j ACCEPT
fi
# ssh
# iptables -C INPUT -p tcp --dport 22 -j ACCEPT > /dev/null 2>&1
# if [ $? -ne 0 ]; then
# iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# fi
# established connections
iptables -C INPUT -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
fi
# rest of INPUT
iptables -C INPUT -j NHP_BLOCK > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A INPUT -j NHP_BLOCK
fi
### OUTPUT chain ###
echo "Setting up OUTPUT chain ..."
echo ""
#iptables -A OUTPUT -m set --match-set defaultset_down dst,src,src -j SET --add-set defaultset_down dst,src,src
### FORWARD chain ###
echo "Setting up FORWARD chain ..."
echo ""
# defaultset -> defaultset_down
iptables -C FORWARD -m set --match-set defaultset src,dst,dst -j SET --add-set defaultset_down src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -m set --match-set defaultset src,dst,dst -j SET --add-set defaultset_down src,dst,dst
fi
# defaultset
iptables -C FORWARD -m set --match-set defaultset src,dst,dst -j LOG --log-prefix "[NHP-FORWARD] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -m set --match-set defaultset src,dst,dst -j LOG --log-prefix "[NHP-FORWARD] " --log-level 6 --log-ip-options
fi
iptables -C FORWARD -m set --match-set defaultset src,dst,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -m set --match-set defaultset src,dst,dst -j ACCEPT
fi
# established connections
iptables -C FORWARD -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
fi
# rest of FORWARD
iptables -C FORWARD -j NHP_BLOCK > /dev/null 2>&1
if [ $? -ne 0 ]; then
iptables -A FORWARD -j NHP_BLOCK
fi
### chain policy (IPv4) ###
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
### IPv6 firewall rules ###
if [ -n "$IP6TABLES" ] && [ $IPSET6_OK -eq 1 ]; then
echo "Setting up IPv6 NHP_BLOCK chain ..."
ip6tables -N NHP_BLOCK 2>/dev/null || true
ip6tables -C NHP_BLOCK -j LOG --log-prefix "[NHP-BLOCK6] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A NHP_BLOCK -j LOG --log-prefix "[NHP-BLOCK6] " --log-level 6 --log-ip-options 2>/dev/null || true
fi
ip6tables -C NHP_BLOCK -j DROP > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A NHP_BLOCK -j DROP 2>/dev/null || true
fi
echo "Setting up IPv6 INPUT chain ..."
# tempset_v6 -> defaultset_v6
ip6tables -C INPUT -m set --match-set tempset_v6 src,dst -j SET --add-set defaultset_v6 src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set tempset_v6 src,dst -j SET --add-set defaultset_v6 src,dst,dst 2>/dev/null || true
fi
# defaultset_v6 -> defaultset_down_v6
ip6tables -C INPUT -m set --match-set defaultset_v6 src,dst,dst -j SET --add-set defaultset_down_v6 src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set defaultset_v6 src,dst,dst -j SET --add-set defaultset_down_v6 src,dst,dst 2>/dev/null || true
fi
# defaultset_v6 accept with logging
ip6tables -C INPUT -m set --match-set defaultset_v6 src,dst,dst -j LOG --log-prefix "[NHP-ACCEPT6] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set defaultset_v6 src,dst,dst -j LOG --log-prefix "[NHP-ACCEPT6] " --log-level 6 --log-ip-options 2>/dev/null || true
fi
ip6tables -C INPUT -m set --match-set defaultset_v6 src,dst,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set defaultset_v6 src,dst,dst -j ACCEPT 2>/dev/null || true
fi
# tempset_v6 accept
ip6tables -C INPUT -m set --match-set tempset_v6 src,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m set --match-set tempset_v6 src,dst -j ACCEPT 2>/dev/null || true
fi
# loopback interface
ip6tables -C INPUT -i lo -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -I INPUT -i lo -j ACCEPT
fi
# established connections
ip6tables -C INPUT -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -m state --state ESTABLISHED -j ACCEPT
fi
# rest of INPUT
ip6tables -C INPUT -j NHP_BLOCK > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A INPUT -j NHP_BLOCK 2>/dev/null || true
fi
echo "Setting up IPv6 FORWARD chain ..."
# defaultset_v6 -> defaultset_down_v6
ip6tables -C FORWARD -m set --match-set defaultset_v6 src,dst,dst -j SET --add-set defaultset_down_v6 src,dst,dst > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -m set --match-set defaultset_v6 src,dst,dst -j SET --add-set defaultset_down_v6 src,dst,dst 2>/dev/null || true
fi
# defaultset_v6 forward with logging
ip6tables -C FORWARD -m set --match-set defaultset_v6 src,dst,dst -j LOG --log-prefix "[NHP-FORWARD6] " --log-level 6 --log-ip-options > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -m set --match-set defaultset_v6 src,dst,dst -j LOG --log-prefix "[NHP-FORWARD6] " --log-level 6 --log-ip-options 2>/dev/null || true
fi
ip6tables -C FORWARD -m set --match-set defaultset_v6 src,dst,dst -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -m set --match-set defaultset_v6 src,dst,dst -j ACCEPT 2>/dev/null || true
fi
# established connections
ip6tables -C FORWARD -m state --state ESTABLISHED -j ACCEPT > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
fi
# rest of FORWARD
ip6tables -C FORWARD -j NHP_BLOCK > /dev/null 2>&1
if [ $? -ne 0 ]; then
ip6tables -A FORWARD -j NHP_BLOCK 2>/dev/null || true
fi
### IPv6 chain policy ###
ip6tables -P INPUT DROP
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD DROP
echo "Setting IPv6 iptables OK ..."
fi
### iptables kernel logging ###
if [ -d /etc/rsyslog.d ] && [ ! -f /etc/rsyslog.d/10-nhplog.conf ]; then
echo "Setting up rsyslog ..."
mkdir -p logs
chmod -R 777 logs/
echo ":msg,contains,\"[NHP-ACCEPT]\" -$CURRENT_DIR/logs/nhp_accept.log
& stop
:msg,contains,\"[NHP-FORWARD]\" -$CURRENT_DIR/logs/nhp_forward.log
& stop
:msg,contains,\"[NHP-BLOCK]\" -$CURRENT_DIR/logs/nhp_block.log
& stop" > /etc/rsyslog.d/10-nhplog.conf
systemctl restart rsyslog
fi
echo "Setting iptables default OK ..."
echo ""
### EOF ###
================================================
FILE: docker/nhp-ac/etc/config.toml
================================================
# NHP-Agent base config
# field with (-) does not support dynamic update
# PrivateKeyBase64 (-): agent private key in base64 format.
# DefaultCipherScheme: 0: curve25519, 1: gmsm.
# MIGRATION: Values changed in v2.x. If upgrading: old 0(gmsm)->new 1, old 1(curve)->new 0.
# UserId: specify the user id this agent represents.
# OrganizationId: specify the organization id this agent represents.
# LogLevel: 0: silent, 1: error, 2: info, 3: audit, 4: debug, 5: trace.
PrivateKeyBase64 = "hpo6FtdcPir87EV8BYeAINAG7nEDPU2LG/WTRS+bPF4="
ACId = "testAC-1"
DefaultCipherScheme = 1
UserId = "agent-0"
OrganizationId = "opennhp.org"
LogLevel = 4
# UserData: a customized user entry for flexibility.
# Its key-value pairs will be send to server along with knock message.
[UserData]
"ExampleKey0" = "StringValue"
"ExampleKey1" = 1
"ExampleKey2" = true
================================================
FILE: docker/nhp-ac/etc/resource.toml
================================================
# List resources for the agent to knock automatically after launch
# AuthServiceId: id of the authentication and authorization service provider the resource belongs to.
# ResourceId: id of the resource group.
# ServerAddr: the server address that manages this resource group.
[[Resources]]
AuthServiceId = "example"
ResourceId = "demo"
#ServerAddr = "host.docker.internal"
ServerAddr = "177.7.0.9"
================================================
FILE: docker/nhp-ac/etc/server.toml
================================================
# list the server peers for the agent under [[Servers]] table
# Hostname: the domain of the server peer. If specified, it overrides the "Ip" field with its first resolved address.
# Ip: specify the ip address of the server peer
# Port: specify the port number of this server peer is listening
# PubKeyBase64: public key of the server peer in base64 format
# ExpireTime (epoch timestamp in seconds): peer key validation will fail when it expires.
[[Servers]]
#Hostname = "host.docker.internal"
Ip = "177.7.0.9"
Port = 62206
PubKeyBase64 = "4/p0mIknwmVIMocRLQKil7xIthgEdZNncv9UagiBaK2kpcH7i4hEtZjpcHox+Bn7xdV+rBKNbKlV9ye6V1VCLA=="
ExpireTime = 1924991999
================================================
FILE: docker/nhp-ac/traefik/etc/provider.toml
================================================
[http]
[http.routers]
#
# hqdata-opennhp-cn
#
[http.routers.router-hqdata-opennhp-cn]
entryPoints = ["web"]
#rule = "Host(`*`)"
rule = "PathPrefix(`/`)"
service = "service-demo"
#tls = "true"
[http.services]
[http.services.service-demo.loadBalancer]
[[http.services.service-demo.loadBalancer.servers]]
url = "http://web-app:8080"
================================================
FILE: docker/nhp-ac/traefik/etc/traefik.toml
================================================
[entryPoints]
[entryPoints.web]
address = ":80"
[providers.file]
filename = "provider.toml"
[log]
level = "TRACE"
# Js147258!
================================================
FILE: docker/nhp-agent/etc/certs/server.crt
================================================
-----BEGIN CERTIFICATE-----
MIIDKzCCAhMCFCl+W8SPu1590nfwXgANK1STySQ0MA0GCSqGSIb3DQEBCwUAMFIx
CzAJBgNVBAYTAkNOMRMwEQYDVQQIDApaaGFuZ0ppYW5nMQswCQYDVQQHDAJIWjEL
MAkGA1UECgwCWFMxFDASBgNVBAMMC3Rlc3RAeHMuY29tMB4XDTI1MDcxNTA4MDEx
NVoXDTI2MDcxNTA4MDExNVowUjELMAkGA1UEBhMCQ04xEzARBgNVBAgMClpoYW5n
SmlhbmcxCzAJBgNVBAcMAkhaMQswCQYDVQQKDAJYUzEUMBIGA1UEAwwLdGVzdEB4
cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4O/9vxs1dGFKJ
L+IjwrRIOJDHuoEzTtJQ7fsyAoow9siv+qvIXDJ42+ReJiehDcvtpPosyyScD6rx
ihWH2I+9su29iz7qyE2aeEwDWOkrNcMGfInhCDmT9BvfveKIgh2CJeh5MwJ5zqnL
QAs8t+2OHlBwxCfTzPe4CGsGX0Ry0324ysqkybHVG3k7BCEpk4oebvbWw1Wemq5d
1yHFbwJFcAuPSaM/Jqi1QO1breQu7azFBHq3PexReKxeshgOqrYR3vFE2XpYLR5/
d45S5eK5Vk1fT0F/UoFCM9P8HrOhir1Di0pKNbhp1etTz3wHsWBo62wliP+2D/Cy
7ux3TC3pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALWM3eqlFuQzkzF1NIwnCxQ0
RZmXhTtsDnqCwgdTzUT7NyXMiLcDQTQusJAi87L+yc5DMaRqPcr+gCHes8YJQ9Cc
FtqAi15TUiyIdKqt82A6vS5Mr5yHcI3EO4WtAArTj9UUdX4X5unig9KHLb1AyQFk
PJoalnmWy+vnxMBhGemo8ousLZrDOWpPRylW/wnafjvGMxNAF03b32MvtggKKT9m
S0XgmHi7eo/FGYCwKSrgsfAWfitZ/izv4KVw9T4g8m7rSoleTo/0lWKbt1K2U2YR
FoeYltvDOVfgmf1MPlGvyn5llwW4Z1PyR3/mReELJEh79O01KwLc+nJ1oAsbJ8g=
-----END CERTIFICATE-----
================================================
FILE: docker/nhp-agent/etc/certs/server.key
================================================
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD4O/9vxs1dGFKJ
L+IjwrRIOJDHuoEzTtJQ7fsyAoow9siv+qvIXDJ42+ReJiehDcvtpPosyyScD6rx
ihWH2I+9su29iz7qyE2aeEwDWOkrNcMGfInhCDmT9BvfveKIgh2CJeh5MwJ5zqnL
QAs8t+2OHlBwxCfTzPe4CGsGX0Ry0324ysqkybHVG3k7BCEpk4oebvbWw1Wemq5d
1yHFbwJFcAuPSaM/Jqi1QO1breQu7azFBHq3PexReKxeshgOqrYR3vFE2XpYLR5/
d45S5eK5Vk1fT0F/UoFCM9P8HrOhir1Di0pKNbhp1etTz3wHsWBo62wliP+2D/Cy
7ux3TC3pAgMBAAECggEABX3ASA74BoXt93pvcHaTaeCUdVKfHo0xEli9XI0ZVP10
kY4ERE2j0TAeFGYYLNQjDXn/jcOdpvUixS6WjNeB0IK3hyCgLu3o55CfL9jE6a+K
Baf2HdwCeA8nmbK34uir8e/YPWwfMyYa8/PR+9EeyGzLvz7bmbAYT8Ih6fVsDHUt
lNyPNuhi1GigAv3fRyQOSB4MrIrS5NfQzyArL3S/Se/g9PJ4TJFKL+SjlC75Yyt8
mt20wrcBC52tbx6XvKq6JdZAxbi9NAgsq/mcWITdH0j+BAF8NvmNuUiGMs0DnMgJ
D+gLb3SH/kM/BdFNQJZf9n/02wuOtaRhXFQ4WsaEIQKBgQD8KFt0CD8InK5E34z1
uOsSz2REWZ5fYXC4FsOyITtF94j8tATI7CqDXYN31KEhFlQnN4cCb/Y7Vg3dDezl
7vBYtPTBHIxvuN0aioy7nmqueyniZOXpBNmL+ercFXQh2LPri+8sHHwN87Xc2lJ6
oww+ka0Yw0+FKQyT4PYDzNVm0QKBgQD8BFYS2pevqGM930KtW6yV069PA0JJKLAB
UwsU8ccYI35Gd2y3h+ZWT95liLfQRSoup/d3O59+uSjY+Z9M1I3xXyO8DyLOto4B
BEYxHAJ8N8vc1HI5XORI94sOtgZGa4iTqKt23fXNG6D0jMRJxGsdtpcKJVz4jRXn
OUIzwhrLmQKBgQDr/3WAhotAKywrR7Ls85IHe9US53GDQXY2xQ+JMvL/y+oI4Q8t
YWN0qVv3FilsBzLhtWWFkXY6GJNHFdZnaRbHXy1HY8nIcpN1WMDYhC7CeIE940MO
sLxO9quqKeYUG3Zg+QnzFgHBKRxHxIm3P8yg7sS7zWgqb73W1ZBLBDWiUQKBgGca
bwxvmbcnsNJTULgT1VvGquYscyXzG26vRs1ezRE3FCZIHZZIZxfQvS/U6z6tzUAh
P8DsB6iUn/2EwoNwQlIJllkN6DOhxB7uXLkiuHGRcjn6QHDvbAXeIGn4VkDhJZMj
YmLTFAjB0Ou722JClYAmf0yLVKnrLpbWehsqwkOhAoGALAnJKXacPKtWETMh12Ce
ppQOAYvyhYjc7JD2bbOqqy1SrzP7Ikm/DoahTQW3A4jaSboZDYs8gICG5vywVHF2
rOE3n2pb1YM/SkS6CK9n/TdKqlKhl5uzTY11cr2WNV1Dab/Tk89QbYz7gX7c3+X7
oHimTjCCO4pQO36V48Bd6EM=
-----END PRIVATE KEY-----
================================================
FILE: docker/nhp-agent/etc/config.toml
================================================
# NHP-Agent base config
# field with (-) does not support dynamic update
# PrivateKeyBase64 (-): agent private key in base64 format.
# DefaultCipherScheme: 0: curve25519, 1: gmsm.
# MIGRATION: Values changed in v2.x. If upgrading: old 0(gmsm)->new 1, old 1(curve)->new 0.
# UserId: specify the user id this agent represents.
# OrganizationId: specify the organization id this agent represents.
# LogLevel: 0: silent, 1: error, 2: info, 3: audit, 4: debug, 5: trace.
PrivateKeyBase64 = "O2Ytgu7YraFYqq0iS41vhBNhwb1nPVS9kmPzXxLVNo0="
DefaultCipherScheme = 1
UserId = "agent-0"
OrganizationId = "opennhp.org"
LogLevel = 5
# UserData: a customized user entry for flexibility.
# Its key-value pairs will be send to server along with knock message.
[UserData]
"ExampleKey0" = "StringValue"
"ExampleKey1" = 1
"ExampleKey2" = true
================================================
FILE: docker/nhp-agent/etc/dhp.toml
================================================
# Configuration that is related to data object hiding protocol in agent side.
# TEEPrivateKeyBase64: base64 encoded private key of TEE (Trusted Execution Environment).
TEEPrivateKeyBase64 = "j20JfF3rjoRtz2m+KP+agYjDBPdQwC9Dwfcasn83yAQ="
================================================
FILE: docker/nhp-agent/etc/resource.toml
================================================
# List resources for the agent to knock automatically after launch
# AuthServiceId: id of the authentication and authorization service provider the resource belongs to.
# ResourceId: id of the resource group.
# ServerAddr: the server address that manages this resource group.
[[Resources]]
AuthServiceId = "example"
ResourceId = "demo"
ServerHostname = ""
ServerIp = "177.7.0.9"
ServerPort = 62206
================================================
FILE: docker/nhp-agent/etc/server.toml
================================================
# list the server peers for the agent under [[Servers]] table
# Hostname: the domain of the server peer. If specified, it overrides the "Ip" field with its first resolved address.
# Ip: specify the ip address of the server peer
# Port: specify the port number of this server peer is listening
# PubKeyBase64: public key of the server peer in base64 format
# ExpireTime (epoch timestamp in seconds): peer key validation will fail when it expires.
[[Servers]]
Hostname = ""
Ip = "177.7.0.9"
Port = 62206
PubKeyBase64 = "4/p0mIknwmVIMocRLQKil7xIthgEdZNncv9UagiBaK2kpcH7i4hEtZjpcHox+Bn7xdV+rBKNbKlV9ye6V1VCLA=="
ExpireTime = 1924991999
================================================
FILE: docker/nhp-db/demo/metadata.json
================================================
{
"typeIdentifier": "risk involved accounts",
"dataSize": 7311,
"owner": "police@police.com",
"description": "risk involved accounts which are delivered by police.",
"structuredData": true,
"vocabulary": {
"dataType": "csv",
"fields": [
{
"path": "account_id",
"type": "string"
},
{
"path": "id_card",
"type": "string"
},
{
"path": "risk_level",
"type": "string"
},
{
"path": "risk_tags",
"type": "string"
},
{
"path": "valid_from",
"type": "string"
},
{
"path": "valid_to",
"type": "string"
}
]
},
"sample": [
{
"account_id": "1234567890",
"id_card": "1234567890",
"risk_level": "high",
"risk_tags": "high risk",
"valid_from": "2019-01-01",
"valid_to": "2019-01-02"
}
]
}
================================================
FILE: docker/nhp-db/demo/metadata.schema.json
================================================
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "metadata of zero trust data object",
"description": "Schema for metadata describing zero trust data object",
"required": [
"typeIdentifier",
"dataSize",
"owner",
"description",
"structuredData",
"vocabulary",
"sample"
],
"properties": {
"typeIdentifier": {
"type": "string",
"description": "Identifier for the type of data",
"examples": ["risk involved accounts"]
},
"dataSize": {
"type": "integer",
"description": "Size of the data in bytes",
"minimum": 0,
"examples": [7311]
},
"owner": {
"type": "string",
"description": "Email address of the data owner",
"format": "email",
"examples": ["police@police.com"]
},
"description": {
"type": "string",
"description": "Human-readable description of the data",
"examples": ["risk involved accounts which are delivered by police."]
},
"structuredData": {
"type": "boolean",
"description": "Indicates whether the data is structured",
"examples": [true, false]
},
"vocabulary": {
"type": "object",
"description": "Metadata about the data structure and fields",
"required": ["dataType", "fields"],
"properties": {
"dataType": {
"type": "string",
"description": "Format of the data",
"examples": ["csv", "json", "xml"]
},
"fields": {
"type": "array",
"description": "List of fields in the data, each with path and type",
"minItems": 1,
"items": {
"type": "object",
"required": ["path", "type"],
"properties": {
"path": {
"type": "string",
"description": "Name or path of the field",
"examples": ["account_id", "risk_level", "any_other_field"]
},
"type": {
"type": "string",
"description": "Data type of the field",
"examples": ["string", "number", "boolean", "date", "integer"]
}
},
"additionalProperties": true
}
}
},
"additionalProperties": true
},
"sample": {
"type": "array",
"description": "Sample data records matching the field definitions",
"minItems": 1,
"items": {
"type": "object",
"description": "A sample data record",
"additionalProperties": true
}
}
},
"additionalProperties": true
}
================================================
FILE: docker/nhp-db/demo/risk.involved.accounts.csv
================================================
account_id,id_card,risk_level,risk_tags,valid_from,valid_to
6222021101123456789,110101199001011234,L3,"telecom_fraud,cross_border_violation",2023/1/1,2027/3/15
6217001201567890123,120102199102022345,L2,money_laundering,2023/2/15,2027/7/22
6230611301901234567,130103199203033456,L3,terrorism_financing,2023/3/20,2027/1/8
6214881401345678901,140104199304044567,L1,smuggling,2023/4/10,2027/9/14
6225881501789012345,150105199405055678,L2,fraudulent_trading,2023/5/25,2027/11/30
6231001601234567890,160106199506066789,L3,corruption,2023/6/8,2027/5/21
6216991701678901234,170107199607077890,L1,illegal_gambling,2023/7/12,2027/4/5
6229001801012345678,180108199708088901,L2,insider_trading,2023/8/19,2027/8/17
6232001901456789012,190109199809099012,L3,pyramid_scheme,2023/9/5,2027/12/25
6218002001890123456,200110199910100123,L1,embezzlement,2023/10/30,2027/2/9
6223012101234567890,210111200011111234,L2,illegal_fund_raising,2023/11/14,2027/10/3
6233012201678901234,220112200112122345,L3,document_forgery,2023/12/22,2027/6/18
6219012301012345678,230113200201013456,L1,identity_theft,2023/1/18,2027/3/31
6226012401456789012,240114200302024567,L2,cybercrime,2023/2/28,2027/8/23
6234012501890123456,250115200403035678,L3,human_trafficking,2023/3/16,2027/1/27
6220012601234567890,260116200504046789,L1,arms_smuggling,2023/4/30,2027/7/12
6227012701678901234,270117200605057890,L2,drug_trafficking,2023/5/15,2027/11/4
6235012801012345678,280118200706068901,L3,environmental_crime,2023/6/29,2027/5/19
6221012901456789012,290119200807079012,L1,artifacts_smuggling,2023/7/23,2027/9/6
6236013001890123456,300120200908080123,L2,human_organ_trafficking,2023/8/6,2027/4/21
6215013101234567890,310121201009091234,L3,illegal_mining,2023/9/20,2027/12/8
6237013201678901234,320122201110102345,L1,food_safety_violation,2023/10/5,2027/2/23
6224013301012345678,330123201211113456,L2,medical_fraud,2023/11/19,2027/8/15
6238013401456789012,340124201312124567,L3,educational_fraud,2023/12/3,2027/6/30
6213013501890123456,350125201401015678,L1,insurance_fraud,2023/1/27,2027/10/13
6239013601234567890,360126201502026789,L2,real_estate_fraud,2023/2/11,2027/3/7
6240013701678901234,370127201603037890,L3,securities_fraud,2023/3/25,2027/1/20
6212013801012345678,380128201704048901,L1,bank_fraud,2023/4/19,2027/7/5
6241013901456789012,390129201805059012,L2,credit_card_fraud,2023/5/4,2027/11/18
6211014001890123456,400130201906060123,L3,loan_sharking,2023/6/18,2027/5/3
6242014101234567890,410131202007071234,L1,illegal_immigration,2023/7/13,2027/9/27
6210014201678901234,420132202108082345,L2,child_abuse,2023/8/7,2027/4/12
6243014301012345678,430133202209093456,L3,animal_cruelty,2023/9/21,2027/12/16
6209014401456789012,440134202310104567,L1,illegal_logging,2023/10/6,2027/2/28
6244014501890123456,450135202411115678,L2,poaching,2023/11/20,2027/8/22
6208014601234567890,460136202512126789,L3,illegal_fishing,2023/12/4,2027/6/14
6245014701678901234,470137202601017890,L1,data_theft,2023/1/28,2027/10/9
6207014801012345678,480138202702028901,L2,cyber_espionage,2023/2/12,2027/3/19
6246014901456789012,490139202803039012,L3,software_piracy,2023/3/26,2027/1/24
6206015001890123456,500140202904040123,L1,patent_infringement,2023/4/20,2027/7/10
6247015101234567890,510141203005051234,L2,copyright_infringement,2023/5/5,2027/11/2
6205015201678901234,520142203106062345,L3,trademark_infringement,2023/6/19,2027/5/17
6248015301012345678,530143203207073456,L1,industrial_espionage,2023/7/14,2027/9/23
6204015401456789012,540144203308084567,L2,trade_secret_theft,2023/8/8,2027/4/18
6249015501890123456,550145203409095678,L3,price_fixing,2023/9/22,2027/12/12
6203015601234567890,560146203510106789,L1,market_manipulation,2023/10/7,2027/2/24
6250015701678901234,570147203611117890,L2,monopoly,2023/11/21,2027/8/18
6202015801012345678,580148203712128901,L3,anti_competitive_practices,2023/12/5,2027/6/10
6251015901456789012,590149203801019012,L1,unfair_trade_practices,2023/1/29,2027/10/5
6201016001890123456,600150203902020123,L2,consumer_fraud,2023/2/13,2027/3/15
6252016101234567890,610151204003031234,L3,product_liability,2023/3/27,2027/1/30
6200016201678901234,620152204104042345,L1,environmental_liability,2023/4/21,2027/7/16
6253016301012345678,630153204205053456,L2,workplace_safety_violation,2023/5/6,2027/11/8
6299016401456789012,640154204306064567,L3,employment_discrimination,2023/6/20,2027/5/23
6254016501890123456,650155204407075678,L1,sexual_harassment,2023/7/15,2027/9/29
6298016601234567890,660156204508086789,L2,age_discrimination,2023/8/9,2027/4/24
6255016701678901234,670157204609097890,L3,racial_discrimination,2023/9/23,2027/12/18
6297016801012345678,680158204710108901,L1,disability_discrimination,2023/10/8,2027/2/28
6256016901456789012,690159204811119012,L2,gender_discrimination,2023/11/22,2027/8/24
6296017001890123456,700160204912120123,L3,religious_discrimination,2023/12/6,2027/6/16
6257017101234567890,710161205001011234,L1,whistleblower_retaliation,2023/1/30,2027/10/11
6295017201678901234,720162205102022345,L2,emotional_distress,2023/2/14,2027/3/21
6258017301012345678,730163205203033456,L3,defamation,2023/3/28,2027/1/26
6294017401456789012,740164205304044567,L1,libel,2023/4/22,2027/7/22
6259017501890123456,750165205405055678,L2,slander,2023/5/7,2027/11/14
6293017601234567890,760166205506066789,L3,invasion_of_privacy,2023/6/21,2027/5/30
6260017701678901234,770167205607077890,L1,fraudulent_misrepresentation,2023/7/16,2027/9/25
6292017801012345678,780168205708088901,L2,negligence,2023/8/10,2027/4/30
6261017901456789012,790169205809099012,L3,professional_malpractice,2023/9/24,2027/12/24
6291018001890123456,800170205910100123,L1,legal_malpractice,2023/10/9,2027/2/20
6262018101234567890,810171206011111234,L2,medical_malpractice,2023/11/23,2027/8/16
6290018201678901234,820172206112122345,L3,accounting_malpractice,2023/12/7,2027/6/12
6263018301012345678,830173206201013456,L1,engineering_malpractice,2023/1/31,2027/10/7
6289018401456789012,840174206302024567,L2,architectural_malpractice,2023/2/15,2027/3/17
6264018501890123456,850175206403035678,L3,insurance_bad_faith,2023/3/29,2027/1/22
6288018601234567890,860176206504046789,L1,breach_of_contract,2023/4/23,2027/7/18
6265018701678901234,870177206605057890,L2,breach_of_fiduciary_duty,2023/5/8,2027/11/10
6287018801012345678,880178206706068901,L3,conversion,2023/6/22,2027/5/26
6266018901456789012,890179206807079012,L1,extortion,2023/7/17,2027/9/21
6286019001890123456,900180206908080123,L2,blackmail,2023/8/11,2027/4/26
6267019101234567890,910181207009091234,L3,robbery,2023/9/25,2027/12/20
6285019201678901234,920182207110102345,L2,burglary,2023/10/10,2027/2/16
6268019301012345678,930183207211113456,L3,larceny,2023/11/24,2027/8/12
6284019401456789012,940184207312124567,L1,embezzlement,2023/12/8,2027/6/8
6269019501890123456,950185207401015678,L2,receiving_stolen_property,2023/1/26,2027/10/3
6283019601234567890,960186207502026789,L3,arson,2023/2/16,2027/3/13
6270019701678901234,970187207603037890,L1,child_endangerment,2023/3/30,2027/1/18
6282019801012345678,980188207704048901,L2,elder_abuse,2023/4/24,2027/7/14
6271019901456789012,990189207805059012,L3,domestic_violence,2023/5/9,2027/11/6
6281011000189012345,1000190207906060123,L1,stalking,2023/6/23,2027/5/22
================================================
FILE: docker/nhp-db/demo/smart.policy.json
================================================
{
"policy": "file://./allow.policy.wasm",
"embedded": true
}
================================================
FILE: docker/nhp-db/demo/smart.policy.schema.json
================================================
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"title": "Policy Configuration",
"description": "Schema for policy configuration including various protocol references and base64 encoded content",
"required": [
"policy",
"embedded"
],
"properties": {
"policy": {
"type": "string",
"description": "Policy reference which can be a URL (http, https, file) or base64 encoded raw content",
"oneOf": [
{
"description": "HTTP protocol reference",
"pattern": "^http://.*$",
"examples": ["http://example.com/policies/allow.policy.wasm"]
},
{
"description": "HTTPS protocol reference",
"pattern": "^https://.*$",
"examples": ["https://example.com/policies/deny.policy.wasm"]
},
{
"description": "File protocol reference. Relative paths are relative to this JSON configuration file's location.",
"pattern": "^file://.*$",
"examples": [
"file://./allow.policy.wasm",
"file:///absolute/path/to/deny.policy.wasm",
"file://../parentdir/policy.wasm"
]
},
{
"description": "Base64 encoded raw policy content",
"pattern": "^[A-Za-z0-9+/=]+$",
"examples": ["SGVsbG8gV29ybGQhCg=="]
}
]
},
"embedded": {
"type": "boolean",
"description": "Flag indicating whether the policy is embedded",
"examples": [true, false]
}
},
"additionalProperties": false
}
================================================
FILE: docker/nhp-db/etc/config.toml
================================================
# NHP-Db base config
# field with (-) does not support dynamic update
# PrivateKeyBase64 (-): db private key in base64 format.
# SymmetricCipherMode: default mode is AES-256-GCM-128, supported modes:
# AES-256-GCM-64, AES-256-GCM-96, AES-256-GCM-104, AES-256-GCM-112, AES-256-GCM-120, AES-256-GCM-128, SM4-GCM-64, SM4-GCM-128.
# UserId: specify the user id this agent represents.
# OrganizationId: specify the organization id this agent represents.
# LogLevel: 0: silent, 1: error, 2: info, 3: audit, 4: debug, 5: trace.
PrivateKeyBase64 = "WAb4iFVXHnF5yMpacue1HKTa6nyOebx7BPNn++0ix1c="
DefaultCipherScheme = 0
SymmetricCipherMode = "AES-256-GCM-128"
DbId = "device-0"
OrganizationId = "opennhp.org"
LogLevel = 4
# UserData: a customized user entry for flexibility.
# Its key-value pairs will be send to server along with knock message.
[UserData]
================================================
FILE: docker/nhp-db/etc/server.toml
================================================
# list the server peers for the device under [[Servers]] table
# Hostname: the domain of the server peer. If specified, it overrides the "Ip" field with its first resolved address.
# Ip: specify the ip address of the server peer
# Port: specify the port number of this server peer is listening
# PubKeyBase64: public key of the server peer in base64 format
# ExpireTime (epoch timestamp in seconds): peer key validation will fail when it expires.
[[Servers]]
Hostname = ""
Ip = "177.7.0.9"
Port = 62206
PubKeyBase64 = "4/p0mIknwmVIMocRLQKil7xIthgEdZNncv9UagiBaK2kpcH7i4hEtZjpcHox+Bn7xdV+rBKNbKlV9ye6V1VCLA=="
ExpireTime = 1924991999
================================================
FILE: docker/nhp-db/etc/tee.toml
================================================
# Configuration for trusted execution environment.
# TEEPublicKeyBase64: base64 encoded public key of TEE (Trusted Execution Environment).
[[TEEs]]
TEEPublicKeyBase64 = "Jxg2hkMuHSr0Lw5DMKtm2PE9skt/VD53bWxlmnn8XI7J+30A2zxTAyVSoMwt5YveD5sQOFRXyTI/ihbMriyBpw=="
ExpireTime = 1924991999
================================================
FILE: docker/nhp-enter-nginx.conf
================================================
#user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
server {
listen 80;
server_name loginlocal.opennhp.org localhost;
location / {
proxy_pass http://nhp-server:62206;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
# #gzip on;
# server {
# listen 443 ssl;
# server_name _;
# ssl_certificate /cert.pem;
# ssl_certificate_key /key.pem;
# location / {
# proxy_pass http://nhp-server:62206;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# }
# }
server {
listen 443 ssl;
server_name loginlocal.opennhp.org localhost;
ssl_certificate /cert.pem;
ssl_certificate_key /key.pem;
location / {
proxy_pass http://nhp-ac;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
================================================
FILE: docker/nhp-server/etc/ac.toml
================================================
# list the AC peers for the server under [[ACs]] table
# PubKeyBase64: public key for the AC in base64 format.
# ExpireTime (epoch timestamp in seconds): peer key validation will fail when it expires.
[[ACs]]
PubKeyBase64 = "tovd99hsYLjjvRjig95bZa+PSh8CZQKzbbKHH74+oiIEOBEjslZ7WzjCOYzd4TJNgYO8TOZYc0w0sxhz0I9J5w=="
ExpireTime = 1924991999
================================================
FILE: docker/nhp-server/etc/agent.toml
================================================
# list the agent peers for the server under [[Agents]] table
# PubKeyBase64: public key for the agent in base64 format.
# ExpireTime (epoch timestamp in seconds): peer key validation will fail when it expires.
[[Agents]]
PubKeyBase64 = "hdDrqJl0lAPNn7o/+MaZhfPOaAMjveLUsSPEq7ax4IVpsbjxb
gitextract_9zkaptpu/
├── CHANGELOG.md
├── CLAUDE.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── README.de.md
├── README.es.md
├── README.fr.md
├── README.ja.md
├── README.md
├── README.zh-cn.md
├── SECURITY.md
├── build.bat
├── codecov.yml
├── docker/
│ ├── Dockerfile.ac
│ ├── Dockerfile.agent
│ ├── Dockerfile.app
│ ├── Dockerfile.base
│ ├── Dockerfile.server
│ ├── certs/
│ │ ├── server.crt
│ │ └── server.key
│ ├── docker-compose.dhp.yaml
│ ├── docker-compose.yaml
│ ├── iptables_defaults_ubuntu.sh
│ ├── iptables_defaults_x86.sh
│ ├── nhp-ac/
│ │ ├── etc/
│ │ │ ├── config.toml
│ │ │ ├── resource.toml
│ │ │ └── server.toml
│ │ └── traefik/
│ │ └── etc/
│ │ ├── provider.toml
│ │ └── traefik.toml
│ ├── nhp-agent/
│ │ └── etc/
│ │ ├── certs/
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── config.toml
│ │ ├── dhp.toml
│ │ ├── resource.toml
│ │ └── server.toml
│ ├── nhp-db/
│ │ ├── demo/
│ │ │ ├── allow.policy.wasm
│ │ │ ├── metadata.json
│ │ │ ├── metadata.schema.json
│ │ │ ├── risk.involved.accounts.csv
│ │ │ ├── smart.policy.json
│ │ │ └── smart.policy.schema.json
│ │ └── etc/
│ │ ├── config.toml
│ │ ├── server.toml
│ │ └── tee.toml
│ ├── nhp-enter-nginx.conf
│ ├── nhp-server/
│ │ ├── etc/
│ │ │ ├── ac.toml
│ │ │ ├── agent.toml
│ │ │ ├── config.toml
│ │ │ ├── db.toml
│ │ │ ├── http.toml
│ │ │ ├── resource.toml
│ │ │ ├── srcip.toml
│ │ │ └── tee.toml
│ │ ├── plugins/
│ │ │ └── example/
│ │ │ └── etc/
│ │ │ ├── config.toml
│ │ │ └── resource.toml
│ │ └── templates/
│ │ └── example/
│ │ ├── example_acdemo.html
│ │ └── example_login.html
│ ├── quick_start.sh
│ └── web-app/
│ ├── entrypoint.sh
│ ├── go.mod
│ └── main.go
├── docs/
│ ├── 404.html
│ ├── CNAME
│ ├── Gemfile
│ ├── README.md
│ ├── _config.yml
│ ├── about.md
│ ├── agent_sdk.md
│ ├── build.md
│ ├── code.md
│ ├── comparison.md
│ ├── cryptography.md
│ ├── deploy.md
│ ├── dhp_quick_start.md
│ ├── features.md
│ ├── index.md
│ ├── logo_openNHP.xd
│ ├── nhp_quick_start.md
│ ├── server_plugin.md
│ └── zh-cn/
│ ├── about.zh-cn.md
│ ├── agent_sdk.zh-cn.md
│ ├── build.zh-cn.md
│ ├── code.zh-cn.md
│ ├── comparison.zh-cn.md
│ ├── cryptography.zh-cn.md
│ ├── deploy.zh-cn.md
│ ├── dhp_quick_start.zh-cn.md
│ ├── features.zh-cn.md
│ ├── index.zh-cn.md
│ ├── nhp_quick_start.zh-cn.md
│ ├── overview.zh-cn.md
│ ├── remo_config.zh-cn.md
│ └── server_plugin.zh-cn.md
├── endpoints/
│ ├── ac/
│ │ ├── config.go
│ │ ├── constants.go
│ │ ├── ebpf/
│ │ │ ├── ebpf_other.go
│ │ │ └── ebpfegine.go
│ │ ├── httpac.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ ├── config.toml
│ │ │ │ ├── http.toml
│ │ │ │ ├── nhp_ebpf_xdp.o
│ │ │ │ ├── remote.toml
│ │ │ │ └── server.toml
│ │ │ └── main.go
│ │ ├── msghandler.go
│ │ ├── tokenstore.go
│ │ └── udpac.go
│ ├── agent/
│ │ ├── config.go
│ │ ├── constants.go
│ │ ├── iossdk/
│ │ │ └── export.go
│ │ ├── knock.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ ├── certs/
│ │ │ │ │ ├── server.crt
│ │ │ │ │ └── server.key
│ │ │ │ ├── config.toml
│ │ │ │ ├── dhp.toml
│ │ │ │ ├── resource.toml
│ │ │ │ └── server.toml
│ │ │ ├── export.go
│ │ │ └── main.go
│ │ ├── msghandler.go
│ │ ├── request.go
│ │ ├── service.go
│ │ ├── ta.go
│ │ └── udpagent.go
│ ├── db/
│ │ ├── config.go
│ │ ├── constants.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ ├── config.toml
│ │ │ │ ├── server.toml
│ │ │ │ └── tee.toml
│ │ │ └── main.go
│ │ ├── udpdevice.go
│ │ └── utils.go
│ ├── go.mod
│ ├── go.sum
│ ├── kgc/
│ │ ├── curve/
│ │ │ └── curve.go
│ │ ├── kgc.go
│ │ ├── kgc_test.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ └── config.toml
│ │ │ └── main.go
│ │ ├── user/
│ │ │ └── user.go
│ │ └── utils.go
│ ├── relay/
│ │ └── tcprelay.go
│ ├── server/
│ │ ├── config.go
│ │ ├── constants.go
│ │ ├── httpauth.go
│ │ ├── httpserver.go
│ │ ├── httpstorage.go
│ │ ├── kbs/
│ │ │ ├── attest/
│ │ │ │ └── attest.go
│ │ │ ├── auth/
│ │ │ │ └── auth.go
│ │ │ ├── error/
│ │ │ │ └── error.go
│ │ │ └── resource/
│ │ │ └── resource.go
│ │ ├── kbs.go
│ │ ├── main/
│ │ │ ├── etc/
│ │ │ │ ├── ac.toml
│ │ │ │ ├── agent.toml
│ │ │ │ ├── config.toml
│ │ │ │ ├── db.toml
│ │ │ │ ├── http.toml
│ │ │ │ ├── remote.toml.example
│ │ │ │ ├── resource.toml
│ │ │ │ ├── srcip.toml
│ │ │ │ └── tee.toml
│ │ │ └── main.go
│ │ ├── msghandler.go
│ │ ├── nhpauth.go
│ │ ├── tokenstore.go
│ │ ├── udpserver.go
│ │ └── webrtcserver.go
│ └── test/
│ ├── gin_test.go
│ ├── json_test.go
│ └── toml_test.go
├── examples/
│ ├── client_sdk/
│ │ ├── android/
│ │ │ ├── java/
│ │ │ │ ├── MainActivity.java
│ │ │ │ └── OpennhpLibrary.java
│ │ │ └── kotlin/
│ │ │ └── MainActivity.kt
│ │ ├── desktop/
│ │ │ ├── c/
│ │ │ │ └── nhp-agent-demo.c
│ │ │ ├── java/
│ │ │ │ ├── App.java
│ │ │ │ └── OpennhpLibrary.java
│ │ │ └── python/
│ │ │ └── nhp-agent-demo.py
│ │ └── ios/
│ │ ├── objectivec/
│ │ │ ├── FileCopyManager.h
│ │ │ ├── FileCopyManager.m
│ │ │ └── ViewController.m
│ │ └── swift/
│ │ ├── FileCopyManager.swift
│ │ └── ViewController.swift
│ └── server_plugin/
│ ├── authenticator/
│ │ ├── Makefile
│ │ ├── etc/
│ │ │ ├── config.toml
│ │ │ └── resource.toml
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── main.go
│ │ ├── qrauth.go
│ │ └── templates/
│ │ ├── authenticator_acdemo.html
│ │ └── authenticator_login.html
│ ├── basic/
│ │ ├── Makefile
│ │ ├── etc/
│ │ │ ├── config.toml
│ │ │ └── resource.toml
│ │ ├── go.mod
│ │ ├── go.sum
│ │ ├── main.go
│ │ └── templates/
│ │ ├── example_acdemo.html
│ │ └── example_login.html
│ └── oidc/
│ ├── Makefile
│ ├── auth.go
│ ├── etc/
│ │ ├── config.toml
│ │ └── resource.toml
│ ├── go.mod
│ ├── go.sum
│ ├── main.go
│ └── templates/
│ └── auth0home.html
└── nhp/
├── common/
│ ├── constants.go
│ ├── errors.go
│ ├── global.go
│ ├── nhpmsg.go
│ ├── packet.go
│ ├── tokenstore.go
│ └── types.go
├── core/
│ ├── benchmark/
│ │ ├── ecc_rsa_test.go
│ │ └── rsa_utils.go
│ ├── constants.go
│ ├── crypto.go
│ ├── device.go
│ ├── errors.go
│ ├── initiator.go
│ ├── kdf.go
│ ├── main/
│ │ ├── main.go
│ │ ├── nhpdevice.go
│ │ └── nhpdevicedef.h
│ ├── packet.go
│ ├── peer.go
│ ├── responder.go
│ ├── scheme/
│ │ ├── curve/
│ │ │ ├── curve.go
│ │ │ ├── header.go
│ │ │ └── responder.go
│ │ └── gmsm/
│ │ ├── gmsm.go
│ │ ├── header.go
│ │ └── responder.go
│ ├── tcpconn.go
│ ├── transaction.go
│ ├── udpconn.go
│ ├── verifier/
│ │ ├── csv/
│ │ │ └── csv.go
│ │ └── verifier.go
│ ├── wasm/
│ │ ├── engine/
│ │ │ ├── engine.go
│ │ │ ├── host.go
│ │ │ └── host_test.go
│ │ └── policy/
│ │ ├── host.go
│ │ ├── impl/
│ │ │ └── policy.go
│ │ ├── interface.go
│ │ ├── main/
│ │ │ └── main.go
│ │ └── memory/
│ │ └── memory.go
│ └── ztdo/
│ ├── noise.go
│ ├── ztdo.go
│ └── ztdo_test.go
├── ebpf/
│ └── xdp/
│ ├── nhp_ebpf_xdp.c
│ ├── tc_egress.c
│ └── vmlinux.h
├── etcd/
│ └── etcdconn.go
├── go.mod
├── go.sum
├── log/
│ ├── globalLog.go
│ └── logger.go
├── plugins/
│ └── serverpluginhandler.go
├── test/
│ ├── api_test.go
│ ├── conn_test.go
│ ├── ecdh_test.go
│ ├── ecdsa_test.go
│ ├── fuzz_json_test.go
│ ├── fuzz_test.go
│ ├── iputils_test.go
│ ├── ipv6_support_test.go
│ ├── log_test.go
│ ├── packet_test.go
│ ├── pkcs7_test.go
│ ├── tokenstore_test.go
│ └── utils_test.go
├── utils/
│ ├── cache.go
│ ├── cmd.go
│ ├── compress.go
│ ├── constant.go
│ ├── crypto.go
│ ├── crypto_test.go
│ ├── ebpf/
│ │ ├── ebpf.go
│ │ ├── ebpf_linux.go
│ │ └── ebpf_other.go
│ ├── encoding.go
│ ├── file.go
│ ├── host.go
│ ├── iptables.go
│ ├── iputils.go
│ ├── parser.go
│ ├── request.go
│ ├── utils.go
│ ├── uuid.go
│ └── waitpool.go
└── version/
├── VERSION
└── version.go
Showing preview only (1,289K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (19336 symbols across 138 files)
FILE: docker/web-app/main.go
function main (line 5) | func main() {
FILE: endpoints/ac/config.go
constant FilterMode_IPTABLES (line 29) | FilterMode_IPTABLES = iota
constant FilterMode_EBPFXDP (line 30) | FilterMode_EBPFXDP
type ACEtcdConfig (line 33) | type ACEtcdConfig struct
type Config (line 39) | type Config struct
type RemoteConfig (line 52) | type RemoteConfig struct
type HttpConfig (line 60) | type HttpConfig struct
type Peers (line 68) | type Peers struct
method loadBaseConfig (line 72) | func (a *UdpAC) loadBaseConfig() error {
method loadHttpConfig (line 101) | func (a *UdpAC) loadHttpConfig() error {
method loadPeers (line 129) | func (a *UdpAC) loadPeers() error {
method updateBaseConfig (line 159) | func (a *UdpAC) updateBaseConfig(conf Config) (err error) {
method updateHttpConfig (line 195) | func (a *UdpAC) updateHttpConfig(httpConf HttpConfig) (err error) {
method updateServerPeers (line 227) | func (a *UdpAC) updateServerPeers(peers []*core.UdpPeer) (err error) {
method loadConfigFile (line 252) | func (a *UdpAC) loadConfigFile(file string) (content []byte, err error) {
method initRemoteConn (line 262) | func (a *UdpAC) initRemoteConn() error {
method loadRemoteConfig (line 310) | func (a *UdpAC) loadRemoteConfig() error {
method loadRemoteBaseConfig (line 329) | func (a *UdpAC) loadRemoteBaseConfig() error {
method updateEtcdConfig (line 344) | func (a *UdpAC) updateEtcdConfig(content []byte, baseLoad bool) (err err...
method IpPassMode (line 360) | func (a *UdpAC) IpPassMode() int {
method StopConfigWatch (line 364) | func (a *UdpAC) StopConfigWatch() {
FILE: endpoints/ac/constants.go
constant MaxConcurrentConnection (line 6) | MaxConcurrentConnection = 256
constant DefaultConnectionTimeoutMs (line 7) | DefaultConnectionTimeoutMs = common.ServerSideConnectionTimeoutMs
constant PacketQueueSizePerConnection (line 8) | PacketQueueSizePerConnection = 256
constant ReportToServerInterval (line 10) | ReportToServerInterval = common.ReportToServerInterval
constant MinialServerDiscoveryInterval (line 11) | MinialServerDiscoveryInterval = common.MinimalServerDiscoveryInterval
constant ServerKeepaliveInterval (line 12) | ServerKeepaliveInterval = common.ServerKeepaliveInterval
constant ServerDiscoveryRetryBeforeFail (line 13) | ServerDiscoveryRetryBeforeFail = common.ServerDiscoveryRetryBeforeFail
constant TokenStoreRefreshInterval (line 15) | TokenStoreRefreshInterval = common.TokenStoreRefreshInterval
constant TempPortOpenTime (line 16) | TempPortOpenTime = 30
constant IPSET_DEFAULT_NAME (line 18) | IPSET_DEFAULT_NAME = "defaultset"
constant IPSET_DEFAULT_DOWN_NAME (line 19) | IPSET_DEFAULT_DOWN_NAME = "defaultset_down"
FILE: endpoints/ac/ebpf/ebpf_other.go
function EbpfEngineLoad (line 19) | func EbpfEngineLoad(dirPath string, logLevel int, acId string) error {
function CleanupBPFFiles (line 25) | func CleanupBPFFiles() {
FILE: endpoints/ac/ebpf/ebpfegine.go
type bpfObjects (line 28) | type bpfObjects struct
type tcBpfObjects (line 40) | type tcBpfObjects struct
type Event (line 50) | type Event struct
function init (line 65) | func init() {
function EbpfEngineLoad (line 76) | func EbpfEngineLoad(dirPath string, logLevel int, acId string) error {
function uint32ToIPv4 (line 259) | func uint32ToIPv4(ip uint32) string {
function ipUint32ToString (line 267) | func ipUint32ToString(ip uint32) string {
function getDefaultRouteInterface (line 275) | func getDefaultRouteInterface() (string, error) {
function CleanupBPFFiles (line 294) | func CleanupBPFFiles() {
function protoToString (line 326) | func protoToString(proto uint8) string {
FILE: endpoints/ac/httpac.go
type HttpAC (line 21) | type HttpAC struct
method Start (line 38) | func (hs *HttpAC) Start(uac *UdpAC, hc *HttpConfig) error {
method Stop (line 112) | func (hs *HttpAC) Stop() {
method IsRunning (line 131) | func (hs *HttpAC) IsRunning() bool {
method initRouter (line 136) | func (ha *HttpAC) initRouter() {
method HandleHttpRefreshOperations (line 168) | func (ha *HttpAC) HandleHttpRefreshOperations(c *gin.Context, req *com...
FILE: endpoints/ac/main/main.go
constant colorReset (line 23) | colorReset = "\033[0m"
constant colorCyan (line 24) | colorCyan = "\033[36m"
constant colorGreen (line 25) | colorGreen = "\033[32m"
constant colorYellow (line 26) | colorYellow = "\033[33m"
constant colorBlue (line 27) | colorBlue = "\033[34m"
constant colorPurple (line 28) | colorPurple = "\033[35m"
constant colorBold (line 29) | colorBold = "\033[1m"
constant colorDim (line 30) | colorDim = "\033[2m"
function main (line 33) | func main() {
function printBanner (line 87) | func printBanner() {
function getFilterModeName (line 106) | func getFilterModeName(mode int) string {
function printACInfo (line 117) | func printACInfo(cfg *ac.Config) {
function runApp (line 145) | func runApp() error {
FILE: endpoints/ac/msghandler.go
constant PASS_KNOCK_IP (line 20) | PASS_KNOCK_IP = iota
constant PASS_KNOCKIP_WITH_RANGE (line 21) | PASS_KNOCKIP_WITH_RANGE
constant PASS_PRE_ACCESS_IP (line 22) | PASS_PRE_ACCESS_IP
method HandleUdpACOperations (line 25) | func (a *UdpAC) HandleUdpACOperations(ppd *core.PacketParserData) (err e...
method HandleAccessControl (line 89) | func (a *UdpAC) HandleAccessControl(au *common.AgentUser, srcAddrs []*co...
method tcpTempAccessHandler (line 612) | func (a *UdpAC) tcpTempAccessHandler(listener *net.TCPListener, timeoutS...
method udpTempAccessHandler (line 746) | func (a *UdpAC) udpTempAccessHandler(conn *net.UDPConn, timeoutSec int, ...
method tempConnTerminator (line 910) | func (a *UdpAC) tempConnTerminator(conn net.Conn, ctx context.Context) {
function incrementIP (line 921) | func incrementIP(ip net.IP) {
FILE: endpoints/ac/tokenstore.go
type AccessEntry (line 14) | type AccessEntry struct
method GetExpireTime (line 23) | func (e *AccessEntry) GetExpireTime() time.Time {
method GenerateAccessToken (line 29) | func (a *UdpAC) GenerateAccessToken(entry *AccessEntry) string {
method VerifyAccessToken (line 50) | func (a *UdpAC) VerifyAccessToken(token string) *AccessEntry {
FILE: endpoints/ac/udpac.go
type UdpAC (line 28) | type UdpAC struct
method Start (line 84) | func (a *UdpAC) Start(dirPath string, logLevel int) (err error) {
method Stop (line 194) | func (ac *UdpAC) Stop() {
method IsRunning (line 218) | func (a *UdpAC) IsRunning() bool {
method newConnection (line 222) | func (a *UdpAC) newConnection(addr *net.UDPAddr) (conn *UdpConn) {
method sendMessageRoutine (line 263) | func (a *UdpAC) sendMessageRoutine() {
method SendPacket (line 314) | func (a *UdpAC) SendPacket(pkt *core.Packet, conn *UdpConn) (n int, er...
method recvPacketRoutine (line 331) | func (a *UdpAC) recvPacketRoutine(conn *UdpConn) {
method connectionRoutine (line 390) | func (a *UdpAC) connectionRoutine(conn *UdpConn) {
method recvMessageRoutine (line 472) | func (a *UdpAC) recvMessageRoutine() {
method maintainServerConnectionRoutine (line 504) | func (a *UdpAC) maintainServerConnectionRoutine() {
method serverDiscovery (line 586) | func (a *UdpAC) serverDiscovery(server *core.UdpPeer, discoveryRoutine...
method AddServerPeer (line 745) | func (a *UdpAC) AddServerPeer(server *core.UdpPeer) {
method RemoveServerPeer (line 760) | func (a *UdpAC) RemoveServerPeer(serverKey string) {
method GetConfig (line 775) | func (a *UdpAC) GetConfig() *Config {
type UdpConn (line 66) | type UdpConn struct
method Close (line 73) | func (c *UdpConn) Close() {
FILE: endpoints/agent/config.go
type Config (line 29) | type Config struct
method GetAgentEcdh (line 41) | func (c *Config) GetAgentEcdh() core.Ecdh {
method GetTeeEcdh (line 50) | func (c *Config) GetTeeEcdh() core.Ecdh {
method GetEccType (line 59) | func (c *Config) GetEccType() core.EccTypeEnum {
type DHPConfig (line 37) | type DHPConfig struct
type Peers (line 67) | type Peers struct
type Resources (line 71) | type Resources struct
method loadBaseConfig (line 75) | func (a *UdpAgent) loadBaseConfig() error {
method loadDHPConfig (line 90) | func (a *UdpAgent) loadDHPConfig() error {
method loadPeers (line 106) | func (a *UdpAgent) loadPeers() error {
method loadResources (line 122) | func (a *UdpAgent) loadResources() error {
method updateBaseConfig (line 138) | func (a *UdpAgent) updateBaseConfig(file string) (err error) {
method updateDHPConfig (line 182) | func (a *UdpAgent) updateDHPConfig(file string) (err error) {
method updateServerPeers (line 205) | func (a *UdpAgent) updateServerPeers(file string) (err error) {
method updateResources (line 240) | func (a *UdpAgent) updateResources(file string) (err error) {
method StopConfigWatch (line 285) | func (a *UdpAgent) StopConfigWatch() {
method NewEcdhFromConfigFile (line 300) | func (a *UdpAgent) NewEcdhFromConfigFile() (core.Ecdh, error) {
method RotateTeeKey (line 316) | func (a *UdpAgent) RotateTeeKey() error {
method RotateAgentKey (line 331) | func (a *UdpAgent) RotateAgentKey() error {
method InitializeSecret (line 346) | func (a *UdpAgent) InitializeSecret() error {
FILE: endpoints/agent/constants.go
constant MaxConcurrentConnection (line 6) | MaxConcurrentConnection = 256
constant DefaultConnectionTimeoutMs (line 7) | DefaultConnectionTimeoutMs = common.ClientSideConnectionTimeoutMs
constant PacketQueueSizePerConnection (line 8) | PacketQueueSizePerConnection = 64
FILE: endpoints/agent/iossdk/export.go
function NhpAgentInit (line 30) | func NhpAgentInit(workingDir string, logLevel int) bool {
function NhpAgentClose (line 45) | func NhpAgentClose() {
function NhpAgentKnockloopStart (line 67) | func NhpAgentKnockloopStart() int {
function NhpAgentKnockloopStop (line 77) | func NhpAgentKnockloopStop() {
function NhpAgentSetKnockUser (line 95) | func NhpAgentSetKnockUser(userId string, devId string, orgId string, use...
function NhpAgentAddServer (line 124) | func NhpAgentAddServer(pubkey string, ip string, host string, port int, ...
function NhpAgentRemoveServer (line 154) | func NhpAgentRemoveServer(pubkey string) {
function NhpAgentAddResource (line 177) | func NhpAgentAddResource(aspId string, resId string, serverIp string, se...
function NhpAgentRemoveResource (line 202) | func NhpAgentRemoveResource(aspId string, resId string) {
function NhpAgentKnockResource (line 237) | func NhpAgentKnockResource(aspId string, resId string, serverIp string, ...
function NhpAgentExitResource (line 294) | func NhpAgentExitResource(aspId string, resId string, serverIp string, s...
function NhpGenerateKeys (line 345) | func NhpGenerateKeys(cipherType int) string {
function NhpPrivkeyToPubkey (line 369) | func NhpPrivkeyToPubkey(cipherType int, privateBase64 string) string {
FILE: endpoints/agent/knock.go
method Knock (line 16) | func (a *UdpAgent) Knock(res *KnockTarget) (ackMsg *common.ServerKnockAc...
method knockRequest (line 55) | func (a *UdpAgent) knockRequest(res *KnockTarget, useCookie bool) (ackMs...
method ExitKnockRequest (line 154) | func (a *UdpAgent) ExitKnockRequest(res *KnockTarget) (ackMsg *common.Se...
method preAccessRequest (line 251) | func (a *UdpAgent) preAccessRequest(ackMsg *common.ServerKnockAckMsg) (e...
method processPreAccessAction (line 274) | func (a *UdpAgent) processPreAccessAction(info *common.PreAccessInfo) er...
method KnockDHP (line 385) | func (a *UdpAgent) KnockDHP() (ackMsg *common.ServerDHPKnockAckMsg, err ...
FILE: endpoints/agent/main/export.go
function deepCopyCString (line 24) | func deepCopyCString(c_str *C.char) string {
function nhp_free_cstring (line 35) | func nhp_free_cstring(ptr *C.char) {
function nhp_agent_init (line 51) | func nhp_agent_init(workingDir *C.char, logLevel C.int) bool {
function nhp_agent_close (line 68) | func nhp_agent_close() {
function nhp_agent_knockloop_start (line 90) | func nhp_agent_knockloop_start() C.int {
function nhp_agent_knockloop_stop (line 102) | func nhp_agent_knockloop_stop() {
function nhp_agent_set_knock_user (line 122) | func nhp_agent_set_knock_user(userId *C.char, devId *C.char, orgId *C.ch...
function nhp_agent_add_server (line 154) | func nhp_agent_add_server(pubkey *C.char, ip *C.char, host *C.char, port...
function nhp_agent_remove_server (line 186) | func nhp_agent_remove_server(pubkey *C.char) {
function nhp_agent_add_resource (line 211) | func nhp_agent_add_resource(aspId *C.char, resId *C.char, serverIp *C.ch...
function nhp_agent_remove_resource (line 238) | func nhp_agent_remove_resource(aspId *C.char, resId *C.char) {
function nhp_agent_knock_resource (line 275) | func nhp_agent_knock_resource(aspId *C.char, resId *C.char, serverIp *C....
function nhp_agent_exit_resource (line 335) | func nhp_agent_exit_resource(aspId *C.char, resId *C.char, serverIp *C.c...
function nhp_generate_keys (line 386) | func nhp_generate_keys(cipherType C.int) *C.char {
function nhp_privkey_to_pubkey (line 411) | func nhp_privkey_to_pubkey(cipherType C.int, privateBase64 *C.char) *C.c...
FILE: endpoints/agent/main/main.go
constant colorReset (line 24) | colorReset = "\033[0m"
constant colorCyan (line 25) | colorCyan = "\033[36m"
constant colorGreen (line 26) | colorGreen = "\033[32m"
constant colorYellow (line 27) | colorYellow = "\033[33m"
constant colorBlue (line 28) | colorBlue = "\033[34m"
constant colorPurple (line 29) | colorPurple = "\033[35m"
constant colorBold (line 30) | colorBold = "\033[1m"
constant colorDim (line 31) | colorDim = "\033[2m"
function main (line 34) | func main() {
function printBanner (line 143) | func printBanner() {
function printAgentInfo (line 162) | func printAgentInfo() {
function runApp (line 187) | func runApp() error {
function printDHPAgentInfo (line 223) | func printDHPAgentInfo() {
function runDHPApp (line 248) | func runDHPApp() error {
FILE: endpoints/agent/msghandler.go
method HandleCookieMessage (line 12) | func (a *UdpAgent) HandleCookieMessage(ppd *core.PacketParserData) bool {
FILE: endpoints/agent/request.go
method RequestOtp (line 14) | func (a *UdpAgent) RequestOtp(target *KnockTarget) error {
method RegisterPublicKey (line 60) | func (a *UdpAgent) RegisterPublicKey(otp string, target *KnockTarget) (r...
method ListResource (line 138) | func (a *UdpAgent) ListResource(target *KnockTarget) (lrtMsg *common.Ser...
FILE: endpoints/agent/service.go
method CheckAgentSafeOrNot (line 31) | func (a *UdpAgent) CheckAgentSafeOrNot(targetPaths ...string) gin.Handle...
method CreateDHPWebConsole (line 46) | func (a *UdpAgent) CreateDHPWebConsole() {
method registerTAService (line 102) | func (a *UdpAgent) registerTAService(c *gin.Context) {
method addTARoute (line 187) | func (a *UdpAgent) addTARoute(ta *TrustedApplication) {
method callFunction (line 201) | func (a *UdpAgent) callFunction(c *gin.Context) {
method getAgentPublicKey (line 231) | func (a *UdpAgent) getAgentPublicKey(c *gin.Context) {
method getTeePublicKey (line 235) | func (a *UdpAgent) getTeePublicKey(c *gin.Context) {
method configServer (line 239) | func (a *UdpAgent) configServer(c *gin.Context) {
method getServerConfig (line 265) | func (a *UdpAgent) getServerConfig(c *gin.Context) {
method restartAgent (line 284) | func (a *UdpAgent) restartAgent(c *gin.Context) {
method getTeeStatus (line 293) | func (a *UdpAgent) getTeeStatus(c *gin.Context) {
method getTeeAttestation (line 302) | func (a *UdpAgent) getTeeAttestation(c *gin.Context) {
method rotateAgentKey (line 324) | func (a *UdpAgent) rotateAgentKey(c *gin.Context) {
method rotateTeeKey (line 338) | func (a *UdpAgent) rotateTeeKey(c *gin.Context) {
FILE: endpoints/agent/ta.go
type TAFunctionParam (line 21) | type TAFunctionParam struct
type TAFunction (line 27) | type TAFunction struct
type TrustedApplication (line 34) | type TrustedApplication struct
method GetSupportedFunctions (line 143) | func (ta *TrustedApplication) GetSupportedFunctions() []TAFunction {
method CallFunction (line 147) | func (ta *TrustedApplication) CallFunction(function string, params map...
function NewTrustApplication (line 42) | func NewTrustApplication(tadId string, language string, entry string) (*...
function GetTrustedApplication (line 132) | func GetTrustedApplication(trustedAppUuid string) (*TrustedApplication, ...
FILE: endpoints/agent/udpagent.go
type KnockUser (line 28) | type KnockUser struct
type KnockResource (line 34) | type KnockResource struct
method Id (line 42) | func (res *KnockResource) Id() string {
method ServerHost (line 46) | func (res *KnockResource) ServerHost() string {
type KnockTarget (line 57) | type KnockTarget struct
method SetResource (line 64) | func (kt *KnockTarget) SetResource(res *KnockResource) {
method SetServerPeer (line 71) | func (kt *KnockTarget) SetServerPeer(peer *core.UdpPeer) {
method GetServerPeer (line 78) | func (kt *KnockTarget) GetServerPeer() *core.UdpPeer {
type UdpAgent (line 85) | type UdpAgent struct
method Start (line 148) | func (a *UdpAgent) Start(dirPath string, logLevel int) (err error) {
method RestartAgent (line 220) | func (a *UdpAgent) RestartAgent() error {
method StartKnockLoop (line 232) | func (a *UdpAgent) StartKnockLoop() int {
method StartDHPKnockLoop (line 243) | func (a *UdpAgent) StartDHPKnockLoop() {
method StopKnockLoop (line 248) | func (a *UdpAgent) StopKnockLoop() {
method SetKnockUser (line 252) | func (a *UdpAgent) SetKnockUser(usrId string, orgId string, userData m...
method SetDeviceId (line 260) | func (a *UdpAgent) SetDeviceId(devId string) {
method SetCheckResults (line 264) | func (a *UdpAgent) SetCheckResults(results map[string]any) {
method Stop (line 269) | func (a *UdpAgent) Stop() {
method IsRunning (line 285) | func (a *UdpAgent) IsRunning() bool {
method newConnection (line 289) | func (a *UdpAgent) newConnection(addr *net.UDPAddr) (conn *UdpConn) {
method sendMessageRoutine (line 329) | func (a *UdpAgent) sendMessageRoutine() {
method SendPacket (line 381) | func (a *UdpAgent) SendPacket(pkt *core.Packet, conn *UdpConn) (n int,...
method recvPacketRoutine (line 398) | func (a *UdpAgent) recvPacketRoutine(conn *UdpConn) {
method connectionRoutine (line 457) | func (a *UdpAgent) connectionRoutine(conn *UdpConn) {
method recvMessageRoutine (line 540) | func (a *UdpAgent) recvMessageRoutine() {
method knockResourceRoutine (line 569) | func (a *UdpAgent) knockResourceRoutine() {
method dhpKnockResourceRoutine (line 643) | func (a *UdpAgent) dhpKnockResourceRoutine() {
method AddServer (line 679) | func (a *UdpAgent) AddServer(server *core.UdpPeer) {
method RemoveServer (line 688) | func (a *UdpAgent) RemoveServer(serverKey string) {
method AddResource (line 694) | func (a *UdpAgent) AddResource(res *KnockResource) error {
method RemoveResource (line 726) | func (a *UdpAgent) RemoveResource(aspId string, resId string) {
method FindServerPeerFromResource (line 746) | func (a *UdpAgent) FindServerPeerFromResource(res *KnockResource) *cor...
method StartConfidentialComputing (line 758) | func (a *UdpAgent) StartConfidentialComputing(ztdoId string, taId stri...
method PreCheckDataAccess (line 802) | func (a *UdpAgent) PreCheckDataAccess(ztdoId string) (output string, r...
method RefreshDataAccess (line 826) | func (a *UdpAgent) RefreshDataAccess(ztdoId string, decrypted bool, de...
method GetFirstServerPeer (line 941) | func (a *UdpAgent) GetFirstServerPeer() (serverPeer *core.UdpPeer) {
method SendDARMsgToServer (line 949) | func (a *UdpAgent) SendDARMsgToServer(server *core.UdpPeer, msg common...
method SendDAVMsgToServer (line 1055) | func (a *UdpAgent) SendDAVMsgToServer(server *core.UdpPeer, msg common...
method onAttestationCollect (line 1121) | func (s *UdpAgent) onAttestationCollect(spo *common.SmartPolicy) (stri...
method CallTrustedApplication (line 1144) | func (a *UdpAgent) CallTrustedApplication(taId string, function string...
type UdpConn (line 134) | type UdpConn struct
method Close (line 139) | func (c *UdpConn) Close() {
FILE: endpoints/db/config.go
type Config (line 25) | type Config struct
type Peers (line 33) | type Peers struct
type Resources (line 37) | type Resources struct
type TEE (line 41) | type TEE struct
type TEEs (line 46) | type TEEs struct
method loadBaseConfig (line 50) | func (a *UdpDevice) loadBaseConfig() error {
method loadPeers (line 65) | func (a *UdpDevice) loadPeers() error {
method loadTEEs (line 81) | func (a *UdpDevice) loadTEEs() error {
method updateBaseConfig (line 97) | func (a *UdpDevice) updateBaseConfig(file string) (err error) {
method updateServerPeers (line 132) | func (a *UdpDevice) updateServerPeers(file string) (err error) {
method updateTEEConfig (line 167) | func (a *UdpDevice) updateTEEConfig(file string) (err error) {
method StopConfigWatch (line 194) | func (a *UdpDevice) StopConfigWatch() {
FILE: endpoints/db/constants.go
constant MaxConcurrentConnection (line 6) | MaxConcurrentConnection = 256
constant DefaultConnectionTimeoutMs (line 7) | DefaultConnectionTimeoutMs = common.ClientSideConnectionTimeoutMs
constant PacketQueueSizePerConnection (line 8) | PacketQueueSizePerConnection = 64
constant DoType_Default (line 9) | DoType_Default = "ZTDO"
constant DoType_Other (line 10) | DoType_Other = "OTHER"
constant ReportToServerInterval (line 12) | ReportToServerInterval = common.ReportToServerInterval
constant MinialServerDiscoveryInterval (line 13) | MinialServerDiscoveryInterval = common.MinimalServerDiscoveryInterval
constant ServerKeepaliveInterval (line 14) | ServerKeepaliveInterval = common.ServerKeepaliveInterval
constant ServerDiscoveryRetryBeforeFail (line 15) | ServerDiscoveryRetryBeforeFail = common.ServerDiscoveryRetryBeforeFail
FILE: endpoints/db/main/main.go
function main (line 24) | func main() {
function initApp (line 27) | func initApp() {
function runApp (line 215) | func runApp(params db.AppParams) error {
FILE: endpoints/db/udpdevice.go
type KnockUser (line 25) | type KnockUser struct
type KnockResource (line 31) | type KnockResource struct
method Id (line 37) | func (res *KnockResource) Id() string {
type KnockTarget (line 41) | type KnockTarget struct
method SetResource (line 48) | func (kt *KnockTarget) SetResource(res *KnockResource) {
method SetServer (line 55) | func (kt *KnockTarget) SetServer(peer *core.UdpPeer) {
method Server (line 62) | func (kt *KnockTarget) Server() *core.UdpPeer {
type UdpDevice (line 69) | type UdpDevice struct
method Start (line 118) | func (a *UdpDevice) Start(dirPath string, logLevel int) (err error) {
method Stop (line 180) | func (a *UdpDevice) Stop() {
method IsRunning (line 195) | func (a *UdpDevice) IsRunning() bool {
method newConnection (line 199) | func (a *UdpDevice) newConnection(addr *net.UDPAddr) (conn *UdpConn) {
method sendMessageRoutine (line 239) | func (a *UdpDevice) sendMessageRoutine() {
method SendPacket (line 291) | func (a *UdpDevice) SendPacket(pkt *core.Packet, conn *UdpConn) (n int...
method recvPacketRoutine (line 308) | func (a *UdpDevice) recvPacketRoutine(conn *UdpConn) {
method connectionRoutine (line 367) | func (a *UdpDevice) connectionRoutine(conn *UdpConn) {
method recvMessageRoutine (line 448) | func (a *UdpDevice) recvMessageRoutine() {
method maintainServerConnectionRoutine (line 479) | func (a *UdpDevice) maintainServerConnectionRoutine() {
method serverDiscovery (line 522) | func (a *UdpDevice) serverDiscovery(server *core.UdpPeer, discoveryRou...
method AddServer (line 679) | func (a *UdpDevice) AddServer(server *core.UdpPeer) {
method RemoveServer (line 688) | func (a *UdpDevice) RemoveServer(serverKey string) {
method GetServerPeer (line 695) | func (a *UdpDevice) GetServerPeer() (serverPeer *core.UdpPeer) {
method SendDHPRegister (line 702) | func (a *UdpDevice) SendDHPRegister(msg common.DRGMsg) {
method SendNHPDRG (line 716) | func (a *UdpDevice) SendNHPDRG(server *core.UdpPeer, msg common.DRGMsg...
method GetCipherSchema (line 786) | func (a *UdpDevice) GetCipherSchema() int {
method GetSymmetricCipherMode (line 790) | func (a *UdpDevice) GetSymmetricCipherMode() string {
method GetDataBrokerId (line 794) | func (a *UdpDevice) GetDataBrokerId() string {
method GetOwnEcdh (line 798) | func (a *UdpDevice) GetOwnEcdh() core.Ecdh {
method isTEEAuthorized (line 808) | func (a *UdpDevice) isTEEAuthorized(teePbkBase64 string) bool {
method HandleUdpDataKeyWrappingOperations (line 818) | func (a *UdpDevice) HandleUdpDataKeyWrappingOperations(ppd *core.Packe...
type UdpConn (line 102) | type UdpConn struct
method Close (line 109) | func (c *UdpConn) Close() {
FILE: endpoints/db/utils.go
type DataPrivateKeyStore (line 20) | type DataPrivateKeyStore struct
method Generate (line 56) | func (d *DataPrivateKeyStore) Generate(mode ztdolib.DataKeyPairECCMode...
method Save (line 64) | func (d *DataPrivateKeyStore) Save(doId string) error {
method Delete (line 87) | func (d *DataPrivateKeyStore) Delete(doId string) error {
method toJson (line 100) | func (d *DataPrivateKeyStore) toJson() []byte {
method fromJson (line 109) | func (d *DataPrivateKeyStore) fromJson(jsonData []byte) error {
function NewDataPrivateKeyStore (line 26) | func NewDataPrivateKeyStore(providerPublicKeyBase64 string) *DataPrivate...
function NewDataPrivateKeyStoreWith (line 33) | func NewDataPrivateKeyStoreWith(doId string) (d *DataPrivateKeyStore, er...
type AppParams (line 117) | type AppParams struct
method NewSmartPolicy (line 131) | func (a *AppParams) NewSmartPolicy() (common.SmartPolicy, error) {
method GetMetadata (line 160) | func (a *AppParams) GetMetadata() (string, error) {
method LoadMetadataAsStruct (line 173) | func (a *AppParams) LoadMetadataAsStruct() (map[string]any, error) {
method UploadFileToNHPServer (line 193) | func (a *UdpDevice) UploadFileToNHPServer(filePath string) (string, erro...
type UploadProgress (line 294) | type UploadProgress struct
type ServerResponse (line 301) | type ServerResponse struct
type ProgressReader (line 308) | type ProgressReader struct
method Read (line 313) | func (pr *ProgressReader) Read(p []byte) (n int, err error) {
method displayProgress (line 329) | func (pr *ProgressReader) displayProgress(percent int) {
FILE: endpoints/kgc/curve/curve.go
type CurveParams (line 15) | type CurveParams struct
type Curve (line 25) | type Curve interface
type CustomStandardCurve (line 33) | type CustomStandardCurve struct
method Params (line 37) | func (c *CustomStandardCurve) Params() *CurveParams {
method IsOnCurve (line 41) | func (c *CustomStandardCurve) IsOnCurve(x, y *big.Int) bool {
method Add (line 61) | func (c *CustomStandardCurve) Add(x1, y1, x2, y2 *big.Int) (x, y *big....
method ScalarMult (line 120) | func (c *CustomStandardCurve) ScalarMult(x1, y1 *big.Int, k []byte) (x...
method ScalarBaseMult (line 139) | func (c *CustomStandardCurve) ScalarBaseMult(k []byte) (x, y *big.Int) {
function NewCustomSM2Curve (line 143) | func NewCustomSM2Curve() *CustomStandardCurve {
function NewCustomSecp256k1Curve (line 166) | func NewCustomSecp256k1Curve() *CustomStandardCurve {
type OfficialSM2Curve (line 189) | type OfficialSM2Curve struct
method Params (line 193) | func (c *OfficialSM2Curve) Params() *CurveParams {
method IsOnCurve (line 208) | func (c *OfficialSM2Curve) IsOnCurve(x, y *big.Int) bool {
method Add (line 212) | func (c *OfficialSM2Curve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) {
method ScalarMult (line 216) | func (c *OfficialSM2Curve) ScalarMult(x1, y1 *big.Int, k []byte) (x, y...
method ScalarBaseMult (line 220) | func (c *OfficialSM2Curve) ScalarBaseMult(k []byte) (x, y *big.Int) {
function NewOfficialSM2Curve (line 224) | func NewOfficialSM2Curve() *OfficialSM2Curve {
FILE: endpoints/kgc/kgc.go
type Config (line 18) | type Config struct
type MasterKey (line 24) | type MasterKey struct
method String (line 30) | func (m MasterKey) String() string {
type KGCUserPartialKey (line 34) | type KGCUserPartialKey struct
type KGC (line 41) | type KGC interface
type KGCImpl (line 47) | type KGCImpl struct
method Params (line 53) | func (k *KGCImpl) Params() *curve.CurveParams {
method GenerateMasterKey (line 61) | func (k *KGCImpl) GenerateMasterKey() error {
method GenerateKGCUserPartialKey (line 120) | func (k *KGCImpl) GenerateKGCUserPartialKey(userId string, userPartial...
method GetHash (line 168) | func (k *KGCImpl) GetHash() hash.Hash {
method GetMasterKey (line 172) | func (k *KGCImpl) GetMasterKey() *MasterKey {
type KGCEllipticCurveMode (line 176) | type KGCEllipticCurveMode
method String (line 183) | func (k KGCEllipticCurveMode) String() string {
method NewKGCImpl (line 192) | func (k KGCEllipticCurveMode) NewKGCImpl() *KGCImpl {
constant SM2 (line 179) | SM2 KGCEllipticCurveMode = iota
constant UNKNOWN (line 180) | UNKNOWN
function NewKGCImplFromConfig (line 214) | func NewKGCImplFromConfig() (*KGCImpl, error) {
FILE: endpoints/kgc/kgc_test.go
function TestConfigFilePermissions (line 10) | func TestConfigFilePermissions(t *testing.T) {
FILE: endpoints/kgc/main/main.go
function main (line 17) | func main() {
function setUp (line 91) | func setUp() error {
function GenerateUserFullKey (line 100) | func GenerateUserFullKey(userId string, outputJson bool) error {
function Sign (line 175) | func Sign(privateKey string, message string, outputJson bool) error {
function Verify (line 213) | func Verify(declaredPbkBase64, userId, message, signatureBase64 string, ...
FILE: endpoints/kgc/user/user.go
type UserPartialKey (line 13) | type UserPartialKey struct
type UserFullKey (line 19) | type UserFullKey struct
method String (line 25) | func (u UserFullKey) String() string {
function NewUserFullKeyWithPrivateKey (line 29) | func NewUserFullKeyWithPrivateKey(prkBase64 string) (*UserFullKey, error) {
type User (line 42) | type User interface
type UserImpl (line 49) | type UserImpl struct
method Params (line 63) | func (u *UserImpl) Params() *curve.CurveParams {
method GenerateUserPartialKey (line 67) | func (u *UserImpl) GenerateUserPartialKey() (*UserPartialKey, error) {
method GenerateUserFullKey (line 82) | func (u *UserImpl) GenerateUserFullKey(kgcUserPartialKey *kgc.KGCUserP...
method CalculateFullPublicKey (line 100) | func (u *UserImpl) CalculateFullPublicKey(declaredPbkBase64, userId st...
method VerifyFullKey (line 152) | func (u *UserImpl) VerifyFullKey(fullKey *UserFullKey, userId string) ...
method Sign (line 180) | func (u *UserImpl) Sign(prkBase64 string, message string) (r, s *big.I...
method Verify (line 229) | func (u *UserImpl) Verify(declaredPbkBase64, userId, message, sigBase6...
function NewUser (line 55) | func NewUser(params curve.Curve, hash hash.Hash, masterKey *kgc.MasterKe...
FILE: endpoints/kgc/utils.go
function GenerateRandomNumber (line 11) | func GenerateRandomNumber(N *big.Int) (*big.Int, error) {
function GetExeDirPath (line 24) | func GetExeDirPath() (string, error) {
FILE: endpoints/server/config.go
type ServerEtcdConfig (line 35) | type ServerEtcdConfig struct
type SrcIpMap (line 45) | type SrcIpMap struct
type Config (line 50) | type Config struct
type RemoteConfig (line 61) | type RemoteConfig struct
type HttpConfig (line 69) | type HttpConfig struct
type Peers (line 81) | type Peers struct
method loadBaseConfig (line 87) | func (s *UdpServer) loadBaseConfig() error {
method loadHttpConfig (line 116) | func (s *UdpServer) loadHttpConfig() error {
method loadPeers (line 145) | func (s *UdpServer) loadPeers() error {
method loadResources (line 236) | func (s *UdpServer) loadResources() error {
method loadSourceIps (line 265) | func (s *UdpServer) loadSourceIps() error {
method initRemoteConn (line 294) | func (s *UdpServer) initRemoteConn() error {
method loadRemoteBaseConfig (line 342) | func (s *UdpServer) loadRemoteBaseConfig() error {
method loadRemoteConfig (line 357) | func (s *UdpServer) loadRemoteConfig() error {
method updateEtcdConfig (line 376) | func (s *UdpServer) updateEtcdConfig(content []byte, baseLoad bool) (err...
method loadConfigFile (line 417) | func (s *UdpServer) loadConfigFile(file string) (content []byte, err err...
method updateBaseConfig (line 428) | func (s *UdpServer) updateBaseConfig(conf Config) (err error) {
method updateHttpConfig (line 478) | func (s *UdpServer) updateHttpConfig(httpConf HttpConfig) (err error) {
method updateACPeers (line 522) | func (s *UdpServer) updateACPeers(peers []*core.UdpPeer) (err error) {
method updateAgentPeers (line 547) | func (s *UdpServer) updateAgentPeers(peers []*core.UdpPeer) (err error) {
method updateResources (line 571) | func (s *UdpServer) updateResources(aspMap common.AuthSvcProviderMap) (e...
method updateSourceIps (line 599) | func (s *UdpServer) updateSourceIps(srcIpMap map[string][]*common.NetAdd...
method StopConfigWatch (line 611) | func (s *UdpServer) StopConfigWatch() {
method updateDePeers (line 640) | func (s *UdpServer) updateDePeers(peers []*core.UdpPeer) (err error) {
method updateTee (line 665) | func (s *UdpServer) updateTee(file string) (err error) {
method AppraiseEvidence (line 690) | func (s *UdpServer) AppraiseEvidence(evidenceBase64 string) bool {
FILE: endpoints/server/constants.go
constant MaxConcurrentConnection (line 6) | MaxConcurrentConnection = 20480
constant OverloadConnectionThreshold (line 7) | OverloadConnectionThreshold = MaxConcurrentConnection * 4 / 5
constant BlockAddrRefreshRate (line 8) | BlockAddrRefreshRate = 20
constant BlockAddrExpireTime (line 9) | BlockAddrExpireTime = 90
constant PreCheckThreatCountBeforeBlock (line 10) | PreCheckThreatCountBeforeBlock = 5
constant DefaultAgentConnectionTimeoutMs (line 11) | DefaultAgentConnectionTimeoutMs = common.ClientSideConnectionTimeoutMs
constant DefaultACConnectionTimeoutMs (line 12) | DefaultACConnectionTimeoutMs = common.ServerSideConnectionTimeoutMs
constant DefaultDBConnectionTimeoutMs (line 13) | DefaultDBConnectionTimeoutMs = common.ServerSideConnectionTimeoutMs
constant PacketQueueSizePerConnection (line 14) | PacketQueueSizePerConnection = 256
constant DefaultHttpRequestReadTimeoutMs (line 19) | DefaultHttpRequestReadTimeoutMs = 4500
constant DefaultHttpResponseWriteTimeoutMs (line 20) | DefaultHttpResponseWriteTimeoutMs = 5500
constant DefaultHttpServerIdleTimeoutMs (line 21) | DefaultHttpServerIdleTimeoutMs = 6000
constant DefaultIpOpenTime (line 26) | DefaultIpOpenTime = 120
constant ACOpenCompensationTime (line 27) | ACOpenCompensationTime = 5
constant TokenStoreRefreshInterval (line 28) | TokenStoreRefreshInterval = common.TokenStoreRefreshInterval
FILE: endpoints/server/httpauth.go
method doAuthWithPlugin (line 14) | func (hs *HttpServer) doAuthWithPlugin(c *gin.Context, req *common.HttpK...
method authWithAspPlugin (line 35) | func (hs *HttpServer) authWithAspPlugin(c *gin.Context, req *common.Http...
method legacyAuthWithAspPlugin (line 41) | func (hs *HttpServer) legacyAuthWithAspPlugin(c *gin.Context, req *commo...
FILE: endpoints/server/httpserver.go
type HttpServer (line 27) | type HttpServer struct
method Start (line 44) | func (hs *HttpServer) Start(us *UdpServer, hc *HttpConfig) error {
method Stop (line 132) | func (hs *HttpServer) Stop() {
method IsRunning (line 151) | func (hs *HttpServer) IsRunning() bool {
method initRouter (line 204) | func (hs *HttpServer) initRouter() {
method handleHttpOpenResource (line 324) | func (hs *HttpServer) handleHttpOpenResource(req *common.HttpKnockRequ...
method NewHttpServerHelper (line 441) | func (hs *HttpServer) NewHttpServerHelper() *plugins.HttpServerPluginH...
method FindPluginHandler (line 472) | func (hs *HttpServer) FindPluginHandler(aspId string) plugins.PluginHa...
method handleRefreshResource (line 476) | func (hs *HttpServer) handleRefreshResource(token string) (err error) {
function LoadFilesRecursively (line 161) | func LoadFilesRecursively(g *gin.Engine, dir string) {
function corsMiddleware (line 298) | func corsMiddleware() gin.HandlerFunc {
FILE: endpoints/server/httpstorage.go
constant uploadDir (line 20) | uploadDir = "etc/uploads"
constant metadataDir (line 21) | metadataDir = "etc/metadata"
constant maxUploadSize (line 22) | maxUploadSize = 20 * 1024 * 1024 * 1024
constant maxMemorySize (line 23) | maxMemorySize = 10 * 1024 * 1024
type FileMetadata (line 26) | type FileMetadata struct
method initStorageRouter (line 39) | func (hs *HttpServer) initStorageRouter() {
type ProgressWriter (line 249) | type ProgressWriter struct
method Write (line 258) | func (pw *ProgressWriter) Write(p []byte) (n int, err error) {
function saveMetadata (line 272) | func saveMetadata(metadata FileMetadata) error {
function loadMetadata (line 292) | func loadMetadata(uuid string) (FileMetadata, error) {
function checkFileExists (line 322) | func checkFileExists(md5 string) (FileMetadata, bool) {
FILE: endpoints/server/kbs.go
method initKbsRouter (line 9) | func (hs *HttpServer) initKbsRouter() {
FILE: endpoints/server/kbs/attest/attest.go
type AttestRequest (line 32) | type AttestRequest struct
type TeePubkey (line 37) | type TeePubkey struct
type CustomClaims (line 44) | type CustomClaims struct
function init (line 49) | func init() {
function Attest (line 60) | func Attest(c *gin.Context) {
function parseTeePubkey (line 101) | func parseTeePubkey(pubkey TeePubkey) (*rsa.PublicKey, error) {
function generateJWT (line 127) | func generateJWT() (string, error) {
function GetTeePubKeyByToken (line 154) | func GetTeePubKeyByToken(token string) (*rsa.PublicKey, error) {
FILE: endpoints/server/kbs/auth/auth.go
type AuthRequest (line 15) | type AuthRequest struct
type AuthResponse (line 21) | type AuthResponse struct
function generateNonce (line 26) | func generateNonce() (string, error) {
function generateSecureSessionID (line 36) | func generateSecureSessionID() (string, error) {
function Auth (line 47) | func Auth(c *gin.Context) {
FILE: endpoints/server/kbs/error/error.go
type ErrorType (line 10) | type ErrorType
constant tokenNotFound (line 13) | tokenNotFound ErrorType = "https://github.com/confidential-c...
constant tokenInvalid (line 14) | tokenInvalid ErrorType = "https://github.com/confidential-c...
constant policyDeny (line 15) | policyDeny ErrorType = "https://github.com/confidential-c...
constant teePubKeyNotFound (line 16) | teePubKeyNotFound ErrorType = "https://github.com/confidential-c...
constant resourceNotFound (line 17) | resourceNotFound ErrorType = "https://github.com/confidential-c...
constant keyGenerationFailed (line 18) | keyGenerationFailed ErrorType = "https://github.com/confidential-c...
constant keyEncryptionFailed (line 19) | keyEncryptionFailed ErrorType = "https://github.com/confidential-c...
constant contentEncryptionFailed (line 20) | contentEncryptionFailed ErrorType = "https://github.com/confidential-c...
constant invalidRequest (line 21) | invalidRequest ErrorType = "https://github.com/confidential-c...
constant nonceGenerationFailed (line 22) | nonceGenerationFailed ErrorType = "https://github.com/confidential-c...
constant sessionIDGenerationFailed (line 23) | sessionIDGenerationFailed ErrorType = "https://github.com/confidential-c...
constant missingOrInvalidSessionID (line 24) | missingOrInvalidSessionID ErrorType = "https://github.com/confidential-c...
constant tokenGenerationFailed (line 25) | tokenGenerationFailed ErrorType = "https://github.com/confidential-c...
function newError (line 28) | func newError(errType ErrorType, detail string) map[string]any {
function TokenNotFound (line 35) | func TokenNotFound() map[string]any {
function TokenInvalid (line 39) | func TokenInvalid() map[string]any {
function PolicyDeny (line 43) | func PolicyDeny() map[string]any {
function TeePubKeyNotFound (line 47) | func TeePubKeyNotFound(err error) map[string]any {
function ResourceNotFound (line 51) | func ResourceNotFound(err error) map[string]any {
function KeyGenerationFailed (line 55) | func KeyGenerationFailed(err error) map[string]any {
function KeyEncryptionFailed (line 59) | func KeyEncryptionFailed(err error) map[string]any {
function ContentEncryptionFailed (line 63) | func ContentEncryptionFailed(err error) map[string]any {
function InvalidRequest (line 67) | func InvalidRequest(err error) map[string]any {
function NonceGenerationFailed (line 71) | func NonceGenerationFailed(err error) map[string]any {
function SessionIDGenerationFailed (line 75) | func SessionIDGenerationFailed(err error) map[string]any {
function MissingOrInvalidSessionID (line 79) | func MissingOrInvalidSessionID() map[string]any {
function TokenGenerationFailed (line 83) | func TokenGenerationFailed(err error) map[string]any {
FILE: endpoints/server/kbs/resource/resource.go
function init (line 33) | func init() {
function generateCosignKeyPair (line 44) | func generateCosignKeyPair(privateKeyPath, publicKeyPath string) error {
function GetResource (line 75) | func GetResource(c *gin.Context) {
function loadResource (line 158) | func loadResource(resourceID string) ([]byte, error) {
function encryptWithA256GCM (line 190) | func encryptWithA256GCM(key, plaintext []byte) (ciphertext, iv, tag []by...
function VerifyJWT (line 211) | func VerifyJWT(tokenString string) (*jwt.Token, error) {
FILE: endpoints/server/main/main.go
constant colorReset (line 23) | colorReset = "\033[0m"
constant colorCyan (line 24) | colorCyan = "\033[36m"
constant colorGreen (line 25) | colorGreen = "\033[32m"
constant colorYellow (line 26) | colorYellow = "\033[33m"
constant colorBlue (line 27) | colorBlue = "\033[34m"
constant colorPurple (line 28) | colorPurple = "\033[35m"
constant colorBold (line 29) | colorBold = "\033[1m"
constant colorDim (line 30) | colorDim = "\033[2m"
function main (line 33) | func main() {
function printBanner (line 91) | func printBanner() {
function printServerInfo (line 110) | func printServerInfo(us *server.UdpServer) {
function runApp (line 144) | func runApp(enableProfiling bool) error {
FILE: endpoints/server/msghandler.go
method HandleOTPRequest (line 21) | func (s *UdpServer) HandleOTPRequest(ppd *core.PacketParserData) (err er...
method HandleRegisterRequest (line 60) | func (s *UdpServer) HandleRegisterRequest(ppd *core.PacketParserData) (e...
method HandleListRequest (line 132) | func (s *UdpServer) HandleListRequest(ppd *core.PacketParserData) (err e...
method HandleACOnline (line 200) | func (s *UdpServer) HandleACOnline(ppd *core.PacketParserData) (err erro...
method HandleDBOnline (line 260) | func (s *UdpServer) HandleDBOnline(ppd *core.PacketParserData) (err erro...
method HandleDHPDARMessage (line 318) | func (s *UdpServer) HandleDHPDARMessage(ppd *core.PacketParserData) (err...
method HandleDHPDAVMessage (line 369) | func (s *UdpServer) HandleDHPDAVMessage(ppd *core.PacketParserData) (err...
method HandleDHPDRGMessage (line 452) | func (s *UdpServer) HandleDHPDRGMessage(ppd *core.PacketParserData) (err...
method onAttestationVerify (line 505) | func (s *UdpServer) onAttestationVerify(spo *common.SmartPolicy, attesta...
function SaveZdtoConfig (line 538) | func SaveZdtoConfig(drgMsg *common.DRGMsg) error {
function ReadZdtoConfig (line 577) | func ReadZdtoConfig(doId string) (common.DRGMsg, error) {
FILE: endpoints/server/nhpauth.go
method HandleKnockRequest (line 14) | func (s *UdpServer) HandleKnockRequest(ppd *core.PacketParserData) (err ...
FILE: endpoints/server/tokenstore.go
type ACTokenEntry (line 14) | type ACTokenEntry struct
method GetExpireTime (line 23) | func (e *ACTokenEntry) GetExpireTime() time.Time {
method GenerateAccessToken (line 28) | func (s *UdpServer) GenerateAccessToken(entry *ACTokenEntry) string {
method VerifyAccessToken (line 48) | func (s *UdpServer) VerifyAccessToken(token string) *ACTokenEntry {
FILE: endpoints/server/udpserver.go
type UdpServer (line 30) | type UdpServer struct
method Start (line 153) | func (s *UdpServer) Start(dirPath string, logLevel int) (err error) {
method Stop (line 276) | func (s *UdpServer) Stop() {
method GetListenPort (line 307) | func (s *UdpServer) GetListenPort() int {
method GetHttpPort (line 318) | func (s *UdpServer) GetHttpPort() (int, bool) {
method GetHttpTLSStatus (line 330) | func (s *UdpServer) GetHttpTLSStatus() string {
method IsRunning (line 337) | func (s *UdpServer) IsRunning() bool {
method SendPacket (line 341) | func (s *UdpServer) SendPacket(pkt *core.Packet, conn *UdpConn) (n int...
method recvPacketRoutine (line 363) | func (s *UdpServer) recvPacketRoutine() {
method connectionRoutine (line 502) | func (s *UdpServer) connectionRoutine(conn *UdpConn) {
method BlockAddrRefreshRoutine (line 619) | func (s *UdpServer) BlockAddrRefreshRoutine() {
method IsBlockAddr (line 636) | func (s *UdpServer) IsBlockAddr(addr *net.UDPAddr) bool {
method AddBlockAddr (line 644) | func (s *UdpServer) AddBlockAddr(addr *net.UDPAddr) {
method RefreshBlockAddr (line 658) | func (s *UdpServer) RefreshBlockAddr() {
method sendMessageRoutine (line 670) | func (s *UdpServer) sendMessageRoutine() {
method recvMessageRoutine (line 700) | func (s *UdpServer) recvMessageRoutine() {
method AddAgentPeer (line 766) | func (s *UdpServer) AddAgentPeer(agent *core.UdpPeer) {
method UpdateTeePublicKeyAndConsumerEphemeralPublicKey (line 775) | func (s *UdpServer) UpdateTeePublicKeyAndConsumerEphemeralPublicKey(te...
method GetTeePublicKeyBase64AndConsumerEphemeralPublicKeyBase64 (line 784) | func (s *UdpServer) GetTeePublicKeyBase64AndConsumerEphemeralPublicKey...
method AddACPeer (line 792) | func (s *UdpServer) AddACPeer(acPeer *core.UdpPeer) {
method AddAddressAssociation (line 801) | func (s *UdpServer) AddAddressAssociation(srcIp string, addrs []*commo...
method RemoveAddressAssociation (line 807) | func (s *UdpServer) RemoveAddressAssociation(srcIp string) {
method AddAuthService (line 813) | func (s *UdpServer) AddAuthService(aspData *common.AuthServiceProvider...
method AddResource (line 835) | func (s *UdpServer) AddResource(res *common.ResourceData) error {
method ValidatePlugin (line 852) | func (s *UdpServer) ValidatePlugin(h plugins.PluginHandler) bool {
method LoadPlugin (line 862) | func (s *UdpServer) LoadPlugin(pluginId string, h plugins.PluginHandle...
method ClosePlugins (line 901) | func (s *UdpServer) ClosePlugins() {
method FindAuthSvcProvider (line 911) | func (s *UdpServer) FindAuthSvcProvider(aspId string) *common.AuthServ...
method processACOperation (line 923) | func (s *UdpServer) processACOperation(knkMsg *common.AgentKnockMsg, c...
method handleNhpOpenResource (line 1025) | func (s *UdpServer) handleNhpOpenResource(req *common.NhpAuthRequest, ...
method NewNhpServerHelper (line 1112) | func (us *UdpServer) NewNhpServerHelper(ppd *core.PacketParserData) *p...
method FindPluginHandler (line 1123) | func (us *UdpServer) FindPluginHandler(aspId string) plugins.PluginHan...
method AddDEPeer (line 1135) | func (s *UdpServer) AddDEPeer(device *core.UdpPeer) {
method ProcessDataPrivateKeyWrapping (line 1144) | func (s *UdpServer) ProcessDataPrivateKeyWrapping(dwrMsg *common.DWRMs...
type BlockAddr (line 105) | type BlockAddr struct
type UdpConn (line 110) | type UdpConn struct
method Close (line 144) | func (c *UdpConn) Close() {
type ACConn (line 118) | type ACConn struct
type DBConn (line 127) | type DBConn struct
type TeeAttestationReport (line 134) | type TeeAttestationReport struct
type TeeAttestationReports (line 140) | type TeeAttestationReports struct
FILE: endpoints/server/webrtcserver.go
type WebRTCConfig (line 17) | type WebRTCConfig struct
type WebRTCServer (line 26) | type WebRTCServer struct
method Start (line 36) | func (w *WebRTCServer) Start() error {
method setupDataChannel (line 81) | func (w *WebRTCServer) setupDataChannel(dc *webrtc.DataChannel) {
method Stop (line 150) | func (w *WebRTCServer) Stop() {
function NewWebRTCServer (line 32) | func NewWebRTCServer(us *UdpServer, conf *WebRTCConfig) *WebRTCServer {
FILE: endpoints/test/gin_test.go
function TestGlobInit (line 13) | func TestGlobInit(t *testing.T) {
FILE: endpoints/test/json_test.go
function TestJsonTypeDetermine (line 14) | func TestJsonTypeDetermine(t *testing.T) {
function TestJsonSerialization (line 52) | func TestJsonSerialization(t *testing.T) {
type UserData (line 79) | type UserData struct
function TestJsonSerializationForAnyType (line 86) | func TestJsonSerializationForAnyType(t *testing.T) {
function TestServerJsonConfig (line 106) | func TestServerJsonConfig(t *testing.T) {
FILE: endpoints/test/toml_test.go
function TestTomlUnmarshal (line 17) | func TestTomlUnmarshal(t *testing.T) {
function TestTomlViperHandling (line 72) | func TestTomlViperHandling(t *testing.T) {
function TestWxwebTomlViperHandling (line 115) | func TestWxwebTomlViperHandling(t *testing.T) {
function TestUdpServerTomlViperHandling (line 165) | func TestUdpServerTomlViperHandling(t *testing.T) {
FILE: examples/client_sdk/android/java/MainActivity.java
class MainActivity (line 14) | public class MainActivity extends AppCompatActivity {
method onCreate (line 16) | @Override
FILE: examples/client_sdk/android/java/OpennhpLibrary.java
type OpennhpLibrary (line 14) | public interface OpennhpLibrary extends Library {
method nhp_agent_init (line 30) | boolean nhp_agent_init(String workingDir, int logLevel);
method nhp_agent_close (line 37) | void nhp_agent_close();
method nhp_agent_knockloop_start (line 47) | int nhp_agent_knockloop_start();
method nhp_agent_knockloop_stop (line 54) | void nhp_agent_knockloop_stop();
FILE: examples/client_sdk/desktop/c/nhp-agent-demo.c
function main (line 5) | int main() {
FILE: examples/client_sdk/desktop/java/App.java
class App (line 13) | public class App {
method main (line 14) | public static void main(String[] args) throws Exception {
FILE: examples/client_sdk/desktop/java/OpennhpLibrary.java
type OpennhpLibrary (line 14) | public interface OpennhpLibrary extends Library {
method nhp_agent_init (line 30) | boolean nhp_agent_init(String workingDir, int logLevel);
method nhp_agent_close (line 37) | void nhp_agent_close();
method nhp_agent_knockloop_start (line 47) | int nhp_agent_knockloop_start();
method nhp_agent_knockloop_stop (line 54) | void nhp_agent_knockloop_stop();
FILE: examples/server_plugin/authenticator/main.go
type config (line 21) | type config struct
function Version (line 54) | func Version() string {
function Init (line 58) | func Init(in *plugins.PluginParamsIn) error {
function updateConfig (line 101) | func updateConfig(file string) (err error) {
function updateResource (line 136) | func updateResource(file string) (err error) {
function findResource (line 165) | func findResource(resId string) *common.ResourceData {
function Close (line 172) | func Close() error {
function corsMiddleware (line 183) | func corsMiddleware(ctx *gin.Context) {
function AuthWithHttp (line 190) | func AuthWithHttp(ctx *gin.Context, req *common.HttpKnockRequest, helper...
function showLoginPage (line 257) | func showLoginPage(ctx *gin.Context, req *common.HttpKnockRequest, res *...
function authOTPCode (line 285) | func authOTPCode(ctx *gin.Context, req *common.HttpKnockRequest, res *co...
function authQRCode (line 341) | func authQRCode(ctx *gin.Context, req *common.HttpKnockRequest, res *com...
FILE: examples/server_plugin/authenticator/qrauth.go
type QRCodeSession (line 22) | type QRCodeSession struct
constant QRStatusPending (line 40) | QRStatusPending = 0
constant QRStatusScanned (line 41) | QRStatusScanned = 1
constant QRStatusConfirmed (line 42) | QRStatusConfirmed = 2
constant QRStatusExpired (line 43) | QRStatusExpired = 3
constant QRStatusFailed (line 44) | QRStatusFailed = 4
type QRAuthService (line 48) | type QRAuthService struct
method GenerateSession (line 136) | func (s *QRAuthService) GenerateSession(aspId, resId, srcIp, serverUrl...
method signQRData (line 197) | func (s *QRAuthService) signQRData(data *QRCodeData) string {
method EncryptQRData (line 205) | func (s *QRAuthService) EncryptQRData(data *QRCodeData) (string, error) {
method DecryptQRData (line 231) | func (s *QRAuthService) DecryptQRData(encrypted string) (*QRCodeData, ...
method GetSession (line 267) | func (s *QRAuthService) GetSession(sessionID string) *QRCodeSession {
method VerifyOTPOnly (line 284) | func (s *QRAuthService) VerifyOTPOnly(sessionID, otpCode string) error {
method ValidateConfiguredOTP (line 311) | func (s *QRAuthService) ValidateConfiguredOTP(secretKey, otpCode strin...
method VerifySession (line 316) | func (s *QRAuthService) VerifySession(sessionID, token, otpCode, mobil...
method UpdateSessionStatus (line 357) | func (s *QRAuthService) UpdateSessionStatus(sessionID string, status i...
method cleanupExpiredSessions (line 371) | func (s *QRAuthService) cleanupExpiredSessions() {
type QRCodeData (line 57) | type QRCodeData struct
type QRVerifyRequest (line 68) | type QRVerifyRequest struct
type QRGenerateResponse (line 77) | type QRGenerateResponse struct
type QRStatusResponse (line 91) | type QRStatusResponse struct
type QRVerifyResponse (line 100) | type QRVerifyResponse struct
function InitQRAuthService (line 109) | func InitQRAuthService() {
function GetQRAuthService (line 128) | func GetQRAuthService() *QRAuthService {
function HandleQRGenerate (line 388) | func HandleQRGenerate(ctx *gin.Context, resId string) {
function HandleQRStatus (line 436) | func HandleQRStatus(ctx *gin.Context) {
function HandleQRScan (line 481) | func HandleQRScan(ctx *gin.Context) {
function HandleQRVerify (line 507) | func HandleQRVerify(ctx *gin.Context) {
FILE: examples/server_plugin/basic/main.go
type config (line 22) | type config struct
function Version (line 52) | func Version() string {
function Init (line 56) | func Init(in *plugins.PluginParamsIn) error {
function updateConfig (line 98) | func updateConfig(file string) (err error) {
function updateResource (line 117) | func updateResource(file string) (err error) {
function Close (line 144) | func Close() error {
function findResource (line 154) | func findResource(resId string) *common.ResourceData {
function AuthWithHttp (line 165) | func AuthWithHttp(ctx *gin.Context, req *common.HttpKnockRequest, helper...
function authAndShowLogin (line 205) | func authAndShowLogin(ctx *gin.Context, req *common.HttpKnockRequest, re...
function authRegular (line 224) | func authRegular(ctx *gin.Context, req *common.HttpKnockRequest, res *co...
function AuthWithNHP (line 283) | func AuthWithNHP(req *common.NhpAuthRequest, helper *plugins.NhpServerPl...
function corsMiddleware (line 320) | func corsMiddleware(ctx *gin.Context) {
function main (line 331) | func main() {
FILE: examples/server_plugin/oidc/auth.go
type Authenticator (line 16) | type Authenticator struct
method VerifyIDToken (line 46) | func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oaut...
method DoAuth (line 59) | func (a *Authenticator) DoAuth(ctx *gin.Context) error {
function NewAuthenticator (line 22) | func NewAuthenticator(conf config) (*Authenticator, error) {
function generateRandomState (line 75) | func generateRandomState() (string, error) {
FILE: examples/server_plugin/oidc/main.go
constant helperContextKey (line 24) | helperContextKey = "oidc_plugin_helper"
function getHelper (line 27) | func getHelper(ctx *gin.Context) *plugins.HttpServerPluginHelper {
function setHelper (line 37) | func setHelper(ctx *gin.Context, helper *plugins.HttpServerPluginHelper) {
function sessionGet (line 42) | func sessionGet(ctx *gin.Context, key string) interface{} {
function sessionSet (line 55) | func sessionSet(ctx *gin.Context, key string, val interface{}) {
function sessionSave (line 68) | func sessionSave(ctx *gin.Context) error {
function sessionClear (line 81) | func sessionClear(ctx *gin.Context) {
type config (line 94) | type config struct
function Version (line 127) | func Version() string {
function Init (line 131) | func Init(in *plugins.PluginParamsIn) error {
function updateConfig (line 173) | func updateConfig(file string) (err error) {
function updateResource (line 204) | func updateResource(file string) (err error) {
function Close (line 231) | func Close() error {
function findResource (line 241) | func findResource(resId string) *common.ResourceData {
function AuthWithHttp (line 252) | func AuthWithHttp(ctx *gin.Context, req *common.HttpKnockRequest, helper...
function authAndShowLogin (line 298) | func authAndShowLogin(ctx *gin.Context) {
function authOidc (line 314) | func authOidc(ctx *gin.Context) error {
function authRegular (line 332) | func authRegular(ctx *gin.Context, req *common.HttpKnockRequest, res *co...
function AuthWithNHP (line 489) | func AuthWithNHP(req *common.NhpAuthRequest, helper *plugins.NhpServerPl...
function corsMiddleware (line 533) | func corsMiddleware(ctx *gin.Context) {
function main (line 549) | func main() {
FILE: nhp/common/constants.go
constant ServerSideConnectionTimeoutMs (line 8) | ServerSideConnectionTimeoutMs = 300 * 1000
constant ClientSideConnectionTimeoutMs (line 12) | ClientSideConnectionTimeoutMs = 30 * 1000
constant TokenStoreRefreshInterval (line 19) | TokenStoreRefreshInterval = 10
constant ReportToServerInterval (line 25) | ReportToServerInterval = 60
constant MinimalServerDiscoveryInterval (line 28) | MinimalServerDiscoveryInterval = 5
constant ServerKeepaliveInterval (line 31) | ServerKeepaliveInterval = 20
constant ServerDiscoveryRetryBeforeFail (line 34) | ServerDiscoveryRetryBeforeFail = 3
FILE: nhp/common/errors.go
type Error (line 12) | type Error struct
method Error (line 19) | func (e *Error) Error() string {
method ErrorCode (line 29) | func (e *Error) ErrorCode() string {
method ErrorNumber (line 33) | func (e *Error) ErrorNumber() int {
function newError (line 41) | func newError(code string, enStr string, chStr string) *Error {
function ErrorToErrorCode (line 51) | func ErrorToErrorCode(err error) string {
function ErrorToString (line 59) | func ErrorToString(err error) string {
function ErrorCodeToError (line 67) | func ErrorCodeToError(code string) *Error {
FILE: nhp/common/nhpmsg.go
type NetAddress (line 12) | type NetAddress struct
method String (line 18) | func (na *NetAddress) String() string {
type ServerCookieMsg (line 26) | type ServerCookieMsg struct
type AgentOTPMsg (line 31) | type AgentOTPMsg struct
type AgentRegisterMsg (line 40) | type AgentRegisterMsg struct
type ServerRegisterAckMsg (line 49) | type ServerRegisterAckMsg struct
type AgentKnockMsg (line 55) | type AgentKnockMsg struct
method Id (line 66) | func (knkMsg *AgentKnockMsg) Id() string {
type PreAccessInfo (line 70) | type PreAccessInfo struct
type ServerKnockAckMsg (line 78) | type ServerKnockAckMsg struct
type AgentListMsg (line 90) | type AgentListMsg struct
type ServerListResultMsg (line 98) | type ServerListResultMsg struct
type AgentAccessMsg (line 105) | type AgentAccessMsg struct
type ACAccessAckMsg (line 113) | type ACAccessAckMsg struct
type ServerACOpsMsg (line 120) | type ServerACOpsMsg struct
type ACOpsResultMsg (line 131) | type ACOpsResultMsg struct
type ACOnlineMsg (line 139) | type ACOnlineMsg struct
type ACRefreshMsg (line 145) | type ACRefreshMsg struct
type ServerACAckMsg (line 150) | type ServerACAckMsg struct
type ResourceInfo (line 156) | type ResourceInfo struct
method DestHost (line 164) | func (r *ResourceInfo) DestHost() string {
method DstIp (line 179) | func (r *ResourceInfo) DstIp() string {
type ResourceGroup (line 186) | type ResourceGroup struct
method Id (line 194) | func (r *ResourceGroup) Id() string {
method Hosts (line 198) | func (r *ResourceGroup) Hosts() map[string]string {
type DRGMsg (line 207) | type DRGMsg struct
type DAKMsg (line 217) | type DAKMsg struct
type DARMsg (line 223) | type DARMsg struct
type DAGMsg (line 230) | type DAGMsg struct
type DWRMsg (line 242) | type DWRMsg struct
type DWAMsg (line 248) | type DWAMsg struct
type DSAMsg (line 255) | type DSAMsg struct
type DAVMsg (line 264) | type DAVMsg struct
type KeyAccessObject (line 270) | type KeyAccessObject struct
type SmartPolicy (line 276) | type SmartPolicy struct
method GetPolicy (line 282) | func (spo *SmartPolicy) GetPolicy() ([]byte, error) {
type DBOnlineMsg (line 300) | type DBOnlineMsg struct
type ServerDBAckMsg (line 304) | type ServerDBAckMsg struct
type DHPKnockMsg (line 310) | type DHPKnockMsg struct
type ServerDHPKnockAckMsg (line 318) | type ServerDHPKnockAckMsg struct
FILE: nhp/common/packet.go
constant NHP_FLAG_EXTENDEDLENGTH (line 5) | NHP_FLAG_EXTENDEDLENGTH = 1 << iota
constant NHP_FLAG_COMPRESS (line 6) | NHP_FLAG_COMPRESS
constant NHP_FLAG_CL_PKC (line 7) | NHP_FLAG_CL_PKC
constant NHP_FLAG_SCHEME_CURVE (line 12) | NHP_FLAG_SCHEME_CURVE = 0 << 12
constant NHP_FLAG_SCHEME_GMSM (line 13) | NHP_FLAG_SCHEME_GMSM = 1 << 12
constant CIPHER_SCHEME_CURVE (line 17) | CIPHER_SCHEME_CURVE int = iota
constant CIPHER_SCHEME_GMSM (line 18) | CIPHER_SCHEME_GMSM
FILE: nhp/common/tokenstore.go
type TokenEntry (line 12) | type TokenEntry interface
type TokenStore (line 19) | type TokenStore struct
function NewTokenStore (line 25) | func NewTokenStore[E TokenEntry]() *TokenStore[E] {
method Store (line 32) | func (ts *TokenStore[E]) Store(token string, entry E) {
method Load (line 49) | func (ts *TokenStore[E]) Load(token string) (E, bool) {
method Delete (line 66) | func (ts *TokenStore[E]) Delete(token string) {
method CleanExpired (line 81) | func (ts *TokenStore[E]) CleanExpired() int {
method RunRefreshRoutine (line 107) | func (ts *TokenStore[E]) RunRefreshRoutine(wg *sync.WaitGroup, stop <-ch...
method Size (line 124) | func (ts *TokenStore[E]) Size() int {
FILE: nhp/common/types.go
type AgentUser (line 6) | type AgentUser struct
type LoginPageContext (line 14) | type LoginPageContext struct
type ResourceData (line 23) | type ResourceData struct
type ResourceGroupMap (line 37) | type ResourceGroupMap
type AuthServiceProviderData (line 38) | type AuthServiceProviderData struct
type AuthSvcProviderMap (line 44) | type AuthSvcProviderMap
type NhpOTPRequest (line 47) | type NhpOTPRequest struct
type NhpRegisterRequest (line 52) | type NhpRegisterRequest struct
type NhpAuthRequest (line 59) | type NhpAuthRequest struct
type NhpListRequest (line 66) | type NhpListRequest struct
type HttpKnockRequest (line 73) | type HttpKnockRequest struct
type HttpRefreshRequest (line 89) | type HttpRefreshRequest struct
FILE: nhp/core/benchmark/ecc_rsa_test.go
function TestRSASignAndVerify (line 15) | func TestRSASignAndVerify(t *testing.T) {
function TestECCSharedKey (line 42) | func TestECCSharedKey(t *testing.T) {
function TestGMSharedKey (line 102) | func TestGMSharedKey(t *testing.T) {
FILE: nhp/core/benchmark/rsa_utils.go
function GenerateRSAKeys (line 11) | func GenerateRSAKeys() (priv *rsa.PrivateKey, pub *rsa.PublicKey) {
function SignWithRSAPrivateKey (line 43) | func SignWithRSAPrivateKey(priv *rsa.PrivateKey, msg []byte) (hashed []b...
function VerifyWithRSAPublicKey (line 52) | func VerifyWithRSAPublicKey(pub *rsa.PublicKey, hashed []byte, signature...
FILE: nhp/core/constants.go
constant ProtocolVersionMajor (line 4) | ProtocolVersionMajor = 1
constant ProtocolVersionMinor (line 5) | ProtocolVersionMinor = 0
constant MaxMemoryUsage (line 9) | MaxMemoryUsage = 1 * 1024 * 1024 * 1024
constant PacketBufferSize (line 10) | PacketBufferSize = 4096
constant PacketBufferPoolSize (line 11) | PacketBufferPoolSize = MaxMemoryUsage / PacketBufferSize
constant AllocateTimeToOverload (line 12) | AllocateTimeToOverload = 2
constant SendQueueSize (line 13) | SendQueueSize = 10240
constant RecvQueueSize (line 14) | RecvQueueSize = 10240
constant MinimalRecvIntervalMs (line 19) | MinimalRecvIntervalMs = 20
constant ThreatCountBeforeBlock (line 20) | ThreatCountBeforeBlock = 1
constant CookieRegenerateTime (line 21) | CookieRegenerateTime = 120
constant CookieRoundTripTimeMs (line 22) | CookieRoundTripTimeMs = 20
constant FailureRetryInterval (line 23) | FailureRetryInterval = 10
constant AgentLocalTransactionResponseTimeoutMs (line 28) | AgentLocalTransactionResponseTimeoutMs = 5 * 1000
constant ServerLocalTransactionResponseTimeoutMs (line 29) | ServerLocalTransactionResponseTimeoutMs = AgentLocalTransactionResponseT...
constant ACLocalTransactionResponseTimeoutMs (line 30) | ACLocalTransactionResponseTimeoutMs = ServerLocalTransactionResponse...
constant RemoteTransactionProcessTimeoutMs (line 32) | RemoteTransactionProcessTimeoutMs = 10 * 1000
constant DELocalTransactionResponseTimeoutMs (line 33) | DELocalTransactionResponseTimeoutMs = 5 * 1000
constant MinimalPeerAddressHoldTime (line 38) | MinimalPeerAddressHoldTime = 5
constant MinimalNSLookupInterval (line 43) | MinimalNSLookupInterval = 300
constant HeaderCommonSize (line 48) | HeaderCommonSize = 24
constant SymmetricKeySize (line 49) | SymmetricKeySize = 32
constant PrivateKeySize (line 50) | PrivateKeySize = 32
constant PublicKeySize (line 51) | PublicKeySize = 32
constant PublicKeySizeEx (line 52) | PublicKeySizeEx = 64
constant HashSize (line 53) | HashSize = 32
constant CookieSize (line 54) | CookieSize = 32
constant TimestampSize (line 55) | TimestampSize = 8
constant GCMNonceSize (line 56) | GCMNonceSize = 12
constant GCMTagSize (line 57) | GCMTagSize = 16
constant PublicKeyBase64Size (line 58) | PublicKeyBase64Size = 44
constant PublicKeyBase64SizeEx (line 59) | PublicKeyBase64SizeEx = 88
constant InitialChainKeyString (line 64) | InitialChainKeyString = "NHP keygen v.20230421@clouddeep.cn"
constant InitialHashString (line 65) | InitialHashString = "NHP hashgen v.20230421@deepcloudsdp.com"
FILE: nhp/core/crypto.go
type HashTypeEnum (line 29) | type HashTypeEnum
constant HASH_BLAKE2S (line 32) | HASH_BLAKE2S HashTypeEnum = iota
constant HASH_SM3 (line 33) | HASH_SM3
constant HASH_SHA256 (line 34) | HASH_SHA256
type EccTypeEnum (line 37) | type EccTypeEnum
constant ECC_CURVE25519 (line 40) | ECC_CURVE25519 EccTypeEnum = iota
constant ECC_SM2 (line 41) | ECC_SM2
constant ECC_UMI (line 42) | ECC_UMI
type GcmTypeEnum (line 45) | type GcmTypeEnum
constant GCM_AES256 (line 48) | GCM_AES256 GcmTypeEnum = iota
constant GCM_SM4 (line 49) | GCM_SM4
constant GCM_CHACHA20POLY1305 (line 50) | GCM_CHACHA20POLY1305
type CipherSuite (line 53) | type CipherSuite struct
function NewCipherSuite (line 61) | func NewCipherSuite(scheme int) (ciphers *CipherSuite) {
function NewHash (line 85) | func NewHash(t HashTypeEnum) (hash.Hash, error) {
type Ecdh (line 105) | type Ecdh interface
function ECDHFromKey (line 117) | func ECDHFromKey(t EccTypeEnum, prk []byte) (e Ecdh) {
function NewECDH (line 139) | func NewECDH(t EccTypeEnum) (e Ecdh) {
function AeadFromKey (line 151) | func AeadFromKey(t GcmTypeEnum, key *[SymmetricKeySize]byte) (cipher.AEA...
function CBCEncryption (line 187) | func CBCEncryption(t GcmTypeEnum, key *[SymmetricKeySize]byte, plaintext...
function CBCDecryption (line 236) | func CBCDecryption(t GcmTypeEnum, key *[SymmetricKeySize]byte, ciphertex...
function SM2Encrypt (line 295) | func SM2Encrypt(pubKeyBase64 string, message string) (string, error) {
function SM2Decrypt (line 317) | func SM2Decrypt(privateKeyBase64 string, message string) (string, error) {
function AESEncrypt (line 339) | func AESEncrypt(plainText []byte, key []byte) ([]byte, error) {
function pad (line 359) | func pad(data []byte, blockSize int) []byte {
function AESDecrypt (line 363) | func AESDecrypt(cipherText []byte, key []byte) ([]byte, error) {
function unpad (line 392) | func unpad(padded []byte, blockSize int) []byte {
FILE: nhp/core/device.go
constant NHP_NO_DEVICE (line 19) | NHP_NO_DEVICE = iota
constant NHP_AGENT (line 20) | NHP_AGENT
constant NHP_SERVER (line 21) | NHP_SERVER
constant NHP_AC (line 22) | NHP_AC
constant NHP_RELAY (line 23) | NHP_RELAY
constant NHP_DB (line 24) | NHP_DB
constant DHP_AGENT (line 25) | DHP_AGENT
type DeviceOptions (line 28) | type DeviceOptions struct
type NhpError (line 36) | type NhpError interface
function defaultDeviceOptions (line 42) | func defaultDeviceOptions(t int) (option DeviceOptions) {
type Device (line 56) | type Device struct
method SetOption (line 120) | func (d *Device) SetOption(option DeviceOptions) {
method Start (line 127) | func (d *Device) Start() {
method Stop (line 136) | func (d *Device) Stop() {
method PublicKeyBase64 (line 144) | func (d *Device) PublicKeyBase64() string {
method PublicKeyExBase64 (line 148) | func (d *Device) PublicKeyExBase64() string {
method NextCounterIndex (line 152) | func (d *Device) NextCounterIndex() uint64 {
method msgToPacketRoutine (line 157) | func (d *Device) msgToPacketRoutine(id int) {
method MsgToPacket (line 268) | func (d *Device) MsgToPacket(md *MsgData) (mad *MsgAssemblerData, err ...
method packetToMsgRoutine (line 314) | func (d *Device) packetToMsgRoutine(id int) {
method PacketToMsg (line 431) | func (d *Device) PacketToMsg(pd *PacketData) (ppd *PacketParserData, e...
method SendMsgToPacket (line 469) | func (d *Device) SendMsgToPacket(md *MsgData) {
method RecvPacketToMsg (line 479) | func (d *Device) RecvPacketToMsg(pd *PacketData) {
method AddPeer (line 489) | func (d *Device) AddPeer(peer Peer) {
method RemovePeer (line 496) | func (d *Device) RemovePeer(pubKey string) {
method ResetPeers (line 503) | func (d *Device) ResetPeers() {
method LookupPeer (line 510) | func (d *Device) LookupPeer(pk []byte) Peer {
method IsOverload (line 523) | func (d *Device) IsOverload() bool {
method SetOverload (line 528) | func (d *Device) SetOverload(overloaded bool) {
method GetEcdhByCipherScheme (line 532) | func (d *Device) GetEcdhByCipherScheme(cipherScheme int) Ecdh {
function NewDevice (line 84) | func NewDevice(t int, prk []byte, option *DeviceOptions) *Device {
FILE: nhp/core/errors.go
type Error (line 13) | type Error struct
method SetExtraError (line 20) | func (e *Error) SetExtraError(err error) {
method Error (line 28) | func (e *Error) Error() string {
method ErrorCode (line 37) | func (e *Error) ErrorCode() string {
method ErrorNumber (line 41) | func (e *Error) ErrorNumber() int {
function newError (line 45) | func newError(number C.int, msg string) *Error {
function ErrorToErrorNumber (line 54) | func ErrorToErrorNumber(err error) int {
function ErrorToString (line 62) | func ErrorToString(err error) string {
function ErrorCodeToError (line 70) | func ErrorCodeToError(number int) *Error {
FILE: nhp/core/initiator.go
type InitiatorScheme (line 17) | type InitiatorScheme interface
type MsgData (line 24) | type MsgData struct
method validateMsgData (line 41) | func (d *Device) validateMsgData(md *MsgData) (err error) {
type MsgAssemblerData (line 57) | type MsgAssemblerData struct
method derivePacketParserData (line 165) | func (mad *MsgAssemblerData) derivePacketParserData(pkt *Packet, initT...
method setPeerPublicKey (line 227) | func (mad *MsgAssemblerData) setPeerPublicKey(peerPk []byte) (err erro...
method encryptBody (line 353) | func (mad *MsgAssemblerData) encryptBody() (err error) {
method addHMAC (line 433) | func (mad *MsgAssemblerData) addHMAC(sumCookie bool) {
method Destroy (line 455) | func (mad *MsgAssemblerData) Destroy() {
method createMsgAssemblerData (line 90) | func (d *Device) createMsgAssemblerData(md *MsgData) (mad *MsgAssemblerD...
method createKeepalivePacket (line 196) | func (d *Device) createKeepalivePacket(md *MsgData) (mad *MsgAssemblerDa...
FILE: nhp/core/kdf.go
type NoiseFactory (line 9) | type NoiseFactory struct
method HMAC1 (line 13) | func (n *NoiseFactory) HMAC1(dst *[HashSize]byte, key, in0 []byte) {
method HMAC2 (line 27) | func (n *NoiseFactory) HMAC2(dst *[HashSize]byte, key, in0, in1 []byte) {
method KeyGen1 (line 42) | func (n *NoiseFactory) KeyGen1(dst0 *[HashSize]byte, key, input []byte) {
method KeyGen2 (line 47) | func (n *NoiseFactory) KeyGen2(dst0, dst1 *[HashSize]byte, key, input ...
method KeyGen3 (line 55) | func (n *NoiseFactory) KeyGen3(dst0, dst1, dst2 *[HashSize]byte, key, ...
method MixKey (line 64) | func (n *NoiseFactory) MixKey(dst *[SymmetricKeySize]byte, key []byte,...
method MixHash (line 68) | func (n *NoiseFactory) MixHash(dst *[HashSize]byte, key []byte, input ...
function SetZero (line 79) | func SetZero(arr []byte) {
function IsZero (line 85) | func IsZero(arr []byte) bool {
FILE: nhp/core/main/main.go
function main (line 5) | func main() {
FILE: nhp/core/main/nhpdevice.go
function nhp_free_cstring (line 22) | func nhp_free_cstring(ptr *C.char) {
function nhp_free_NhpResult (line 29) | func nhp_free_NhpResult(ptr *C.NhpResult) {
function nhp_free_NhpEncryptResult (line 37) | func nhp_free_NhpEncryptResult(ptr *C.NhpEncryptResult) {
function nhp_free_NhpDecryptResult (line 46) | func nhp_free_NhpDecryptResult(ptr *C.NhpDecryptResult) {
function nhp_device_init (line 67) | func nhp_device_init(deviceType C.int, privateKeyBase64 string) *C.NhpRe...
function nhp_device_close (line 98) | func nhp_device_close(handle uintptr) {
function nhp_device_encrypt_data (line 128) | func nhp_device_encrypt_data(handle uintptr, msgType C.int, peerPbk *C.u...
function nhp_device_decrypt_packet (line 180) | func nhp_device_decrypt_packet(handle uintptr, packet *C.uchar, packetLe...
function nhp_device_set_overload (line 249) | func nhp_device_set_overload(handle uintptr, overload bool) *C.NhpResult {
function nhp_sm4_aead_encrypt (line 282) | func nhp_sm4_aead_encrypt(key *C.uchar, keyLen C.int, nonce *C.uchar, no...
function nhp_sm4_aead_decrypt (line 326) | func nhp_sm4_aead_decrypt(key *C.uchar, keyLen C.int, nonce *C.uchar, no...
FILE: nhp/core/main/nhpdevicedef.h
type NhpDeviceType (line 14) | typedef enum _NhpDeviceType {
type NhpCipherScheme (line 20) | typedef enum _NhpCipherScheme {
type NhpMsgType (line 25) | typedef enum _NhpMsgType {
type NhpResult (line 45) | typedef struct _NhpResult {
type NhpEncryptParams (line 51) | typedef struct _NhpEncryptParams {
type NhpEncryptResult (line 70) | typedef struct _NhpEncryptResult {
type NhpPubicKey (line 78) | typedef struct _NhpPubicKey {
type NhpCookieStore (line 82) | typedef struct _NhpCookieStore {
type NhpConnContext (line 88) | typedef struct _NhpConnContext {
type NhpDecryptResult (line 94) | typedef struct _NhpDecryptResult {
type NhpError (line 105) | typedef enum _NhpError {
FILE: nhp/core/packet.go
constant NHP_KPL (line 16) | NHP_KPL = iota
constant NHP_KNK (line 17) | NHP_KNK
constant NHP_ACK (line 18) | NHP_ACK
constant NHP_AOP (line 19) | NHP_AOP
constant NHP_ART (line 20) | NHP_ART
constant NHP_LST (line 21) | NHP_LST
constant NHP_LRT (line 22) | NHP_LRT
constant NHP_COK (line 23) | NHP_COK
constant NHP_RKN (line 24) | NHP_RKN
constant NHP_RLY (line 25) | NHP_RLY
constant NHP_AOL (line 26) | NHP_AOL
constant NHP_AAK (line 27) | NHP_AAK
constant NHP_OTP (line 28) | NHP_OTP
constant NHP_REG (line 29) | NHP_REG
constant NHP_RAK (line 30) | NHP_RAK
constant NHP_ACC (line 31) | NHP_ACC
constant NHP_EXT (line 32) | NHP_EXT
constant NHP_DRG (line 34) | NHP_DRG
constant NHP_DAK (line 35) | NHP_DAK
constant NHP_DAR (line 36) | NHP_DAR
constant NHP_DAG (line 37) | NHP_DAG
constant NHP_DSA (line 38) | NHP_DSA
constant NHP_DAV (line 39) | NHP_DAV
constant NHP_DWR (line 40) | NHP_DWR
constant NHP_DWA (line 41) | NHP_DWA
constant NHP_DOL (line 42) | NHP_DOL
constant NHP_DBA (line 43) | NHP_DBA
constant DHP_KNK (line 44) | DHP_KNK
function HeaderTypeToString (line 78) | func HeaderTypeToString(t int) string {
function HeaderTypeToDeviceType (line 85) | func HeaderTypeToDeviceType(t int) int {
type PacketBufferPool (line 109) | type PacketBufferPool struct
method Init (line 113) | func (bp *PacketBufferPool) Init(max uint32) {
method Get (line 118) | func (bp *PacketBufferPool) Get() *PacketBuffer {
method Put (line 123) | func (bp *PacketBufferPool) Put(packet *PacketBuffer) {
type Packet (line 127) | type Packet struct
method Flag (line 155) | func (pkt *Packet) Flag() uint16 {
method Header (line 159) | func (pkt *Packet) Header() Header {
method HeaderWithCipherScheme (line 174) | func (pkt *Packet) HeaderWithCipherScheme(cipherScheme int) Header {
method HeaderTypeAndSize (line 187) | func (pkt *Packet) HeaderTypeAndSize() (t int, s int) {
method Counter (line 197) | func (pkt *Packet) Counter() uint64 {
method MinimalLength (line 201) | func (pkt *Packet) MinimalLength() int {
type Header (line 135) | type Header interface
method CheckRecvHeaderType (line 206) | func (d *Device) CheckRecvHeaderType(t int) bool {
method RecvPrecheck (line 240) | func (d *Device) RecvPrecheck(pkt *Packet) (int, int, error) {
method AllocatePoolPacket (line 264) | func (d *Device) AllocatePoolPacket() *Packet {
method ReleasePoolPacket (line 269) | func (d *Device) ReleasePoolPacket(pkt *Packet) {
FILE: nhp/core/peer.go
type Peer (line 11) | type Peer interface
type UdpPeer (line 32) | type UdpPeer struct
method DeviceType (line 56) | func (p *UdpPeer) DeviceType() DeviceTypeEnum {
method PublicKey (line 60) | func (p *UdpPeer) PublicKey() []byte {
method PublicKeyBase64 (line 70) | func (p *UdpPeer) PublicKeyBase64() string {
method Name (line 74) | func (p *UdpPeer) Name() string {
method ResolveHost (line 92) | func (p *UdpPeer) ResolveHost() string {
method Host (line 116) | func (p *UdpPeer) Host() string {
method SendAddr (line 127) | func (p *UdpPeer) SendAddr() net.Addr {
method ResolvedIps (line 140) | func (p *UdpPeer) ResolvedIps() []string {
method IsExpired (line 147) | func (p *UdpPeer) IsExpired() bool {
method LastSendTime (line 155) | func (p *UdpPeer) LastSendTime() int64 {
method UpdateSend (line 162) | func (p *UdpPeer) UpdateSend(currTime int64) {
method CheckRecvAddress (line 170) | func (p *UdpPeer) CheckRecvAddress(currTime int64, currAddr net.Addr) ...
method RecvAddr (line 185) | func (p *UdpPeer) RecvAddr() net.Addr {
method LastRecvTime (line 192) | func (p *UdpPeer) LastRecvTime() int64 {
method UpdateRecv (line 199) | func (p *UdpPeer) UpdateRecv(currTime int64, currAddr net.Addr) {
method TeePublicKeyBase64 (line 207) | func (p *UdpPeer) TeePublicKeyBase64() string {
method SetTeePublicKeyBase64 (line 214) | func (p *UdpPeer) SetTeePublicKeyBase64(teePublicKeyBase64 string) {
method ConsumerEphemeralPublicKeyBase64 (line 221) | func (p *UdpPeer) ConsumerEphemeralPublicKeyBase64() string {
method SetConsumerEphemeralPublicKeyBase64 (line 228) | func (p *UdpPeer) SetConsumerEphemeralPublicKeyBase64(consumerEphemera...
FILE: nhp/core/responder.go
type ResponderScheme (line 20) | type ResponderScheme interface
type CookieStore (line 27) | type CookieStore struct
method Set (line 33) | func (cs *CookieStore) Set(cookie []byte) {
method Clear (line 38) | func (cs *CookieStore) Clear() {
type PacketData (line 43) | type PacketData struct
type PacketParserData (line 54) | type PacketParserData struct
method deriveMsgAssemblerData (line 177) | func (ppd *PacketParserData) deriveMsgAssemblerData(t int, compress bo...
method validatePeer (line 224) | func (ppd *PacketParserData) validatePeer() (err error) {
method decryptBody (line 452) | func (ppd *PacketParserData) decryptBody() (err error) {
method makeCookieStore (line 513) | func (ppd *PacketParserData) makeCookieStore(cookieStore *CookieStore)...
method generateCookie (line 529) | func (ppd *PacketParserData) generateCookie() {
method sendCookie (line 544) | func (ppd *PacketParserData) sendCookie() {
method checkHMAC (line 566) | func (ppd *PacketParserData) checkHMAC(sumCookie bool) bool {
method Destroy (line 603) | func (ppd *PacketParserData) Destroy() {
method IsAllowedAtOverload (line 615) | func (ppd *PacketParserData) IsAllowedAtOverload() bool {
method createPacketParserData (line 91) | func (d *Device) createPacketParserData(pd *PacketData) (ppd *PacketPars...
function shouldCheckRecvAttack (line 215) | func shouldCheckRecvAttack(deviceType int, peerType int, msgType int) bo...
FILE: nhp/core/scheme/curve/curve.go
constant PrivateKeySize (line 12) | PrivateKeySize = 32
constant PublicKeySize (line 13) | PublicKeySize = 32
type Curve25519ECDH (line 16) | type Curve25519ECDH struct
method SetPrivateKey (line 24) | func (c *Curve25519ECDH) SetPrivateKey(prk []byte) (err error) {
method PrivateKey (line 41) | func (c *Curve25519ECDH) PrivateKey() []byte {
method PrivateKeyBase64 (line 45) | func (c *Curve25519ECDH) PrivateKeyBase64() string {
method PublicKey (line 49) | func (c *Curve25519ECDH) PublicKey() []byte {
method PublicKeyBase64 (line 53) | func (c *Curve25519ECDH) PublicKeyBase64() string {
method SharedSecret (line 57) | func (c *Curve25519ECDH) SharedSecret(pbk []byte) []byte {
method Name (line 71) | func (c *Curve25519ECDH) Name() string {
method Identity (line 75) | func (c *Curve25519ECDH) Identity() []byte {
method MidPublicKey (line 79) | func (c *Curve25519ECDH) MidPublicKey() []byte {
function NewECDH (line 83) | func NewECDH() *Curve25519ECDH {
FILE: nhp/core/scheme/curve/header.go
constant HeaderCommonSize (line 12) | HeaderCommonSize = 24
constant HashSize (line 13) | HashSize = 32
constant GCMNonceSize (line 14) | GCMNonceSize = 12
constant GCMTagSize (line 15) | GCMTagSize = 16
constant TimestampSize (line 16) | TimestampSize = 8
constant MaximumIdentitySize (line 17) | MaximumIdentitySize = 64
constant HeaderSize (line 18) | HeaderSize = HeaderCommonSize + PublicKeySize + MaximumIdentity...
type HeaderCurve (line 21) | type HeaderCurve struct
method TypeAndPayloadSize (line 31) | func (h *HeaderCurve) TypeAndPayloadSize() (t int, s int) {
method SetTypeAndPayloadSize (line 39) | func (h *HeaderCurve) SetTypeAndPayloadSize(t int, s int) {
method Size (line 50) | func (h *HeaderCurve) Size() int {
method Version (line 54) | func (h *HeaderCurve) Version() (int, int) {
method SetVersion (line 60) | func (h *HeaderCurve) SetVersion(major int, minor int) {
method Flag (line 67) | func (h *HeaderCurve) Flag() uint16 {
method SetFlag (line 71) | func (h *HeaderCurve) SetFlag(flag uint16) {
method NonceBytes (line 77) | func (h *HeaderCurve) NonceBytes() []byte {
method SetCounter (line 83) | func (h *HeaderCurve) SetCounter(counter uint64) {
method Counter (line 87) | func (h *HeaderCurve) Counter() uint64 {
method Bytes (line 91) | func (h *HeaderCurve) Bytes() []byte {
method EphermeralBytes (line 97) | func (h *HeaderCurve) EphermeralBytes() []byte {
method StaticBytes (line 101) | func (h *HeaderCurve) StaticBytes() []byte {
method TimestampBytes (line 105) | func (h *HeaderCurve) TimestampBytes() []byte {
method IdentityBytes (line 109) | func (h *HeaderCurve) IdentityBytes() []byte {
method HMACBytes (line 113) | func (h *HeaderCurve) HMACBytes() []byte {
method CipherScheme (line 117) | func (h *HeaderCurve) CipherScheme() int {
FILE: nhp/core/scheme/gmsm/gmsm.go
constant PrivateKeySize (line 15) | PrivateKeySize = 32
constant PublicKeySize (line 16) | PublicKeySize = 64
type SM2ECDH (line 19) | type SM2ECDH struct
method SetPrivateKey (line 28) | func (s *SM2ECDH) SetPrivateKey(prk []byte) (err error) {
method PrivateKey (line 45) | func (s *SM2ECDH) PrivateKey() []byte {
method PrivateKeyBase64 (line 49) | func (s *SM2ECDH) PrivateKeyBase64() string {
method PublicKey (line 53) | func (s *SM2ECDH) PublicKey() []byte {
method PublicKeyBase64 (line 57) | func (s *SM2ECDH) PublicKeyBase64() string {
method SharedSecret (line 61) | func (s *SM2ECDH) SharedSecret(pbk []byte) []byte {
method Name (line 84) | func (s *SM2ECDH) Name() string {
method Identity (line 88) | func (s *SM2ECDH) Identity() []byte {
method MidPublicKey (line 92) | func (c *SM2ECDH) MidPublicKey() []byte {
function NewECDH (line 96) | func NewECDH() *SM2ECDH {
function GenerateSM2ECDHKeypair (line 112) | func GenerateSM2ECDHKeypair() (string, string) {
function Base64DecodeSM2ECDHPrivateKey (line 128) | func Base64DecodeSM2ECDHPrivateKey(privStr string) (*ecdh.PrivateKey, er...
function Base64DecodeSM2ECDHPublicKey (line 143) | func Base64DecodeSM2ECDHPublicKey(pubStr string) (*ecdh.PublicKey, error) {
function GenerateSM2ECDSAKeypair (line 163) | func GenerateSM2ECDSAKeypair() (*sm2.PrivateKey, string, string) {
function Base64DecodeSM2ECDSAPrivateKey (line 184) | func Base64DecodeSM2ECDSAPrivateKey(pubKeyStr string, privKeyStr string)...
function Base64DecodeSM2ECDSAPublicKey (line 213) | func Base64DecodeSM2ECDSAPublicKey(pubKeyStr string) (*ecdsa.PublicKey, ...
FILE: nhp/core/scheme/gmsm/header.go
constant HeaderCommonSize (line 12) | HeaderCommonSize = 24
constant HashSize (line 13) | HashSize = 32
constant GCMNonceSize (line 14) | GCMNonceSize = 12
constant GCMTagSize (line 15) | GCMTagSize = 16
constant TimestampSize (line 16) | TimestampSize = 8
constant MaximumIdentitySize (line 17) | MaximumIdentitySize = 64
constant HeaderSize (line 18) | HeaderSize = HeaderCommonSize + PublicKeySize + MaximumIdentity...
type HeaderGmsm (line 21) | type HeaderGmsm struct
method TypeAndPayloadSize (line 31) | func (h *HeaderGmsm) TypeAndPayloadSize() (t int, s int) {
method SetTypeAndPayloadSize (line 39) | func (h *HeaderGmsm) SetTypeAndPayloadSize(t int, s int) {
method Size (line 50) | func (h *HeaderGmsm) Size() int {
method Version (line 54) | func (h *HeaderGmsm) Version() (int, int) {
method SetVersion (line 60) | func (h *HeaderGmsm) SetVersion(major int, minor int) {
method Flag (line 67) | func (h *HeaderGmsm) Flag() uint16 {
method SetFlag (line 71) | func (h *HeaderGmsm) SetFlag(flag uint16) {
method NonceBytes (line 78) | func (h *HeaderGmsm) NonceBytes() []byte {
method SetCounter (line 84) | func (h *HeaderGmsm) SetCounter(counter uint64) {
method Counter (line 88) | func (h *HeaderGmsm) Counter() uint64 {
method Bytes (line 92) | func (h *HeaderGmsm) Bytes() []byte {
method EphermeralBytes (line 98) | func (h *HeaderGmsm) EphermeralBytes() []byte {
method StaticBytes (line 102) | func (h *HeaderGmsm) StaticBytes() []byte {
method TimestampBytes (line 106) | func (h *HeaderGmsm) TimestampBytes() []byte {
method IdentityBytes (line 110) | func (h *HeaderGmsm) IdentityBytes() []byte {
method HMACBytes (line 114) | func (h *HeaderGmsm) HMACBytes() []byte {
method CipherScheme (line 118) | func (h *HeaderGmsm) CipherScheme() int {
FILE: nhp/core/transaction.go
type LocalTransaction (line 10) | type LocalTransaction struct
method Run (line 137) | func (t *LocalTransaction) Run() {
type RemoteTransaction (line 19) | type RemoteTransaction struct
method Run (line 228) | func (t *RemoteTransaction) Run() {
method IsTransactionRequest (line 27) | func (d *Device) IsTransactionRequest(t int) bool {
method LocalTransactionTimeout (line 60) | func (d *Device) LocalTransactionTimeout() int {
method RemoteTransactionTimeout (line 78) | func (d *Device) RemoteTransactionTimeout() int {
method IsTransactionResponse (line 82) | func (d *Device) IsTransactionResponse(t int) bool {
method AddLocalTransaction (line 115) | func (d *Device) AddLocalTransaction(t *LocalTransaction) {
method FindLocalTransaction (line 125) | func (d *Device) FindLocalTransaction(id uint64) *LocalTransaction {
method AddRemoteTransaction (line 201) | func (c *ConnectionData) AddRemoteTransaction(t *RemoteTransaction) {
method FindRemoteTransaction (line 211) | func (c *ConnectionData) FindRemoteTransaction(id uint64) *RemoteTransac...
FILE: nhp/core/udpconn.go
type ConnectionData (line 11) | type ConnectionData struct
method Equal (line 43) | func (c *ConnectionData) Equal(other *ConnectionData) bool {
method SetTimeout (line 49) | func (c *ConnectionData) SetTimeout(ms int) {
method Close (line 54) | func (c *ConnectionData) Close() {
method IsClosed (line 90) | func (c *ConnectionData) IsClosed() bool {
method ForwardOutboundPacket (line 94) | func (c *ConnectionData) ForwardOutboundPacket(pkt *Packet) {
method ForwardInboundPacket (line 112) | func (c *ConnectionData) ForwardInboundPacket(pkt *Packet) {
method SendBlockSignal (line 130) | func (c *ConnectionData) SendBlockSignal() {
FILE: nhp/core/verifier/csv/csv.go
type AttestationBody (line 28) | type AttestationBody struct
type Signature (line 38) | type Signature struct
type AttestationReport (line 43) | type AttestationReport struct
type CertificateData (line 51) | type CertificateData struct
type PubKey (line 58) | type PubKey struct
type CertificatePreamble (line 64) | type CertificatePreamble struct
type CaCertificateBody (line 69) | type CaCertificateBody struct
type Version (line 77) | type Version struct
type CsvPubkey (line 82) | type CsvPubkey struct
type CsvCertificateData (line 88) | type CsvCertificateData struct
type CsvCertificateBody (line 98) | type CsvCertificateBody struct
type CsvSignature (line 103) | type CsvSignature struct
type CsvCertificate (line 110) | type CsvCertificate struct
type CaCertificate (line 115) | type CaCertificate struct
type CertificateChain (line 121) | type CertificateChain struct
type CsvEvidence (line 127) | type CsvEvidence struct
type Attestation (line 133) | type Attestation struct
method verifySm2SignatureWithId (line 243) | func (a *Attestation) verifySm2SignatureWithId(qx, qy, r, s []byte, id...
method verifyCertChain (line 292) | func (a *Attestation) verifyCertChain(chipId string) error {
method verifyHygonCertInfo (line 414) | func (a *Attestation) verifyHygonCertInfo(hrk []byte, curveId, keyUsag...
method verifyCSVCertInfo (line 436) | func (a *Attestation) verifyCSVCertInfo(csvCert []byte, sigUsage int, ...
method Verify (line 463) | func (a *Attestation) Verify() error {
method GetSerialNumber (line 486) | func (a *Attestation) GetSerialNumber() string {
method performXORBy4BytesGroup (line 490) | func (a *Attestation) performXORBy4BytesGroup(data []byte, anouce uint...
method GetMeasure (line 524) | func (a *Attestation) GetMeasure() string {
function ReverseBytes (line 139) | func ReverseBytes(b []byte) []byte {
function buildIDMsg (line 147) | func buildIDMsg(id []byte, idLen int, ecKeyHex string, pubkeyHex string)...
function Sm3Digest (line 168) | func Sm3Digest(hrkData []byte) ([]byte, error) {
function Sm3Hmac (line 177) | func Sm3Hmac(data []byte, key []byte) []byte {
function VerifySignature (line 213) | func VerifySignature(pub *ecdsa.PublicKey, hash []byte, r, s *big.Int) b...
function NewAttestation (line 530) | func NewAttestation(attestationJsonStr string) (*Attestation, error) {
FILE: nhp/core/verifier/verifier.go
type Verifier (line 14) | type Verifier interface
type FallbackVerifier (line 27) | type FallbackVerifier struct
method Verify (line 33) | func (f *FallbackVerifier) Verify() error {
method GetSerialNumber (line 37) | func (f *FallbackVerifier) GetSerialNumber() string {
method GetMeasure (line 41) | func (f *FallbackVerifier) GetMeasure() string {
function NewFallbackVerifier (line 45) | func NewFallbackVerifier(evidence []byte) (*FallbackVerifier, error) {
function NewVerifier (line 56) | func NewVerifier(compressedEvienceBase64 string) (Verifier, error) {
FILE: nhp/core/wasm/engine/engine.go
type Engine (line 12) | type Engine struct
method LoadWasm (line 28) | func (e *Engine) LoadWasm(wasmBytes []byte) error {
method Close (line 63) | func (e *Engine) Close() {
method ReadContentFromVMMemory (line 67) | func (e *Engine) ReadContentFromVMMemory(memPos uint32, memLen uint32)...
method WriteContentToVMMemory (line 76) | func (e *Engine) WriteContentToVMMemory(content string) (memPos uint64...
method OnAttestationCollect (line 93) | func (e *Engine) OnAttestationCollect() (attestation string) {
method OnAttestationVerify (line 112) | func (e *Engine) OnAttestationVerify(attestation string) bool {
method OnDataPreprocess (line 129) | func (e *Engine) OnDataPreprocess(metadata string, rawData string, fil...
method OnDataPostprocess (line 152) | func (e *Engine) OnDataPostprocess(rawOutput string) (processedOutput ...
function NewEngine (line 20) | func NewEngine() *Engine {
FILE: nhp/core/wasm/engine/host.go
function logString (line 29) | func logString(_ context.Context, m api.Module, offset, byteCount uint32) {
function GetEvidenceWithCCUrl (line 37) | func GetEvidenceWithCCUrl() ([]byte, error) {
function GetEvidenceWithAgentUuid (line 69) | func GetEvidenceWithAgentUuid() ([]byte, error) {
function GetEvidence (line 97) | func GetEvidence() (string, error) {
function CalculateAgentUniqueId (line 109) | func CalculateAgentUniqueId() (string, error) {
FILE: nhp/core/wasm/engine/host_test.go
function TestGetEvidence (line 7) | func TestGetEvidence(t *testing.T) {
FILE: nhp/core/wasm/policy/host.go
function _log (line 17) | func _log(ptr, size uint32)
function Log (line 19) | func Log(message string) {
FILE: nhp/core/wasm/policy/impl/policy.go
type Attestation (line 21) | type Attestation struct
type PolicyImpl (line 30) | type PolicyImpl struct
method OnAttestationCollect (line 37) | func (p *PolicyImpl) OnAttestationCollect() (attestation string) {
method OnAttestationVerify (line 51) | func (p *PolicyImpl) OnAttestationVerify(attestation string) bool {
method OnDataPreprocess (line 57) | func (p *PolicyImpl) OnDataPreprocess(metadata string, rawData string,...
method OnDataPostprocess (line 65) | func (p *PolicyImpl) OnDataPostprocess(rawOutput string) (processedOut...
function NewPolicy (line 33) | func NewPolicy() policy.Policy {
FILE: nhp/core/wasm/policy/interface.go
type Policy (line 11) | type Policy interface
FILE: nhp/core/wasm/policy/main/main.go
function main (line 15) | func main() {}
function onAttestationCollect (line 18) | func onAttestationCollect() uint64 {
function onAttestationVerify (line 27) | func onAttestationVerify(attestationPosition *uint32, attestationLength ...
function onDataPreprocess (line 34) | func onDataPreprocess(metaDataPosition *uint32, metaDataLength uint32, r...
function onDataPostprocess (line 45) | func onDataPostprocess(rawDataPosition *uint32, rawDataLength uint32) ui...
FILE: nhp/core/wasm/policy/memory/memory.go
function ReadBufferFromMemory (line 8) | func ReadBufferFromMemory(bufferPosition *uint32, length uint32) []byte {
function CopyBufferToMemory (line 21) | func CopyBufferToMemory(buffer []byte) uint64 {
function StringToPtr (line 34) | func StringToPtr(s string) (uint32, uint32) {
FILE: nhp/core/ztdo/noise.go
constant InitialDHPKeyWrappingString (line 16) | InitialDHPKeyWrappingString = "DHP Data Private Key Wrapping"
type DataKeyPairGenerator (line 24) | type DataKeyPairGenerator interface
type SymmetricCipherMode (line 29) | type SymmetricCipherMode
method String (line 42) | func (m SymmetricCipherMode) String() string {
method TagSize (line 65) | func (m SymmetricCipherMode) TagSize() int {
method newCipherBlock (line 106) | func (mode SymmetricCipherMode) newCipherBlock(key []byte) (cipher.Blo...
method Encrypt (line 126) | func (mode SymmetricCipherMode) Encrypt(key, nonce, plaintext, ad []by...
method Decrypt (line 144) | func (mode SymmetricCipherMode) Decrypt(key, nonce, ciphertext, ad []b...
constant AES256GCM64Tag (line 32) | AES256GCM64Tag SymmetricCipherMode = iota
constant AES256GCM96Tag (line 33) | AES256GCM96Tag
constant AES256GCM104Tag (line 34) | AES256GCM104Tag
constant AES256GCM112Tag (line 35) | AES256GCM112Tag
constant AES256GCM120Tag (line 36) | AES256GCM120Tag
constant AES256GCM128Tag (line 37) | AES256GCM128Tag
constant SM4GCM64Tag (line 38) | SM4GCM64Tag
constant SM4GCM128Tag (line 39) | SM4GCM128Tag
function NewSymmetricCipherMode (line 84) | func NewSymmetricCipherMode(mode string) (SymmetricCipherMode, error) {
type DataKeyPairECCMode (line 166) | type DataKeyPairECCMode
method String (line 174) | func (d DataKeyPairECCMode) String() string {
method ToEccType (line 185) | func (d DataKeyPairECCMode) ToEccType() core.EccTypeEnum {
method ToHashType (line 196) | func (d DataKeyPairECCMode) ToHashType() core.HashTypeEnum {
method ECDHFromKey (line 229) | func (d DataKeyPairECCMode) ECDHFromKey(prk []byte) core.Ecdh {
method PublicKeyFromKey (line 233) | func (d DataKeyPairECCMode) PublicKeyFromKey(prk []byte) []byte {
constant CURVE25519 (line 169) | CURVE25519 DataKeyPairECCMode = iota
constant SM2 (line 170) | SM2
constant UNKNOWN (line 171) | UNKNOWN
function NewDataKeyPairECCModeWithName (line 207) | func NewDataKeyPairECCModeWithName(mode string) (DataKeyPairECCMode, err...
function NewDataKeyPairECCMode (line 218) | func NewDataKeyPairECCMode(eccMode core.EccTypeEnum) (DataKeyPairECCMode...
type MessagePattern (line 238) | type MessagePattern
constant MessagePatternS (line 241) | MessagePatternS MessagePattern = iota
constant MessagePatternE (line 242) | MessagePatternE
constant MessagePatternRS (line 243) | MessagePatternRS
constant MessagePatternRE (line 244) | MessagePatternRE
constant MessagePatternDHEE (line 245) | MessagePatternDHEE
constant MessagePatternDHES (line 246) | MessagePatternDHES
constant MessagePatternDHSE (line 247) | MessagePatternDHSE
constant MessagePatternDHSS (line 248) | MessagePatternDHSS
type SymmetricAgreement (line 251) | type SymmetricAgreement struct
method SetPsk (line 277) | func (sa *SymmetricAgreement) SetPsk(psk []byte) {
method SetStaticKeyPair (line 282) | func (sa *SymmetricAgreement) SetStaticKeyPair(s core.Ecdh) {
method SetEphemeralKeyPair (line 286) | func (sa *SymmetricAgreement) SetEphemeralKeyPair(e core.Ecdh) {
method SetRemoteStaticPublicKey (line 290) | func (sa *SymmetricAgreement) SetRemoteStaticPublicKey(rs []byte) {
method SetRemoteEphemeralPublicKey (line 294) | func (sa *SymmetricAgreement) SetRemoteEphemeralPublicKey(re []byte) {
method SetMessagePatterns (line 298) | func (sa *SymmetricAgreement) SetMessagePatterns(msgPatterns [][]Messa...
method AgreeSymmetricKey (line 302) | func (sa *SymmetricAgreement) AgreeSymmetricKey() (gcmKey [core.Symmet...
function NewSymmetricAgreement (line 264) | func NewSymmetricAgreement(eccMode DataKeyPairECCMode, provider bool) *S...
type DataPrivateKeyWrapping (line 405) | type DataPrivateKeyWrapping struct
method Unwrap (line 427) | func (d *DataPrivateKeyWrapping) Unwrap(key, ad []byte) (dataPrivateKe...
function NewDataPrivateKeyWrapping (line 411) | func NewDataPrivateKeyWrapping(providerPublicKeyBase64 string, dataPriva...
FILE: nhp/core/ztdo/ztdo.go
constant MagicNumberSize (line 21) | MagicNumberSize = 4
constant ObjectIDSize (line 22) | ObjectIDSize = 16
constant VersionSize (line 23) | VersionSize = 2
constant NhpServerLenSize (line 24) | NhpServerLenSize = 1
constant NhpServerMaxSize (line 25) | NhpServerMaxSize = 255
constant CipherConfigSize (line 26) | CipherConfigSize = 1
constant MetadataLenSize (line 27) | MetadataLenSize = 2
constant MetadataChunkMaxSize (line 28) | MetadataChunkMaxSize = 32767
constant PayloadLengthSize (line 29) | PayloadLengthSize = 3
constant IVSize (line 30) | IVSize = 12
constant SIGNATURELenSize (line 31) | SIGNATURELenSize = 32
constant LENGTHFOR (line 32) | LENGTHFOR = "lengthFor"
constant LENGTHCONTINUE (line 33) | LENGTHCONTINUE = "lengthContinue"
constant SUBTRACTFROM (line 34) | SUBTRACTFROM = "subtractFrom"
constant DATACHUNKSIZE (line 35) | DATACHUNKSIZE = 16777187
type Endianness (line 43) | type Endianness struct
method PutUint32 (line 47) | func (e *Endianness) PutUint32(b []byte, v uint32) {
method Uint32 (line 55) | func (e *Endianness) Uint32(b []byte) uint32 {
type ZtdoMetadata (line 65) | type ZtdoMetadata struct
type ZtdoHeader (line 71) | type ZtdoHeader struct
method SetObjectID (line 102) | func (header *ZtdoHeader) SetObjectID() {
method GetObjectID (line 111) | func (header *ZtdoHeader) GetObjectID() string {
method SetVersion (line 115) | func (header *ZtdoHeader) SetVersion() {
method SetNhpServer (line 119) | func (header *ZtdoHeader) SetNhpServer(nhpServer string) error {
method SetMetadata (line 131) | func (header *ZtdoHeader) SetMetadata(metadata string) error {
method GetMetadata (line 159) | func (header *ZtdoHeader) GetMetadata() []byte {
method SetCipherConfig (line 169) | func (header *ZtdoHeader) SetCipherConfig(hasSignature bool, mode Symm...
method HasSignature (line 180) | func (header *ZtdoHeader) HasSignature() bool {
method GetCipherMode (line 184) | func (header *ZtdoHeader) GetCipherMode() SymmetricCipherMode {
method GetECCMode (line 188) | func (header *ZtdoHeader) GetECCMode() DataKeyPairECCMode {
type ZtdoContent (line 82) | type ZtdoContent struct
type ZtdoPayload (line 87) | type ZtdoPayload struct
method SetIV (line 192) | func (payload *ZtdoPayload) SetIV() {
method SetCipherText (line 198) | func (payload *ZtdoPayload) SetCipherText(mode SymmetricCipherMode, ke...
method GetPlainText (line 209) | func (payload *ZtdoPayload) GetPlainText(mode SymmetricCipherMode, key...
method SetLength (line 213) | func (payload *ZtdoPayload) SetLength() {
method GetLength (line 222) | func (payload *ZtdoPayload) GetLength() uint32 {
type ZtdoSignature (line 92) | type ZtdoSignature struct
method mixHash (line 254) | func (signature *ZtdoSignature) mixHash(buf *bytes.Buffer) {
method sign (line 265) | func (signature *ZtdoSignature) sign(key []byte) {
method verify (line 281) | func (signature *ZtdoSignature) verify(in *ZtdoSignature) bool {
type Ztdo (line 96) | type Ztdo struct
method Generate (line 292) | func (ztdo *Ztdo) Generate(mode DataKeyPairECCMode) (privateKey []byte) {
method SetNhpServer (line 297) | func (ztdo *Ztdo) SetNhpServer(nhpServer string) error {
method SetCipherConfig (line 301) | func (ztdo *Ztdo) SetCipherConfig(hasSignature bool, mode SymmetricCip...
method SetMetadata (line 305) | func (ztdo *Ztdo) SetMetadata(metadata string) error {
method GetObjectID (line 309) | func (ztdo *Ztdo) GetObjectID() string {
method GetCipherMode (line 313) | func (ztdo *Ztdo) GetCipherMode() SymmetricCipherMode {
method GetECCMode (line 317) | func (ztdo *Ztdo) GetECCMode() DataKeyPairECCMode {
method EncryptZtdoFile (line 321) | func (ztdo *Ztdo) EncryptZtdoFile(plaintextPath, ciphertextPath string...
method ParseHeader (line 383) | func (ztdo *Ztdo) ParseHeader(ciphertextPath string) error {
method DecryptZtdoFile (line 401) | func (ztdo *Ztdo) DecryptZtdoFile(ciphertextPath, plaintextPath string...
function NewZtdoHeader (line 230) | func NewZtdoHeader() *ZtdoHeader {
function NewZtdoPayload (line 240) | func NewZtdoPayload() *ZtdoPayload {
function NewZtdoSignature (line 248) | func NewZtdoSignature() *ZtdoSignature {
function NewZtdo (line 285) | func NewZtdo() *Ztdo {
function marshal (line 484) | func marshal(buf *bytes.Buffer, data any) error {
function unmarshal (line 531) | func unmarshal(f *os.File, data any) error {
function toBuffer (line 617) | func toBuffer(data any) *bytes.Buffer {
function toStructure (line 624) | func toStructure(f *os.File, data any) error {
function setBytes (line 634) | func setBytes(rvalue reflect.Value, dst []byte) {
function encodeMetadataLength (line 656) | func encodeMetadataLength(length int, continuation bool) ([2]byte, error) {
function preprocessContinuation (line 682) | func preprocessContinuation(encoded []byte) (continuation bool) {
function getSecureRandomChunkSize (line 695) | func getSecureRandomChunkSize() int {
FILE: nhp/core/ztdo/ztdo_test.go
function TestEncodeMetadataLength (line 8) | func TestEncodeMetadataLength(t *testing.T) {
FILE: nhp/ebpf/xdp/nhp_ebpf_xdp.c
type whitelist_key (line 39) | struct whitelist_key {
type src_port_list_key (line 46) | struct src_port_list_key {
type port_list_key (line 51) | struct port_list_key {
type protocol_port_key (line 57) | struct protocol_port_key {
type icmpwhitelist_key (line 62) | struct icmpwhitelist_key {
type sdwhitelist_key (line 67) | struct sdwhitelist_key {
type whitelist_value (line 72) | struct whitelist_value {
type icmpwhitelist_value (line 77) | struct icmpwhitelist_value {
type sdwhitelist_value (line 82) | struct sdwhitelist_value {
type src_port_list_value (line 87) | struct src_port_list_value {
type port_list_value (line 92) | struct port_list_value {
type protocol_port_value (line 97) | struct protocol_port_value {
type whitelist_key (line 104) | struct whitelist_key
type whitelist_value (line 105) | struct whitelist_value
type src_port_list_key (line 112) | struct src_port_list_key
type src_port_list_value (line 113) | struct src_port_list_value
type icmpwhitelist_key (line 120) | struct icmpwhitelist_key
type icmpwhitelist_value (line 121) | struct icmpwhitelist_value
type sdwhitelist_key (line 128) | struct sdwhitelist_key
type sdwhitelist_value (line 129) | struct sdwhitelist_value
type port_list_key (line 136) | struct port_list_key
type port_list_value (line 137) | struct port_list_value
type protocol_port_key (line 144) | struct protocol_port_key
type protocol_port_value (line 145) | struct protocol_port_value
type ipv4_ct_tuple (line 150) | struct ipv4_ct_tuple {
type conn_value (line 159) | struct conn_value {
type ipv4_ct_tuple (line 172) | struct ipv4_ct_tuple
type conn_value (line 173) | struct conn_value
type event_t (line 177) | struct event_t {
function __always_inline (line 194) | static __always_inline int submit_event(void *ctx, __u8 action, __be32 s...
function __always_inline (line 209) | static __always_inline void reverseTuple(struct ipv4_ct_tuple *key) {
function __always_inline (line 223) | static __always_inline bool check_conn_expiry(struct conn_value *val) {
function __always_inline (line 229) | static __always_inline int xdp_white_prog(struct xdp_md *ctx) {
FILE: nhp/ebpf/xdp/tc_egress.c
type whitelist_key (line 19) | struct whitelist_key {
type whitelist_value (line 26) | struct whitelist_value {
type whitelist_key (line 33) | struct whitelist_key
type whitelist_value (line 34) | struct whitelist_value
function tc_egress_prog (line 40) | int tc_egress_prog(struct __sk_buff *ctx)
FILE: nhp/ebpf/xdp/vmlinux.h
type BIT_DStream_status (line 9454) | typedef enum {
type ZSTD_ErrorCode (line 9461) | typedef enum {
type ZSTD_ErrorCode (line 9492) | typedef ZSTD_ErrorCode ERR_enum;
type FSE_repeat (line 9494) | typedef enum {
type HIST_checkInput_e (line 9500) | typedef enum {
type HUF_nbStreams_e (line 9505) | typedef enum {
type HUF_repeat (line 9510) | typedef enum {
type ZSTD_EndDirective (line 9516) | typedef enum {
type ZSTD_OptPrice_e (line 9522) | typedef enum {
type ZSTD_ResetDirective (line 9527) | typedef enum {
type ZSTD_bufferMode_e (line 9533) | typedef enum {
type ZSTD_buffered_policy_e (line 9538) | typedef enum {
type ZSTD_cParamMode_e (line 9543) | typedef enum {
type ZSTD_cParameter (line 9550) | typedef enum {
type ZSTD_cStreamStage (line 9587) | typedef enum {
type ZSTD_compResetPolicy_e (line 9593) | typedef enum {
type ZSTD_compressionStage_e (line 9598) | typedef enum {
type ZSTD_cwksp_alloc_phase_e (line 9605) | typedef enum {
type ZSTD_cwksp_static_alloc_e (line 9611) | typedef enum {
type ZSTD_dParameter (line 9616) | typedef enum {
type ZSTD_dStage (line 9624) | typedef enum {
type ZSTD_dStreamStage (line 9635) | typedef enum {
type ZSTD_defaultPolicy_e (line 9643) | typedef enum {
type ZSTD_dictAttachPref_e (line 9648) | typedef enum {
type ZSTD_dictContentType_e (line 9655) | typedef enum {
type ZSTD_dictLoadMethod_e (line 9661) | typedef enum {
type ZSTD_dictMode_e (line 9666) | typedef enum {
type ZSTD_dictTableLoadMethod_e (line 9673) | typedef enum {
type ZSTD_dictUses_e (line 9678) | typedef enum {
type ZSTD_forceIgnoreChecksum_e (line 9684) | typedef enum {
type ZSTD_format_e (line 9689) | typedef enum {
type ZSTD_frameType_e (line 9694) | typedef enum {
type ZSTD_indexResetPolicy_e (line 9699) | typedef enum {
type ZSTD_litLocation_e (line 9704) | typedef enum {
type ZSTD_longLengthType_e (line 9710) | typedef enum {
type ZSTD_longOffset_e (line 9716) | typedef enum {
type ZSTD_nextInputType_e (line 9721) | typedef enum {
type ZSTD_overlap_e (line 9730) | typedef enum {
type ZSTD_paramSwitch_e (line 9735) | typedef enum {
type ZSTD_refMultipleDDicts_e (line 9741) | typedef enum {
type ZSTD_resetTarget_e (line 9746) | typedef enum {
type ZSTD_sequenceFormat_e (line 9751) | typedef enum {
type ZSTD_strategy (line 9756) | typedef enum {
type acpi_execute_type (line 9768) | typedef enum {
type acpi_interpreter_mode (line 9778) | typedef enum {
type acpi_trace_event_type (line 9784) | typedef enum {
type blockType_e (line 9790) | typedef enum {
type block_state (line 9797) | typedef enum {
type codetype (line 9804) | typedef enum {
type cpuset_filetype_t (line 9810) | typedef enum {
type cpuset_flagbits_t (line 9832) | typedef enum {
type dict_directive (line 9843) | typedef enum {
type dirblock_type_t (line 9849) | typedef enum {
type earlyEnd_directive (line 9856) | typedef enum {
type endCondition_directive (line 9861) | typedef enum {
type ext4_iget_flags (line 9866) | typedef enum {
type fscrypt_direction_t (line 9874) | typedef enum {
type inflate_mode (line 9879) | typedef enum {
type isolate_migrate_t (line 9912) | typedef enum {
type kdb_cmdflags_t (line 9918) | typedef enum {
type kdb_dbtrap_t (line 9945) | typedef enum {
type kdb_reason_t (line 9952) | typedef enum {
type pageout_t (line 9966) | typedef enum {
type phy_interface_t (line 9973) | typedef enum {
type searchMethod_e (line 10011) | typedef enum {
type socket_state (line 10017) | typedef enum {
type status_type_t (line 10025) | typedef enum {
type streaming_operation (line 10031) | typedef enum {
type symbolEncodingType_e (line 10036) | typedef enum {
type ZSTD_ErrorCode (line 10043) | typedef ZSTD_ErrorCode zstd_error_code;
type CSI_J (line 10045) | enum CSI_J {
type CSI_right_square_bracket (line 10052) | enum CSI_right_square_bracket {
type HV_GENERIC_SET_FORMAT (line 10066) | enum HV_GENERIC_SET_FORMAT {
type HV_SUBNODE_TYPE (line 10071) | enum HV_SUBNODE_TYPE {
type KTHREAD_BITS (line 10080) | enum KTHREAD_BITS {
type NPmode (line 10086) | enum NPmode {
type OID (line 10093) | enum OID {
type Opt_errors (line 10200) | enum Opt_errors {
type P4_ESCR_EMASKS (line 10205) | enum P4_ESCR_EMASKS {
type P4_EVENTS (line 10354) | enum P4_EVENTS {
type P4_EVENT_OPCODES (line 10403) | enum P4_EVENT_OPCODES {
type P4_PEBS_METRIC (line 10452) | enum P4_PEBS_METRIC {
type SHIFT_DIRECTION (line 10466) | enum SHIFT_DIRECTION {
type TPM_OPS_FLAGS (line 10471) | enum TPM_OPS_FLAGS {
type __sk_action (line 10475) | enum __sk_action {
type _cache_type (line 10482) | enum _cache_type {
type _slab_flag_bits (line 10489) | enum _slab_flag_bits {
type aa_code (line 10513) | enum aa_code {
type aa_sfs_type (line 10529) | enum aa_sfs_type {
type aafs_ns_type (line 10537) | enum aafs_ns_type {
type aafs_prof_type (line 10554) | enum aafs_prof_type {
type aat2870_id (line 10568) | enum aat2870_id {
type access_coordinate_class (line 10576) | enum access_coordinate_class {
type acpi_attr_enum (line 10582) | enum acpi_attr_enum {
type acpi_bridge_type (line 10587) | enum acpi_bridge_type {
type acpi_bus_device_type (line 10592) | enum acpi_bus_device_type {
type acpi_cdat_type (line 10603) | enum acpi_cdat_type {
type acpi_cedt_type (line 10613) | enum acpi_cedt_type {
type acpi_device_swnode_dev_props (line 10621) | enum acpi_device_swnode_dev_props {
type acpi_device_swnode_ep_props (line 10631) | enum acpi_device_swnode_ep_props {
type acpi_device_swnode_port_props (line 10643) | enum acpi_device_swnode_port_props {
type acpi_dmar_scope_type (line 10649) | enum acpi_dmar_scope_type {
type acpi_dmar_type (line 10659) | enum acpi_dmar_type {
type acpi_ec_event_state (line 10669) | enum acpi_ec_event_state {
type acpi_erst_actions (line 10675) | enum acpi_erst_actions {
type acpi_erst_instructions (line 10696) | enum acpi_erst_instructions {
type acpi_ex_debugger_commands (line 10719) | enum acpi_ex_debugger_commands {
type acpi_hest_notify_types (line 10775) | enum acpi_hest_notify_types {
type acpi_hest_types (line 10791) | enum acpi_hest_types {
type acpi_hmat_type (line 10807) | enum acpi_hmat_type {
type acpi_irq_model_id (line 10814) | enum acpi_irq_model_id {
type acpi_madt_multiproc_wakeup_version (line 10824) | enum acpi_madt_multiproc_wakeup_version {
type acpi_madt_type (line 10830) | enum acpi_madt_type {
type acpi_pcct_type (line 10863) | enum acpi_pcct_type {
type acpi_predicate (line 10873) | enum acpi_predicate {
type acpi_preferred_pm_profiles (line 10880) | enum acpi_preferred_pm_profiles {
type acpi_reconfig_event (line 10893) | enum acpi_reconfig_event {
type acpi_return_package_types (line 10898) | enum acpi_return_package_types {
type acpi_srat_type (line 10914) | enum acpi_srat_type {
type acpi_subtable_type (line 10926) | enum acpi_subtable_type {
type acpi_viot_node_type (line 10934) | enum acpi_viot_node_type {
type action_id (line 10942) | enum action_id {
type action_t (line 10948) | enum action_t {
type actions (line 10958) | enum actions {
type addr_type (line 10964) | enum addr_type {
type addr_type_t (line 10970) | enum addr_type_t {
type address_markers_idx (line 10976) | enum address_markers_idx {
type alarmtimer_restart (line 10993) | enum alarmtimer_restart {
type alarmtimer_type (line 10998) | enum alarmtimer_type {
type align_flags (line 11006) | enum align_flags {
type alloc_loc (line 11011) | enum alloc_loc {
type amd_chipset_gen (line 11018) | enum amd_chipset_gen {
type amd_functions (line 11030) | enum amd_functions {
type amd_iommu_intr_mode_type (line 11609) | enum amd_iommu_intr_mode_type {
type amd_pstate_mode (line 11615) | enum amd_pstate_mode {
type aper_size_type (line 11624) | enum aper_size_type {
type apic_intr_mode_id (line 11632) | enum apic_intr_mode_id {
type apparmor_notif_type (line 11640) | enum apparmor_notif_type {
type array_state (line 11649) | enum array_state {
type as3711_su2_fbprot (line 11663) | enum as3711_su2_fbprot {
type as3711_su2_feedback (line 11670) | enum as3711_su2_feedback {
type asn1_class (line 11678) | enum asn1_class {
type asn1_method (line 11685) | enum asn1_method {
type asn1_opcode (line 11690) | enum asn1_opcode {
type asn1_tag (line 11724) | enum asn1_tag {
type assoc_array_walk_status (line 11757) | enum assoc_array_walk_status {
type asymmetric_payload_bits (line 11763) | enum asymmetric_payload_bits {
type ata_completion_errors (line 11770) | enum ata_completion_errors {
type ata_dev_iter_mode (line 11785) | enum ata_dev_iter_mode {
type ata_link_iter_mode (line 11792) | enum ata_link_iter_mode {
type ata_lpm_hints (line 11798) | enum ata_lpm_hints {
type ata_lpm_policy (line 11804) | enum ata_lpm_policy {
type ata_prot_flags (line 11813) | enum ata_prot_flags {
type ata_xfer_mask (line 11829) | enum ata_xfer_mask {
type audit_mode (line 11835) | enum audit_mode {
type audit_nfcfgop (line 11843) | enum audit_nfcfgop {
type audit_nlgrps (line 11868) | enum audit_nlgrps {
type audit_ntp_type (line 11874) | enum audit_ntp_type {
type audit_state (line 11884) | enum audit_state {
type audit_type (line 11890) | enum audit_type {
type auditsc_class_t (line 11902) | enum auditsc_class_t {
type backlight_notification (line 11913) | enum backlight_notification {
type backlight_scale (line 11918) | enum backlight_scale {
type backlight_type (line 11924) | enum backlight_type {
type backlight_update_reason (line 11931) | enum backlight_update_reason {
type batadv_packettype (line 11936) | enum batadv_packettype {
type behavior (line 11950) | enum behavior {
type bh_state_bits (line 11956) | enum bh_state_bits {
type bhi_mitigations (line 11976) | enum bhi_mitigations {
type bio_merge_status (line 11982) | enum bio_merge_status {
type bio_post_read_step (line 11988) | enum bio_post_read_step {
type bios_platform_class (line 11995) | enum bios_platform_class {
type bip_flags (line 12000) | enum bip_flags {
type bitmap_page_attr (line 12009) | enum bitmap_page_attr {
type bitmap_state (line 12015) | enum bitmap_state {
type blacklist_hash_type (line 12021) | enum blacklist_hash_type {
type blake2s_iv (line 12026) | enum blake2s_iv {
type blake2s_lengths (line 12037) | enum blake2s_lengths {
type blk_crypto_mode_num (line 12047) | enum blk_crypto_mode_num {
type blk_default_limits (line 12056) | enum blk_default_limits {
type blk_eh_timer_return (line 12063) | enum blk_eh_timer_return {
type blk_integrity_checksum (line 12068) | enum blk_integrity_checksum {
type blk_integrity_flags (line 12075) | enum blk_integrity_flags {
type blk_req_status (line 12083) | enum blk_req_status {
type blk_unique_id (line 12091) | enum blk_unique_id {
type blk_zone_cond (line 12097) | enum blk_zone_cond {
type blk_zone_report_flags (line 12108) | enum blk_zone_report_flags {
type blk_zone_type (line 12112) | enum blk_zone_type {
type blkg_iostat_type (line 12118) | enum blkg_iostat_type {
type blkg_rwstat_type (line 12125) | enum blkg_rwstat_type {
type blkif_state (line 12135) | enum blkif_state {
type blktrace_act (line 12142) | enum blktrace_act {
type blktrace_cat (line 12163) | enum blktrace_cat {
type blktrace_notify (line 12184) | enum blktrace_notify {
type bp_state (line 12191) | enum bp_state {
type bp_type_idx (line 12198) | enum bp_type_idx {
type bpf_access_src (line 12204) | enum bpf_access_src {
type bpf_access_type (line 12209) | enum bpf_access_type {
type bpf_addr_space_cast (line 12214) | enum bpf_addr_space_cast {
type bpf_adj_room_mode (line 12218) | enum bpf_adj_room_mode {
type bpf_arg_type (line 12223) | enum bpf_arg_type {
type bpf_async_type (line 12260) | enum bpf_async_type {
type bpf_attach_type (line 12265) | enum bpf_attach_type {
type bpf_audit (line 12326) | enum bpf_audit {
type bpf_cgroup_iter_order (line 12332) | enum bpf_cgroup_iter_order {
type bpf_cgroup_storage_type (line 12340) | enum bpf_cgroup_storage_type {
type bpf_check_mtu_flags (line 12346) | enum bpf_check_mtu_flags {
type bpf_check_mtu_ret (line 12350) | enum bpf_check_mtu_ret {
type bpf_cmd (line 12356) | enum bpf_cmd {
type bpf_cond_pseudo_jmp (line 12398) | enum bpf_cond_pseudo_jmp {
type bpf_core_relo_kind (line 12402) | enum bpf_core_relo_kind {
type bpf_dynptr_type (line 12418) | enum bpf_dynptr_type {
type bpf_func_id (line 12426) | enum bpf_func_id {
type bpf_hdr_start_off (line 12642) | enum bpf_hdr_start_off {
type bpf_iter_feature (line 12647) | enum bpf_iter_feature {
type bpf_iter_state (line 12651) | enum bpf_iter_state {
type bpf_iter_task_type (line 12657) | enum bpf_iter_task_type {
type bpf_jit_poke_reason (line 12663) | enum bpf_jit_poke_reason {
type bpf_link_type (line 12667) | enum bpf_link_type {
type bpf_lru_list_type (line 12686) | enum bpf_lru_list_type {
type bpf_lwt_encap_mode (line 12694) | enum bpf_lwt_encap_mode {
type bpf_map_type (line 12700) | enum bpf_map_type {
type bpf_netdev_command (line 12740) | enum bpf_netdev_command {
type bpf_perf_event_type (line 12748) | enum bpf_perf_event_type {
type bpf_prog_type (line 12758) | enum bpf_prog_type {
type bpf_reg_liveness (line 12795) | enum bpf_reg_liveness {
type bpf_reg_type (line 12804) | enum bpf_reg_type {
type bpf_ret_code (line 12836) | enum bpf_ret_code {
type bpf_return_type (line 12844) | enum bpf_return_type {
type bpf_stack_build_id_status (line 12866) | enum bpf_stack_build_id_status {
type bpf_stack_slot_type (line 12872) | enum bpf_stack_slot_type {
type bpf_stats_type (line 12881) | enum bpf_stats_type {
type bpf_struct_ops_state (line 12885) | enum bpf_struct_ops_state {
type bpf_struct_walk_result (line 12892) | enum bpf_struct_walk_result {
type bpf_task_fd_type (line 12898) | enum bpf_task_fd_type {
type bpf_task_vma_iter_find_op (line 12907) | enum bpf_task_vma_iter_find_op {
type bpf_text_poke_type (line 12913) | enum bpf_text_poke_type {
type bpf_tramp_prog_type (line 12918) | enum bpf_tramp_prog_type {
type bpf_type (line 12926) | enum bpf_type {
type bpf_type_flag (line 12933) | enum bpf_type_flag {
type bpf_xdp_mode (line 12957) | enum bpf_xdp_mode {
type btf_arg_tag (line 12964) | enum btf_arg_tag {
type btf_field_iter_kind (line 12972) | enum btf_field_iter_kind {
type btf_field_type (line 12977) | enum btf_field_type {
type btf_func_linkage (line 12994) | enum btf_func_linkage {
type btf_kfunc_hook (line 13000) | enum btf_kfunc_hook {
type buddy (line 13018) | enum buddy {
type bug_trap_type (line 13023) | enum bug_trap_type {
type bus_notifier_event (line 13029) | enum bus_notifier_event {
type cache_indexing (line 13040) | enum cache_indexing {
type cache_tag_type (line 13046) | enum cache_tag_type {
type cache_type (line 13053) | enum cache_type {
type cache_write_policy (line 13061) | enum cache_write_policy {
type cap_audit_type (line 13067) | enum cap_audit_type {
type cc_attr (line 13074) | enum cc_attr {
type cc_vendor (line 13084) | enum cc_vendor {
type cdrom_print_option (line 13090) | enum cdrom_print_option {
type cee_attrs (line 13097) | enum cee_attrs {
type cfg80211_signal_type (line 13110) | enum cfg80211_signal_type {
type cfi_mode (line 13116) | enum cfi_mode {
type cgroup1_param (line 13123) | enum cgroup1_param {
type cgroup2_param (line 13136) | enum cgroup2_param {
type cgroup_bpf_attach_type (line 13146) | enum cgroup_bpf_attach_type {
type cgroup_filetype (line 13181) | enum cgroup_filetype {
type cgroup_opt_features (line 13186) | enum cgroup_opt_features {
type cgroup_subsys_id (line 13191) | enum cgroup_subsys_id {
type chacha_constants (line 13209) | enum chacha_constants {
type chipset_type (line 13216) | enum chipset_type {
type class_map_type (line 13221) | enum class_map_type {
type class_stat_type (line 13228) | enum class_stat_type {
type cleanup_prefix_rt_t (line 13234) | enum cleanup_prefix_rt_t {
type clear_refs_types (line 13240) | enum clear_refs_types {
type clock_event_state (line 13249) | enum clock_event_state {
type clocksource_ids (line 13257) | enum clocksource_ids {
type closure_state (line 13267) | enum closure_state {
type cm_batt_temp (line 13274) | enum cm_batt_temp {
type cmd_type (line 13280) | enum cmd_type {
type cmis_cdb_fw_write_mechanism (line 13286) | enum cmis_cdb_fw_write_mechanism {
type compact_priority (line 13291) | enum compact_priority {
type compact_result (line 13301) | enum compact_result {
type con_flush_mode (line 13313) | enum con_flush_mode {
type con_msg_format_flags (line 13318) | enum con_msg_format_flags {
type con_scroll (line 13323) | enum con_scroll {
type cons_flags (line 13328) | enum cons_flags {
type context (line 13340) | enum context {
type cp_error_code (line 13346) | enum cp_error_code {
type cpa_warn (line 13356) | enum cpa_warn {
type cpio_fields (line 13362) | enum cpio_fields {
type cppc_regs (line 13380) | enum cppc_regs {
type cpu_idle_type (line 13404) | enum cpu_idle_type {
type cpu_led_event (line 13411) | enum cpu_led_event {
type cpu_mitigations (line 13419) | enum cpu_mitigations {
type cpu_usage_stat (line 13425) | enum cpu_usage_stat {
type cpuacct_stat_index (line 13440) | enum cpuacct_stat_index {
type cpufreq_table_sorting (line 13446) | enum cpufreq_table_sorting {
type cpuhp_smt_control (line 13452) | enum cpuhp_smt_control {
type cpuhp_state (line 13460) | enum cpuhp_state {
type cpuhp_sync_state (line 13645) | enum cpuhp_sync_state {
type cpuid_leafs (line 13654) | enum cpuid_leafs {
type cpuid_regs_idx (line 13680) | enum cpuid_regs_idx {
type crb_cancel (line 13687) | enum crb_cancel {
type crb_ctrl_req (line 13691) | enum crb_ctrl_req {
type crb_ctrl_sts (line 13696) | enum crb_ctrl_sts {
type crb_defaults (line 13701) | enum crb_defaults {
type crb_loc_ctrl (line 13706) | enum crb_loc_ctrl {
type crb_loc_state (line 13711) | enum crb_loc_state {
type crb_start (line 13716) | enum crb_start {
type crb_status (line 13720) | enum crb_status {
type criteria (line 13724) | enum criteria {
type crypto_attr_type_t (line 13733) | enum crypto_attr_type_t {
type ct_dccp_states (line 13759) | enum ct_dccp_states {
type ctrl_offsets (line 13773) | enum ctrl_offsets {
type ctrl_register (line 13789) | enum ctrl_register {
type ctx_state (line 13794) | enum ctx_state {
type cxl_event_type (line 13803) | enum cxl_event_type {
type d_real_type (line 13810) | enum d_real_type {
type d_walk_ret (line 13815) | enum d_walk_ret {
type da9052_chip_id (line 13822) | enum da9052_chip_id {
type da9063_irqs (line 13830) | enum da9063_irqs {
type da9063_page_sel_buf_fmt (line 13862) | enum da9063_page_sel_buf_fmt {
type da9063_paged_read_msgs (line 13868) | enum da9063_paged_read_msgs {
type da9063_type (line 13875) | enum da9063_type {
type da9063_variant_codes (line 13880) | enum da9063_variant_codes {
type data_formats (line 13888) | enum data_formats {
type data_source (line 13897) | enum data_source {
type dax_access_mode (line 13904) | enum dax_access_mode {
type dax_device_flags (line 13909) | enum dax_device_flags {
type dax_driver_type (line 13917) | enum dax_driver_type {
type dax_wake_mode (line 13922) | enum dax_wake_mode {
type dbc_state (line 13927) | enum dbc_state {
type dcb_general_attr_values (line 13936) | enum dcb_general_attr_values {
type dcbevent_notif_type (line 13940) | enum dcbevent_notif_type {
type dcbnl_app_attrs (line 13944) | enum dcbnl_app_attrs {
type dcbnl_attrs (line 13953) | enum dcbnl_attrs {
type dcbnl_bcn_attrs (line 13975) | enum dcbnl_bcn_attrs {
type dcbnl_cap_attrs (line 14006) | enum dcbnl_cap_attrs {
type dcbnl_commands (line 14021) | enum dcbnl_commands {
type dcbnl_featcfg_attrs (line 14054) | enum dcbnl_featcfg_attrs {
type dcbnl_numtcs_attrs (line 14064) | enum dcbnl_numtcs_attrs {
type dcbnl_pfc_up_attrs (line 14073) | enum dcbnl_pfc_up_attrs {
type dcbnl_pg_attrs (line 14088) | enum dcbnl_pg_attrs {
type dcbnl_tc_attrs (line 14114) | enum dcbnl_tc_attrs {
type dccp_state (line 14125) | enum dccp_state {
type dd_data_dir (line 14141) | enum dd_data_dir {
type dd_prio (line 14146) | enum dd_prio {
type dentry_d_lock_class (line 14153) | enum dentry_d_lock_class {
type depot_counter_id (line 14158) | enum depot_counter_id {
type derived_key_type (line 14168) | enum derived_key_type {
type desc_state (line 14173) | enum desc_state {
type dev_dma_attr (line 14181) | enum dev_dma_attr {
type dev_pm_opp_event (line 14187) | enum dev_pm_opp_event {
type dev_pm_qos_req_type (line 14195) | enum dev_pm_qos_req_type {
type dev_prop_type (line 14203) | enum dev_prop_type {
type dev_type (line 14212) | enum dev_type {
type devcg_behavior (line 14223) | enum devcg_behavior {
type devfreq_parent_dev_type (line 14229) | enum devfreq_parent_dev_type {
type devfreq_timer (line 14234) | enum devfreq_timer {
type device_link_state (line 14240) | enum device_link_state {
type device_physical_location_horizontal_position (line 14249) | enum device_physical_location_horizontal_position {
type device_physical_location_panel (line 14255) | enum device_physical_location_panel {
type device_physical_location_vertical_position (line 14265) | enum device_physical_location_vertical_position {
type device_removable (line 14271) | enum device_removable {
type devkmsg_log_bits (line 14278) | enum devkmsg_log_bits {
type devkmsg_log_masks (line 14284) | enum devkmsg_log_masks {
type devlink_attr (line 14290) | enum devlink_attr {
type devlink_attr_selftest_id (line 14475) | enum devlink_attr_selftest_id {
type devlink_attr_selftest_result (line 14482) | enum devlink_attr_selftest_result {
type devlink_command (line 14491) | enum devlink_command {
type devlink_dpipe_action_type (line 14581) | enum devlink_dpipe_action_type {
type devlink_dpipe_field_ethernet_id (line 14585) | enum devlink_dpipe_field_ethernet_id {
type devlink_dpipe_field_ipv4_id (line 14589) | enum devlink_dpipe_field_ipv4_id {
type devlink_dpipe_field_ipv6_id (line 14593) | enum devlink_dpipe_field_ipv6_id {
type devlink_dpipe_field_mapping_type (line 14597) | enum devlink_dpipe_field_mapping_type {
type devlink_dpipe_header_id (line 14602) | enum devlink_dpipe_header_id {
type devlink_dpipe_match_type (line 14608) | enum devlink_dpipe_match_type {
type devlink_eswitch_encap_mode (line 14612) | enum devlink_eswitch_encap_mode {
type devlink_health_reporter_state (line 14617) | enum devlink_health_reporter_state {
type devlink_info_version_type (line 14622) | enum devlink_info_version_type {
type devlink_linecard_state (line 14627) | enum devlink_linecard_state {
type devlink_multicast_groups (line 14639) | enum devlink_multicast_groups {
type devlink_param_cmode (line 14643) | enum devlink_param_cmode {
type devlink_param_generic_id (line 14651) | enum devlink_param_generic_id {
type devlink_param_type (line 14673) | enum devlink_param_type {
type devlink_port_flavour (line 14681) | enum devlink_port_flavour {
type devlink_port_fn_attr_cap (line 14692) | enum devlink_port_fn_attr_cap {
type devlink_port_fn_opstate (line 14700) | enum devlink_port_fn_opstate {
type devlink_port_fn_state (line 14705) | enum devlink_port_fn_state {
type devlink_port_function_attr (line 14710) | enum devlink_port_function_attr {
type devlink_port_type (line 14722) | enum devlink_port_type {
type devlink_rate_type (line 14729) | enum devlink_rate_type {
type devlink_reload_action (line 14734) | enum devlink_reload_action {
type devlink_reload_limit (line 14742) | enum devlink_reload_limit {
type devlink_resource_unit (line 14749) | enum devlink_resource_unit {
type devlink_sb_pool_type (line 14753) | enum devlink_sb_pool_type {
type devlink_sb_threshold_type (line 14758) | enum devlink_sb_threshold_type {
type devlink_selftest_status (line 14763) | enum devlink_selftest_status {
type devlink_trap_action (line 14769) | enum devlink_trap_action {
type devlink_trap_generic_id (line 14775) | enum devlink_trap_generic_id {
type devlink_trap_group_generic_id (line 14874) | enum devlink_trap_group_generic_id {
type devlink_trap_type (line 14906) | enum devlink_trap_type {
type devm_ioremap_type (line 14912) | enum devm_ioremap_type {
type dfa_accept_flags (line 14919) | enum dfa_accept_flags {
type die_val (line 14923) | enum die_val {
type digest_type (line 14938) | enum digest_type {
type dim_cq_period_mode (line 14944) | enum dim_cq_period_mode {
type dim_state (line 14950) | enum dim_state {
type dim_stats_state (line 14956) | enum dim_stats_state {
type dim_step_result (line 14962) | enum dim_step_result {
type dim_tune_state (line 14968) | enum dim_tune_state {
type display_flags (line 14975) | enum display_flags {
type dl_bw_request (line 14991) | enum dl_bw_request {
type dl_dev_state (line 14997) | enum dl_dev_state {
type dm_io_mem_type (line 15004) | enum dm_io_mem_type {
type dm_queue_mode (line 15011) | enum dm_queue_mode {
type dm_uevent_type (line 15018) | enum dm_uevent_type {
type dma_ctrl_flags (line 15023) | enum dma_ctrl_flags {
type dma_data_direction (line 15036) | enum dma_data_direction {
type dma_desc_metadata_mode (line 15043) | enum dma_desc_metadata_mode {
type dma_fence_flag_bits (line 15049) | enum dma_fence_flag_bits {
type dma_residue_granularity (line 15056) | enum dma_residue_granularity {
type dma_resv_usage (line 15062) | enum dma_resv_usage {
type dma_slave_buswidth (line 15069) | enum dma_slave_buswidth {
type dma_status (line 15082) | enum dma_status {
type dma_transaction_type (line 15090) | enum dma_transaction_type {
type dma_transfer_direction (line 15110) | enum dma_transfer_direction {
type dmaengine_alignment (line 15118) | enum dmaengine_alignment {
type dmaengine_tx_result (line 15130) | enum dmaengine_tx_result {
type dmi_device_type (line 15137) | enum dmi_device_type {
type dmi_entry_type (line 15155) | enum dmi_entry_type {
type dmi_field (line 15202) | enum dmi_field {
type dns_lookup_status (line 15230) | enum dns_lookup_status {
type dns_payload_content_type (line 15242) | enum dns_payload_content_type {
type dock_callback_type (line 15246) | enum dock_callback_type {
type dpll_a (line 15252) | enum dpll_a {
type dpll_a_pin (line 15267) | enum dpll_a_pin {
type dpll_cmd (line 15299) | enum dpll_cmd {
type dpll_lock_status (line 15316) | enum dpll_lock_status {
type dpll_lock_status_error (line 15325) | enum dpll_lock_status_error {
type dpll_mode (line 15334) | enum dpll_mode {
type dpll_pin_capabilities (line 15341) | enum dpll_pin_capabilities {
type dpll_pin_direction (line 15347) | enum dpll_pin_direction {
type dpll_pin_state (line 15354) | enum dpll_pin_state {
type dpll_pin_type (line 15362) | enum dpll_pin_type {
type dpll_type (line 15372) | enum dpll_type {
type dpm_order (line 15379) | enum dpm_order {
type drbg_prefixes (line 15386) | enum drbg_prefixes {
type drbg_seed_state (line 15393) | enum drbg_seed_state {
type drm_bridge_attach_flags (line 15399) | enum drm_bridge_attach_flags {
type drm_bridge_ops (line 15403) | enum drm_bridge_ops {
type drm_bus_flags (line 15411) | enum drm_bus_flags {
type drm_color_encoding (line 15427) | enum drm_color_encoding {
type drm_color_lut_tests (line 15434) | enum drm_color_lut_tests {
type drm_color_range (line 15439) | enum drm_color_range {
type drm_colorspace (line 15445) | enum drm_colorspace {
type drm_connector_force (line 15466) | enum drm_connector_force {
type drm_connector_registration_state (line 15473) | enum drm_connector_registration_state {
type drm_connector_status (line 15479) | enum drm_connector_status {
type drm_connector_tv_mode (line 15485) | enum drm_connector_tv_mode {
type drm_debug_category (line 15497) | enum drm_debug_category {
type drm_driver_feature (line 15510) | enum drm_driver_feature {
type drm_gem_object_status (line 15528) | enum drm_gem_object_status {
type drm_gpuva_flags (line 15533) | enum drm_gpuva_flags {
type drm_gpuva_op_type (line 15539) | enum drm_gpuva_op_type {
type drm_gpuvm_flags (line 15546) | enum drm_gpuvm_flags {
type drm_hdmi_broadcast_rgb (line 15551) | enum drm_hdmi_broadcast_rgb {
type drm_ioctl_flags (line 15557) | enum drm_ioctl_flags {
type drm_link_status (line 15564) | enum drm_link_status {
type drm_minor_type (line 15569) | enum drm_minor_type {
type drm_mm_insert_mode (line 15576) | enum drm_mm_insert_mode {
type drm_mode_analog (line 15586) | enum drm_mode_analog {
type drm_mode_status (line 15591) | enum drm_mode_status {
type drm_mode_subconnector (line 15634) | enum drm_mode_subconnector {
type drm_panel_orientation (line 15650) | enum drm_panel_orientation {
type drm_plane_type (line 15658) | enum drm_plane_type {
type drm_privacy_screen_status (line 15664) | enum drm_privacy_screen_status {
type drm_scaling_filter (line 15671) | enum drm_scaling_filter {
type drm_stat_type (line 15676) | enum drm_stat_type {
type drm_vblank_seq_type (line 15694) | enum drm_vblank_seq_type {
type dsa_db_type (line 15705) | enum dsa_db_type {
type dsa_tag_protocol (line 15711) | enum dsa_tag_protocol {
type dw_edma_chip_flags (line 15743) | enum dw_edma_chip_flags {
type dw_edma_map_format (line 15747) | enum dw_edma_map_format {
type dw_pcie_app_clk (line 15754) | enum dw_pcie_app_clk {
type dw_pcie_app_rst (line 15761) | enum dw_pcie_app_rst {
type dw_pcie_core_clk (line 15768) | enum dw_pcie_core_clk {
type dw_pcie_core_rst (line 15776) | enum dw_pcie_core_rst {
type dw_pcie_device_mode (line 15787) | enum dw_pcie_device_mode {
type dw_pcie_ltssm (line 15794) | enum dw_pcie_ltssm {
type dwc2_control_phase (line 15802) | enum dwc2_control_phase {
type dwc2_halt_status (line 15808) | enum dwc2_halt_status {
type dwc2_hsotg_dmamode (line 15825) | enum dwc2_hsotg_dmamode {
type dwc2_lx_state (line 15831) | enum dwc2_lx_state {
type dwc2_transaction_type (line 15838) | enum dwc2_transaction_type {
type dynevent_type (line 15845) | enum dynevent_type {
type e820_type (line 15851) | enum e820_type {
type ec_command (line 15863) | enum ec_command {
type ec_comms_status (line 15871) | enum ec_comms_status {
type ec_led_colors (line 15875) | enum ec_led_colors {
type ec_mkbp_event (line 15885) | enum ec_mkbp_event {
type ec_status (line 15900) | enum ec_status {
type ec_temp_thresholds (line 15924) | enum ec_temp_thresholds {
type ecc_dialects (line 15931) | enum ecc_dialects {
type ecryptfs_token_types (line 15937) | enum ecryptfs_token_types {
type edac_mc_layer_type (line 15942) | enum edac_mc_layer_type {
type edac_type (line 15950) | enum edac_type {
type edid_block_status (line 15963) | enum edid_block_status {
type efi_rts_ids (line 15975) | enum efi_rts_ids {
type efi_secureboot_mode (line 15992) | enum efi_secureboot_mode {
type ehci_hrtimer_event (line 15999) | enum ehci_hrtimer_event {
type ehci_rh_state (line 16015) | enum ehci_rh_state {
type elants_chip_id (line 16022) | enum elants_chip_id {
type elants_iap_mode (line 16027) | enum elants_iap_mode {
type elants_state (line 16032) | enum elants_state {
type elv_merge (line 16038) | enum elv_merge {
type enable_type (line 16045) | enum enable_type {
type energy_perf_value_index (line 16053) | enum energy_perf_value_index {
type energy_perf_value_index___2 (line 16061) | enum energy_perf_value_index___2 {
type environment_cap (line 16069) | enum environment_cap {
type err_types (line 16075) | enum err_types {
type error_detector (line 16083) | enum error_detector {
type es_result (line 16089) | enum es_result {
type ethnl_sock_type (line 16098) | enum ethnl_sock_type {
type ethtool_c33_pse_admin_state (line 16102) | enum ethtool_c33_pse_admin_state {
type ethtool_c33_pse_ext_state (line 16108) | enum ethtool_c33_pse_ext_state {
type ethtool_c33_pse_ext_substate_error_condition (line 16120) | enum ethtool_c33_pse_ext_substate_error_condition {
type ethtool_c33_pse_ext_substate_mr_pse_enable (line 16132) | enum ethtool_c33_pse_ext_substate_mr_pse_enable {
type ethtool_c33_pse_ext_substate_option_detect_ted (line 16136) | enum ethtool_c33_pse_ext_substate_option_detect_ted {
type ethtool_c33_pse_ext_substate_option_vport_lim (line 16141) | enum ethtool_c33_pse_ext_substate_option_vport_lim {
type ethtool_c33_pse_ext_substate_ovld_detected (line 16147) | enum ethtool_c33_pse_ext_substate_ovld_detected {
type ethtool_c33_pse_ext_substate_power_not_available (line 16151) | enum ethtool_c33_pse_ext_substate_power_not_available {
type ethtool_c33_pse_ext_substate_short_detected (line 16158) | enum ethtool_c33_pse_ext_substate_short_detected {
type ethtool_c33_pse_pw_d_status (line 16162) | enum ethtool_c33_pse_pw_d_status {
type ethtool_cmis_cdb_cmd_id (line 16172) | enum ethtool_cmis_cdb_cmd_id {
type ethtool_fec_config_bits (line 16183) | enum ethtool_fec_config_bits {
type ethtool_flags (line 16192) | enum ethtool_flags {
type ethtool_header_flags (line 16200) | enum ethtool_header_flags {
type ethtool_link_ext_state (line 16206) | enum ethtool_link_ext_state {
type ethtool_link_ext_substate_autoneg (line 16220) | enum ethtool_link_ext_substate_autoneg {
type ethtool_link_ext_substate_bad_signal_integrity (line 16229) | enum ethtool_link_ext_substate_bad_signal_integrity {
type ethtool_link_ext_substate_cable_issue (line 16236) | enum ethtool_link_ext_substate_cable_issue {
type ethtool_link_ext_substate_link_logical_mismatch (line 16241) | enum ethtool_link_ext_substate_link_logical_mismatch {
type ethtool_link_ext_substate_link_training (line 16249) | enum ethtool_link_ext_substate_link_training {
type ethtool_link_ext_substate_module (line 16256) | enum ethtool_link_ext_substate_module {
type ethtool_link_mode_bit_indices (line 16260) | enum ethtool_link_mode_bit_indices {
type ethtool_mac_stats_src (line 16367) | enum ethtool_mac_stats_src {
type ethtool_mm_verify_status (line 16373) | enum ethtool_mm_verify_status {
type ethtool_module_fw_flash_status (line 16382) | enum ethtool_module_fw_flash_status {
type ethtool_module_power_mode (line 16389) | enum ethtool_module_power_mode {
type ethtool_module_power_mode_policy (line 16394) | enum ethtool_module_power_mode_policy {
type ethtool_multicast_groups (line 16399) | enum ethtool_multicast_groups {
type ethtool_phys_id_state (line 16403) | enum ethtool_phys_id_state {
type ethtool_podl_pse_admin_state (line 16410) | enum ethtool_podl_pse_admin_state {
type ethtool_podl_pse_pw_d_status (line 16416) | enum ethtool_podl_pse_pw_d_status {
type ethtool_pse_types (line 16426) | enum ethtool_pse_types {
type ethtool_reset_flags (line 16432) | enum ethtool_reset_flags {
type ethtool_sfeatures_retval_bits (line 16446) | enum ethtool_sfeatures_retval_bits {
type ethtool_stringset (line 16452) | enum ethtool_stringset {
type ethtool_supported_ring_param (line 16477) | enum ethtool_supported_ring_param {
type ethtool_test_flags (line 16486) | enum ethtool_test_flags {
type event_command_flags (line 16493) | enum event_command_flags {
type event_trigger_type (line 16498) | enum event_trigger_type {
type event_type_t (line 16509) | enum event_type_t {
type events_wwnr (line 16518) | enum events_wwnr {
type evm_ima_xattr_type (line 16525) | enum evm_ima_xattr_type {
type evtreturn (line 16535) | enum evtreturn {
type exact_level (line 16542) | enum exact_level {
type exception (line 16548) | enum exception {
type exception_stack_ordering (line 16553) | enum exception_stack_ordering {
type execmem_range_flags (line 16563) | enum execmem_range_flags {
type execmem_type (line 16567) | enum execmem_type {
type exit_fastpath_completion (line 16577) | enum exit_fastpath_completion {
type ext4_journal_trigger_type (line 16583) | enum ext4_journal_trigger_type {
type ext4_li_mode (line 16588) | enum ext4_li_mode {
type extra_reg_type (line 16593) | enum extra_reg_type {
type fail_dup_mod_reason (line 16605) | enum fail_dup_mod_reason {
type fanotify_event_type (line 16610) | enum fanotify_event_type {
type fault_flag (line 16620) | enum fault_flag {
type faulttype (line 16636) | enum faulttype {
type fbq_type (line 16642) | enum fbq_type {
type fetch_op (line 16648) | enum fetch_op {
type fib6_walk_state (line 16676) | enum fib6_walk_state {
type fib_event_type (line 16684) | enum fib_event_type {
type fid_type (line 16697) | enum fid_type {
type field_op_id (line 16719) | enum field_op_id {
type file_time_flags (line 16728) | enum file_time_flags {
type filter_op_ids (line 16735) | enum filter_op_ids {
type filter_pred_fn (line 16747) | enum filter_pred_fn {
type fit_type (line 16780) | enum fit_type {
type fixed_addresses (line 16788) | enum fixed_addresses {
type flag_bits (line 16805) | enum flag_bits {
type flow_action_hw_stats (line 16827) | enum flow_action_hw_stats {
type flow_action_hw_stats_bit (line 16835) | enum flow_action_hw_stats_bit {
type flow_action_id (line 16842) | enum flow_action_id {
type flow_action_mangle_base (line 16882) | enum flow_action_mangle_base {
type flow_block_binder_type (line 16891) | enum flow_block_binder_type {
type flow_block_command (line 16899) | enum flow_block_command {
type flow_cls_command (line 16904) | enum flow_cls_command {
type flow_dissect_ret (line 16912) | enum flow_dissect_ret {
type flow_dissector_ctrl_flags (line 16920) | enum flow_dissector_ctrl_flags {
type flow_dissector_key_id (line 16930) | enum flow_dissector_key_id {
type flowlabel_reflect (line 16967) | enum flowlabel_reflect {
type folio_references (line 16973) | enum folio_references {
type format_type (line 16980) | enum format_type {
type fortify_func (line 17002) | enum fortify_func {
type fpdt_record_type (line 17022) | enum fpdt_record_type {
type fpdt_subtable_type (line 17028) | enum fpdt_subtable_type {
type freeze_holder (line 17033) | enum freeze_holder {
type freezer_state_flags (line 17039) | enum freezer_state_flags {
type freq_qos_req_type (line 17047) | enum freq_qos_req_type {
type fs_context_phase (line 17052) | enum fs_context_phase {
type fs_context_purpose (line 17062) | enum fs_context_purpose {
type fs_value_type (line 17068) | enum fs_value_type {
type fsconfig_command (line 17077) | enum fsconfig_command {
type fsl_mc_pool_type (line 17089) | enum fsl_mc_pool_type {
type fsnotify_data_type (line 17097) | enum fsnotify_data_type {
type fsnotify_group_prio (line 17105) | enum fsnotify_group_prio {
type fsnotify_iter_type (line 17112) | enum fsnotify_iter_type {
type fsnotify_obj_type (line 17121) | enum fsnotify_obj_type {
type ftrace_bug_type (line 17130) | enum ftrace_bug_type {
type ftrace_dump_mode (line 17138) | enum ftrace_dump_mode {
type ftrace_ops_cmd (line 17145) | enum ftrace_ops_cmd {
type fullness_group (line 17151) | enum fullness_group {
type fuse_dax_mode (line 17159) | enum fuse_dax_mode {
type fuse_ext_type (line 17166) | enum fuse_ext_type {
type fuse_notify_code (line 17171) | enum fuse_notify_code {
type fuse_opcode (line 17182) | enum fuse_opcode {
type fuse_parse_result (line 17238) | enum fuse_parse_result {
type fuse_req_flag (line 17245) | enum fuse_req_flag {
type futex_access (line 17260) | enum futex_access {
type fw_opt (line 17265) | enum fw_opt {
type fw_resource_type (line 17276) | enum fw_resource_type {
type fw_status (line 17286) | enum fw_status {
type fw_upload_err (line 17293) | enum fw_upload_err {
type fw_upload_prog (line 17306) | enum fw_upload_prog {
type gcry_mpi_constants (line 17315) | enum gcry_mpi_constants {
type gcry_mpi_ec_models (line 17324) | enum gcry_mpi_ec_models {
type gcry_mpi_format (line 17330) | enum gcry_mpi_format {
type gds_mitigations (line 17340) | enum gds_mitigations {
type genl_validate_flags (line 17349) | enum genl_validate_flags {
type genpd_notication (line 17355) | enum genpd_notication {
type gpd_status (line 17362) | enum gpd_status {
type gpio_lookup_flags (line 17367) | enum gpio_lookup_flags {
type gpio_select (line 17380) | enum gpio_select {
type gpio_v2_line_attr_id (line 17386) | enum gpio_v2_line_attr_id {
type gpio_v2_line_changed_type (line 17392) | enum gpio_v2_line_changed_type {
type gpio_v2_line_event_id (line 17398) | enum gpio_v2_line_event_id {
type gpio_v2_line_flag (line 17403) | enum gpio_v2_line_flag {
type gpiod_flags (line 17419) | enum gpiod_flags {
type graph_filter_type (line 17428) | enum graph_filter_type {
type gre_conntrack (line 17433) | enum gre_conntrack {
type gro_result (line 17439) | enum gro_result {
type gro_result_t (line 17447) | typedef enum gro_result gro_result_t;
type group_type (line 17449) | enum group_type {
type handle_to_path_flags (line 17459) | enum handle_to_path_flags {
type handler_id (line 17464) | enum handler_id {
type handshake_auth (line 17470) | enum handshake_auth {
type handshake_handler_class (line 17477) | enum handshake_handler_class {
type handshake_msg_type (line 17483) | enum handshake_msg_type {
type hash_algo (line 17489) | enum hash_algo {
type hctx_type (line 17516) | enum hctx_type {
type hdmi_3d_structure (line 17523) | enum hdmi_3d_structure {
type hdmi_active_aspect (line 17535) | enum hdmi_active_aspect {
type hdmi_audio_coding_type (line 17548) | enum hdmi_audio_coding_type {
type hdmi_audio_coding_type_ext (line 17567) | enum hdmi_audio_coding_type_ext {
type hdmi_audio_sample_frequency (line 17580) | enum hdmi_audio_sample_frequency {
type hdmi_audio_sample_size (line 17591) | enum hdmi_audio_sample_size {
type hdmi_colorimetry (line 17598) | enum hdmi_colorimetry {
type hdmi_colorspace (line 17605) | enum hdmi_colorspace {
type hdmi_content_type (line 17616) | enum hdmi_content_type {
type hdmi_eotf (line 17623) | enum hdmi_eotf {
type hdmi_extended_colorimetry (line 17630) | enum hdmi_extended_colorimetry {
type hdmi_infoframe_type (line 17641) | enum hdmi_infoframe_type {
type hdmi_metadata_type (line 17649) | enum hdmi_metadata_type {
type hdmi_nups (line 17653) | enum hdmi_nups {
type hdmi_picture_aspect (line 17660) | enum hdmi_picture_aspect {
type hdmi_quantization_range (line 17669) | enum hdmi_quantization_range {
type hdmi_scan_mode (line 17676) | enum hdmi_scan_mode {
type hdmi_spd_sdi (line 17683) | enum hdmi_spd_sdi {
type hdmi_ycc_quantization_range (line 17700) | enum hdmi_ycc_quantization_range {
type header_fields (line 17705) | enum header_fields {
type hest_status (line 17713) | enum hest_status {
type hid_battery_status (line 17719) | enum hid_battery_status {
type hid_class_request (line 17725) | enum hid_class_request {
type hid_report_type (line 17734) | enum hid_report_type {
type hid_type (line 17741) | enum hid_type {
type hist_field_flags (line 17747) | enum hist_field_flags {
type hist_field_fn (line 17771) | enum hist_field_fn {
type hk_flags (line 17804) | enum hk_flags {
type hk_type (line 17816) | enum hk_type {
type hmm_pfn_flags (line 17829) | enum hmm_pfn_flags {
type hn_flags_bits (line 17839) | enum hn_flags_bits {
type host_event_code (line 17843) | enum host_event_code {
type hp_flags_bits (line 17878) | enum hp_flags_bits {
type hpet_mode (line 17882) | enum hpet_mode {
type hpx_type3_cfg_loc (line 17889) | enum hpx_type3_cfg_loc {
type hpx_type3_dev_type (line 17898) | enum hpx_type3_dev_type {
type hpx_type3_fn_type (line 17910) | enum hpx_type3_fn_type {
type hr_flags_bits (line 17916) | enum hr_flags_bits {
type hrtimer_base_type (line 17921) | enum hrtimer_base_type {
type hrtimer_mode (line 17933) | enum hrtimer_mode {
type hrtimer_restart (line 17951) | enum hrtimer_restart {
type hsm_task_states (line 17956) | enum hsm_task_states {
type hte_edge (line 17964) | enum hte_edge {
type hte_return (line 17970) | enum hte_return {
type hub_activation_type (line 17975) | enum hub_activation_type {
type hub_led_mode (line 17984) | enum hub_led_mode {
type hub_quiescing_type (line 17995) | enum hub_quiescing_type {
type hugetlb_memory_event (line 18001) | enum hugetlb_memory_event {
type hugetlb_page_flags (line 18006) | enum hugetlb_page_flags {
type hugetlb_param (line 18016) | enum hugetlb_param {
type hugetlbfs_size_type (line 18026) | enum hugetlbfs_size_type {
type hv_device_type (line 18032) | enum hv_device_type {
type hv_interrupt_trigger_mode (line 18039) | enum hv_interrupt_trigger_mode {
type hv_interrupt_type (line 18044) | enum hv_interrupt_type {
type hv_isolation_type (line 18058) | enum hv_isolation_type {
type hv_mem_host_visibility (line 18065) | enum hv_mem_host_visibility {
type hv_tlb_flush_fifos (line 18071) | enum hv_tlb_flush_fifos {
type hv_tsc_page_status (line 18077) | enum hv_tsc_page_status {
type hvmmem_type_t (line 18085) | enum hvmmem_type_t {
type hw_event_mc_err_type (line 18091) | enum hw_event_mc_err_type {
type hwmon_chip_attributes (line 18099) | enum hwmon_chip_attributes {
type hwmon_curr_attributes (line 18116) | enum hwmon_curr_attributes {
type hwmon_energy_attributes (line 18138) | enum hwmon_energy_attributes {
type hwmon_fan_attributes (line 18144) | enum hwmon_fan_attributes {
type hwmon_humidity_attributes (line 18160) | enum hwmon_humidity_attributes {
type hwmon_in_attributes (line 18176) | enum hwmon_in_attributes {
type hwmon_intrusion_attributes (line 18199) | enum hwmon_intrusion_attributes {
type hwmon_power_attributes (line 18204) | enum hwmon_power_attributes {
type hwmon_pwm_attributes (line 18238) | enum hwmon_pwm_attributes {
type hwmon_sensor_types (line 18246) | enum hwmon_sensor_types {
type hwmon_temp_attributes (line 18260) | enum hwmon_temp_attributes {
type hwparam_type (line 18291) | enum hwparam_type {
type hwtstamp_flags (line 18301) | enum hwtstamp_flags {
type hwtstamp_rx_filters (line 18307) | enum hwtstamp_rx_filters {
type hwtstamp_source (line 18327) | enum hwtstamp_source {
type hwtstamp_tx_types (line 18333) | enum hwtstamp_tx_types {
type hybrid_cpu_type (line 18341) | enum hybrid_cpu_type {
type hybrid_pmu_type (line 18347) | enum hybrid_pmu_type {
type i2c_alert_protocol (line 18354) | enum i2c_alert_protocol {
type i2c_driver_flags (line 18359) | enum i2c_driver_flags {
type i8042_controller_reset_mode (line 18363) | enum i8042_controller_reset_mode {
type ib_atomic_cap (line 18369) | enum ib_atomic_cap {
type ib_cq_notify_flags (line 18375) | enum ib_cq_notify_flags {
type ib_event_type (line 18382) | enum ib_event_type {
type ib_flow_action_type (line 18405) | enum ib_flow_action_type {
type ib_flow_attr_type (line 18410) | enum ib_flow_attr_type {
type ib_flow_spec_type (line 18417) | enum ib_flow_spec_type {
type ib_gid_type (line 18435) | enum ib_gid_type {
type ib_mig_state (line 18442) | enum ib_mig_state {
type ib_mr_type (line 18448) | enum ib_mr_type {
type ib_mtu (line 18457) | enum ib_mtu {
type ib_mw_type (line 18465) | enum ib_mw_type {
type ib_poll_context (line 18470) | enum ib_poll_context {
type ib_port_state (line 18478) | enum ib_port_state {
type ib_qp_state (line 18487) | enum ib_qp_state {
type ib_qp_type (line 18497) | enum ib_qp_type {
type ib_sig_err_type (line 18522) | enum ib_sig_err_type {
type ib_sig_type (line 18528) | enum ib_sig_type {
type ib_signature_type (line 18533) | enum ib_signature_type {
type ib_srq_attr_mask (line 18538) | enum ib_srq_attr_mask {
type ib_srq_type (line 18543) | enum ib_srq_type {
type ib_t10_dif_bg_type (line 18549) | enum ib_t10_dif_bg_type {
type ib_uverbs_access_flags (line 18554) | enum ib_uverbs_access_flags {
type ib_uverbs_advise_mr_advice (line 18569) | enum ib_uverbs_advise_mr_advice {
type ib_uverbs_create_qp_mask (line 18575) | enum ib_uverbs_create_qp_mask {
type ib_uverbs_device_cap_flags (line 18579) | enum ib_uverbs_device_cap_flags {
type ib_uverbs_gid_type (line 18610) | enum ib_uverbs_gid_type {
type ib_uverbs_qp_create_flags (line 18616) | enum ib_uverbs_qp_create_flags {
type ib_uverbs_qp_type (line 18624) | enum ib_uverbs_qp_type {
type ib_uverbs_raw_packet_caps (line 18634) | enum ib_uverbs_raw_packet_caps {
type ib_uverbs_srq_type (line 18641) | enum ib_uverbs_srq_type {
type ib_uverbs_wc_opcode (line 18647) | enum ib_uverbs_wc_opcode {
type ib_uverbs_wq_flags (line 18660) | enum ib_uverbs_wq_flags {
type ib_uverbs_wq_type (line 18667) | enum ib_uverbs_wq_type {
type ib_uverbs_wr_opcode (line 18671) | enum ib_uverbs_wr_opcode {
type ib_uverbs_write_cmds (line 18690) | enum ib_uverbs_write_cmds {
type ib_wc_opcode (line 18734) | enum ib_wc_opcode {
type ib_wc_status (line 18752) | enum ib_wc_status {
type ib_wq_state (line 18777) | enum ib_wq_state {
type ib_wq_type (line 18783) | enum ib_wq_type {
type ib_wr_opcode (line 18787) | enum ib_wr_opcode {
type ibs_states (line 18818) | enum ibs_states {
type id_action (line 18826) | enum id_action {
type idle_boot_override (line 18831) | enum idle_boot_override {
type ieee80211_bss_type (line 18838) | enum ieee80211_bss_type {
type ieee80211_edmg_bw_config (line 18846) | enum ieee80211_edmg_bw_config {
type ieee802154_filtering_level (line 18861) | enum ieee802154_filtering_level {
type ieee8021q_traffic_type (line 18869) | enum ieee8021q_traffic_type {
type ieee_attrs (line 18881) | enum ieee_attrs {
type ieee_attrs_app (line 18898) | enum ieee_attrs_app {
type ima_fs_flags (line 18905) | enum ima_fs_flags {
type ima_hooks (line 18909) | enum ima_hooks {
type ima_show_type (line 18929) | enum ima_show_type {
type in6_addr_gen_mode (line 18936) | enum in6_addr_gen_mode {
type inet_csk_ack_state_t (line 18943) | enum inet_csk_ack_state_t {
type inode_i_mutex_lock_class (line 18952) | enum inode_i_mutex_lock_class {
type input_clock_type (line 18961) | enum input_clock_type {
type insn_mmio_type (line 18968) | enum insn_mmio_type {
type insn_mode (line 18978) | enum insn_mode {
type insn_type (line 18985) | enum insn_type {
type int_type (line 18993) | enum int_type {
type integrity_status (line 19001) | enum integrity_status {
type intel_cht_wc_models (line 19011) | enum intel_cht_wc_models {
type intel_excl_state_type (line 19019) | enum intel_excl_state_type {
type intercept_words (line 19025) | enum intercept_words {
type io_pgtable_caps (line 19035) | enum io_pgtable_caps {
type io_pgtable_fmt (line 19039) | enum io_pgtable_fmt {
type io_uring_cmd_flags (line 19053) | enum io_uring_cmd_flags {
type io_uring_msg_ring_flags (line 19066) | enum io_uring_msg_ring_flags {
type io_uring_op (line 19071) | enum io_uring_op {
type io_uring_register_op (line 19133) | enum io_uring_register_op {
type io_uring_register_pbuf_ring_flags (line 19167) | enum io_uring_register_pbuf_ring_flags {
type io_uring_register_restriction_op (line 19171) | enum io_uring_register_restriction_op {
type io_uring_socket_op (line 19179) | enum io_uring_socket_op {
type io_uring_sqe_flags_bit (line 19186) | enum io_uring_sqe_flags_bit {
type io_wq_cancel (line 19196) | enum io_wq_cancel {
type io_wq_type (line 19202) | enum io_wq_type {
type ioam6_event_attr (line 19207) | enum ioam6_event_attr {
type ioam6_event_type (line 19216) | enum ioam6_event_type {
type ioapic_domain_type (line 19221) | enum ioapic_domain_type {
type ioc_running (line 19228) | enum ioc_running {
type iommu_cap (line 19234) | enum iommu_cap {
type iommu_dev_features (line 19243) | enum iommu_dev_features {
type iommu_dma_cookie_type (line 19248) | enum iommu_dma_cookie_type {
type iommu_dma_queue_type (line 19253) | enum iommu_dma_queue_type {
type iommu_fault_type (line 19258) | enum iommu_fault_type {
type iommu_hw_info_type (line 19262) | enum iommu_hw_info_type {
type iommu_hw_info_vtd_flags (line 19267) | enum iommu_hw_info_vtd_flags {
type iommu_hwpt_data_type (line 19271) | enum iommu_hwpt_data_type {
type iommu_hwpt_invalidate_data_type (line 19276) | enum iommu_hwpt_invalidate_data_type {
type iommu_hwpt_vtd_s1_flags (line 19280) | enum iommu_hwpt_vtd_s1_flags {
type iommu_hwpt_vtd_s1_invalidate_flags (line 19286) | enum iommu_hwpt_vtd_s1_invalidate_flags {
type iommu_init_state (line 19290) | enum iommu_init_state {
type iommu_page_response_code (line 19303) | enum iommu_page_response_code {
type iommu_resv_type (line 19309) | enum iommu_resv_type {
type iommufd_hwpt_alloc_flags (line 19317) | enum iommufd_hwpt_alloc_flags {
type ip6_defrag_users (line 19323) | enum ip6_defrag_users {
type ip_conntrack_dir (line 19333) | enum ip_conntrack_dir {
type ip_conntrack_info (line 19339) | enum ip_conntrack_info {
type ip_conntrack_status (line 19350) | enum ip_conntrack_status {
type ip_defrag_users (line 19391) | enum ip_defrag_users {
type ipi_vector (line 19407) | enum ipi_vector {
type ipmi_addr_space (line 19417) | enum ipmi_addr_space {
type ipmi_addr_src (line 19422) | enum ipmi_addr_src {
type ipmi_plat_interface_type (line 19435) | enum ipmi_plat_interface_type {
type irq_alloc_type (line 19440) | enum irq_alloc_type {
type irq_domain_bus_token (line 19450) | enum irq_domain_bus_token {
type irq_gc_flags (line 19470) | enum irq_gc_flags {
type irq_mode (line 19478) | enum irq_mode {
type irq_remap_cap (line 19483) | enum irq_remap_cap {
type irqchip_irq_state (line 19487) | enum irqchip_irq_state {
type irqreturn (line 19494) | enum irqreturn {
type irqreturn_t (line 19500) | typedef enum irqreturn irqreturn_t;
type iter_type (line 19502) | enum iter_type {
type jbd2_shrink_type (line 19511) | enum jbd2_shrink_type {
type jbd_state_bits (line 19517) | enum jbd_state_bits {
type jump_label_type (line 19530) | enum jump_label_type {
type kcmp_type (line 19535) | enum kcmp_type {
type kcore_type (line 19547) | enum kcore_type {
type kdb_msgsrc (line 19555) | enum kdb_msgsrc {
type kernel_gp_hint (line 19560) | enum kernel_gp_hint {
type kernel_load_data_id (line 19566) | enum kernel_load_data_id {
type kernel_pkey_operation (line 19577) | enum kernel_pkey_operation {
type kernel_read_file_id (line 19584) | enum kernel_read_file_id {
type kernfs_node_flag (line 19595) | enum kernfs_node_flag {
type kernfs_node_type (line 19609) | enum kernfs_node_type {
type kernfs_root_flag (line 19615) | enum kernfs_root_flag {
type key_being_used_for (line 19622) | enum key_being_used_for {
type key_lookup_flag (line 19632) | enum key_lookup_flag {
type key_need_perm (line 19638) | enum key_need_perm {
type key_notification_subtype (line 19652) | enum key_notification_subtype {
type key_state (line 19663) | enum key_state {
type kfence_counter_id (line 19668) | enum kfence_counter_id {
type kfence_error_type (line 19680) | enum kfence_error_type {
type kfence_object_state (line 19688) | enum kfence_object_state {
type kfunc_ptr_arg_type (line 19694) | enum kfunc_ptr_arg_type {
type kgdb_bpstate (line 19714) | enum kgdb_bpstate {
type kgdb_bptype (line 19721) | enum kgdb_bptype {
type kmalloc_cache_type (line 19730) | enum kmalloc_cache_type {
type kmsg_dump_reason (line 19740) | enum kmsg_dump_reason {
type kobj_ns_type (line 19749) | enum kobj_ns_type {
type kobject_action (line 19755) | enum kobject_action {
type kprobe_slot_state (line 19766) | enum kprobe_slot_state {
type ksm_advisor_type (line 19772) | enum ksm_advisor_type {
type ksm_get_folio_flags (line 19777) | enum ksm_get_folio_flags {
type kvm_apic_logical_mode (line 19783) | enum kvm_apic_logical_mode {
type kvm_bus (line 19791) | enum kvm_bus {
type kvm_irqchip_mode (line 19799) | enum kvm_irqchip_mode {
type kvm_reg (line 19805) | enum kvm_reg {
type kvm_stat_kind (line 19834) | enum kvm_stat_kind {
type l1d_flush_mitigations (line 19839) | enum l1d_flush_mitigations {
type l1tf_mitigations (line 19844) | enum l1tf_mitigations {
type l2tp_debug_flags (line 19853) | enum l2tp_debug_flags {
type l3mdev_type (line 19860) | enum l3mdev_type {
type label_flags (line 19866) | enum label_flags {
type label_initialized (line 19885) | enum label_initialized {
type landlock_key_type (line 19891) | enum landlock_key_type {
type landlock_rule_type (line 19896) | enum landlock_rule_type {
type latency_count (line 19901) | enum latency_count {
type latency_type (line 19915) | enum latency_type {
type ldma_chan_on_off (line 19922) | enum ldma_chan_on_off {
type led_brightness (line 19927) | enum led_brightness {
type led_default_state (line 19934) | enum led_default_state {
type legacy_fs_param (line 19940) | enum legacy_fs_param {
type linux_mptcp_mib_field (line 19946) | enum linux_mptcp_mib_field {
type locality_types (line 20014) | enum locality_types {
type lockdep_ok (line 20021) | enum lockdep_ok {
type lockdown_reason (line 20026) | enum lockdown_reason {
type lp8788_alarm_sel (line 20059) | enum lp8788_alarm_sel {
type lp8788_charger_event (line 20065) | enum lp8788_charger_event {
type lp8788_dvs_sel (line 20070) | enum lp8788_dvs_sel {
type lp8788_int_id (line 20077) | enum lp8788_int_id {
type lp8788_isink_number (line 20102) | enum lp8788_isink_number {
type lp8788_isink_scale (line 20108) | enum lp8788_isink_scale {
type lru_list (line 20113) | enum lru_list {
type lru_status (line 20122) | enum lru_status {
type lruvec_flags (line 20131) | enum lruvec_flags {
type lsm_event (line 20136) | enum lsm_event {
type lsm_order (line 20140) | enum lsm_order {
type lsm_rule_types (line 20146) | enum lsm_rule_types {
type lw_bits (line 20155) | enum lw_bits {
type lwtunnel_encap_types (line 20159) | enum lwtunnel_encap_types {
type lwtunnel_ip6_t (line 20174) | enum lwtunnel_ip6_t {
type lwtunnel_ip_t (line 20187) | enum lwtunnel_ip_t {
type lzma2_seq (line 20200) | enum lzma2_seq {
type lzma_state (line 20212) | enum lzma_state {
type macsec_offload (line 20227) | enum macsec_offload {
type macsec_validation_type (line 20235) | enum macsec_validation_type {
type map_type (line 20243) | enum map_type {
type maple_status (line 20248) | enum maple_status {
type maple_type (line 20259) | enum maple_type {
type mapping_flags (line 20266) | enum mapping_flags {
type mapping_status (line 20279) | enum mapping_status {
type max14577_reg (line 20288) | enum max14577_reg {
type max77693_haptic_reg (line 20314) | enum max77693_haptic_reg {
type max77693_muic_reg (line 20335) | enum max77693_muic_reg {
type max77693_pmic_reg (line 20354) | enum max77693_pmic_reg {
type max77693_types (line 20406) | enum max77693_types {
type max77836_fg_reg (line 20413) | enum max77836_fg_reg {
type max77836_pmic_reg (line 20437) | enum max77836_pmic_reg {
type max77843_charger_reg (line 20456) | enum max77843_charger_reg {
type max77843_sys_reg (line 20477) | enum max77843_sys_reg {
type max8997_haptic_motor_type (line 20490) | enum max8997_haptic_motor_type {
type max8997_haptic_pulse_mode (line 20495) | enum max8997_haptic_pulse_mode {
type max8997_haptic_pwm_divisor (line 20500) | enum max8997_haptic_pwm_divisor {
type max8997_haptic_reg (line 20507) | enum max8997_haptic_reg {
type max8997_irq (line 20528) | enum max8997_irq {
type max8997_irq_source (line 20567) | enum max8997_irq_source {
type max8997_led_mode (line 20582) | enum max8997_led_mode {
type max8997_muic_reg (line 20590) | enum max8997_muic_reg {
type max8997_pmic_reg (line 20608) | enum max8997_pmic_reg {
type max8997_types (line 20742) | enum max8997_types {
type maxim_device_type (line 20747) | enum maxim_device_type {
type mca_msr (line 20754) | enum mca_msr {
type mce_notifier_prios (line 20761) | enum mce_notifier_prios {
type mcp_flags (line 20773) | enum mcp_flags {
type mctp_neigh_source (line 20780) | enum mctp_neigh_source {
type mctrl_gpio_idx (line 20785) | enum mctrl_gpio_idx {
type md_ro_state (line 20796) | enum md_ro_state {
type mddev_flags (line 20803) | enum mddev_flags {
type mddev_sb_flags (line 20817) | enum mddev_sb_flags {
type mds_mitigations (line 20824) | enum mds_mitigations {
type mem_cgroup_events_target (line 20830) | enum mem_cgroup_events_target {
type mem_type (line 20836) | enum mem_type {
type membarrier_cmd (line 20869) | enum membarrier_cmd {
type membarrier_cmd_flag (line 20884) | enum membarrier_cmd_flag {
type memblock_flags (line 20888) | enum memblock_flags {
type membw_throttle_mode (line 20897) | enum membw_throttle_mode {
type memcg_memory_event (line 20903) | enum memcg_memory_event {
type memcg_stat_item (line 20916) | enum memcg_stat_item {
type meminit_context (line 20927) | enum meminit_context {
type memory_type (line 20932) | enum memory_type {
type metadata_type (line 20940) | enum metadata_type {
type mf_action_page_type (line 20947) | enum mf_action_page_type {
type mf_flags (line 20971) | enum mf_flags {
type mf_result (line 20982) | enum mf_result {
type mfill_atomic_mode (line 20989) | enum mfill_atomic_mode {
type migrate_mode (line 20997) | enum migrate_mode {
type migrate_reason (line 21003) | enum migrate_reason {
type migrate_vma_direction (line 21017) | enum migrate_vma_direction {
type migratetype (line 21023) | enum migratetype {
type migration_type (line 21033) | enum migration_type {
type mipi_dsi_compression_algo (line 21040) | enum mipi_dsi_compression_algo {
type mipi_dsi_dcs_tear_mode (line 21045) | enum mipi_dsi_dcs_tear_mode {
type mipi_dsi_pixel_format (line 21050) | enum mipi_dsi_pixel_format {
type misc_res_type (line 21057) | enum misc_res_type {
type mm_cid_state (line 21063) | enum mm_cid_state {
type mm_io_opcode (line 21068) | enum mm_io_opcode {
type mmc_busy_cmd (line 21076) | enum mmc_busy_cmd {
type mmc_drv_op (line 21084) | enum mmc_drv_op {
type mmc_err_stat (line 21092) | enum mmc_err_stat {
type mmc_issue_type (line 21111) | enum mmc_issue_type {
type mminit_level (line 21118) | enum mminit_level {
type mmio_mitigations (line 21124) | enum mmio_mitigations {
type mmioh_arch (line 21130) | enum mmioh_arch {
type mmu_notifier_event (line 21138) | enum mmu_notifier_event {
type mnt_tree_flags_t (line 21149) | enum mnt_tree_flags_t {
type mod_license (line 21154) | enum mod_license {
type mod_mem_type (line 21159) | enum mod_mem_type {
type mode_set_atomic (line 21171) | enum mode_set_atomic {
type module_state (line 21176) | enum module_state {
type motionsense_command (line 21183) | enum motionsense_command {
type mousedev_emul (line 21206) | enum mousedev_emul {
type mp_bustype (line 21212) | enum mp_bustype {
type mp_irq_source_types (line 21218) | enum mp_irq_source_types {
type mptcp_addr_signal_status (line 21225) | enum mptcp_addr_signal_status {
type mptcp_event_attr (line 21231) | enum mptcp_event_attr {
type mptcp_event_type (line 21254) | enum mptcp_event_type {
type mptcp_pm_status (line 21268) | enum mptcp_pm_status {
type mptcp_pm_type (line 21278) | enum mptcp_pm_type {
type mq_rq_state (line 21285) | enum mq_rq_state {
type mscode_actions (line 21291) | enum mscode_actions {
type msdos_sys_ind (line 21298) | enum msdos_sys_ind {
type msi_desc_filter (line 21319) | enum msi_desc_filter {
type msi_domain_ids (line 21325) | enum msi_domain_ids {
type mthp_stat_item (line 21330) | enum mthp_stat_item {
type multi_stop_state (line 21345) | enum multi_stop_state {
type nbcon_prio (line 21353) | enum nbcon_prio {
type ncsi_nl_attrs (line 21361) | enum ncsi_nl_attrs {
type ncsi_nl_channel_attrs (line 21375) | enum ncsi_nl_channel_attrs {
type ncsi_nl_commands (line 21391) | enum ncsi_nl_commands {
type ncsi_nl_pkg_attrs (line 21403) | enum ncsi_nl_pkg_attrs {
type nd_async_mode (line 21413) | enum nd_async_mode {
type nd_driver_flags (line 21418) | enum nd_driver_flags {
type nd_ioctl_mode (line 21427) | enum nd_ioctl_mode {
type nd_label_flags (line 21432) | enum nd_label_flags {
type nd_pfn_mode (line 21436) | enum nd_pfn_mode {
type net_device_flags (line 21442) | enum net_device_flags {
type net_device_path_type (line 21464) | enum net_device_path_type {
type net_dm_alert_mode (line 21473) | enum net_dm_alert_mode {
type net_dm_attr (line 21478) | enum net_dm_attr {
type net_dm_origin (line 21507) | enum net_dm_origin {
type net_xmit_qdisc_t (line 21512) | enum net_xmit_qdisc_t {
type netdev_cmd (line 21517) | enum netdev_cmd {
type netdev_lag_hash (line 21560) | enum netdev_lag_hash {
type netdev_lag_tx_type (line 21571) | enum netdev_lag_tx_type {
type netdev_ml_priv_type (line 21580) | enum netdev_ml_priv_type {
type netdev_offload_xstats_type (line 21585) | enum netdev_offload_xstats_type {
type netdev_priv_flags (line 21589) | enum netdev_priv_flags {
type netdev_qstats_scope (line 21626) | enum netdev_qstats_scope {
type netdev_queue_state_t (line 21630) | enum netdev_queue_state_t {
type netdev_queue_type (line 21636) | enum netdev_queue_type {
type netdev_reg_state (line 21641) | enum netdev_reg_state {
type netdev_stat_type (line 21650) | enum netdev_stat_type {
type netdev_state_t (line 21657) | enum netdev_state_t {
type netdev_tx (line 21666) | enum netdev_tx {
type netdev_tx_t (line 21672) | typedef enum netdev_tx netdev_tx_t;
type netdev_xdp_act (line 21674) | enum netdev_xdp_act {
type netdev_xdp_rx_metadata (line 21685) | enum netdev_xdp_rx_metadata {
type netdev_xsk_flags (line 21691) | enum netdev_xsk_flags {
type netevent_notif_type (line 21696) | enum netevent_notif_type {
type netkit_action (line 21705) | enum netkit_action {
type netkit_mode (line 21712) | enum netkit_mode {
type netkit_scrub (line 21717) | enum netkit_scrub {
type netlink_attribute_type (line 21722) | enum netlink_attribute_type {
type netlink_policy_type_attr (line 21743) | enum netlink_policy_type_attr {
type netlink_skb_flags (line 21761) | enum netlink_skb_flags {
type netlink_validation (line 21765) | enum netlink_validation {
type netns_bpf_attach_type (line 21774) | enum netns_bpf_attach_type {
type nexthop_event_type (line 21781) | enum nexthop_event_type {
type nf_ct_ext_id (line 21789) | enum nf_ct_ext_id {
type nf_dev_hooks (line 21803) | enum nf_dev_hooks {
type nf_hook_ops_type (line 21809) | enum nf_hook_ops_type {
type nf_inet_hooks (line 21815) | enum nf_inet_hooks {
type nf_ip6_hook_priorities (line 21825) | enum nf_ip6_hook_priorities {
type nf_ip_hook_priorities (line 21842) | enum nf_ip_hook_priorities {
type nf_log_type (line 21860) | enum nf_log_type {
type nf_nat_manip_type (line 21866) | enum nf_nat_manip_type
type nfs3_stable_how (line 21868) | enum nfs3_stable_how {
type nfs4_change_attr_type (line 21875) | enum nfs4_change_attr_type {
type nfs_opnum4 (line 21883) | enum nfs_opnum4 {
type nh_notifier_info_type (line 21960) | enum nh_notifier_info_type {
type nl80211_auth_type (line 21968) | enum nl80211_auth_type {
type nl80211_band (line 21982) | enum nl80211_band {
type nl80211_bss_select_attr (line 21992) | enum nl80211_bss_select_attr {
type nl80211_chan_width (line 22001) | enum nl80211_chan_width {
type nl80211_dfs_regions (line 22018) | enum nl80211_dfs_regions {
type nl80211_dfs_state (line 22025) | enum nl80211_dfs_state {
type nl80211_ext_feature_index (line 22031) | enum nl80211_ext_feature_index {
type nl80211_iftype (line 22106) | enum nl80211_iftype {
type nl80211_key_mode (line 22124) | enum nl80211_key_mode {
type nl80211_mfp (line 22130) | enum nl80211_mfp {
type nl80211_mntr_flags (line 22136) | enum nl80211_mntr_flags {
type nl80211_reg_initiator (line 22148) | enum nl80211_reg_initiator {
type nl80211_sae_pwe_mechanism (line 22155) | enum nl80211_sae_pwe_mechanism {
type nl80211_sar_type (line 22162) | enum nl80211_sar_type {
type nl80211_user_reg_hint_type (line 22167) | enum nl80211_user_reg_hint_type {
type nl802154_cca_modes (line 22173) | enum nl802154_cca_modes {
type nl802154_cca_opts (line 22185) | enum nl802154_cca_opts {
type nl802154_supported_bool_states (line 22192) | enum nl802154_supported_bool_states {
type nla_policy_validation (line 22201) | enum nla_policy_validation {
type nlmsgerr_attrs (line 22212) | enum nlmsgerr_attrs {
type nmi_states (line 22224) | enum nmi_states {
type node_stat_item (line 22230) | enum node_stat_item {
type node_states (line 22285) | enum node_states {
type notify_state (line 22296) | enum notify_state {
type numa_faults_stats (line 22302) | enum numa_faults_stats {
type numa_stat_item (line 22309) | enum numa_stat_item {
type numa_topology_type (line 22319) | enum numa_topology_type {
type numa_type (line 22325) | enum numa_type {
type numa_vmaskip_reason (line 22331) | enum numa_vmaskip_reason {
type nvdimm_claim_class (line 22341) | enum nvdimm_claim_class {
type nvdimm_event (line 22350) | enum nvdimm_event {
type nvdimm_fwa_capability (line 22355) | enum nvdimm_fwa_capability {
type nvdimm_fwa_result (line 22362) | enum nvdimm_fwa_result {
type nvdimm_fwa_state (line 22371) | enum nvdimm_fwa_state {
type nvdimm_fwa_trigger (line 22379) | enum nvdimm_fwa_trigger {
type nvdimm_passphrase_type (line 22384) | enum nvdimm_passphrase_type {
type nvdimm_security_bits (line 22389) | enum nvdimm_security_bits {
type nvdimmsec_op_ids (line 22397) | enum nvdimmsec_op_ids {
type nvmem_type (line 22408) | enum nvmem_type {
type objext_flags (line 22416) | enum objext_flags {
type odd_mech_type (line 22421) | enum odd_mech_type {
type offload_act_command (line 22427) | enum offload_act_command {
type ohci_rh_state (line 22433) | enum ohci_rh_state {
type oom_constraint (line 22439) | enum oom_constraint {
type opal_atom_width (line 22446) | enum opal_atom_width {
type opal_key_type (line 22454) | enum opal_key_type {
type opal_lock_flags (line 22459) | enum opal_lock_flags {
type opal_lock_state (line 22463) | enum opal_lock_state {
type opal_mbr (line 22469) | enum opal_mbr {
type opal_mbr_done_flag (line 22474) | enum opal_mbr_done_flag {
type opal_method (line 22479) | enum opal_method {
type opal_parameter (line 22498) | enum opal_parameter {
type opal_response_token (line 22502) | enum opal_response_token {
type opal_revert_lsp_opts (line 22510) | enum opal_revert_lsp_opts {
type opal_revertlsp (line 22514) | enum opal_revertlsp {
type opal_table_ops (line 22518) | enum opal_table_ops {
type opal_token (line 22523) | enum opal_token {
type opal_uid (line 22572) | enum opal_uid {
type opal_user (line 22606) | enum opal_user {
type opp_table_access (line 22619) | enum opp_table_access {
type osnoise_options_index (line 22625) | enum osnoise_options_index {
type owner_state (line 22634) | enum owner_state {
type packet_sock_flags (line 22641) | enum packet_sock_flags {
type packing_op (line 22651) | enum packing_op {
type page_cache_mode (line 22656) | enum page_cache_mode {
type page_memcg_data_flags (line 22666) | enum page_memcg_data_flags {
type page_size_enum (line 22672) | enum page_size_enum {
type page_walk_action (line 22676) | enum page_walk_action {
type page_walk_lock (line 22682) | enum page_walk_lock {
type pageblock_bits (line 22688) | enum pageblock_bits {
type pageflags (line 22695) | enum pageflags {
type pagetype (line 22738) | enum pagetype {
type palmas_external_requestor_id (line 22750) | enum palmas_external_requestor_id {
type palmas_irqs (line 22780) | enum palmas_irqs {
type palmas_regulators (line 22816) | enum palmas_regulators {
type palmas_usb_state (line 22847) | enum palmas_usb_state {
type partition_cmd (line 22853) | enum partition_cmd {
type passtype (line 22861) | enum passtype {
type path_flags (line 22867) | enum path_flags {
type pce_status (line 22877) | enum pce_status {
type pci_bar_type (line 22885) | enum pci_bar_type {
type pci_barno (line 22892) | enum pci_barno {
type pci_bf_sort_state (line 22902) | enum pci_bf_sort_state {
type pci_board_num_t (line 22909) | enum pci_board_num_t {
type pci_bus_flags (line 23028) | enum pci_bus_flags {
type pci_bus_speed (line 23035) | enum pci_bus_speed {
type pci_dev_flags (line 23064) | enum pci_dev_flags {
type pci_epc_bar_type (line 23079) | enum pci_epc_bar_type {
type pci_epc_interface_type (line 23085) | enum pci_epc_interface_type {
type pci_ers_result (line 23091) | enum pci_ers_result {
type pci_fixup_pass (line 23100) | enum pci_fixup_pass {
type pci_interrupt_pin (line 23111) | enum pci_interrupt_pin {
type pci_irq_reroute_variant (line 23119) | enum pci_irq_reroute_variant {
type pci_mmap_api (line 23124) | enum pci_mmap_api {
type pci_mmap_state (line 23129) | enum pci_mmap_state {
type pci_p2pdma_map_type (line 23134) | enum pci_p2pdma_map_type {
type pcie_bus_config_types (line 23141) | enum pcie_bus_config_types {
type pcie_link_width (line 23149) | enum pcie_link_width {
type pcie_reset_state (line 23161) | enum pcie_reset_state {
type pcim_addr_devres_type (line 23167) | enum pcim_addr_devres_type {
type pcpu_fc (line 23174) | enum pcpu_fc {
type pedit_cmd (line 23181) | enum pedit_cmd {
type pedit_header_type (line 23187) | enum pedit_header_type {
type peer_app_attr (line 23197) | enum peer_app_attr {
type perf_addr_filter_action_t (line 23204) | enum perf_addr_filter_action_t {
type perf_adl_uncore_imc_freerunning_types (line 23210) | enum perf_adl_uncore_imc_freerunning_types {
type perf_bpf_event_type (line 23217) | enum perf_bpf_event_type {
type perf_branch_sample_type (line 23224) | enum perf_branch_sample_type {
type perf_branch_sample_type_shift (line 23248) | enum perf_branch_sample_type_shift {
type perf_callchain_context (line 23272) | enum perf_callchain_context {
type perf_event_ioc_flags (line 23282) | enum perf_event_ioc_flags {
type perf_event_read_format (line 23286) | enum perf_event_read_format {
type perf_event_sample_format (line 23295) | enum perf_event_sample_format {
type perf_event_state (line 23324) | enum perf_event_state {
type perf_event_task_context (line 23333) | enum perf_event_task_context {
type perf_event_type (line 23340) | enum perf_event_type {
type perf_event_x86_regs (line 23365) | enum perf_event_x86_regs {
type perf_hw_cache_id (line 23411) | enum perf_hw_cache_id {
type perf_hw_cache_op_id (line 23422) | enum perf_hw_cache_op_id {
type perf_hw_cache_op_result_id (line 23429) | enum perf_hw_cache_op_result_id {
type perf_hw_id (line 23435) | enum perf_hw_id {
type perf_msr_id (line 23449) | enum perf_msr_id {
type perf_probe_config (line 23461) | enum perf_probe_config {
type perf_record_ksymbol_type (line 23467) | enum perf_record_ksymbol_type {
type perf_sample_regs_abi (line 23474) | enum perf_sample_regs_abi {
type perf_snb_uncore_imc_freerunning_types (line 23480) | enum perf_snb_uncore_imc_freerunning_types {
type perf_sw_ids (line 23489) | enum perf_sw_ids {
type perf_tgl_uncore_imc_freerunning_types (line 23505) | enum perf_tgl_uncore_imc_freerunning_types {
type perf_type_id (line 23512) | enum perf_type_id {
type perf_uncore_icx_iio_freerunning_type_id (line 23522) | enum perf_uncore_icx_iio_freerunning_type_id {
type perf_uncore_icx_imc_freerunning_type_id (line 23528) | enum perf_uncore_icx_imc_freerunning_type_id {
type perf_uncore_iio_freerunning_type_id (line 23535) | enum perf_uncore_iio_freerunning_type_id {
type perf_uncore_snr_iio_freerunning_type_id (line 23542) | enum perf_uncore_snr_iio_freerunning_type_id {
type perf_uncore_snr_imc_freerunning_type_id (line 23548) | enum perf_uncore_snr_imc_freerunning_type_id {
type perf_uncore_spr_iio_freerunning_type_id (line 23554) | enum perf_uncore_spr_iio_freerunning_type_id {
type perf_uncore_spr_imc_freerunning_type_id (line 23561) | enum perf_uncore_spr_imc_freerunning_type_id {
type pg_level (line 23567) | enum pg_level {
type pgdat_flags (line 23577) | enum pgdat_flags {
type pgt_entry (line 23583) | enum pgt_entry {
type phy_media (line 23590) | enum phy_media {
type phy_mode (line 23596) | enum phy_mode {
type phy_state (line 23619) | enum phy_state {
type phy_state_work (line 23630) | enum phy_state_work {
type phy_tunable_id (line 23636) | enum phy_tunable_id {
type phylink_op_type (line 23644) | enum phylink_op_type {
type pid_type (line 23649) | enum pid_type {
type pidcg_event (line 23657) | enum pidcg_event {
type piix_controller_ids (line 23663) | enum piix_controller_ids {
type pin_config_param (line 23683) | enum pin_config_param {
type pinctrl_map_type (line 23713) | enum pinctrl_map_type {
type pkcs7_actions (line 23721) | enum pkcs7_actions {
type pkey_id_type (line 23742) | enum pkey_id_type {
type pkt_hash_types (line 23748) | enum pkt_hash_types {
type pm8606_ref_gp_and_osc_clients (line 23755) | enum pm8606_ref_gp_and_osc_clients {
type pm_qos_flags_status (line 23766) | enum pm_qos_flags_status {
type pm_qos_req_action (line 23773) | enum pm_qos_req_action {
type pm_qos_type (line 23779) | enum pm_qos_type {
type pmc_type (line 23785) | enum pmc_type {
type poison_cmd_enabled_bits (line 23790) | enum poison_cmd_enabled_bits {
type policy_opt (line 23800) | enum policy_opt {
type policy_rule_list (line 23849) | enum policy_rule_list {
type policy_types (line 23854) | enum policy_types {
type poll_time_type (line 23859) | enum poll_time_type {
type polling_modes (line 23866) | enum polling_modes {
type pool_workqueue_stats (line 23873) | enum pool_workqueue_stats {
type port_pkey_state (line 23885) | enum port_pkey_state {
type positive_aop_returns (line 23891) | enum positive_aop_returns {
type power_supply_charge_behaviour (line 23896) | enum power_supply_charge_behaviour {
type power_supply_notifier_events (line 23902) | enum power_supply_notifier_events {
type power_supply_property (line 23906) | enum power_supply_property {
type power_supply_type (line 23985) | enum power_supply_type {
type power_supply_usb_type (line 24001) | enum power_supply_usb_type {
type pr_status (line 24014) | enum pr_status {
type pr_type (line 24023) | enum pr_type {
type prep_dispatch (line 24032) | enum prep_dispatch {
type print_line_t (line 24038) | enum print_line_t {
type printk_info_flags (line 24045) | enum printk_info_flags {
type prio_policy (line 24050) | enum prio_policy {
type probe_print_type (line 24058) | enum probe_print_type {
type probe_type (line 24064) | enum probe_type {
type proc_cn_event (line 24070) | enum proc_cn_event {
type proc_cn_mcast_op (line 24084) | enum proc_cn_mcast_op {
type proc_hidepid (line 24089) | enum proc_hidepid {
type proc_mem_force (line 24096) | enum proc_mem_force {
type proc_param (line 24102) | enum proc_param {
type proc_pidonly (line 24108) | enum proc_pidonly {
type procmap_query_flags (line 24113) | enum procmap_query_flags {
type profile_mode (line 24122) | enum profile_mode {
type protection_domain_mode (line 24130) | enum protection_domain_mode {
type prs_errcode (line 24135) | enum prs_errcode {
type ps2_disposition (line 24147) | enum ps2_disposition {
type psc_op (line 24153) | enum psc_op {
type pse_pi_pairset_pinout (line 24158) | enum pse_pi_pairset_pinout {
type psi_aggregators (line 24163) | enum psi_aggregators {
type psi_res (line 24169) | enum psi_res {
type psi_states (line 24176) | enum psi_states {
type psi_task_count (line 24187) | enum psi_task_count {
type pstore_type_id (line 24195) | enum pstore_type_id {
type pt_capabilities (line 24208) | enum pt_capabilities {
type pt_level (line 24229) | enum pt_level {
type pti_clone_level (line 24237) | enum pti_clone_level {
type pti_mode (line 24242) | enum pti_mode {
type ptp_clock_events (line 24248) | enum ptp_clock_events {
type ptp_pin_function (line 24256) | enum ptp_pin_function {
type pubkey_algo (line 24263) | enum pubkey_algo {
type pwm_polarity (line 24268) | enum pwm_polarity {
type pxa_ssp_type (line 24273) | enum pxa_ssp_type {
type qdisc_class_ops_flags (line 24294) | enum qdisc_class_ops_flags {
type qdisc_state2_t (line 24298) | enum qdisc_state2_t {
type qdisc_state_t (line 24302) | enum qdisc_state_t {
type quota_type (line 24309) | enum quota_type {
type ramfs_param (line 24315) | enum ramfs_param {
type rdma_ah_attr_type (line 24319) | enum rdma_ah_attr_type {
type rdma_driver_id (line 24326) | enum rdma_driver_id {
type rdma_link_layer (line 24351) | enum rdma_link_layer {
type rdma_netdev_t (line 24357) | enum rdma_netdev_t {
type rdma_nl_counter_mask (line 24362) | enum rdma_nl_counter_mask {
type rdma_nl_counter_mode (line 24367) | enum rdma_nl_counter_mode {
type rdma_nl_dev_type (line 24374) | enum rdma_nl_dev_type {
type rdma_nl_name_assign_type (line 24378) | enum rdma_nl_name_assign_type {
type rdma_restrack_type (line 24383) | enum rdma_restrack_type {
type rdmacg_file_type (line 24395) | enum rdmacg_file_type {
type rdmacg_resource_type (line 24400) | enum rdmacg_resource_type {
type rdt_group_type (line 24406) | enum rdt_group_type {
type rdt_param (line 24412) | enum rdt_param {
type rdtgrp_mode (line 24420) | enum rdtgrp_mode {
type reason_type (line 24428) | enum reason_type {
type reboot_mode (line 24437) | enum reboot_mode {
type reboot_type (line 24446) | enum reboot_type {
type recovery_flags (line 24456) | enum recovery_flags {
type refcount_saturation_type (line 24472) | enum refcount_saturation_type {
type reg_arg_type (line 24480) | enum reg_arg_type {
type reg_type (line 24486) | enum reg_type {
type regcache_type (line 24493) | enum regcache_type {
type regex_type (line 24500) | enum regex_type {
type regmap_endian (line 24509) | enum regmap_endian {
type regnames (line 24516) | enum regnames {
type regulator_active_discharge (line 24543) | enum regulator_active_discharge {
type regulator_detection_severity (line 24549) | enum regulator_detection_severity {
type regulator_get_type (line 24555) | enum regulator_get_type {
type regulator_status (line 24562) | enum regulator_status {
type regulator_type (line 24574) | enum regulator_type {
type release_type (line 24579) | enum release_type {
type req_flag_bits (line 24584) | enum req_flag_bits {
type req_op (line 24609) | enum req_op {
type resctrl_conf_type (line 24627) | enum resctrl_conf_type {
type resctrl_domain_type (line 24633) | enum resctrl_domain_type {
type resctrl_event_id (line 24638) | enum resctrl_event_id {
type resctrl_res_level (line 24644) | enum resctrl_res_level {
type resctrl_scope (line 24652) | enum resctrl_scope {
type resolve_mode (line 24658) | enum resolve_mode {
type retbleed_mitigation (line 24664) | enum retbleed_mitigation {
type retbleed_mitigation_cmd (line 24673) | enum retbleed_mitigation_cmd {
type rfds_mitigations (line 24681) | enum rfds_mitigations {
type rfkill_hard_block_reasons (line 24687) | enum rfkill_hard_block_reasons {
type rfkill_input_master_mode (line 24692) | enum rfkill_input_master_mode {
type rfkill_operation (line 24699) | enum rfkill_operation {
type rfkill_sched_op (line 24706) | enum rfkill_sched_op {
type rfkill_type (line 24713) | enum rfkill_type {
type rfkill_user_states (line 24726) | enum rfkill_user_states {
type ring_buffer_flags (line 24732) | enum ring_buffer_flags {
type ring_buffer_type (line 24736) | enum ring_buffer_type {
type rio_device_state (line 24743) | enum rio_device_state {
type rio_write_type (line 24750) | enum rio_write_type {
type rlimit_type (line 24757) | enum rlimit_type {
type rmap_level (line 24765) | enum rmap_level {
type rp_check (line 24770) | enum rp_check {
type rpc_display_format_t (line 24776) | enum rpc_display_format_t {
type rpm_request (line 24786) | enum rpm_request {
type rpm_status (line 24794) | enum rpm_status {
type rproc_crash_type (line 24802) | enum rproc_crash_type {
type rproc_dump_mechanism (line 24808) | enum rproc_dump_mechanism {
type rproc_features (line 24814) | enum rproc_features {
type rproc_state (line 24819) | enum rproc_state {
type rq_end_io_ret (line 24830) | enum rq_end_io_ret {
type rq_qos_id (line 24835) | enum rq_qos_id {
type rsaprivkey_actions (line 24841) | enum rsaprivkey_actions {
type rsapubkey_actions (line 24853) | enum rsapubkey_actions {
type rsc_handling_status (line 24859) | enum rsc_handling_status {
type rseq_cpu_id_state (line 24864) | enum rseq_cpu_id_state {
type rseq_cs_flags (line 24869) | enum rseq_cs_flags {
type rseq_cs_flags_bit (line 24875) | enum rseq_cs_flags_bit {
type rseq_event_mask_bits (line 24881) | enum rseq_event_mask_bits {
type rseq_flags (line 24887) | enum rseq_flags {
type rt6_nud_state (line 24891) | enum rt6_nud_state {
type rt_class_t (line 24898) | enum rt_class_t {
type rt_scope_t (line 24907) | enum rt_scope_t {
type rtattr_type_t (line 24915) | enum rtattr_type_t {
type rtmutex_chainwalk (line 24950) | enum rtmutex_chainwalk {
type rtnetlink_groups (line 24955) | enum rtnetlink_groups {
type rtnl_kinds (line 24996) | enum rtnl_kinds {
type rtnl_link_flags (line 25003) | enum rtnl_link_flags {
type rw_hint (line 25010) | enum rw_hint {
type rwsem_waiter_type (line 25019) | enum rwsem_waiter_type {
type rwsem_wake_type (line 25024) | enum rwsem_wake_type {
type rx_handler_result (line 25030) | enum rx_handler_result {
type rx_handler_result_t (line 25037) | typedef enum rx_handler_result rx_handler_result_t;
type s2idle_states (line 25039) | enum s2idle_states {
type s_alloc (line 25045) | enum s_alloc {
type sam_status (line 25052) | enum sam_status {
type scan_balance (line 25066) | enum scan_balance {
type scan_result (line 25073) | enum scan_result {
type sched_tunable_scaling (line 25108) | enum sched_tunable_scaling {
type scrub_type (line 25115) | enum scrub_type {
type scsi_cmnd_submitter (line 25128) | enum scsi_cmnd_submitter {
type scsi_device_event (line 25134) | enum scsi_device_event {
type scsi_device_state (line 25148) | enum scsi_device_state {
type scsi_devinfo_key (line 25160) | enum scsi_devinfo_key {
type scsi_disposition (line 25165) | enum scsi_disposition {
type scsi_host_guard_type (line 25177) | enum scsi_host_guard_type {
type scsi_host_prot_capabilities (line 25182) | enum scsi_host_prot_capabilities {
type scsi_host_state (line 25192) | enum scsi_host_state {
type scsi_host_status (line 25202) | enum scsi_host_status {
type scsi_ml_status (line 25222) | enum scsi_ml_status {
type scsi_msg_byte (line 25231) | enum scsi_msg_byte {
type scsi_pr_type (line 25262) | enum scsi_pr_type {
type scsi_prot_flags (line 25271) | enum scsi_prot_flags {
type scsi_prot_operations (line 25279) | enum scsi_prot_operations {
type scsi_scan_mode (line 25289) | enum scsi_scan_mode {
type scsi_target_state (line 25295) | enum scsi_target_state {
type scsi_timeout_action (line 25303) | enum scsi_timeout_action {
type scsi_timeouts (line 25309) | enum scsi_timeouts {
type scsi_vpd_parameters (line 25313) | enum scsi_vpd_parameters {
type sctp_cid (line 25318) | enum sctp_cid {
type sctp_conntrack (line 25344) | enum sctp_conntrack {
type sctp_endpoint_type (line 25358) | enum sctp_endpoint_type {
type sctp_event_timeout (line 25363) | enum sctp_event_timeout {
type sctp_msg_flags (line 25378) | enum sctp_msg_flags {
type sctp_param (line 25382) | enum sctp_param {
type sctp_scope (line 25411) | enum sctp_scope {
type sctp_socket_type (line 25419) | enum sctp_socket_type {
type sctp_state (line 25425) | enum sctp_state {
type security_cmd_enabled_bits (line 25436) | enum security_cmd_enabled_bits {
type seg6_end_dt_mode (line 25448) | enum seg6_end_dt_mode {
type seg6_local_flv_action (line 25454) | enum seg6_local_flv_action {
type seg6_local_pktinfo (line 25463) | enum seg6_local_pktinfo {
type sel_inos (line 25471) | enum sel_inos {
type selinux_nlgroups (line 25495) | enum selinux_nlgroups {
type ser (line 25501) | enum ser {
type serdev_parity (line 25506) | enum serdev_parity {
type serio_event_type (line 25512) | enum serio_event_type {
type setid_type (line 25520) | enum setid_type {
type severity_level (line 25525) | enum severity_level {
type sgp_type (line 25537) | enum sgp_type {
type sgx_attribute (line 25545) | enum sgx_attribute {
type sgx_encl_flags (line 25555) | enum sgx_encl_flags {
type sgx_encls_function (line 25562) | enum sgx_encls_function {
type sgx_page_flags (line 25580) | enum sgx_page_flags {
type sgx_page_type (line 25584) | enum sgx_page_type {
type sgx_return_code (line 25592) | enum sgx_return_code {
type sgx_secinfo_flags (line 25601) | enum sgx_secinfo_flags {
type shmem_param (line 25612) | enum shmem_param {
type show_regs_mode (line 25633) | enum show_regs_mode {
type shutdown_state (line 25639) | enum shutdown_state {
type si_type (line 25646) | enum si_type {
type sid_policy_type (line 25654) | enum sid_policy_type {
type sig_handler (line 25660) | enum sig_handler {
type siginfo_layout (line 25666) | enum siginfo_layout {
type simatic_ipc_station_ids (line 25681) | enum simatic_ipc_station_ids {
type sk_action (line 25699) | enum sk_action {
type sk_pacing (line 25704) | enum sk_pacing {
type sk_psock_state_bits (line 25710) | enum sk_psock_state_bits {
type sk_rst_reason (line 25715) | enum sk_rst_reason {
type skb_drop_reason (line 25738) | enum skb_drop_reason {
type skb_drop_reason_subsys (line 25833) | enum skb_drop_reason_subsys {
type skb_ext_id (line 25841) | enum skb_ext_id {
type skb_tstamp_type (line 25849) | enum skb_tstamp_type {
type sknetlink_groups (line 25856) | enum sknetlink_groups {
type slab_stat_type (line 258
Condensed preview — 295 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (5,267K chars).
[
{
"path": "CHANGELOG.md",
"chars": 2206,
"preview": "# Changelog\r\n\r\nAll notable changes to this project will be documented in this file.\r\n\r\nThe format is based on [Keep a Ch"
},
{
"path": "CLAUDE.md",
"chars": 6140,
"preview": "# CLAUDE.md\r\n\r\nThis file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.\r\n\r"
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 5219,
"preview": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nWe as members, contributors, and leaders pledge to make participa"
},
{
"path": "CONTRIBUTING.md",
"chars": 4084,
"preview": "# Contributing to OpenNHP\r\n\r\nThank you for your interest in contributing to OpenNHP! This document provides guidelines a"
},
{
"path": "LICENSE",
"chars": 11357,
"preview": " Apache License\n Version 2.0, January 2004\n "
},
{
"path": "Makefile",
"chars": 14975,
"preview": "export GO111MODULE := on\nCUSTOM_LD_FLAGS ?=\n\nall: generate-version-and-build\n\n# Repo settings\nGOMODULE = github.com/Open"
},
{
"path": "README.de.md",
"chars": 20048,
"preview": "[](https://github.com/OpenNHP/opennhp/blob/master/README.md)\r\n[](https://github.com/OpenNHP/opennhp/blob/master/README.md)\r\n[](https://github.com/OpenNHP/opennhp/blob/master/README.md)\r\n[](https://github.com/OpenNHP/opennhp/blob/master/README.md)\r\n[](https://github.com/OpenNHP/opennhp/blob/master/README.md)\n[](https://github.com/OpenNHP/opennhp/blob/master/README.md)\n[![zh-"
},
{
"path": "SECURITY.md",
"chars": 779,
"preview": "# Security Policy\n\n## Reporting Security Issues\n\nThe OpenNHP team and community take security bugs in OpenNHP seriously."
},
{
"path": "build.bat",
"chars": 3341,
"preview": "@echo off\r\n\r\ncd %~dp0\r\n\r\nFOR /F %%i in ('powershell -c \"get-date -format yyMMddHHmmss\"') do SET BUILD_NO=%%i\r\nFOR /F \"to"
},
{
"path": "codecov.yml",
"chars": 473,
"preview": "codecov:\r\n require_ci_to_pass: yes\r\n\r\ncoverage:\r\n precision: 2\r\n round: down\r\n range: \"60...100\"\r\n status:\r\n pro"
},
{
"path": "docker/Dockerfile.ac",
"chars": 1803,
"preview": "FROM opennhp-base:latest AS builder\nWORKDIR /nhp-server\n\nCOPY . .\n\nRUN echo \"Building for architecture: ${TARGETARCH}\"\n\n"
},
{
"path": "docker/Dockerfile.agent",
"chars": 674,
"preview": "FROM opennhp-base:latest AS builder\n\nWORKDIR /workdir\n\nCOPY . .\n\nRUN echo \"Building for architecture: ${TARGETARCH}\"\n\nR"
},
{
"path": "docker/Dockerfile.app",
"chars": 2537,
"preview": "FROM --platform=$BUILDPLATFORM ubuntu:22.04 AS builder\n\n# Get target platform architecture\nARG TARGETARCH\nARG TARGETOS\nA"
},
{
"path": "docker/Dockerfile.base",
"chars": 1885,
"preview": "FROM --platform=$BUILDPLATFORM ubuntu:22.04 AS builder\n\n# Get target platform architecture\nARG TARGETARCH\nARG TARGETOS\nA"
},
{
"path": "docker/Dockerfile.server",
"chars": 906,
"preview": "FROM opennhp-base:latest AS builder\n\nWORKDIR /nhp-server\n\nCOPY . .\n\nRUN echo \"Building for architecture: ${TARGETARCH}\""
},
{
"path": "docker/certs/server.crt",
"chars": 1850,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFKDCCAxCgAwIBAgIUR0G6YkK3Fjt2uqAEtfjlAgzxxoowDQYJKoZIhvcNAQEL\nBQAwFTETMBEGA1UEAwwKb3Blbm5"
},
{
"path": "docker/certs/server.key",
"chars": 3272,
"preview": "-----BEGIN PRIVATE KEY-----\nMIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCr9I9uWvVZU8PU\n50/T4eN+Qp+B+j9WtGI8vqrT8dM"
},
{
"path": "docker/docker-compose.dhp.yaml",
"chars": 1594,
"preview": "networks:\n network_default:\n ipam:\n driver: default\n config:\n - subnet: '177.7.0.0/16'\n\nvolumes:\n "
},
{
"path": "docker/docker-compose.yaml",
"chars": 2277,
"preview": "networks:\n network_default:\n ipam:\n driver: default\n config:\n - subnet: '177.7.0.0/16'\n\nvolumes:\n "
},
{
"path": "docker/iptables_defaults_ubuntu.sh",
"chars": 10239,
"preview": "#!/bin/bash\nCURRENT_DIR=$(cd \"$(dirname \"$0\")\" && pwd)\nif [ \"$1\" = \"-f\" ];then\n echo \"Flushing existing iptables rule"
},
{
"path": "docker/iptables_defaults_x86.sh",
"chars": 10311,
"preview": "#!/bin/bash\nCURRENT_DIR=`cd \\`dirname $0\\`; pwd`\n\n### flush existing rules and set chain policy setting to DROP\nif [ \"$1"
},
{
"path": "docker/nhp-ac/etc/config.toml",
"chars": 863,
"preview": "# NHP-Agent base config\r\n# field with (-) does not support dynamic update\r\n\r\n# PrivateKeyBase64 (-): agent private key i"
},
{
"path": "docker/nhp-ac/etc/resource.toml",
"chars": 409,
"preview": "# List resources for the agent to knock automatically after launch\r\n\r\n# AuthServiceId: id of the authentication and auth"
},
{
"path": "docker/nhp-ac/etc/server.toml",
"chars": 667,
"preview": "# list the server peers for the agent under [[Servers]] table\r\n\r\n# Hostname: the domain of the server peer. If specified"
},
{
"path": "docker/nhp-ac/traefik/etc/provider.toml",
"chars": 405,
"preview": "\n[http]\n [http.routers]\n #\n # hqdata-opennhp-cn\n #\n [http.routers.router-hqdata-opennhp-cn]\n entryPoin"
},
{
"path": "docker/nhp-ac/traefik/etc/traefik.toml",
"chars": 140,
"preview": "[entryPoints]\n [entryPoints.web]\n address = \":80\"\n\n[providers.file]\n filename = \"provider.toml\"\n\n[log]\n level = \"T"
},
{
"path": "docker/nhp-agent/etc/certs/server.crt",
"chars": 1178,
"preview": "-----BEGIN CERTIFICATE-----\r\nMIIDKzCCAhMCFCl+W8SPu1590nfwXgANK1STySQ0MA0GCSqGSIb3DQEBCwUAMFIx\r\nCzAJBgNVBAYTAkNOMRMwEQYDV"
},
{
"path": "docker/nhp-agent/etc/certs/server.key",
"chars": 1732,
"preview": "-----BEGIN PRIVATE KEY-----\r\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD4O/9vxs1dGFKJ\r\nL+IjwrRIOJDHuoEzTtJQ7fsyA"
},
{
"path": "docker/nhp-agent/etc/config.toml",
"chars": 844,
"preview": "# NHP-Agent base config\r\n# field with (-) does not support dynamic update\r\n\r\n# PrivateKeyBase64 (-): agent private key i"
},
{
"path": "docker/nhp-agent/etc/dhp.toml",
"chars": 238,
"preview": "# Configuration that is related to data object hiding protocol in agent side.\n\n# TEEPrivateKeyBase64: base64 encoded pri"
},
{
"path": "docker/nhp-agent/etc/resource.toml",
"chars": 408,
"preview": "# List resources for the agent to knock automatically after launch\r\n\r\n# AuthServiceId: id of the authentication and auth"
},
{
"path": "docker/nhp-agent/etc/server.toml",
"chars": 646,
"preview": "# list the server peers for the agent under [[Servers]] table\r\n\r\n# Hostname: the domain of the server peer. If specified"
},
{
"path": "docker/nhp-db/demo/metadata.json",
"chars": 1194,
"preview": "{\r\n \"typeIdentifier\": \"risk involved accounts\",\r\n \"dataSize\": 7311,\r\n \"owner\": \"police@police.com\",\r\n \"descripti"
},
{
"path": "docker/nhp-db/demo/metadata.schema.json",
"chars": 2642,
"preview": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"type\": \"object\",\n \"title\": \"metadata of zero trust data ob"
},
{
"path": "docker/nhp-db/demo/risk.involved.accounts.csv",
"chars": 7311,
"preview": "account_id,id_card,risk_level,risk_tags,valid_from,valid_to\r\n6222021101123456789,110101199001011234,L3,\"telecom_fraud,cr"
},
{
"path": "docker/nhp-db/demo/smart.policy.json",
"chars": 73,
"preview": "{\r\n \"policy\": \"file://./allow.policy.wasm\",\r\n \"embedded\": true\r\n}\r\n"
},
{
"path": "docker/nhp-db/demo/smart.policy.schema.json",
"chars": 1569,
"preview": "{\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"type\": \"object\",\n \"title\": \"Policy Configuration\",\n \"desc"
},
{
"path": "docker/nhp-db/etc/config.toml",
"chars": 852,
"preview": "# NHP-Db base config\n# field with (-) does not support dynamic update\n\n# PrivateKeyBase64 (-): db private key in base64 "
},
{
"path": "docker/nhp-db/etc/server.toml",
"chars": 633,
"preview": "# list the server peers for the device under [[Servers]] table\n\n# Hostname: the domain of the server peer. If specified,"
},
{
"path": "docker/nhp-db/etc/tee.toml",
"chars": 285,
"preview": "# Configuration for trusted execution environment.\n\n# TEEPublicKeyBase64: base64 encoded public key of TEE (Trusted Exec"
},
{
"path": "docker/nhp-enter-nginx.conf",
"chars": 1615,
"preview": "\n#user root;\nworker_processes auto;\n\nerror_log /var/log/nginx/error.log notice;\npid /var/run/nginx.pid;\n\n\neven"
},
{
"path": "docker/nhp-server/etc/ac.toml",
"chars": 347,
"preview": "# list the AC peers for the server under [[ACs]] table\r\n\r\n# PubKeyBase64: public key for the AC in base64 format.\r\n# Exp"
},
{
"path": "docker/nhp-server/etc/agent.toml",
"chars": 359,
"preview": "# list the agent peers for the server under [[Agents]] table\r\n\r\n# PubKeyBase64: public key for the agent in base64 forma"
},
{
"path": "docker/nhp-server/etc/config.toml",
"chars": 856,
"preview": "# NHP-Server base config\r\n# field with (-) does not support dynamic update\r\n\r\n# PrivateKeyBase64 (-): server private key"
},
{
"path": "docker/nhp-server/etc/db.toml",
"chars": 352,
"preview": "# list the device peers for the server under [[Devices]] table\n\n# PubKeyBase64: public key for the device in base64 form"
},
{
"path": "docker/nhp-server/etc/http.toml",
"chars": 586,
"preview": "# http server config\r\n\r\n# EnableHttp: true: turn on http server, false: shutdown http server.\r\n# EnableTLS: whether to u"
},
{
"path": "docker/nhp-server/etc/resource.toml",
"chars": 258,
"preview": "# List resources and their sub-fields here\r\n\r\n# syntax [\"{AuthServiceId}\"]\r\n# AuthServiceId: id of the authentication an"
},
{
"path": "docker/nhp-server/etc/srcip.toml",
"chars": 315,
"preview": "# list additional source addresses to be passed along with the agent address\r\n\r\n# syntax [[\"{SrcIp}\"]]\r\n# SrcIp: specify"
},
{
"path": "docker/nhp-server/etc/tee.toml",
"chars": 326,
"preview": "# list trusted execution environments under [[TEEs]] table\n\n# Measure: cryptographic hashes that ensure the integrity of"
},
{
"path": "docker/nhp-server/plugins/example/etc/config.toml",
"chars": 56,
"preview": "ExampleUsername = \"user\"\r\nExamplePassword = \"password\"\r\n"
},
{
"path": "docker/nhp-server/plugins/example/etc/resource.toml",
"chars": 1656,
"preview": "# List resources id and their sub-fields here\r\n\r\n# syntax [\"{ResourceId}\"]\r\n# ResourceId: id for the resource group. Eac"
},
{
"path": "docker/nhp-server/templates/example/example_acdemo.html",
"chars": 2594,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "docker/nhp-server/templates/example/example_login.html",
"chars": 12681,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "docker/quick_start.sh",
"chars": 9134,
"preview": "#!/bin/bash\n\n# OpenNHP Docker Quick Start Script\n# Supports Linux and macOS\n\nset -e\n\n# Colors for output\nRED='\\033[0;31m"
},
{
"path": "docker/web-app/entrypoint.sh",
"chars": 127,
"preview": "#!/bin/bash\niptables -P INPUT DROP\niptables -P FORWARD DROP\niptables -I INPUT -p tcp --dport 8080 -s 177.7.0.10 -j ACCEP"
},
{
"path": "docker/web-app/go.mod",
"chars": 1369,
"preview": "module nhp-app\n\ngo 1.25.6\n\nrequire github.com/gin-gonic/gin v1.10.0\n\nrequire (\n\tgithub.com/bytedance/sonic v1.11.6 // in"
},
{
"path": "docker/web-app/main.go",
"chars": 366,
"preview": "package main\n\nimport \"github.com/gin-gonic/gin\"\n\nfunc main() {\n\t//Create a default Gin router\n\tr := gin.Default()\n\n\t//Se"
},
{
"path": "docs/404.html",
"chars": 464,
"preview": "---\nlayout: default\ntitle: 404\npermalink: /404\nnav_exclude: true\nsearch_exclude: true\n---\n\n<style type=\"text/css\" media="
},
{
"path": "docs/CNAME",
"chars": 11,
"preview": "opennhp.org"
},
{
"path": "docs/Gemfile",
"chars": 286,
"preview": "source 'https://rubygems.org'\n\ngem \"jekyll\", \"~> 4.3.3\" # installed by `gem jekyll`\n# gem \"webrick\" # required wh"
},
{
"path": "docs/README.md",
"chars": 0,
"preview": ""
},
{
"path": "docs/_config.yml",
"chars": 5741,
"preview": "# Welcome to Jekyll!\n#\n# This config file is meant for settings that affect your whole blog, values\n# which you are expe"
},
{
"path": "docs/about.md",
"chars": 255,
"preview": "---\nlayout: page\ntitle: About\nnav_order: 11\npermalink: /about/\n---\n\n# About OpenNHP Project\n{: .fs-9 }\n\nOpenNHP is devel"
},
{
"path": "docs/agent_sdk.md",
"chars": 59666,
"preview": "---\nlayout: page\ntitle: Client SDKs\nnav_order: 10\npermalink: /agent_sdk/\n---\n\n# Client SDKs\n{: .fs-9 }\n\n[中文版](/zh-cn/age"
},
{
"path": "docs/build.md",
"chars": 8476,
"preview": "---\nlayout: page\ntitle: How to Build\nnav_order: 7\npermalink: /build/\n---\n\n# Build OpenNHP Source Code\n{: .fs-9 }\n\nThis a"
},
{
"path": "docs/code.md",
"chars": 4239,
"preview": "---\nlayout: page\ntitle: Understand the Code\nnav_order: 8\npermalink: /code/\n---\n\n# Understand the Source Code\n{: .fs-9 }\n"
},
{
"path": "docs/comparison.md",
"chars": 18934,
"preview": "---\nlayout: page\ntitle: Comparison\nnav_order: 5\npermalink: /comparison/\n---\n\n# Comparison between NHP and SPA\n{: .fs-9 }"
},
{
"path": "docs/cryptography.md",
"chars": 24729,
"preview": "---\r\nlayout: page\r\ntitle: Cryptography\r\nnav_order: 4\r\npermalink: /cryptography/\r\n---\r\n\r\n# Cryptographic Algorithms in Op"
},
{
"path": "docs/deploy.md",
"chars": 13101,
"preview": "---\nlayout: page\ntitle: How to Deploy\nnav_order: 6\npermalink: /deploy/\n---\n\n# Deploy OpenNHP Binaries\n{: .fs-9 }\n\nOpenNH"
},
{
"path": "docs/dhp_quick_start.md",
"chars": 12221,
"preview": "---\ntitle: DHP Quick Start\nlayout: page\nnav_order: 3\npermalink: /dhp_quick_start/\n---\n\n# DHP Quick Start\n{: .fs-9 }\n\nA l"
},
{
"path": "docs/features.md",
"chars": 3817,
"preview": "---\nlayout: page\ntitle: Features\nnav_order: 3\npermalink: /features/\n---\n\n# OpenNHP Feature List\n{: .fs-9 }\n\nOpenNHP offe"
},
{
"path": "docs/index.md",
"chars": 2840,
"preview": "---\ntitle: Overview\nlayout: home\nnav_order: 1\ndescription: \"OpenNHP: Zero Trust Network-infrastructure Hiding Protocol\"\n"
},
{
"path": "docs/nhp_quick_start.md",
"chars": 12577,
"preview": "---\ntitle: NHP Quick Start\nlayout: page\nnav_order: 2\npermalink: /nhp_quick_start/\n---\n\n# NHP Quick Start\n{: .fs-9 }\n\nA l"
},
{
"path": "docs/server_plugin.md",
"chars": 19469,
"preview": "---\nlayout: page\ntitle: Server Plugins\nnav_order: 9\npermalink: /server_plugin/\n---\n\n# OpenNHP Plugin Development Guide\n{"
},
{
"path": "docs/zh-cn/about.zh-cn.md",
"chars": 155,
"preview": "---\nlayout: page\ntitle: 关于我们\nparent: 中文版\nnav_order: 11\npermalink: /zh-cn/about/\n---\n\n# 关于OpenNHP开源项目\n{: .fs-9 }\n\n[Englis"
},
{
"path": "docs/zh-cn/agent_sdk.zh-cn.md",
"chars": 55452,
"preview": "---\nlayout: page\ntitle: 客户端SDK\nparent: 中文版\nnav_order: 10\npermalink: /zh-cn/agent_sdk/\n---\n\n# 客户端SDK\n{: .fs-9 }\n\n[English"
},
{
"path": "docs/zh-cn/build.zh-cn.md",
"chars": 5292,
"preview": "---\r\nlayout: page\r\ntitle: 编译源代码\r\nparent: 中文版\r\nnav_order: 7\r\npermalink: /zh-cn/build/\r\n---\r\n\r\n# 编译OpenNHP\r\n{: .fs-9 }\r\n\r\n"
},
{
"path": "docs/zh-cn/code.zh-cn.md",
"chars": 13133,
"preview": "---\nlayout: page\ntitle: 源代码解读\nparent: 中文版\nnav_order: 8\npermalink: /zh-cn/code/\n---\n\n# OpeNHP代码解读\n{: .fs-9 }\n\n[English](/"
},
{
"path": "docs/zh-cn/comparison.zh-cn.md",
"chars": 7122,
"preview": "---\nlayout: page\ntitle: 对比NHP与SPA\nparent: 中文版\nnav_order: 5\npermalink: /zh-cn/comparison/\n---\n\n# 对比NHP与SPA\n{: .fs-9 }\n\n注:"
},
{
"path": "docs/zh-cn/cryptography.zh-cn.md",
"chars": 8655,
"preview": "---\r\nlayout: page\r\ntitle: 加密算法\r\nparent: 中文版\r\nnav_order: 4\r\npermalink: /zh-cn/cryptography/\r\n---\r\n\r\n# 加密算法\r\n{: .fs-9 }\r\n\r"
},
{
"path": "docs/zh-cn/deploy.zh-cn.md",
"chars": 6570,
"preview": "---\nlayout: page\ntitle: 部署OpenNHP\nparent: 中文版\nnav_order: 6\npermalink: /zh-cn/deploy/\n---\n\n# 部署OpenNHP\n{: .fs-9 }\n\n[Engli"
},
{
"path": "docs/zh-cn/dhp_quick_start.zh-cn.md",
"chars": 8873,
"preview": "---\nlayout: page\ntitle: DHP快速开始\nparent: 中文版\nnav_order: 3\npermalink: /zh-cn/dhp_quick_start/\n---\n\n# DHP快速开始\n{: .fs-9 }\n\n一"
},
{
"path": "docs/zh-cn/features.zh-cn.md",
"chars": 159,
"preview": "---\nlayout: page\ntitle: 功能列表\nparent: 中文版\nnav_order: 3\npermalink: /zh-cn/features/\n---\n\n# OpenNHP功能列表\n{: .fs-9 }\n\n[Englis"
},
{
"path": "docs/zh-cn/index.zh-cn.md",
"chars": 161,
"preview": "---\ntitle: 中文版\nnav_order: 12\nlayout: page\nhas_children: true\nhas_toc: true\npermalink: /zh-cn/\n---\n\n# OpenNHP中文版文档\n{: .fs"
},
{
"path": "docs/zh-cn/nhp_quick_start.zh-cn.md",
"chars": 6688,
"preview": "---\nlayout: page\ntitle: NHP快速开始\nparent: 中文版\nnav_order: 2\npermalink: /zh-cn/nhp_quick_start/\n---\n\n# NHP快速开始\n{: .fs-9 }\n\n一"
},
{
"path": "docs/zh-cn/overview.zh-cn.md",
"chars": 899,
"preview": "---\nlayout: page\ntitle: OpenNHP简介\nparent: 中文版\nnav_order: 1\ndescription: \"OpenNHP: 零信任网络隐身协议\"\npermalink: /zh-cn/overview/"
},
{
"path": "docs/zh-cn/remo_config.zh-cn.md",
"chars": 7757,
"preview": "# OpenNHP远端配置\n\n## 1 OpenNHP远端配置说明\n\n为方便统一管理OpenNHP配置信息,OpenNHP使用etcd作为统一远端配置中心。\n\nOpenNHP三大核心组件对配置文件的支持方式:\n\n| 组件 | 远"
},
{
"path": "docs/zh-cn/server_plugin.zh-cn.md",
"chars": 7630,
"preview": "---\nlayout: page\ntitle: 服务器插件开发\nparent: 中文版\nnav_order: 9\npermalink: /zh-cn/server_plugin/\n---\n\n# OpenNHP插件开发教程\n{: .fs-9 "
},
{
"path": "endpoints/ac/config.go",
"chars": 8954,
"preview": "package ac\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/etcd\"\n\n\t"
},
{
"path": "endpoints/ac/constants.go",
"chars": 666,
"preview": "package ac\n\nimport \"github.com/OpenNHP/opennhp/nhp/common\"\n\nconst (\n\tMaxConcurrentConnection = 256\n\tDefaultConnecti"
},
{
"path": "endpoints/ac/ebpf/ebpf_other.go",
"chars": 554,
"preview": "//go:build !linux\n\npackage ebpf\n\nimport (\n\t// \"log\"\n\n\t\"fmt\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/log\"\n)\n\nvar ErrEBPFSupport"
},
{
"path": "endpoints/ac/ebpf/ebpfegine.go",
"chars": 8565,
"preview": "//go:build linux\n\npackage ebpf\n\nimport (\n\t// \"log\"\n\n\t\"encoding/binary\"\n\t\"fmt\"\n\t\"net\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t"
},
{
"path": "endpoints/ac/httpac.go",
"chars": 5496,
"preview": "package ac\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"net\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"sync\"\n\t\"sync/a"
},
{
"path": "endpoints/ac/main/etc/config.toml",
"chars": 1061,
"preview": "# NHP-AC base config\r\n# field with (-) does not support dynamic update\r\n\r\n# ACId (-): specify the id of this AC.\r\n# Priv"
},
{
"path": "endpoints/ac/main/etc/http.toml",
"chars": 492,
"preview": "# http server config\r\n\r\n# EnableHttp: true: turn on http server, false: shutdown http server.\r\n# EnableTLS: whether to u"
},
{
"path": "endpoints/ac/main/etc/remote.toml",
"chars": 556,
"preview": "# NHP-AC remote config\n# field with (-) does not support dynamic update\n# If the file remote.toml exists, NHP-AC will ob"
},
{
"path": "endpoints/ac/main/etc/server.toml",
"chars": 605,
"preview": "# list the server peers for the AC under [[Servers]] table\r\n\r\n# Hostname: the domain of the server peer. If specified, i"
},
{
"path": "endpoints/ac/main/main.go",
"chars": 4938,
"preview": "package main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/signal\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"syscall\"\n\t\"time\"\n\n\t\"gith"
},
{
"path": "endpoints/ac/msghandler.go",
"chars": 31643,
"preview": "package ac\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/comm"
},
{
"path": "endpoints/ac/tokenstore.go",
"chars": 1719,
"preview": "package ac\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/binary\"\n\t\"time\"\n\n\t\"github.com/emmansun/gmsm/sm3\"\n\n\t\"github.com/OpenNH"
},
{
"path": "endpoints/ac/udpac.go",
"chars": 21090,
"preview": "package ac\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net\"\n\t\"path/filepath\"\n\t\"sync\"\n\t\"sync/atomic\"\n\t\"time\"\n\n"
},
{
"path": "endpoints/agent/config.go",
"chars": 8121,
"preview": "package agent\n\nimport (\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\n\ttoml \"github.com/pelletier/go-toml/v2\"\n"
},
{
"path": "endpoints/agent/constants.go",
"chars": 259,
"preview": "package agent\n\nimport \"github.com/OpenNHP/opennhp/nhp/common\"\n\nconst (\n\tMaxConcurrentConnection = 256\n\tDefaultConne"
},
{
"path": "endpoints/agent/iossdk/export.go",
"chars": 10925,
"preview": "package iossdk\n\nimport \"C\"\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t_ \"golang.org/x/mobile/bind\"\n\n\t\"github."
},
{
"path": "endpoints/agent/knock.go",
"chars": 16132,
"preview": "package agent\n\nimport (\n\t\"encoding/json\"\n\t\"net\"\n\t\"strconv\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/common\"\n\t\"g"
},
{
"path": "endpoints/agent/main/etc/certs/server.crt",
"chars": 1178,
"preview": "-----BEGIN CERTIFICATE-----\r\nMIIDKzCCAhMCFCl+W8SPu1590nfwXgANK1STySQ0MA0GCSqGSIb3DQEBCwUAMFIx\r\nCzAJBgNVBAYTAkNOMRMwEQYDV"
},
{
"path": "endpoints/agent/main/etc/certs/server.key",
"chars": 1732,
"preview": "-----BEGIN PRIVATE KEY-----\r\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD4O/9vxs1dGFKJ\r\nL+IjwrRIOJDHuoEzTtJQ7fsyA"
},
{
"path": "endpoints/agent/main/etc/config.toml",
"chars": 906,
"preview": "# NHP-Agent base config\r\n# field with (-) does not support dynamic update\r\n\r\n# PrivateKeyBase64 (-): agent private key i"
},
{
"path": "endpoints/agent/main/etc/dhp.toml",
"chars": 238,
"preview": "# Configuration that is related to data object hiding protocol in agent side.\n\n# TEEPrivateKeyBase64: base64 encoded pri"
},
{
"path": "endpoints/agent/main/etc/resource.toml",
"chars": 767,
"preview": "# List resources for the agent to knock automatically after launch\r\n\r\n# AuthServiceId: id of the authentication and auth"
},
{
"path": "endpoints/agent/main/etc/server.toml",
"chars": 606,
"preview": "# list the server peers for the agent under [[Servers]] table\r\n\r\n# Hostname: the domain of the server peer. If specified"
},
{
"path": "endpoints/agent/main/export.go",
"chars": 12174,
"preview": "package main\n\n/*\n#include <stdlib.h>\n*/\nimport \"C\"\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"strings\"\n\t\"uns"
},
{
"path": "endpoints/agent/main/main.go",
"chars": 8287,
"preview": "package main\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/signal\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"sysca"
},
{
"path": "endpoints/agent/msghandler.go",
"chars": 1204,
"preview": "package agent\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/common\"\n\t\"github.com/OpenN"
},
{
"path": "endpoints/agent/request.go",
"chars": 7277,
"preview": "package agent\n\nimport (\n\t\"encoding/json\"\n\t\"net\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/common\"\n\t\"github.com/OpenNHP/opennhp/n"
},
{
"path": "endpoints/agent/service.go",
"chars": 9800,
"preview": "package agent\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/gin-gonic/gin"
},
{
"path": "endpoints/agent/ta.go",
"chars": 4136,
"preview": "package agent\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"sync\"\n\n\t\"github.com/mark3labs/mcp-go/client\"\n\t\"github.com/mark3labs/mcp-go/c"
},
{
"path": "endpoints/agent/udpagent.go",
"chars": 32371,
"preview": "package agent\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net\"\n\t\"path/filepath\"\n\t\"strconv\"\n\t\"sync\"\n\t\"sync/ato"
},
{
"path": "endpoints/db/config.go",
"chars": 4547,
"preview": "package db\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\n\ttoml \"github.com/pelletier/go-toml/v2\"\n\n\t\"github.com/OpenNHP/"
},
{
"path": "endpoints/db/constants.go",
"chars": 722,
"preview": "package db\n\nimport \"github.com/OpenNHP/opennhp/nhp/common\"\n\nconst (\n\tMaxConcurrentConnection = 256\n\tDefaultConnecti"
},
{
"path": "endpoints/db/main/etc/config.toml",
"chars": 852,
"preview": "# NHP-Db base config\n# field with (-) does not support dynamic update\n\n# PrivateKeyBase64 (-): db private key in base64 "
},
{
"path": "endpoints/db/main/etc/server.toml",
"chars": 593,
"preview": "# list the server peers for the device under [[Servers]] table\n\n# Hostname: the domain of the server peer. If specified,"
},
{
"path": "endpoints/db/main/etc/tee.toml",
"chars": 285,
"preview": "# Configuration for trusted execution environment.\n\n# TEEPublicKeyBase64: base64 encoded public key of TEE (Trusted Exec"
},
{
"path": "endpoints/db/main/main.go",
"chars": 13016,
"preview": "package main\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/signal\"\n\t\"path/filepath\"\n\t\"slices\"\n\t\"string"
},
{
"path": "endpoints/db/udpdevice.go",
"chars": 25037,
"preview": "package db\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net\"\n\t\"path/filepath\"\n\t\"strconv\"\n\t\"sync\"\n\t\"sync/atomic"
},
{
"path": "endpoints/db/utils.go",
"chars": 9050,
"preview": "package db\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"mime/multipart\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"time\""
},
{
"path": "endpoints/go.mod",
"chars": 9516,
"preview": "module github.com/OpenNHP/opennhp/endpoints\n\ngo 1.25.6\n\nrequire (\n\tgithub.com/OpenNHP/opennhp/nhp v0.6.0\n\tgithub.com/cil"
},
{
"path": "endpoints/go.sum",
"chars": 70938,
"preview": "cloud.google.com/go v0.121.6 h1:waZiuajrI28iAf40cWgycWNgaXPO06dupuS+sgibK6c=\ncloud.google.com/go v0.121.6/go.mod h1:coCh"
},
{
"path": "endpoints/kgc/curve/curve.go",
"chars": 6326,
"preview": "// This package provides the interface and custom implementation of elliptic curve operations.\n// It defines interfaces "
},
{
"path": "endpoints/kgc/kgc.go",
"chars": 7207,
"preview": "package kgc\n\nimport (\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"hash\"\n\t\"math/big\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/emma"
},
{
"path": "endpoints/kgc/kgc_test.go",
"chars": 1157,
"preview": "package kgc\n\nimport (\n\t\"os\"\n\t\"testing\"\n)\n\n// TestConfigFilePermissions verifies that config files are written with secur"
},
{
"path": "endpoints/kgc/main/etc/config.toml",
"chars": 501,
"preview": "# KGC base config\n\n# MasterPrivateKeyBase64: base64 encoded master private key of KGC\n# MasterPublicKeyBase64: base64 en"
},
{
"path": "endpoints/kgc/main/main.go",
"chars": 6829,
"preview": "package main\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/OpenNHP/opennhp/endpoints/kgc\"\n\t\"g"
},
{
"path": "endpoints/kgc/user/user.go",
"chars": 8303,
"preview": "package user\n\nimport (\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"hash\"\n\t\"math/big\"\n\n\t\"github.com/OpenNHP/opennhp/endpoints/kgc\"\n\t\"gith"
},
{
"path": "endpoints/kgc/utils.go",
"chars": 474,
"preview": "package kgc\n\nimport (\n\t\"crypto/rand\"\n\t\"fmt\"\n\t\"math/big\"\n\t\"os\"\n\t\"path/filepath\"\n)\n\nfunc GenerateRandomNumber(N *big.Int) "
},
{
"path": "endpoints/relay/tcprelay.go",
"chars": 14,
"preview": "package relay\n"
},
{
"path": "endpoints/server/config.go",
"chars": 17803,
"preview": "package server\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/etcd"
},
{
"path": "endpoints/server/constants.go",
"chars": 1281,
"preview": "package server\n\nimport \"github.com/OpenNHP/opennhp/nhp/common\"\n\nconst (\n\tMaxConcurrentConnection = 20480\n\tOverlo"
},
{
"path": "endpoints/server/httpauth.go",
"chars": 1384,
"preview": "package server\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/common\"\n\t\"github.com"
},
{
"path": "endpoints/server/httpserver.go",
"chars": 14070,
"preview": "package server\n\nimport (\n\t\"context\"\n\t\"html/template\"\n\t\"io/fs\"\n\t\"net\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"syn"
},
{
"path": "endpoints/server/httpstorage.go",
"chars": 8945,
"preview": "package server\n\nimport (\n\t\"crypto/md5\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n"
},
{
"path": "endpoints/server/kbs/attest/attest.go",
"chars": 3467,
"preview": "package attest\n\nimport (\n\t\"crypto/ecdsa\"\n\t\"crypto/elliptic\"\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"encoding/base64\"\n\t\"errors\"\n\t\""
},
{
"path": "endpoints/server/kbs/auth/auth.go",
"chars": 1591,
"preview": "package auth\n\nimport (\n\t\"crypto/rand\"\n\t\"encoding/base64\"\n\t\"encoding/hex\"\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/gin-gonic/gin\""
},
{
"path": "endpoints/server/kbs/error/error.go",
"chars": 3700,
"preview": "/*\nPackage error defines error types and utility functions for the KBS (Key Broker Service)\ncomponent. It provides stand"
},
{
"path": "endpoints/server/kbs/resource/resource.go",
"chars": 6695,
"preview": "package resource\n\nimport (\n\t\"crypto/aes\"\n\t\"crypto/cipher\"\n\t\"crypto/ecdsa\"\n\t\"crypto/elliptic\"\n\t\"crypto/rand\"\n\t\"crypto/rsa"
},
{
"path": "endpoints/server/kbs.go",
"chars": 430,
"preview": "package server\n\nimport (\n\tkbsAttest \"github.com/OpenNHP/opennhp/endpoints/server/kbs/attest\"\n\tkbsAuth \"github.com/OpenNH"
},
{
"path": "endpoints/server/main/etc/ac.toml",
"chars": 303,
"preview": "# list the AC peers for the server under [[ACs]] table\r\n\r\n# PubKeyBase64: public key for the AC in base64 format.\r\n# Exp"
},
{
"path": "endpoints/server/main/etc/agent.toml",
"chars": 315,
"preview": "# list the agent peers for the server under [[Agents]] table\r\n\r\n# PubKeyBase64: public key for the agent in base64 forma"
},
{
"path": "endpoints/server/main/etc/config.toml",
"chars": 970,
"preview": "# NHP-Server base config\r\n# field with (-) does not support dynamic update\r\n\r\n# PrivateKeyBase64 (-): server private key"
},
{
"path": "endpoints/server/main/etc/db.toml",
"chars": 352,
"preview": "# list the device peers for the server under [[Devices]] table\n\n# PubKeyBase64: public key for the device in base64 form"
},
{
"path": "endpoints/server/main/etc/http.toml",
"chars": 608,
"preview": "# http server config\r\n\r\n# EnableHttp: true: turn on http server, false: shutdown http server.\r\n# EnableTLS: whether to u"
},
{
"path": "endpoints/server/main/etc/remote.toml.example",
"chars": 572,
"preview": "# NHP-Server remote config\n# field with (-) does not support dynamic update\n# If the file remote.toml exists, NHP-Server"
},
{
"path": "endpoints/server/main/etc/resource.toml",
"chars": 326,
"preview": "# List resources and their sub-fields here\r\n\r\n# syntax [\"{AuthServiceId}\"]\r\n# AuthServiceId: id of the authentication an"
},
{
"path": "endpoints/server/main/etc/srcip.toml",
"chars": 359,
"preview": "# list additional source addresses to be passed along with the agent address\r\n\r\n# syntax [[\"{SrcIp}\"]]\r\n# SrcIp: specify"
},
{
"path": "endpoints/server/main/etc/tee.toml",
"chars": 494,
"preview": "# list trusted execution environments under [[TEEs]] table\n\n# Measure: cryptographic hashes that ensure the integrity of"
},
{
"path": "endpoints/server/main/main.go",
"chars": 5225,
"preview": "package main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/signal\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"runtime/pprof\"\n\t\"syscall"
},
{
"path": "endpoints/server/msghandler.go",
"chars": 16804,
"preview": "package server\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"time\"\n\n\t\"github.com/O"
},
{
"path": "endpoints/server/nhpauth.go",
"chars": 3861,
"preview": "package server\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\n\t\"github.com/OpenNHP/opennhp/nhp/common\"\n\t\"github.com/Open"
},
{
"path": "endpoints/server/tokenstore.go",
"chars": 1434,
"preview": "package server\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/binary\"\n\t\"time\"\n\n\t\"github.com/emmansun/gmsm/sm3\"\n\n\t\"github.com/Op"
},
{
"path": "endpoints/server/udpserver.go",
"chars": 33728,
"preview": "package server\n\nimport (\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net\"\n\t\"path/filepath\"\n\t\"strconv\"\n\t\"sync\"\n\t\"sync/at"
},
{
"path": "endpoints/server/webrtcserver.go",
"chars": 4128,
"preview": "package server\n\nimport (\n\t\"encoding/json\"\n\t\"net\"\n\t\"os\"\n\t\"sync/atomic\"\n\t\"time\"\n\n\t\"github.com/pion/webrtc/v4\"\n\n\t\"github.co"
},
{
"path": "endpoints/test/gin_test.go",
"chars": 468,
"preview": "package test\n\nimport (\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\n\t\"github.com/gin-gonic/gin\"\n\n\t\"github.com/OpenNHP/opennhp/endp"
},
{
"path": "endpoints/test/json_test.go",
"chars": 2710,
"preview": "package test\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"testing\"\n\n\t\"github.com/OpenNHP/opennhp/endpoints"
},
{
"path": "endpoints/test/toml_test.go",
"chars": 5341,
"preview": "package test\n\nimport (\n\t\"fmt\"\n\t\"testing\"\n\t\"time\"\n\n\t\"github.com/fsnotify/fsnotify\"\n\ttoml \"github.com/pelletier/go-toml/v2"
},
{
"path": "examples/client_sdk/android/java/MainActivity.java",
"chars": 1283,
"preview": "package org.example;\n\nimport android.os.Bundle;\nimport android.os.Environment;\nimport android.util.Log;\nimport androidx."
},
{
"path": "examples/client_sdk/android/java/OpennhpLibrary.java",
"chars": 1752,
"preview": "package org.example;\n\nimport com.sun.jna.Library;\nimport com.sun.jna.Native;\n\n/**\n * OpenNHP agent sdk interface\n *\n * @"
},
{
"path": "examples/client_sdk/android/kotlin/MainActivity.kt",
"chars": 3817,
"preview": "package com.example.androidtestsoapp\n\nimport android.os.Bundle\nimport android.os.Environment\nimport android.util.Log\nimp"
},
{
"path": "examples/client_sdk/desktop/c/nhp-agent-demo.c",
"chars": 1372,
"preview": "#include <stdio.h>\n#include <unistd.h>\n#include \"nhp-agent.h\"\n\nint main() {\n // Initialize nhp_agent, only one nhp_ag"
},
{
"path": "examples/client_sdk/desktop/java/App.java",
"chars": 1630,
"preview": "package org.example;\n\nimport java.util.Scanner;\n\n/**\n * Application for calling the OpenNHP agent SDK\n *\n * @author haoc"
},
{
"path": "examples/client_sdk/desktop/java/OpennhpLibrary.java",
"chars": 1753,
"preview": "package org.example;\n\nimport com.sun.jna.Library;\nimport com.sun.jna.Native;\n\n/**\n * OpenNHP agent sdk interface\n *\n * @"
},
{
"path": "examples/client_sdk/desktop/python/nhp-agent-demo.py",
"chars": 867,
"preview": "import ctypes\nfrom time import sleep\n\n# Windows\nnhp_agent = ctypes.CDLL('nhp-agent.dll')\n# Linux\n# mylib = ctypes.CDLL('"
},
{
"path": "examples/client_sdk/ios/objectivec/FileCopyManager.h",
"chars": 351,
"preview": "//\n// FileCopyManager.h\n// TestXCFramework\n//\n// Created by haochangjiu on 2025/10/30.\n//\n\n#import <Foundation/Founda"
},
{
"path": "examples/client_sdk/ios/objectivec/FileCopyManager.m",
"chars": 3588,
"preview": "//\n// FileCopyManager.m\n// TestXCFramework\n//\n// Created by haochangjiu on 2025/10/30.\n//\n\n#import \"FileCopyManager.h"
},
{
"path": "examples/client_sdk/ios/objectivec/ViewController.m",
"chars": 1242,
"preview": "//\n// ViewController.m\n// TestXCFramework\n//\n// Created by haochangjiu on 2025/10/30.\n//\n\n#import \"ViewController.h\"\n"
},
{
"path": "examples/client_sdk/ios/swift/FileCopyManager.swift",
"chars": 3291,
"preview": "//\n// FileCopyManager.swift\n// TestXCFrameworkSwift\n//\n// Created by haochangjiu on 2025/10/30.\n//\n\nimport UIKit\nimpo"
},
{
"path": "examples/client_sdk/ios/swift/ViewController.swift",
"chars": 1177,
"preview": "//\n// ViewController.swift\n// TestXCFrameworkSwift\n//\n// Created by haochangjiu on 2025/10/30.\n//\n\nimport UIKit\nimpor"
},
{
"path": "examples/server_plugin/authenticator/Makefile",
"chars": 793,
"preview": "export GO111MODULE := on\n\nall: build\n\nPluginName = authenticator\nTargetName = ${PluginName}.so\nServerDir = ../../../rele"
},
{
"path": "examples/server_plugin/authenticator/etc/config.toml",
"chars": 542,
"preview": "# Authenticator Plugin Configuration\n\n# OTP Secret Key for manual OTP input authentication\n# This is a Base32 encoded se"
},
{
"path": "examples/server_plugin/authenticator/etc/resource.toml",
"chars": 1642,
"preview": "# List resources id and their sub-fields here\n\n# syntax [\"{ResourceId}\"]\n# ResourceId: id for the resource group. Each A"
},
{
"path": "examples/server_plugin/authenticator/go.mod",
"chars": 1976,
"preview": "module github.com/OpenNHP/opennhp/examples/server_plugin/authenticator\n\ngo 1.25.6\n\nrequire (\n\tgithub.com/OpenNHP/opennhp"
},
{
"path": "examples/server_plugin/authenticator/go.sum",
"chars": 9037,
"preview": "github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=\ngithub"
},
{
"path": "examples/server_plugin/authenticator/main.go",
"chars": 9484,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"sync\"\n\n\t\"github.com/OpenNHP/opennhp/"
},
{
"path": "examples/server_plugin/authenticator/qrauth.go",
"chars": 13625,
"preview": "package main\n\nimport (\n\t\"crypto/aes\"\n\t\"crypto/cipher\"\n\t\"crypto/hmac\"\n\t\"crypto/rand\"\n\t\"crypto/sha256\"\n\t\"encoding/base64\"\n"
},
{
"path": "examples/server_plugin/authenticator/templates/authenticator_acdemo.html",
"chars": 20342,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "examples/server_plugin/authenticator/templates/authenticator_login.html",
"chars": 52634,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "examples/server_plugin/basic/Makefile",
"chars": 775,
"preview": "export GO111MODULE := on\n\nall: build\n\nPluginName = example\nTargetName = ${PluginName}.so\nServerDir = ../../../release/nh"
},
{
"path": "examples/server_plugin/basic/etc/config.toml",
"chars": 55,
"preview": "ExampleUsername = \"user\"\nExamplePassword = \"password\"\n\n"
},
{
"path": "examples/server_plugin/basic/etc/resource.toml",
"chars": 1642,
"preview": "# List resources id and their sub-fields here\n\n# syntax [\"{ResourceId}\"]\n# ResourceId: id for the resource group. Each A"
},
{
"path": "examples/server_plugin/basic/go.mod",
"chars": 1858,
"preview": "module github.com/OpenNHP/opennhp/examples/server_plugin/basic\n\ngo 1.25.6\n\nrequire (\n\tgithub.com/OpenNHP/opennhp/nhp v0."
},
{
"path": "examples/server_plugin/basic/go.sum",
"chars": 8639,
"preview": "github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=\ngithub.com/bytedance/gopkg v0.1.3/go.m"
},
{
"path": "examples/server_plugin/basic/main.go",
"chars": 8699,
"preview": "package main\n\nimport (\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"sync\"\n\n\t\"github.com/OpenN"
},
{
"path": "examples/server_plugin/basic/templates/example_acdemo.html",
"chars": 20342,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "examples/server_plugin/basic/templates/example_login.html",
"chars": 25545,
"preview": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width"
},
{
"path": "examples/server_plugin/oidc/Makefile",
"chars": 780,
"preview": "export GO111MODULE := on\n\nall: build\n\nPluginName = oidc\nTargetName = ${PluginName}.so\nServerDir = ../../../release/nhp-s"
},
{
"path": "examples/server_plugin/oidc/auth.go",
"chars": 1931,
"preview": "package main\r\n\r\nimport (\r\n\t\"context\"\r\n\t\"crypto/rand\"\r\n\t\"encoding/base64\"\r\n\t\"errors\"\r\n\t\"net/http\"\r\n\r\n\t\"github.com/coreos/"
}
]
// ... and 95 more files (download for full content)
About this extraction
This page contains the full source code of the OpenNHP/opennhp GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 295 files (4.6 MB), approximately 1.2M tokens, and a symbol index with 19336 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.