Bridge Structures
The daemon performs system-level operations through native bridge structures. The Python layer
manages business logic, while bridge structures communicate directly with the kernel. Both bridges
are loaded as .so shared libraries via ctypes FFI.
|
Bridge
|
Language
|
Responsibility
|
|---|---|---|
| wireguard-go-bridge | Go | WireGuard userspace, TUN interface creation, peer management, UAPI protocol |
| firewall-bridge | Rust | nftables rule groups, routing policy, atomic rule application |
wireguard-go-bridge
Provides the WireGuard userspace implementation. A separate bridge instance is created for each interface.
Loading
Lifecycle
IPC Configuration Format (UAPI)
Key Generation
Exception Types
|
Exception
|
Description
|
|---|---|
BridgeError |
Base error class |
TunCreateError |
TUN interface creation error |
DeviceCreateError |
Device creation error |
IpcError |
IPC communication error |
DeviceUpError |
Interface activation error |
DeviceDownError |
Interface deactivation error |
firewall-bridge
Provides nftables rule management. Supports group-based rule organization, atomic application, and a preset system.
Loading
Lifecycle
Preset System
Presets are defined in YAML format and support variable interpolation:
core.yaml
multihop-exit.yaml
Exception Types
|
Exception
|
Description
|
|---|---|
BridgeError |
Base error class |
NftablesError |
nftables operation error |
NetlinkError |
Netlink communication error |
InvalidParamError |
Invalid parameter |
PermissionDeniedError |
Permission denied |
GroupNotFoundError |
Group not found |
RuleNotFoundError |
Rule not found |
PresetValidationError |
Preset validation error |