Merge pull request #1 from amnezia-vpn/new_fields_to_config

New fields to config

.github/workflows/windows-build.yml

@@ -0,0 +1,69 @@
+name: windows-wg
+
+on: [push]
+    
+
+jobs:
+      
+  Build-Libs-WireGuard-Windows:
+    name: 'Build-Libs-WireGuard-Windows'
+    runs-on: windows-latest
+    
+    steps:
+     
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2
+          
+    - name: 'Get sources'
+      uses: actions/checkout@v3
+
+    - name: 'Get Wireguard-Tools'
+      uses: actions/checkout@v3
+      with:
+        repository: amnezia-vpn/amnezia-wg-tools
+        ref: master
+        path: windows/wireguard-tools-windows
+
+    - name: 'Build WireGuard Tools binary'
+      working-directory: windows/wireguard-tools-windows
+      run: |
+        cmd /c build.cmd
+        mkdir build
+        move x64 build\x64
+        move x86 build\x86
+        move arm64 build\arm64
+    
+    - name: Archive WG Windows 
+      uses: actions/upload-artifact@v3
+      with:
+        retention-days: 1
+        name: windows-wireguard-tools
+        path: windows/wireguard-tools-windows/build           
+        
+  github-release:
+    name: GitHub Release
+    needs: Build-Libs-WireGuard-Windows
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+
+    steps:
+      - name: Setup | Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup | Artifacts
+        uses: actions/download-artifact@v2
+
+      - name: Setup | Checksums
+        run: for file in $(find ./ -name '*.exe' ); do openssl dgst -sha256 -r "$file" | awk '{print $1}' > "${file}.sha256"; done
+
+      - name: Zip ALL
+        run: for file in *; do zip -r ${file%.*}.zip  $file; done
+
+      - name: Upload binaries to release
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: windows-wireguard-tools.zip
+          tag: ${{ github.ref }}
+          overwrite: true
+          file_glob: true  

.gitignore

@@ -15,3 +15,8 @@ src/wg.exe
 *.til
 *.pro.user
 maint/
+.deps/
+*.syso
+x64/
+x86/
+arm64/

build.cmd

@@ -0,0 +1,56 @@
+@echo off
+rem SPDX-License-Identifier: MIT
+rem Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+
+setlocal enabledelayedexpansion
+set BUILDDIR=%~dp0
+set PATH=%BUILDDIR%.deps\llvm-mingw\bin;%BUILDDIR%src;%PATH%
+set PATHEXT=.exe
+cd /d %BUILDDIR% || exit /b 1
+
+if exist .deps/prepared goto :build
+:installdeps
+	rmdir /s /q .deps 2> NUL
+	mkdir .deps || goto :error
+	cd  .deps || goto :error
+	call :download llvm-mingw-msvcrt.zip https://download.wireguard.com/windows-toolchain/distfiles/llvm-mingw-20201020-msvcrt-x86_64.zip 2e46593245090df96d15e360e092f0b62b97e93866e0162dca7f93b16722b844 || goto :error
+	call :download wireguard-nt.zip https://download.wireguard.com/wireguard-nt/wireguard-nt-0.10.1.zip 772c0b1463d8d2212716f43f06f4594d880dea4f735165bd68e388fc41b81605 || goto :error
+	copy /y NUL prepared > NUL || goto :error
+	cd .. || goto :error
+
+:build
+	call :build_plat x64 x86_64 amd64 || goto :error
+	call :build_plat x86 i686 386 || goto :error
+	call :build_plat arm64 aarch64 arm64 || goto :error
+	
+:success
+	echo [+] Success
+	exit /b 0
+
+:download
+	echo [+] Downloading %1
+	curl -#fLo %1 %2 || exit /b 1
+	echo [+] Verifying %1
+	for /f %%a in ('CertUtil -hashfile %1 SHA256 ^| findstr /r "^[0-9a-f]*$"') do if not "%%a"=="%~3" exit /b 1
+	echo [+] Extracting %1
+	tar -xf %1 %~4 || exit /b 1
+	echo [+] Cleaning up %1
+	del %1 || exit /b 1
+	goto :eof
+
+:build_plat
+	mkdir %1 >NUL 2>&1
+	echo [+] Assembling resources %1
+	%~2-w64-mingw32-windres -I ".deps\wireguard-nt\bin\%~1" -DWIREGUARD_VERSION_ARRAY=0.5.3 -DWIREGUARD_VERSION_STR=0.5.3 -i src/wincompat/resources.rc -o "src/wincompat/resources_%~3.syso" -O coff -c 65001 || exit /b %errorlevel%
+	echo [+] Building command line tools %1
+	del src\*.exe src\*.o src\wincompat\*.o src\wincompat\*.lib 2> NUL
+	set LDFLAGS=-s
+	make --no-print-directory -C src PLATFORM=windows CC=%~2-w64-mingw32-gcc WINDRES=%~2-w64-mingw32-windres V=1 RUNSTATEDIR= SYSTEMDUNITDIR= -j%NUMBER_OF_PROCESSORS% || exit /b 1
+	move /Y src\wg.exe "%~1\wg.exe" > NUL || exit /b 1
+	goto :eof
+
+:error
+	echo [-] Failed with error #%errorlevel%.
+	cmd /c exit %errorlevel%
+
+

src/Makefile

@@ -38,11 +38,12 @@ endif
 PLATFORM ?= $(shell uname -s | tr '[:upper:]' '[:lower:]')
 
 CFLAGS ?= -O3
+
 ifneq ($(wildcard uapi/$(PLATFORM)/.),)
-CFLAGS += -idirafter uapi/$(PLATFORM)
+CFLAGS += -I uapi/$(PLATFORM)
 endif
 CFLAGS += -std=gnu99 -D_GNU_SOURCE
-CFLAGS += -Wall -Wextra
+CFLAGS += -Wall -Wextra 
 CFLAGS += -MMD -MP
 CFLAGS += -DRUNSTATEDIR="\"$(RUNSTATEDIR)\""
 ifeq ($(DEBUG),yes)

src/config.c

@@ -410,6 +410,43 @@ err:
 	return false;
 }
 
+static inline bool parse_uint16(uint16_t *device_value, const char *name, const char *value) {
+
+	if (!strlen(value)) {
+		fprintf(stderr, "Unable to parse empty string\n");
+		return false;
+	}
+	
+	char *end;
+	uint32_t ret;
+	ret = strtoul(value, &end, 10);
+
+	if (*end || ret > UINT16_MAX) {
+		fprintf(stderr, "Unable to parse %s: `%s'\n", name, value);
+		exit(1);
+	}
+	*device_value = (uint16_t)ret;
+	return true;
+}
+
+static inline bool parse_uint32(uint32_t *device_value, const char *name, const char *value) {
+
+	if (!strlen(value)) {
+		fprintf(stderr, "Unable to parse empty string\n");
+		return false;
+	}
+
+	char *end;
+	uint64_t ret;
+	ret = strtoul(value, &end, 10);
+	if (*end || ret > UINT32_MAX) {
+		fprintf(stderr, "Unable to parse %s: `%s'\n", name, value);
+		exit(1);
+	}
+	*device_value = (uint32_t)ret;
+	return true;
+}
+
 static bool process_line(struct config_ctx *ctx, const char *line)
 {
 	const char *value;
@@ -450,6 +487,42 @@ static bool process_line(struct config_ctx *ctx, const char *line)
 			ret = parse_key(ctx->device->private_key, value);
 			if (ret)
 				ctx->device->flags |= WGDEVICE_HAS_PRIVATE_KEY;
+		} else if (key_match("Jc")) {
+			ret = parse_uint16(&ctx->device->junk_packet_count, "Jc", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_JC;
+		} else if (key_match("Jmin")) {
+			ret = parse_uint16(&ctx->device->junk_packet_min_size, "Jmin", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_JMIN;
+		} else if (key_match("Jmax")) {
+			ret = parse_uint16(&ctx->device->junk_packet_max_size, "Jmax", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_JMAX;
+		} else if (key_match("S1")) {
+			ret = parse_uint16(&ctx->device->init_packet_junk_size, "S1", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_S1;
+		} else if (key_match("S2")) {
+			ret = parse_uint16(&ctx->device->response_packet_junk_size, "S2", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_S2;
+		} else if (key_match("H1")) {
+			ret = parse_uint32(&ctx->device->init_packet_magic_header, "H1", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_H1;
+		} else if (key_match("H2")) {
+			ret = parse_uint32(&ctx->device->response_packet_magic_header, "H2", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_H2;
+		} else if (key_match("H3")) {
+			ret = parse_uint32(&ctx->device->underload_packet_magic_header, "H3", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_H3;
+		} else if (key_match("H4")) {
+			ret = parse_uint32(&ctx->device->transport_packet_magic_header, "H4", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_H4;
 		} else
 			goto error;
 	} else if (ctx->is_peer_section) {
@@ -523,7 +596,7 @@ bool config_read_init(struct config_ctx *ctx, bool append)
 		return false;
 	}
 	if (!append)
-		ctx->device->flags |= WGDEVICE_REPLACE_PEERS | WGDEVICE_HAS_PRIVATE_KEY | WGDEVICE_HAS_FWMARK | WGDEVICE_HAS_LISTEN_PORT;
+		ctx->device->flags |= WGDEVICE_REPLACE_PEERS | WGDEVICE_HAS_PRIVATE_KEY | WGDEVICE_HAS_FWMARK;
 	return true;
 }
 
@@ -588,6 +661,69 @@ struct wgdevice *config_read_cmd(const char *argv[], int argc)
 			device->flags |= WGDEVICE_HAS_PRIVATE_KEY;
 			argv += 2;
 			argc -= 2;
+		} else if (!strcmp(argv[0], "jc") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->junk_packet_count, "jc", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_JC;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "jmin") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->junk_packet_min_size, "jmin", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_JMIN;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "jmax") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->junk_packet_max_size, "jmax", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_JMAX;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "s1") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->init_packet_junk_size, "s1", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_S1;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "s2") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->response_packet_junk_size, "s2", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_S2;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "h1") && argc >= 2 && !peer) {
+			if (!parse_uint32(&device->init_packet_magic_header, "h1", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_H1;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "h2") && argc >= 2 && !peer) {
+			if (!parse_uint32(&device->response_packet_magic_header, "h2", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_H2;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "h3") && argc >= 2 && !peer) {
+			if (!parse_uint32(&device->underload_packet_magic_header, "h3", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_H3;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "h4") && argc >= 2 && !peer) {
+			if (!parse_uint32(&device->transport_packet_magic_header, "h4", argv[1]))
+				goto error;
+			
+			device->flags |= WGDEVICE_HAS_H4;
+			argv += 2;
+			argc -= 2;
 		} else if (!strcmp(argv[0], "peer") && argc >= 2) {
 			struct wgpeer *new_peer = calloc(1, sizeof(*new_peer));
 

src/containers.h

@@ -71,7 +71,16 @@ enum {
 	WGDEVICE_HAS_PRIVATE_KEY = 1U << 1,
 	WGDEVICE_HAS_PUBLIC_KEY = 1U << 2,
 	WGDEVICE_HAS_LISTEN_PORT = 1U << 3,
-	WGDEVICE_HAS_FWMARK = 1U << 4
+	WGDEVICE_HAS_FWMARK = 1U << 4,
+	WGDEVICE_HAS_JC = 1U << 5,
+	WGDEVICE_HAS_JMIN = 1U << 6,
+	WGDEVICE_HAS_JMAX = 1U << 7,
+	WGDEVICE_HAS_S1 = 1U << 8,
+	WGDEVICE_HAS_S2 = 1U << 9,
+	WGDEVICE_HAS_H1 = 1U << 10,
+	WGDEVICE_HAS_H2 = 1U << 11,
+	WGDEVICE_HAS_H3 = 1U << 12,
+	WGDEVICE_HAS_H4 = 1U << 13
 };
 
 struct wgdevice {
@@ -87,6 +96,16 @@ struct wgdevice {
 	uint16_t listen_port;
 
 	struct wgpeer *first_peer, *last_peer;
+	
+	uint16_t junk_packet_count;
+	uint16_t junk_packet_min_size;
+	uint16_t junk_packet_max_size;
+	uint16_t init_packet_junk_size;
+	uint16_t response_packet_junk_size;
+	uint32_t init_packet_magic_header;
+	uint32_t response_packet_magic_header;
+	uint32_t underload_packet_magic_header;
+	uint32_t transport_packet_magic_header;
 };
 
 #define for_each_wgpeer(__dev, __peer) for ((__peer) = (__dev)->first_peer; (__peer); (__peer) = (__peer)->next_peer)

src/ipc-freebsd.h

@@ -91,6 +91,70 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
 			dev->flags |= WGDEVICE_HAS_LISTEN_PORT;
 		}
 	}
+	if (nvlist_exists_number(nvl_device, "junk_packet_count")) {	
+		number = nvlist_get_number(nvl_device, "junk_packet_count");
+		if (number <= UINT16_MAX){
+			dev->junk_packet_count = number;
+			dev->flags |= WGDEVICE_HAS_JC;
+		}
+	}
+	if (nvlist_exists_number(nvl_device, "junk_packet_min_size")) {		
+		number = nvlist_get_number(nvl_device, "junk_packet_min_size");
+		if (number <= UINT16_MAX){
+			dev->junk_packet_min_size = number;			
+			dev->flags |= WGDEVICE_HAS_JMIN;
+		}			
+	}
+	if (nvlist_exists_number(nvl_device, "junk_packet_max_size")) {		
+		number = nvlist_get_number(nvl_device, "junk_packet_max_size");
+		if (number <= UINT16_MAX){
+			dev->junk_packet_max_size = number;			
+			dev->flags |= WGDEVICE_HAS_JMAX;
+		}			
+	}
+	if (nvlist_exists_number(nvl_device, "init_packet_junk_size")) {		
+		number = nvlist_get_number(nvl_device, "init_packet_junk_size");
+		if (number <= UINT16_MAX){
+			dev->init_packet_junk_size = number;			
+			dev->flags |= WGDEVICE_HAS_S1;
+		}			
+	}
+	if (nvlist_exists_number(nvl_device, "response_packet_junk_size")) {		
+		number = nvlist_get_number(nvl_device, "response_packet_junk_size");
+		if (number <= UINT16_MAX){
+			dev->response_packet_junk_size = number;			
+			dev->flags |= WGDEVICE_HAS_S2;
+		}			
+	}
+	if (nvlist_exists_number(nvl_device, "init_packet_magic_header")) {		
+		number = nvlist_get_number(nvl_device, "init_packet_magic_header");
+		if (number <= UINT32_MAX){
+			dev->init_packet_magic_header = number;			
+			dev->flags |= WGDEVICE_HAS_H1;
+		}			
+	}
+	if (nvlist_exists_number(nvl_device, "response_packet_magic_header")) {		
+		number = nvlist_get_number(nvl_device, "response_packet_magic_header");
+		if (number <= UINT32_MAX){
+			dev->response_packet_magic_header = number;			
+			dev->flags |= WGDEVICE_HAS_H2;
+		}			
+	}
+	if (nvlist_exists_number(nvl_device, "underload_packet_magic_header")) {		
+		number = nvlist_get_number(nvl_device, "underload_packet_magic_header");
+		if (number <= UINT32_MAX){
+			dev->underload_packet_magic_header = number;			
+			dev->flags |= WGDEVICE_HAS_H3;
+		}			
+	}
+	if (nvlist_exists_number(nvl_device, "transport_packet_magic_header")) {		
+		number = nvlist_get_number(nvl_device, "transport_packet_magic_header");
+		if (number <= UINT32_MAX){
+			dev->transport_packet_magic_header = number;			
+			dev->flags |= WGDEVICE_HAS_H4;
+		}			
+	}
+
 	if (nvlist_exists_number(nvl_device, "user-cookie")) {
 		number = nvlist_get_number(nvl_device, "user-cookie");
 		if (number <= UINT32_MAX) {
@@ -272,6 +336,24 @@ static int kernel_set_device(struct wgdevice *dev)
 		nvlist_add_binary(nvl_device, "private-key", dev->private_key, sizeof(dev->private_key));
 	if (dev->flags & WGDEVICE_HAS_LISTEN_PORT)
 		nvlist_add_number(nvl_device, "listen-port", dev->listen_port);
+	if (dev->flags & WGDEVICE_HAS_JC)
+		nvlist_add_number(nvl_device, "junk_packet_count", dev->junk_packet_count);
+	if (dev->flags & WGDEVICE_HAS_JMIN)
+		nvlist_add_number(nvl_device, "junk_packet_min_size", dev->junk_packet_min_size);
+	if (dev->flags & WGDEVICE_HAS_JMAX)
+		nvlist_add_number(nvl_device, "junk_packet_max_size", dev->junk_packet_max_size);
+	if (dev->flags & WGDEVICE_HAS_S1)
+		nvlist_add_number(nvl_device, "init_packet_junk_size", dev->init_packet_junk_size);
+	if (dev->flags & WGDEVICE_HAS_S2)
+		nvlist_add_number(nvl_device, "response_packet_junk_size", dev->response_packet_junk_size);
+	if (dev->flags & WGDEVICE_HAS_H1)
+		nvlist_add_number(nvl_device, "init_packet_magic_header", dev->init_packet_magic_header);
+	if (dev->flags & WGDEVICE_HAS_H2)
+		nvlist_add_number(nvl_device, "response_packet_magic_header", dev->response_packet_magic_header);
+	if (dev->flags & WGDEVICE_HAS_H3)
+		nvlist_add_number(nvl_device, "underload_packet_magic_header", dev->underload_packet_magic_header);
+	if (dev->flags & WGDEVICE_HAS_H4)
+		nvlist_add_number(nvl_device, "transport_packet_magic_header", dev->transport_packet_magic_header);
 	if (dev->flags & WGDEVICE_HAS_FWMARK)
 		nvlist_add_number(nvl_device, "user-cookie", dev->fwmark);
 	if (dev->flags & WGDEVICE_REPLACE_PEERS)

src/ipc-linux.h

@@ -163,6 +163,24 @@ again:
 			mnl_attr_put(nlh, WGDEVICE_A_PRIVATE_KEY, sizeof(dev->private_key), dev->private_key);
 		if (dev->flags & WGDEVICE_HAS_LISTEN_PORT)
 			mnl_attr_put_u16(nlh, WGDEVICE_A_LISTEN_PORT, dev->listen_port);
+		if (dev->flags & WGDEVICE_HAS_JC)
+			mnl_attr_put_u16(nlh, WGDEVICE_A_JC, dev->junk_packet_count);
+		if (dev->flags & WGDEVICE_HAS_JMIN)
+			mnl_attr_put_u16(nlh, WGDEVICE_A_JMIN, dev->junk_packet_min_size);
+		if (dev->flags & WGDEVICE_HAS_JMAX)
+			mnl_attr_put_u16(nlh, WGDEVICE_A_JMAX, dev->junk_packet_max_size);
+		if (dev->flags & WGDEVICE_HAS_S1)
+			mnl_attr_put_u16(nlh, WGDEVICE_A_S1, dev->init_packet_junk_size);
+		if (dev->flags & WGDEVICE_HAS_S2)
+			mnl_attr_put_u16(nlh, WGDEVICE_A_S2, dev->response_packet_junk_size);
+		if (dev->flags & WGDEVICE_HAS_H1)
+			mnl_attr_put_u32(nlh, WGDEVICE_A_H1, dev->init_packet_magic_header);
+		if (dev->flags & WGDEVICE_HAS_H2)
+			mnl_attr_put_u32(nlh, WGDEVICE_A_H2, dev->response_packet_magic_header);
+		if (dev->flags & WGDEVICE_HAS_H3)
+			mnl_attr_put_u32(nlh, WGDEVICE_A_H3, dev->underload_packet_magic_header);
+		if (dev->flags & WGDEVICE_HAS_H4)
+			mnl_attr_put_u32(nlh, WGDEVICE_A_H4, dev->transport_packet_magic_header);
 		if (dev->flags & WGDEVICE_HAS_FWMARK)
 			mnl_attr_put_u32(nlh, WGDEVICE_A_FWMARK, dev->fwmark);
 		if (dev->flags & WGDEVICE_REPLACE_PEERS)
@@ -441,6 +459,42 @@ static int parse_device(const struct nlattr *attr, void *data)
 		break;
 	case WGDEVICE_A_PEERS:
 		return mnl_attr_parse_nested(attr, parse_peers, device);
+	case WGDEVICE_HAS_JC:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+			device->junk_packet_count = mnl_attr_get_u16(attr);
+		break;
+	case WGDEVICE_HAS_JMIN:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+			device->junk_packet_min_size = mnl_attr_get_u16(attr);
+		break;
+	case WGDEVICE_HAS_JMAX:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+			device->junk_packet_max_size = mnl_attr_get_u16(attr);
+		break;
+	case WGDEVICE_HAS_S1:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+			device->init_packet_junk_size = mnl_attr_get_u16(attr);
+		break;
+	case WGDEVICE_HAS_S2:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+			device->response_packet_junk_size = mnl_attr_get_u16(attr);
+		break;
+	case WGDEVICE_HAS_H1:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U32))
+			device->init_packet_magic_header = mnl_attr_get_u32(attr);
+		break;
+	case WGDEVICE_HAS_H2:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U32))
+			device->response_packet_magic_header = mnl_attr_get_u32(attr);
+		break;
+	case WGDEVICE_HAS_H3:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U32))
+			device->underload_packet_magic_header = mnl_attr_get_u32(attr);
+		break;
+	case WGDEVICE_HAS_H4:
+		if (!mnl_attr_validate(attr, MNL_TYPE_U32))
+			device->transport_packet_magic_header = mnl_attr_get_u32(attr);
+		break;
 	}
 
 	return MNL_CB_OK;

src/ipc-openbsd.h

@@ -110,6 +110,51 @@ static int kernel_get_device(struct wgdevice **device, const char *iface)
 		dev->flags |= WGDEVICE_HAS_PRIVATE_KEY;
 	}
 
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_JC) {
+		dev->junk_packet_count = wg_iface->i_junk_packet_count;
+		dev->flags |= WGDEVICE_HAS_JC;
+	}
+
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_JMIN) {
+		dev->junk_packet_min_size = wg_iface->i_junk_packet_min_size;
+		dev->flags |= WGDEVICE_HAS_JMIN;
+	}
+
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_JMAX) {
+		dev->junk_packet_max_size = wg_iface->i_junk_packet_max_size;
+		dev->flags |= WGDEVICE_HAS_JMAX;
+	}
+
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_S1) {
+		dev->init_packet_junk_size = wg_iface->i_init_packet_junk_size;
+		dev->flags |= WGDEVICE_HAS_S1;
+	}
+
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_S2) {
+		dev->response_packet_junk_size = wg_iface->i_response_packet_junk_size;
+		dev->flags |= WGDEVICE_HAS_S2;
+	}
+
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_H1) {
+		dev->init_packet_magic_header = wg_iface->i_init_packet_magic_header;
+		dev->flags |= WGDEVICE_HAS_H1;
+	}
+
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_H2) {
+		dev->response_packet_magic_header = wg_iface->i_response_packet_magic_header;
+		dev->flags |= WGDEVICE_HAS_H2;
+	}
+
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_H3) {
+		dev->underload_packet_magic_header = wg_iface->i_underload_packet_magic_header;
+		dev->flags |= WGDEVICE_HAS_H3;
+	}
+
+	if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_H4) {
+		dev->transport_packet_magic_header = wg_iface->i_transport_packet_magic_header;
+		dev->flags |= WGDEVICE_HAS_H4;
+	}
+	
 	wg_peer = &wg_iface->i_peers[0];
 	for (size_t i = 0; i < wg_iface->i_peers_count; ++i) {
 		peer = calloc(1, sizeof(*peer));
@@ -221,6 +266,52 @@ static int kernel_set_device(struct wgdevice *dev)
 	if (dev->flags & WGDEVICE_REPLACE_PEERS)
 		wg_iface->i_flags |= WG_INTERFACE_REPLACE_PEERS;
 
+
+	if (dev->flags & WGDEVICE_HAS_JC) {
+		wg_iface->i_junk_packet_count = dev->junk_packet_count;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_JC;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_JMIN) {
+		wg_iface->i_junk_packet_min_size = dev->junk_packet_min_size;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_JMIN;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_JMAX) {
+		wg_iface->i_junk_packet_max_size = dev->junk_packet_max_size;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_JMAX;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_S1) {
+		wg_iface->i_init_packet_junk_size = dev->init_packet_junk_size;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_S1;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_S2) {
+		wg_iface->i_response_packet_junk_size = dev->response_packet_junk_size;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_S2;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_H1) {
+		wg_iface->i_init_packet_magic_header = dev->init_packet_magic_header;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_H1;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_H2) {
+		wg_iface->i_response_packet_magic_header = dev->response_packet_magic_header;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_H2;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_H3) {
+		wg_iface->i_underload_packet_magic_header = dev->underload_packet_magic_header;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_H3;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_H4) {
+		wg_iface->i_transport_packet_magic_header = dev->transport_packet_magic_header;
+		wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_H4;
+	}
+
 	peer_count = 0;
 	wg_peer = &wg_iface->i_peers[0];
 	for_each_wgpeer(dev, peer) {

src/ipc-uapi.h

@@ -51,6 +51,24 @@ static int userspace_set_device(struct wgdevice *dev)
 		fprintf(f, "fwmark=%u\n", dev->fwmark);
 	if (dev->flags & WGDEVICE_REPLACE_PEERS)
 		fprintf(f, "replace_peers=true\n");
+	if (dev->flags & WGDEVICE_HAS_JC)
+		fprintf(f, "jc=%u\n", dev->junk_packet_count);
+	if (dev->flags & WGDEVICE_HAS_JMIN)
+		fprintf(f, "jmin=%u\n", dev->junk_packet_min_size);
+	if (dev->flags & WGDEVICE_HAS_JMAX)
+		fprintf(f, "jmax=%u\n", dev->junk_packet_max_size);
+	if (dev->flags & WGDEVICE_HAS_S1)
+		fprintf(f, "s1=%u\n", dev->init_packet_junk_size);
+	if (dev->flags & WGDEVICE_HAS_S2)
+		fprintf(f, "s2=%u\n", dev->response_packet_junk_size);
+	if (dev->flags & WGDEVICE_HAS_H1)
+		fprintf(f, "h1=%u\n", dev->init_packet_magic_header);
+	if (dev->flags & WGDEVICE_HAS_H2)
+		fprintf(f, "h2=%u\n", dev->response_packet_magic_header);
+	if (dev->flags & WGDEVICE_HAS_H3)
+		fprintf(f, "h3=%u\n", dev->underload_packet_magic_header);
+	if (dev->flags & WGDEVICE_HAS_H4)
+		fprintf(f, "h4=%u\n", dev->transport_packet_magic_header);
 
 	for_each_wgpeer(dev, peer) {
 		key_to_hex(hex, peer->public_key);
@@ -183,6 +201,33 @@ static int userspace_get_device(struct wgdevice **out, const char *iface)
 		} else if (!peer && !strcmp(key, "fwmark")) {
 			dev->fwmark = NUM(0xffffffffU);
 			dev->flags |= WGDEVICE_HAS_FWMARK;
+		} else if(!peer && !strcmp(key, "jc")) {
+			dev->junk_packet_count = NUM(0xffffU);
+			dev->flags |= WGDEVICE_HAS_JC;
+		} else if(!peer && !strcmp(key, "jmin")) {
+			dev->junk_packet_min_size = NUM(0xffffU);
+			dev->flags |= WGDEVICE_HAS_JMIN;
+		} else if(!peer && !strcmp(key, "jmax")) {
+			dev->junk_packet_max_size = NUM(0xffffU);
+			dev->flags |= WGDEVICE_HAS_JMAX;
+		} else if(!peer && !strcmp(key, "s1")) {
+			dev->init_packet_junk_size = NUM(0xffffU);
+			dev->flags |= WGDEVICE_HAS_S1;
+		} else if(!peer && !strcmp(key, "s2")) {
+			dev->response_packet_junk_size = NUM(0xffffU);
+			dev->flags |= WGDEVICE_HAS_S2;
+		} else if(!peer && !strcmp(key, "h1")) {
+			dev->init_packet_magic_header = NUM(0xffffffffU);
+			dev->flags |= WGDEVICE_HAS_H1;
+		} else if(!peer && !strcmp(key, "h2")) {
+			dev->response_packet_magic_header = NUM(0xffffffffU);
+			dev->flags |= WGDEVICE_HAS_H2;
+		} else if(!peer && !strcmp(key, "h3")) {
+			dev->underload_packet_magic_header = NUM(0xffffffffU);
+			dev->flags |= WGDEVICE_HAS_H3;
+		} else if(!peer && !strcmp(key, "h4")) {
+			dev->transport_packet_magic_header = NUM(0xffffffffU);
+			dev->flags |= WGDEVICE_HAS_H4;
 		} else if (!strcmp(key, "public_key")) {
 			struct wgpeer *new_peer = calloc(1, sizeof(*new_peer));
 

src/ipc-windows.h

@@ -263,6 +263,43 @@ static int kernel_get_device(struct wgdevice **device, const char *iface)
 		dev->flags |= WGDEVICE_HAS_PRIVATE_KEY;
 	}
 
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_JC) {
+		dev->junk_packet_count = wg_iface->JunkPacketCount;
+		dev->flags |= WGDEVICE_HAS_JC;
+	}
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_JMIN) {
+		dev->junk_packet_min_size = wg_iface->JunkPacketMinSize;
+		dev->flags |= WGDEVICE_HAS_JMIN;
+	}
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_JMAX) {
+		dev->junk_packet_max_size = wg_iface->JunkPacketMaxSize;
+		dev->flags |= WGDEVICE_HAS_JMAX;
+	}
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_S1) {
+		dev->init_packet_junk_size = wg_iface->InitPacketJunkSize;
+		dev->flags |= WGDEVICE_HAS_S1;
+	}
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_S2) {
+		dev->response_packet_junk_size = wg_iface->ResponsePacketJunkSize;
+		dev->flags |= WGDEVICE_HAS_S2;
+	}
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_H1) {
+		dev->init_packet_magic_header = wg_iface->InitPacketMagicHeader;
+		dev->flags |= WGDEVICE_HAS_H1;
+	}
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_H2) {
+		dev->response_packet_magic_header = wg_iface->ResponsePacketMagicHeader;
+		dev->flags |= WGDEVICE_HAS_H2;
+	}
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_H3) {
+		dev->underload_packet_magic_header = wg_iface->UnderloadPacketMagicHeader;
+		dev->flags |= WGDEVICE_HAS_H3;
+	}
+	if (wg_iface->Flags & WG_IOCTL_INTERFACE_H4) {
+		dev->transport_packet_magic_header = wg_iface->TransportPacketMagicHeader;
+		dev->flags |= WGDEVICE_HAS_H4;
+	}
+
 	wg_peer = buf + sizeof(WG_IOCTL_INTERFACE);
 	for (ULONG i = 0; i < wg_iface->PeersCount; ++i) {
 		peer = calloc(1, sizeof(*peer));
@@ -385,6 +422,51 @@ static int kernel_set_device(struct wgdevice *dev)
 	if (dev->flags & WGDEVICE_REPLACE_PEERS)
 		wg_iface->Flags |= WG_IOCTL_INTERFACE_REPLACE_PEERS;
 
+	if (dev->flags & WGDEVICE_HAS_JC) {
+		wg_iface->JunkPacketCount = dev->junk_packet_count;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_JC;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_JMIN) {
+		wg_iface->JunkPacketMinSize = dev->junk_packet_min_size;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_JMIN;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_JMAX) {
+		wg_iface->JunkPacketMaxSize = dev->junk_packet_max_size;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_JMAX;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_S1) {
+		wg_iface->InitPacketJunkSize = dev->init_packet_junk_size;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_S1;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_S2) {
+		wg_iface->ResponsePacketJunkSize = dev->response_packet_junk_size;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_S2;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_H1) {
+		wg_iface->InitPacketMagicHeader = dev->init_packet_magic_header;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_H1;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_H2) {
+		wg_iface->ResponsePacketMagicHeader = dev->response_packet_magic_header;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_H2;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_H3) {
+		wg_iface->UnderloadPacketMagicHeader = dev->underload_packet_magic_header;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_H3;
+	}
+
+	if (dev->flags & WGDEVICE_HAS_H4) {
+		wg_iface->TransportPacketMagicHeader = dev->transport_packet_magic_header;
+		wg_iface->Flags |= WG_IOCTL_INTERFACE_H4;
+	}
+
 	peer_count = 0;
 	wg_peer = (void *)wg_iface + sizeof(WG_IOCTL_INTERFACE);
 	for_each_wgpeer(dev, peer) {

src/show.c

@@ -220,6 +220,24 @@ static void pretty_print(struct wgdevice *device)
 		terminal_printf("  " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->listen_port);
 	if (device->fwmark)
 		terminal_printf("  " TERMINAL_BOLD "fwmark" TERMINAL_RESET ": 0x%x\n", device->fwmark);
+	if (device->junk_packet_count)
+		terminal_printf("  " TERMINAL_BOLD "jc" TERMINAL_RESET ": %u\n", device->junk_packet_count);
+	if (device->junk_packet_min_size)
+		terminal_printf("  " TERMINAL_BOLD "jmin" TERMINAL_RESET ": %u\n", device->junk_packet_min_size);
+	if (device->junk_packet_max_size)
+		terminal_printf("  " TERMINAL_BOLD "jmax" TERMINAL_RESET ": %u\n", device->junk_packet_max_size);
+	if (device->init_packet_junk_size)
+		terminal_printf("  " TERMINAL_BOLD "s1" TERMINAL_RESET ": %u\n", device->init_packet_junk_size);
+	if (device->response_packet_junk_size)
+		terminal_printf("  " TERMINAL_BOLD "s2" TERMINAL_RESET ": %u\n", device->response_packet_junk_size);
+	if (device->init_packet_magic_header)
+		terminal_printf("  " TERMINAL_BOLD "h1" TERMINAL_RESET ": %u\n", device->init_packet_magic_header);
+	if (device->response_packet_magic_header)
+		terminal_printf("  " TERMINAL_BOLD "h2" TERMINAL_RESET ": %u\n", device->response_packet_magic_header);
+	if (device->underload_packet_magic_header)
+		terminal_printf("  " TERMINAL_BOLD "h3" TERMINAL_RESET ": %u\n", device->underload_packet_magic_header);
+	if (device->transport_packet_magic_header)
+		terminal_printf("  " TERMINAL_BOLD "h4" TERMINAL_RESET ": %u\n", device->transport_packet_magic_header);
 	if (device->first_peer) {
 		sort_peers(device);
 		terminal_printf("\n");
@@ -260,6 +278,15 @@ static void dump_print(struct wgdevice *device, bool with_interface)
 	printf("%s\t", maybe_key(device->private_key, device->flags & WGDEVICE_HAS_PRIVATE_KEY));
 	printf("%s\t", maybe_key(device->public_key, device->flags & WGDEVICE_HAS_PUBLIC_KEY));
 	printf("%u\t", device->listen_port);
+	printf("%u\t", device->junk_packet_count);
+	printf("%u\t", device->junk_packet_min_size);
+	printf("%u\t", device->junk_packet_max_size);
+	printf("%u\t", device->init_packet_junk_size);
+	printf("%u\t", device->response_packet_junk_size);
+	printf("%u\t", device->init_packet_magic_header);
+	printf("%u\t", device->response_packet_magic_header);
+	printf("%u\t", device->underload_packet_magic_header);
+	printf("%u\t", device->transport_packet_magic_header);
 	if (device->fwmark)
 		printf("0x%x\n", device->fwmark);
 	else
@@ -311,7 +338,43 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int
 			printf("0x%x\n", device->fwmark);
 		else
 			printf("off\n");
-	} else if (!strcmp(param, "endpoints")) {
+	} else if(!strcmp(param, "jc")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->junk_packet_count);
+	 } else if(!strcmp(param, "jmin")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->junk_packet_min_size);
+	 } else if(!strcmp(param, "jmax")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->junk_packet_max_size);
+	 } else if(!strcmp(param, "s1")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->init_packet_junk_size);
+	 } else if(!strcmp(param, "s2")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->response_packet_junk_size);
+	 } else if(!strcmp(param, "h1")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->init_packet_magic_header);
+	 } else if(!strcmp(param, "h2")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->response_packet_magic_header);
+	 } else if(!strcmp(param, "h3")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->underload_packet_magic_header);
+	 } else if(!strcmp(param, "h4")) {
+		if (with_interface)
+			printf("%s\t", device->name);
+		printf("%u\n", device->transport_packet_magic_header);
+	 } else if (!strcmp(param, "endpoints")) {
 		for_each_wgpeer(device, peer) {
 			if (with_interface)
 				printf("%s\t", device->name);

src/showconf.c

@@ -46,6 +46,25 @@ int showconf_main(int argc, const char *argv[])
 		key_to_base64(base64, device->private_key);
 		printf("PrivateKey = %s\n", base64);
 	}
+	if (device->flags & WGDEVICE_HAS_JC)
+		printf("Jc = %u\n", device->junk_packet_count);
+	if (device->flags & WGDEVICE_HAS_JMIN)
+		printf("Jmin = %u\n", device->junk_packet_min_size);
+	if (device->flags & WGDEVICE_HAS_JMAX)
+		printf("Jmax = %u\n", device->junk_packet_max_size);
+	if (device->flags & WGDEVICE_HAS_S1)
+		printf("S1 = %u\n", device->init_packet_junk_size);
+	if (device->flags & WGDEVICE_HAS_S2)
+		printf("S2 = %u\n", device->response_packet_junk_size);
+	if (device->flags & WGDEVICE_HAS_H1)
+		printf("H1 = %u\n", device->init_packet_magic_header);
+	if (device->flags & WGDEVICE_HAS_H2)
+		printf("H2 = %u\n", device->response_packet_magic_header);
+	if (device->flags & WGDEVICE_HAS_H3)
+		printf("H3 = %u\n", device->underload_packet_magic_header);
+	if (device->flags & WGDEVICE_HAS_H4)
+		printf("H4 = %u\n", device->transport_packet_magic_header);
+
 	printf("\n");
 	for_each_wgpeer(device, peer) {
 		key_to_base64(base64, peer->public_key);

src/uapi/linux/linux/wireguard.h

@@ -157,6 +157,15 @@ enum wgdevice_attribute {
 	WGDEVICE_A_LISTEN_PORT,
 	WGDEVICE_A_FWMARK,
 	WGDEVICE_A_PEERS,
+	WGDEVICE_A_JC,
+	WGDEVICE_A_JMIN,
+	WGDEVICE_A_JMAX,
+	WGDEVICE_A_S1,
+	WGDEVICE_A_S2,
+	WGDEVICE_A_H1,
+	WGDEVICE_A_H2,
+	WGDEVICE_A_H3,
+	WGDEVICE_A_H4,
 	__WGDEVICE_A_LAST
 };
 #define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1)

src/uapi/openbsd/net/if_wg.h

@@ -29,19 +29,19 @@
 #define a_ipv6	a_addr.addr_ipv6
 
 struct wg_aip_io {
-	sa_family_t	 a_af;
-	int		 a_cidr;
-	union wg_aip_addr {
-		struct in_addr		addr_ipv4;
-		struct in6_addr		addr_ipv6;
-	}		 a_addr;
+    sa_family_t	 a_af;
+    int		 a_cidr;
+    union wg_aip_addr {
+        struct in_addr		addr_ipv4;
+        struct in6_addr		addr_ipv6;
+    }		 a_addr;
 };
 
 #define WG_PEER_HAS_PUBLIC		(1 << 0)
 #define WG_PEER_HAS_PSK			(1 << 1)
 #define WG_PEER_HAS_PKA			(1 << 2)
-#define WG_PEER_HAS_ENDPOINT		(1 << 3)
-#define WG_PEER_REPLACE_AIPS		(1 << 4)
+#define WG_PEER_HAS_ENDPOINT	(1 << 3)
+#define WG_PEER_REPLACE_AIPS	(1 << 4)
 #define WG_PEER_REMOVE			(1 << 5)
 #define WG_PEER_UPDATE			(1 << 6)
 
@@ -50,43 +50,62 @@ struct wg_aip_io {
 #define p_sin6		p_endpoint.sa_sin6
 
 struct wg_peer_io {
-	int			p_flags;
-	int			p_protocol_version;
-	uint8_t			p_public[WG_KEY_LEN];
-	uint8_t			p_psk[WG_KEY_LEN];
-	uint16_t		p_pka;
-	union wg_peer_endpoint {
-		struct sockaddr		sa_sa;
-		struct sockaddr_in	sa_sin;
-		struct sockaddr_in6	sa_sin6;
-	}			p_endpoint;
-	uint64_t		p_txbytes;
-	uint64_t		p_rxbytes;
-	struct timespec		p_last_handshake; /* nanotime */
-	size_t			p_aips_count;
-	struct wg_aip_io	p_aips[];
+    int			p_flags;
+    int			p_protocol_version;
+    uint8_t			p_public[WG_KEY_LEN];
+    uint8_t			p_psk[WG_KEY_LEN];
+    uint16_t		p_pka;
+    union wg_peer_endpoint {
+        struct sockaddr		sa_sa;
+        struct sockaddr_in	sa_sin;
+        struct sockaddr_in6	sa_sin6;
+    }			p_endpoint;
+    uint64_t		p_txbytes;
+    uint64_t		p_rxbytes;
+    struct timespec		p_last_handshake; /* nanotime */
+    size_t			p_aips_count;
+    struct wg_aip_io	p_aips[];
 };
 
-#define WG_INTERFACE_HAS_PUBLIC		(1 << 0)
-#define WG_INTERFACE_HAS_PRIVATE	(1 << 1)
-#define WG_INTERFACE_HAS_PORT		(1 << 2)
-#define WG_INTERFACE_HAS_RTABLE		(1 << 3)
-#define WG_INTERFACE_REPLACE_PEERS	(1 << 4)
+#define WG_INTERFACE_HAS_PUBLIC		 (1 << 0)
+#define WG_INTERFACE_HAS_PRIVATE	 (1 << 1)
+#define WG_INTERFACE_HAS_PORT		 (1 << 2)
+#define WG_INTERFACE_HAS_RTABLE		 (1 << 3)
+#define WG_INTERFACE_REPLACE_PEERS	 (1 << 4)
+#define WG_INTERFACE_DEVICE_HAS_JC 	 (1 << 5)
+#define WG_INTERFACE_DEVICE_HAS_JMIN (1 << 6)
+#define WG_INTERFACE_DEVICE_HAS_JMAX (1 << 7)
+#define WG_INTERFACE_DEVICE_HAS_S1	 (1 << 8)
+#define WG_INTERFACE_DEVICE_HAS_S2	 (1 << 9)
+#define WG_INTERFACE_DEVICE_HAS_H1	 (1 << 10)
+#define WG_INTERFACE_DEVICE_HAS_H2	 (1 << 11)
+#define WG_INTERFACE_DEVICE_HAS_H3	 (1 << 12)
+#define WG_INTERFACE_DEVICE_HAS_H4	 (1 << 13)
 
 struct wg_interface_io {
-	uint8_t			i_flags;
-	in_port_t		i_port;
-	int			i_rtable;
-	uint8_t			i_public[WG_KEY_LEN];
-	uint8_t			i_private[WG_KEY_LEN];
-	size_t			i_peers_count;
-	struct wg_peer_io	i_peers[];
+    uint16_t		i_flags;
+    in_port_t		i_port;
+    int				i_rtable;
+    uint8_t			i_public[WG_KEY_LEN];
+    uint8_t			i_private[WG_KEY_LEN];
+    size_t			i_peers_count;
+    struct wg_peer_io	i_peers[];
+
+    uint16_t 			i_junk_packet_count;
+    uint16_t 			i_junk_packet_min_size;
+    uint16_t 			i_junk_packet_max_size;
+    uint16_t 			i_init_packet_junk_size;
+    uint16_t 			i_response_packet_junk_size;
+    uint32_t 			i_init_packet_magic_header;
+    uint32_t 			i_response_packet_magic_header;
+    uint32_t 			i_underload_packet_magic_header;
+    uint32_t 			i_transport_packet_magic_header;
 };
 
 struct wg_data_io {
-	char	 		 wgd_name[IFNAMSIZ];
-	size_t			 wgd_size;	/* total size of the memory pointed to by wgd_interface */
-	struct wg_interface_io	*wgd_interface;
+    char	 		 wgd_name[IFNAMSIZ];
+    size_t			 wgd_size;	/* total size of the memory pointed to by wgd_interface */
+    struct wg_interface_io	*wgd_interface;
 };
 
 #endif /* __IF_WG_H__ */

src/uapi/windows/wireguard.h

@@ -56,7 +56,17 @@ typedef enum
 	WG_IOCTL_INTERFACE_HAS_PUBLIC_KEY = 1 << 0,
 	WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY = 1 << 1,
 	WG_IOCTL_INTERFACE_HAS_LISTEN_PORT = 1 << 2,
-	WG_IOCTL_INTERFACE_REPLACE_PEERS = 1 << 3
+	WG_IOCTL_INTERFACE_REPLACE_PEERS = 1 << 3,
+	WG_IOCTL_INTERFACE_PEERS = 1 << 4,
+	WG_IOCTL_INTERFACE_JC = 1 << 5,
+	WG_IOCTL_INTERFACE_JMIN = 1 << 6,
+	WG_IOCTL_INTERFACE_JMAX = 1 << 7,
+	WG_IOCTL_INTERFACE_S1 = 1 << 8,
+	WG_IOCTL_INTERFACE_S2 = 1 << 9,
+	WG_IOCTL_INTERFACE_H1 = 1 << 10,
+	WG_IOCTL_INTERFACE_H2 = 1 << 11,
+	WG_IOCTL_INTERFACE_H3 = 1 << 12,
+	WG_IOCTL_INTERFACE_H4 = 1 << 13
 } WG_IOCTL_INTERFACE_FLAG;
 
 typedef struct _WG_IOCTL_INTERFACE
@@ -66,6 +76,15 @@ typedef struct _WG_IOCTL_INTERFACE
 	UCHAR PrivateKey[WG_KEY_LEN];
 	UCHAR PublicKey[WG_KEY_LEN];
 	ULONG PeersCount;
+	USHORT JunkPacketCount;
+	USHORT JunkPacketMinSize;
+	USHORT JunkPacketMaxSize;
+	USHORT InitPacketJunkSize;
+	USHORT ResponsePacketJunkSize;
+	ULONG InitPacketMagicHeader;
+	ULONG ResponsePacketMagicHeader;
+	ULONG UnderloadPacketMagicHeader;
+	ULONG TransportPacketMagicHeader;
 } __attribute__((aligned(8))) WG_IOCTL_INTERFACE;
 
 #define WG_IOCTL_GET CTL_CODE(45208U, 321, METHOD_OUT_DIRECT, FILE_READ_DATA | FILE_WRITE_DATA)