From eb30bd6f6e1387c9a34b3aa03e140bace2948a7b Mon Sep 17 00:00:00 2001 From: Mark Puha Date: Thu, 3 Jul 2025 16:32:35 +0200 Subject: [PATCH] feat: add s3, s4 --- contrib/embeddable-wg-library/wireguard.c | 2 ++ src/config.c | 22 +++++++++++++++++ src/containers.h | 30 +++++++++++++---------- src/ipc-freebsd.h | 18 ++++++++++++++ src/ipc-linux.h | 16 ++++++++++++ src/ipc-openbsd.h | 20 +++++++++++++++ src/ipc-uapi.h | 10 ++++++++ src/ipc-windows.h | 16 ++++++++++++ src/show.c | 4 +++ src/showconf.c | 4 +++ src/uapi/linux/linux/wireguard.h | 2 ++ src/uapi/openbsd/net/if_wg.h | 30 +++++++++++++---------- src/uapi/windows/wireguard.h | 30 +++++++++++++---------- 13 files changed, 165 insertions(+), 39 deletions(-) diff --git a/contrib/embeddable-wg-library/wireguard.c b/contrib/embeddable-wg-library/wireguard.c index 12234e5..26de0e9 100644 --- a/contrib/embeddable-wg-library/wireguard.c +++ b/contrib/embeddable-wg-library/wireguard.c @@ -53,6 +53,8 @@ enum wgdevice_attribute { WGDEVICE_A_JMAX, WGDEVICE_A_S1, WGDEVICE_A_S2, + WGDEVICE_A_S3, + WGDEVICE_A_S4, WGDEVICE_A_H1, WGDEVICE_A_H2, WGDEVICE_A_H3, diff --git a/src/config.c b/src/config.c index 19a5ebd..a2b35f1 100644 --- a/src/config.c +++ b/src/config.c @@ -566,6 +566,14 @@ static bool process_line(struct config_ctx *ctx, const char *line) ret = parse_uint16(&ctx->device->response_packet_junk_size, "S2", value); if (ret) ctx->device->flags |= WGDEVICE_HAS_S2; + } else if (key_match("S3")) { + ret = parse_uint16(&ctx->device->cookie_reply_packet_junk_size, "S3", value); + if (ret) + ctx->device->flags |= WGDEVICE_HAS_S3; + } else if (key_match("S4")) { + ret = parse_uint16(&ctx->device->transport_packet_junk_size, "S4", value); + if (ret) + ctx->device->flags |= WGDEVICE_HAS_S4; } else if (key_match("H1")) { ret = parse_uint32(&ctx->device->init_packet_magic_header, "H1", value); if (ret) @@ -837,6 +845,20 @@ struct wgdevice *config_read_cmd(const char *argv[], int argc) device->flags |= WGDEVICE_HAS_S2; argv += 2; argc -= 2; + } else if (!strcmp(argv[0], "s3") && argc >= 2 && !peer) { + if (!parse_uint16(&device->cookie_reply_packet_junk_size, "s3", argv[1])) + goto error; + + device->flags |= WGDEVICE_HAS_S3; + argv += 2; + argc -= 2; + } else if (!strcmp(argv[0], "s4") && argc >= 2 && !peer) { + if (!parse_uint16(&device->transport_packet_junk_size, "s4", argv[1])) + goto error; + + device->flags |= WGDEVICE_HAS_S4; + argv += 2; + argc -= 2; } else if (!strcmp(argv[0], "h1") && argc >= 2 && !peer) { if (!parse_uint32(&device->init_packet_magic_header, "h1", argv[1])) goto error; diff --git a/src/containers.h b/src/containers.h index 9035c1a..09ff619 100644 --- a/src/containers.h +++ b/src/containers.h @@ -87,19 +87,21 @@ enum { WGDEVICE_HAS_JMAX = 1U << 7, WGDEVICE_HAS_S1 = 1U << 8, WGDEVICE_HAS_S2 = 1U << 9, - WGDEVICE_HAS_H1 = 1U << 10, - WGDEVICE_HAS_H2 = 1U << 11, - WGDEVICE_HAS_H3 = 1U << 12, - WGDEVICE_HAS_H4 = 1U << 13, - WGDEVICE_HAS_I1 = 1U << 14, - WGDEVICE_HAS_I2 = 1U << 15, - WGDEVICE_HAS_I3 = 1U << 16, - WGDEVICE_HAS_I4 = 1U << 17, - WGDEVICE_HAS_I5 = 1U << 18, - WGDEVICE_HAS_J1 = 1U << 19, - WGDEVICE_HAS_J2 = 1U << 20, - WGDEVICE_HAS_J3 = 1U << 21, - WGDEVICE_HAS_ITIME = 1U << 22 + WGDEVICE_HAS_S3 = 1U << 10, + WGDEVICE_HAS_S4 = 1U << 11, + WGDEVICE_HAS_H1 = 1U << 12, + WGDEVICE_HAS_H2 = 1U << 12, + WGDEVICE_HAS_H3 = 1U << 13, + WGDEVICE_HAS_H4 = 1U << 14, + WGDEVICE_HAS_I1 = 1U << 15, + WGDEVICE_HAS_I2 = 1U << 16, + WGDEVICE_HAS_I3 = 1U << 17, + WGDEVICE_HAS_I4 = 1U << 18, + WGDEVICE_HAS_I5 = 1U << 19, + WGDEVICE_HAS_J1 = 1U << 20, + WGDEVICE_HAS_J2 = 1U << 21, + WGDEVICE_HAS_J3 = 1U << 22, + WGDEVICE_HAS_ITIME = 1U << 23 }; struct wgdevice { @@ -121,6 +123,8 @@ struct wgdevice { uint16_t junk_packet_max_size; uint16_t init_packet_junk_size; uint16_t response_packet_junk_size; + uint16_t cookie_reply_packet_junk_size; + uint16_t transport_packet_junk_size; uint32_t init_packet_magic_header; uint32_t response_packet_magic_header; uint32_t underload_packet_magic_header; diff --git a/src/ipc-freebsd.h b/src/ipc-freebsd.h index 8f16964..206ebcd 100644 --- a/src/ipc-freebsd.h +++ b/src/ipc-freebsd.h @@ -126,6 +126,20 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname) dev->flags |= WGDEVICE_HAS_S2; } } + if (nvlist_exists_number(nvl_device, "s3")) { + number = nvlist_get_number(nvl_device, "s3"); + if (number <= UINT16_MAX){ + dev->cookie_reply_packet_junk_size = number; + dev->flags |= WGDEVICE_HAS_S3; + } + } + if (nvlist_exists_number(nvl_device, "s4")) { + number = nvlist_get_number(nvl_device, "s4"); + if (number <= UINT16_MAX){ + dev->transport_packet_junk_size = number; + dev->flags |= WGDEVICE_HAS_S4; + } + } if (nvlist_exists_number(nvl_device, "h1")) { number = nvlist_get_number(nvl_device, "h1"); if (number <= UINT32_MAX){ @@ -427,6 +441,10 @@ static int kernel_set_device(struct wgdevice *dev) nvlist_add_number(nvl_device, "s1", dev->init_packet_junk_size); if (dev->flags & WGDEVICE_HAS_S2) nvlist_add_number(nvl_device, "s2", dev->response_packet_junk_size); + if (dev->flags & WGDEVICE_HAS_S3) + nvlist_add_number(nvl_device, "s3", dev->cookie_reply_packet_junk_size); + if (dev->flags & WGDEVICE_HAS_S4) + nvlist_add_number(nvl_device, "s4", dev->transport_packet_junk_size); if (dev->flags & WGDEVICE_HAS_H1) nvlist_add_number(nvl_device, "h1", dev->init_packet_magic_header); if (dev->flags & WGDEVICE_HAS_H2) diff --git a/src/ipc-linux.h b/src/ipc-linux.h index ffc95ca..0531ff5 100644 --- a/src/ipc-linux.h +++ b/src/ipc-linux.h @@ -173,6 +173,10 @@ again: mnl_attr_put_u16(nlh, WGDEVICE_A_S1, dev->init_packet_junk_size); if (dev->flags & WGDEVICE_HAS_S2) mnl_attr_put_u16(nlh, WGDEVICE_A_S2, dev->response_packet_junk_size); + if (dev->flags & WGDEVICE_HAS_S3) + mnl_attr_put_u16(nlh, WGDEVICE_A_S3, dev->cookie_reply_packet_junk_size); + if (dev->flags & WGDEVICE_HAS_S4) + mnl_attr_put_u16(nlh, WGDEVICE_A_S4, dev->transport_packet_junk_size); if (dev->flags & WGDEVICE_HAS_H1) mnl_attr_put_u32(nlh, WGDEVICE_A_H1, dev->init_packet_magic_header); if (dev->flags & WGDEVICE_HAS_H2) @@ -556,6 +560,18 @@ static int parse_device(const struct nlattr *attr, void *data) device->flags |= WGDEVICE_HAS_S2; } break; + case WGDEVICE_A_S3: + if (!mnl_attr_validate(attr, MNL_TYPE_U16)) { + device->cookie_reply_packet_junk_size = mnl_attr_get_u16(attr); + device->flags |= WGDEVICE_HAS_S3; + } + break; + case WGDEVICE_A_S4: + if (!mnl_attr_validate(attr, MNL_TYPE_U16)) { + device->transport_packet_junk_size = mnl_attr_get_u16(attr); + device->flags |= WGDEVICE_HAS_S4; + } + break; case WGDEVICE_A_H1: if (!mnl_attr_validate(attr, MNL_TYPE_U32)) { device->init_packet_magic_header = mnl_attr_get_u32(attr); diff --git a/src/ipc-openbsd.h b/src/ipc-openbsd.h index faed2ec..dd063ae 100644 --- a/src/ipc-openbsd.h +++ b/src/ipc-openbsd.h @@ -135,6 +135,16 @@ static int kernel_get_device(struct wgdevice **device, const char *iface) dev->flags |= WGDEVICE_HAS_S2; } + if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_S3) { + dev->cookie_reply_packet_junk_size = wg_iface->i_cookie_reply_packet_junk_size; + dev->flags |= WGDEVICE_HAS_S3; + } + + if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_S4) { + dev->transport_packet_junk_size = wg_iface->i_transport_packet_junk_size; + dev->flags |= WGDEVICE_HAS_S4; + } + if (wg_iface->i_flags & WG_INTERFACE_DEVICE_HAS_H1) { dev->init_packet_magic_header = wg_iface->i_init_packet_magic_header; dev->flags |= WGDEVICE_HAS_H1; @@ -346,6 +356,16 @@ static int kernel_set_device(struct wgdevice *dev) wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_S2; } + if (dev->flags & WGDEVICE_HAS_S3) { + wg_iface->i_cookie_reply_packet_junk_size = dev->cookie_reply_packet_junk_size; + wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_S3; + } + + if (dev->flags & WGDEVICE_HAS_S4) { + wg_iface->i_transport_packet_junk_size = dev->transport_packet_junk_size; + wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_S4; + } + if (dev->flags & WGDEVICE_HAS_H1) { wg_iface->i_init_packet_magic_header = dev->init_packet_magic_header; wg_iface->i_flags |= WG_INTERFACE_DEVICE_HAS_H1; diff --git a/src/ipc-uapi.h b/src/ipc-uapi.h index 2060c51..32be0d8 100644 --- a/src/ipc-uapi.h +++ b/src/ipc-uapi.h @@ -61,6 +61,10 @@ static int userspace_set_device(struct wgdevice *dev) fprintf(f, "s1=%u\n", dev->init_packet_junk_size); if (dev->flags & WGDEVICE_HAS_S2) fprintf(f, "s2=%u\n", dev->response_packet_junk_size); + if (dev->flags & WGDEVICE_HAS_S3) + fprintf(f, "s3=%u\n", dev->cookie_reply_packet_junk_size); + if (dev->flags & WGDEVICE_HAS_S4) + fprintf(f, "s4=%u\n", dev->transport_packet_junk_size); if (dev->flags & WGDEVICE_HAS_H1) fprintf(f, "h1=%u\n", dev->init_packet_magic_header); if (dev->flags & WGDEVICE_HAS_H2) @@ -244,6 +248,12 @@ static int userspace_get_device(struct wgdevice **out, const char *iface) } else if(!peer && !strcmp(key, "s2")) { dev->response_packet_junk_size = NUM(0xffffU); dev->flags |= WGDEVICE_HAS_S2; + } else if(!peer && !strcmp(key, "s3")) { + dev->cookie_reply_packet_junk_size = NUM(0xffffU); + dev->flags |= WGDEVICE_HAS_S3; + } else if(!peer && !strcmp(key, "s4")) { + dev->transport_packet_junk_size = NUM(0xffffU); + dev->flags |= WGDEVICE_HAS_S4; } else if(!peer && !strcmp(key, "h1")) { dev->init_packet_magic_header = NUM(0xffffffffU); dev->flags |= WGDEVICE_HAS_H1; diff --git a/src/ipc-windows.h b/src/ipc-windows.h index 0148172..faa8b8f 100644 --- a/src/ipc-windows.h +++ b/src/ipc-windows.h @@ -283,6 +283,14 @@ static int kernel_get_device(struct wgdevice **device, const char *iface) dev->response_packet_junk_size = wg_iface->ResponsePacketJunkSize; dev->flags |= WGDEVICE_HAS_S2; } + if (wg_iface->Flags & WG_IOCTL_INTERFACE_S3) { + dev->cookie_reply_packet_junk_size = wg_iface->CookieReplyPacketJunkSize; + dev->flags |= WGDEVICE_HAS_S3; + } + if (wg_iface->Flags & WG_IOCTL_INTERFACE_S4) { + dev->transport_packet_junk_size = wg_iface->TransportPacketJunkSize; + dev->flags |= WGDEVICE_HAS_S4; + } if (wg_iface->Flags & WG_IOCTL_INTERFACE_H1) { dev->init_packet_magic_header = wg_iface->InitPacketMagicHeader; dev->flags |= WGDEVICE_HAS_H1; @@ -507,6 +515,14 @@ static int kernel_set_device(struct wgdevice *dev) wg_iface->ResponsePacketJunkSize = dev->response_packet_junk_size; wg_iface->Flags |= WG_IOCTL_INTERFACE_S2; } + if (dev->flags & WGDEVICE_HAS_S3) { + wg_iface->CookieReplyPacketJunkSize = dev->cookie_reply_packet_junk_size; + wg_iface->Flags |= WG_IOCTL_INTERFACE_S3; + } + if (dev->flags & WGDEVICE_HAS_S4) { + wg_iface->TransportPacketJunkSize = dev->transport_packet_junk_size; + wg_iface->Flags |= WG_IOCTL_INTERFACE_S4; + } if (dev->flags & WGDEVICE_HAS_H1) { wg_iface->InitPacketMagicHeader = dev->init_packet_magic_header; diff --git a/src/show.c b/src/show.c index 66e654d..9b047c9 100644 --- a/src/show.c +++ b/src/show.c @@ -230,6 +230,10 @@ static void pretty_print(struct wgdevice *device) terminal_printf(" " TERMINAL_BOLD "s1" TERMINAL_RESET ": %u\n", device->init_packet_junk_size); if (device->response_packet_junk_size) terminal_printf(" " TERMINAL_BOLD "s2" TERMINAL_RESET ": %u\n", device->response_packet_junk_size); + if (device->cookie_reply_packet_junk_size) + terminal_printf(" " TERMINAL_BOLD "s3" TERMINAL_RESET ": %u\n", device->cookie_reply_packet_junk_size); + if (device->transport_packet_junk_size) + terminal_printf(" " TERMINAL_BOLD "s4" TERMINAL_RESET ": %u\n", device->transport_packet_junk_size); if (device->init_packet_magic_header) terminal_printf(" " TERMINAL_BOLD "h1" TERMINAL_RESET ": %u\n", device->init_packet_magic_header); if (device->response_packet_magic_header) diff --git a/src/showconf.c b/src/showconf.c index 70a5eec..b049f6e 100644 --- a/src/showconf.c +++ b/src/showconf.c @@ -56,6 +56,10 @@ int showconf_main(int argc, const char *argv[]) printf("S1 = %u\n", device->init_packet_junk_size); if (device->flags & WGDEVICE_HAS_S2) printf("S2 = %u\n", device->response_packet_junk_size); + if (device->flags & WGDEVICE_HAS_S3) + printf("S3 = %u\n", device->cookie_reply_packet_junk_size); + if (device->flags & WGDEVICE_HAS_S4) + printf("S4 = %u\n", device->transport_packet_junk_size); if (device->flags & WGDEVICE_HAS_H1) printf("H1 = %u\n", device->init_packet_magic_header); if (device->flags & WGDEVICE_HAS_H2) diff --git a/src/uapi/linux/linux/wireguard.h b/src/uapi/linux/linux/wireguard.h index cca01ab..4438e83 100644 --- a/src/uapi/linux/linux/wireguard.h +++ b/src/uapi/linux/linux/wireguard.h @@ -193,6 +193,8 @@ enum wgdevice_attribute { WGDEVICE_A_JMAX, WGDEVICE_A_S1, WGDEVICE_A_S2, + WGDEVICE_A_S3, + WGDEVICE_A_S4, WGDEVICE_A_H1, WGDEVICE_A_H2, WGDEVICE_A_H3, diff --git a/src/uapi/openbsd/net/if_wg.h b/src/uapi/openbsd/net/if_wg.h index 8e29da5..1f30572 100644 --- a/src/uapi/openbsd/net/if_wg.h +++ b/src/uapi/openbsd/net/if_wg.h @@ -77,19 +77,21 @@ struct wg_peer_io { #define WG_INTERFACE_DEVICE_HAS_JMAX (1 << 7) #define WG_INTERFACE_DEVICE_HAS_S1 (1 << 8) #define WG_INTERFACE_DEVICE_HAS_S2 (1 << 9) -#define WG_INTERFACE_DEVICE_HAS_H1 (1 << 10) -#define WG_INTERFACE_DEVICE_HAS_H2 (1 << 11) -#define WG_INTERFACE_DEVICE_HAS_H3 (1 << 12) -#define WG_INTERFACE_DEVICE_HAS_H4 (1 << 13) -#define WG_INTERFACE_DEVICE_HAS_I1 (1 << 14) -#define WG_INTERFACE_DEVICE_HAS_I2 (1 << 15) -#define WG_INTERFACE_DEVICE_HAS_I3 (1 << 16) -#define WG_INTERFACE_DEVICE_HAS_I4 (1 << 17) -#define WG_INTERFACE_DEVICE_HAS_I5 (1 << 18) -#define WG_INTERFACE_DEVICE_HAS_J1 (1 << 19) -#define WG_INTERFACE_DEVICE_HAS_J2 (1 << 20) -#define WG_INTERFACE_DEVICE_HAS_J3 (1 << 21) -#define WG_INTERFACE_DEVICE_HAS_ITIME (1 << 22) +#define WG_INTERFACE_DEVICE_HAS_S3 (1 << 10) +#define WG_INTERFACE_DEVICE_HAS_S4 (1 << 11) +#define WG_INTERFACE_DEVICE_HAS_H1 (1 << 12) +#define WG_INTERFACE_DEVICE_HAS_H2 (1 << 13) +#define WG_INTERFACE_DEVICE_HAS_H3 (1 << 14) +#define WG_INTERFACE_DEVICE_HAS_H4 (1 << 15) +#define WG_INTERFACE_DEVICE_HAS_I1 (1 << 16) +#define WG_INTERFACE_DEVICE_HAS_I2 (1 << 17) +#define WG_INTERFACE_DEVICE_HAS_I3 (1 << 18) +#define WG_INTERFACE_DEVICE_HAS_I4 (1 << 19) +#define WG_INTERFACE_DEVICE_HAS_I5 (1 << 20) +#define WG_INTERFACE_DEVICE_HAS_J1 (1 << 21) +#define WG_INTERFACE_DEVICE_HAS_J2 (1 << 22) +#define WG_INTERFACE_DEVICE_HAS_J3 (1 << 23) +#define WG_INTERFACE_DEVICE_HAS_ITIME (1 << 24) struct wg_interface_io { uint16_t i_flags; @@ -105,6 +107,8 @@ struct wg_interface_io { uint16_t i_junk_packet_max_size; uint16_t i_init_packet_junk_size; uint16_t i_response_packet_junk_size; + uint16_t i_cookie_reply_packet_junk_size; + uint16_t i_transport_packet_junk_size; uint32_t i_init_packet_magic_header; uint32_t i_response_packet_magic_header; uint32_t i_underload_packet_magic_header; diff --git a/src/uapi/windows/wireguard.h b/src/uapi/windows/wireguard.h index 1b41517..a076b46 100644 --- a/src/uapi/windows/wireguard.h +++ b/src/uapi/windows/wireguard.h @@ -63,19 +63,21 @@ typedef enum WG_IOCTL_INTERFACE_JMAX = 1 << 7, WG_IOCTL_INTERFACE_S1 = 1 << 8, WG_IOCTL_INTERFACE_S2 = 1 << 9, - WG_IOCTL_INTERFACE_H1 = 1 << 10, - WG_IOCTL_INTERFACE_H2 = 1 << 11, - WG_IOCTL_INTERFACE_H3 = 1 << 12, - WG_IOCTL_INTERFACE_H4 = 1 << 13, - WG_IOCTL_INTERFACE_I1 = 1U << 14, - WG_IOCTL_INTERFACE_I2 = 1U << 15, - WG_IOCTL_INTERFACE_I3 = 1U << 16, - WG_IOCTL_INTERFACE_I4 = 1U << 17, - WG_IOCTL_INTERFACE_I5 = 1U << 18, - WG_IOCTL_INTERFACE_J1 = 1U << 19, - WG_IOCTL_INTERFACE_J2 = 1U << 20, - WG_IOCTL_INTERFACE_J3 = 1U << 21, - WG_IOCTL_INTERFACE_ITIME = 1U << 22 + WG_IOCTL_INTERFACE_S3 = 1 << 10, + WG_IOCTL_INTERFACE_S4 = 1 << 11, + WG_IOCTL_INTERFACE_H1 = 1 << 12, + WG_IOCTL_INTERFACE_H2 = 1 << 12, + WG_IOCTL_INTERFACE_H3 = 1 << 13, + WG_IOCTL_INTERFACE_H4 = 1 << 14, + WG_IOCTL_INTERFACE_I1 = 1U << 15, + WG_IOCTL_INTERFACE_I2 = 1U << 16, + WG_IOCTL_INTERFACE_I3 = 1U << 17, + WG_IOCTL_INTERFACE_I4 = 1U << 18, + WG_IOCTL_INTERFACE_I5 = 1U << 19, + WG_IOCTL_INTERFACE_J1 = 1U << 20, + WG_IOCTL_INTERFACE_J2 = 1U << 21, + WG_IOCTL_INTERFACE_J3 = 1U << 22, + WG_IOCTL_INTERFACE_ITIME = 1U << 23 } WG_IOCTL_INTERFACE_FLAG; typedef struct _WG_IOCTL_INTERFACE @@ -90,6 +92,8 @@ typedef struct _WG_IOCTL_INTERFACE USHORT JunkPacketMaxSize; USHORT InitPacketJunkSize; USHORT ResponsePacketJunkSize; + USHORT CookieReplyPacketJunkSize; + USHORT TransportPacketJunkSize; ULONG InitPacketMagicHeader; ULONG ResponsePacketMagicHeader; ULONG UnderloadPacketMagicHeader;