Naming unify

README.md

@@ -2,8 +2,8 @@
 
 This supplies the main userspace tooling for using and configuring WireGuard
 tunnels, including the
-[`wg(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8) and
+[`awg(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8) and
-[`wg-quick(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8)
+[`awg-quick(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8)
 utilities. This project supports Linux, OpenBSD, FreeBSD, macOS, Windows, and
 Android.
 

contrib/embeddable-wg-library/wireguard.c

@@ -26,7 +26,7 @@
 
 /* wireguard.h netlink uapi: */
 
-#define WG_GENL_NAME "wireguard"
+#define WG_GENL_NAME "amneziawg"
 #define WG_GENL_VERSION 1
 
 enum wg_cmd {
@@ -48,6 +48,15 @@ enum wgdevice_attribute {
 	WGDEVICE_A_LISTEN_PORT,
 	WGDEVICE_A_FWMARK,
 	WGDEVICE_A_PEERS,
+	WGDEVICE_A_JC,
+	WGDEVICE_A_JMIN,
+	WGDEVICE_A_JMAX,
+	WGDEVICE_A_S1,
+	WGDEVICE_A_S2,
+	WGDEVICE_A_H1,
+	WGDEVICE_A_H2,
+	WGDEVICE_A_H3,
+	WGDEVICE_A_H4,
 	__WGDEVICE_A_LAST
 };
 

src/Makefile

@@ -92,18 +92,19 @@ clean:
 	$(RM) wg *.o *.d $(wildcard wincompat/*.o wincompat/*.lib wincompat/*.dll)
 
 install: wg
-	@install -v -d "$(DESTDIR)$(BINDIR)" && install -v -m 0755 wg "$(DESTDIR)$(BINDIR)/wg"
+	@install -v -d "$(DESTDIR)$(BINDIR)" && install -v -m 0755 wg "$(DESTDIR)$(BINDIR)/awg"
-	@install -v -d "$(DESTDIR)$(MANDIR)/man8" && install -v -m 0644 man/wg.8 "$(DESTDIR)$(MANDIR)/man8/wg.8"
+	@install -v -d "$(DESTDIR)$(MANDIR)/man8" && install -v -m 0644 man/wg.8 "$(DESTDIR)$(MANDIR)/man8/awg.8"
 	@[ "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \
-	install -v -d "$(DESTDIR)$(BASHCOMPDIR)" && install -v -m 0644 completion/wg.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/wg"
+	install -v -d "$(DESTDIR)$(BASHCOMPDIR)" && install -v -m 0644 completion/wg.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/awg"
 	@[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \
-	install -v -m 0755 wg-quick/$(PLATFORM).bash "$(DESTDIR)$(BINDIR)/wg-quick" && install -v -m 0700 -d "$(DESTDIR)$(SYSCONFDIR)/wireguard"
+	install -v -m 0755 wg-quick/$(PLATFORM).bash "$(DESTDIR)$(BINDIR)/awg-quick" && install -v -m 0700 -d "$(DESTDIR)$(SYSCONFDIR)/amnezia/amneziawg"
 	@[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \
-	install -v -m 0644 man/wg-quick.8 "$(DESTDIR)$(MANDIR)/man8/wg-quick.8"
+	install -v -m 0644 man/wg-quick.8 "$(DESTDIR)$(MANDIR)/man8/awg-quick.8"
 	@[ "$(WITH_WGQUICK)" = "yes" -a "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \
-	install -v -m 0644 completion/wg-quick.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/wg-quick"
+	install -v -m 0644 completion/wg-quick.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/awg-quick"
 	@[ "$(WITH_WGQUICK)" = "yes" -a "$(WITH_SYSTEMDUNITS)" = "yes" ] || exit 0; \
-	install -v -d "$(DESTDIR)$(SYSTEMDUNITDIR)" && install -v -m 0644 systemd/* "$(DESTDIR)$(SYSTEMDUNITDIR)/"
+	install -v -d "$(DESTDIR)$(SYSTEMDUNITDIR)" && install -v -m 0644 systemd/wg-quick.target "$(DESTDIR)$(SYSTEMDUNITDIR)/awg-quick.target" && \
+	install -v -m 0644 systemd/wg-quick@.service "$(DESTDIR)$(SYSTEMDUNITDIR)/awg-quick@.service"
 
 check: clean
 	scan-build --html-title=wireguard-tools -maxloop 100 --view --keep-going $(MAKE) wg

src/completion/wg-quick.bash-completion

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 # Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 
-_wg_quick_completion() {
+_awg_quick_completion() {
 	local p i a search_paths old_glob
 	search_paths=( /etc/wireguard )
 
@@ -27,7 +27,7 @@ _wg_quick_completion() {
 			COMPREPLY+=( "${a[@]}" )
 		elif [[ ${COMP_WORDS[1]} == down ]]; then
 			if [[ $OSTYPE == *openbsd* || $OSTYPE == *darwin* ]]; then
-				for i in /var/run/wireguard/*.name; do
+				for i in /var/run/amneziawg/*.name; do
 					i="${i##*/}"; i="${i%.name}"
 					mapfile -t a < <(compgen -W "$i" -- "${COMP_WORDS[2]}")
 					COMPREPLY+=( "${a[@]}" )
@@ -40,4 +40,4 @@ _wg_quick_completion() {
 	eval "$old_glob"
 }
 
-complete -o filenames -o nosort -F _wg_quick_completion wg-quick
+complete -o filenames -o nosort -F _awg_quick_completion awg-quick

src/completion/wg.bash-completion

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 # Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 
-_wg_completion() {
+_awg_completion() {
 	local a
 
 	if [[ $COMP_CWORD -eq 1 ]]; then
@@ -96,4 +96,4 @@ _wg_completion() {
 	COMPREPLY+=( $(compgen -W "${words[*]}" -- "${COMP_WORDS[COMP_CWORD]}") )
 }
 
-complete -o nosort -F _wg_completion wg
+complete -o nosort -F _awg_completion awg

src/ipc-freebsd.h

@@ -91,64 +91,64 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
 			dev->flags |= WGDEVICE_HAS_LISTEN_PORT;
 		}
 	}
-	if (nvlist_exists_number(nvl_device, "junk_packet_count")) {	
+	if (nvlist_exists_number(nvl_device, "jc")) {	
-		number = nvlist_get_number(nvl_device, "junk_packet_count");
+		number = nvlist_get_number(nvl_device, "jc");
 		if (number <= UINT16_MAX){
 			dev->junk_packet_count = number;
 			dev->flags |= WGDEVICE_HAS_JC;
 		}
 	}
-	if (nvlist_exists_number(nvl_device, "junk_packet_min_size")) {		
+	if (nvlist_exists_number(nvl_device, "jmin")) {		
-		number = nvlist_get_number(nvl_device, "junk_packet_min_size");
+		number = nvlist_get_number(nvl_device, "jmin");
 		if (number <= UINT16_MAX){
 			dev->junk_packet_min_size = number;			
 			dev->flags |= WGDEVICE_HAS_JMIN;
 		}			
 	}
-	if (nvlist_exists_number(nvl_device, "junk_packet_max_size")) {		
+	if (nvlist_exists_number(nvl_device, "jmax")) {		
-		number = nvlist_get_number(nvl_device, "junk_packet_max_size");
+		number = nvlist_get_number(nvl_device, "jmax");
 		if (number <= UINT16_MAX){
 			dev->junk_packet_max_size = number;			
 			dev->flags |= WGDEVICE_HAS_JMAX;
 		}			
 	}
-	if (nvlist_exists_number(nvl_device, "init_packet_junk_size")) {		
+	if (nvlist_exists_number(nvl_device, "s1")) {		
-		number = nvlist_get_number(nvl_device, "init_packet_junk_size");
+		number = nvlist_get_number(nvl_device, "s1");
 		if (number <= UINT16_MAX){
 			dev->init_packet_junk_size = number;			
 			dev->flags |= WGDEVICE_HAS_S1;
 		}			
 	}
-	if (nvlist_exists_number(nvl_device, "response_packet_junk_size")) {		
+	if (nvlist_exists_number(nvl_device, "s2")) {		
-		number = nvlist_get_number(nvl_device, "response_packet_junk_size");
+		number = nvlist_get_number(nvl_device, "s2");
 		if (number <= UINT16_MAX){
 			dev->response_packet_junk_size = number;			
 			dev->flags |= WGDEVICE_HAS_S2;
 		}			
 	}
-	if (nvlist_exists_number(nvl_device, "init_packet_magic_header")) {		
+	if (nvlist_exists_number(nvl_device, "h1")) {		
-		number = nvlist_get_number(nvl_device, "init_packet_magic_header");
+		number = nvlist_get_number(nvl_device, "h1");
 		if (number <= UINT32_MAX){
 			dev->init_packet_magic_header = number;			
 			dev->flags |= WGDEVICE_HAS_H1;
 		}			
 	}
-	if (nvlist_exists_number(nvl_device, "response_packet_magic_header")) {		
+	if (nvlist_exists_number(nvl_device, "h2")) {		
-		number = nvlist_get_number(nvl_device, "response_packet_magic_header");
+		number = nvlist_get_number(nvl_device, "h2");
 		if (number <= UINT32_MAX){
 			dev->response_packet_magic_header = number;			
 			dev->flags |= WGDEVICE_HAS_H2;
 		}			
 	}
-	if (nvlist_exists_number(nvl_device, "underload_packet_magic_header")) {		
+	if (nvlist_exists_number(nvl_device, "h3")) {		
-		number = nvlist_get_number(nvl_device, "underload_packet_magic_header");
+		number = nvlist_get_number(nvl_device, "h3");
 		if (number <= UINT32_MAX){
 			dev->underload_packet_magic_header = number;			
 			dev->flags |= WGDEVICE_HAS_H3;
 		}			
 	}
-	if (nvlist_exists_number(nvl_device, "transport_packet_magic_header")) {		
+	if (nvlist_exists_number(nvl_device, "h4")) {		
-		number = nvlist_get_number(nvl_device, "transport_packet_magic_header");
+		number = nvlist_get_number(nvl_device, "h4");
 		if (number <= UINT32_MAX){
 			dev->transport_packet_magic_header = number;			
 			dev->flags |= WGDEVICE_HAS_H4;
@@ -337,23 +337,23 @@ static int kernel_set_device(struct wgdevice *dev)
 	if (dev->flags & WGDEVICE_HAS_LISTEN_PORT)
 		nvlist_add_number(nvl_device, "listen-port", dev->listen_port);
 	if (dev->flags & WGDEVICE_HAS_JC)
-		nvlist_add_number(nvl_device, "junk_packet_count", dev->junk_packet_count);
+		nvlist_add_number(nvl_device, "jc", dev->junk_packet_count);
 	if (dev->flags & WGDEVICE_HAS_JMIN)
-		nvlist_add_number(nvl_device, "junk_packet_min_size", dev->junk_packet_min_size);
+		nvlist_add_number(nvl_device, "jmin", dev->junk_packet_min_size);
 	if (dev->flags & WGDEVICE_HAS_JMAX)
-		nvlist_add_number(nvl_device, "junk_packet_max_size", dev->junk_packet_max_size);
+		nvlist_add_number(nvl_device, "jmax", dev->junk_packet_max_size);
 	if (dev->flags & WGDEVICE_HAS_S1)
-		nvlist_add_number(nvl_device, "init_packet_junk_size", dev->init_packet_junk_size);
+		nvlist_add_number(nvl_device, "s1", dev->init_packet_junk_size);
 	if (dev->flags & WGDEVICE_HAS_S2)
-		nvlist_add_number(nvl_device, "response_packet_junk_size", dev->response_packet_junk_size);
+		nvlist_add_number(nvl_device, "s2", dev->response_packet_junk_size);
 	if (dev->flags & WGDEVICE_HAS_H1)
-		nvlist_add_number(nvl_device, "init_packet_magic_header", dev->init_packet_magic_header);
+		nvlist_add_number(nvl_device, "h1", dev->init_packet_magic_header);
 	if (dev->flags & WGDEVICE_HAS_H2)
-		nvlist_add_number(nvl_device, "response_packet_magic_header", dev->response_packet_magic_header);
+		nvlist_add_number(nvl_device, "h2", dev->response_packet_magic_header);
 	if (dev->flags & WGDEVICE_HAS_H3)
-		nvlist_add_number(nvl_device, "underload_packet_magic_header", dev->underload_packet_magic_header);
+		nvlist_add_number(nvl_device, "h3", dev->underload_packet_magic_header);
 	if (dev->flags & WGDEVICE_HAS_H4)
-		nvlist_add_number(nvl_device, "transport_packet_magic_header", dev->transport_packet_magic_header);
+		nvlist_add_number(nvl_device, "h4", dev->transport_packet_magic_header);
 	if (dev->flags & WGDEVICE_HAS_FWMARK)
 		nvlist_add_number(nvl_device, "user-cookie", dev->fwmark);
 	if (dev->flags & WGDEVICE_REPLACE_PEERS)

src/ipc-linux.h

@@ -459,41 +459,59 @@ static int parse_device(const struct nlattr *attr, void *data)
 		break;
 	case WGDEVICE_A_PEERS:
 		return mnl_attr_parse_nested(attr, parse_peers, device);
-	case WGDEVICE_HAS_JC:
+	case WGDEVICE_A_JC:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
 			device->junk_packet_count = mnl_attr_get_u16(attr);
+			device->flags |= WGDEVICE_HAS_JC;
+		}
 		break;
-	case WGDEVICE_HAS_JMIN:
+	case WGDEVICE_A_JMIN:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
 			device->junk_packet_min_size = mnl_attr_get_u16(attr);
+			device->flags |= WGDEVICE_HAS_JMIN;
+		}
 		break;
-	case WGDEVICE_HAS_JMAX:
+	case WGDEVICE_A_JMAX:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
 			device->junk_packet_max_size = mnl_attr_get_u16(attr);
+			device->flags |= WGDEVICE_HAS_JMAX;
+		}
 		break;
-	case WGDEVICE_HAS_S1:
+	case WGDEVICE_A_S1:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
 			device->init_packet_junk_size = mnl_attr_get_u16(attr);
+			device->flags |= WGDEVICE_HAS_S1;
+		}
 		break;
-	case WGDEVICE_HAS_S2:
+	case WGDEVICE_A_S2:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U16))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
 			device->response_packet_junk_size = mnl_attr_get_u16(attr);
+			device->flags |= WGDEVICE_HAS_S2;
+		}
 		break;
-	case WGDEVICE_HAS_H1:
+	case WGDEVICE_A_H1:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U32))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U32)) {
 			device->init_packet_magic_header = mnl_attr_get_u32(attr);
+			device->flags |= WGDEVICE_HAS_H1;
+		}
 		break;
-	case WGDEVICE_HAS_H2:
+	case WGDEVICE_A_H2:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U32))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U32)) {
 			device->response_packet_magic_header = mnl_attr_get_u32(attr);
+			device->flags |= WGDEVICE_HAS_H2;
+		}
 		break;
-	case WGDEVICE_HAS_H3:
+	case WGDEVICE_A_H3:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U32))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U32)) {
 			device->underload_packet_magic_header = mnl_attr_get_u32(attr);
+			device->flags |= WGDEVICE_HAS_H3;
+		}
 		break;
-	case WGDEVICE_HAS_H4:
+	case WGDEVICE_A_H4:
-		if (!mnl_attr_validate(attr, MNL_TYPE_U32))
+		if (!mnl_attr_validate(attr, MNL_TYPE_U32)) {
 			device->transport_packet_magic_header = mnl_attr_get_u32(attr);
+			device->flags |= WGDEVICE_HAS_H4;
+		}
 		break;
 	}
 

src/ipc-uapi-unix.h

@@ -14,7 +14,7 @@
 #include <sys/stat.h>
 #include <sys/un.h>
 
-#define SOCK_PATH RUNSTATEDIR "/wireguard/"
+#define SOCK_PATH RUNSTATEDIR "/amneziawg/"
 #define SOCK_SUFFIX ".sock"
 
 static FILE *userspace_interface_file(const char *iface)

src/systemd/wg-quick@.service

@@ -2,9 +2,9 @@
 Description=WireGuard via wg-quick(8) for %I
 After=network-online.target nss-lookup.target
 Wants=network-online.target nss-lookup.target
-PartOf=wg-quick.target
+PartOf=awg-quick.target
-Documentation=man:wg-quick(8)
+Documentation=man:awg-quick(8)
-Documentation=man:wg(8)
+Documentation=man:awg(8)
 Documentation=https://www.wireguard.com/
 Documentation=https://www.wireguard.com/quickstart/
 Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
@@ -13,9 +13,9 @@ Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/usr/bin/wg-quick up %i
+ExecStart=/usr/bin/awg-quick up %i
-ExecStop=/usr/bin/wg-quick down %i
+ExecStop=/usr/bin/awg-quick down %i
-ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)'
+ExecReload=/bin/bash -c 'exec /usr/bin/awg syncconf %i <(exec /usr/bin/awg-quick strip %i)'
 Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
 
 [Install]

src/uapi/linux/linux/wireguard.h

@@ -131,7 +131,7 @@
 #ifndef _WG_UAPI_WIREGUARD_H
 #define _WG_UAPI_WIREGUARD_H
 
-#define WG_GENL_NAME "wireguard"
+#define WG_GENL_NAME "amneziawg"
 #define WG_GENL_VERSION 1
 
 #define WG_KEY_LEN 32

src/wg-quick/android.c

@@ -41,6 +41,7 @@
 static bool is_exiting = false;
 static bool binder_available = false;
 static unsigned int sdk_version;
+static bool is_asecurity_on = false;
 
 static void *xmalloc(size_t size)
 {
@@ -632,6 +633,9 @@ static void auto_su(int argc, char *argv[])
 
 static void add_if(const char *iface)
 {
+	if (is_asecurity_on)
+		cmd("amneziawg-go %s", iface);
+	else
 		cmd("ip link add %s type wireguard", iface);
 }
 
@@ -1256,6 +1260,24 @@ static void parse_options(char **iface, char **config, unsigned int *mtu, char *
 			} else if (!strncasecmp(clean, "MTU=", 4) && j > 4) {
 				*mtu = atoi(clean + 4);
 				continue;
+			} else if (!strncasecmp(clean, "Jc=", 3) && j > 4 {
+				is_asecurity_on = true;
+			} else if (!strncasecmp(clean, "Jmin=", 5) && j > 4 {
+				is_asecurity_on = true;
+			} else if (!strncasecmp(clean, "Jmax=", 5) && j > 4 {
+				is_asecurity_on = true;
+			} else if (!strncasecmp(clean, "S1=", 3) && j > 4 {
+				is_asecurity_on = true;
+			} else if (!strncasecmp(clean, "S2=", 3) && j > 4 {
+				is_asecurity_on = true;
+			} else if (!strncasecmp(clean, "H1=", 3) && j > 4 {
+				is_asecurity_on = true;
+			} else if (!strncasecmp(clean, "H2=", 3) && j > 4 {
+				is_asecurity_on = true;
+			} else if (!strncasecmp(clean, "H3=", 3) && j > 4 {
+				is_asecurity_on = true;
+			} else if (!strncasecmp(clean, "H4=", 3) && j > 4 {
+				is_asecurity_on = true;
 			}
 		}
 		*config = concat_and_free(*config, "", line);

src/wg-quick/darwin.bash

@@ -41,7 +41,7 @@ die() {
 
 [[ ${BASH_VERSINFO[0]} -ge 4 ]] || die "Version mismatch: bash ${BASH_VERSINFO[0]} detected, when bash 4+ required"
 
-CONFIG_SEARCH_PATHS=( /etc/wireguard /usr/local/etc/wireguard )
+CONFIG_SEARCH_PATHS=( /etc/amnezia/amneziawg /usr/local/etc/amnezia/amneziawg )
 
 parse_options() {
 	local interface_section=0 line key value stripped path v
@@ -110,10 +110,10 @@ auto_su() {
 get_real_interface() {
 	local interface diff
 	wg show interfaces >/dev/null
-	[[ -f "/var/run/wireguard/$INTERFACE.name" ]] || return 1
+	[[ -f "/var/run/amneziawg/$INTERFACE.name" ]] || return 1
-	interface="$(< "/var/run/wireguard/$INTERFACE.name")"
+	interface="$(< "/var/run/amneziawg/$INTERFACE.name")"
-	[[ -n $interface && -S "/var/run/wireguard/$interface.sock" ]] || return 1
+	[[ -n $interface && -S "/var/run/amneziawg/$interface.sock" ]] || return 1
-	diff=$(( $(stat -f %m "/var/run/wireguard/$interface.sock" 2>/dev/null || echo 200) - $(stat -f %m "/var/run/wireguard/$INTERFACE.name" 2>/dev/null || echo 100) ))
+	diff=$(( $(stat -f %m "/var/run/amneziawg/$interface.sock" 2>/dev/null || echo 200) - $(stat -f %m "/var/run/wireguard/$INTERFACE.name" 2>/dev/null || echo 100) ))
 	[[ $diff -ge 2 || $diff -le -2 ]] && return 1
 	REAL_INTERFACE="$interface"
 	echo "[+] Interface for $INTERFACE is $REAL_INTERFACE" >&2
@@ -121,9 +121,9 @@ get_real_interface() {
 }
 
 add_if() {
-	export WG_TUN_NAME_FILE="/var/run/wireguard/$INTERFACE.name"
+	export WG_TUN_NAME_FILE="/var/run/amneziawg/$INTERFACE.name"
-	mkdir -p "/var/run/wireguard/"
+	mkdir -p "/var/run/amneziawg/"
-	cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" utun
+	cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" utun
 	get_real_interface
 }
 

src/wg-quick/freebsd.bash

@@ -28,6 +28,8 @@ CONFIG_FILE=""
 PROGRAM="${0##*/}"
 ARGS=( "$@" )
 
+IS_ASESCURITY_ON=0
+
 cmd() {
 	echo "[#] $*" >&3
 	"$@"
@@ -38,7 +40,7 @@ die() {
 	exit 1
 }
 
-CONFIG_SEARCH_PATHS=( /etc/wireguard /usr/local/etc/wireguard )
+CONFIG_SEARCH_PATHS=( /etc/amnezia/amneziawg /usr/local/etc/amnezia/amneziawg )
 
 unset ORIGINAL_TMPDIR
 make_temp() {
@@ -96,6 +98,17 @@ parse_options() {
 			PostDown) POST_DOWN+=( "$value" ); continue ;;
 			SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
 			esac
+			case "$key" in
+			Jc);&
+			Jmin);&
+			Jmax);&
+			S1);&
+			S2);&
+			H1);&
+			H2);&
+			H3);&
+			H4) IS_ASESCURITY_ON=1;;
+			esac
 		fi
 		WG_CONFIG+="$line"$'\n'
 	done < "$CONFIG_FILE"
@@ -116,7 +129,11 @@ auto_su() {
 
 add_if() {
 	local ret rc
-	if ret="$(cmd ifconfig wg create name "$INTERFACE" 2>&1 >/dev/null)"; then
+	local cmd="ifconfig wg create name "$INTERFACE""
+	if [[ $IS_ASESCURITY_ON == 1 ]]; then
+		cmd="amneziawg-go "$INTERFACE"";
+	fi
+	if ret="$(cmd $cmd 2>&1 >/dev/null)"; then
 		return 0
 	fi
 	rc=$?
@@ -125,7 +142,7 @@ add_if() {
 		return $rc
 	fi
 	echo "[!] Missing WireGuard kernel support ($ret). Falling back to slow userspace implementation." >&3
-	cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" "$INTERFACE"
+	cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" "$INTERFACE"
 }
 
 del_routes() {
@@ -154,8 +171,8 @@ del_routes() {
 
 del_if() {
 	[[ $HAVE_SET_DNS -eq 0 ]] || unset_dns
-	if [[ -S /var/run/wireguard/$INTERFACE.sock ]]; then
+	if [[ -S /var/run/amneziawg/$INTERFACE.sock ]]; then
-		cmd rm -f "/var/run/wireguard/$INTERFACE.sock"
+		cmd rm -f "/var/run/amneziawg/$INTERFACE.sock"
 	else
 		cmd ifconfig "$INTERFACE" destroy
 	fi

src/wg-quick/linux.bash

@@ -40,7 +40,7 @@ die() {
 parse_options() {
 	local interface_section=0 line key value stripped v
 	CONFIG_FILE="$1"
-	[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
+	[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/amnezia/amneziawg/$CONFIG_FILE.conf"
 	[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
 	[[ $CONFIG_FILE =~ (^|/)([a-zA-Z0-9_=+.-]{1,15})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
 	CONFIG_FILE="$(readlink -f "$CONFIG_FILE")"
@@ -87,11 +87,11 @@ auto_su() {
 
 add_if() {
 	local ret
-	if ! cmd ip link add "$INTERFACE" type wireguard; then
+	if ! cmd ip link add "$INTERFACE" type amneziawg; then
 		ret=$?
-		[[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
+		[[ -e /sys/module/amneziawg ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" >/dev/null && exit $ret
-		echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." >&2
+		echo "[!] Missing WireGuard (Amnezia VPN) kernel module. Falling back to slow userspace implementation." >&2
-		cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" "$INTERFACE"
+		cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" "$INTERFACE"
 	fi
 }
 
@@ -99,7 +99,7 @@ del_if() {
 	local table
 	[[ $HAVE_SET_DNS -eq 0 ]] || unset_dns
 	[[ $HAVE_SET_FIREWALL -eq 0 ]] || remove_firewall
-	if [[ -z $TABLE || $TABLE == auto ]] && get_fwmark table && [[ $(wg show "$INTERFACE" allowed-ips) =~ /0(\ |$'\n'|$) ]]; then
+	if [[ -z $TABLE || $TABLE == auto ]] && get_fwmark table && [[ $(awg show "$INTERFACE" allowed-ips) =~ /0(\ |$'\n'|$) ]]; then
 		while [[ $(ip -4 rule show 2>/dev/null) == *"lookup $table"* ]]; do
 			cmd ip -4 rule delete table $table
 		done
@@ -132,7 +132,7 @@ set_mtu_up() {
 		[[ $endpoint =~ ^\[?([a-z0-9:.]+)\]?:[0-9]+$ ]] || continue
 		output="$(ip route get "${BASH_REMATCH[1]}" || true)"
 		[[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) && $(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}"
-	done < <(wg show "$INTERFACE" endpoints)
+	done < <(awg show "$INTERFACE" endpoints)
 	if [[ $mtu -eq 0 ]]; then
 		read -r output < <(ip route show default || true) || true
 		[[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) && $(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}"
@@ -180,7 +180,7 @@ add_route() {
 
 get_fwmark() {
 	local fwmark
-	fwmark="$(wg show "$INTERFACE" fwmark)" || return 1
+	fwmark="$(awg show "$INTERFACE" fwmark)" || return 1
 	[[ -n $fwmark && $fwmark != off ]] || return 1
 	printf -v "$1" "%d" "$fwmark"
 	return 0
@@ -199,7 +199,7 @@ remove_firewall() {
 		for iptables in iptables ip6tables; do
 			restore="" found=0
 			while read -r line; do
-				[[ $line == "*"* || $line == COMMIT || $line == "-A "*"-m comment --comment \"wg-quick(8) rule for $INTERFACE\""* ]] || continue
+				[[ $line == "*"* || $line == COMMIT || $line == "-A "*"-m comment --comment \"awg-quick(8) rule for $INTERFACE\""* ]] || continue
 				[[ $line == "-A"* ]] && found=1
 				printf -v restore '%s%s\n' "$restore" "${line/#-A/-D}"
 			done < <($iptables-save 2>/dev/null)
@@ -216,7 +216,7 @@ add_default() {
 		while [[ -n $(ip -4 route show table $table 2>/dev/null) || -n $(ip -6 route show table $table 2>/dev/null) ]]; do
 			((table++))
 		done
-		cmd wg set "$INTERFACE" fwmark $table
+		cmd awg set "$INTERFACE" fwmark $table
 	fi
 	local proto=-4 iptables=iptables pf=ip
 	[[ $1 == *:* ]] && proto=-6 iptables=ip6tables pf=ip6
@@ -224,7 +224,7 @@ add_default() {
 	cmd ip $proto rule add table main suppress_prefixlength 0
 	cmd ip $proto route add "$1" dev "$INTERFACE" table $table
 
-	local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd 
+	local marker="-m comment --comment \"awg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd
 	printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable"
 	printf -v nftcmd '%sadd chain %s %s preraw { type filter hook prerouting priority -300; }\n' "$nftcmd" "$pf" "$nftable"
 	printf -v nftcmd '%sadd chain %s %s premangle { type filter hook prerouting priority -150; }\n' "$nftcmd" "$pf" "$nftable"
@@ -248,7 +248,7 @@ add_default() {
 }
 
 set_config() {
-	cmd wg setconf "$INTERFACE" <(echo "$WG_CONFIG")
+	cmd awg setconf "$INTERFACE" <(echo "$WG_CONFIG")
 }
 
 save_config() {
@@ -278,7 +278,7 @@ save_config() {
 	done
 	old_umask="$(umask)"
 	umask 077
-	current_config="$(cmd wg showconf "$INTERFACE")"
+	current_config="$(cmd awg showconf "$INTERFACE")"
 	trap 'rm -f "$CONFIG_FILE.tmp"; exit' INT TERM EXIT
 	echo "${current_config/\[Interface\]$'\n'/$new_config}" > "$CONFIG_FILE.tmp" || die "Could not write configuration file"
 	sync "$CONFIG_FILE.tmp"
@@ -302,8 +302,8 @@ cmd_usage() {
 
 	  CONFIG_FILE is a configuration file, whose filename is the interface name
 	  followed by \`.conf'. Otherwise, INTERFACE is an interface name, with
-	  configuration found at /etc/wireguard/INTERFACE.conf. It is to be readable
+	  configuration found at /etc/amnezia/INTERFACE.conf. It is to be readable
-	  by wg(8)'s \`setconf' sub-command, with the exception of the following additions
+	  by awg(8)'s \`setconf' sub-command, with the exception of the following additions
 	  to the [Interface] section, which are handled by $PROGRAM:
 
 	  - Address: may be specified one or more times and contains one or more
@@ -319,7 +319,7 @@ cmd_usage() {
 	  - SaveConfig: if set to \`true', the configuration is saved from the current
 	    state of the interface upon shutdown.
 
-	See wg-quick(8) for more info and examples.
+	See awg-quick(8) for more info and examples.
 	_EOF
 }
 
@@ -335,7 +335,7 @@ cmd_up() {
 	done
 	set_mtu_up
 	set_dns
-	for i in $(while read -r _ i; do for i in $i; do [[ $i =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$i"; done; done < <(wg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /); do
+	for i in $(while read -r _ i; do for i in $i; do [[ $i =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$i"; done; done < <(awg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /); do
 		add_route "$i"
 	done
 	execute_hooks "${POST_UP[@]}"
@@ -343,7 +343,7 @@ cmd_up() {
 }
 
 cmd_down() {
-	[[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
+	[[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
 	execute_hooks "${PRE_DOWN[@]}"
 	[[ $SAVE_CONFIG -eq 0 ]] || save_config
 	del_if
@@ -353,7 +353,7 @@ cmd_down() {
 }
 
 cmd_save() {
-	[[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
+	[[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
 	save_config
 }
 

src/wg-quick/openbsd.bash

@@ -27,6 +27,7 @@ SAVE_CONFIG=0
 CONFIG_FILE=""
 PROGRAM="${0##*/}"
 ARGS=( "$@" )
+IS_ASESCURITY_ON=0
 
 cmd() {
 	echo "[#] $*" >&3
@@ -41,7 +42,7 @@ die() {
 parse_options() {
 	local interface_section=0 line key value stripped
 	CONFIG_FILE="$1"
-	[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
+	[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/amnezia/amneziawg/$CONFIG_FILE.conf"
 	[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
 	[[ $CONFIG_FILE =~ (^|/)([a-zA-Z0-9_=+.-]{1,15})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
 	CONFIG_FILE="$(readlink -f "$CONFIG_FILE")"
@@ -68,6 +69,17 @@ parse_options() {
 			PostDown) POST_DOWN+=( "$value" ); continue ;;
 			SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
 			esac
+			case "$key" in
+			Jc);&
+			Jmin);&
+			Jmax);&
+			S1);&
+			S2);&
+			H1);&
+			H2);&
+			H3);&
+			H4) IS_ASESCURITY_ON=1;;
+			esac
 		fi
 		WG_CONFIG+="$line"$'\n'
 	done < "$CONFIG_FILE"
@@ -106,6 +118,10 @@ add_if() {
 	while true; do
 		local -A existing_ifs="( $(wg show interfaces | sed 's/\([^ ]*\)/[\1]=1/g') )"
 		local index ret
+		if [[ $IS_ASESCURITY_ON == 1 ]]; then
+			cmd "amneziawg-go "$INTERFACE"";
+			return $?
+		else
 			for ((index=0; index <= 2147483647; ++index)); do [[ -v existing_ifs[wg$index] ]] || break; done
 			if ret="$(cmd ifconfig wg$index create description "wg-quick: $INTERFACE" 2>&1)"; then
 				REAL_INTERFACE="wg$index"
@@ -114,6 +130,7 @@ add_if() {
 			[[ $ret == *"ifconfig: SIOCIFCREATE: File exists"* ]] && continue
 			echo "$ret" >&3
 			return 1
+		fi
 	done
 }