Compare commits
No commits in common. "master" and "v1.0.20210315" have entirely different histories.
master
...
v1.0.20210
|
|
@ -1,9 +1,6 @@
|
|||
cscope.out
|
||||
*.o
|
||||
*.d
|
||||
*.lib
|
||||
*.dll
|
||||
*.gch
|
||||
*.dwo
|
||||
src/wg
|
||||
src/wg.exe
|
||||
|
|
|
|||
|
|
@ -40,19 +40,17 @@ enum wg_peer_flags {
|
|||
WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL = 1U << 4
|
||||
};
|
||||
|
||||
typedef union wg_endpoint {
|
||||
struct sockaddr addr;
|
||||
struct sockaddr_in addr4;
|
||||
struct sockaddr_in6 addr6;
|
||||
} wg_endpoint;
|
||||
|
||||
typedef struct wg_peer {
|
||||
enum wg_peer_flags flags;
|
||||
|
||||
wg_key public_key;
|
||||
wg_key preshared_key;
|
||||
|
||||
wg_endpoint endpoint;
|
||||
union {
|
||||
struct sockaddr addr;
|
||||
struct sockaddr_in addr4;
|
||||
struct sockaddr_in6 addr6;
|
||||
} endpoint;
|
||||
|
||||
struct timespec64 last_handshake_time;
|
||||
uint64_t rx_bytes, tx_bytes;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>Label</key>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ INTERFACE="${BASH_REMATCH[1]}"
|
|||
process_peer() {
|
||||
[[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0
|
||||
[[ $(wg show "$INTERFACE" latest-handshakes) =~ ${PUBLIC_KEY//+/\\+}\ ([0-9]+) ]] || return 0
|
||||
(( ($EPOCHSECONDS - ${BASH_REMATCH[1]}) > 135 )) || return 0
|
||||
(( ($(date +%s) - ${BASH_REMATCH[1]}) > 135 )) || return 0
|
||||
wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT"
|
||||
reset_peer_section
|
||||
}
|
||||
|
|
|
|||
15
src/Makefile
15
src/Makefile
|
|
@ -59,16 +59,12 @@ ifeq ($(PLATFORM),haiku)
|
|||
LDLIBS += -lnetwork -lbsd
|
||||
endif
|
||||
ifeq ($(PLATFORM),windows)
|
||||
CC := x86_64-w64-mingw32-clang
|
||||
WINDRES := $(shell $(CC) $(CFLAGS) -print-prog-name=windres 2>/dev/null)
|
||||
CC := x86_64-w64-mingw32-gcc
|
||||
WINDRES := x86_64-w64-mingw32-windres
|
||||
CFLAGS += -Iwincompat/include -include wincompat/compat.h -DWINVER=0x0601 -D_WIN32_WINNT=0x0601 -flto
|
||||
LDLIBS += -lws2_32 -lsetupapi -lole32 -ladvapi32 -lntdll -Lwincompat
|
||||
LDFLAGS += -flto -Wl,--dynamicbase -Wl,--nxcompat -Wl,--tsaware -mconsole
|
||||
LDFLAGS += -Wl,--major-os-version=6 -Wl,--minor-os-version=1 -Wl,--major-subsystem-version=6 -Wl,--minor-subsystem-version=1
|
||||
# The use of -Wl,/delayload: here implies we're using llvm-mingw
|
||||
LDFLAGS += -Wl,/delayload:ws2_32.dll -Wl,/delayload:setupapi.dll -Wl,/delayload:ole32.dll -Wl,/delayload:advapi32.dll
|
||||
LDLIBS += -lws2_32 -flto
|
||||
VERSION := $(patsubst "%",%,$(filter "%",$(file < version.h)))
|
||||
wg: wincompat/libc.o wincompat/init.o wincompat/loader.o wincompat/resources.o
|
||||
wg: wincompat/libc.o wincompat/init.o wincompat/resources.o
|
||||
wincompat/resources.o: wincompat/resources.rc wincompat/manifest.xml
|
||||
$(WINDRES) -DVERSION_STR=$(VERSION) -O coff -c 65001 -i $< -o $@
|
||||
endif
|
||||
|
|
@ -82,13 +78,12 @@ COMPILE.c = @echo " CC $@";
|
|||
COMPILE.c += $(BUILT_IN_COMPILE.c)
|
||||
BUILT_IN_RM := $(RM)
|
||||
RM := @a() { echo " CLEAN $$@"; $(BUILT_IN_RM) "$$@"; }; a
|
||||
WINDRES := @a() { echo " WINDRES $${@: -1}"; $(WINDRES) "$$@"; }; a
|
||||
endif
|
||||
|
||||
wg: $(sort $(patsubst %.c,%.o,$(wildcard *.c)))
|
||||
|
||||
clean:
|
||||
$(RM) wg *.o *.d $(wildcard wincompat/*.o wincompat/*.lib wincompat/*.dll)
|
||||
$(RM) wg *.o *.d
|
||||
|
||||
install: wg
|
||||
@install -v -d "$(DESTDIR)$(BINDIR)" && install -v -m 0755 wg "$(DESTDIR)$(BINDIR)/wg"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -4,10 +4,9 @@
|
|||
*
|
||||
*/
|
||||
|
||||
#include <assert.h>
|
||||
#include <sys/nv.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <dev/wg/if_wg.h>
|
||||
#include <dev/if_wg/if_wg.h>
|
||||
|
||||
#define IPC_SUPPORTS_KERNEL_INTERFACE
|
||||
|
||||
|
|
@ -119,7 +118,7 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
goto skip_peers;
|
||||
for (i = 0; i < peer_count; ++i) {
|
||||
struct wgpeer *peer;
|
||||
struct wgallowedip *aip = NULL;
|
||||
struct wgallowedip *aip;
|
||||
const nvlist_t *const *nvl_aips;
|
||||
size_t aip_count, j;
|
||||
|
||||
|
|
@ -170,13 +169,11 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
if (!aip_count || !nvl_aips)
|
||||
goto skip_allowed_ips;
|
||||
for (j = 0; j < aip_count; ++j) {
|
||||
if (!nvlist_exists_number(nvl_aips[j], "cidr"))
|
||||
continue;
|
||||
if (!nvlist_exists_binary(nvl_aips[j], "ipv4") && !nvlist_exists_binary(nvl_aips[j], "ipv6"))
|
||||
continue;
|
||||
aip = calloc(1, sizeof(*aip));
|
||||
if (!aip)
|
||||
goto err_allowed_ips;
|
||||
if (!nvlist_exists_number(nvl_aips[j], "cidr"))
|
||||
continue;
|
||||
number = nvlist_get_number(nvl_aips[j], "cidr");
|
||||
if (nvlist_exists_binary(nvl_aips[j], "ipv4")) {
|
||||
binary = nvlist_get_binary(nvl_aips[j], "ipv4", &size);
|
||||
|
|
@ -187,8 +184,7 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
aip->family = AF_INET;
|
||||
aip->cidr = number;
|
||||
memcpy(&aip->ip4, binary, sizeof(aip->ip4));
|
||||
} else {
|
||||
assert(nvlist_exists_binary(nvl_aips[j], "ipv6"));
|
||||
} else if (nvlist_exists_binary(nvl_aips[j], "ipv6")) {
|
||||
binary = nvlist_get_binary(nvl_aips[j], "ipv6", &size);
|
||||
if (!binary || number > 128) {
|
||||
ret = EINVAL;
|
||||
|
|
@ -197,14 +193,14 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
aip->family = AF_INET6;
|
||||
aip->cidr = number;
|
||||
memcpy(&aip->ip6, binary, sizeof(aip->ip6));
|
||||
}
|
||||
} else
|
||||
continue;
|
||||
|
||||
if (!peer->first_allowedip)
|
||||
peer->first_allowedip = aip;
|
||||
else
|
||||
peer->last_allowedip->next_allowedip = aip;
|
||||
peer->last_allowedip = aip;
|
||||
aip = NULL;
|
||||
continue;
|
||||
|
||||
err_allowed_ips:
|
||||
|
|
@ -213,9 +209,6 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
|
|||
free(aip);
|
||||
goto err_peer;
|
||||
}
|
||||
|
||||
/* Nothing leaked, hopefully -- ownership transferred or aip freed. */
|
||||
assert(aip == NULL);
|
||||
skip_allowed_ips:
|
||||
if (!dev->first_peer)
|
||||
dev->first_peer = peer;
|
||||
|
|
@ -329,7 +322,6 @@ static int kernel_set_device(struct wgdevice *dev)
|
|||
nvlist_destroy(nvl_aips[j]);
|
||||
free(nvl_aips);
|
||||
nvlist_destroy(nvl_peers[i]);
|
||||
nvl_peers[i] = NULL;
|
||||
goto err;
|
||||
}
|
||||
if (i) {
|
||||
|
|
@ -337,11 +329,9 @@ static int kernel_set_device(struct wgdevice *dev)
|
|||
for (i = 0; i < peer_count; ++i)
|
||||
nvlist_destroy(nvl_peers[i]);
|
||||
free(nvl_peers);
|
||||
nvl_peers = NULL;
|
||||
}
|
||||
wgd.wgd_data = nvlist_pack(nvl_device, &wgd.wgd_size);
|
||||
nvlist_destroy(nvl_device);
|
||||
nvl_device = NULL;
|
||||
if (!wgd.wgd_data)
|
||||
goto err;
|
||||
s = get_dgram_socket();
|
||||
|
|
|
|||
|
|
@ -479,12 +479,6 @@ static int kernel_get_device(struct wgdevice **device, const char *iface)
|
|||
struct nlmsghdr *nlh;
|
||||
struct mnlg_socket *nlg;
|
||||
|
||||
/* libmnl doesn't check the buffer size, so enforce that before using. */
|
||||
if (strlen(iface) >= IFNAMSIZ) {
|
||||
errno = ENAMETOOLONG;
|
||||
return -ENAMETOOLONG;
|
||||
}
|
||||
|
||||
try_again:
|
||||
ret = 0;
|
||||
*device = calloc(1, sizeof(**device));
|
||||
|
|
|
|||
|
|
@ -255,12 +255,13 @@ static int kernel_set_device(struct wgdevice *dev)
|
|||
wg_aip->a_af = aip->family;
|
||||
wg_aip->a_cidr = aip->cidr;
|
||||
|
||||
if (aip->family == AF_INET)
|
||||
if (aip->family == AF_INET) {
|
||||
memcpy(&wg_aip->a_ipv4, &aip->ip4, sizeof(wg_aip->a_ipv4));
|
||||
else if (aip->family == AF_INET6)
|
||||
} else if (aip->family == AF_INET6) {
|
||||
memcpy(&wg_aip->a_ipv6, &aip->ip6, sizeof(wg_aip->a_ipv6));
|
||||
else
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
++aip_count;
|
||||
++wg_aip;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,96 +10,126 @@
|
|||
#include <stdio.h>
|
||||
#include <stdbool.h>
|
||||
#include <fcntl.h>
|
||||
#include <hashtable.h>
|
||||
|
||||
static FILE *userspace_interface_file(const char *iface)
|
||||
{
|
||||
char fname[MAX_PATH];
|
||||
HANDLE pipe_handle;
|
||||
SID expected_sid;
|
||||
DWORD bytes = sizeof(expected_sid);
|
||||
PSID pipe_sid;
|
||||
char fname[MAX_PATH], error_message[1024 * 128] = { 0 };
|
||||
HANDLE thread_token, process_snapshot, winlogon_process, winlogon_token, duplicated_token, pipe_handle = INVALID_HANDLE_VALUE;
|
||||
PROCESSENTRY32 entry = { .dwSize = sizeof(PROCESSENTRY32) };
|
||||
PSECURITY_DESCRIPTOR pipe_sd;
|
||||
bool equal;
|
||||
PSID pipe_sid;
|
||||
SID expected_sid;
|
||||
BOOL ret;
|
||||
int fd;
|
||||
DWORD last_error = ERROR_SUCCESS, bytes = sizeof(expected_sid);
|
||||
TOKEN_PRIVILEGES privileges = {
|
||||
.PrivilegeCount = 1,
|
||||
.Privileges = {{ .Attributes = SE_PRIVILEGE_ENABLED }}
|
||||
};
|
||||
|
||||
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &privileges.Privileges[0].Luid))
|
||||
goto err;
|
||||
if (!CreateWellKnownSid(WinLocalSystemSid, NULL, &expected_sid, &bytes))
|
||||
goto err;
|
||||
|
||||
snprintf(fname, sizeof(fname), "\\\\.\\pipe\\ProtectedPrefix\\Administrators\\WireGuard\\%s", iface);
|
||||
pipe_handle = CreateFileA(fname, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
|
||||
if (pipe_handle == INVALID_HANDLE_VALUE)
|
||||
process_snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
||||
if (process_snapshot == INVALID_HANDLE_VALUE)
|
||||
goto err;
|
||||
for (ret = Process32First(process_snapshot, &entry); ret; last_error = GetLastError(), ret = Process32Next(process_snapshot, &entry)) {
|
||||
if (strcasecmp(entry.szExeFile, "winlogon.exe"))
|
||||
continue;
|
||||
|
||||
RevertToSelf();
|
||||
if (!ImpersonateSelf(SecurityImpersonation))
|
||||
continue;
|
||||
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, FALSE, &thread_token))
|
||||
continue;
|
||||
if (!AdjustTokenPrivileges(thread_token, FALSE, &privileges, sizeof(privileges), NULL, NULL)) {
|
||||
last_error = GetLastError();
|
||||
CloseHandle(thread_token);
|
||||
continue;
|
||||
}
|
||||
CloseHandle(thread_token);
|
||||
|
||||
winlogon_process = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, entry.th32ProcessID);
|
||||
if (!winlogon_process)
|
||||
continue;
|
||||
if (!OpenProcessToken(winlogon_process, TOKEN_IMPERSONATE | TOKEN_DUPLICATE, &winlogon_token))
|
||||
continue;
|
||||
CloseHandle(winlogon_process);
|
||||
if (!DuplicateToken(winlogon_token, SecurityImpersonation, &duplicated_token)) {
|
||||
last_error = GetLastError();
|
||||
RevertToSelf();
|
||||
continue;
|
||||
}
|
||||
CloseHandle(winlogon_token);
|
||||
if (!SetThreadToken(NULL, duplicated_token)) {
|
||||
last_error = GetLastError();
|
||||
CloseHandle(duplicated_token);
|
||||
continue;
|
||||
}
|
||||
CloseHandle(duplicated_token);
|
||||
|
||||
snprintf(fname, sizeof(fname), "\\\\.\\pipe\\ProtectedPrefix\\Administrators\\WireGuard\\%s", iface);
|
||||
pipe_handle = CreateFile(fname, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
|
||||
last_error = GetLastError();
|
||||
if (pipe_handle == INVALID_HANDLE_VALUE)
|
||||
continue;
|
||||
last_error = GetSecurityInfo(pipe_handle, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION, &pipe_sid, NULL, NULL, NULL, &pipe_sd);
|
||||
if (last_error != ERROR_SUCCESS) {
|
||||
CloseHandle(pipe_handle);
|
||||
continue;
|
||||
}
|
||||
last_error = EqualSid(&expected_sid, pipe_sid) ? ERROR_SUCCESS : ERROR_ACCESS_DENIED;
|
||||
LocalFree(pipe_sd);
|
||||
if (last_error != ERROR_SUCCESS) {
|
||||
CloseHandle(pipe_handle);
|
||||
continue;
|
||||
}
|
||||
last_error = ERROR_SUCCESS;
|
||||
break;
|
||||
}
|
||||
RevertToSelf();
|
||||
CloseHandle(process_snapshot);
|
||||
|
||||
if (last_error != ERROR_SUCCESS || pipe_handle == INVALID_HANDLE_VALUE)
|
||||
goto err;
|
||||
if (GetSecurityInfo(pipe_handle, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION, &pipe_sid, NULL, NULL, NULL, &pipe_sd) != ERROR_SUCCESS)
|
||||
goto err_close;
|
||||
equal = EqualSid(&expected_sid, pipe_sid);
|
||||
LocalFree(pipe_sd);
|
||||
if (!equal)
|
||||
goto err_close;
|
||||
fd = _open_osfhandle((intptr_t)pipe_handle, _O_RDWR);
|
||||
if (fd == -1) {
|
||||
last_error = GetLastError();
|
||||
CloseHandle(pipe_handle);
|
||||
return NULL;
|
||||
goto err;
|
||||
}
|
||||
return _fdopen(fd, "r+");
|
||||
err_close:
|
||||
CloseHandle(pipe_handle);
|
||||
|
||||
err:
|
||||
if (last_error == ERROR_SUCCESS)
|
||||
last_error = GetLastError();
|
||||
if (last_error == ERROR_SUCCESS)
|
||||
last_error = ERROR_ACCESS_DENIED;
|
||||
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, last_error, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), error_message, sizeof(error_message) - 1, NULL);
|
||||
fprintf(stderr, "Error: Unable to open IPC handle via SYSTEM impersonation: %ld: %s\n", last_error, error_message);
|
||||
errno = EACCES;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static bool have_cached_interfaces;
|
||||
static struct hashtable cached_interfaces;
|
||||
|
||||
static bool userspace_has_wireguard_interface(const char *iface)
|
||||
{
|
||||
char fname[MAX_PATH];
|
||||
WIN32_FIND_DATA find_data;
|
||||
HANDLE find_handle;
|
||||
bool ret = false;
|
||||
|
||||
if (have_cached_interfaces)
|
||||
return hashtable_find_entry(&cached_interfaces, iface) != NULL;
|
||||
|
||||
snprintf(fname, sizeof(fname), "ProtectedPrefix\\Administrators\\WireGuard\\%s", iface);
|
||||
find_handle = FindFirstFile("\\\\.\\pipe\\*", &find_data);
|
||||
if (find_handle == INVALID_HANDLE_VALUE)
|
||||
return -EIO;
|
||||
do {
|
||||
if (!strcmp(fname, find_data.cFileName)) {
|
||||
ret = true;
|
||||
break;
|
||||
}
|
||||
} while (FindNextFile(find_handle, &find_data));
|
||||
FindClose(find_handle);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int userspace_get_wireguard_interfaces(struct string_list *list)
|
||||
{
|
||||
static const char prefix[] = "ProtectedPrefix\\Administrators\\WireGuard\\";
|
||||
WIN32_FIND_DATA find_data;
|
||||
HANDLE find_handle;
|
||||
char *iface;
|
||||
int ret = 0;
|
||||
|
||||
find_handle = FindFirstFile("\\\\.\\pipe\\*", &find_data);
|
||||
if (find_handle == INVALID_HANDLE_VALUE)
|
||||
return -EIO;
|
||||
return -GetLastError();
|
||||
do {
|
||||
if (strncmp(prefix, find_data.cFileName, strlen(prefix)))
|
||||
continue;
|
||||
iface = find_data.cFileName + strlen(prefix);
|
||||
ret = string_list_add(list, iface);
|
||||
ret = string_list_add(list, find_data.cFileName + strlen(prefix));
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
if (!hashtable_find_or_insert_entry(&cached_interfaces, iface)) {
|
||||
ret = -errno;
|
||||
goto out;
|
||||
}
|
||||
} while (FindNextFile(find_handle, &find_data));
|
||||
have_cached_interfaces = true;
|
||||
|
||||
out:
|
||||
FindClose(find_handle);
|
||||
|
|
|
|||
|
|
@ -1,450 +0,0 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
||||
#include "containers.h"
|
||||
#include <windows.h>
|
||||
#include <setupapi.h>
|
||||
#include <cfgmgr32.h>
|
||||
#include <iphlpapi.h>
|
||||
#include <initguid.h>
|
||||
#include <devguid.h>
|
||||
#include <ddk/ndisguid.h>
|
||||
#include <wireguard.h>
|
||||
#include <hashtable.h>
|
||||
|
||||
#define IPC_SUPPORTS_KERNEL_INTERFACE
|
||||
|
||||
static bool have_cached_kernel_interfaces;
|
||||
static struct hashtable cached_kernel_interfaces;
|
||||
static const DEVPROPKEY devpkey_name = DEVPKEY_WG_NAME;
|
||||
extern bool is_win7;
|
||||
|
||||
static int kernel_get_wireguard_interfaces(struct string_list *list)
|
||||
{
|
||||
HDEVINFO dev_info = SetupDiGetClassDevsExW(&GUID_DEVCLASS_NET, is_win7 ? L"ROOT\\WIREGUARD" : L"SWD\\WireGuard", NULL, DIGCF_PRESENT, NULL, NULL, NULL);
|
||||
bool will_have_cached_kernel_interfaces = true;
|
||||
|
||||
if (dev_info == INVALID_HANDLE_VALUE) {
|
||||
errno = EACCES;
|
||||
return -errno;
|
||||
}
|
||||
|
||||
for (DWORD i = 0;; ++i) {
|
||||
DWORD buf_len;
|
||||
WCHAR adapter_name[MAX_ADAPTER_NAME];
|
||||
SP_DEVINFO_DATA dev_info_data = { .cbSize = sizeof(SP_DEVINFO_DATA) };
|
||||
DEVPROPTYPE prop_type;
|
||||
ULONG status, problem_code;
|
||||
char *interface_name;
|
||||
struct hashtable_entry *entry;
|
||||
|
||||
if (!SetupDiEnumDeviceInfo(dev_info, i, &dev_info_data)) {
|
||||
if (GetLastError() == ERROR_NO_MORE_ITEMS)
|
||||
break;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!SetupDiGetDevicePropertyW(dev_info, &dev_info_data, &devpkey_name,
|
||||
&prop_type, (PBYTE)adapter_name,
|
||||
sizeof(adapter_name), NULL, 0) ||
|
||||
prop_type != DEVPROP_TYPE_STRING)
|
||||
continue;
|
||||
adapter_name[_countof(adapter_name) - 1] = L'0';
|
||||
if (!adapter_name[0])
|
||||
continue;
|
||||
buf_len = WideCharToMultiByte(CP_UTF8, 0, adapter_name, -1, NULL, 0, NULL, NULL);
|
||||
if (!buf_len)
|
||||
continue;
|
||||
interface_name = malloc(buf_len);
|
||||
if (!interface_name)
|
||||
continue;
|
||||
buf_len = WideCharToMultiByte(CP_UTF8, 0, adapter_name, -1, interface_name, buf_len, NULL, NULL);
|
||||
if (!buf_len) {
|
||||
free(interface_name);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (CM_Get_DevNode_Status(&status, &problem_code, dev_info_data.DevInst, 0) == CR_SUCCESS &&
|
||||
(status & (DN_DRIVER_LOADED | DN_STARTED)) == (DN_DRIVER_LOADED | DN_STARTED))
|
||||
string_list_add(list, interface_name);
|
||||
|
||||
entry = hashtable_find_or_insert_entry(&cached_kernel_interfaces, interface_name);
|
||||
free(interface_name);
|
||||
if (!entry)
|
||||
continue;
|
||||
|
||||
if (SetupDiGetDeviceInstanceIdW(dev_info, &dev_info_data, NULL, 0, &buf_len) || GetLastError() != ERROR_INSUFFICIENT_BUFFER)
|
||||
continue;
|
||||
entry->value = calloc(sizeof(WCHAR), buf_len);
|
||||
if (!entry->value)
|
||||
continue;
|
||||
if (!SetupDiGetDeviceInstanceIdW(dev_info, &dev_info_data, entry->value, buf_len, &buf_len)) {
|
||||
free(entry->value);
|
||||
entry->value = NULL;
|
||||
continue;
|
||||
}
|
||||
|
||||
will_have_cached_kernel_interfaces = true;
|
||||
}
|
||||
SetupDiDestroyDeviceInfoList(dev_info);
|
||||
have_cached_kernel_interfaces = will_have_cached_kernel_interfaces;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static HANDLE kernel_interface_handle(const char *iface)
|
||||
{
|
||||
HDEVINFO dev_info;
|
||||
WCHAR *interfaces = NULL;
|
||||
HANDLE handle;
|
||||
|
||||
if (have_cached_kernel_interfaces) {
|
||||
struct hashtable_entry *entry = hashtable_find_entry(&cached_kernel_interfaces, iface);
|
||||
if (entry) {
|
||||
DWORD buf_len;
|
||||
if (CM_Get_Device_Interface_List_SizeW(
|
||||
&buf_len, (GUID *)&GUID_DEVINTERFACE_NET, (DEVINSTID_W)entry->value,
|
||||
CM_GET_DEVICE_INTERFACE_LIST_PRESENT) != CR_SUCCESS)
|
||||
goto err_hash;
|
||||
interfaces = calloc(buf_len, sizeof(*interfaces));
|
||||
if (!interfaces)
|
||||
goto err_hash;
|
||||
if (CM_Get_Device_Interface_ListW(
|
||||
(GUID *)&GUID_DEVINTERFACE_NET, (DEVINSTID_W)entry->value, interfaces, buf_len,
|
||||
CM_GET_DEVICE_INTERFACE_LIST_PRESENT) != CR_SUCCESS || !interfaces[0]) {
|
||||
free(interfaces);
|
||||
interfaces = NULL;
|
||||
goto err_hash;
|
||||
}
|
||||
handle = CreateFileW(interfaces, GENERIC_READ | GENERIC_WRITE,
|
||||
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL,
|
||||
OPEN_EXISTING, 0, NULL);
|
||||
free(interfaces);
|
||||
if (handle == INVALID_HANDLE_VALUE)
|
||||
goto err_hash;
|
||||
return handle;
|
||||
err_hash:
|
||||
errno = EACCES;
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
dev_info = SetupDiGetClassDevsExW(&GUID_DEVCLASS_NET, is_win7 ? L"ROOT\\WIREGUARD" : L"SWD\\WireGuard", NULL, DIGCF_PRESENT, NULL, NULL, NULL);
|
||||
if (dev_info == INVALID_HANDLE_VALUE)
|
||||
return NULL;
|
||||
|
||||
for (DWORD i = 0; !interfaces; ++i) {
|
||||
bool found;
|
||||
DWORD buf_len;
|
||||
WCHAR *buf, adapter_name[MAX_ADAPTER_NAME];
|
||||
SP_DEVINFO_DATA dev_info_data = { .cbSize = sizeof(SP_DEVINFO_DATA) };
|
||||
DEVPROPTYPE prop_type;
|
||||
char *interface_name;
|
||||
|
||||
if (!SetupDiEnumDeviceInfo(dev_info, i, &dev_info_data)) {
|
||||
if (GetLastError() == ERROR_NO_MORE_ITEMS)
|
||||
break;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!SetupDiGetDevicePropertyW(dev_info, &dev_info_data, &devpkey_name,
|
||||
&prop_type, (PBYTE)adapter_name,
|
||||
sizeof(adapter_name), NULL, 0) ||
|
||||
prop_type != DEVPROP_TYPE_STRING)
|
||||
continue;
|
||||
adapter_name[_countof(adapter_name) - 1] = L'0';
|
||||
if (!adapter_name[0])
|
||||
continue;
|
||||
buf_len = WideCharToMultiByte(CP_UTF8, 0, adapter_name, -1, NULL, 0, NULL, NULL);
|
||||
if (!buf_len)
|
||||
continue;
|
||||
interface_name = malloc(buf_len);
|
||||
if (!interface_name)
|
||||
continue;
|
||||
buf_len = WideCharToMultiByte(CP_UTF8, 0, adapter_name, -1, interface_name, buf_len, NULL, NULL);
|
||||
if (!buf_len) {
|
||||
free(interface_name);
|
||||
continue;
|
||||
}
|
||||
found = !strcmp(interface_name, iface);
|
||||
free(interface_name);
|
||||
if (!found)
|
||||
continue;
|
||||
|
||||
if (SetupDiGetDeviceInstanceIdW(dev_info, &dev_info_data, NULL, 0, &buf_len) || GetLastError() != ERROR_INSUFFICIENT_BUFFER)
|
||||
continue;
|
||||
buf = calloc(sizeof(*buf), buf_len);
|
||||
if (!buf)
|
||||
continue;
|
||||
if (!SetupDiGetDeviceInstanceIdW(dev_info, &dev_info_data, buf, buf_len, &buf_len))
|
||||
goto cleanup_instance_id;
|
||||
if (CM_Get_Device_Interface_List_SizeW(
|
||||
&buf_len, (GUID *)&GUID_DEVINTERFACE_NET, (DEVINSTID_W)buf,
|
||||
CM_GET_DEVICE_INTERFACE_LIST_PRESENT) != CR_SUCCESS)
|
||||
goto cleanup_instance_id;
|
||||
interfaces = calloc(buf_len, sizeof(*interfaces));
|
||||
if (!interfaces)
|
||||
goto cleanup_instance_id;
|
||||
if (CM_Get_Device_Interface_ListW(
|
||||
(GUID *)&GUID_DEVINTERFACE_NET, (DEVINSTID_W)buf, interfaces, buf_len,
|
||||
CM_GET_DEVICE_INTERFACE_LIST_PRESENT) != CR_SUCCESS || !interfaces[0]) {
|
||||
free(interfaces);
|
||||
interfaces = NULL;
|
||||
goto cleanup_instance_id;
|
||||
}
|
||||
cleanup_instance_id:
|
||||
free(buf);
|
||||
}
|
||||
SetupDiDestroyDeviceInfoList(dev_info);
|
||||
if (!interfaces) {
|
||||
errno = ENOENT;
|
||||
return NULL;
|
||||
}
|
||||
handle = CreateFileW(interfaces, GENERIC_READ | GENERIC_WRITE,
|
||||
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL,
|
||||
OPEN_EXISTING, 0, NULL);
|
||||
free(interfaces);
|
||||
if (handle == INVALID_HANDLE_VALUE) {
|
||||
errno = EACCES;
|
||||
return NULL;
|
||||
}
|
||||
return handle;
|
||||
}
|
||||
|
||||
static int kernel_get_device(struct wgdevice **device, const char *iface)
|
||||
{
|
||||
WG_IOCTL_INTERFACE *wg_iface;
|
||||
WG_IOCTL_PEER *wg_peer;
|
||||
WG_IOCTL_ALLOWED_IP *wg_aip;
|
||||
void *buf = NULL;
|
||||
DWORD buf_len = 0;
|
||||
HANDLE handle = kernel_interface_handle(iface);
|
||||
struct wgdevice *dev;
|
||||
struct wgpeer *peer;
|
||||
struct wgallowedip *aip;
|
||||
int ret;
|
||||
|
||||
*device = NULL;
|
||||
|
||||
if (!handle)
|
||||
return -errno;
|
||||
|
||||
while (!DeviceIoControl(handle, WG_IOCTL_GET, NULL, 0, buf, buf_len, &buf_len, NULL)) {
|
||||
free(buf);
|
||||
if (GetLastError() != ERROR_MORE_DATA) {
|
||||
errno = EACCES;
|
||||
return -errno;
|
||||
}
|
||||
buf = malloc(buf_len);
|
||||
if (!buf)
|
||||
return -errno;
|
||||
}
|
||||
|
||||
wg_iface = (WG_IOCTL_INTERFACE *)buf;
|
||||
dev = calloc(1, sizeof(*dev));
|
||||
if (!dev)
|
||||
goto out;
|
||||
strncpy(dev->name, iface, sizeof(dev->name));
|
||||
dev->name[sizeof(dev->name) - 1] = '\0';
|
||||
|
||||
if (wg_iface->Flags & WG_IOCTL_INTERFACE_HAS_LISTEN_PORT) {
|
||||
dev->listen_port = wg_iface->ListenPort;
|
||||
dev->flags |= WGDEVICE_HAS_LISTEN_PORT;
|
||||
}
|
||||
|
||||
if (wg_iface->Flags & WG_IOCTL_INTERFACE_HAS_PUBLIC_KEY) {
|
||||
memcpy(dev->public_key, wg_iface->PublicKey, sizeof(dev->public_key));
|
||||
dev->flags |= WGDEVICE_HAS_PUBLIC_KEY;
|
||||
}
|
||||
|
||||
if (wg_iface->Flags & WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY) {
|
||||
memcpy(dev->private_key, wg_iface->PrivateKey, sizeof(dev->private_key));
|
||||
dev->flags |= WGDEVICE_HAS_PRIVATE_KEY;
|
||||
}
|
||||
|
||||
wg_peer = buf + sizeof(WG_IOCTL_INTERFACE);
|
||||
for (ULONG i = 0; i < wg_iface->PeersCount; ++i) {
|
||||
peer = calloc(1, sizeof(*peer));
|
||||
if (!peer)
|
||||
goto out;
|
||||
|
||||
if (dev->first_peer == NULL)
|
||||
dev->first_peer = peer;
|
||||
else
|
||||
dev->last_peer->next_peer = peer;
|
||||
dev->last_peer = peer;
|
||||
|
||||
if (wg_peer->Flags & WG_IOCTL_PEER_HAS_PUBLIC_KEY) {
|
||||
memcpy(peer->public_key, wg_peer->PublicKey, sizeof(peer->public_key));
|
||||
peer->flags |= WGPEER_HAS_PUBLIC_KEY;
|
||||
}
|
||||
|
||||
if (wg_peer->Flags & WG_IOCTL_PEER_HAS_PRESHARED_KEY) {
|
||||
memcpy(peer->preshared_key, wg_peer->PresharedKey, sizeof(peer->preshared_key));
|
||||
if (!key_is_zero(peer->preshared_key))
|
||||
peer->flags |= WGPEER_HAS_PRESHARED_KEY;
|
||||
}
|
||||
|
||||
if (wg_peer->Flags & WG_IOCTL_PEER_HAS_PERSISTENT_KEEPALIVE) {
|
||||
peer->persistent_keepalive_interval = wg_peer->PersistentKeepalive;
|
||||
peer->flags |= WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL;
|
||||
}
|
||||
|
||||
if (wg_peer->Flags & WG_IOCTL_PEER_HAS_ENDPOINT) {
|
||||
if (wg_peer->Endpoint.si_family == AF_INET)
|
||||
peer->endpoint.addr4 = wg_peer->Endpoint.Ipv4;
|
||||
else if (wg_peer->Endpoint.si_family == AF_INET6)
|
||||
peer->endpoint.addr6 = wg_peer->Endpoint.Ipv6;
|
||||
}
|
||||
|
||||
peer->rx_bytes = wg_peer->RxBytes;
|
||||
peer->tx_bytes = wg_peer->TxBytes;
|
||||
|
||||
if (wg_peer->LastHandshake) {
|
||||
peer->last_handshake_time.tv_sec = wg_peer->LastHandshake / 10000000 - 11644473600LL;
|
||||
peer->last_handshake_time.tv_nsec = wg_peer->LastHandshake % 10000000 * 100;
|
||||
}
|
||||
|
||||
wg_aip = (void *)wg_peer + sizeof(WG_IOCTL_PEER);
|
||||
for (ULONG j = 0; j < wg_peer->AllowedIPsCount; ++j) {
|
||||
aip = calloc(1, sizeof(*aip));
|
||||
if (!aip)
|
||||
goto out;
|
||||
|
||||
if (peer->first_allowedip == NULL)
|
||||
peer->first_allowedip = aip;
|
||||
else
|
||||
peer->last_allowedip->next_allowedip = aip;
|
||||
peer->last_allowedip = aip;
|
||||
|
||||
aip->family = wg_aip->AddressFamily;
|
||||
if (wg_aip->AddressFamily == AF_INET) {
|
||||
memcpy(&aip->ip4, &wg_aip->Address.V4, sizeof(aip->ip4));
|
||||
aip->cidr = wg_aip->Cidr;
|
||||
} else if (wg_aip->AddressFamily == AF_INET6) {
|
||||
memcpy(&aip->ip6, &wg_aip->Address.V6, sizeof(aip->ip6));
|
||||
aip->cidr = wg_aip->Cidr;
|
||||
}
|
||||
++wg_aip;
|
||||
}
|
||||
wg_peer = (WG_IOCTL_PEER *)wg_aip;
|
||||
}
|
||||
*device = dev;
|
||||
errno = 0;
|
||||
out:
|
||||
ret = -errno;
|
||||
free(buf);
|
||||
CloseHandle(handle);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int kernel_set_device(struct wgdevice *dev)
|
||||
{
|
||||
WG_IOCTL_INTERFACE *wg_iface = NULL;
|
||||
WG_IOCTL_PEER *wg_peer;
|
||||
WG_IOCTL_ALLOWED_IP *wg_aip;
|
||||
DWORD buf_len = sizeof(WG_IOCTL_INTERFACE);
|
||||
HANDLE handle = kernel_interface_handle(dev->name);
|
||||
struct wgpeer *peer;
|
||||
struct wgallowedip *aip;
|
||||
size_t peer_count, aip_count;
|
||||
int ret = 0;
|
||||
|
||||
if (!handle)
|
||||
return -errno;
|
||||
|
||||
for_each_wgpeer(dev, peer) {
|
||||
if (DWORD_MAX - buf_len < sizeof(WG_IOCTL_PEER)) {
|
||||
errno = EOVERFLOW;
|
||||
goto out;
|
||||
}
|
||||
buf_len += sizeof(WG_IOCTL_PEER);
|
||||
for_each_wgallowedip(peer, aip) {
|
||||
if (DWORD_MAX - buf_len < sizeof(WG_IOCTL_ALLOWED_IP)) {
|
||||
errno = EOVERFLOW;
|
||||
goto out;
|
||||
}
|
||||
buf_len += sizeof(WG_IOCTL_ALLOWED_IP);
|
||||
}
|
||||
}
|
||||
wg_iface = calloc(1, buf_len);
|
||||
if (!wg_iface)
|
||||
goto out;
|
||||
|
||||
if (dev->flags & WGDEVICE_HAS_PRIVATE_KEY) {
|
||||
memcpy(wg_iface->PrivateKey, dev->private_key, sizeof(wg_iface->PrivateKey));
|
||||
wg_iface->Flags |= WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY;
|
||||
}
|
||||
|
||||
if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) {
|
||||
wg_iface->ListenPort = dev->listen_port;
|
||||
wg_iface->Flags |= WG_IOCTL_INTERFACE_HAS_LISTEN_PORT;
|
||||
}
|
||||
|
||||
if (dev->flags & WGDEVICE_REPLACE_PEERS)
|
||||
wg_iface->Flags |= WG_IOCTL_INTERFACE_REPLACE_PEERS;
|
||||
|
||||
peer_count = 0;
|
||||
wg_peer = (void *)wg_iface + sizeof(WG_IOCTL_INTERFACE);
|
||||
for_each_wgpeer(dev, peer) {
|
||||
wg_peer->Flags = WG_IOCTL_PEER_HAS_PUBLIC_KEY;
|
||||
memcpy(wg_peer->PublicKey, peer->public_key, sizeof(wg_peer->PublicKey));
|
||||
|
||||
if (peer->flags & WGPEER_HAS_PRESHARED_KEY) {
|
||||
memcpy(wg_peer->PresharedKey, peer->preshared_key, sizeof(wg_peer->PresharedKey));
|
||||
wg_peer->Flags |= WG_IOCTL_PEER_HAS_PRESHARED_KEY;
|
||||
}
|
||||
|
||||
if (peer->flags & WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL) {
|
||||
wg_peer->PersistentKeepalive = peer->persistent_keepalive_interval;
|
||||
wg_peer->Flags |= WG_IOCTL_PEER_HAS_PERSISTENT_KEEPALIVE;
|
||||
}
|
||||
|
||||
if (peer->endpoint.addr.sa_family == AF_INET) {
|
||||
wg_peer->Endpoint.Ipv4 = peer->endpoint.addr4;
|
||||
wg_peer->Flags |= WG_IOCTL_PEER_HAS_ENDPOINT;
|
||||
} else if (peer->endpoint.addr.sa_family == AF_INET6) {
|
||||
wg_peer->Endpoint.Ipv6 = peer->endpoint.addr6;
|
||||
wg_peer->Flags |= WG_IOCTL_PEER_HAS_ENDPOINT;
|
||||
}
|
||||
|
||||
if (peer->flags & WGPEER_REPLACE_ALLOWEDIPS)
|
||||
wg_peer->Flags |= WG_IOCTL_PEER_REPLACE_ALLOWED_IPS;
|
||||
|
||||
if (peer->flags & WGPEER_REMOVE_ME)
|
||||
wg_peer->Flags |= WG_IOCTL_PEER_REMOVE;
|
||||
|
||||
aip_count = 0;
|
||||
wg_aip = (void *)wg_peer + sizeof(WG_IOCTL_PEER);
|
||||
for_each_wgallowedip(peer, aip) {
|
||||
wg_aip->AddressFamily = aip->family;
|
||||
wg_aip->Cidr = aip->cidr;
|
||||
|
||||
if (aip->family == AF_INET)
|
||||
wg_aip->Address.V4 = aip->ip4;
|
||||
else if (aip->family == AF_INET6)
|
||||
wg_aip->Address.V6 = aip->ip6;
|
||||
else
|
||||
continue;
|
||||
++aip_count;
|
||||
++wg_aip;
|
||||
}
|
||||
wg_peer->AllowedIPsCount = aip_count;
|
||||
++peer_count;
|
||||
wg_peer = (WG_IOCTL_PEER *)wg_aip;
|
||||
}
|
||||
wg_iface->PeersCount = peer_count;
|
||||
|
||||
if (!DeviceIoControl(handle, WG_IOCTL_SET, NULL, 0, wg_iface, buf_len, &buf_len, NULL)) {
|
||||
errno = EACCES;
|
||||
goto out;
|
||||
}
|
||||
errno = 0;
|
||||
|
||||
out:
|
||||
ret = -errno;
|
||||
free(wg_iface);
|
||||
CloseHandle(handle);
|
||||
return ret;
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
@ -47,8 +47,6 @@ static int string_list_add(struct string_list *list, const char *str)
|
|||
#include "ipc-openbsd.h"
|
||||
#elif defined(__FreeBSD__)
|
||||
#include "ipc-freebsd.h"
|
||||
#elif defined(_WIN32)
|
||||
#include "ipc-windows.h"
|
||||
#endif
|
||||
|
||||
/* first\0second\0third\0forth\0last\0\0 */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -168,7 +168,7 @@ sockets, which bypass Netfilter.) When IPv6 is in use, additional similar lines
|
|||
Or, perhaps it is desirable to store private keys in encrypted form, such as through use of
|
||||
.BR pass (1):
|
||||
|
||||
\fBPreUp = wg set %i private-key <(pass WireGuard/private-keys/%i)\fP
|
||||
\fBPostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)\fP
|
||||
.br
|
||||
|
||||
For use on a server, the following is a more complicated example involving multiple peers:
|
||||
|
|
|
|||
|
|
@ -219,13 +219,6 @@ by running as root:
|
|||
|
||||
\fB # modprobe wireguard && echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control\fP
|
||||
|
||||
On OpenBSD and FreeBSD, debugging information can be written into
|
||||
.BR dmesg (1)
|
||||
on a per-interface basis by using
|
||||
.BR ifconfig (1):
|
||||
|
||||
\fB # ifconfig wg0 debug
|
||||
|
||||
On userspace implementations, it is customary to set the \fILOG_LEVEL\fP environment variable to \fIverbose\fP.
|
||||
|
||||
.SH ENVIRONMENT VARIABLES
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
@ -27,7 +27,7 @@
|
|||
static int peer_cmp(const void *first, const void *second)
|
||||
{
|
||||
time_t diff;
|
||||
const struct wgpeer *a = *(void *const *)first, *b = *(void *const *)second;
|
||||
const struct wgpeer *a = *(const void **)first, *b = *(const void **)second;
|
||||
|
||||
if (!a->last_handshake_time.tv_sec && !a->last_handshake_time.tv_nsec && (b->last_handshake_time.tv_sec || b->last_handshake_time.tv_nsec))
|
||||
return 1;
|
||||
|
|
@ -312,9 +312,9 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int
|
|||
else
|
||||
printf("off\n");
|
||||
} else if (!strcmp(param, "endpoints")) {
|
||||
if (with_interface)
|
||||
printf("%s\t", device->name);
|
||||
for_each_wgpeer(device, peer) {
|
||||
if (with_interface)
|
||||
printf("%s\t", device->name);
|
||||
printf("%s\t", key(peer->public_key));
|
||||
if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6)
|
||||
printf("%s\n", endpoint(&peer->endpoint.addr));
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 OR MIT */
|
||||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,80 +0,0 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0
|
||||
*
|
||||
* Copyright (C) 2021 WireGuard LLC. All Rights Reserved.
|
||||
*/
|
||||
|
||||
#ifndef _WIREGUARD_NT_H
|
||||
#define _WIREGUARD_NT_H
|
||||
|
||||
#include <ntdef.h>
|
||||
#include <ws2def.h>
|
||||
#include <ws2ipdef.h>
|
||||
#include <inaddr.h>
|
||||
#include <in6addr.h>
|
||||
|
||||
#define WG_KEY_LEN 32
|
||||
|
||||
typedef struct _WG_IOCTL_ALLOWED_IP
|
||||
{
|
||||
union
|
||||
{
|
||||
IN_ADDR V4;
|
||||
IN6_ADDR V6;
|
||||
} Address;
|
||||
ADDRESS_FAMILY AddressFamily;
|
||||
UCHAR Cidr;
|
||||
} __attribute__((aligned(8))) WG_IOCTL_ALLOWED_IP;
|
||||
|
||||
typedef enum
|
||||
{
|
||||
WG_IOCTL_PEER_HAS_PUBLIC_KEY = 1 << 0,
|
||||
WG_IOCTL_PEER_HAS_PRESHARED_KEY = 1 << 1,
|
||||
WG_IOCTL_PEER_HAS_PERSISTENT_KEEPALIVE = 1 << 2,
|
||||
WG_IOCTL_PEER_HAS_ENDPOINT = 1 << 3,
|
||||
WG_IOCTL_PEER_HAS_PROTOCOL_VERSION = 1 << 4,
|
||||
WG_IOCTL_PEER_REPLACE_ALLOWED_IPS = 1 << 5,
|
||||
WG_IOCTL_PEER_REMOVE = 1 << 6,
|
||||
WG_IOCTL_PEER_UPDATE = 1 << 7
|
||||
} WG_IOCTL_PEER_FLAG;
|
||||
|
||||
typedef struct _WG_IOCTL_PEER
|
||||
{
|
||||
WG_IOCTL_PEER_FLAG Flags;
|
||||
ULONG ProtocolVersion; /* 0 = latest protocol, 1 = this protocol. */
|
||||
UCHAR PublicKey[WG_KEY_LEN];
|
||||
UCHAR PresharedKey[WG_KEY_LEN];
|
||||
USHORT PersistentKeepalive;
|
||||
SOCKADDR_INET Endpoint;
|
||||
ULONG64 TxBytes;
|
||||
ULONG64 RxBytes;
|
||||
ULONG64 LastHandshake;
|
||||
ULONG AllowedIPsCount;
|
||||
} __attribute__((aligned(8))) WG_IOCTL_PEER;
|
||||
|
||||
typedef enum
|
||||
{
|
||||
WG_IOCTL_INTERFACE_HAS_PUBLIC_KEY = 1 << 0,
|
||||
WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY = 1 << 1,
|
||||
WG_IOCTL_INTERFACE_HAS_LISTEN_PORT = 1 << 2,
|
||||
WG_IOCTL_INTERFACE_REPLACE_PEERS = 1 << 3
|
||||
} WG_IOCTL_INTERFACE_FLAG;
|
||||
|
||||
typedef struct _WG_IOCTL_INTERFACE
|
||||
{
|
||||
WG_IOCTL_INTERFACE_FLAG Flags;
|
||||
USHORT ListenPort;
|
||||
UCHAR PrivateKey[WG_KEY_LEN];
|
||||
UCHAR PublicKey[WG_KEY_LEN];
|
||||
ULONG PeersCount;
|
||||
} __attribute__((aligned(8))) WG_IOCTL_INTERFACE;
|
||||
|
||||
#define WG_IOCTL_GET CTL_CODE(45208U, 321, METHOD_OUT_DIRECT, FILE_READ_DATA | FILE_WRITE_DATA)
|
||||
#define WG_IOCTL_SET CTL_CODE(45208U, 322, METHOD_IN_DIRECT, FILE_READ_DATA | FILE_WRITE_DATA)
|
||||
|
||||
#define DEVPKEY_WG_NAME (DEVPROPKEY) { \
|
||||
{ 0x65726957, 0x7547, 0x7261, { 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79 } }, \
|
||||
DEVPROPID_FIRST_USABLE + 1 \
|
||||
}
|
||||
|
||||
|
||||
#endif
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
#ifndef WIREGUARD_TOOLS_VERSION
|
||||
#define WIREGUARD_TOOLS_VERSION "1.0.20210914"
|
||||
#define WIREGUARD_TOOLS_VERSION "1.0.20210315"
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*
|
||||
* This is a shell script written in C. It very intentionally still functions like
|
||||
* a shell script, calling out to external executables such as ip(8).
|
||||
|
|
@ -25,7 +25,6 @@
|
|||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/system_properties.h>
|
||||
|
||||
#ifndef WG_PACKAGE_NAME
|
||||
#define WG_PACKAGE_NAME "com.wireguard.android"
|
||||
|
|
@ -40,7 +39,6 @@
|
|||
|
||||
static bool is_exiting = false;
|
||||
static bool binder_available = false;
|
||||
static unsigned int sdk_version;
|
||||
|
||||
static void *xmalloc(size_t size)
|
||||
{
|
||||
|
|
@ -729,7 +727,7 @@ static void up_if(unsigned int *netid, const char *iface, uint16_t listen_port)
|
|||
cmd("ip6tables -I INPUT 1 -p udp --dport %u -j %s -m comment --comment \"wireguard rule %s\"", listen_port, should_block_ipv6(iface) ? "DROP" : "ACCEPT", iface);
|
||||
}
|
||||
cmd("ip link set up dev %s", iface);
|
||||
cndc(sdk_version < 31 ? "network create %u vpn 1 1" : "network create %u vpn 1", *netid);
|
||||
cndc("network create %u vpn 1 1", *netid);
|
||||
cndc("network interface add %u %s", *netid, iface);
|
||||
}
|
||||
|
||||
|
|
@ -855,7 +853,7 @@ static void set_dnses(unsigned int netid, const char *dnses)
|
|||
if (!len)
|
||||
return;
|
||||
|
||||
xregcomp(®ex_ipnothost, "(^[0-9.]+$)|(^.*:.*$)", REG_EXTENDED | REG_NOSUB);
|
||||
xregcomp(®ex_ipnothost, "^[a-zA-Z0-9_=+.-]{1,15}$", REG_EXTENDED | REG_NOSUB);
|
||||
for (char *dns = strtok(mutable, ", \t\n"); dns; dns = strtok(NULL, ", \t\n")) {
|
||||
if (strchr(dns, '\'') || strchr(dns, '\\'))
|
||||
continue;
|
||||
|
|
@ -1280,10 +1278,6 @@ int main(int argc, char *argv[])
|
|||
_cleanup_free_ char *excluded_applications = NULL;
|
||||
_cleanup_free_ char *included_applications = NULL;
|
||||
unsigned int mtu;
|
||||
char prop[PROP_VALUE_MAX + 1];
|
||||
|
||||
if (__system_property_get("ro.build.version.sdk", prop))
|
||||
sdk_version = atoi(prop);
|
||||
|
||||
if (argc == 2 && (!strcmp(argv[1], "help") || !strcmp(argv[1], "--help") || !strcmp(argv[1], "-h")))
|
||||
cmd_usage(argv[0]);
|
||||
|
|
|
|||
|
|
@ -194,14 +194,14 @@ collect_gateways() {
|
|||
|
||||
GATEWAY4=""
|
||||
while read -r destination gateway _; do
|
||||
[[ $destination == default && $gateway != "link#"* ]] || continue
|
||||
[[ $destination == default ]] || continue
|
||||
GATEWAY4="$gateway"
|
||||
break
|
||||
done < <(netstat -nr -f inet)
|
||||
|
||||
GATEWAY6=""
|
||||
while read -r destination gateway _; do
|
||||
[[ $destination == default && $gateway != "link#"* ]] || continue
|
||||
[[ $destination == default ]] || continue
|
||||
GATEWAY6="$gateway"
|
||||
break
|
||||
done < <(netstat -nr -f inet6)
|
||||
|
|
@ -324,24 +324,22 @@ monitor_daemon() {
|
|||
echo "[+] Backgrounding route monitor" >&2
|
||||
(trap 'del_routes; del_dns; exit 0' INT TERM EXIT
|
||||
exec >/dev/null 2>&1
|
||||
exec 19< <(exec route -n monitor)
|
||||
local event bpid=$BASHPID mpid=$!
|
||||
local event pid=$BASHPID
|
||||
[[ ${#DNS[@]} -gt 0 ]] && trap set_dns ALRM
|
||||
# TODO: this should also check to see if the endpoint actually changes
|
||||
# in response to incoming packets, and then call set_endpoint_direct_route
|
||||
# then too. That function should be able to gracefully cleanup if the
|
||||
# endpoints change.
|
||||
while read -u 19 -r event; do
|
||||
while read -r event; do
|
||||
[[ $event == RTM_* ]] || continue
|
||||
ifconfig "$REAL_INTERFACE" >/dev/null 2>&1 || break
|
||||
[[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route
|
||||
[[ -z $MTU ]] && set_mtu
|
||||
if [[ ${#DNS[@]} -gt 0 ]]; then
|
||||
set_dns
|
||||
sleep 2 && kill -ALRM $bpid 2>/dev/null &
|
||||
sleep 2 && kill -ALRM $pid 2>/dev/null &
|
||||
fi
|
||||
done
|
||||
kill $mpid) &
|
||||
done < <(route -n monitor)) &
|
||||
[[ -n $LAUNCHED_BY_LAUNCHD ]] || disown
|
||||
}
|
||||
|
||||
|
|
@ -452,8 +450,8 @@ cmd_up() {
|
|||
local i
|
||||
get_real_interface && die "\`$INTERFACE' already exists as \`$REAL_INTERFACE'"
|
||||
trap 'del_if; del_routes; exit' INT TERM EXIT
|
||||
add_if
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
add_if
|
||||
set_config
|
||||
for i in "${ADDRESSES[@]}"; do
|
||||
add_addr "$i"
|
||||
|
|
|
|||
|
|
@ -152,14 +152,28 @@ del_routes() {
|
|||
done
|
||||
}
|
||||
|
||||
if_exists() {
|
||||
# HACK: The goal is simply to determine whether or not the interface exists. The
|
||||
# straight-forward way of doing this would be `ifconfig $INTERFACE`, but this
|
||||
# invokes the SIOCGIFSTATUS ioctl, which races with interface shutdown inside
|
||||
# the tun driver, resulting in a kernel panic. So we work around it the stupid
|
||||
# way by using the one utility that appears to call if_nametoindex fairly early
|
||||
# and fails if it doesn't exist: `arp`.
|
||||
if arp -i "$INTERFACE" -a -n >/dev/null 2>&1; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
del_if() {
|
||||
[[ $HAVE_SET_DNS -eq 0 ]] || unset_dns
|
||||
if [[ -S /var/run/wireguard/$INTERFACE.sock ]]; then
|
||||
if [[ -f /var/run/wireguard/$INTERFACE.sock ]]; then
|
||||
cmd rm -f "/var/run/wireguard/$INTERFACE.sock"
|
||||
else
|
||||
cmd ifconfig "$INTERFACE" destroy
|
||||
fi
|
||||
while ifconfig "$INTERFACE" >/dev/null 2>&1; do
|
||||
while if_exists; do
|
||||
# HACK: it would be nice to `route monitor` here and wait for RTM_IFANNOUNCE
|
||||
# but it turns out that the announcement is made before the interface
|
||||
# disappears so we sometimes get a hang. So, we're instead left with polling
|
||||
|
|
@ -176,7 +190,7 @@ add_addr() {
|
|||
if [[ $1 == *:* ]]; then
|
||||
cmd ifconfig "$INTERFACE" inet6 "$1" alias
|
||||
else
|
||||
cmd ifconfig "$INTERFACE" inet "$1" alias
|
||||
cmd ifconfig "$INTERFACE" inet "$1" "${1%%/*}" alias
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -284,19 +298,17 @@ monitor_daemon() {
|
|||
(make_temp
|
||||
trap 'del_routes; clean_temp; exit 0' INT TERM EXIT
|
||||
exec >/dev/null 2>&1
|
||||
exec 19< <(exec route -n monitor)
|
||||
local event pid=$!
|
||||
local event
|
||||
# TODO: this should also check to see if the endpoint actually changes
|
||||
# in response to incoming packets, and then call set_endpoint_direct_route
|
||||
# then too. That function should be able to gracefully cleanup if the
|
||||
# endpoints change.
|
||||
while read -u 19 -r event; do
|
||||
while read -r event; do
|
||||
[[ $event == RTM_* ]] || continue
|
||||
ifconfig "$INTERFACE" >/dev/null 2>&1 || break
|
||||
if_exists || break
|
||||
[[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route
|
||||
# TODO: set the mtu as well, but only if up
|
||||
done
|
||||
kill $pid) & disown
|
||||
done < <(route -n monitor)) & disown
|
||||
}
|
||||
|
||||
HAVE_SET_DNS=0
|
||||
|
|
@ -420,8 +432,8 @@ cmd_up() {
|
|||
local i
|
||||
[[ -z $(ifconfig "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists"
|
||||
trap 'del_if; del_routes; clean_temp; exit' INT TERM EXIT
|
||||
add_if
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
add_if
|
||||
set_config
|
||||
for i in "${ADDRESSES[@]}"; do
|
||||
add_addr "$i"
|
||||
|
|
|
|||
|
|
@ -220,9 +220,9 @@ add_default() {
|
|||
fi
|
||||
local proto=-4 iptables=iptables pf=ip
|
||||
[[ $1 == *:* ]] && proto=-6 iptables=ip6tables pf=ip6
|
||||
cmd ip $proto route add "$1" dev "$INTERFACE" table $table
|
||||
cmd ip $proto rule add not fwmark $table table $table
|
||||
cmd ip $proto rule add table main suppress_prefixlength 0
|
||||
cmd ip $proto route add "$1" dev "$INTERFACE" table $table
|
||||
|
||||
local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd
|
||||
printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable"
|
||||
|
|
@ -327,8 +327,8 @@ cmd_up() {
|
|||
local i
|
||||
[[ -z $(ip link show dev "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists"
|
||||
trap 'del_if; exit' INT TERM EXIT
|
||||
add_if
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
add_if
|
||||
set_config
|
||||
for i in "${ADDRESSES[@]}"; do
|
||||
add_addr "$i"
|
||||
|
|
|
|||
|
|
@ -266,42 +266,30 @@ monitor_daemon() {
|
|||
echo "[+] Backgrounding route monitor" >&2
|
||||
(trap 'del_routes; exit 0' INT TERM EXIT
|
||||
exec >/dev/null 2>&1
|
||||
exec 19< <(exec route -n monitor)
|
||||
local event pid=$!
|
||||
local event
|
||||
# TODO: this should also check to see if the endpoint actually changes
|
||||
# in response to incoming packets, and then call set_endpoint_direct_route
|
||||
# then too. That function should be able to gracefully cleanup if the
|
||||
# endpoints change.
|
||||
while read -u 19 -r event; do
|
||||
while read -r event; do
|
||||
[[ $event == RTM_* ]] || continue
|
||||
ifconfig "$REAL_INTERFACE" >/dev/null 2>&1 || break
|
||||
[[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route
|
||||
# TODO: set the mtu as well, but only if up
|
||||
done
|
||||
kill $pid) & disown
|
||||
done < <(route -n monitor)) & disown
|
||||
}
|
||||
|
||||
set_dns() {
|
||||
[[ ${#DNS[@]} -gt 0 ]] || return 0
|
||||
|
||||
# TODO: add exclusive support for nameservers
|
||||
if pgrep -qx unwind; then
|
||||
echo "[!] WARNING: unwind will leak DNS queries" >&2
|
||||
elif pgrep -qx resolvd; then
|
||||
echo "[!] WARNING: resolvd may leak DNS queries" >&2
|
||||
else
|
||||
echo "[+] resolvd is not running, DNS will not be configured" >&2
|
||||
return 0
|
||||
fi
|
||||
|
||||
# TODO: this is a horrible way of doing it. Has OpenBSD no resolvconf?
|
||||
cmd cp /etc/resolv.conf "/etc/resolv.conf.wg-quick-backup.$INTERFACE"
|
||||
[[ ${#DNS_SEARCH[@]} -eq 0 ]] || cmd printf 'search %s\n' "${DNS_SEARCH[*]}" > /etc/resolv.conf
|
||||
route nameserver ${REAL_INTERFACE} ${DNS[@]}
|
||||
{ cmd printf 'nameserver %s\n' "${DNS[@]}"
|
||||
[[ ${#DNS_SEARCH[@]} -eq 0 ]] || cmd printf 'search %s\n' "${DNS_SEARCH[*]}"
|
||||
} > /etc/resolv.conf
|
||||
}
|
||||
|
||||
unset_dns() {
|
||||
[[ -f "/etc/resolv.conf.wg-quick-backup.$INTERFACE" ]] || return 0
|
||||
route nameserver ${REAL_INTERFACE}
|
||||
cmd mv "/etc/resolv.conf.wg-quick-backup.$INTERFACE" /etc/resolv.conf
|
||||
}
|
||||
|
||||
|
|
@ -417,8 +405,8 @@ cmd_up() {
|
|||
local i
|
||||
get_real_interface && die "\`$INTERFACE' already exists as \`$REAL_INTERFACE'"
|
||||
trap 'del_if; del_routes; exit' INT TERM EXIT
|
||||
add_if
|
||||
execute_hooks "${PRE_UP[@]}"
|
||||
add_if
|
||||
set_config
|
||||
for i in "${ADDRESSES[@]}"; do
|
||||
add_addr "$i"
|
||||
|
|
|
|||
2
src/wg.c
2
src/wg.c
|
|
@ -1,4 +1,4 @@
|
|||
// SPDX-License-Identifier: GPL-2.0 OR MIT
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,61 +0,0 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0
|
||||
*
|
||||
* Copyright (C) 2018-2021 WireGuard LLC. All Rights Reserved.
|
||||
*/
|
||||
|
||||
#ifndef _HASHTABLE_H
|
||||
#define _HASHTABLE_H
|
||||
|
||||
#include <string.h>
|
||||
|
||||
enum { HASHTABLE_ENTRY_BUCKETS_POW2 = 1 << 10 };
|
||||
|
||||
struct hashtable_entry {
|
||||
char *key;
|
||||
void *value;
|
||||
struct hashtable_entry *next;
|
||||
};
|
||||
|
||||
struct hashtable {
|
||||
struct hashtable_entry *entry_buckets[HASHTABLE_ENTRY_BUCKETS_POW2];
|
||||
};
|
||||
|
||||
static unsigned int hashtable_bucket(const char *str)
|
||||
{
|
||||
unsigned long hash = 5381;
|
||||
char c;
|
||||
while ((c = *str++))
|
||||
hash = ((hash << 5) + hash) ^ c;
|
||||
return hash & (HASHTABLE_ENTRY_BUCKETS_POW2 - 1);
|
||||
}
|
||||
|
||||
static struct hashtable_entry *hashtable_find_entry(struct hashtable *hashtable, const char *key)
|
||||
{
|
||||
struct hashtable_entry *entry;
|
||||
for (entry = hashtable->entry_buckets[hashtable_bucket(key)]; entry; entry = entry->next) {
|
||||
if (!strcmp(entry->key, key))
|
||||
return entry;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static struct hashtable_entry *hashtable_find_or_insert_entry(struct hashtable *hashtable, const char *key)
|
||||
{
|
||||
struct hashtable_entry **entry;
|
||||
for (entry = &hashtable->entry_buckets[hashtable_bucket(key)]; *entry; entry = &(*entry)->next) {
|
||||
if (!strcmp((*entry)->key, key))
|
||||
return *entry;
|
||||
}
|
||||
*entry = calloc(1, sizeof(**entry));
|
||||
if (!*entry)
|
||||
return NULL;
|
||||
(*entry)->key = strdup(key);
|
||||
if (!(*entry)->key) {
|
||||
free(*entry);
|
||||
*entry = NULL;
|
||||
return NULL;
|
||||
}
|
||||
return *entry;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
@ -10,22 +10,12 @@
|
|||
#define ENABLE_VIRTUAL_TERMINAL_PROCESSING 0x4
|
||||
#endif
|
||||
|
||||
extern void NTAPI RtlGetNtVersionNumbers(DWORD *major, DWORD *minor, DWORD *build);
|
||||
bool is_win7 = false;
|
||||
|
||||
__attribute__((constructor)) static void init(void)
|
||||
{
|
||||
char *colormode;
|
||||
DWORD console_mode, major, minor;
|
||||
DWORD console_mode;
|
||||
HANDLE stdout_handle;
|
||||
WSADATA wsaData;
|
||||
|
||||
if (!SetDllDirectoryA("") || !SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32))
|
||||
abort();
|
||||
|
||||
RtlGetNtVersionNumbers(&major, &minor, NULL);
|
||||
is_win7 = (major == 6 && minor <= 1) || major < 6;
|
||||
|
||||
WSAStartup(MAKEWORD(2, 2), &wsaData);
|
||||
|
||||
stdout_handle = GetStdHandle(STD_OUTPUT_HANDLE); // We don't close this.
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
||||
#include <windows.h>
|
||||
#include <delayimp.h>
|
||||
|
||||
static FARPROC WINAPI delayed_load_library_hook(unsigned dliNotify, PDelayLoadInfo pdli)
|
||||
{
|
||||
HMODULE library;
|
||||
if (dliNotify != dliNotePreLoadLibrary)
|
||||
return NULL;
|
||||
library = LoadLibraryExA(pdli->szDll, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
|
||||
if (!library)
|
||||
abort();
|
||||
return (FARPROC)library;
|
||||
}
|
||||
|
||||
PfnDliHook __pfnDliNotifyHook2 = delayed_load_library_hook;
|
||||
Loading…
Reference in New Issue