Merge pull request #1 from amnezia-vpn/new_fields_to_config

New fields to config

.github/workflows/windows-build.yml

@@ -0,0 +1,69 @@
+name: windows-wg
+
+on: [push]
+
+
+jobs:
+
+  Build-Libs-WireGuard-Windows:
+    name: 'Build-Libs-WireGuard-Windows'
+    runs-on: windows-latest
+
+    steps:
+
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/[email protected]
+
+    - name: 'Get sources'
+      uses: actions/checkout@v3
+
+    - name: 'Get Wireguard-Tools'
+      uses: actions/checkout@v3
+      with:
+        repository: amnezia-vpn/amnezia-wg-tools
+        ref: master
+        path: windows/wireguard-tools-windows
+
+    - name: 'Build WireGuard Tools binary'
+      working-directory: windows/wireguard-tools-windows
+      run: |
+        cmd /c build.cmd
+        mkdir build
+        move x64 build\x64
+        move x86 build\x86
+        move arm64 build\arm64
+    
+    - name: Archive WG Windows 
+      uses: actions/upload-artifact@v3
+      with:
+        retention-days: 1
+        name: windows-wireguard-tools
+        path: windows/wireguard-tools-windows/build           
+
+  github-release:
+    name: GitHub Release
+    needs: Build-Libs-WireGuard-Windows
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+
+    steps:
+      - name: Setup | Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup | Artifacts
+        uses: actions/download-artifact@v2
+
+      - name: Setup | Checksums
+        run: for file in $(find ./ -name '*.exe' ); do openssl dgst -sha256 -r "$file" | awk '{print $1}' > "${file}.sha256"; done
+
+      - name: Zip ALL
+        run: for file in *; do zip -r ${file%.*}.zip  $file; done
+
+      - name: Upload binaries to release
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: windows-wireguard-tools.zip
+          tag: ${{ github.ref }}
+          overwrite: true
+          file_glob: true  

.gitignore

@@ -15,3 +15,8 @@ src/wg.exe
 *.til
 *.pro.user
 maint/
+.deps/
+*.syso
+x64/
+x86/
+arm64/

build.cmd

@@ -0,0 +1,56 @@
+@echo off
+rem SPDX-License-Identifier: MIT
+rem Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+
+setlocal enabledelayedexpansion
+set BUILDDIR=%~dp0
+set PATH=%BUILDDIR%.deps\llvm-mingw\bin;%BUILDDIR%src;%PATH%
+set PATHEXT=.exe
+cd /d %BUILDDIR% || exit /b 1
+
+if exist .deps/prepared goto :build
+:installdeps
+	rmdir /s /q .deps 2> NUL
+	mkdir .deps || goto :error
+	cd  .deps || goto :error
+	call :download llvm-mingw-msvcrt.zip https://download.wireguard.com/windows-toolchain/distfiles/llvm-mingw-20201020-msvcrt-x86_64.zip 2e46593245090df96d15e360e092f0b62b97e93866e0162dca7f93b16722b844 || goto :error
+	call :download wireguard-nt.zip https://download.wireguard.com/wireguard-nt/wireguard-nt-0.10.1.zip 772c0b1463d8d2212716f43f06f4594d880dea4f735165bd68e388fc41b81605 || goto :error
+	copy /y NUL prepared > NUL || goto :error
+	cd .. || goto :error
+
+:build
+	call :build_plat x64 x86_64 amd64 || goto :error
+	call :build_plat x86 i686 386 || goto :error
+	call :build_plat arm64 aarch64 arm64 || goto :error
+
+:success
+	echo [+] Success
+	exit /b 0
+
+:download
+	echo [+] Downloading %1
+	curl -#fLo %1 %2 || exit /b 1
+	echo [+] Verifying %1
+	for /f %%a in ('CertUtil -hashfile %1 SHA256 ^| findstr /r "^[0-9a-f]*$"') do if not "%%a"=="%~3" exit /b 1
+	echo [+] Extracting %1
+	tar -xf %1 %~4 || exit /b 1
+	echo [+] Cleaning up %1
+	del %1 || exit /b 1
+	goto :eof
+
+:build_plat
+	mkdir %1 >NUL 2>&1
+	echo [+] Assembling resources %1
+	%~2-w64-mingw32-windres -I ".deps\wireguard-nt\bin\%~1" -DWIREGUARD_VERSION_ARRAY=0.5.3 -DWIREGUARD_VERSION_STR=0.5.3 -i src/wincompat/resources.rc -o "src/wincompat/resources_%~3.syso" -O coff -c 65001 || exit /b %errorlevel%
+	echo [+] Building command line tools %1
+	del src\*.exe src\*.o src\wincompat\*.o src\wincompat\*.lib 2> NUL
+	set LDFLAGS=-s
+	make --no-print-directory -C src PLATFORM=windows CC=%~2-w64-mingw32-gcc WINDRES=%~2-w64-mingw32-windres V=1 RUNSTATEDIR= SYSTEMDUNITDIR= -j%NUMBER_OF_PROCESSORS% || exit /b 1
+	move /Y src\wg.exe "%~1\wg.exe" > NUL || exit /b 1
+	goto :eof
+
+:error
+	echo [-] Failed with error #%errorlevel%.
+	cmd /c exit %errorlevel%
+
+

src/Makefile

@@ -38,11 +38,12 @@ endif
 PLATFORM ?= $(shell uname -s | tr '[:upper:]' '[:lower:]')
 
 CFLAGS ?= -O3
+
 ifneq ($(wildcard uapi/$(PLATFORM)/.),)
-CFLAGS += -idirafter uapi/$(PLATFORM)
+CFLAGS += -I uapi/$(PLATFORM)
 endif
 CFLAGS += -std=gnu99 -D_GNU_SOURCE
-CFLAGS += -Wall -Wextra
+CFLAGS += -Wall -Wextra 
 CFLAGS += -MMD -MP
 CFLAGS += -DRUNSTATEDIR="\"$(RUNSTATEDIR)\""
 ifeq ($(DEBUG),yes)

src/config.c

@@ -410,6 +410,43 @@ static inline bool parse_allowedips(struct wgpeer *peer, struct wgallowedip **la
 	return false;
 }
 
+static inline bool parse_uint16(uint16_t *device_value, const char *name, const char *value) {
+
+	if (!strlen(value)) {
+		fprintf(stderr, "Unable to parse empty string\n");
+		return false;
+	}
+
+	char *end;
+	uint32_t ret;
+	ret = strtoul(value, &end, 10);
+
+	if (*end || ret > UINT16_MAX) {
+		fprintf(stderr, "Unable to parse %s: `%s'\n", name, value);
+		exit(1);
+	}
+	*device_value = (uint16_t)ret;
+	return true;
+}
+
+static inline bool parse_uint32(uint32_t *device_value, const char *name, const char *value) {
+
+	if (!strlen(value)) {
+		fprintf(stderr, "Unable to parse empty string\n");
+		return false;
+	}
+
+	char *end;
+	uint64_t ret;
+	ret = strtoul(value, &end, 10);
+	if (*end || ret > UINT32_MAX) {
+		fprintf(stderr, "Unable to parse %s: `%s'\n", name, value);
+		exit(1);
+	}
+	*device_value = (uint32_t)ret;
+	return true;
+}
+
 static bool process_line(struct config_ctx *ctx, const char *line)
 {
 	const char *value;
@@ -450,6 +487,42 @@ static bool process_line(struct config_ctx *ctx, const char *line)
 			ret = parse_key(ctx->device->private_key, value);
 			if (ret)
 				ctx->device->flags |= WGDEVICE_HAS_PRIVATE_KEY;
+		} else if (key_match("Jc")) {
+			ret = parse_uint16(&ctx->device->junk_packet_count, "Jc", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_JC;
+		} else if (key_match("Jmin")) {
+			ret = parse_uint16(&ctx->device->junk_packet_min_size, "Jmin", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_JMIN;
+		} else if (key_match("Jmax")) {
+			ret = parse_uint16(&ctx->device->junk_packet_max_size, "Jmax", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_JMAX;
+		} else if (key_match("S1")) {
+			ret = parse_uint16(&ctx->device->init_packet_junk_size, "S1", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_S1;
+		} else if (key_match("S2")) {
+			ret = parse_uint16(&ctx->device->response_packet_junk_size, "S2", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_S2;
+		} else if (key_match("H1")) {
+			ret = parse_uint32(&ctx->device->init_packet_magic_header, "H1", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_H1;
+		} else if (key_match("H2")) {
+			ret = parse_uint32(&ctx->device->response_packet_magic_header, "H2", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_H2;
+		} else if (key_match("H3")) {
+			ret = parse_uint32(&ctx->device->underload_packet_magic_header, "H3", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_H3;
+		} else if (key_match("H4")) {
+			ret = parse_uint32(&ctx->device->transport_packet_magic_header, "H4", value);
+			if (ret)
+				ctx->device->flags |= WGDEVICE_HAS_H4;
 		} else
 			goto error;
 	} else if (ctx->is_peer_section) {
@@ -523,7 +596,7 @@ bool config_read_init(struct config_ctx *ctx, bool append)
 		return false;
 	}
 	if (!append)
-		ctx->device->flags |= WGDEVICE_REPLACE_PEERS | WGDEVICE_HAS_PRIVATE_KEY | WGDEVICE_HAS_FWMARK | WGDEVICE_HAS_LISTEN_PORT;
+		ctx->device->flags |= WGDEVICE_REPLACE_PEERS | WGDEVICE_HAS_PRIVATE_KEY | WGDEVICE_HAS_FWMARK;
 	return true;
 }
 
@@ -588,6 +661,69 @@ struct wgdevice *config_read_cmd(const char *argv[], int argc)
 			device->flags |= WGDEVICE_HAS_PRIVATE_KEY;
 			argv += 2;
 			argc -= 2;
+		} else if (!strcmp(argv[0], "jc") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->junk_packet_count, "jc", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_JC;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "jmin") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->junk_packet_min_size, "jmin", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_JMIN;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "jmax") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->junk_packet_max_size, "jmax", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_JMAX;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "s1") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->init_packet_junk_size, "s1", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_S1;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "s2") && argc >= 2 && !peer) {
+			if (!parse_uint16(&device->response_packet_junk_size, "s2", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_S2;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "h1") && argc >= 2 && !peer) {
+			if (!parse_uint32(&device->init_packet_magic_header, "h1", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_H1;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "h2") && argc >= 2 && !peer) {
+			if (!parse_uint32(&device->response_packet_magic_header, "h2", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_H2;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "h3") && argc >= 2 && !peer) {
+			if (!parse_uint32(&device->underload_packet_magic_header, "h3", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_H3;
+			argv += 2;
+			argc -= 2;
+		} else if (!strcmp(argv[0], "h4") && argc >= 2 && !peer) {
+			if (!parse_uint32(&device->transport_packet_magic_header, "h4", argv[1]))
+				goto error;
+
+			device->flags |= WGDEVICE_HAS_H4;
+			argv += 2;
+			argc -= 2;
 		} else if (!strcmp(argv[0], "peer") && argc >= 2) {
 			struct wgpeer *new_peer = calloc(1, sizeof(*new_peer));
 

src/containers.h

@@ -71,7 +71,16 @@ enum {
 	WGDEVICE_HAS_PRIVATE_KEY = 1U << 1,
 	WGDEVICE_HAS_PUBLIC_KEY = 1U << 2,
 	WGDEVICE_HAS_LISTEN_PORT = 1U << 3,
-	WGDEVICE_HAS_FWMARK = 1U << 4
+	WGDEVICE_HAS_FWMARK = 1U << 4,
+	WGDEVICE_HAS_JC = 1U << 5,
+	WGDEVICE_HAS_JMIN = 1U << 6,
+	WGDEVICE_HAS_JMAX = 1U << 7,
+	WGDEVICE_HAS_S1 = 1U << 8,
+	WGDEVICE_HAS_S2 = 1U << 9,
+	WGDEVICE_HAS_H1 = 1U << 10,
+	WGDEVICE_HAS_H2 = 1U << 11,
+	WGDEVICE_HAS_H3 = 1U << 12,
+	WGDEVICE_HAS_H4 = 1U << 13
 };
 
 struct wgdevice {
@@ -87,6 +96,16 @@ struct wgdevice {
 	uint16_t listen_port;
 
 	struct wgpeer *first_peer, *last_peer;
+
+	uint16_t junk_packet_count;
+	uint16_t junk_packet_min_size;
+	uint16_t junk_packet_max_size;
+	uint16_t init_packet_junk_size;
+	uint16_t response_packet_junk_size;
+	uint32_t init_packet_magic_header;
+	uint32_t response_packet_magic_header;
+	uint32_t underload_packet_magic_header;
+	uint32_t transport_packet_magic_header;
 };
 
 #define for_each_wgpeer(__dev, __peer) for ((__peer) = (__dev)->first_peer; (__peer); (__peer) = (__peer)->next_peer)