4 * Copyright (C) 2019 Daniel Wagner. All rights reserved.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29 #include <arpa/inet.h>
30 #include <sys/types.h>
31 #include <sys/socket.h>
36 #define CONNMAN_API_SUBJECT_TO_CHANGE
37 #include <connman/plugin.h>
38 #include <connman/log.h>
39 #include <connman/task.h>
40 #include <connman/ipconfig.h>
41 #include <connman/inet.h>
42 #include <connman/dbus.h>
43 #include <connman/setting.h>
44 #include <connman/vpn-dbus.h>
46 #include "../vpn-provider.h"
50 #include "wireguard.h"
52 static int parse_key(const char *str, wg_key key)
57 buf = g_base64_decode(str, &len);
70 static int parse_allowed_ips(const char *allowed_ips, wg_peer *peer)
72 struct wg_allowedip *curaip, *allowedip;
73 char buf[INET6_ADDRSTRLEN];
74 char **tokens, **toks;
79 tokens = g_strsplit(allowed_ips, ", ", -1);
80 for (i = 0; tokens[i]; i++) {
81 toks = g_strsplit(tokens[i], "/", -1);
82 if (g_strv_length(toks) != 2) {
83 DBG("Ignore AllowedIPs value %s", tokens[i]);
88 allowedip = g_malloc0(sizeof(*allowedip));
90 if (inet_pton(AF_INET, toks[0], buf) == 1) {
91 allowedip->family = AF_INET;
92 memcpy(&allowedip->ip4, buf, sizeof(allowedip->ip4));
93 } else if (inet_pton(AF_INET6, toks[0], buf) == 1) {
94 allowedip->family = AF_INET6;
95 memcpy(&allowedip->ip6, buf, sizeof(allowedip->ip6));
97 DBG("Ignore AllowedIPs value %s", tokens[i]);
103 allowedip->cidr = g_ascii_strtoull(toks[1], &send, 10);
106 peer->first_allowedip = allowedip;
108 curaip->next_allowedip = allowedip;
113 peer->last_allowedip = curaip;
119 static int parse_endpoint(const char *host, const char *port, wg_peer *peer)
121 struct addrinfo hints;
122 struct addrinfo *result, *rp;
125 memset(&hints, 0, sizeof(struct addrinfo));
126 hints.ai_family = AF_UNSPEC;
127 hints.ai_socktype = SOCK_DGRAM;
129 hints.ai_protocol = 0;
131 if (getaddrinfo(host, port, &hints, &result) < 0) {
132 DBG("Failed to resolve host address");
136 for (rp = result; rp; rp = rp->ai_next) {
137 sk = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
140 if (connect(sk, rp->ai_addr, rp->ai_addrlen) != -1) {
150 freeaddrinfo(result);
154 memcpy(&peer->endpoint.addr, rp->ai_addr, rp->ai_addrlen);
155 freeaddrinfo(result);
160 static int parse_address(const char *address, const char *gateway,
161 struct connman_ipaddress **ipaddress)
163 char buf[INET6_ADDRSTRLEN];
164 unsigned char prefixlen;
169 tokens = g_strsplit(address, "/", -1);
170 if (g_strv_length(tokens) != 2) {
175 prefixlen = g_ascii_strtoull(tokens[1], &end, 10);
177 if (inet_pton(AF_INET, tokens[0], buf) == 1) {
178 netmask = g_strdup_printf("%d.%d.%d.%d",
179 ((0xffffffff << (32 - prefixlen)) >> 24) & 0xff,
180 ((0xffffffff << (32 - prefixlen)) >> 16) & 0xff,
181 ((0xffffffff << (32 - prefixlen)) >> 8) & 0xff,
182 ((0xffffffff << (32 - prefixlen)) >> 0) & 0xff);
184 *ipaddress = connman_ipaddress_alloc(AF_INET);
185 err = connman_ipaddress_set_ipv4(*ipaddress, tokens[0],
188 } else if (inet_pton(AF_INET6, tokens[0], buf) == 1) {
189 *ipaddress = connman_ipaddress_alloc(AF_INET6);
190 err = connman_ipaddress_set_ipv6(*ipaddress, tokens[0],
193 DBG("Invalid Wireguard.Address value");
199 connman_ipaddress_free(*ipaddress);
209 static void ifname_check_cb(int index, void *user_data)
211 struct ifname_data *data = (struct ifname_data *)user_data;
214 ifname = connman_inet_ifname(index);
216 if (!g_strcmp0(ifname, data->ifname))
220 static char *get_ifname(void)
222 struct ifname_data data;
225 for (i = 0; i < 256; i++) {
226 data.ifname = g_strdup_printf("wg%d", i);
228 __vpn_ipconfig_foreach(ifname_check_cb, &data);
239 struct wireguard_info {
240 struct wg_device device;
244 static int wg_connect(struct vpn_provider *provider,
245 struct connman_task *task, const char *if_name,
246 vpn_provider_connect_cb_t cb,
247 const char *dbus_sender, void *user_data)
249 struct connman_ipaddress *ipaddress = NULL;
250 struct wireguard_info *info;
251 const char *option, *gateway;
255 info = g_malloc0(sizeof(struct wireguard_info));
256 info->peer.flags = WGPEER_HAS_PUBLIC_KEY | WGPEER_REPLACE_ALLOWEDIPS;
257 info->device.flags = WGDEVICE_HAS_PRIVATE_KEY;
258 info->device.first_peer = &info->peer;
259 info->device.last_peer = &info->peer;
261 vpn_provider_set_plugin_data(provider, info);
263 option = vpn_provider_get_string(provider, "WireGuard.ListenPort");
266 info->device.listen_port = g_ascii_strtoull(option, &end, 10);
267 info->device.flags |= WGDEVICE_HAS_LISTEN_PORT;
270 option = vpn_provider_get_string(provider, "WireGuard.DNS");
272 err = vpn_provider_set_nameservers(provider, option);
277 option = vpn_provider_get_string(provider, "WireGuard.PrivateKey");
279 DBG("WireGuard.PrivateKey is missing");
282 err = parse_key(option, info->device.private_key);
286 option = vpn_provider_get_string(provider, "WireGuard.PublicKey");
288 DBG("WireGuard.PublicKey is missing");
291 err = parse_key(option, info->peer.public_key);
295 option = vpn_provider_get_string(provider, "WireGuard.PresharedKey");
297 info->peer.flags |= WGPEER_HAS_PRESHARED_KEY;
298 err = parse_key(option, info->peer.preshared_key);
303 option = vpn_provider_get_string(provider, "WireGuard.AllowedIPs");
305 DBG("WireGuard.AllowedIPs is missing");
308 err = parse_allowed_ips(option, &info->peer);
312 option = vpn_provider_get_string(provider,
313 "WireGuard.PersistentKeepalive");
316 info->peer.persistent_keepalive_interval =
317 g_ascii_strtoull(option, &end, 10);
318 info->peer.flags |= WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL;
321 option = vpn_provider_get_string(provider, "WireGuard.EndpointPort");
325 gateway = vpn_provider_get_string(provider, "Host");
326 err = parse_endpoint(gateway, option, &info->peer);
330 option = vpn_provider_get_string(provider, "WireGuard.Address");
332 DBG("Missing WireGuard.Address configuration");
335 err = parse_address(option, gateway, &ipaddress);
339 ifname = get_ifname();
341 DBG("Failed to find an usable device name");
345 stpncpy(info->device.name, ifname, sizeof(info->device.name));
348 err = wg_add_device(info->device.name);
350 DBG("Failed to creating WireGuard device %s", info->device.name);
354 err = wg_set_device(&info->device);
356 DBG("Failed to configure WireGuard device %s", info->device.name);
357 wg_del_device(info->device.name);
360 vpn_set_ifname(provider, info->device.name);
362 vpn_provider_set_ipaddress(provider, ipaddress);
366 cb(provider, user_data, err);
368 connman_ipaddress_free(ipaddress);
373 static void wg_disconnect(struct vpn_provider *provider)
375 struct wireguard_info *info;
377 info = vpn_provider_get_plugin_data(provider);
380 vpn_provider_set_plugin_data(provider, NULL);
382 wg_del_device(info->device.name);
387 static struct vpn_driver vpn_driver = {
388 .flags = VPN_FLAG_NO_TUN | VPN_FLAG_NO_DAEMON,
389 .connect = wg_connect,
390 .disconnect = wg_disconnect,
393 static int wg_init(void)
395 return vpn_register("wireguard", &vpn_driver, NULL);
398 static void wg_exit(void)
400 vpn_unregister("wireguard");
403 CONNMAN_PLUGIN_DEFINE(wireguard, "WireGuard VPN plugin", VERSION,
404 CONNMAN_PLUGIN_PRIORITY_DEFAULT, wg_init, wg_exit)