cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

wireguard.h (7748B)

      1/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT */
      2/*
      3 * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
      4 *
      5 * Documentation
      6 * =============
      7 *
      8 * The below enums and macros are for interfacing with WireGuard, using generic
      9 * netlink, with family WG_GENL_NAME and version WG_GENL_VERSION. It defines two
     10 * methods: get and set. Note that while they share many common attributes,
     11 * these two functions actually accept a slightly different set of inputs and
     12 * outputs.
     13 *
     14 * WG_CMD_GET_DEVICE
     15 * -----------------
     16 *
     17 * May only be called via NLM_F_REQUEST | NLM_F_DUMP. The command should contain
     18 * one but not both of:
     19 *
     20 *    WGDEVICE_A_IFINDEX: NLA_U32
     21 *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
     22 *
     23 * The kernel will then return several messages (NLM_F_MULTI) containing the
     24 * following tree of nested items:
     25 *
     26 *    WGDEVICE_A_IFINDEX: NLA_U32
     27 *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
     28 *    WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
     29 *    WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
     30 *    WGDEVICE_A_LISTEN_PORT: NLA_U16
     31 *    WGDEVICE_A_FWMARK: NLA_U32
     32 *    WGDEVICE_A_PEERS: NLA_NESTED
     33 *        0: NLA_NESTED
     34 *            WGPEER_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
     35 *            WGPEER_A_PRESHARED_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
     36 *            WGPEER_A_ENDPOINT: NLA_MIN_LEN(struct sockaddr), struct sockaddr_in or struct sockaddr_in6
     37 *            WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: NLA_U16
     38 *            WGPEER_A_LAST_HANDSHAKE_TIME: NLA_EXACT_LEN, struct __kernel_timespec
     39 *            WGPEER_A_RX_BYTES: NLA_U64
     40 *            WGPEER_A_TX_BYTES: NLA_U64
     41 *            WGPEER_A_ALLOWEDIPS: NLA_NESTED
     42 *                0: NLA_NESTED
     43 *                    WGALLOWEDIP_A_FAMILY: NLA_U16
     44 *                    WGALLOWEDIP_A_IPADDR: NLA_MIN_LEN(struct in_addr), struct in_addr or struct in6_addr
     45 *                    WGALLOWEDIP_A_CIDR_MASK: NLA_U8
     46 *                0: NLA_NESTED
     47 *                    ...
     48 *                0: NLA_NESTED
     49 *                    ...
     50 *                ...
     51 *            WGPEER_A_PROTOCOL_VERSION: NLA_U32
     52 *        0: NLA_NESTED
     53 *            ...
     54 *        ...
     55 *
     56 * It is possible that all of the allowed IPs of a single peer will not
     57 * fit within a single netlink message. In that case, the same peer will
     58 * be written in the following message, except it will only contain
     59 * WGPEER_A_PUBLIC_KEY and WGPEER_A_ALLOWEDIPS. This may occur several
     60 * times in a row for the same peer. It is then up to the receiver to
     61 * coalesce adjacent peers. Likewise, it is possible that all peers will
     62 * not fit within a single message. So, subsequent peers will be sent
     63 * in following messages, except those will only contain WGDEVICE_A_IFNAME
     64 * and WGDEVICE_A_PEERS. It is then up to the receiver to coalesce these
     65 * messages to form the complete list of peers.
     66 *
     67 * Since this is an NLA_F_DUMP command, the final message will always be
     68 * NLMSG_DONE, even if an error occurs. However, this NLMSG_DONE message
     69 * contains an integer error code. It is either zero or a negative error
     70 * code corresponding to the errno.
     71 *
     72 * WG_CMD_SET_DEVICE
     73 * -----------------
     74 *
     75 * May only be called via NLM_F_REQUEST. The command should contain the
     76 * following tree of nested items, containing one but not both of
     77 * WGDEVICE_A_IFINDEX and WGDEVICE_A_IFNAME:
     78 *
     79 *    WGDEVICE_A_IFINDEX: NLA_U32
     80 *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
     81 *    WGDEVICE_A_FLAGS: NLA_U32, 0 or WGDEVICE_F_REPLACE_PEERS if all current
     82 *                      peers should be removed prior to adding the list below.
     83 *    WGDEVICE_A_PRIVATE_KEY: len WG_KEY_LEN, all zeros to remove
     84 *    WGDEVICE_A_LISTEN_PORT: NLA_U16, 0 to choose randomly
     85 *    WGDEVICE_A_FWMARK: NLA_U32, 0 to disable
     86 *    WGDEVICE_A_PEERS: NLA_NESTED
     87 *        0: NLA_NESTED
     88 *            WGPEER_A_PUBLIC_KEY: len WG_KEY_LEN
     89 *            WGPEER_A_FLAGS: NLA_U32, 0 and/or WGPEER_F_REMOVE_ME if the
     90 *                            specified peer should not exist at the end of the
     91 *                            operation, rather than added/updated and/or
     92 *                            WGPEER_F_REPLACE_ALLOWEDIPS if all current allowed
     93 *                            IPs of this peer should be removed prior to adding
     94 *                            the list below and/or WGPEER_F_UPDATE_ONLY if the
     95 *                            peer should only be set if it already exists.
     96 *            WGPEER_A_PRESHARED_KEY: len WG_KEY_LEN, all zeros to remove
     97 *            WGPEER_A_ENDPOINT: struct sockaddr_in or struct sockaddr_in6
     98 *            WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: NLA_U16, 0 to disable
     99 *            WGPEER_A_ALLOWEDIPS: NLA_NESTED
    100 *                0: NLA_NESTED
    101 *                    WGALLOWEDIP_A_FAMILY: NLA_U16
    102 *                    WGALLOWEDIP_A_IPADDR: struct in_addr or struct in6_addr
    103 *                    WGALLOWEDIP_A_CIDR_MASK: NLA_U8
    104 *                0: NLA_NESTED
    105 *                    ...
    106 *                0: NLA_NESTED
    107 *                    ...
    108 *                ...
    109 *            WGPEER_A_PROTOCOL_VERSION: NLA_U32, should not be set or used at
    110 *                                       all by most users of this API, as the
    111 *                                       most recent protocol will be used when
    112 *                                       this is unset. Otherwise, must be set
    113 *                                       to 1.
    114 *        0: NLA_NESTED
    115 *            ...
    116 *        ...
    117 *
    118 * It is possible that the amount of configuration data exceeds that of
    119 * the maximum message length accepted by the kernel. In that case, several
    120 * messages should be sent one after another, with each successive one
    121 * filling in information not contained in the prior. Note that if
    122 * WGDEVICE_F_REPLACE_PEERS is specified in the first message, it probably
    123 * should not be specified in fragments that come after, so that the list
    124 * of peers is only cleared the first time but appended after. Likewise for
    125 * peers, if WGPEER_F_REPLACE_ALLOWEDIPS is specified in the first message
    126 * of a peer, it likely should not be specified in subsequent fragments.
    127 *
    128 * If an error occurs, NLMSG_ERROR will reply containing an errno.
    129 */
    130
    131#ifndef _WG_UAPI_WIREGUARD_H
    132#define _WG_UAPI_WIREGUARD_H
    133
    134#define WG_GENL_NAME "wireguard"
    135#define WG_GENL_VERSION 1
    136
    137#define WG_KEY_LEN 32
    138
    139enum wg_cmd {
    140	WG_CMD_GET_DEVICE,
    141	WG_CMD_SET_DEVICE,
    142	__WG_CMD_MAX
    143};
    144#define WG_CMD_MAX (__WG_CMD_MAX - 1)
    145
    146enum wgdevice_flag {
    147	WGDEVICE_F_REPLACE_PEERS = 1U << 0,
    148	__WGDEVICE_F_ALL = WGDEVICE_F_REPLACE_PEERS
    149};
    150enum wgdevice_attribute {
    151	WGDEVICE_A_UNSPEC,
    152	WGDEVICE_A_IFINDEX,
    153	WGDEVICE_A_IFNAME,
    154	WGDEVICE_A_PRIVATE_KEY,
    155	WGDEVICE_A_PUBLIC_KEY,
    156	WGDEVICE_A_FLAGS,
    157	WGDEVICE_A_LISTEN_PORT,
    158	WGDEVICE_A_FWMARK,
    159	WGDEVICE_A_PEERS,
    160	__WGDEVICE_A_LAST
    161};
    162#define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1)
    163
    164enum wgpeer_flag {
    165	WGPEER_F_REMOVE_ME = 1U << 0,
    166	WGPEER_F_REPLACE_ALLOWEDIPS = 1U << 1,
    167	WGPEER_F_UPDATE_ONLY = 1U << 2,
    168	__WGPEER_F_ALL = WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS |
    169			 WGPEER_F_UPDATE_ONLY
    170};
    171enum wgpeer_attribute {
    172	WGPEER_A_UNSPEC,
    173	WGPEER_A_PUBLIC_KEY,
    174	WGPEER_A_PRESHARED_KEY,
    175	WGPEER_A_FLAGS,
    176	WGPEER_A_ENDPOINT,
    177	WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL,
    178	WGPEER_A_LAST_HANDSHAKE_TIME,
    179	WGPEER_A_RX_BYTES,
    180	WGPEER_A_TX_BYTES,
    181	WGPEER_A_ALLOWEDIPS,
    182	WGPEER_A_PROTOCOL_VERSION,
    183	__WGPEER_A_LAST
    184};
    185#define WGPEER_A_MAX (__WGPEER_A_LAST - 1)
    186
    187enum wgallowedip_attribute {
    188	WGALLOWEDIP_A_UNSPEC,
    189	WGALLOWEDIP_A_FAMILY,
    190	WGALLOWEDIP_A_IPADDR,
    191	WGALLOWEDIP_A_CIDR_MASK,
    192	__WGALLOWEDIP_A_LAST
    193};
    194#define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_LAST - 1)
    195
    196#endif /* _WG_UAPI_WIREGUARD_H */