Zephyr API Documentation 4.4.0-rc1
A Scalable Open Source RTOS
Loading...
Searching...
No Matches
wireguard.h
Go to the documentation of this file.
1
6
7/*
8 * Copyright (c) 2026 Nordic Semiconductor ASA
9 *
10 * SPDX-License-Identifier: Apache-2.0
11 */
12
13#ifndef ZEPHYR_INCLUDE_NET_WG_H_
14#define ZEPHYR_INCLUDE_NET_WG_H_
15
24
25#include <sys/types.h>
26#include <zephyr/types.h>
27#include <zephyr/net/socket.h>
28
29#ifdef __cplusplus
30extern "C" {
31#endif
32
34
35#if defined(CONFIG_WIREGUARD)
36#define WIREGUARD_INTERFACE CONFIG_WIREGUARD_INTERFACE
37#else
38#define WIREGUARD_INTERFACE ""
39#endif
40
41#if defined(CONFIG_WIREGUARD_MAX_SRC_IPS)
42#define WIREGUARD_MAX_SRC_IPS CONFIG_WIREGUARD_MAX_SRC_IPS
43#else
44#define WIREGUARD_MAX_SRC_IPS 1
45#endif
46
48
50#define WIREGUARD_TIMESTAMP_LEN (sizeof(uint64_t) + sizeof(uint32_t))
51
53struct wireguard_allowed_ip {
55 struct net_addr addr;
57 uint8_t mask_len;
59 bool is_valid : 1;
60};
61
67struct wireguard_peer_config {
69 const char *public_key;
70
72 const uint8_t *preshared_key;
73
77 uint8_t timestamp[WIREGUARD_TIMESTAMP_LEN];
78
80 struct net_sockaddr_storage endpoint_ip;
81
83 struct wireguard_allowed_ip allowed_ip[WIREGUARD_MAX_SRC_IPS];
84
88 int keepalive_interval;
89};
90
148
160struct net_event_vpn_peer {
162 uint32_t id;
164 const char *public_key;
166 struct net_sockaddr *endpoint;
168 struct wireguard_allowed_ip *allowed_ip[WIREGUARD_MAX_SRC_IPS + 1];
170 int keepalive_interval;
171};
172
185int wireguard_peer_add(struct wireguard_peer_config *peer_config,
186 struct net_if **peer_iface);
187
199int wireguard_peer_remove(int peer_id);
200
208int wireguard_peer_keepalive(int peer_id);
209
224int wireguard_get_current_time(uint64_t *seconds, uint32_t *nanoseconds);
225
226#ifdef __cplusplus
227}
228#endif
229
233
234#endif /* ZEPHYR_INCLUDE_NET_WG_H_ */
wireguard_peer_add
int wireguard_peer_add(struct wireguard_peer_config *peer_config, struct net_if **peer_iface)
Add a Wireguard peer to the system.
wireguard_peer_keepalive
int wireguard_peer_keepalive(int peer_id)
Send a Wireguard keepalive message to peer.
wireguard_get_current_time
int wireguard_get_current_time(uint64_t *seconds, uint32_t *nanoseconds)
Get current time in seconds and nanoseconds from Unix epoch.
WIREGUARD_TIMESTAMP_LEN
#define WIREGUARD_TIMESTAMP_LEN
Timestamp length (64-bit seconds and 32-bit nanoseconds).
Definition wireguard.h:50
wireguard_peer_remove
int wireguard_peer_remove(int peer_id)
Remove a Wireguard peer from the system.
socket.h
BSD Sockets compatible API definitions.
uint32_t
__UINT32_TYPE__ uint32_t
Definition stdint.h:90
uint64_t
__UINT64_TYPE__ uint64_t
Definition stdint.h:91
uint8_t
__UINT8_TYPE__ uint8_t
Definition stdint.h:88
net_event_vpn_peer
Network Management event information structure Used to pass information on network event NET_EVENT_VP...
Definition wireguard.h:160
net_event_vpn_peer::public_key
const char * public_key
VPN peer public key.
Definition wireguard.h:164
net_event_vpn_peer::endpoint
struct net_sockaddr * endpoint
VPN peer endpoint.
Definition wireguard.h:166
net_event_vpn_peer::allowed_ip
struct wireguard_allowed_ip * allowed_ip[WIREGUARD_MAX_SRC_IPS+1]
VPN peer allowed IP address (null terminated list).
Definition wireguard.h:168
net_event_vpn_peer::id
uint32_t id
VPN peer identifier.
Definition wireguard.h:162
net_event_vpn_peer::keepalive_interval
int keepalive_interval
VPN peer keepalive interval.
Definition wireguard.h:170
net_if
Network Interface structure.
Definition net_if.h:731
net_sockaddr
Generic sockaddr struct.
Definition net_ip.h:448
net_stats_vpn
Wireguard VPN statistics.
Definition wireguard.h:92
net_stats_vpn::alloc_failed
uint32_t alloc_failed
Number of allocation failures.
Definition wireguard.h:134
net_stats_vpn::invalid_cookie
uint32_t invalid_cookie
Number of invalid cookie errors.
Definition wireguard.h:122
net_stats_vpn::invalid_mac1
uint32_t invalid_mac1
Number of invalid MAC1 errors.
Definition wireguard.h:124
net_stats_vpn::invalid_keepalive
uint32_t invalid_keepalive
Number of invalid keepalive errors.
Definition wireguard.h:98
net_stats_vpn::handshake_resp_tx
uint32_t handshake_resp_tx
Number of handshake response packets sent.
Definition wireguard.h:106
net_stats_vpn::key_expired
uint32_t key_expired
Number of key expired errors.
Definition wireguard.h:112
net_stats_vpn::invalid_packet
uint32_t invalid_packet
Number of invalid packets.
Definition wireguard.h:114
net_stats_vpn::denied_ip
uint32_t denied_ip
Number of denied IP address.
Definition wireguard.h:140
net_stats_vpn::invalid_mac2
uint32_t invalid_mac2
Number of invalid MAC2 errors.
Definition wireguard.h:126
net_stats_vpn::invalid_handshake
uint32_t invalid_handshake
Number of invalid handshake errors.
Definition wireguard.h:108
net_stats_vpn::drop_rx
uint32_t drop_rx
Number of dropped RX packets.
Definition wireguard.h:130
net_stats_vpn::handshake_resp_rx
uint32_t handshake_resp_rx
Number of handshake response packets received.
Definition wireguard.h:104
net_stats_vpn::valid_rx
uint32_t valid_rx
Number of valid packets received.
Definition wireguard.h:144
net_stats_vpn::peer_not_found
uint32_t peer_not_found
Number of peer not found errors.
Definition wireguard.h:110
net_stats_vpn::invalid_mic
uint32_t invalid_mic
Number of invalid MIC errors.
Definition wireguard.h:118
net_stats_vpn::replay_error
uint32_t replay_error
Number of replay errors.
Definition wireguard.h:142
net_stats_vpn::keepalive_tx
uint32_t keepalive_tx
Number of keepalive packets sent.
Definition wireguard.h:96
net_stats_vpn::invalid_ip_family
uint32_t invalid_ip_family
Number of invalid IP address family.
Definition wireguard.h:138
net_stats_vpn::invalid_key
uint32_t invalid_key
Number of invalid key errors.
Definition wireguard.h:116
net_stats_vpn::keepalive_rx
uint32_t keepalive_rx
Number of keepalive packets received.
Definition wireguard.h:94
net_stats_vpn::valid_tx
uint32_t valid_tx
Number of valid packets sent.
Definition wireguard.h:146
net_stats_vpn::handshake_init_rx
uint32_t handshake_init_rx
Number of handshake init packets received.
Definition wireguard.h:100
net_stats_vpn::drop_tx
uint32_t drop_tx
Number of dropped TX packets.
Definition wireguard.h:132
net_stats_vpn::invalid_packet_len
uint32_t invalid_packet_len
Number of invalid packet length errors.
Definition wireguard.h:120
net_stats_vpn::handshake_init_tx
uint32_t handshake_init_tx
Number of handshake init packets sent.
Definition wireguard.h:102
net_stats_vpn::decrypt_failed
uint32_t decrypt_failed
Number of decrypt failed errors.
Definition wireguard.h:128
net_stats_vpn::invalid_ip_version
uint32_t invalid_ip_version
Number of invalid IP version.
Definition wireguard.h:136
wireguard_allowed_ip
Wireguard allowed IP address struct.
Definition wireguard.h:53
wireguard_allowed_ip::addr
struct net_addr addr
Allowed IPv4 or IPv6 address.
Definition wireguard.h:55
wireguard_allowed_ip::mask_len
uint8_t mask_len
Netmask (for IPv4) or Prefix (for IPv6) length.
Definition wireguard.h:57
wireguard_allowed_ip::is_valid
bool is_valid
Is the allowed IP address valid.
Definition wireguard.h:59
wireguard_peer_config
Wireguard peer configuration information.
Definition wireguard.h:67
wireguard_peer_config::timestamp
uint8_t timestamp[(sizeof(uint64_t)+sizeof(uint32_t))]
What is the largest timestamp we have seen during handshake in order to avoid replays.
Definition wireguard.h:77
wireguard_peer_config::keepalive_interval
int keepalive_interval
Default keep alive time for this peer in seconds.
Definition wireguard.h:88
wireguard_peer_config::preshared_key
const uint8_t * preshared_key
Optional pre-shared key (32 bytes), set to NULL if not to be used.
Definition wireguard.h:72
wireguard_peer_config::public_key
const char * public_key
Public key in base64 format.
Definition wireguard.h:69
wireguard_peer_config::endpoint_ip
struct net_sockaddr_storage endpoint_ip
End-point address (when connecting).
Definition wireguard.h:80
wireguard_peer_config::allowed_ip
struct wireguard_allowed_ip allowed_ip[WIREGUARD_MAX_SRC_IPS]
Allowed IP address.
Definition wireguard.h:83