Wireguard VPN support #86020
Open
Wireguard VPN support #86020
+8,900
−975
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jukkar
added
the
In progress
jukkar
force-pushed
the
devel/wireguard-support
branch
from
005e7bb to
01dba8d
Compare
|
jukkar
force-pushed
the
devel/wireguard-support
branch
from
01dba8d to
2fd6262
Compare
|
jukkar
force-pushed
the
devel/wireguard-support
branch
from
2fd6262 to
261c30f
Compare
|
|
The following west manifest projects have changed revision in this Pull Request:
⛔ DNM label due to: 1 project with PR revision Note: This message is automatically posted and updated by the Manifest GitHub Action. |
zephyrbot
added
manifest
manifest-net-tools
DNM (manifest)
jukkar
force-pushed
the
devel/wireguard-support
branch
from
261c30f to
fe241b0
Compare
|
jukkar
force-pushed
the
devel/wireguard-support
branch
from
fe241b0 to
456783b
Compare
|
jukkar
force-pushed
the
devel/wireguard-support
branch
from
456783b to
d7a004e
Compare
zephyrbot
added
area: Networking
area: Sockets
zephyrbot
requested review from
kartben,
mrodgers-witekio,
nashif,
pdgendt,
rlubos,
ssharks and
tbursztyka
jukkar
removed
the
In progress
If the interface is Wireguard VPN interface, then print the public key of the interface. Signed-off-by: Jukka Rissanen <[email protected]>
Sometimes it is useful to view low level network interface information in the network shell. Enable such prints if network interface debugging is enabled. Signed-off-by: Jukka Rissanen <[email protected]>
All connection information was printed only if connection debugging was enabled which then did not print information about Wireguard or DHCP handlers. Limiting the printouts like this is not really needed so print all connection information with "net conn" command. Signed-off-by: Jukka Rissanen <[email protected]>
Collect Wireguard VPN statistics and allow user to fetch it. Signed-off-by: Jukka Rissanen <[email protected]>
Show VPN statistics support if enabled. Signed-off-by: Jukka Rissanen <[email protected]>
The "net wg show 1" will show detailed information of the peer id 1. This is useful when debugging connectivity issues. Signed-off-by: Jukka Rissanen <[email protected]>
Send peer add/del network event when the peers is either added to the system or deleted from the system. Send VPN connected / disconnected event when a VPN connection is successfully established or the peer connection is disconnected. Signed-off-by: Jukka Rissanen <[email protected]>
Add Wireguard VPN events information printouts to event monitor. Signed-off-by: Jukka Rissanen <[email protected]>
Adding a helper to parse one or more IPv4/6 strings with optional netmask or prefix length. Example of the string: 2001:db8::1/64,192.0.2.1,2001:db8::2,192.0.2.2/24 Signed-off-by: Jukka Rissanen <[email protected]>
Add tests that will verify that IP address with an optional mask string is properly parsed. Signed-off-by: Jukka Rissanen <[email protected]>
Add support for getting public address and setting private key for the virtual interface. This is needed for Wireguard VPN. Signed-off-by: Jukka Rissanen <[email protected]>
If there are no virtual interfaces attached to this virtual interface, check if there is a RX handler for this virtual interface and pass data to it. Signed-off-by: Jukka Rissanen <[email protected]>
Update dummy interface sent statistics as that was missing. Signed-off-by: Jukka Rissanen <[email protected]>
Instead of calling various network interface API functions to get the network interface and related source IP address, have a single function that can return both data. Signed-off-by: Jukka Rissanen <[email protected]>
Add Wireguard configuration to echo-server application. Signed-off-by: Jukka Rissanen <[email protected]>
Add Wireguard configuration to echo-client application. Signed-off-by: Jukka Rissanen <[email protected]>
CONFIG_NET_MGMT_EVENT_INFO needs to be enabled for this sample so that we can get detailed information when the event is generated. Signed-off-by: Jukka Rissanen <[email protected]>
Add Wireguard configuration to http-server application. Signed-off-by: Jukka Rissanen <[email protected]>
Add a test that enables Wireguard VPN compilation so that we at least compile test the code. Signed-off-by: Jukka Rissanen <[email protected]>
Move the common VLAN setup code to samples/net/common directory so that other network samples can utilize that too. Signed-off-by: Jukka Rissanen <[email protected]>
Move the common VLAN setup code to samples/net/common directory so that other network samples can utilize that too. Signed-off-by: Jukka Rissanen <[email protected]>
Move the common VLAN setup code to samples/net/common directory so that other network samples can utilize that too. Signed-off-by: Jukka Rissanen <[email protected]>
Move the common VLAN setup code to samples/net/common directory so that other network samples can utilize that too. Signed-off-by: Jukka Rissanen <[email protected]>
Move the common VLAN setup code to samples/net/common directory so that other network samples can utilize that too. Signed-off-by: Jukka Rissanen <[email protected]>
Add example and information how to run VPN over a VLAN with the echo-server sample. Signed-off-by: Jukka Rissanen <[email protected]>
Update net-tools that has helper scripts for Wireguard VPN to help testing efforts. Signed-off-by: Jukka Rissanen <[email protected]>
jukkar
force-pushed
the
devel/wireguard-support
branch
from
8adcfd5 to
b672844
Compare
|
pdgendt
reviewed
Feb 27, 2025
Comment on lines
+127
to
+134
| /* Original network interface */ | ||
| struct net_if *wg_iface; | ||
| /* Pointer to IP header of the encrypted pkt */ | ||
| union net_ip_header wg_ip_hdr; | ||
| /* Pointer to UDP header of the encrypted pkt */ | ||
| union net_proto_header wg_proto_hdr; | ||
| /* Peer id */ | ||
| int wg_peer_id; |
There was a problem hiding this comment.
Instead of prefixing all with wg_, put it in a struct?
struct {
/* Original network interface */
struct net_if *iface;
/* Pointer to IP header of the encrypted pkt */
union net_ip_header ip_hdr;
/* Pointer to UDP header of the encrypted pkt */
union net_proto_header proto_hdr;
/* Peer id */
int peer_id;
} wg;There was a problem hiding this comment.
Sure, we can certainly do that.
I considered it but then it is difficult to make a diff to the original files to see if there are any changes. We need to modify the source files from wireguard-lwip in order to pass compliance / code formatting check, and the fixup commit is for that. I think the fixup commit is a good compromise here. Readability of the original crypto commits is poor but that is "fixed" in the subsequent commits. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is initial Wireguard VPN support. Part of the implementation is ported from wireguard-lwip project.
Some discussion about this can be found in #63722
Some of the commits in this PR might be sent separately to review.