summaryrefslogtreecommitdiff
path: root/libnm-core/nm-setting-wireguard.h
blob: 3f046fc7134a53c343bf1d71b04bcd0629fe8653 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
/* SPDX-License-Identifier: LGPL-2.1-or-later */
/*
 * Copyright (C) 2018 - 2019 Red Hat, Inc.
 */

#ifndef __NM_SETTING_WIREGUARD_H__
#define __NM_SETTING_WIREGUARD_H__

#if !defined(__NETWORKMANAGER_H_INSIDE__) && !defined(NETWORKMANAGER_COMPILATION)
    #error "Only <NetworkManager.h> can be included directly."
#endif

#include "nm-setting.h"
#include "nm-utils.h"

G_BEGIN_DECLS

/*****************************************************************************/

#define NM_WIREGUARD_PUBLIC_KEY_LEN    32
#define NM_WIREGUARD_SYMMETRIC_KEY_LEN 32

/*****************************************************************************/

typedef struct _NMWireGuardPeer NMWireGuardPeer;

NM_AVAILABLE_IN_1_16
GType nm_wireguard_peer_get_type(void);

NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_wireguard_peer_new(void);

NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_wireguard_peer_new_clone(const NMWireGuardPeer *self, gboolean with_secrets);

NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_wireguard_peer_ref(NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_unref(NMWireGuardPeer *self);

NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_seal(NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_is_sealed(const NMWireGuardPeer *self);

NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_public_key(const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_set_public_key(NMWireGuardPeer *self,
                                          const char *     public_key,
                                          gboolean         accept_invalid);

NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_preshared_key(const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_set_preshared_key(NMWireGuardPeer *self,
                                             const char *     preshared_key,
                                             gboolean         accept_invalid);

NM_AVAILABLE_IN_1_16
NMSettingSecretFlags nm_wireguard_peer_get_preshared_key_flags(const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_set_preshared_key_flags(NMWireGuardPeer *    self,
                                               NMSettingSecretFlags preshared_key_flags);

NM_AVAILABLE_IN_1_16
guint16 nm_wireguard_peer_get_persistent_keepalive(const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_set_persistent_keepalive(NMWireGuardPeer *self,
                                                guint16          persistent_keepalive);

NM_AVAILABLE_IN_1_16
const char *nm_wireguard_peer_get_endpoint(const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
gboolean
nm_wireguard_peer_set_endpoint(NMWireGuardPeer *self, const char *endpoint, gboolean allow_invalid);

NM_AVAILABLE_IN_1_16
guint nm_wireguard_peer_get_allowed_ips_len(const NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
const char *
nm_wireguard_peer_get_allowed_ip(const NMWireGuardPeer *self, guint idx, gboolean *out_is_valid);
NM_AVAILABLE_IN_1_16
void nm_wireguard_peer_clear_allowed_ips(NMWireGuardPeer *self);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_append_allowed_ip(NMWireGuardPeer *self,
                                             const char *     allowed_ip,
                                             gboolean         accept_invalid);
NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_remove_allowed_ip(NMWireGuardPeer *self, guint idx);

NM_AVAILABLE_IN_1_16
gboolean nm_wireguard_peer_is_valid(const NMWireGuardPeer *self,
                                    gboolean               check_non_secrets,
                                    gboolean               check_secrets,
                                    GError **              error);

NM_AVAILABLE_IN_1_16
int nm_wireguard_peer_cmp(const NMWireGuardPeer *a,
                          const NMWireGuardPeer *b,
                          NMSettingCompareFlags  compare_flags);

/*****************************************************************************/

#define NM_TYPE_SETTING_WIREGUARD (nm_setting_wireguard_get_type())
#define NM_SETTING_WIREGUARD(obj) \
    (G_TYPE_CHECK_INSTANCE_CAST((obj), NM_TYPE_SETTING_WIREGUARD, NMSettingWireGuard))
#define NM_SETTING_WIREGUARD_CLASS(klass) \
    (G_TYPE_CHECK_CLASS_CAST((klass), NM_TYPE_SETTING_WIREGUARD, NMSettingWireGuardClass))
#define NM_IS_SETTING_WIREGUARD(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), NM_TYPE_SETTING_WIREGUARD))
#define NM_IS_SETTING_WIREGUARD_CLASS(klass) \
    (G_TYPE_CHECK_CLASS_TYPE((klass), NM_TYPE_SETTING_WIREGUARD))
#define NM_SETTING_WIREGUARD_GET_CLASS(obj) \
    (G_TYPE_INSTANCE_GET_CLASS((obj), NM_TYPE_SETTING_WIREGUARD, NMSettingWireGuardClass))

#define NM_SETTING_WIREGUARD_SETTING_NAME "wireguard"

#define NM_SETTING_WIREGUARD_FWMARK            "fwmark"
#define NM_SETTING_WIREGUARD_LISTEN_PORT       "listen-port"
#define NM_SETTING_WIREGUARD_PRIVATE_KEY       "private-key"
#define NM_SETTING_WIREGUARD_PRIVATE_KEY_FLAGS "private-key-flags"

#define NM_SETTING_WIREGUARD_PEERS "peers"

#define NM_SETTING_WIREGUARD_MTU                    "mtu"
#define NM_SETTING_WIREGUARD_PEER_ROUTES            "peer-routes"
#define NM_SETTING_WIREGUARD_IP4_AUTO_DEFAULT_ROUTE "ip4-auto-default-route"
#define NM_SETTING_WIREGUARD_IP6_AUTO_DEFAULT_ROUTE "ip6-auto-default-route"

#define NM_WIREGUARD_PEER_ATTR_ALLOWED_IPS          "allowed-ips"
#define NM_WIREGUARD_PEER_ATTR_ENDPOINT             "endpoint"
#define NM_WIREGUARD_PEER_ATTR_PERSISTENT_KEEPALIVE "persistent-keepalive"
#define NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY        "preshared-key"
#define NM_WIREGUARD_PEER_ATTR_PRESHARED_KEY_FLAGS  "preshared-key-flags"
#define NM_WIREGUARD_PEER_ATTR_PUBLIC_KEY           "public-key"

/*****************************************************************************/

typedef struct _NMSettingWireGuardClass NMSettingWireGuardClass;

NM_AVAILABLE_IN_1_16
GType nm_setting_wireguard_get_type(void);

NM_AVAILABLE_IN_1_16
NMSetting *nm_setting_wireguard_new(void);

/*****************************************************************************/

NM_AVAILABLE_IN_1_16
const char *nm_setting_wireguard_get_private_key(NMSettingWireGuard *self);

NM_AVAILABLE_IN_1_16
NMSettingSecretFlags nm_setting_wireguard_get_private_key_flags(NMSettingWireGuard *self);

NM_AVAILABLE_IN_1_16
guint16 nm_setting_wireguard_get_listen_port(NMSettingWireGuard *self);

NM_AVAILABLE_IN_1_16
guint32 nm_setting_wireguard_get_fwmark(NMSettingWireGuard *self);

/*****************************************************************************/

NM_AVAILABLE_IN_1_16
guint nm_setting_wireguard_get_peers_len(NMSettingWireGuard *self);

NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_setting_wireguard_get_peer(NMSettingWireGuard *self, guint idx);

NM_AVAILABLE_IN_1_16
NMWireGuardPeer *nm_setting_wireguard_get_peer_by_public_key(NMSettingWireGuard *self,
                                                             const char *        public_key,
                                                             guint *             out_idx);

NM_AVAILABLE_IN_1_16
void nm_setting_wireguard_set_peer(NMSettingWireGuard *self, NMWireGuardPeer *peer, guint idx);

NM_AVAILABLE_IN_1_16
void nm_setting_wireguard_append_peer(NMSettingWireGuard *self, NMWireGuardPeer *peer);

NM_AVAILABLE_IN_1_16
gboolean nm_setting_wireguard_remove_peer(NMSettingWireGuard *self, guint idx);

NM_AVAILABLE_IN_1_16
guint nm_setting_wireguard_clear_peers(NMSettingWireGuard *self);

NM_AVAILABLE_IN_1_16
gboolean nm_setting_wireguard_get_peer_routes(NMSettingWireGuard *self);

NM_AVAILABLE_IN_1_16
guint32 nm_setting_wireguard_get_mtu(NMSettingWireGuard *self);

NM_AVAILABLE_IN_1_20
NMTernary nm_setting_wireguard_get_ip4_auto_default_route(NMSettingWireGuard *self);

NM_AVAILABLE_IN_1_20
NMTernary nm_setting_wireguard_get_ip6_auto_default_route(NMSettingWireGuard *self);

/*****************************************************************************/

G_END_DECLS

#endif /* __NM_SETTING_WIREGUARD_H__ */