Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to send packts through WireGuard-Tunnel? #9

Closed
ruienk opened this issue Feb 27, 2023 · 2 comments
Closed

How to send packts through WireGuard-Tunnel? #9

ruienk opened this issue Feb 27, 2023 · 2 comments

Comments

@ruienk
Copy link

ruienk commented Feb 27, 2023
edited
Loading

Unbenannt

Hello,

the WireGuard Handshake works fine and the keepalive pakets are fine too.
i would like to send from my WireGuard-Client packets through the WireGuard-Tunnel to a target machine. But i dont know how... which function i have to call?
My first Idea was:

static struct wireguard_device *device; 	
device = (struct wireguard_device *)wg_netif->state;
wireguardif_device_output(device, buffer, &dstIPaddr, UDP_PORT);

But this packts will send directly to the target machine without going through the tunnel. There is also no encryption here.

My secound Idea was:

peer->port = UDP_Port;
wireguardif_output_to_peer(wg_netif, buffer, &dstIPaddr, peer);

This is sending encrypted packets to the target machine, but not through the tunnel. That means my target machine receives encrypted data...

Can anyone explain me how i send packets from my WireGuard-Client packets through the WireGuard-Tunnel to my target machine?
Which output function i have to call?

Best regards
Ruien Karimi
@smartalock
Copy link
Owner

The Wireguard LwIP code simply adds a new “netif” network interface to the LwIP stack. Once set up you use it exactly the same was as you would any other network interface.

e.g. if using the LwIP “raw” APIs (https://www.nongnu.org/lwip/2_1_x/group__callbackstyle__api.html) you would send a UDP packet using the udp_sendto() function (which would follow the normal LwIP interface selection algorithm), or to force traffic out a specific interface (e.g. the wg_netif one) you would use udp_sendto_if(…, …, wg_netif)

Your WireGuard server will decrypt the packet and then it is up to that server how it handles it - e.g. does it route it to your client directly? perform some form of NAT, etc

// Create a new UDP connection handle
struct udp_pcb *udp = udp_new();
if (!udp) {
	return ERR_MEM;	
}

// Allocate a packet buffer to hold packet data - e.g. 5 bytes of data for text
struct pbuf *udp_data = pbuf_alloc(PBUF_TRANSPORT, 5, PBUF_RAM);
if (!udp_data) {
	return ERR_MEM;	
}

// Populate the packet buffer with sample data
pbuf_take(udp_data, "Hello", 5);

// Choose where to send the UDP packet to
ip_addr_t dst_ip = IPADDR4_INIT_BYTES(192, 168, 1, 100);
u16_t dst_port = 1234;

// Send the packet out - specifically choose to send over the WireGuard interface for this example
err_t err = udp_sendto_if(udp, udp_data, &dst_ip, dst_port, wg_netif);

pbuf_free(udp_data);

return err;

@ruienk
Copy link
Author

ruienk commented Mar 2, 2023

Thank you very much, your answer helped me to solve my problem :)

@ruienk ruienk closed this as completed Mar 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smartalock @ruienk