vendor

Signed-off-by: leonnicolas <leonloechner@gmx.de>

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wglinux/client_linux.go

@@ -1,4 +1,5 @@
-//+build linux
+//go:build linux
+// +build linux
 
 package wglinux
 

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wglinux/configure_linux.go

@@ -1,4 +1,5 @@
-//+build linux
+//go:build linux
+// +build linux
 
 package wglinux
 

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wglinux/parse_linux.go

@@ -1,4 +1,5 @@
-//+build linux
+//go:build linux
+// +build linux
 
 package wglinux
 

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgopenbsd/client_openbsd.go

@@ -1,4 +1,5 @@
-//+build openbsd
+//go:build openbsd
+// +build openbsd
 
 package wgopenbsd
 

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgopenbsd/internal/wgh/defs_openbsd_386.go

@@ -1,4 +1,5 @@
-//+build openbsd,386
+//go:build openbsd && 386
+// +build openbsd,386
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs.go

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgopenbsd/internal/wgh/defs_openbsd_amd64.go

@@ -1,4 +1,5 @@
-//+build openbsd,amd64
+//go:build openbsd && amd64
+// +build openbsd,amd64
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs defs.go

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wguser/conn_unix.go

@@ -1,4 +1,5 @@
-//+build !windows
+//go:build !windows
+// +build !windows
 
 package wguser
 

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wguser/conn_windows.go

@@ -1,17 +1,15 @@
-//+build windows
+//go:build windows
+// +build windows
 
 package wguser
 
 import (
-	"errors"
 	"net"
-	"os"
-	"runtime"
 	"strings"
-	"unsafe"
+	"time"
 
 	"golang.org/x/sys/windows"
-	"golang.zx2c4.com/wireguard/ipc/winpipe"
+	"golang.zx2c4.com/wireguard/ipc/namedpipe"
 )
 
 // Expected prefixes when dealing with named pipes.
@@ -22,182 +20,14 @@ const (
 
 // dial is the default implementation of Client.dial.
 func dial(device string) (net.Conn, error) {
-	// Thanks to @zx2c4 for the sample code that makes this possible:
-	// https://github.com/WireGuard/wgctrl-go/issues/36#issuecomment-491912143.
-	//
-	// See also:
-	// https://docs.microsoft.com/en-us/windows/desktop/secauthz/impersonation-tokens
-	// https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-reverttoself
-	//
-	// All of these operations require a locked OS thread for the duration of
-	// this function. Once the pipe is opened successfully, RevertToSelf
-	// terminates the impersonation of a client application.
-	runtime.LockOSThread()
-	defer func() {
-		// Terminate the token impersonation operation. Per the Microsoft
-		// documentation, the process should shut down if RevertToSelf fails.
-		if err := windows.RevertToSelf(); err != nil {
-			panicf("wguser: failed to terminate token impersonation, panicking per Microsoft recommendation: %v", err)
-		}
-
-		runtime.UnlockOSThread()
-	}()
-
-	privileges := windows.Tokenprivileges{
-		PrivilegeCount: 1,
-		Privileges: [1]windows.LUIDAndAttributes{
-			{
-				Attributes: windows.SE_PRIVILEGE_ENABLED,
-			},
-		},
-	}
-
-	err := windows.LookupPrivilegeValue(
-		nil,
-		windows.StringToUTF16Ptr("SeDebugPrivilege"),
-		&privileges.Privileges[0].Luid,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	processes, err := windows.CreateToolhelp32Snapshot(windows.TH32CS_SNAPPROCESS, 0)
-	if err != nil {
-		return nil, err
-	}
-	defer windows.CloseHandle(processes)
-
-	e := windows.ProcessEntry32{
-		Size: uint32(unsafe.Sizeof(windows.ProcessEntry32{})),
-	}
-
-	// Iterate the process list looking for any processes named winlogon.exe.
-	//
-	// It is possible for an attacker to attempt a denial of service of this
-	// application by creating bogus processes with that name, so we must
-	// attempt dialing a connection for each matching process until we either
-	// succeed or run out of processes to try.
-	//
-	// It is unlikely that an attacker's process could appear before the true
-	// winlogon.exe in this list, but better safe than sorry.
-	for err := windows.Process32First(processes, &e); ; err = windows.Process32Next(processes, &e) {
-		// Handle any errors from process list iteration.
-		switch err {
-		case nil:
-			// Keep iterating processes.
-		case windows.ERROR_NO_MORE_FILES:
-			// No more files to check.
-			return nil, errors.New("wguser: unable to find suitable winlogon.exe process to communicate with WireGuard")
-		default:
-			return nil, err
-		}
-
-		if strings.ToLower(windows.UTF16ToString(e.ExeFile[:])) != "winlogon.exe" {
-			continue
-		}
-
-		// Can we communicate with the device by impersonating this process?
-		c, err := tryDial(device, e.ProcessID, privileges)
-		switch {
-		case err == nil:
-			// Success, use this connection.
-			return c, nil
-		case os.IsPermission(err):
-			// We found a process named winlogon.exe that doesn't have permission
-			// to open a handle to the WireGuard device. Skip it and keep trying.
-		default:
-			return nil, err
-		}
-	}
-}
-
-// tryDial attempts to impersonate the security token of pid to dial device.
-// tryDial _must_ only be invoked by dial.
-func tryDial(device string, pid uint32, privileges windows.Tokenprivileges) (net.Conn, error) {
-	// Revert to normal thread state before attempting any further manipulation.
-	// See comment in dial about the panic.
-	if err := windows.RevertToSelf(); err != nil {
-		panicf("wguser: failed to terminate token impersonation, panicking per Microsoft recommendation: %v", err)
-	}
-
-	if err := windows.ImpersonateSelf(windows.SecurityImpersonation); err != nil {
-		return nil, err
-	}
-
-	thread, err := windows.GetCurrentThread()
-	if err != nil {
-		return nil, err
-	}
-	defer windows.CloseHandle(thread)
-
-	var ttok windows.Token
-	err = windows.OpenThreadToken(
-		thread,
-		windows.TOKEN_ADJUST_PRIVILEGES,
-		false,
-		&ttok,
-	)
-	if err != nil {
-		return nil, err
-	}
-	defer ttok.Close()
-
-	err = windows.AdjustTokenPrivileges(
-		ttok,
-		false,
-		&privileges,
-		uint32(unsafe.Sizeof(privileges)),
-		nil,
-		nil,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	proc, err := windows.OpenProcess(windows.PROCESS_QUERY_INFORMATION, false, pid)
-	if err != nil {
-		return nil, err
-	}
-	defer windows.CloseHandle(proc)
-
-	var ptok windows.Token
-	err = windows.OpenProcessToken(
-		proc,
-		windows.TOKEN_IMPERSONATE|windows.TOKEN_DUPLICATE,
-		&ptok,
-	)
-	if err != nil {
-		return nil, err
-	}
-	defer ptok.Close()
-
-	var dup windows.Token
-	err = windows.DuplicateTokenEx(
-		ptok,
-		0,
-		nil,
-		windows.SecurityImpersonation,
-		windows.TokenImpersonation,
-		&dup,
-	)
-	if err != nil {
-		return nil, err
-	}
-	defer dup.Close()
-
-	if err := windows.SetThreadToken(nil, dup); err != nil {
-		return nil, err
-	}
-
 	localSystem, err := windows.CreateWellKnownSid(windows.WinLocalSystemSid)
 	if err != nil {
 		return nil, err
 	}
 
-	pipeCfg := &winpipe.DialConfig{
+	return (&namedpipe.DialConfig{
 		ExpectedOwner: localSystem,
-	}
-	return winpipe.Dial(device, nil, pipeCfg)
+	}).DialTimeout(device, time.Duration(0))
 }
 
 // find is the default implementation of Client.find.

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgwindows/client_windows.go

@@ -0,0 +1,295 @@
+package wgwindows
+
+import (
+	"net"
+	"os"
+	"time"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+	"golang.zx2c4.com/wireguard/wgctrl/internal/wginternal"
+	"golang.zx2c4.com/wireguard/wgctrl/internal/wgwindows/internal/ioctl"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+)
+
+var _ wginternal.Client = &Client{}
+
+// A Client provides access to WireGuardNT ioctl information.
+type Client struct {
+	cachedAdapters map[string]string
+	lastLenGuess   uint32
+}
+
+var (
+	deviceClassNetGUID     = windows.GUID{0x4d36e972, 0xe325, 0x11ce, [8]byte{0xbf, 0xc1, 0x08, 0x00, 0x2b, 0xe1, 0x03, 0x18}}
+	deviceInterfaceNetGUID = windows.GUID{0xcac88484, 0x7515, 0x4c03, [8]byte{0x82, 0xe6, 0x71, 0xa8, 0x7a, 0xba, 0xc3, 0x61}}
+	devpkeyWgName          = windows.DEVPROPKEY{
+		FmtID: windows.DEVPROPGUID{0x65726957, 0x7547, 0x7261, [8]byte{0x64, 0x4e, 0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79}},
+		PID:   windows.DEVPROPID_FIRST_USABLE + 1,
+	}
+)
+
+var enumerator = `SWD\WireGuard`
+
+func init() {
+	if maj, min, _ := windows.RtlGetNtVersionNumbers(); (maj == 6 && min <= 1) || maj < 6 {
+		enumerator = `ROOT\WIREGUARD`
+	}
+}
+
+func (c *Client) refreshInstanceIdCache() error {
+	cachedAdapters := make(map[string]string, 5)
+	devInfo, err := windows.SetupDiGetClassDevsEx(&deviceClassNetGUID, enumerator, 0, windows.DIGCF_PRESENT, 0, "")
+	if err != nil {
+		return err
+	}
+	defer windows.SetupDiDestroyDeviceInfoList(devInfo)
+	for i := 0; ; i++ {
+		devInfoData, err := windows.SetupDiEnumDeviceInfo(devInfo, i)
+		if err != nil {
+			if err == windows.ERROR_NO_MORE_ITEMS {
+				break
+			}
+			continue
+		}
+		prop, err := windows.SetupDiGetDeviceProperty(devInfo, devInfoData, &devpkeyWgName)
+		if err != nil {
+			continue
+		}
+		adapterName, ok := prop.(string)
+		if !ok {
+			continue
+		}
+		var status, problemCode uint32
+		ret := windows.CM_Get_DevNode_Status(&status, &problemCode, devInfoData.DevInst, 0)
+		if ret != windows.CR_SUCCESS || (status&windows.DN_DRIVER_LOADED|windows.DN_STARTED) != windows.DN_DRIVER_LOADED|windows.DN_STARTED {
+			continue
+		}
+		instanceId, err := windows.SetupDiGetDeviceInstanceId(devInfo, devInfoData)
+		if err != nil {
+			continue
+		}
+		cachedAdapters[adapterName] = instanceId
+	}
+	c.cachedAdapters = cachedAdapters
+	return nil
+}
+
+func (c *Client) interfaceHandle(name string) (windows.Handle, error) {
+	instanceId, ok := c.cachedAdapters[name]
+	if !ok {
+		err := c.refreshInstanceIdCache()
+		if err != nil {
+			return 0, err
+		}
+		instanceId, ok = c.cachedAdapters[name]
+		if !ok {
+			return 0, os.ErrNotExist
+		}
+	}
+	interfaces, err := windows.CM_Get_Device_Interface_List(instanceId, &deviceInterfaceNetGUID, windows.CM_GET_DEVICE_INTERFACE_LIST_PRESENT)
+	if err != nil {
+		return 0, err
+	}
+	interface16, err := windows.UTF16PtrFromString(interfaces[0])
+	if err != nil {
+		return 0, err
+	}
+	return windows.CreateFile(interface16, windows.GENERIC_READ|windows.GENERIC_WRITE, windows.FILE_SHARE_READ|windows.FILE_SHARE_WRITE|windows.FILE_SHARE_DELETE, nil, windows.OPEN_EXISTING, 0, 0)
+}
+
+// Devices implements wginternal.Client.
+func (c *Client) Devices() ([]*wgtypes.Device, error) {
+	err := c.refreshInstanceIdCache()
+	if err != nil {
+		return nil, err
+	}
+	ds := make([]*wgtypes.Device, 0, len(c.cachedAdapters))
+	for name := range c.cachedAdapters {
+		d, err := c.Device(name)
+		if err != nil {
+			return nil, err
+		}
+		ds = append(ds, d)
+	}
+	return ds, nil
+}
+
+// New creates a new Client
+func New() *Client {
+	return &Client{}
+}
+
+// Close implements wginternal.Client.
+func (c *Client) Close() error {
+	return nil
+}
+
+// Device implements wginternal.Client.
+func (c *Client) Device(name string) (*wgtypes.Device, error) {
+	handle, err := c.interfaceHandle(name)
+	if err != nil {
+		return nil, err
+	}
+	defer windows.CloseHandle(handle)
+
+	size := c.lastLenGuess
+	if size == 0 {
+		size = 512
+	}
+	var buf []byte
+	for {
+		buf = make([]byte, size)
+		err = windows.DeviceIoControl(handle, ioctl.IoctlGet, nil, 0, &buf[0], size, &size, nil)
+		if err == windows.ERROR_MORE_DATA {
+			continue
+		}
+		if err != nil {
+			return nil, err
+		}
+		break
+	}
+	c.lastLenGuess = size
+	interfaze := (*ioctl.Interface)(unsafe.Pointer(&buf[0]))
+
+	device := wgtypes.Device{Type: wgtypes.WindowsKernel, Name: name}
+	if interfaze.Flags&ioctl.InterfaceHasPrivateKey != 0 {
+		device.PrivateKey = interfaze.PrivateKey
+	}
+	if interfaze.Flags&ioctl.InterfaceHasPublicKey != 0 {
+		device.PublicKey = interfaze.PublicKey
+	}
+	if interfaze.Flags&ioctl.InterfaceHasListenPort != 0 {
+		device.ListenPort = int(interfaze.ListenPort)
+	}
+	var p *ioctl.Peer
+	for i := uint32(0); i < interfaze.PeerCount; i++ {
+		if p == nil {
+			p = interfaze.FirstPeer()
+		} else {
+			p = p.NextPeer()
+		}
+		peer := wgtypes.Peer{}
+		if p.Flags&ioctl.PeerHasPublicKey != 0 {
+			peer.PublicKey = p.PublicKey
+		}
+		if p.Flags&ioctl.PeerHasPresharedKey != 0 {
+			peer.PresharedKey = p.PresharedKey
+		}
+		if p.Flags&ioctl.PeerHasEndpoint != 0 {
+			peer.Endpoint = &net.UDPAddr{IP: p.Endpoint.IP(), Port: int(p.Endpoint.Port())}
+		}
+		if p.Flags&ioctl.PeerHasPersistentKeepalive != 0 {
+			peer.PersistentKeepaliveInterval = time.Duration(p.PersistentKeepalive) * time.Second
+		}
+		if p.Flags&ioctl.PeerHasProtocolVersion != 0 {
+			peer.ProtocolVersion = int(p.ProtocolVersion)
+		}
+		peer.TransmitBytes = int64(p.TxBytes)
+		peer.ReceiveBytes = int64(p.RxBytes)
+		if p.LastHandshake != 0 {
+			peer.LastHandshakeTime = time.Unix(0, int64((p.LastHandshake-116444736000000000)*100))
+		}
+		var a *ioctl.AllowedIP
+		for j := uint32(0); j < p.AllowedIPsCount; j++ {
+			if a == nil {
+				a = p.FirstAllowedIP()
+			} else {
+				a = a.NextAllowedIP()
+			}
+			var ip net.IP
+			var bits int
+			if a.AddressFamily == windows.AF_INET {
+				ip = a.Address[:4]
+				bits = 32
+			} else if a.AddressFamily == windows.AF_INET6 {
+				ip = a.Address[:16]
+				bits = 128
+			}
+			peer.AllowedIPs = append(peer.AllowedIPs, net.IPNet{
+				IP:   ip,
+				Mask: net.CIDRMask(int(a.Cidr), bits),
+			})
+		}
+		device.Peers = append(device.Peers, peer)
+	}
+	return &device, nil
+}
+
+// ConfigureDevice implements wginternal.Client.
+func (c *Client) ConfigureDevice(name string, cfg wgtypes.Config) error {
+	handle, err := c.interfaceHandle(name)
+	if err != nil {
+		return err
+	}
+	defer windows.CloseHandle(handle)
+
+	preallocation := unsafe.Sizeof(ioctl.Interface{}) + uintptr(len(cfg.Peers))*unsafe.Sizeof(ioctl.Peer{})
+	for i := range cfg.Peers {
+		preallocation += uintptr(len(cfg.Peers[i].AllowedIPs)) * unsafe.Sizeof(ioctl.AllowedIP{})
+	}
+	var b ioctl.ConfigBuilder
+	b.Preallocate(uint32(preallocation))
+	interfaze := &ioctl.Interface{PeerCount: uint32(len(cfg.Peers))}
+	if cfg.ReplacePeers {
+		interfaze.Flags |= ioctl.InterfaceReplacePeers
+	}
+	if cfg.PrivateKey != nil {
+		interfaze.PrivateKey = *cfg.PrivateKey
+		interfaze.Flags |= ioctl.InterfaceHasPrivateKey
+	}
+	if cfg.ListenPort != nil {
+		interfaze.ListenPort = uint16(*cfg.ListenPort)
+		interfaze.Flags |= ioctl.InterfaceHasListenPort
+	}
+	b.AppendInterface(interfaze)
+	for i := range cfg.Peers {
+		peer := &ioctl.Peer{
+			Flags:           ioctl.PeerHasPublicKey,
+			PublicKey:       cfg.Peers[i].PublicKey,
+			AllowedIPsCount: uint32(len(cfg.Peers[i].AllowedIPs)),
+		}
+		if cfg.Peers[i].ReplaceAllowedIPs {
+			peer.Flags |= ioctl.PeerReplaceAllowedIPs
+		}
+		if cfg.Peers[i].UpdateOnly {
+			peer.Flags |= ioctl.PeerUpdateOnly
+		}
+		if cfg.Peers[i].Remove {
+			peer.Flags |= ioctl.PeerRemove
+		}
+		if cfg.Peers[i].PresharedKey != nil {
+			peer.Flags |= ioctl.PeerHasPresharedKey
+			peer.PresharedKey = *cfg.Peers[i].PresharedKey
+		}
+		if cfg.Peers[i].Endpoint != nil {
+			peer.Flags |= ioctl.PeerHasEndpoint
+			peer.Endpoint.SetIP(cfg.Peers[i].Endpoint.IP, uint16(cfg.Peers[i].Endpoint.Port))
+		}
+		if cfg.Peers[i].PersistentKeepaliveInterval != nil {
+			peer.Flags |= ioctl.PeerHasPersistentKeepalive
+			peer.PersistentKeepalive = uint16(*cfg.Peers[i].PersistentKeepaliveInterval / time.Second)
+		}
+		b.AppendPeer(peer)
+		for j := range cfg.Peers[i].AllowedIPs {
+			var family ioctl.AddressFamily
+			var ip net.IP
+			if ip = cfg.Peers[i].AllowedIPs[j].IP.To4(); ip != nil {
+				family = windows.AF_INET
+			} else if ip = cfg.Peers[i].AllowedIPs[j].IP.To16(); ip != nil {
+				family = windows.AF_INET6
+			} else {
+				ip = cfg.Peers[i].AllowedIPs[j].IP
+			}
+			cidr, _ := cfg.Peers[i].AllowedIPs[j].Mask.Size()
+			a := &ioctl.AllowedIP{
+				AddressFamily: family,
+				Cidr:          uint8(cidr),
+			}
+			copy(a.Address[:], ip)
+			b.AppendAllowedIP(a)
+		}
+	}
+	interfaze, size := b.Interface()
+	return windows.DeviceIoControl(handle, ioctl.IoctlSet, nil, 0, (*byte)(unsafe.Pointer(interfaze)), size, &size, nil)
+}

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgwindows/internal/ioctl/configuration_windows.go

@@ -0,0 +1,135 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
+ */
+
+package ioctl
+
+import "unsafe"
+
+const (
+	IoctlGet = 0xb098c506
+	IoctlSet = 0xb098c509
+)
+
+type AllowedIP struct {
+	Address       [16]byte
+	AddressFamily AddressFamily
+	Cidr          uint8
+	_             [4]byte
+}
+
+type PeerFlag uint32
+
+const (
+	PeerHasPublicKey           PeerFlag = 1 << 0
+	PeerHasPresharedKey        PeerFlag = 1 << 1
+	PeerHasPersistentKeepalive PeerFlag = 1 << 2
+	PeerHasEndpoint            PeerFlag = 1 << 3
+	PeerHasProtocolVersion     PeerFlag = 1 << 4
+	PeerReplaceAllowedIPs      PeerFlag = 1 << 5
+	PeerRemove                 PeerFlag = 1 << 6
+	PeerUpdateOnly             PeerFlag = 1 << 7
+)
+
+type Peer struct {
+	Flags               PeerFlag
+	ProtocolVersion     uint32
+	PublicKey           [32]byte
+	PresharedKey        [32]byte
+	PersistentKeepalive uint16
+	_                   uint16
+	Endpoint            RawSockaddrInet
+	TxBytes             uint64
+	RxBytes             uint64
+	LastHandshake       uint64
+	AllowedIPsCount     uint32
+	_                   [4]byte
+}
+
+type InterfaceFlag uint32
+
+const (
+	InterfaceHasPublicKey  InterfaceFlag = 1 << 0
+	InterfaceHasPrivateKey InterfaceFlag = 1 << 1
+	InterfaceHasListenPort InterfaceFlag = 1 << 2
+	InterfaceReplacePeers  InterfaceFlag = 1 << 3
+)
+
+type Interface struct {
+	Flags      InterfaceFlag
+	ListenPort uint16
+	PrivateKey [32]byte
+	PublicKey  [32]byte
+	PeerCount  uint32
+	_          [4]byte
+}
+
+func (interfaze *Interface) FirstPeer() *Peer {
+	return (*Peer)(unsafe.Pointer(uintptr(unsafe.Pointer(interfaze)) + unsafe.Sizeof(*interfaze)))
+}
+
+func (peer *Peer) NextPeer() *Peer {
+	return (*Peer)(unsafe.Pointer(uintptr(unsafe.Pointer(peer)) + unsafe.Sizeof(*peer) + uintptr(peer.AllowedIPsCount)*unsafe.Sizeof(AllowedIP{})))
+}
+
+func (peer *Peer) FirstAllowedIP() *AllowedIP {
+	return (*AllowedIP)(unsafe.Pointer(uintptr(unsafe.Pointer(peer)) + unsafe.Sizeof(*peer)))
+}
+
+func (allowedIP *AllowedIP) NextAllowedIP() *AllowedIP {
+	return (*AllowedIP)(unsafe.Pointer(uintptr(unsafe.Pointer(allowedIP)) + unsafe.Sizeof(*allowedIP)))
+}
+
+type ConfigBuilder struct {
+	buffer []byte
+}
+
+func (builder *ConfigBuilder) Preallocate(size uint32) {
+	if builder.buffer == nil {
+		builder.buffer = make([]byte, 0, size)
+	}
+}
+
+func (builder *ConfigBuilder) AppendInterface(interfaze *Interface) {
+	var newBytes []byte
+	unsafeSlice(unsafe.Pointer(&newBytes), unsafe.Pointer(interfaze), int(unsafe.Sizeof(*interfaze)))
+	builder.buffer = append(builder.buffer, newBytes...)
+}
+
+func (builder *ConfigBuilder) AppendPeer(peer *Peer) {
+	var newBytes []byte
+	unsafeSlice(unsafe.Pointer(&newBytes), unsafe.Pointer(peer), int(unsafe.Sizeof(*peer)))
+	builder.buffer = append(builder.buffer, newBytes...)
+}
+
+func (builder *ConfigBuilder) AppendAllowedIP(allowedIP *AllowedIP) {
+	var newBytes []byte
+	unsafeSlice(unsafe.Pointer(&newBytes), unsafe.Pointer(allowedIP), int(unsafe.Sizeof(*allowedIP)))
+	builder.buffer = append(builder.buffer, newBytes...)
+}
+
+func (builder *ConfigBuilder) Interface() (*Interface, uint32) {
+	if builder.buffer == nil {
+		return nil, 0
+	}
+	return (*Interface)(unsafe.Pointer(&builder.buffer[0])), uint32(len(builder.buffer))
+}
+
+// unsafeSlice updates the slice slicePtr to be a slice
+// referencing the provided data with its length & capacity set to
+// lenCap.
+//
+// TODO: whenGo 1.17 is the minimum supported version,
+// update callers to use unsafe.Slice instead of this.
+func unsafeSlice(slicePtr, data unsafe.Pointer, lenCap int) {
+	type sliceHeader struct {
+		Data unsafe.Pointer
+		Len  int
+		Cap  int
+	}
+	h := (*sliceHeader)(slicePtr)
+	h.Data = data
+	h.Len = lenCap
+	h.Cap = lenCap
+}

vendor/golang.zx2c4.com/wireguard/wgctrl/internal/wgwindows/internal/ioctl/winipcfg_windows.go

@@ -0,0 +1,87 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
+ */
+
+package ioctl
+
+import (
+	"encoding/binary"
+	"net"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+)
+
+// AddressFamily enumeration specifies protocol family and is one of the windows.AF_* constants.
+type AddressFamily uint16
+
+// RawSockaddrInet union contains an IPv4, an IPv6 address, or an address family.
+// https://docs.microsoft.com/en-us/windows/desktop/api/ws2ipdef/ns-ws2ipdef-_sockaddr_inet
+type RawSockaddrInet struct {
+	Family AddressFamily
+	data   [26]byte
+}
+
+func ntohs(i uint16) uint16 {
+	return binary.BigEndian.Uint16((*[2]byte)(unsafe.Pointer(&i))[:])
+}
+
+func htons(i uint16) uint16 {
+	b := make([]byte, 2)
+	binary.BigEndian.PutUint16(b, i)
+	return *(*uint16)(unsafe.Pointer(&b[0]))
+}
+
+// SetIP method sets family, address, and port to the given IPv4 or IPv6 address and port.
+// All other members of the structure are set to zero.
+func (addr *RawSockaddrInet) SetIP(ip net.IP, port uint16) error {
+	if v4 := ip.To4(); v4 != nil {
+		addr4 := (*windows.RawSockaddrInet4)(unsafe.Pointer(addr))
+		addr4.Family = windows.AF_INET
+		copy(addr4.Addr[:], v4)
+		addr4.Port = htons(port)
+		for i := 0; i < 8; i++ {
+			addr4.Zero[i] = 0
+		}
+		return nil
+	}
+
+	if v6 := ip.To16(); v6 != nil {
+		addr6 := (*windows.RawSockaddrInet6)(unsafe.Pointer(addr))
+		addr6.Family = windows.AF_INET6
+		addr6.Port = htons(port)
+		addr6.Flowinfo = 0
+		copy(addr6.Addr[:], v6)
+		addr6.Scope_id = 0
+		return nil
+	}
+
+	return windows.ERROR_INVALID_PARAMETER
+}
+
+// IP returns IPv4 or IPv6 address, or nil if the address is neither.
+func (addr *RawSockaddrInet) IP() net.IP {
+	switch addr.Family {
+	case windows.AF_INET:
+		return (*windows.RawSockaddrInet4)(unsafe.Pointer(addr)).Addr[:]
+
+	case windows.AF_INET6:
+		return (*windows.RawSockaddrInet6)(unsafe.Pointer(addr)).Addr[:]
+	}
+
+	return nil
+}
+
+// Port returns the port if the address if IPv4 or IPv6, or 0 if neither.
+func (addr *RawSockaddrInet) Port() uint16 {
+	switch addr.Family {
+	case windows.AF_INET:
+		return ntohs((*windows.RawSockaddrInet4)(unsafe.Pointer(addr)).Port)
+
+	case windows.AF_INET6:
+		return ntohs((*windows.RawSockaddrInet6)(unsafe.Pointer(addr)).Port)
+	}
+
+	return 0
+}