Wireguard default values (#23349)

lib/lib_ssl/IniFile-Tasmota/src/IniFile.cpp

@@ -257,13 +257,17 @@ bool IniFile::getCIDR(const char* section, const char* key, ip_addr_t *ip, ip_ad
 	return parseCIDR(cidr, ip, mask);
 }
 
-bool IniFile::getDomainPort(const char* section, const char* key, String &domain, uint16_t &port)
+bool IniFile::getDomainPort(const char* section, const char* key, String &domain, uint16_t &port, uint16_t default_port)
 {
 	if (!getValueString(section, key, domain)) return false; // error
 	int32_t colon = domain.indexOf(':');
-	if (colon < 0) { return false; }
-	port = domain.substring(colon + 1).toInt();
-	domain = domain.substring(0, colon);
+	if (colon == 0) { return false; }			// having an empty domain is wrong
+	if (colon > 0) {
+		port = domain.substring(colon + 1).toInt();
+		domain = domain.substring(0, colon);
+	} else {
+		port = default_port;
+	}
 	return true;
 }
 

lib/lib_ssl/IniFile-Tasmota/src/IniFile.h

@@ -68,7 +68,7 @@ public:
 	static bool parseCIDR(String& str, ip_addr_t *ip, ip_addr_t *mask);
 	bool getCIDR(const char* section, const char* key, ip_addr_t *ip, ip_addr_t *mask);
 
-	bool getDomainPort(const char* section, const char* key, String &domain, uint16_t &port);
+	bool getDomainPort(const char* section, const char* key, String &domain, uint16_t &port, uint16_t default_port);
 
 	// From the file location saved in 'state' look for the next section and read its name.
 	// The name will be in the buffer. Returns false if no section found. 

tasmota/tasmota_xdrv_driver/xdrv_80_wireguard_client.ino

@@ -85,7 +85,7 @@ bool WireguardLoadConfig(const char *filename) {
   valconf = valconf && ini.getCIDR("Interface", "Address", &config.address2, &config.subnet);
   valconf = valconf && ini.getValueBase64("Peer", "PublicKey", config.public_key2, sizeof(config.public_key2));
   valconf = valconf && ini.getValueBase64("Peer", "PresharedKey", config.preshared_key2, sizeof(config.preshared_key2));
-  valconf = valconf && ini.getDomainPort("Peer", "Endpoint", Wireguard.endpoint, Wireguard.config.port);
+  valconf = valconf && ini.getDomainPort("Peer", "Endpoint", Wireguard.endpoint, Wireguard.config.port, 51820 /*default port*/);
   // read optional NetMask
   ipaddr_aton(WIREGUARD_NETMASK, &config.netmask2);
   ini.getIPAddress("Tasmota", "Netmask", &Wireguard.config.netmask2);
@@ -147,13 +147,21 @@ bool WireguardConnect(void) {
   esp_err_t err = esp_wireguard_connect(&Wireguard.ctx);
   if (err == ESP_OK) {
     Wireguard.started = true;
-    for (const allowed_ips_t & allowedip : Wireguard.allowed_ips) {
-      err = esp_wireguard_add_allowed_ip(&Wireguard.ctx, allowedip.addr, allowedip.mask);
-      if (err != ESP_OK) {
-        AddLog(LOG_LEVEL_INFO, PSTR("WG : Failed to add allowed_ips %_I/%_I, no space left"), allowedip.addr, allowedip.mask);
-        break;
+    if (!Wireguard.allowed_ips.isEmpty()) {
+      for (const allowed_ips_t & allowedip : Wireguard.allowed_ips) {
+        err = esp_wireguard_add_allowed_ip(&Wireguard.ctx, allowedip.addr, allowedip.mask);
+        if (err != ESP_OK) {
+          AddLog(LOG_LEVEL_INFO, PSTR("WG : Failed to add allowed_ips, no space left"));
+          break;
+        }
+        AddLog(LOG_LEVEL_DEBUG, PSTR("WG : Added allowed_ips %s/%s"), IPAddress(&allowedip.addr).toString().c_str(),
+                                                                       IPAddress(&allowedip.mask).toString().c_str());
       }
-      AddLog(LOG_LEVEL_DEBUG, PSTR("WG : Added allowed_ips %_I/%_I"), allowedip.addr, allowedip.mask);
+    } else {
+      // allowed_ips is empty, so we add 0.0.0.0/0.0.0.0
+      ip_addr_t ip_zero = IPADDR4_INIT_BYTES(0, 0, 0, 0);
+      err = esp_wireguard_add_allowed_ip(&Wireguard.ctx, ip_zero, ip_zero);
+      AddLog(LOG_LEVEL_DEBUG, PSTR("WG : Added default allowed_ips 0.0.0.0/0.0.0.0"));
     }
     return true;
   }