Developer Guide
Comprehensive developer documentation for building, extending, and integrating with WolfGuard.
Overview
This section is designed for developers who need to:
- Understand WolfGuard's architecture and design
- Use the REST API for automation and integration
- Implement custom authentication or authorization
- Contribute code or protocol improvements
- Build integrations with external systems
- Write tests and ensure compatibility
Developer Topics
1. Reverse Engineering
Comprehensive reverse engineering methodology for analyzing Cisco Secure Client:
- Reverse Engineering Manifest - Complete RE methodology and tool stack
- Methodology Comparison - Current vs. enhanced approach analysis
- Implementation Roadmap - 6-month enhancement plan
- IDA Pro Setup - IDA Pro 9.2 installation and configuration
- Binary Ninja Assessment - Tool evaluation and recommendation
- Batch Analysis Workflow - Automated analysis of 197 binaries
2. Architecture
Understand the system design:
- Architecture Overview - High-level system architecture
- Modern VPN Design - Design principles and patterns
- WolfSentry Integration - Embedded firewall integration
- Components - Detailed component breakdown
3. API Reference
Integrate with WolfGuard programmatically:
- REST API - Complete REST API documentation
- Configuration API - Dynamic configuration management
- Monitoring API - Metrics and health endpoints
- Webhooks - Event-driven integrations
4. Code Examples
Learn by example:
- C23 Examples - Modern C programming examples
- WolfSSL Integration - Cryptographic API usage
- Custom Authentication - Implement custom auth methods
- Plugins - Extend functionality with plugins
5. Protocol Implementation
Deep dive into protocol details:
- OpenConnect v1.2 - Protocol specification implementation
- Cisco Compatibility - Ensure client compatibility
- TLS/DTLS - Transport layer security
- Protocol Extensions - Custom protocol extensions
6. Integration
Connect WolfGuard to external systems:
- External Authentication - Integrate with external auth systems
- Single Sign-On (SSO) - SAML, OAuth2, OIDC integration
- Scripts & Hooks - Lifecycle hooks and scripts
- Event Hooks - React to system events
7. Testing
Ensure quality and compatibility:
- Unit Tests - Write and run unit tests
- Integration Tests - End-to-end testing
- Compatibility Tests - Test with Cisco clients
Quick Start for Developers
Set Up Development Environment
# Clone the repository
git clone https://github.com/dantte-lp/wolfguard.git
cd wolfguard
# Install dependencies (Ubuntu/Debian)
sudo apt-get install -y \
build-essential cmake \
libwolfssl-dev libev-dev \
libreadline-dev check
# Build with debug symbols
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Debug ..
make -j$(nproc)
# Run tests
make test
Make Your First API Call
# Get server status
curl -X GET https://vpn.example.com/api/v1/status \
-H "Authorization: Bearer YOUR_API_TOKEN"
# List active connections
curl -X GET https://vpn.example.com/api/v1/connections \
-H "Authorization: Bearer YOUR_API_TOKEN"
See REST API Documentation for complete reference.
Architecture Overview
┌─────────────────────────────────────────────────────────┐
│ WolfGuard Architecture │
├─────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ REST API │ │ WebUI │ │ CLI Tool │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │ │
│ └──────────────────┴──────────────────┘ │
│ │ │
│ ┌────────▼────────┐ │
�│ │ Control Plane │ │
│ │ - Auth/Authz │ │
│ │ - Config Mgmt │ │
│ │ - User Mgmt │ │
│ └────────┬────────┘ │
│ │ │
│ ┌─────────────────┴─────────────────┐ │
│ │ │ │
│ ┌──────▼──────┐ ┌──────▼──────┐ │
│ │ TLS/HTTPS │ │ DTLS Tunnel │ │
│ │ Handler │ │ Handler │ │
│ └──────┬──────┘ └──────┬──────┘ │
│ │ │ │
│ └──────────────┬────────────────────┘ │
│ │ │
│ ┌──────▼──────┐ │
│ │ WolfSentry │ │
│ │ Firewall │ │
│ └──────┬──────┘ │
│ │ │
│ ┌──────▼──────┐ │
│ │ IP Stack │ │
│ │ (TUN/TAP) │ │
│ └─────────────┘ │
│ │
└─────────────────────────────────────────────────────────┘
Common Development Tasks
Adding a New API Endpoint
- Define the endpoint in API specification
- Implement the handler in C
- Add authentication and authorization checks
- Write unit tests for the endpoint
- Document in API reference
- Update OpenAPI spec (if applicable)
See REST API Guide for details.
Implementing Custom Authentication
- Create auth module following plugin architecture
- Implement auth interface (validate, authorize)
- Register module in configuration
- Test with real clients
- Document configuration
See Custom Authentication for examples.
Contributing Code
- Fork the repository on GitHub
- Create a feature branch (
git checkout -b feature/my-feature) - Write code following coding standards
- Add tests for new functionality
- Update documentation as needed
- Submit pull request with clear description
See Contributing Guide for details.
Technology Stack
| Component | Technology |
|---|---|
| Language | C23 (ISO/IEC 9899:2023) |
| TLS/Crypto | WolfSSL 5.6.0+ |
| Event Loop | libev |
| Firewall | WolfSentry |
| Build System | CMake 3.20+ |
| Testing | Check, CTest |
| Documentation | Doxygen |
Coding Standards
C23 Best Practices
- Use
nullptrinstead ofNULL - Use
bool,true,falsefrom<stdbool.h> - Use
static_assertfor compile-time checks - Use
_Genericfor type-generic functions - Follow MISRA-C guidelines where applicable
Code Style
// Function naming: snake_case
int wolfguard_auth_validate(const char *username, const char *password);
// Constants: UPPER_SNAKE_CASE
#define WOLFGUARD_MAX_USERS 1000
// Structs: snake_case with _t suffix
typedef struct wolfguard_config_t {
char *server_name;
uint16_t port;
bool tls13_only;
} wolfguard_config_t;
// Error handling: always check return values
int result = wolfguard_init();
if (result != WOLFGUARD_SUCCESS) {
log_error("Initialization failed: %s", wolfguard_strerror(result));
return result;
}
Security Considerations
- Input validation - Validate all external input
- Buffer safety - Use safe string functions
- Constant-time comparisons - For cryptographic operations
- Secure memory - Zero sensitive data after use
- Least privilege - Drop privileges as early as possible
API Design Principles
- RESTful - Follow REST conventions
- Versioned - API version in URL (
/api/v1/) - Authenticated - All endpoints require authentication
- JSON - Use JSON for request/response bodies
- Idempotent - GET/PUT/DELETE operations are idempotent
- Documented - Complete OpenAPI specification
Performance Optimization
Connection Handling
- Zero-copy where possible
- Connection pooling for database
- Async I/O with libev event loop
- Caching for frequently accessed data
Memory Management
- Arena allocators for temporary allocations
- Object pools for frequently created/destroyed objects
- Reference counting for shared resources
- Valgrind testing to detect leaks
Debugging Tools
| Tool | Purpose |
|---|---|
| GDB | Interactive debugging |
| Valgrind | Memory leak detection |
| AddressSanitizer | Memory error detection |
| strace | System call tracing |
| tcpdump/Wireshark | Network protocol analysis |
| perf | Performance profiling |
Related Guides
- Network Engineering - Protocol deep dive
- Administration - Deployment and configuration
- DevOps - Container deployment
Resources
- Architecture Documentation - Detailed design
- API Reference - Complete API docs
- Code Examples - Learn by example
- Contributing Guide - How to contribute
- GitHub Repository - Source code
Ready to start developing? Check out the Architecture Overview or dive into Code Examples