diff options
author | Artem Glazychev <artem.glazychev@xored.com> | 2020-08-31 17:12:30 +0700 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2020-09-09 11:57:48 +0000 |
commit | edca1325cf296bd0f5ff422fc12de2ce7a7bad88 (patch) | |
tree | fb12d12bd4193c5b2c7559d98aba9dc5d2f14e85 /src/plugins/wireguard/wireguard_api.c | |
parent | ef80ad6bff03e3cc35950de0e15e4821ef3f7c04 (diff) |
wireguard: initial implementation of wireguard protocol
Type: feature
The main information about plugin you can see in README.md
vpp# wireguard ?
wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key]
wireguard delete wireguard delete <interface>
wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval]
wireguard peer remove wireguard peer remove <index>
Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jim Thompson <jim@netgate.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins/wireguard/wireguard_api.c')
-rwxr-xr-x | src/plugins/wireguard/wireguard_api.c | 278 |
1 files changed, 278 insertions, 0 deletions
diff --git a/src/plugins/wireguard/wireguard_api.c b/src/plugins/wireguard/wireguard_api.c new file mode 100755 index 00000000000..e107cb56b4b --- /dev/null +++ b/src/plugins/wireguard/wireguard_api.c @@ -0,0 +1,278 @@ +/* + * Copyright (c) 2020 Doc.ai and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <vnet/vnet.h> +#include <vlibmemory/api.h> + +#include <vnet/format_fns.h> +#include <vnet/ip/ip_types_api.h> +#include <vlibapi/api.h> + +#include <wireguard/wireguard.api_enum.h> +#include <wireguard/wireguard.api_types.h> + +#include <wireguard/wireguard_key.h> +#include <wireguard/wireguard.h> +#include <wireguard/wireguard_if.h> +#include <wireguard/wireguard_peer.h> + +#define REPLY_MSG_ID_BASE wmp->msg_id_base +#include <vlibapi/api_helper_macros.h> + +static void + vl_api_wireguard_interface_create_t_handler + (vl_api_wireguard_interface_create_t * mp) +{ + vl_api_wireguard_interface_create_reply_t *rmp; + wg_main_t *wmp = &wg_main; + u8 private_key[NOISE_PUBLIC_KEY_LEN]; + ip_address_t src; + u32 sw_if_index; + int rv = 0; + + ip_address_decode2 (&mp->interface.src_ip, &src); + + if (AF_IP6 == ip_addr_version (&src)) + rv = VNET_API_ERROR_INVALID_PROTOCOL; + else + { + if (mp->generate_key) + curve25519_gen_secret (private_key); + else + clib_memcpy (private_key, mp->interface.private_key, + NOISE_PUBLIC_KEY_LEN); + + rv = wg_if_create (ntohl (mp->interface.user_instance), private_key, + ntohs (mp->interface.port), &src, &sw_if_index); + } + + /* *INDENT-OFF* */ + REPLY_MACRO2(VL_API_WIREGUARD_INTERFACE_CREATE_REPLY, + { + rmp->sw_if_index = htonl(sw_if_index); + }); + /* *INDENT-ON* */ +} + +static void + vl_api_wireguard_interface_delete_t_handler + (vl_api_wireguard_interface_delete_t * mp) +{ + vl_api_wireguard_interface_delete_reply_t *rmp; + wg_main_t *wmp = &wg_main; + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = wg_if_delete (ntohl (mp->sw_if_index)); + + BAD_SW_IF_INDEX_LABEL; + + /* *INDENT-OFF* */ + REPLY_MACRO(VL_API_WIREGUARD_INTERFACE_DELETE_REPLY); + /* *INDENT-ON* */ +} + +typedef struct wg_deatils_walk_t_ +{ + vl_api_registration_t *reg; + u32 context; +} wg_deatils_walk_t; + +static walk_rc_t +wireguard_if_send_details (index_t wgii, void *data) +{ + vl_api_wireguard_interface_details_t *rmp; + wg_deatils_walk_t *ctx = data; + const wg_if_t *wgi; + + wgi = wg_if_get (wgii); + + rmp = vl_msg_api_alloc_zero (sizeof (*rmp)); + rmp->_vl_msg_id = htons (VL_API_WIREGUARD_INTERFACE_DETAILS + + wg_main.msg_id_base); + + clib_memcpy (rmp->interface.private_key, + wgi->local.l_private, NOISE_PUBLIC_KEY_LEN); + rmp->interface.sw_if_index = htonl (wgi->sw_if_index); + rmp->interface.port = htons (wgi->port); + ip_address_encode2 (&wgi->src_ip, &rmp->interface.src_ip); + + rmp->context = ctx->context; + + vl_api_send_msg (ctx->reg, (u8 *) rmp); + + return (WALK_CONTINUE); +} + +static void +vl_api_wireguard_interface_dump_t_handler (vl_api_wireguard_interface_dump_t * + mp) +{ + vl_api_registration_t *reg; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (reg == 0) + return; + + wg_deatils_walk_t ctx = { + .reg = reg, + .context = mp->context, + }; + + wg_if_walk (wireguard_if_send_details, &ctx); +} + +static void +vl_api_wireguard_peer_add_t_handler (vl_api_wireguard_peer_add_t * mp) +{ + vl_api_wireguard_peer_add_reply_t *rmp; + wg_main_t *wmp = &wg_main; + index_t peeri; + int ii, rv = 0; + + ip_address_t endpoint; + fib_prefix_t *allowed_ips = NULL; + + VALIDATE_SW_IF_INDEX (&(mp->peer)); + + if (0 == mp->peer.n_allowed_ips) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto done; + } + + vec_validate (allowed_ips, mp->peer.n_allowed_ips - 1); + ip_address_decode2 (&mp->peer.endpoint, &endpoint); + + for (ii = 0; ii < mp->peer.n_allowed_ips; ii++) + ip_prefix_decode (&mp->peer.allowed_ips[ii], &allowed_ips[ii]); + + if (AF_IP6 == ip_addr_version (&endpoint) || + FIB_PROTOCOL_IP6 == allowed_ips[0].fp_proto) + /* ip6 currently not supported, but the API needs to support it + * else we'll need to change it later, and that's a PITA */ + rv = VNET_API_ERROR_INVALID_PROTOCOL; + else + rv = wg_peer_add (ntohl (mp->peer.sw_if_index), + mp->peer.public_key, + ntohl (mp->peer.table_id), + &ip_addr_46 (&endpoint), + allowed_ips, + ntohs (mp->peer.port), + ntohs (mp->peer.persistent_keepalive), &peeri); + + vec_free (allowed_ips); +done: + BAD_SW_IF_INDEX_LABEL; + /* *INDENT-OFF* */ + REPLY_MACRO2(VL_API_WIREGUARD_PEER_ADD_REPLY, + { + rmp->peer_index = ntohl (peeri); + }); + /* *INDENT-ON* */ +} + +static void +vl_api_wireguard_peer_remove_t_handler (vl_api_wireguard_peer_remove_t * mp) +{ + vl_api_wireguard_peer_remove_reply_t *rmp; + wg_main_t *wmp = &wg_main; + int rv = 0; + + rv = wg_peer_remove (ntohl (mp->peer_index)); + + /* *INDENT-OFF* */ + REPLY_MACRO(VL_API_WIREGUARD_PEER_REMOVE_REPLY); + /* *INDENT-ON* */ +} + +static walk_rc_t +send_wg_peers_details (index_t peeri, void *data) +{ + vl_api_wireguard_peers_details_t *rmp; + wg_deatils_walk_t *ctx = data; + const wg_peer_t *peer; + u8 n_allowed_ips; + size_t ss; + + peer = wg_peer_get (peeri); + n_allowed_ips = vec_len (peer->allowed_ips); + + ss = (sizeof (*rmp) + (n_allowed_ips * sizeof (rmp->peer.allowed_ips[0]))); + + rmp = vl_msg_api_alloc_zero (ss); + + rmp->_vl_msg_id = htons (VL_API_WIREGUARD_PEERS_DETAILS + + wg_main.msg_id_base); + + if (peer->is_dead) + rmp->peer.flags = WIREGUARD_PEER_STATUS_DEAD; + clib_memcpy (rmp->peer.public_key, + peer->remote.r_public, NOISE_PUBLIC_KEY_LEN); + + ip_address_encode (&peer->dst.addr, IP46_TYPE_ANY, &rmp->peer.endpoint); + rmp->peer.port = htons (peer->dst.port); + rmp->peer.n_allowed_ips = n_allowed_ips; + rmp->peer.sw_if_index = htonl (peer->wg_sw_if_index); + + int ii; + for (ii = 0; ii < n_allowed_ips; ii++) + ip_prefix_encode (&peer->allowed_ips[ii].prefix, + &rmp->peer.allowed_ips[ii]); + + rmp->context = ctx->context; + + vl_api_send_msg (ctx->reg, (u8 *) rmp); + + return (WALK_CONTINUE); +} + +static void +vl_api_wireguard_peers_dump_t_handler (vl_api_wireguard_peers_dump_t * mp) +{ + vl_api_registration_t *reg; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (reg == NULL) + return; + + wg_deatils_walk_t ctx = { + .reg = reg, + .context = mp->context, + }; + + wg_peer_walk (send_wg_peers_details, &ctx); +} + +/* set tup the API message handling tables */ +#include <wireguard/wireguard.api.c> +static clib_error_t * +wg_api_hookup (vlib_main_t * vm) +{ + wg_main_t *wmp = &wg_main; + wmp->msg_id_base = setup_message_id_table (); + return 0; +} + +VLIB_API_INIT_FUNCTION (wg_api_hookup); + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |