summaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard/wireguard_api.c
diff options
context:
space:
mode:
authorArtem Glazychev <artem.glazychev@xored.com>2020-08-31 17:12:30 +0700
committerDamjan Marion <dmarion@me.com>2020-09-09 11:57:48 +0000
commitedca1325cf296bd0f5ff422fc12de2ce7a7bad88 (patch)
treefb12d12bd4193c5b2c7559d98aba9dc5d2f14e85 /src/plugins/wireguard/wireguard_api.c
parentef80ad6bff03e3cc35950de0e15e4821ef3f7c04 (diff)
wireguard: initial implementation of wireguard protocol
Type: feature The main information about plugin you can see in README.md vpp# wireguard ? wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key] wireguard delete wireguard delete <interface> wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval] wireguard peer remove wireguard peer remove <index> Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jim Thompson <jim@netgate.com> Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins/wireguard/wireguard_api.c')
-rwxr-xr-xsrc/plugins/wireguard/wireguard_api.c278
1 files changed, 278 insertions, 0 deletions
diff --git a/src/plugins/wireguard/wireguard_api.c b/src/plugins/wireguard/wireguard_api.c
new file mode 100755
index 00000000000..e107cb56b4b
--- /dev/null
+++ b/src/plugins/wireguard/wireguard_api.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright (c) 2020 Doc.ai and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vnet/vnet.h>
+#include <vlibmemory/api.h>
+
+#include <vnet/format_fns.h>
+#include <vnet/ip/ip_types_api.h>
+#include <vlibapi/api.h>
+
+#include <wireguard/wireguard.api_enum.h>
+#include <wireguard/wireguard.api_types.h>
+
+#include <wireguard/wireguard_key.h>
+#include <wireguard/wireguard.h>
+#include <wireguard/wireguard_if.h>
+#include <wireguard/wireguard_peer.h>
+
+#define REPLY_MSG_ID_BASE wmp->msg_id_base
+#include <vlibapi/api_helper_macros.h>
+
+static void
+ vl_api_wireguard_interface_create_t_handler
+ (vl_api_wireguard_interface_create_t * mp)
+{
+ vl_api_wireguard_interface_create_reply_t *rmp;
+ wg_main_t *wmp = &wg_main;
+ u8 private_key[NOISE_PUBLIC_KEY_LEN];
+ ip_address_t src;
+ u32 sw_if_index;
+ int rv = 0;
+
+ ip_address_decode2 (&mp->interface.src_ip, &src);
+
+ if (AF_IP6 == ip_addr_version (&src))
+ rv = VNET_API_ERROR_INVALID_PROTOCOL;
+ else
+ {
+ if (mp->generate_key)
+ curve25519_gen_secret (private_key);
+ else
+ clib_memcpy (private_key, mp->interface.private_key,
+ NOISE_PUBLIC_KEY_LEN);
+
+ rv = wg_if_create (ntohl (mp->interface.user_instance), private_key,
+ ntohs (mp->interface.port), &src, &sw_if_index);
+ }
+
+ /* *INDENT-OFF* */
+ REPLY_MACRO2(VL_API_WIREGUARD_INTERFACE_CREATE_REPLY,
+ {
+ rmp->sw_if_index = htonl(sw_if_index);
+ });
+ /* *INDENT-ON* */
+}
+
+static void
+ vl_api_wireguard_interface_delete_t_handler
+ (vl_api_wireguard_interface_delete_t * mp)
+{
+ vl_api_wireguard_interface_delete_reply_t *rmp;
+ wg_main_t *wmp = &wg_main;
+ int rv = 0;
+
+ VALIDATE_SW_IF_INDEX (mp);
+
+ rv = wg_if_delete (ntohl (mp->sw_if_index));
+
+ BAD_SW_IF_INDEX_LABEL;
+
+ /* *INDENT-OFF* */
+ REPLY_MACRO(VL_API_WIREGUARD_INTERFACE_DELETE_REPLY);
+ /* *INDENT-ON* */
+}
+
+typedef struct wg_deatils_walk_t_
+{
+ vl_api_registration_t *reg;
+ u32 context;
+} wg_deatils_walk_t;
+
+static walk_rc_t
+wireguard_if_send_details (index_t wgii, void *data)
+{
+ vl_api_wireguard_interface_details_t *rmp;
+ wg_deatils_walk_t *ctx = data;
+ const wg_if_t *wgi;
+
+ wgi = wg_if_get (wgii);
+
+ rmp = vl_msg_api_alloc_zero (sizeof (*rmp));
+ rmp->_vl_msg_id = htons (VL_API_WIREGUARD_INTERFACE_DETAILS +
+ wg_main.msg_id_base);
+
+ clib_memcpy (rmp->interface.private_key,
+ wgi->local.l_private, NOISE_PUBLIC_KEY_LEN);
+ rmp->interface.sw_if_index = htonl (wgi->sw_if_index);
+ rmp->interface.port = htons (wgi->port);
+ ip_address_encode2 (&wgi->src_ip, &rmp->interface.src_ip);
+
+ rmp->context = ctx->context;
+
+ vl_api_send_msg (ctx->reg, (u8 *) rmp);
+
+ return (WALK_CONTINUE);
+}
+
+static void
+vl_api_wireguard_interface_dump_t_handler (vl_api_wireguard_interface_dump_t *
+ mp)
+{
+ vl_api_registration_t *reg;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (reg == 0)
+ return;
+
+ wg_deatils_walk_t ctx = {
+ .reg = reg,
+ .context = mp->context,
+ };
+
+ wg_if_walk (wireguard_if_send_details, &ctx);
+}
+
+static void
+vl_api_wireguard_peer_add_t_handler (vl_api_wireguard_peer_add_t * mp)
+{
+ vl_api_wireguard_peer_add_reply_t *rmp;
+ wg_main_t *wmp = &wg_main;
+ index_t peeri;
+ int ii, rv = 0;
+
+ ip_address_t endpoint;
+ fib_prefix_t *allowed_ips = NULL;
+
+ VALIDATE_SW_IF_INDEX (&(mp->peer));
+
+ if (0 == mp->peer.n_allowed_ips)
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto done;
+ }
+
+ vec_validate (allowed_ips, mp->peer.n_allowed_ips - 1);
+ ip_address_decode2 (&mp->peer.endpoint, &endpoint);
+
+ for (ii = 0; ii < mp->peer.n_allowed_ips; ii++)
+ ip_prefix_decode (&mp->peer.allowed_ips[ii], &allowed_ips[ii]);
+
+ if (AF_IP6 == ip_addr_version (&endpoint) ||
+ FIB_PROTOCOL_IP6 == allowed_ips[0].fp_proto)
+ /* ip6 currently not supported, but the API needs to support it
+ * else we'll need to change it later, and that's a PITA */
+ rv = VNET_API_ERROR_INVALID_PROTOCOL;
+ else
+ rv = wg_peer_add (ntohl (mp->peer.sw_if_index),
+ mp->peer.public_key,
+ ntohl (mp->peer.table_id),
+ &ip_addr_46 (&endpoint),
+ allowed_ips,
+ ntohs (mp->peer.port),
+ ntohs (mp->peer.persistent_keepalive), &peeri);
+
+ vec_free (allowed_ips);
+done:
+ BAD_SW_IF_INDEX_LABEL;
+ /* *INDENT-OFF* */
+ REPLY_MACRO2(VL_API_WIREGUARD_PEER_ADD_REPLY,
+ {
+ rmp->peer_index = ntohl (peeri);
+ });
+ /* *INDENT-ON* */
+}
+
+static void
+vl_api_wireguard_peer_remove_t_handler (vl_api_wireguard_peer_remove_t * mp)
+{
+ vl_api_wireguard_peer_remove_reply_t *rmp;
+ wg_main_t *wmp = &wg_main;
+ int rv = 0;
+
+ rv = wg_peer_remove (ntohl (mp->peer_index));
+
+ /* *INDENT-OFF* */
+ REPLY_MACRO(VL_API_WIREGUARD_PEER_REMOVE_REPLY);
+ /* *INDENT-ON* */
+}
+
+static walk_rc_t
+send_wg_peers_details (index_t peeri, void *data)
+{
+ vl_api_wireguard_peers_details_t *rmp;
+ wg_deatils_walk_t *ctx = data;
+ const wg_peer_t *peer;
+ u8 n_allowed_ips;
+ size_t ss;
+
+ peer = wg_peer_get (peeri);
+ n_allowed_ips = vec_len (peer->allowed_ips);
+
+ ss = (sizeof (*rmp) + (n_allowed_ips * sizeof (rmp->peer.allowed_ips[0])));
+
+ rmp = vl_msg_api_alloc_zero (ss);
+
+ rmp->_vl_msg_id = htons (VL_API_WIREGUARD_PEERS_DETAILS +
+ wg_main.msg_id_base);
+
+ if (peer->is_dead)
+ rmp->peer.flags = WIREGUARD_PEER_STATUS_DEAD;
+ clib_memcpy (rmp->peer.public_key,
+ peer->remote.r_public, NOISE_PUBLIC_KEY_LEN);
+
+ ip_address_encode (&peer->dst.addr, IP46_TYPE_ANY, &rmp->peer.endpoint);
+ rmp->peer.port = htons (peer->dst.port);
+ rmp->peer.n_allowed_ips = n_allowed_ips;
+ rmp->peer.sw_if_index = htonl (peer->wg_sw_if_index);
+
+ int ii;
+ for (ii = 0; ii < n_allowed_ips; ii++)
+ ip_prefix_encode (&peer->allowed_ips[ii].prefix,
+ &rmp->peer.allowed_ips[ii]);
+
+ rmp->context = ctx->context;
+
+ vl_api_send_msg (ctx->reg, (u8 *) rmp);
+
+ return (WALK_CONTINUE);
+}
+
+static void
+vl_api_wireguard_peers_dump_t_handler (vl_api_wireguard_peers_dump_t * mp)
+{
+ vl_api_registration_t *reg;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (reg == NULL)
+ return;
+
+ wg_deatils_walk_t ctx = {
+ .reg = reg,
+ .context = mp->context,
+ };
+
+ wg_peer_walk (send_wg_peers_details, &ctx);
+}
+
+/* set tup the API message handling tables */
+#include <wireguard/wireguard.api.c>
+static clib_error_t *
+wg_api_hookup (vlib_main_t * vm)
+{
+ wg_main_t *wmp = &wg_main;
+ wmp->msg_id_base = setup_message_id_table ();
+ return 0;
+}
+
+VLIB_API_INIT_FUNCTION (wg_api_hookup);
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */