summaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard/wireguard_cli.c
diff options
context:
space:
mode:
authorArtem Glazychev <artem.glazychev@xored.com>2020-08-31 17:12:30 +0700
committerDamjan Marion <dmarion@me.com>2020-09-09 11:57:48 +0000
commitedca1325cf296bd0f5ff422fc12de2ce7a7bad88 (patch)
treefb12d12bd4193c5b2c7559d98aba9dc5d2f14e85 /src/plugins/wireguard/wireguard_cli.c
parentef80ad6bff03e3cc35950de0e15e4821ef3f7c04 (diff)
wireguard: initial implementation of wireguard protocol
Type: feature The main information about plugin you can see in README.md vpp# wireguard ? wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key] wireguard delete wireguard delete <interface> wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval] wireguard peer remove wireguard peer remove <index> Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jim Thompson <jim@netgate.com> Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins/wireguard/wireguard_cli.c')
-rwxr-xr-xsrc/plugins/wireguard/wireguard_cli.c358
1 files changed, 358 insertions, 0 deletions
diff --git a/src/plugins/wireguard/wireguard_cli.c b/src/plugins/wireguard/wireguard_cli.c
new file mode 100755
index 00000000000..7fdccdc64b3
--- /dev/null
+++ b/src/plugins/wireguard/wireguard_cli.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright (c) 2020 Doc.ai and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <wireguard/wireguard.h>
+#include <wireguard/wireguard_key.h>
+#include <wireguard/wireguard_peer.h>
+#include <wireguard/wireguard_if.h>
+
+static clib_error_t *
+wg_if_create_cli (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ u8 private_key[NOISE_PUBLIC_KEY_LEN];
+ u32 instance, sw_if_index;
+ ip_address_t src_ip;
+ clib_error_t *error;
+ u8 *private_key_64;
+ u32 port, generate_key = 0;
+ int rv;
+
+ error = NULL;
+ instance = sw_if_index = ~0;
+ private_key_64 = 0;
+ port = 0;
+
+ if (unformat_user (input, unformat_line_input, line_input))
+ {
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "instance %d", &instance))
+ ;
+ else if (unformat (line_input, "private-key %s", &private_key_64))
+ {
+ if (!(key_from_base64 (private_key_64,
+ NOISE_KEY_LEN_BASE64, private_key)))
+ {
+ error = clib_error_return (0, "Error parsing private key");
+ break;
+ }
+ }
+ else if (unformat (line_input, "listen-port %d", &port))
+ ;
+ else if (unformat (line_input, "port %d", &port))
+ ;
+ else if (unformat (line_input, "generate-key"))
+ generate_key = 1;
+ else
+ if (unformat (line_input, "src %U", unformat_ip_address, &src_ip))
+ ;
+ else
+ {
+ error = clib_error_return (0, "unknown input: %U",
+ format_unformat_error, line_input);
+ break;
+ }
+ }
+
+ unformat_free (line_input);
+
+ if (error)
+ return error;
+ }
+
+ if (generate_key)
+ curve25519_gen_secret (private_key);
+
+ rv = wg_if_create (instance, private_key, port, &src_ip, &sw_if_index);
+
+ if (rv)
+ return clib_error_return (0, "wireguard interface create failed");
+
+ vlib_cli_output (vm, "%U\n", format_vnet_sw_if_index_name, vnet_get_main (),
+ sw_if_index);
+ return 0;
+}
+
+/*?
+ * Create a Wireguard interface.
+?*/
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (wg_if_create_command, static) = {
+ .path = "wireguard create",
+ .short_help = "wireguard create listen-port <port> "
+ "private-key <key> src <IP> [generate-key]",
+ .function = wg_if_create_cli,
+};
+/* *INDENT-ON* */
+
+static clib_error_t *
+wg_if_delete_cli (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ vnet_main_t *vnm;
+ u32 sw_if_index;
+ int rv;
+
+ vnm = vnet_get_main ();
+ sw_if_index = ~0;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat
+ (input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index))
+ ;
+ else
+ break;
+ }
+
+ if (~0 != sw_if_index)
+ {
+ rv = wg_if_delete (sw_if_index);
+
+ if (rv)
+ return clib_error_return (0, "wireguard interface delete failed");
+ }
+ else
+ return clib_error_return (0, "no such interface: %U",
+ format_unformat_error, input);
+
+ return 0;
+}
+
+/*?
+ * Delete a Wireguard interface.
+?*/
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (wg_if_delete_command, static) = {
+ .path = "wireguard delete",
+ .short_help = "wireguard delete <interface>",
+ .function = wg_if_delete_cli,
+};
+/* *INDENT-ON* */
+
+
+static clib_error_t *
+wg_peer_add_command_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ vnet_main_t *vnm = vnet_get_main ();
+ clib_error_t *error = NULL;
+ unformat_input_t _line_input, *line_input = &_line_input;
+
+ u8 *public_key_64 = 0;
+ u8 public_key[NOISE_PUBLIC_KEY_LEN];
+ fib_prefix_t allowed_ip, *allowed_ips = NULL;
+ ip_prefix_t pfx;
+ ip_address_t ip;
+ u32 portDst = 0, table_id = 0;
+ u32 persistent_keepalive = 0;
+ u32 tun_sw_if_index = ~0;
+ u32 peer_index;
+ int rv;
+
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "public-key %s", &public_key_64))
+ {
+ if (!(key_from_base64 (public_key_64,
+ NOISE_KEY_LEN_BASE64, public_key)))
+ {
+ error = clib_error_return (0, "Error parsing private key");
+ goto done;
+ }
+ }
+ else if (unformat (line_input, "endpoint %U", unformat_ip_address, &ip))
+ ;
+ else if (unformat (line_input, "table-id %d", &table_id))
+ ;
+ else if (unformat (line_input, "port %d", &portDst))
+ ;
+ else if (unformat (line_input, "persistent-keepalive %d",
+ &persistent_keepalive))
+ ;
+ else if (unformat (line_input, "allowed-ip %U",
+ unformat_ip_prefix, &pfx))
+ {
+ ip_prefix_to_fib_prefix (&pfx, &allowed_ip);
+ vec_add1 (allowed_ips, allowed_ip);
+ }
+ else if (unformat (line_input, "%U",
+ unformat_vnet_sw_interface, vnm, &tun_sw_if_index))
+ ;
+ else
+ {
+ error = clib_error_return (0, "Input error");
+ goto done;
+ }
+ }
+
+ if (AF_IP6 == ip_addr_version (&ip) ||
+ FIB_PROTOCOL_IP6 == allowed_ip.fp_proto)
+ rv = VNET_API_ERROR_INVALID_PROTOCOL;
+ else
+ rv = wg_peer_add (tun_sw_if_index,
+ public_key,
+ table_id,
+ &ip_addr_46 (&ip),
+ allowed_ips,
+ portDst, persistent_keepalive, &peer_index);
+
+ switch (rv)
+ {
+ case VNET_API_ERROR_KEY_LENGTH:
+ error = clib_error_return (0, "Error parsing public key");
+ break;
+ case VNET_API_ERROR_ENTRY_ALREADY_EXISTS:
+ error = clib_error_return (0, "Peer already exist");
+ break;
+ case VNET_API_ERROR_INVALID_SW_IF_INDEX:
+ error = clib_error_return (0, "Tunnel is not specified");
+ break;
+ case VNET_API_ERROR_LIMIT_EXCEEDED:
+ error = clib_error_return (0, "Max peers limit");
+ break;
+ case VNET_API_ERROR_INIT_FAILED:
+ error = clib_error_return (0, "wireguard device parameters is not set");
+ break;
+ case VNET_API_ERROR_INVALID_PROTOCOL:
+ error = clib_error_return (0, "ipv6 not supported yet");
+ break;
+ }
+
+done:
+ vec_free (public_key_64);
+ vec_free (allowed_ips);
+ unformat_free (line_input);
+ return error;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (wg_peer_add_command, static) =
+{
+ .path = "wireguard peer add",
+ .short_help = "wireguard peer add <wg_int> public-key <pub_key_other>"
+ "endpoint <ip4_dst> allowed-ip <prefix>"
+ "dst-port [port_dst] persistent-keepalive [keepalive_interval]",
+ .function = wg_peer_add_command_fn,
+};
+/* *INDENT-ON* */
+
+static clib_error_t *
+wg_peer_remove_command_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ clib_error_t *error = NULL;
+ u32 peer_index;
+ int rv;
+
+ unformat_input_t _line_input, *line_input = &_line_input;
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ if (unformat (line_input, "%d", &peer_index))
+ ;
+ else
+ {
+ error = clib_error_return (0, "Input error");
+ goto done;
+ }
+
+ rv = wg_peer_remove (peer_index);
+
+ switch (rv)
+ {
+ case VNET_API_ERROR_KEY_LENGTH:
+ error = clib_error_return (0, "Error parsing public key");
+ break;
+ }
+
+done:
+ unformat_free (line_input);
+ return error;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (wg_peer_remove_command, static) =
+{
+ .path = "wireguard peer remove",
+ .short_help = "wireguard peer remove <index>",
+ .function = wg_peer_remove_command_fn,
+};
+/* *INDENT-ON* */
+
+static walk_rc_t
+wg_peer_show_one (index_t peeri, void *arg)
+{
+ vlib_cli_output (arg, "%U", format_wg_peer, peeri);
+
+ return (WALK_CONTINUE);
+}
+
+static clib_error_t *
+wg_show_peer_command_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ wg_peer_walk (wg_peer_show_one, vm);
+
+ return NULL;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (wg_show_peers_command, static) =
+{
+ .path = "show wireguard peer",
+ .short_help = "show wireguard peer",
+ .function = wg_show_peer_command_fn,
+};
+/* *INDENT-ON* */
+
+static walk_rc_t
+wg_if_show_one (index_t itfi, void *arg)
+{
+ vlib_cli_output (arg, "%U", format_wg_if, itfi);
+
+ return (WALK_CONTINUE);
+}
+
+static clib_error_t *
+wg_show_if_command_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ wg_if_walk (wg_if_show_one, vm);
+
+ return NULL;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (wg_show_itfs_command, static) =
+{
+ .path = "show wireguard interface",
+ .short_help = "show wireguard",
+ .function = wg_show_if_command_fn,
+};
+/* *INDENT-ON* */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */