diff options
author | Artem Glazychev <artem.glazychev@xored.com> | 2020-08-31 17:12:30 +0700 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2020-09-09 11:57:48 +0000 |
commit | edca1325cf296bd0f5ff422fc12de2ce7a7bad88 (patch) | |
tree | fb12d12bd4193c5b2c7559d98aba9dc5d2f14e85 /src/plugins/wireguard/wireguard_peer.h | |
parent | ef80ad6bff03e3cc35950de0e15e4821ef3f7c04 (diff) |
wireguard: initial implementation of wireguard protocol
Type: feature
The main information about plugin you can see in README.md
vpp# wireguard ?
wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key]
wireguard delete wireguard delete <interface>
wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval]
wireguard peer remove wireguard peer remove <index>
Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jim Thompson <jim@netgate.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins/wireguard/wireguard_peer.h')
-rwxr-xr-x | src/plugins/wireguard/wireguard_peer.h | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/src/plugins/wireguard/wireguard_peer.h b/src/plugins/wireguard/wireguard_peer.h new file mode 100755 index 00000000000..99c73f3a0ed --- /dev/null +++ b/src/plugins/wireguard/wireguard_peer.h @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2020 Doc.ai and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __included_wg_peer_h__ +#define __included_wg_peer_h__ + +#include <vnet/ip/ip.h> + +#include <wireguard/wireguard_cookie.h> +#include <wireguard/wireguard_timer.h> +#include <wireguard/wireguard_key.h> +#include <wireguard/wireguard_messages.h> +#include <wireguard/wireguard_if.h> + +typedef struct ip4_udp_header_t_ +{ + ip4_header_t ip4; + udp_header_t udp; +} __clib_packed ip4_udp_header_t; + +u8 *format_ip4_udp_header (u8 * s, va_list * va); + +typedef struct wg_peer_allowed_ip_t_ +{ + fib_prefix_t prefix; + fib_node_index_t fib_entry_index; +} wg_peer_allowed_ip_t; + +typedef struct wg_peer_endpoint_t_ +{ + ip46_address_t addr; + u16 port; +} wg_peer_endpoint_t; + +typedef struct wg_peer +{ + noise_remote_t remote; + cookie_maker_t cookie_maker; + + /* Peer addresses */ + wg_peer_endpoint_t dst; + wg_peer_endpoint_t src; + u32 table_id; + adj_index_t adj_index; + + /* rewrite built from address information */ + u8 *rewrite; + + /* Vector of allowed-ips */ + wg_peer_allowed_ip_t *allowed_ips; + + /* The WG interface this peer is attached to */ + u32 wg_sw_if_index; + + /* Timers */ + tw_timer_wheel_16t_2w_512sl_t timer_wheel; + u32 timers[WG_N_TIMERS]; + u32 timer_handshake_attempts; + u16 persistent_keepalive_interval; + f64 last_sent_handshake; + bool timer_need_another_keepalive; + + bool is_dead; +} wg_peer_t; + +typedef struct wg_peer_table_bind_ctx_t_ +{ + ip_address_family_t af; + u32 new_fib_index; + u32 old_fib_index; +} wg_peer_table_bind_ctx_t; + +int wg_peer_add (u32 tun_sw_if_index, + const u8 public_key_64[NOISE_PUBLIC_KEY_LEN], + u32 table_id, + const ip46_address_t * endpoint, + const fib_prefix_t * allowed_ips, + u16 port, u16 persistent_keepalive, index_t * peer_index); +int wg_peer_remove (u32 peer_index); + +typedef walk_rc_t (*wg_peer_walk_cb_t) (index_t peeri, void *arg); +void wg_peer_walk (wg_peer_walk_cb_t fn, void *data); + +u8 *format_wg_peer (u8 * s, va_list * va); +wg_peer_t *wg_peer_get (index_t peeri); + +walk_rc_t wg_peer_if_admin_state_change (wg_if_t * wgi, index_t peeri, + void *data); +walk_rc_t wg_peer_if_table_change (wg_if_t * wgi, index_t peeri, void *data); + +/* + * Expoed for the data-plane + */ +extern index_t *wg_peer_by_adj_index; + +static inline wg_peer_t * +wg_peer_get_by_adj_index (index_t ai) +{ + return wg_peer_get (wg_peer_by_adj_index[ai]); +} + +#endif // __included_wg_peer_h__ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |