diff options
Diffstat (limited to 'src/plugins/wireguard/wireguard_peer.h')
| -rw-r--r-- | src/plugins/wireguard/wireguard_peer.h | 90 |
1 files changed, 79 insertions, 11 deletions
diff --git a/src/plugins/wireguard/wireguard_peer.h b/src/plugins/wireguard/wireguard_peer.h index b60c669ac0f..613c2640ad1 100644 --- a/src/plugins/wireguard/wireguard_peer.h +++ b/src/plugins/wireguard/wireguard_peer.h @@ -17,6 +17,8 @@ #ifndef __included_wg_peer_h__ #define __included_wg_peer_h__ +#include <vlibapi/api_helper_macros.h> + #include <vnet/ip/ip.h> #include <wireguard/wireguard_cookie.h> @@ -31,13 +33,28 @@ typedef struct ip4_udp_header_t_ udp_header_t udp; } __clib_packed ip4_udp_header_t; -u8 *format_ip4_udp_header (u8 * s, va_list * va); +typedef struct ip4_udp_wg_header_t_ +{ + ip4_header_t ip4; + udp_header_t udp; + message_data_t wg; +} __clib_packed ip4_udp_wg_header_t; + +typedef struct ip6_udp_header_t_ +{ + ip6_header_t ip6; + udp_header_t udp; +} __clib_packed ip6_udp_header_t; -typedef struct wg_peer_allowed_ip_t_ +typedef struct ip6_udp_wg_header_t_ { - fib_prefix_t prefix; - fib_node_index_t fib_entry_index; -} wg_peer_allowed_ip_t; + ip6_header_t ip6; + udp_header_t udp; + message_data_t wg; +} __clib_packed ip6_udp_wg_header_t; + +u8 *format_ip4_udp_header (u8 * s, va_list * va); +u8 *format_ip6_udp_header (u8 *s, va_list *va); typedef struct wg_peer_endpoint_t_ { @@ -45,6 +62,12 @@ typedef struct wg_peer_endpoint_t_ u16 port; } wg_peer_endpoint_t; +typedef enum +{ + WG_PEER_STATUS_DEAD = 0x1, + WG_PEER_ESTABLISHED = 0x2, +} wg_peer_flags; + typedef struct wg_peer { noise_remote_t remote; @@ -57,17 +80,22 @@ typedef struct wg_peer wg_peer_endpoint_t dst; wg_peer_endpoint_t src; u32 table_id; - adj_index_t adj_index; + adj_index_t *adj_indices; /* rewrite built from address information */ u8 *rewrite; /* Vector of allowed-ips */ - wg_peer_allowed_ip_t *allowed_ips; + fib_prefix_t *allowed_ips; /* The WG interface this peer is attached to */ u32 wg_sw_if_index; + /* API client registered for events */ + vpe_client_registration_t *api_clients; + uword *api_client_by_client_index; + wg_peer_flags flags; + /* Timers */ tw_timer_wheel_16t_2w_512sl_t *timer_wheel; u32 timers[WG_N_TIMERS]; @@ -88,7 +116,8 @@ typedef struct wg_peer bool timer_need_another_keepalive; - bool is_dead; + /* Handshake is sent to main thread? */ + bool handshake_is_sent; } wg_peer_t; typedef struct wg_peer_table_bind_ctx_t_ @@ -111,9 +140,23 @@ index_t wg_peer_walk (wg_peer_walk_cb_t fn, void *data); u8 *format_wg_peer (u8 * s, va_list * va); -walk_rc_t wg_peer_if_admin_state_change (wg_if_t * wgi, index_t peeri, - void *data); -walk_rc_t wg_peer_if_table_change (wg_if_t * wgi, index_t peeri, void *data); +walk_rc_t wg_peer_if_admin_state_change (index_t peeri, void *data); +walk_rc_t wg_peer_if_delete (index_t peeri, void *data); +walk_rc_t wg_peer_if_adj_change (index_t peeri, void *data); +adj_walk_rc_t wg_peer_adj_walk (adj_index_t ai, void *data); + +void wg_api_peer_event (index_t peeri, wg_peer_flags flags); +void wg_peer_update_flags (index_t peeri, wg_peer_flags flag, bool add_del); +void wg_peer_update_endpoint (index_t peeri, const ip46_address_t *addr, + u16 port); +void wg_peer_update_endpoint_from_mt (index_t peeri, + const ip46_address_t *addr, u16 port); + +static inline bool +wg_peer_is_dead (wg_peer_t *peer) +{ + return peer && peer->flags & WG_PEER_STATUS_DEAD; +} /* * Expoed for the data-plane @@ -130,6 +173,8 @@ wg_peer_get (index_t peeri) static inline index_t wg_peer_get_by_adj_index (index_t ai) { + if (ai >= vec_len (wg_peer_by_adj_index)) + return INDEX_INVALID; return (wg_peer_by_adj_index[ai]); } @@ -145,6 +190,29 @@ wg_peer_assign_thread (u32 thread_id) 1) : thread_id)); } +static_always_inline bool +fib_prefix_is_cover_addr_46 (const fib_prefix_t *p1, const ip46_address_t *ip) +{ + switch (p1->fp_proto) + { + case FIB_PROTOCOL_IP4: + return (ip4_destination_matches_route (&ip4_main, &p1->fp_addr.ip4, + &ip->ip4, p1->fp_len) != 0); + case FIB_PROTOCOL_IP6: + return (ip6_destination_matches_route (&ip6_main, &p1->fp_addr.ip6, + &ip->ip6, p1->fp_len) != 0); + case FIB_PROTOCOL_MPLS: + break; + } + return (false); +} + +static inline bool +wg_peer_can_send (wg_peer_t *peer) +{ + return peer && peer->rewrite; +} + #endif // __included_wg_peer_h__ /* |