aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard/wireguard_peer.h
blob: 50c0a012fe2c934737eaad413168f0c47c0f6982 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
/*
 * Copyright (c) 2020 Doc.ai and/or its affiliates.
 * Copyright (c) 2020 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef __included_wg_peer_h__
#define __included_wg_peer_h__

#include <vnet/ip/ip.h>

#include <wireguard/wireguard_cookie.h>
#include <wireguard/wireguard_timer.h>
#include <wireguard/wireguard_key.h>
#include <wireguard/wireguard_messages.h>
#include <wireguard/wireguard_if.h>

typedef struct ip4_udp_header_t_
{
  ip4_header_t ip4;
  udp_header_t udp;
} __clib_packed ip4_udp_header_t;

u8 *format_ip4_udp_header (u8 * s, va_list * va);

typedef struct wg_peer_allowed_ip_t_
{
  fib_prefix_t prefix;
  fib_node_index_t fib_entry_index;
} wg_peer_allowed_ip_t;

typedef struct wg_peer_endpoint_t_
{
  ip46_address_t addr;
  u16 port;
} wg_peer_endpoint_t;

typedef struct wg_peer
{
  noise_remote_t remote;
  cookie_maker_t cookie_maker;

  u32 input_thread_index;
  u32 output_thread_index;

  /* Peer addresses */
  wg_peer_endpoint_t dst;
  wg_peer_endpoint_t src;
  u32 table_id;
  adj_index_t adj_index;

  /* rewrite built from address information */
  u8 *rewrite;

  /* Vector of allowed-ips */
  wg_peer_allowed_ip_t *allowed_ips;

  /* The WG interface this peer is attached to */
  u32 wg_sw_if_index;

  /* Timers */
  tw_timer_wheel_16t_2w_512sl_t *timer_wheel;
  u32 timers[WG_N_TIMERS];
  u32 timer_handshake_attempts;
  u16 persistent_keepalive_interval;

  /* Timestamps */
  f64 last_sent_handshake;
  f64 last_sent_packet;
  f64 last_received_packet;
  f64 session_derived;
  f64 rehandshake_started;

  /* Variable intervals */
  u32 new_handshake_interval_tick;
  u32 rehandshake_interval_tick;

  bool timer_need_another_keepalive;

  bool is_dead;
} wg_peer_t;

typedef struct wg_peer_table_bind_ctx_t_
{
  ip_address_family_t af;
  u32 new_fib_index;
  u32 old_fib_index;
} wg_peer_table_bind_ctx_t;

int wg_peer_add (u32 tun_sw_if_index,
		 const u8 public_key_64[NOISE_PUBLIC_KEY_LEN],
		 u32 table_id,
		 const ip46_address_t * endpoint,
		 const fib_prefix_t * allowed_ips,
		 u16 port, u16 persistent_keepalive, index_t * peer_index);
int wg_peer_remove (u32 peer_index);

typedef walk_rc_t (*wg_peer_walk_cb_t) (index_t peeri, void *arg);
index_t wg_peer_walk (wg_peer_walk_cb_t fn, void *data);

u8 *format_wg_peer (u8 * s, va_list * va);

walk_rc_t wg_peer_if_admin_state_change (wg_if_t * wgi, index_t peeri,
					 void *data);
walk_rc_t wg_peer_if_table_change (wg_if_t * wgi, index_t peeri, void *data);

/*
 * Expoed for the data-plane
 */
extern index_t *wg_peer_by_adj_index;
extern wg_peer_t *wg_peer_pool;

static inline wg_peer_t *
wg_peer_get (index_t peeri)
{
  return (pool_elt_at_index (wg_peer_pool, peeri));
}

static inline index_t
wg_peer_get_by_adj_index (index_t ai)
{
  return (wg_peer_by_adj_index[ai]);
}

/*
 * Makes choice for thread_id should be assigned.
*/
static inline u32
wg_peer_assign_thread (u32 thread_id)
{
  return ((thread_id) ? thread_id
	  : (vlib_num_workers ()?
	     ((unix_time_now_nsec () % vlib_num_workers ()) +
	      1) : thread_id));
}

#endif // __included_wg_peer_h__

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */
>if (PREDICT_TRUE (maybe_range == 0 && insert == 0 && count_trailing_zeros (w) == b)) return h->member_counts[i] + 1; d = h->member_counts[i] + count_set_bits (w & ((1ULL << b) - 1)); is_member = (w & (1ULL << b)) != 0; if (maybe_range) { u8 r = h->range_flags[d]; u8 is_range, is_valid_range; is_range = maybe_range & (r & SPARSE_VEC_IS_RANGE); is_valid_range = (r & SPARSE_VEC_IS_VALID_RANGE) != 0; is_member = is_range ? is_valid_range : is_member; } if (insert) { *insert = !is_member; if (!is_member) { uword j; w |= 1ULL << b; h->is_member_bitmap[i] = w; for (j = i + 1; j < vec_len (h->member_counts); j++) h->member_counts[j] += 1; } return 1 + d; } d = is_member ? d : 0; return is_member + d; } always_inline uword sparse_vec_index (void *v, uword sparse_index) { return sparse_vec_index_internal (v, sparse_index, /* maybe range */ 0, /* insert? */ 0); } always_inline void sparse_vec_index2 (void *v, u32 si0, u32 si1, u32 * i0_return, u32 * i1_return) { sparse_vec_header_t *h; uword b0, b1, w0, w1, v0, v1; u32 i0, i1, d0, d1; u8 is_member0, is_member1; h = sparse_vec_header (v); i0 = si0 / BITS (h->is_member_bitmap[0]); i1 = si1 / BITS (h->is_member_bitmap[0]); b0 = si0 % BITS (h->is_member_bitmap[0]); b1 = si1 % BITS (h->is_member_bitmap[0]); ASSERT (i0 < vec_len (h->is_member_bitmap)); ASSERT (i1 < vec_len (h->is_member_bitmap)); ASSERT (i0 < vec_len (h->member_counts)); ASSERT (i1 < vec_len (h->member_counts)); w0 = h->is_member_bitmap[i0]; w1 = h->is_member_bitmap[i1]; if (PREDICT_TRUE ((count_trailing_zeros (w0) == b0) + (count_trailing_zeros (w1) == b1) == 2)) { *i0_return = h->member_counts[i0] + 1; *i1_return = h->member_counts[i1] + 1; return; } v0 = w0 & ((1ULL << b0) - 1); v1 = w1 & ((1ULL << b1) - 1); /* Speculate that masks will have zero or one bits set. */ d0 = h->member_counts[i0] + (v0 != 0); d1 = h->member_counts[i1] + (v1 != 0); /* Validate speculation. */ if (PREDICT_FALSE (!is_pow2 (v0) || !is_pow2 (v1))) { d0 += count_set_bits (v0) - (v0 != 0); d1 += count_set_bits (v1) - (v1 != 0); } is_member0 = (w0 & (1ULL << b0)) != 0; is_member1 = (w1 & (1ULL << b1)) != 0; d0 = is_member0 ? d0 : 0; d1 = is_member1 ? d1 : 0; *i0_return = is_member0 + d0; *i1_return = is_member1 + d1; } #define sparse_vec_free(v) vec_free(v) #define sparse_vec_elt_at_index(v,i) \ vec_elt_at_index ((v), sparse_vec_index ((v), (i))) #define sparse_vec_validate(v,i) \ ({ \ uword _i; \ u32 _insert; \ \ if (! (v)) \ (v) = sparse_vec_new (sizeof ((v)[0]), BITS (u16)); \ \ _i = sparse_vec_index_internal ((v), (i), \ /* maybe range */ 0, \ /* insert? */ &_insert); \ if (_insert) \ vec_insert_ha ((v), 1, _i, \ /* header size */ sizeof (sparse_vec_header_t), \ /* align */ 0); \ \ /* Invalid index is 0. */ \ ASSERT (_i > 0); \ \ (v) + _i; \ }) #endif /* included_sparse_vec_h */ /* * fd.io coding-style-patch-verification: ON * * Local Variables: * eval: (c-set-style "gnu") * End: */