summaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard/wireguard_peer.h
blob: e23feb7866fe5bc7d47f967ede986c534d172524 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
/*
 * Copyright (c) 2020 Doc.ai and/or its affiliates.
 * Copyright (c) 2020 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef __included_wg_peer_h__
#define __included_wg_peer_h__

#include <vnet/ip/ip.h>

#include <wireguard/wireguard_cookie.h>
#include <wireguard/wireguard_timer.h>
#include <wireguard/wireguard_key.h>
#include <wireguard/wireguard_messages.h>
#include <wireguard/wireguard_if.h>

typedef struct ip4_udp_header_t_
{
  ip4_header_t ip4;
  udp_header_t udp;
} __clib_packed ip4_udp_header_t;

u8 *format_ip4_udp_header (u8 * s, va_list * va);

typedef struct wg_peer_endpoint_t_
{
  ip46_address_t addr;
  u16 port;
} wg_peer_endpoint_t;

typedef struct wg_peer
{
  noise_remote_t remote;
  cookie_maker_t cookie_maker;

  u32 input_thread_index;
  u32 output_thread_index;

  /* Peer addresses */
  wg_peer_endpoint_t dst;
  wg_peer_endpoint_t src;
  u32 table_id;
  adj_index_t *adj_indices;

  /* rewrite built from address information */
  u8 *rewrite;

  /* Vector of allowed-ips */
  fib_prefix_t *allowed_ips;

  /* The WG interface this peer is attached to */
  u32 wg_sw_if_index;

  /* Timers */
  tw_timer_wheel_16t_2w_512sl_t *timer_wheel;
  u32 timers[WG_N_TIMERS];
  u8 timers_dispatched[WG_N_TIMERS];
  u32 timer_handshake_attempts;
  u16 persistent_keepalive_interval;

  /* Timestamps */
  f64 last_sent_handshake;
  f64 last_sent_packet;
  f64 last_received_packet;
  f64 session_derived;
  f64 rehandshake_started;

  /* Variable intervals */
  u32 new_handshake_interval_tick;
  u32 rehandshake_interval_tick;

  bool timer_need_another_keepalive;

  bool is_dead;
} wg_peer_t;

typedef struct wg_peer_table_bind_ctx_t_
{
  ip_address_family_t af;
  u32 new_fib_index;
  u32 old_fib_index;
} wg_peer_table_bind_ctx_t;

int wg_peer_add (u32 tun_sw_if_index,
		 const u8 public_key_64[NOISE_PUBLIC_KEY_LEN],
		 u32 table_id,
		 const ip46_address_t * endpoint,
		 const fib_prefix_t * allowed_ips,
		 u16 port, u16 persistent_keepalive, index_t * peer_index);
int wg_peer_remove (u32 peer_index);

typedef walk_rc_t (*wg_peer_walk_cb_t) (index_t peeri, void *arg);
index_t wg_peer_walk (wg_peer_walk_cb_t fn, void *data);

u8 *format_wg_peer (u8 * s, va_list * va);

walk_rc_t wg_peer_if_admin_state_change (index_t peeri, void *data);
walk_rc_t wg_peer_if_delete (index_t peeri, void *data);
walk_rc_t wg_peer_if_adj_change (index_t peeri, void *data);
adj_walk_rc_t wg_peer_adj_walk (adj_index_t ai, void *data);

/*
 * Expoed for the data-plane
 */
extern index_t *wg_peer_by_adj_index;
extern wg_peer_t *wg_peer_pool;

static inline wg_peer_t *
wg_peer_get (index_t peeri)
{
  return (pool_elt_at_index (wg_peer_pool, peeri));
}

static inline index_t
wg_peer_get_by_adj_index (index_t ai)
{
  return (wg_peer_by_adj_index[ai]);
}

/*
 * Makes choice for thread_id should be assigned.
*/
static inline u32
wg_peer_assign_thread (u32 thread_id)
{
  return ((thread_id) ? thread_id
	  : (vlib_num_workers ()?
	     ((unix_time_now_nsec () % vlib_num_workers ()) +
	      1) : thread_id));
}

static_always_inline bool
fib_prefix_is_cover_addr_4 (const fib_prefix_t *p1, const ip4_address_t *ip4)
{
  switch (p1->fp_proto)
    {
    case FIB_PROTOCOL_IP4:
      return (ip4_destination_matches_route (&ip4_main, &p1->fp_addr.ip4, ip4,
					     p1->fp_len) != 0);
    case FIB_PROTOCOL_IP6:
      return (false);
    case FIB_PROTOCOL_MPLS:
      break;
    }
  return (false);
}

#endif // __included_wg_peer_h__

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */