1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
|
/*
* Copyright (c) 2020 Doc.ai and/or its affiliates.
* Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __included_wg_peer_h__
#define __included_wg_peer_h__
#include <vlibapi/api_helper_macros.h>
#include <vnet/ip/ip.h>
#include <wireguard/wireguard_cookie.h>
#include <wireguard/wireguard_timer.h>
#include <wireguard/wireguard_key.h>
#include <wireguard/wireguard_messages.h>
#include <wireguard/wireguard_if.h>
typedef struct ip4_udp_header_t_
{
ip4_header_t ip4;
udp_header_t udp;
} __clib_packed ip4_udp_header_t;
typedef struct ip4_udp_wg_header_t_
{
ip4_header_t ip4;
udp_header_t udp;
message_data_t wg;
} __clib_packed ip4_udp_wg_header_t;
typedef struct ip6_udp_header_t_
{
ip6_header_t ip6;
udp_header_t udp;
} __clib_packed ip6_udp_header_t;
typedef struct ip6_udp_wg_header_t_
{
ip6_header_t ip6;
udp_header_t udp;
message_data_t wg;
} __clib_packed ip6_udp_wg_header_t;
u8 *format_ip4_udp_header (u8 * s, va_list * va);
u8 *format_ip6_udp_header (u8 *s, va_list *va);
typedef struct wg_peer_endpoint_t_
{
ip46_address_t addr;
u16 port;
} wg_peer_endpoint_t;
typedef enum
{
WG_PEER_STATUS_DEAD = 0x1,
WG_PEER_ESTABLISHED = 0x2,
} wg_peer_flags;
typedef struct wg_peer
{
noise_remote_t remote;
cookie_maker_t cookie_maker;
u32 input_thread_index;
u32 output_thread_index;
/* Peer addresses */
wg_peer_endpoint_t dst;
wg_peer_endpoint_t src;
u32 table_id;
adj_index_t *adj_indices;
/* rewrite built from address information */
u8 *rewrite;
/* Vector of allowed-ips */
fib_prefix_t *allowed_ips;
/* The WG interface this peer is attached to */
u32 wg_sw_if_index;
/* API client registered for events */
vpe_client_registration_t *api_clients;
uword *api_client_by_client_index;
wg_peer_flags flags;
/* Timers */
tw_timer_wheel_16t_2w_512sl_t *timer_wheel;
u32 timers[WG_N_TIMERS];
u8 timers_dispatched[WG_N_TIMERS];
u32 timer_handshake_attempts;
u16 persistent_keepalive_interval;
/* Timestamps */
f64 last_sent_handshake;
f64 last_sent_packet;
f64 last_received_packet;
f64 session_derived;
f64 rehandshake_started;
/* Variable intervals */
u32 new_handshake_interval_tick;
u32 rehandshake_interval_tick;
bool timer_need_another_keepalive;
/* Handshake is sent to main thread? */
bool handshake_is_sent;
} wg_peer_t;
typedef struct wg_peer_table_bind_ctx_t_
{
ip_address_family_t af;
u32 new_fib_index;
u32 old_fib_index;
} wg_peer_table_bind_ctx_t;
int wg_peer_add (u32 tun_sw_if_index,
const u8 public_key_64[NOISE_PUBLIC_KEY_LEN],
u32 table_id,
const ip46_address_t * endpoint,
const fib_prefix_t * allowed_ips,
u16 port, u16 persistent_keepalive, index_t * peer_index);
int wg_peer_remove (u32 peer_index);
typedef walk_rc_t (*wg_peer_walk_cb_t) (index_t peeri, void *arg);
index_t wg_peer_walk (wg_peer_walk_cb_t fn, void *data);
u8 *format_wg_peer (u8 * s, va_list * va);
walk_rc_t wg_peer_if_admin_state_change (index_t peeri, void *data);
walk_rc_t wg_peer_if_delete (index_t peeri, void *data);
walk_rc_t wg_peer_if_adj_change (index_t peeri, void *data);
adj_walk_rc_t wg_peer_adj_walk (adj_index_t ai, void *data);
void wg_api_peer_event (index_t peeri, wg_peer_flags flags);
void wg_peer_update_flags (index_t peeri, wg_peer_flags flag, bool add_del);
void wg_peer_update_endpoint (index_t peeri, const ip46_address_t *addr,
u16 port);
void wg_peer_update_endpoint_from_mt (index_t peeri,
const ip46_address_t *addr, u16 port);
static inline bool
wg_peer_is_dead (wg_peer_t *peer)
{
return peer && peer->flags & WG_PEER_STATUS_DEAD;
}
/*
* Expoed for the data-plane
*/
extern index_t *wg_peer_by_adj_index;
extern wg_peer_t *wg_peer_pool;
static inline wg_peer_t *
wg_peer_get (index_t peeri)
{
return (pool_elt_at_index (wg_peer_pool, peeri));
}
static inline index_t
wg_peer_get_by_adj_index (index_t ai)
{
if (ai >= vec_len (wg_peer_by_adj_index))
return INDEX_INVALID;
return (wg_peer_by_adj_index[ai]);
}
/*
* Makes choice for thread_id should be assigned.
*/
static inline u32
wg_peer_assign_thread (u32 thread_id)
{
return ((thread_id) ? thread_id
: (vlib_num_workers ()?
((unix_time_now_nsec () % vlib_num_workers ()) +
1) : thread_id));
}
static_always_inline bool
fib_prefix_is_cover_addr_46 (const fib_prefix_t *p1, const ip46_address_t *ip)
{
switch (p1->fp_proto)
{
case FIB_PROTOCOL_IP4:
return (ip4_destination_matches_route (&ip4_main, &p1->fp_addr.ip4,
&ip->ip4, p1->fp_len) != 0);
case FIB_PROTOCOL_IP6:
return (ip6_destination_matches_route (&ip6_main, &p1->fp_addr.ip6,
&ip->ip6, p1->fp_len) != 0);
case FIB_PROTOCOL_MPLS:
break;
}
return (false);
}
static inline bool
wg_peer_can_send (wg_peer_t *peer)
{
return peer && peer->rewrite;
}
#endif // __included_wg_peer_h__
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/
|
