wireguard: add processing of received cookie messages

[vpp.git] / src / plugins / wireguard / wireguard_input.c

diff --git a/src/plugins/wireguard/wireguard_input.c b/src/plugins/wireguard/wireguard_input.c
index dbdcaa0..ef60d50 100644 (file)
--- a/src/plugins/wireguard/wireguard_input.c
+++ b/src/plugins/wireguard/wireguard_input.c
@@ -31,6 +31,7 @@
   _ (KEEPALIVE_SEND, "Failed while sending Keepalive")                        \
   _ (HANDSHAKE_SEND, "Failed while sending Handshake")                        \
   _ (HANDSHAKE_RECEIVE, "Failed while receiving Handshake")                   \
+  _ (COOKIE_DECRYPTION, "Failed during Cookie decryption")                    \
   _ (TOO_BIG, "Packet too big")                                               \
   _ (UNDEFINED, "Undefined error")                                            \
   _ (CRYPTO_ENGINE_ERROR, "crypto engine error (packet dropped)")
@@ -185,7 +186,9 @@ wg_handshake_process (vlib_main_t *vm, wg_main_t *wmp, vlib_buffer_t *b,
       else
        return WG_INPUT_ERROR_PEER;
 
-      // TODO: Implement cookie_maker_consume_payload
+      if (!cookie_maker_consume_payload (
+           vm, &peer->cookie_maker, packet->nonce, packet->encrypted_cookie))
+       return WG_INPUT_ERROR_COOKIE_DECRYPTION;
 
       return WG_INPUT_ERROR_NONE;
     }
@@ -562,6 +565,8 @@ always_inline uword
 wg_input_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
                 vlib_frame_t *frame, u8 is_ip4, u16 async_next_node)
 {
+  vnet_main_t *vnm = vnet_get_main ();
+  vnet_interface_main_t *im = &vnm->interface_main;
   wg_main_t *wmp = &wg_main;
   wg_per_thread_data_t *ptd =
     vec_elt_at_index (wmp->per_thread_data, vm->thread_index);
@@ -802,6 +807,11 @@ wg_input_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
          last_peer_time_idx = peer_idx;
        }
 
+      vlib_increment_combined_counter (im->combined_sw_if_counters +
+                                        VNET_INTERFACE_COUNTER_RX,
+                                      vm->thread_index, peer->wg_sw_if_index,
+                                      1 /* packets */, b[0]->current_length);
+
     trace:
       if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
                         (b[0]->flags & VLIB_BUFFER_IS_TRACED)))
@@ -861,6 +871,8 @@ wg_input_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
 always_inline uword
 wg_input_post (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
 {
+  vnet_main_t *vnm = vnet_get_main ();
+  vnet_interface_main_t *im = &vnm->interface_main;
   wg_main_t *wmp = &wg_main;
   vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
   u16 nexts[VLIB_FRAME_SIZE], *next = nexts;
@@ -902,9 +914,17 @@ wg_input_post (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
          last_rec_idx = data->receiver_index;
        }
 
-      if (PREDICT_FALSE (wg_input_post_process (vm, b[0], next, peer, data,
-                                               &is_keepalive) < 0))
-       goto trace;
+      if (PREDICT_TRUE (peer != NULL))
+       {
+         if (PREDICT_FALSE (wg_input_post_process (vm, b[0], next, peer, data,
+                                                   &is_keepalive) < 0))
+           goto trace;
+       }
+      else
+       {
+         next[0] = WG_INPUT_NEXT_PUNT;
+         goto trace;
+       }
 
       if (PREDICT_FALSE (peer_idx && (last_peer_time_idx != peer_idx)))
        {
@@ -912,6 +932,12 @@ wg_input_post (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
          wg_timers_any_authenticated_packet_traversal (peer);
          last_peer_time_idx = peer_idx;
        }
+
+      vlib_increment_combined_counter (im->combined_sw_if_counters +
+                                        VNET_INTERFACE_COUNTER_RX,
+                                      vm->thread_index, peer->wg_sw_if_index,
+                                      1 /* packets */, b[0]->current_length);
+
     trace:
       if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
                         (b[0]->flags & VLIB_BUFFER_IS_TRACED)))