wireguard: fix crash by not sending arp via wg interface

[vpp.git] / src / plugins / wireguard / wireguard_peer.h

diff --git a/src/plugins/wireguard/wireguard_peer.h b/src/plugins/wireguard/wireguard_peer.h
old mode 100755 (executable)
new mode 100644 (file)
index 50c0a01..a14f269
--- a/src/plugins/wireguard/wireguard_peer.h
+++ b/src/plugins/wireguard/wireguard_peer.h
@@ -17,6 +17,8 @@
 #ifndef __included_wg_peer_h__
 #define __included_wg_peer_h__
 
+#include <vlibapi/api_helper_macros.h>
+
 #include <vnet/ip/ip.h>
 
 #include <wireguard/wireguard_cookie.h>
@@ -31,13 +33,28 @@ typedef struct ip4_udp_header_t_
   udp_header_t udp;
 } __clib_packed ip4_udp_header_t;
 
-u8 *format_ip4_udp_header (u8 * s, va_list * va);
+typedef struct ip4_udp_wg_header_t_
+{
+  ip4_header_t ip4;
+  udp_header_t udp;
+  message_data_t wg;
+} __clib_packed ip4_udp_wg_header_t;
 
-typedef struct wg_peer_allowed_ip_t_
+typedef struct ip6_udp_header_t_
 {
-  fib_prefix_t prefix;
-  fib_node_index_t fib_entry_index;
-} wg_peer_allowed_ip_t;
+  ip6_header_t ip6;
+  udp_header_t udp;
+} __clib_packed ip6_udp_header_t;
+
+typedef struct ip6_udp_wg_header_t_
+{
+  ip6_header_t ip6;
+  udp_header_t udp;
+  message_data_t wg;
+} __clib_packed ip6_udp_wg_header_t;
+
+u8 *format_ip4_udp_header (u8 * s, va_list * va);
+u8 *format_ip6_udp_header (u8 *s, va_list *va);
 
 typedef struct wg_peer_endpoint_t_
 {
@@ -45,6 +62,12 @@ typedef struct wg_peer_endpoint_t_
   u16 port;
 } wg_peer_endpoint_t;
 
+typedef enum
+{
+  WG_PEER_STATUS_DEAD = 0x1,
+  WG_PEER_ESTABLISHED = 0x2,
+} wg_peer_flags;
+
 typedef struct wg_peer
 {
   noise_remote_t remote;
@@ -57,20 +80,26 @@ typedef struct wg_peer
   wg_peer_endpoint_t dst;
   wg_peer_endpoint_t src;
   u32 table_id;
-  adj_index_t adj_index;
+  adj_index_t *adj_indices;
 
   /* rewrite built from address information */
   u8 *rewrite;
 
   /* Vector of allowed-ips */
-  wg_peer_allowed_ip_t *allowed_ips;
+  fib_prefix_t *allowed_ips;
 
   /* The WG interface this peer is attached to */
   u32 wg_sw_if_index;
 
+  /* API client registered for events */
+  vpe_client_registration_t *api_clients;
+  uword *api_client_by_client_index;
+  wg_peer_flags flags;
+
   /* Timers */
   tw_timer_wheel_16t_2w_512sl_t *timer_wheel;
   u32 timers[WG_N_TIMERS];
+  u8 timers_dispatched[WG_N_TIMERS];
   u32 timer_handshake_attempts;
   u16 persistent_keepalive_interval;
 
@@ -86,8 +115,6 @@ typedef struct wg_peer
   u32 rehandshake_interval_tick;
 
   bool timer_need_another_keepalive;
-
-  bool is_dead;
 } wg_peer_t;
 
 typedef struct wg_peer_table_bind_ctx_t_
@@ -110,9 +137,19 @@ index_t wg_peer_walk (wg_peer_walk_cb_t fn, void *data);
 
 u8 *format_wg_peer (u8 * s, va_list * va);
 
-walk_rc_t wg_peer_if_admin_state_change (wg_if_t * wgi, index_t peeri,
-                                        void *data);
-walk_rc_t wg_peer_if_table_change (wg_if_t * wgi, index_t peeri, void *data);
+walk_rc_t wg_peer_if_admin_state_change (index_t peeri, void *data);
+walk_rc_t wg_peer_if_delete (index_t peeri, void *data);
+walk_rc_t wg_peer_if_adj_change (index_t peeri, void *data);
+adj_walk_rc_t wg_peer_adj_walk (adj_index_t ai, void *data);
+
+void wg_api_peer_event (index_t peeri, wg_peer_flags flags);
+void wg_peer_update_flags (index_t peeri, wg_peer_flags flag, bool add_del);
+
+static inline bool
+wg_peer_is_dead (wg_peer_t *peer)
+{
+  return peer && peer->flags & WG_PEER_STATUS_DEAD;
+}
 
 /*
  * Expoed for the data-plane
@@ -129,6 +166,8 @@ wg_peer_get (index_t peeri)
 static inline index_t
 wg_peer_get_by_adj_index (index_t ai)
 {
+  if (ai >= vec_len (wg_peer_by_adj_index))
+    return INDEX_INVALID;
   return (wg_peer_by_adj_index[ai]);
 }
 
@@ -144,6 +183,23 @@ wg_peer_assign_thread (u32 thread_id)
              1) : thread_id));
 }
 
+static_always_inline bool
+fib_prefix_is_cover_addr_46 (const fib_prefix_t *p1, const ip46_address_t *ip)
+{
+  switch (p1->fp_proto)
+    {
+    case FIB_PROTOCOL_IP4:
+      return (ip4_destination_matches_route (&ip4_main, &p1->fp_addr.ip4,
+                                            &ip->ip4, p1->fp_len) != 0);
+    case FIB_PROTOCOL_IP6:
+      return (ip6_destination_matches_route (&ip6_main, &p1->fp_addr.ip6,
+                                            &ip->ip6, p1->fp_len) != 0);
+    case FIB_PROTOCOL_MPLS:
+      break;
+    }
+  return (false);
+}
+
 #endif // __included_wg_peer_h__
 
 /*