/*
* Copyright (c) 2020 Doc.ai and/or its affiliates.
+ * Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
#ifndef __included_wg_peer_h__
#define __included_wg_peer_h__
+#include <vlibapi/api_helper_macros.h>
+
#include <vnet/ip/ip.h>
#include <wireguard/wireguard_cookie.h>
udp_header_t udp;
} __clib_packed ip4_udp_header_t;
-u8 *format_ip4_udp_header (u8 * s, va_list * va);
+typedef struct ip4_udp_wg_header_t_
+{
+ ip4_header_t ip4;
+ udp_header_t udp;
+ message_data_t wg;
+} __clib_packed ip4_udp_wg_header_t;
-typedef struct wg_peer_allowed_ip_t_
+typedef struct ip6_udp_header_t_
{
- fib_prefix_t prefix;
- fib_node_index_t fib_entry_index;
-} wg_peer_allowed_ip_t;
+ ip6_header_t ip6;
+ udp_header_t udp;
+} __clib_packed ip6_udp_header_t;
+
+typedef struct ip6_udp_wg_header_t_
+{
+ ip6_header_t ip6;
+ udp_header_t udp;
+ message_data_t wg;
+} __clib_packed ip6_udp_wg_header_t;
+
+u8 *format_ip4_udp_header (u8 * s, va_list * va);
+u8 *format_ip6_udp_header (u8 *s, va_list *va);
typedef struct wg_peer_endpoint_t_
{
u16 port;
} wg_peer_endpoint_t;
+typedef enum
+{
+ WG_PEER_STATUS_DEAD = 0x1,
+ WG_PEER_ESTABLISHED = 0x2,
+} wg_peer_flags;
+
+typedef struct wg_peer_adj_t_
+{
+ adj_index_t adj_index;
+ fib_node_index_t fib_entry_index;
+ u32 sibling_index;
+} wg_peer_adj_t;
+
typedef struct wg_peer
{
noise_remote_t remote;
cookie_maker_t cookie_maker;
+ u32 input_thread_index;
+ u32 output_thread_index;
+
/* Peer addresses */
wg_peer_endpoint_t dst;
wg_peer_endpoint_t src;
u32 table_id;
- adj_index_t adj_index;
+ wg_peer_adj_t *adjs;
/* rewrite built from address information */
u8 *rewrite;
/* Vector of allowed-ips */
- wg_peer_allowed_ip_t *allowed_ips;
+ fib_prefix_t *allowed_ips;
/* The WG interface this peer is attached to */
u32 wg_sw_if_index;
+ /* API client registered for events */
+ vpe_client_registration_t *api_clients;
+ uword *api_client_by_client_index;
+ wg_peer_flags flags;
+
/* Timers */
- tw_timer_wheel_16t_2w_512sl_t timer_wheel;
+ tw_timer_wheel_16t_2w_512sl_t *timer_wheel;
u32 timers[WG_N_TIMERS];
+ u8 timers_dispatched[WG_N_TIMERS];
u32 timer_handshake_attempts;
u16 persistent_keepalive_interval;
+
+ /* Timestamps */
f64 last_sent_handshake;
- bool timer_need_another_keepalive;
+ f64 last_sent_packet;
+ f64 last_received_packet;
+ f64 session_derived;
+ f64 rehandshake_started;
+
+ /* Variable intervals */
+ u32 new_handshake_interval_tick;
+ u32 rehandshake_interval_tick;
- bool is_dead;
+ bool timer_need_another_keepalive;
} wg_peer_t;
typedef struct wg_peer_table_bind_ctx_t_
int wg_peer_remove (u32 peer_index);
typedef walk_rc_t (*wg_peer_walk_cb_t) (index_t peeri, void *arg);
-void wg_peer_walk (wg_peer_walk_cb_t fn, void *data);
+index_t wg_peer_walk (wg_peer_walk_cb_t fn, void *data);
u8 *format_wg_peer (u8 * s, va_list * va);
-wg_peer_t *wg_peer_get (index_t peeri);
-walk_rc_t wg_peer_if_admin_state_change (wg_if_t * wgi, index_t peeri,
- void *data);
-walk_rc_t wg_peer_if_table_change (wg_if_t * wgi, index_t peeri, void *data);
+walk_rc_t wg_peer_if_admin_state_change (index_t peeri, void *data);
+walk_rc_t wg_peer_if_delete (index_t peeri, void *data);
+walk_rc_t wg_peer_if_adj_change (index_t peeri, void *data);
+adj_walk_rc_t wg_peer_adj_walk (adj_index_t ai, void *data);
+
+void wg_api_peer_event (index_t peeri, wg_peer_flags flags);
+void wg_peer_update_flags (index_t peeri, wg_peer_flags flag, bool add_del);
+void wg_peer_update_endpoint (index_t peeri, const ip46_address_t *addr,
+ u16 port);
+void wg_peer_update_endpoint_from_mt (index_t peeri,
+ const ip46_address_t *addr, u16 port);
+
+static inline bool
+wg_peer_is_dead (wg_peer_t *peer)
+{
+ return peer && peer->flags & WG_PEER_STATUS_DEAD;
+}
/*
* Expoed for the data-plane
*/
extern index_t *wg_peer_by_adj_index;
+extern wg_peer_t *wg_peer_pool;
static inline wg_peer_t *
+wg_peer_get (index_t peeri)
+{
+ return (pool_elt_at_index (wg_peer_pool, peeri));
+}
+
+static inline index_t
wg_peer_get_by_adj_index (index_t ai)
{
- return wg_peer_get (wg_peer_by_adj_index[ai]);
+ if (ai >= vec_len (wg_peer_by_adj_index))
+ return INDEX_INVALID;
+ return (wg_peer_by_adj_index[ai]);
+}
+
+/*
+ * Makes choice for thread_id should be assigned.
+*/
+static inline u32
+wg_peer_assign_thread (u32 thread_id)
+{
+ return ((thread_id) ? thread_id
+ : (vlib_num_workers ()?
+ ((unix_time_now_nsec () % vlib_num_workers ()) +
+ 1) : thread_id));
+}
+
+static_always_inline bool
+fib_prefix_is_cover_addr_46 (const fib_prefix_t *p1, const ip46_address_t *ip)
+{
+ switch (p1->fp_proto)
+ {
+ case FIB_PROTOCOL_IP4:
+ return (ip4_destination_matches_route (&ip4_main, &p1->fp_addr.ip4,
+ &ip->ip4, p1->fp_len) != 0);
+ case FIB_PROTOCOL_IP6:
+ return (ip6_destination_matches_route (&ip6_main, &p1->fp_addr.ip6,
+ &ip->ip6, p1->fp_len) != 0);
+ case FIB_PROTOCOL_MPLS:
+ break;
+ }
+ return (false);
+}
+
+static inline bool
+wg_peer_can_send (wg_peer_t *peer)
+{
+ return peer && peer->rewrite;
}
#endif // __included_wg_peer_h__