X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fwireguard%2Fwireguard_peer.c;h=589f71272f6d6989c848dcb516758bca46f4b124;hb=ce91af8ad;hp=fb540141e08e49eb28fc23291302b9cf3d7ee469;hpb=7dd3b5b5e37a4019ae335296ba9c4bd1e465fd17;p=vpp.git diff --git a/src/plugins/wireguard/wireguard_peer.c b/src/plugins/wireguard/wireguard_peer.c index fb540141e08..589f71272f6 100644 --- a/src/plugins/wireguard/wireguard_peer.c +++ b/src/plugins/wireguard/wireguard_peer.c @@ -46,7 +46,10 @@ wg_peer_endpoint_init (wg_peer_endpoint_t *ep, const ip46_address_t *addr, static void wg_peer_clear (vlib_main_t * vm, wg_peer_t * peer) { + index_t perri = peer - wg_peer_pool; wg_timers_stop (peer); + wg_peer_update_flags (perri, WG_PEER_ESTABLISHED, false); + wg_peer_update_flags (perri, WG_PEER_STATUS_DEAD, true); for (int i = 0; i < WG_N_TIMERS; i++) { peer->timers[i] = ~0; @@ -80,7 +83,6 @@ wg_peer_clear (vlib_main_t * vm, wg_peer_t * peer) peer->new_handshake_interval_tick = 0; peer->rehandshake_interval_tick = 0; peer->timer_need_another_keepalive = false; - peer->is_dead = true; vec_free (peer->allowed_ips); vec_free (peer->adj_indices); } @@ -88,52 +90,11 @@ wg_peer_clear (vlib_main_t * vm, wg_peer_t * peer) static void wg_peer_init (vlib_main_t * vm, wg_peer_t * peer) { + peer->api_client_by_client_index = hash_create (0, sizeof (u32)); + peer->api_clients = NULL; wg_peer_clear (vm, peer); } -static u8 * -wg_peer_build_rewrite (const wg_peer_t *peer, u8 is_ip4) -{ - u8 *rewrite = NULL; - if (is_ip4) - { - ip4_udp_header_t *hdr; - - vec_validate (rewrite, sizeof (*hdr) - 1); - hdr = (ip4_udp_header_t *) rewrite; - - hdr->ip4.ip_version_and_header_length = 0x45; - hdr->ip4.ttl = 64; - hdr->ip4.src_address = peer->src.addr.ip4; - hdr->ip4.dst_address = peer->dst.addr.ip4; - hdr->ip4.protocol = IP_PROTOCOL_UDP; - hdr->ip4.checksum = ip4_header_checksum (&hdr->ip4); - - hdr->udp.src_port = clib_host_to_net_u16 (peer->src.port); - hdr->udp.dst_port = clib_host_to_net_u16 (peer->dst.port); - hdr->udp.checksum = 0; - } - else - { - ip6_udp_header_t *hdr; - - vec_validate (rewrite, sizeof (*hdr) - 1); - hdr = (ip6_udp_header_t *) rewrite; - - hdr->ip6.ip_version_traffic_class_and_flow_label = 0x60; - ip6_address_copy (&hdr->ip6.src_address, &peer->src.addr.ip6); - ip6_address_copy (&hdr->ip6.dst_address, &peer->dst.addr.ip6); - hdr->ip6.protocol = IP_PROTOCOL_UDP; - hdr->ip6.hop_limit = 64; - - hdr->udp.src_port = clib_host_to_net_u16 (peer->src.port); - hdr->udp.dst_port = clib_host_to_net_u16 (peer->dst.port); - hdr->udp.checksum = 0; - } - - return (rewrite); -} - static void wg_peer_adj_stack (wg_peer_t *peer, adj_index_t ai) { @@ -302,6 +263,7 @@ wg_peer_fill (vlib_main_t *vm, wg_peer_t *peer, u32 table_id, u16 persistent_keepalive_interval, const fib_prefix_t *allowed_ips, u32 wg_sw_if_index) { + index_t perri = peer - wg_peer_pool; wg_peer_endpoint_init (&peer->dst, dst, port); peer->table_id = table_id; @@ -309,7 +271,7 @@ wg_peer_fill (vlib_main_t *vm, wg_peer_t *peer, u32 table_id, peer->timer_wheel = &wg_main.timer_wheel; peer->persistent_keepalive_interval = persistent_keepalive_interval; peer->last_sent_handshake = vlib_time_now (vm) - (REKEY_TIMEOUT + 1); - peer->is_dead = false; + wg_peer_update_flags (perri, WG_PEER_STATUS_DEAD, false); const wg_if_t *wgi = wg_if_get (wg_if_find_by_sw_if_index (wg_sw_if_index)); @@ -320,7 +282,8 @@ wg_peer_fill (vlib_main_t *vm, wg_peer_t *peer, u32 table_id, peer->src.port = wgi->port; u8 is_ip4 = ip46_address_is_ip4 (&peer->dst.addr); - peer->rewrite = wg_peer_build_rewrite (peer, is_ip4); + peer->rewrite = wg_build_rewrite (&peer->src.addr, peer->src.port, + &peer->dst.addr, peer->dst.port, is_ip4); u32 ii; vec_validate (peer->allowed_ips, vec_len (allowed_ips) - 1); @@ -329,7 +292,6 @@ wg_peer_fill (vlib_main_t *vm, wg_peer_t *peer, u32 table_id, peer->allowed_ips[ii] = allowed_ips[ii]; } - index_t perri = peer - wg_peer_pool; fib_protocol_t proto; FOR_EACH_FIB_IP_PROTOCOL (proto) { @@ -338,6 +300,19 @@ wg_peer_fill (vlib_main_t *vm, wg_peer_t *peer, u32 table_id, return (0); } +void +wg_peer_update_flags (index_t peeri, wg_peer_flags flag, bool add_del) +{ + wg_peer_t *peer = wg_peer_get (peeri); + if ((add_del && (peer->flags & flag)) || (!add_del && !(peer->flags & flag))) + { + return; + } + + peer->flags ^= flag; + wg_api_peer_event (peeri, peer->flags); +} + int wg_peer_add (u32 tun_sw_if_index, const u8 public_key[NOISE_PUBLIC_KEY_LEN], u32 table_id, const ip46_address_t *endpoint, @@ -388,6 +363,7 @@ wg_peer_add (u32 tun_sw_if_index, const u8 public_key[NOISE_PUBLIC_KEY_LEN], wg_if->local_idx); cookie_maker_init (&peer->cookie_maker, public_key); + wg_send_handshake (vm, peer, false); if (peer->persistent_keepalive_interval != 0) { wg_send_keepalive (vm, peer); @@ -459,14 +435,17 @@ format_wg_peer (u8 * s, va_list * va) peer = wg_peer_get (peeri); key_to_base64 (peer->remote.r_public, NOISE_PUBLIC_KEY_LEN, key); - s = format (s, "[%d] endpoint:[%U->%U] %U keep-alive:%d", peeri, - format_wg_peer_endpoint, &peer->src, format_wg_peer_endpoint, - &peer->dst, format_vnet_sw_if_index_name, vnet_get_main (), - peer->wg_sw_if_index, peer->persistent_keepalive_interval); + s = format ( + s, + "[%d] endpoint:[%U->%U] %U keep-alive:%d flags: %d, api-clients count: %d", + peeri, format_wg_peer_endpoint, &peer->src, format_wg_peer_endpoint, + &peer->dst, format_vnet_sw_if_index_name, vnet_get_main (), + peer->wg_sw_if_index, peer->persistent_keepalive_interval, peer->flags, + pool_elts (peer->api_clients)); s = format (s, "\n adj:"); vec_foreach (adj_index, peer->adj_indices) { - s = format (s, " %d", adj_index); + s = format (s, " %d", *adj_index); } s = format (s, "\n key:%=s %U", key, format_hex_bytes, peer->remote.r_public, NOISE_PUBLIC_KEY_LEN);