wireguard: add peers roaming support

[vpp.git] / src / plugins / wireguard / wireguard_peer.h

/*
 * Copyright (c) 2020 Doc.ai and/or its affiliates.
 * Copyright (c) 2020 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef __included_wg_peer_h__
#define __included_wg_peer_h__

#include <vlibapi/api_helper_macros.h>

#include <vnet/ip/ip.h>

#include <wireguard/wireguard_cookie.h>
#include <wireguard/wireguard_timer.h>
#include <wireguard/wireguard_key.h>
#include <wireguard/wireguard_messages.h>
#include <wireguard/wireguard_if.h>

typedef struct ip4_udp_header_t_
{
  ip4_header_t ip4;
  udp_header_t udp;
} __clib_packed ip4_udp_header_t;

typedef struct ip4_udp_wg_header_t_
{
  ip4_header_t ip4;
  udp_header_t udp;
  message_data_t wg;
} __clib_packed ip4_udp_wg_header_t;

typedef struct ip6_udp_header_t_
{
  ip6_header_t ip6;
  udp_header_t udp;
} __clib_packed ip6_udp_header_t;

typedef struct ip6_udp_wg_header_t_
{
  ip6_header_t ip6;
  udp_header_t udp;
  message_data_t wg;
} __clib_packed ip6_udp_wg_header_t;

u8 *format_ip4_udp_header (u8 * s, va_list * va);
u8 *format_ip6_udp_header (u8 *s, va_list *va);

typedef struct wg_peer_endpoint_t_
{
  ip46_address_t addr;
  u16 port;
} wg_peer_endpoint_t;

typedef enum
{
  WG_PEER_STATUS_DEAD = 0x1,
  WG_PEER_ESTABLISHED = 0x2,
} wg_peer_flags;

typedef struct wg_peer_adj_t_
{
  adj_index_t adj_index;
  fib_node_index_t fib_entry_index;
  u32 sibling_index;
} wg_peer_adj_t;

typedef struct wg_peer
{
  noise_remote_t remote;
  cookie_maker_t cookie_maker;

  u32 input_thread_index;
  u32 output_thread_index;

  /* Peer addresses */
  wg_peer_endpoint_t dst;
  wg_peer_endpoint_t src;
  u32 table_id;
  wg_peer_adj_t *adjs;

  /* rewrite built from address information */
  u8 *rewrite;

  /* Vector of allowed-ips */
  fib_prefix_t *allowed_ips;

  /* The WG interface this peer is attached to */
  u32 wg_sw_if_index;

  /* API client registered for events */
  vpe_client_registration_t *api_clients;
  uword *api_client_by_client_index;
  wg_peer_flags flags;

  /* Timers */
  tw_timer_wheel_16t_2w_512sl_t *timer_wheel;
  u32 timers[WG_N_TIMERS];
  u8 timers_dispatched[WG_N_TIMERS];
  u32 timer_handshake_attempts;
  u16 persistent_keepalive_interval;

  /* Timestamps */
  f64 last_sent_handshake;
  f64 last_sent_packet;
  f64 last_received_packet;
  f64 session_derived;
  f64 rehandshake_started;

  /* Variable intervals */
  u32 new_handshake_interval_tick;
  u32 rehandshake_interval_tick;

  bool timer_need_another_keepalive;
} wg_peer_t;

typedef struct wg_peer_table_bind_ctx_t_
{
  ip_address_family_t af;
  u32 new_fib_index;
  u32 old_fib_index;
} wg_peer_table_bind_ctx_t;

int wg_peer_add (u32 tun_sw_if_index,
                 const u8 public_key_64[NOISE_PUBLIC_KEY_LEN],
                 u32 table_id,
                 const ip46_address_t * endpoint,
                 const fib_prefix_t * allowed_ips,
                 u16 port, u16 persistent_keepalive, index_t * peer_index);
int wg_peer_remove (u32 peer_index);

typedef walk_rc_t (*wg_peer_walk_cb_t) (index_t peeri, void *arg);
index_t wg_peer_walk (wg_peer_walk_cb_t fn, void *data);

u8 *format_wg_peer (u8 * s, va_list * va);

walk_rc_t wg_peer_if_admin_state_change (index_t peeri, void *data);
walk_rc_t wg_peer_if_delete (index_t peeri, void *data);
walk_rc_t wg_peer_if_adj_change (index_t peeri, void *data);
adj_walk_rc_t wg_peer_adj_walk (adj_index_t ai, void *data);

void wg_api_peer_event (index_t peeri, wg_peer_flags flags);
void wg_peer_update_flags (index_t peeri, wg_peer_flags flag, bool add_del);
void wg_peer_update_endpoint (index_t peeri, const ip46_address_t *addr,
                              u16 port);
void wg_peer_update_endpoint_from_mt (index_t peeri,
                                      const ip46_address_t *addr, u16 port);

static inline bool
wg_peer_is_dead (wg_peer_t *peer)
{
  return peer && peer->flags & WG_PEER_STATUS_DEAD;
}

/*
 * Expoed for the data-plane
 */
extern index_t *wg_peer_by_adj_index;
extern wg_peer_t *wg_peer_pool;

static inline wg_peer_t *
wg_peer_get (index_t peeri)
{
  return (pool_elt_at_index (wg_peer_pool, peeri));
}

static inline index_t
wg_peer_get_by_adj_index (index_t ai)
{
  if (ai >= vec_len (wg_peer_by_adj_index))
    return INDEX_INVALID;
  return (wg_peer_by_adj_index[ai]);
}

/*
 * Makes choice for thread_id should be assigned.
*/
static inline u32
wg_peer_assign_thread (u32 thread_id)
{
  return ((thread_id) ? thread_id
          : (vlib_num_workers ()?
             ((unix_time_now_nsec () % vlib_num_workers ()) +
              1) : thread_id));
}

static_always_inline bool
fib_prefix_is_cover_addr_46 (const fib_prefix_t *p1, const ip46_address_t *ip)
{
  switch (p1->fp_proto)
    {
    case FIB_PROTOCOL_IP4:
      return (ip4_destination_matches_route (&ip4_main, &p1->fp_addr.ip4,
                                             &ip->ip4, p1->fp_len) != 0);
    case FIB_PROTOCOL_IP6:
      return (ip6_destination_matches_route (&ip6_main, &p1->fp_addr.ip6,
                                             &ip->ip6, p1->fp_len) != 0);
    case FIB_PROTOCOL_MPLS:
      break;
    }
  return (false);
}

static inline bool
wg_peer_can_send (wg_peer_t *peer)
{
  return peer && peer->rewrite;
}

#endif // __included_wg_peer_h__

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */