src/plugins/wireguard/wireguard_timer.c

   1 /*
   2  * Copyright (c) 2020 Doc.ai and/or its affiliates.
   3  * Licensed under the Apache License, Version 2.0 (the "License");
   4  * you may not use this file except in compliance with the License.
   5  * You may obtain a copy of the License at:
   6  *
   7  *     http://www.apache.org/licenses/LICENSE-2.0
   8  *
   9  * Unless required by applicable law or agreed to in writing, software
  10  * distributed under the License is distributed on an "AS IS" BASIS,
  11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12  * See the License for the specific language governing permissions and
  13  * limitations under the License.
  14  */
  15
  16 #include <vlibmemory/api.h>
  17 #include <wireguard/wireguard.h>
  18 #include <wireguard/wireguard_send.h>
  19 #include <wireguard/wireguard_timer.h>
  20
  21 static u32
  22 get_random_u32_max (u32 max)
  23 {
  24   vlib_main_t *vm = vlib_get_main ();
  25   u32 seed = (u32) (vlib_time_now (vm) * 1e6);
  26   return random_u32 (&seed) % max;
  27 }
  28
  29 static void
  30 stop_timer (wg_peer_t * peer, u32 timer_id)
  31 {
  32   if (peer->timers[timer_id] != ~0)
  33     {
  34       tw_timer_stop_16t_2w_512sl (peer->timer_wheel, peer->timers[timer_id]);
  35       peer->timers[timer_id] = ~0;
  36     }
  37 }
  38
  39 static void
  40 start_timer (wg_peer_t * peer, u32 timer_id, u32 interval_ticks)
  41 {
  42   ASSERT (vlib_get_thread_index () == 0);
  43
  44   if (peer->timers[timer_id] == ~0)
  45     {
  46       peer->timers[timer_id] =
  47         tw_timer_start_16t_2w_512sl (peer->timer_wheel, peer - wg_peer_pool,
  48                                      timer_id, interval_ticks);
  49     }
  50 }
  51
  52 typedef struct
  53 {
  54   u32 peer_idx;
  55   u32 timer_id;
  56   u32 interval_ticks;
  57
  58 } wg_timers_args;
  59
  60 static void *
  61 start_timer_thread_fn (void *arg)
  62 {
  63   wg_timers_args *a = arg;
  64   wg_peer_t *peer = wg_peer_get (a->peer_idx);
  65   start_timer (peer, a->timer_id, a->interval_ticks);
  66   return 0;
  67 }
  68
  69 static void
  70 start_timer_from_mt (u32 peer_idx, u32 timer_id, u32 interval_ticks)
  71 {
  72   wg_timers_args a = {
  73     .peer_idx = peer_idx,
  74     .timer_id = timer_id,
  75     .interval_ticks = interval_ticks,
  76   };
  77   wg_peer_t *peer = wg_peer_get (peer_idx);
  78   if (PREDICT_FALSE (!peer->timers_dispatched[timer_id]))
  79     if (!clib_atomic_cmp_and_swap (&peer->timers_dispatched[timer_id], 0, 1))
  80       vl_api_rpc_call_main_thread (start_timer_thread_fn, (u8 *) &a,
  81                                    sizeof (a));
  82 }
  83
  84 static inline u32
  85 timer_ticks_left (vlib_main_t * vm, f64 init_time_sec, u32 interval_ticks)
  86 {
  87   static const int32_t rounding = (int32_t) (WHZ / 2);
  88   int32_t ticks_remain;
  89
  90   ticks_remain = (init_time_sec - vlib_time_now (vm)) * WHZ + interval_ticks;
  91   return (ticks_remain > rounding) ? (u32) ticks_remain : 0;
  92 }
  93
  94 static void
  95 wg_expired_retransmit_handshake (vlib_main_t * vm, wg_peer_t * peer)
  96 {
  97   if (peer->rehandshake_started == ~0)
  98     return;
  99
 100   u32 ticks = timer_ticks_left (vm, peer->rehandshake_started,
 101                                 peer->rehandshake_interval_tick);
 102   if (ticks)
 103     {
 104       start_timer (peer, WG_TIMER_RETRANSMIT_HANDSHAKE, ticks);
 105       return;
 106     }
 107
 108   if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES)
 109     {
 110       stop_timer (peer, WG_TIMER_SEND_KEEPALIVE);
 111
 112       /* We set a timer for destroying any residue that might be left
 113        * of a partial exchange.
 114        */
 115       start_timer (peer, WG_TIMER_KEY_ZEROING, REJECT_AFTER_TIME * 3 * WHZ);
 116
 117     }
 118   else
 119     {
 120       ++peer->timer_handshake_attempts;
 121       wg_send_handshake (vm, peer, true);
 122     }
 123 }
 124
 125 static void
 126 wg_expired_send_keepalive (vlib_main_t * vm, wg_peer_t * peer)
 127 {
 128   if (peer->last_sent_packet < peer->last_received_packet)
 129     {
 130       u32 ticks = timer_ticks_left (vm, peer->last_received_packet,
 131                                     KEEPALIVE_TIMEOUT * WHZ);
 132       if (ticks)
 133         {
 134           start_timer (peer, WG_TIMER_SEND_KEEPALIVE, ticks);
 135           return;
 136         }
 137
 138       wg_send_keepalive (vm, peer);
 139       if (peer->timer_need_another_keepalive)
 140         {
 141           peer->timer_need_another_keepalive = false;
 142           start_timer (peer, WG_TIMER_SEND_KEEPALIVE,
 143                        KEEPALIVE_TIMEOUT * WHZ);
 144         }
 145     }
 146 }
 147
 148 static void
 149 wg_expired_send_persistent_keepalive (vlib_main_t * vm, wg_peer_t * peer)
 150 {
 151   if (peer->persistent_keepalive_interval)
 152     {
 153       f64 latest_time = peer->last_sent_packet > peer->last_received_packet
 154         ? peer->last_sent_packet : peer->last_received_packet;
 155
 156       u32 ticks = timer_ticks_left (vm, latest_time,
 157                                     peer->persistent_keepalive_interval *
 158                                     WHZ);
 159       if (ticks)
 160         {
 161           start_timer (peer, WG_TIMER_PERSISTENT_KEEPALIVE, ticks);
 162           return;
 163         }
 164
 165       wg_send_keepalive (vm, peer);
 166     }
 167 }
 168
 169 static void
 170 wg_expired_new_handshake (vlib_main_t * vm, wg_peer_t * peer)
 171 {
 172   u32 ticks = timer_ticks_left (vm, peer->last_sent_packet,
 173                                 peer->new_handshake_interval_tick);
 174   if (ticks)
 175     {
 176       start_timer (peer, WG_TIMER_NEW_HANDSHAKE, ticks);
 177       return;
 178     }
 179
 180   wg_send_handshake (vm, peer, false);
 181 }
 182
 183 static void
 184 wg_expired_zero_key_material (vlib_main_t * vm, wg_peer_t * peer)
 185 {
 186   u32 ticks =
 187     timer_ticks_left (vm, peer->session_derived, REJECT_AFTER_TIME * 3 * WHZ);
 188   if (ticks)
 189     {
 190       start_timer (peer, WG_TIMER_KEY_ZEROING, ticks);
 191       return;
 192     }
 193
 194   if (!wg_peer_is_dead (peer))
 195     {
 196       noise_remote_clear (vm, &peer->remote);
 197     }
 198 }
 199
 200 void
 201 wg_timers_any_authenticated_packet_traversal (wg_peer_t * peer)
 202 {
 203   if (peer->persistent_keepalive_interval)
 204     {
 205       start_timer_from_mt (peer - wg_peer_pool,
 206                            WG_TIMER_PERSISTENT_KEEPALIVE,
 207                            peer->persistent_keepalive_interval * WHZ);
 208     }
 209 }
 210
 211 void
 212 wg_timers_any_authenticated_packet_sent (wg_peer_t * peer)
 213 {
 214   peer->last_sent_packet = vlib_time_now (vlib_get_main ());
 215 }
 216
 217 void
 218 wg_timers_handshake_initiated (wg_peer_t * peer)
 219 {
 220   peer->rehandshake_started = vlib_time_now (vlib_get_main ());
 221   peer->rehandshake_interval_tick =
 222     REKEY_TIMEOUT * WHZ + get_random_u32_max (REKEY_TIMEOUT_JITTER);
 223
 224   start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_RETRANSMIT_HANDSHAKE,
 225                        peer->rehandshake_interval_tick);
 226 }
 227
 228 void
 229 wg_timers_session_derived (wg_peer_t * peer)
 230 {
 231   peer->session_derived = vlib_time_now (vlib_get_main ());
 232
 233   start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_KEY_ZEROING,
 234                        REJECT_AFTER_TIME * 3 * WHZ);
 235 }
 236
 237 /* Should be called after an authenticated data packet is sent. */
 238 void
 239 wg_timers_data_sent (wg_peer_t * peer)
 240 {
 241   peer->new_handshake_interval_tick =
 242     (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) * WHZ +
 243     get_random_u32_max (REKEY_TIMEOUT_JITTER);
 244
 245   start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_NEW_HANDSHAKE,
 246                        peer->new_handshake_interval_tick);
 247 }
 248
 249 /* Should be called after an authenticated data packet is received. */
 250 void
 251 wg_timers_data_received (wg_peer_t * peer)
 252 {
 253   if (peer->timers[WG_TIMER_SEND_KEEPALIVE] == ~0)
 254     {
 255       start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_SEND_KEEPALIVE,
 256                            KEEPALIVE_TIMEOUT * WHZ);
 257     }
 258   else
 259     peer->timer_need_another_keepalive = true;
 260 }
 261
 262 /* Should be called after a handshake response message is received and processed
 263  * or when getting key confirmation via the first data message.
 264  */
 265 void
 266 wg_timers_handshake_complete (wg_peer_t * peer)
 267 {
 268   peer->rehandshake_started = ~0;
 269   peer->timer_handshake_attempts = 0;
 270 }
 271
 272 void
 273 wg_timers_any_authenticated_packet_received (wg_peer_t * peer)
 274 {
 275   peer->last_received_packet = vlib_time_now (vlib_get_main ());
 276 }
 277
 278 static vlib_node_registration_t wg_timer_mngr_node;
 279
 280 static void
 281 expired_timer_callback (u32 * expired_timers)
 282 {
 283   int i;
 284   u32 timer_id;
 285   u32 pool_index;
 286
 287   wg_main_t *wmp = &wg_main;
 288   vlib_main_t *vm = wmp->vlib_main;
 289
 290   wg_peer_t *peer;
 291
 292   /* Need to invalidate all of them because one can restart other */
 293   for (i = 0; i < vec_len (expired_timers); i++)
 294     {
 295       pool_index = expired_timers[i] & 0x0FFFFFFF;
 296       timer_id = expired_timers[i] >> 28;
 297
 298       peer = wg_peer_get (pool_index);
 299       peer->timers[timer_id] = ~0;
 300
 301       /* Under barrier, no sync needed */
 302       peer->timers_dispatched[timer_id] = 0;
 303     }
 304
 305   for (i = 0; i < vec_len (expired_timers); i++)
 306     {
 307       pool_index = expired_timers[i] & 0x0FFFFFFF;
 308       timer_id = expired_timers[i] >> 28;
 309
 310       peer = wg_peer_get (pool_index);
 311       switch (timer_id)
 312         {
 313         case WG_TIMER_RETRANSMIT_HANDSHAKE:
 314           wg_expired_retransmit_handshake (vm, peer);
 315           break;
 316         case WG_TIMER_PERSISTENT_KEEPALIVE:
 317           wg_expired_send_persistent_keepalive (vm, peer);
 318           break;
 319         case WG_TIMER_SEND_KEEPALIVE:
 320           wg_expired_send_keepalive (vm, peer);
 321           break;
 322         case WG_TIMER_NEW_HANDSHAKE:
 323           wg_expired_new_handshake (vm, peer);
 324           break;
 325         case WG_TIMER_KEY_ZEROING:
 326           wg_expired_zero_key_material (vm, peer);
 327           break;
 328         default:
 329           break;
 330         }
 331     }
 332 }
 333
 334 void
 335 wg_timer_wheel_init ()
 336 {
 337   wg_main_t *wmp = &wg_main;
 338   tw_timer_wheel_16t_2w_512sl_t *tw = &wmp->timer_wheel;
 339   tw_timer_wheel_init_16t_2w_512sl (tw,
 340                                     expired_timer_callback,
 341                                     WG_TICK /* timer period in s */ , ~0);
 342 }
 343
 344 static uword
 345 wg_timer_mngr_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
 346                   vlib_frame_t * f)
 347 {
 348   wg_main_t *wmp = &wg_main;
 349   uword event_type = 0;
 350
 351   /* Park the process until the feature is configured */
 352   while (1)
 353     {
 354       vlib_process_wait_for_event (vm);
 355       event_type = vlib_process_get_events (vm, 0);
 356       if (event_type == WG_START_EVENT)
 357         {
 358           break;
 359         }
 360       else
 361         {
 362           clib_warning ("Unknown event type %d", event_type);
 363         }
 364     }
 365   /*
 366    * Reset the timer wheel time so it won't try to
 367    * expire Avogadro's number of time slots.
 368    */
 369   wmp->timer_wheel.last_run_time = vlib_time_now (vm);
 370
 371   while (1)
 372     {
 373       vlib_process_wait_for_event_or_clock (vm, WG_TICK);
 374       vlib_process_get_events (vm, NULL);
 375
 376       tw_timer_expire_timers_16t_2w_512sl (&wmp->timer_wheel,
 377                                            vlib_time_now (vm));
 378     }
 379
 380   return 0;
 381 }
 382
 383 void
 384 wg_timers_stop (wg_peer_t * peer)
 385 {
 386   ASSERT (vlib_get_thread_index () == 0);
 387   if (peer->timer_wheel)
 388     {
 389       stop_timer (peer, WG_TIMER_RETRANSMIT_HANDSHAKE);
 390       stop_timer (peer, WG_TIMER_PERSISTENT_KEEPALIVE);
 391       stop_timer (peer, WG_TIMER_SEND_KEEPALIVE);
 392       stop_timer (peer, WG_TIMER_NEW_HANDSHAKE);
 393       stop_timer (peer, WG_TIMER_KEY_ZEROING);
 394     }
 395 }
 396
 397 /* *INDENT-OFF* */
 398 VLIB_REGISTER_NODE (wg_timer_mngr_node, static) = {
 399     .function = wg_timer_mngr_fn,
 400     .type = VLIB_NODE_TYPE_PROCESS,
 401     .name =
 402     "wg-timer-manager",
 403 };
 404 /* *INDENT-ON* */
 405
 406 void
 407 wg_feature_init (wg_main_t * wmp)
 408 {
 409   if (wmp->feature_init)
 410     return;
 411   vlib_process_signal_event (wmp->vlib_main, wg_timer_mngr_node.index,
 412                              WG_START_EVENT, 0);
 413   wmp->feature_init = 1;
 414 }
 415
 416
 417
 418 /*
 419  * fd.io coding-style-patch-verification: ON
 420  *
 421  * Local Variables:
 422  * eval: (c-set-style "gnu")
 423  * End:
 424  */