FD.io VPP  v21.01.1
Vector Packet Processing
wireguard_api.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Cisco and/or its affiliates.
3  * Copyright (c) 2020 Doc.ai and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <vnet/vnet.h>
18 #include <vlibmemory/api.h>
19 
20 #include <vnet/format_fns.h>
21 #include <vnet/ip/ip_types_api.h>
22 #include <vlibapi/api.h>
23 
24 #include <wireguard/wireguard.api_enum.h>
25 #include <wireguard/wireguard.api_types.h>
26 
28 #include <wireguard/wireguard.h>
29 #include <wireguard/wireguard_if.h>
31 
32 #define REPLY_MSG_ID_BASE wmp->msg_id_base
34 
35 static void
38 {
40  wg_main_t *wmp = &wg_main;
43  u32 sw_if_index = ~0;
44  int rv = 0;
45 
46  wg_feature_init (wmp);
47 
48  ip_address_decode2 (&mp->interface.src_ip, &src);
49 
50  if (AF_IP6 == ip_addr_version (&src))
51  rv = VNET_API_ERROR_INVALID_PROTOCOL;
52  else
53  {
54  if (mp->generate_key)
55  curve25519_gen_secret (private_key);
56  else
57  clib_memcpy (private_key, mp->interface.private_key,
59 
60  rv = wg_if_create (ntohl (mp->interface.user_instance), private_key,
61  ntohs (mp->interface.port), &src, &sw_if_index);
62  }
63 
64  /* *INDENT-OFF* */
65  REPLY_MACRO2(VL_API_WIREGUARD_INTERFACE_CREATE_REPLY,
66  {
67  rmp->sw_if_index = htonl(sw_if_index);
68  });
69  /* *INDENT-ON* */
70 }
71 
72 static void
75 {
76  vl_api_wireguard_interface_delete_reply_t *rmp;
77  wg_main_t *wmp = &wg_main;
78  int rv = 0;
79 
80  wg_feature_init (wmp);
81 
83 
84  rv = wg_if_delete (ntohl (mp->sw_if_index));
85 
87 
88  /* *INDENT-OFF* */
89  REPLY_MACRO(VL_API_WIREGUARD_INTERFACE_DELETE_REPLY);
90  /* *INDENT-ON* */
91 }
92 
93 typedef struct wg_deatils_walk_t_
94 {
99 
100 static walk_rc_t
102 {
105  const wg_if_t *wgi;
106  const noise_local_t *local;
107 
108  wgi = wg_if_get (wgii);
109  local = noise_local_get (wgi->local_idx);
110 
111  rmp = vl_msg_api_alloc_zero (sizeof (*rmp));
112  rmp->_vl_msg_id = htons (VL_API_WIREGUARD_INTERFACE_DETAILS +
114 
115  if (ctx->show_private_key)
116  clib_memcpy (rmp->interface.private_key,
118  clib_memcpy (rmp->interface.public_key,
120  rmp->interface.sw_if_index = htonl (wgi->sw_if_index);
121  rmp->interface.port = htons (wgi->port);
122  ip_address_encode2 (&wgi->src_ip, &rmp->interface.src_ip);
123 
124  rmp->context = ctx->context;
125 
126  vl_api_send_msg (ctx->reg, (u8 *) rmp);
127 
128  return (WALK_CONTINUE);
129 }
130 
131 static void
133  mp)
134 {
136  wg_main_t *wmp = &wg_main;
137 
138  wg_feature_init (wmp);
139 
141  if (reg == 0)
142  return;
143 
145  .reg = reg,
146  .context = mp->context,
147  .show_private_key = mp->show_private_key,
148  };
149 
151 }
152 
153 static void
155 {
157  wg_main_t *wmp = &wg_main;
158  index_t peeri = INDEX_INVALID;
159  int ii, rv = 0;
160 
162  fib_prefix_t *allowed_ips = NULL;
163 
164  VALIDATE_SW_IF_INDEX (&(mp->peer));
165 
166  if (0 == mp->peer.n_allowed_ips)
167  {
168  rv = VNET_API_ERROR_INVALID_VALUE;
169  goto done;
170  }
171 
172  wg_feature_init (wmp);
173 
174  vec_validate (allowed_ips, mp->peer.n_allowed_ips - 1);
175  ip_address_decode2 (&mp->peer.endpoint, &endpoint);
176 
177  for (ii = 0; ii < mp->peer.n_allowed_ips; ii++)
178  ip_prefix_decode (&mp->peer.allowed_ips[ii], &allowed_ips[ii]);
179 
180  if (AF_IP6 == ip_addr_version (&endpoint) ||
181  FIB_PROTOCOL_IP6 == allowed_ips[0].fp_proto)
182  /* ip6 currently not supported, but the API needs to support it
183  * else we'll need to change it later, and that's a PITA */
184  rv = VNET_API_ERROR_INVALID_PROTOCOL;
185  else
186  rv = wg_peer_add (ntohl (mp->peer.sw_if_index),
187  mp->peer.public_key,
188  ntohl (mp->peer.table_id),
189  &ip_addr_46 (&endpoint),
190  allowed_ips,
191  ntohs (mp->peer.port),
192  ntohs (mp->peer.persistent_keepalive), &peeri);
193 
194  vec_free (allowed_ips);
195 done:
197  /* *INDENT-OFF* */
198  REPLY_MACRO2(VL_API_WIREGUARD_PEER_ADD_REPLY,
199  {
200  rmp->peer_index = ntohl (peeri);
201  });
202  /* *INDENT-ON* */
203 }
204 
205 static void
207 {
208  vl_api_wireguard_peer_remove_reply_t *rmp;
209  wg_main_t *wmp = &wg_main;
210  int rv = 0;
211 
212  wg_feature_init (wmp);
213 
214  rv = wg_peer_remove (ntohl (mp->peer_index));
215 
216  /* *INDENT-OFF* */
217  REPLY_MACRO(VL_API_WIREGUARD_PEER_REMOVE_REPLY);
218  /* *INDENT-ON* */
219 }
220 
221 static walk_rc_t
223 {
226  const wg_peer_t *peer;
228  size_t ss;
229 
230  peer = wg_peer_get (peeri);
231  n_allowed_ips = vec_len (peer->allowed_ips);
232 
233  ss = (sizeof (*rmp) + (n_allowed_ips * sizeof (rmp->peer.allowed_ips[0])));
234 
235  rmp = vl_msg_api_alloc_zero (ss);
236 
237  rmp->_vl_msg_id = htons (VL_API_WIREGUARD_PEERS_DETAILS +
239 
240  if (peer->is_dead)
241  rmp->peer.flags = WIREGUARD_PEER_STATUS_DEAD;
242  clib_memcpy (rmp->peer.public_key,
244 
245  ip_address_encode (&peer->dst.addr, IP46_TYPE_ANY, &rmp->peer.endpoint);
246  rmp->peer.port = htons (peer->dst.port);
247  rmp->peer.n_allowed_ips = n_allowed_ips;
248  rmp->peer.sw_if_index = htonl (peer->wg_sw_if_index);
249 
250  int ii;
251  for (ii = 0; ii < n_allowed_ips; ii++)
252  ip_prefix_encode (&peer->allowed_ips[ii].prefix,
253  &rmp->peer.allowed_ips[ii]);
254 
255  rmp->context = ctx->context;
256 
257  vl_api_send_msg (ctx->reg, (u8 *) rmp);
258 
259  return (WALK_CONTINUE);
260 }
261 
262 static void
264 {
266  wg_main_t *wmp = &wg_main;
267 
268  wg_feature_init (wmp);
269 
271  if (reg == NULL)
272  return;
273 
275  .reg = reg,
276  .context = mp->context,
277  };
278 
280 }
281 
282 /* set tup the API message handling tables */
283 #include <wireguard/wireguard.api.c>
284 static clib_error_t *
286 {
287  wg_main_t *wmp = &wg_main;
289  return 0;
290 }
291 
293 
294 /*
295  * fd.io coding-style-patch-verification: ON
296  *
297  * Local Variables:
298  * eval: (c-set-style "gnu")
299  * End:
300  */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:509
Add Wireguard interface interface response.
Definition: wireguard.api:55
wg_peer_allowed_ip_t * allowed_ips
#define ip_addr_46(_a)
Definition: ip_types.h:90
VLIB_API_INIT_FUNCTION(wg_api_hookup)
void ip_address_encode2(const ip_address_t *in, vl_api_address_t *out)
Definition: ip_types_api.c:242
void ip_prefix_decode(const vl_api_prefix_t *in, fib_prefix_t *out)
Definition: ip_types_api.c:259
#define ntohs(x)
Definition: af_xdp.bpf.c:29
static_always_inline wg_if_t * wg_if_get(index_t wgii)
Definition: wireguard_if.h:68
Create an Wireguard interface.
Definition: wireguard.api:43
#define REPLY_MACRO2(t, body)
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
Definition: api.h:35
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:59
index_t wg_peer_walk(wg_peer_walk_cb_t fn, void *data)
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:41
vl_api_address_t src
Definition: gre.api:54
vlib_main_t * vm
Definition: in2out_ed.c:1580
vl_api_wireguard_interface_t interface
Definition: wireguard.api:80
int wg_peer_add(u32 tun_sw_if_index, const u8 public_key[NOISE_PUBLIC_KEY_LEN], u32 table_id, const ip46_address_t *endpoint, const fib_prefix_t *allowed_ips, u16 port, u16 persistent_keepalive, u32 *peer_index)
#define ip_addr_version(_a)
Definition: ip_types.h:93
void * vl_msg_api_alloc_zero(int nbytes)
uint8_t r_public[NOISE_PUBLIC_KEY_LEN]
static walk_rc_t wireguard_if_send_details(index_t wgii, void *data)
unsigned char u8
Definition: types.h:56
u8 data[128]
Definition: ipsec_types.api:90
#define clib_memcpy(d, s, n)
Definition: string.h:180
Dump peers response.
Definition: wireguard.api:155
enum walk_rc_t_ walk_rc_t
Walk return code.
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:66
vl_api_registration_t * reg
Definition: wireguard_api.c:95
u8 n_allowed_ips
Definition: wireguard.api:106
noise_remote_t remote
vl_api_prefix_t allowed_ips[n_allowed_ips]
Definition: wireguard.api:107
void wg_feature_init(wg_main_t *wmp)
Aggregate type for a prefix.
Definition: fib_types.h:202
int wg_if_delete(u32 sw_if_index)
Definition: wireguard_if.c:322
unsigned int u32
Definition: types.h:88
u32 local_idx
Definition: wireguard_if.h:30
#define NOISE_PUBLIC_KEY_LEN
u8 private_key[32]
Definition: wireguard.api:35
long ctx[MAX_CONNS]
Definition: main.c:144
u16 msg_id_base
Definition: wireguard.h:36
static void vl_api_wireguard_peers_dump_t_handler(vl_api_wireguard_peers_dump_t *mp)
#define REPLY_MACRO(t)
uint8_t l_public[NOISE_PUBLIC_KEY_LEN]
vl_api_address_t peer
Definition: teib.api:28
void ip_address_decode2(const vl_api_address_t *in, ip_address_t *out)
Definition: ip_types_api.c:192
An API client registration, only in vpp/vlib.
Definition: api_common.h:47
static void setup_message_id_table(api_main_t *am)
Definition: bfd_api.c:409
#define BAD_SW_IF_INDEX_LABEL
vl_api_address_t endpoint
Definition: wireguard.api:103
wg_peer_endpoint_t dst
ip_address_t src_ip
Definition: wireguard_if.h:37
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:380
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
Definition: api.h:79
struct wg_deatils_walk_t_ wg_deatils_walk_t
Remove peer by public_key.
Definition: wireguard.api:133
bool is_dead
static void vl_api_wireguard_interface_delete_t_handler(vl_api_wireguard_interface_delete_t *mp)
Definition: wireguard_api.c:74
wg_main_t wg_main
Definition: wireguard.c:26
static void vl_api_wireguard_peer_add_t_handler(vl_api_wireguard_peer_add_t *mp)
static void vl_api_wireguard_interface_create_t_handler(vl_api_wireguard_interface_create_t *mp)
Definition: wireguard_api.c:37
bool curve25519_gen_secret(u8 secret_key[CURVE25519_KEY_SIZE])
Definition: wireguard_key.c:84
vl_api_wireguard_peer_t peer
Definition: wireguard.api:157
vl_api_wireguard_interface_t interface
Definition: wireguard.api:46
void wg_if_walk(wg_if_walk_cb_t fn, void *data)
Definition: wireguard_if.c:371
static void vl_api_wireguard_peer_remove_t_handler(vl_api_wireguard_peer_remove_t *mp)
u32 wg_sw_if_index
void ip_prefix_encode(const fib_prefix_t *in, vl_api_prefix_t *out)
Definition: ip_types_api.c:287
uint8_t l_private[NOISE_PUBLIC_KEY_LEN]
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
Definition: dpo.h:47
void ip_address_encode(const ip46_address_t *in, ip46_type_t type, vl_api_address_t *out)
Definition: ip_types_api.c:220
ip46_address_t addr
static_always_inline noise_local_t * noise_local_get(uint32_t locali)
int wg_peer_remove(index_t peeri)
static clib_error_t * wg_api_hookup(vlib_main_t *vm)
int wg_if_create(u32 user_instance, const u8 private_key[NOISE_PUBLIC_KEY_LEN], u16 port, const ip_address_t *src_ip, u32 *sw_if_indexp)
Definition: wireguard_if.c:239
static void vl_api_wireguard_interface_dump_t_handler(vl_api_wireguard_interface_dump_t *mp)
vl_api_wireguard_peer_t peer
Definition: wireguard.api:119
static wg_peer_t * wg_peer_get(index_t peeri)
u32 sw_if_index
Definition: wireguard_if.h:26
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34
#define VALIDATE_SW_IF_INDEX(mp)
static walk_rc_t send_wg_peers_details(index_t peeri, void *data)