FD.io VPP  v21.06-3-gbb25fbf28
Vector Packet Processing
wireguard_timer.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Doc.ai and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vlibmemory/api.h>
17 #include <wireguard/wireguard.h>
20 
21 static u32
23 {
25  u32 seed = (u32) (vlib_time_now (vm) * 1e6);
26  return random_u32 (&seed) % max;
27 }
28 
29 static void
31 {
32  if (peer->timers[timer_id] != ~0)
33  {
34  tw_timer_stop_16t_2w_512sl (peer->timer_wheel, peer->timers[timer_id]);
35  peer->timers[timer_id] = ~0;
36  }
37 }
38 
39 static void
40 start_timer (wg_peer_t * peer, u32 timer_id, u32 interval_ticks)
41 {
42  ASSERT (vlib_get_thread_index () == 0);
43 
44  if (peer->timers[timer_id] == ~0)
45  {
46  peer->timers[timer_id] =
47  tw_timer_start_16t_2w_512sl (peer->timer_wheel, peer - wg_peer_pool,
48  timer_id, interval_ticks);
49  }
50 }
51 
52 typedef struct
53 {
57 
59 
60 static void *
62 {
63  wg_timers_args *a = arg;
64  wg_peer_t *peer = wg_peer_get (a->peer_idx);
65  start_timer (peer, a->timer_id, a->interval_ticks);
66  return 0;
67 }
68 
69 static void
70 start_timer_from_mt (u32 peer_idx, u32 timer_id, u32 interval_ticks)
71 {
72  wg_timers_args a = {
73  .peer_idx = peer_idx,
74  .timer_id = timer_id,
75  .interval_ticks = interval_ticks,
76  };
77  wg_peer_t *peer = wg_peer_get (peer_idx);
78  if (PREDICT_FALSE (!peer->timers_dispatched[timer_id]))
79  if (!clib_atomic_cmp_and_swap (&peer->timers_dispatched[timer_id], 0, 1))
81  sizeof (a));
82 }
83 
84 static inline u32
85 timer_ticks_left (vlib_main_t * vm, f64 init_time_sec, u32 interval_ticks)
86 {
87  static const int32_t rounding = (int32_t) (WHZ / 2);
88  int32_t ticks_remain;
89 
90  ticks_remain = (init_time_sec - vlib_time_now (vm)) * WHZ + interval_ticks;
91  return (ticks_remain > rounding) ? (u32) ticks_remain : 0;
92 }
93 
94 static void
96 {
97  if (peer->rehandshake_started == ~0)
98  return;
99 
100  u32 ticks = timer_ticks_left (vm, peer->rehandshake_started,
101  peer->rehandshake_interval_tick);
102  if (ticks)
103  {
104  start_timer (peer, WG_TIMER_RETRANSMIT_HANDSHAKE, ticks);
105  return;
106  }
107 
108  if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES)
109  {
110  stop_timer (peer, WG_TIMER_SEND_KEEPALIVE);
111 
112  /* We set a timer for destroying any residue that might be left
113  * of a partial exchange.
114  */
115  start_timer (peer, WG_TIMER_KEY_ZEROING, REJECT_AFTER_TIME * 3 * WHZ);
116 
117  }
118  else
119  {
120  ++peer->timer_handshake_attempts;
121  wg_send_handshake (vm, peer, true);
122  }
123 }
124 
125 static void
127 {
128  if (peer->last_sent_packet < peer->last_received_packet)
129  {
130  u32 ticks = timer_ticks_left (vm, peer->last_received_packet,
132  if (ticks)
133  {
134  start_timer (peer, WG_TIMER_SEND_KEEPALIVE, ticks);
135  return;
136  }
137 
139  if (peer->timer_need_another_keepalive)
140  {
141  peer->timer_need_another_keepalive = false;
142  start_timer (peer, WG_TIMER_SEND_KEEPALIVE,
144  }
145  }
146 }
147 
148 static void
150 {
151  if (peer->persistent_keepalive_interval)
152  {
153  f64 latest_time = peer->last_sent_packet > peer->last_received_packet
154  ? peer->last_sent_packet : peer->last_received_packet;
155 
156  u32 ticks = timer_ticks_left (vm, latest_time,
157  peer->persistent_keepalive_interval *
158  WHZ);
159  if (ticks)
160  {
161  start_timer (peer, WG_TIMER_PERSISTENT_KEEPALIVE, ticks);
162  return;
163  }
164 
166  }
167 }
168 
169 static void
171 {
172  u32 ticks = timer_ticks_left (vm, peer->last_sent_packet,
173  peer->new_handshake_interval_tick);
174  if (ticks)
175  {
176  start_timer (peer, WG_TIMER_NEW_HANDSHAKE, ticks);
177  return;
178  }
179 
180  wg_send_handshake (vm, peer, false);
181 }
182 
183 static void
185 {
186  u32 ticks =
187  timer_ticks_left (vm, peer->session_derived, REJECT_AFTER_TIME * 3 * WHZ);
188  if (ticks)
189  {
190  start_timer (peer, WG_TIMER_KEY_ZEROING, ticks);
191  return;
192  }
193 
194  if (!peer->is_dead)
195  {
196  noise_remote_clear (vm, &peer->remote);
197  }
198 }
199 
200 void
202 {
203  if (peer->persistent_keepalive_interval)
204  {
206  WG_TIMER_PERSISTENT_KEEPALIVE,
207  peer->persistent_keepalive_interval * WHZ);
208  }
209 }
210 
211 void
213 {
214  peer->last_sent_packet = vlib_time_now (vlib_get_main ());
215 }
216 
217 void
219 {
220  peer->rehandshake_started = vlib_time_now (vlib_get_main ());
221  peer->rehandshake_interval_tick =
223 
224  start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_RETRANSMIT_HANDSHAKE,
225  peer->rehandshake_interval_tick);
226 }
227 
228 void
230 {
231  peer->session_derived = vlib_time_now (vlib_get_main ());
232 
233  start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_KEY_ZEROING,
234  REJECT_AFTER_TIME * 3 * WHZ);
235 }
236 
237 /* Should be called after an authenticated data packet is sent. */
238 void
240 {
241  peer->new_handshake_interval_tick =
244 
245  start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_NEW_HANDSHAKE,
246  peer->new_handshake_interval_tick);
247 }
248 
249 /* Should be called after an authenticated data packet is received. */
250 void
252 {
253  if (peer->timers[WG_TIMER_SEND_KEEPALIVE] == ~0)
254  {
255  start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_SEND_KEEPALIVE,
257  }
258  else
259  peer->timer_need_another_keepalive = true;
260 }
261 
262 /* Should be called after a handshake response message is received and processed
263  * or when getting key confirmation via the first data message.
264  */
265 void
267 {
268  peer->rehandshake_started = ~0;
269  peer->timer_handshake_attempts = 0;
270 }
271 
272 void
274 {
275  peer->last_received_packet = vlib_time_now (vlib_get_main ());
276 }
277 
279 
280 static void
281 expired_timer_callback (u32 * expired_timers)
282 {
283  int i;
284  u32 timer_id;
285  u32 pool_index;
286 
287  wg_main_t *wmp = &wg_main;
288  vlib_main_t *vm = wmp->vlib_main;
289 
290  wg_peer_t *peer;
291 
292  /* Need to invalidate all of them because one can restart other */
293  for (i = 0; i < vec_len (expired_timers); i++)
294  {
295  pool_index = expired_timers[i] & 0x0FFFFFFF;
296  timer_id = expired_timers[i] >> 28;
297 
298  peer = wg_peer_get (pool_index);
299  peer->timers[timer_id] = ~0;
300 
301  /* Under barrier, no sync needed */
302  peer->timers_dispatched[timer_id] = 0;
303  }
304 
305  for (i = 0; i < vec_len (expired_timers); i++)
306  {
307  pool_index = expired_timers[i] & 0x0FFFFFFF;
308  timer_id = expired_timers[i] >> 28;
309 
310  peer = wg_peer_get (pool_index);
311  switch (timer_id)
312  {
313  case WG_TIMER_RETRANSMIT_HANDSHAKE:
315  break;
316  case WG_TIMER_PERSISTENT_KEEPALIVE:
318  break;
319  case WG_TIMER_SEND_KEEPALIVE:
321  break;
322  case WG_TIMER_NEW_HANDSHAKE:
324  break;
325  case WG_TIMER_KEY_ZEROING:
327  break;
328  default:
329  break;
330  }
331  }
332 }
333 
334 void
336 {
337  wg_main_t *wmp = &wg_main;
338  tw_timer_wheel_16t_2w_512sl_t *tw = &wmp->timer_wheel;
339  tw_timer_wheel_init_16t_2w_512sl (tw,
341  WG_TICK /* timer period in s */ , ~0);
342 }
343 
344 static uword
346  vlib_frame_t * f)
347 {
348  wg_main_t *wmp = &wg_main;
349  uword event_type = 0;
350 
351  /* Park the process until the feature is configured */
352  while (1)
353  {
355  event_type = vlib_process_get_events (vm, 0);
356  if (event_type == WG_START_EVENT)
357  {
358  break;
359  }
360  else
361  {
362  clib_warning ("Unknown event type %d", event_type);
363  }
364  }
365  /*
366  * Reset the timer wheel time so it won't try to
367  * expire Avogadro's number of time slots.
368  */
369  wmp->timer_wheel.last_run_time = vlib_time_now (vm);
370 
371  while (1)
372  {
374  vlib_process_get_events (vm, NULL);
375 
376  tw_timer_expire_timers_16t_2w_512sl (&wmp->timer_wheel,
377  vlib_time_now (vm));
378  }
379 
380  return 0;
381 }
382 
383 void
385 {
386  ASSERT (vlib_get_thread_index () == 0);
387  if (peer->timer_wheel)
388  {
389  stop_timer (peer, WG_TIMER_RETRANSMIT_HANDSHAKE);
390  stop_timer (peer, WG_TIMER_PERSISTENT_KEEPALIVE);
391  stop_timer (peer, WG_TIMER_SEND_KEEPALIVE);
392  stop_timer (peer, WG_TIMER_NEW_HANDSHAKE);
393  stop_timer (peer, WG_TIMER_KEY_ZEROING);
394  }
395 }
396 
397 /* *INDENT-OFF* */
399  .function = wg_timer_mngr_fn,
400  .type = VLIB_NODE_TYPE_PROCESS,
401  .name =
402  "wg-timer-manager",
403 };
404 /* *INDENT-ON* */
405 
406 void
408 {
409  if (wmp->feature_init)
410  return;
412  WG_START_EVENT, 0);
413  wmp->feature_init = 1;
414 }
415 
416 
417 
418 /*
419  * fd.io coding-style-patch-verification: ON
420  *
421  * Local Variables:
422  * eval: (c-set-style "gnu")
423  * End:
424  */
wg_expired_send_keepalive
static void wg_expired_send_keepalive(vlib_main_t *vm, wg_peer_t *peer)
Definition: wireguard_timer.c:126
api.h
wg_timers_session_derived
void wg_timers_session_derived(wg_peer_t *peer)
Definition: wireguard_timer.c:229
REKEY_TIMEOUT_JITTER
@ REKEY_TIMEOUT_JITTER
Definition: wireguard_messages.h:32
wg_timers_args
Definition: wireguard_timer.c:52
wg_timer_mngr_fn
static uword wg_timer_mngr_fn(vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f)
Definition: wireguard_timer.c:345
REKEY_TIMEOUT
@ REKEY_TIMEOUT
Definition: wireguard_messages.h:31
vlib_process_wait_for_event
static uword * vlib_process_wait_for_event(vlib_main_t *vm)
Definition: node_funcs.h:660
f
vlib_frame_t * f
Definition: interface_output.c:1080
wg_send_handshake
bool wg_send_handshake(vlib_main_t *vm, wg_peer_t *peer, bool is_retry)
Definition: wireguard_send.c:84
wg_feature_init
void wg_feature_init(wg_main_t *wmp)
Definition: wireguard_timer.c:407
stop_timer
static void stop_timer(wg_peer_t *peer, u32 timer_id)
Definition: wireguard_timer.c:30
wg_timers_args::peer_idx
u32 peer_idx
Definition: wireguard_timer.c:54
KEEPALIVE_TIMEOUT
@ KEEPALIVE_TIMEOUT
Definition: wireguard_messages.h:33
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
REJECT_AFTER_TIME
#define REJECT_AFTER_TIME
Definition: wireguard_noise.h:47
wg_peer_pool
wg_peer_t * wg_peer_pool
Definition: wireguard_peer.c:27
vlib_frame_t
Definition: node.h:372
vlib_process_signal_event
static void vlib_process_signal_event(vlib_main_t *vm, uword node_index, uword type_opaque, uword data)
Definition: node_funcs.h:1019
wg_timers_args::interval_ticks
u32 interval_ticks
Definition: wireguard_timer.c:56
timer_ticks_left
static u32 timer_ticks_left(vlib_main_t *vm, f64 init_time_sec, u32 interval_ticks)
Definition: wireguard_timer.c:85
random_u32
static u32 random_u32(u32 *seed)
32-bit random number generator
Definition: random.h:69
vlib_process_get_events
static uword vlib_process_get_events(vlib_main_t *vm, uword **data_vector)
Return the first event type which has occurred and a vector of per-event data of that type,...
Definition: node_funcs.h:583
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
noise_remote_clear
void noise_remote_clear(vlib_main_t *vm, noise_remote_t *r)
Definition: wireguard_noise.c:450
wg_expired_new_handshake
static void wg_expired_new_handshake(vlib_main_t *vm, wg_peer_t *peer)
Definition: wireguard_timer.c:170
wg_timers_data_sent
void wg_timers_data_sent(wg_peer_t *peer)
Definition: wireguard_timer.c:239
start_timer_thread_fn
static void * start_timer_thread_fn(void *arg)
Definition: wireguard_timer.c:61
WG_START_EVENT
#define WG_START_EVENT
Definition: wireguard.h:51
wg_timers_any_authenticated_packet_received
void wg_timers_any_authenticated_packet_received(wg_peer_t *peer)
Definition: wireguard_timer.c:273
wg_timers_data_received
void wg_timers_data_received(wg_peer_t *peer)
Definition: wireguard_timer.c:251
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:124
vlib_get_thread_index
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:208
wg_main_t::feature_init
u8 feature_init
Definition: wireguard.h:44
wg_timers_handshake_initiated
void wg_timers_handshake_initiated(wg_peer_t *peer)
Definition: wireguard_timer.c:218
peer
vl_api_address_t peer
Definition: teib.api:28
uword
u64 uword
Definition: types.h:112
wg_peer
Definition: wireguard_peer.h:48
wg_timers_args::timer_id
u32 timer_id
Definition: wireguard_timer.c:55
get_random_u32_max
static u32 get_random_u32_max(u32 max)
Definition: wireguard_timer.c:22
WG_TICK
#define WG_TICK
WG tick period (s)
Definition: wireguard_messages.h:23
WHZ
#define WHZ
WG tick frequency.
Definition: wireguard_messages.h:24
i
sll srl srl sll sra u16x4 i
Definition: vector_sse42.h:261
f64
double f64
Definition: types.h:142
expired_timer_callback
static void expired_timer_callback(u32 *expired_timers)
Definition: wireguard_timer.c:281
wg_timer_mngr_node
static vlib_node_registration_t wg_timer_mngr_node
(constructor) VLIB_REGISTER_NODE (wg_timer_mngr_node)
Definition: wireguard_timer.c:278
wg_main
wg_main_t wg_main
Definition: wireguard.c:26
wg_expired_send_persistent_keepalive
static void wg_expired_send_persistent_keepalive(vlib_main_t *vm, wg_peer_t *peer)
Definition: wireguard_timer.c:149
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
wireguard_send.h
wg_main_t::vlib_main
vlib_main_t * vlib_main
Definition: wireguard.h:34
wg_main_t
Definition: wireguard.h:31
wg_send_keepalive
bool wg_send_keepalive(vlib_main_t *vm, wg_peer_t *peer)
Definition: wireguard_send.c:155
wg_expired_retransmit_handshake
static void wg_expired_retransmit_handshake(vlib_main_t *vm, wg_peer_t *peer)
Definition: wireguard_timer.c:95
vlib_process_wait_for_event_or_clock
static f64 vlib_process_wait_for_event_or_clock(vlib_main_t *vm, f64 dt)
Suspend a cooperative multi-tasking thread Waits for an event, or for the indicated number of seconds...
Definition: node_funcs.h:755
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
u32
unsigned int u32
Definition: types.h:88
clib_atomic_cmp_and_swap
#define clib_atomic_cmp_and_swap(addr, old, new)
Definition: atomics.h:37
vl_api_rpc_call_main_thread
void vl_api_rpc_call_main_thread(void *fp, u8 *data, u32 data_length)
Definition: vlib_api.c:620
VLIB_NODE_TYPE_PROCESS
@ VLIB_NODE_TYPE_PROCESS
Definition: node.h:84
MAX_TIMER_HANDSHAKES
@ MAX_TIMER_HANDSHAKES
Definition: wireguard_messages.h:34
wg_timer_wheel_init
void wg_timer_wheel_init()
Definition: wireguard_timer.c:335
vlib_main_t
Definition: main.h:102
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:38
u8
unsigned char u8
Definition: types.h:56
a
a
Definition: bitmap.h:544
wireguard.h
rt
vnet_interface_output_runtime_t * rt
Definition: interface_output.c:399
wg_timers_any_authenticated_packet_sent
void wg_timers_any_authenticated_packet_sent(wg_peer_t *peer)
Definition: wireguard_timer.c:212
wg_peer_get
static wg_peer_t * wg_peer_get(index_t peeri)
Definition: wireguard_peer.h:125
start_timer
static void start_timer(wg_peer_t *peer, u32 timer_id, u32 interval_ticks)
Definition: wireguard_timer.c:40
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
wg_expired_zero_key_material
static void wg_expired_zero_key_material(vlib_main_t *vm, wg_peer_t *peer)
Definition: wireguard_timer.c:184
vlib_time_now
static f64 vlib_time_now(vlib_main_t *vm)
Definition: main.h:325
start_timer_from_mt
static void start_timer_from_mt(u32 peer_idx, u32 timer_id, u32 interval_ticks)
Definition: wireguard_timer.c:70
vlib_node_runtime_t
Definition: node.h:454
wireguard_timer.h
wg_timers_handshake_complete
void wg_timers_handshake_complete(wg_peer_t *peer)
Definition: wireguard_timer.c:266
wg_timers_stop
void wg_timers_stop(wg_peer_t *peer)
Definition: wireguard_timer.c:384
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169
wg_main_t::timer_wheel
tw_timer_wheel_16t_2w_512sl_t timer_wheel
Definition: wireguard.h:46
wg_timers_any_authenticated_packet_traversal
void wg_timers_any_authenticated_packet_traversal(wg_peer_t *peer)
Definition: wireguard_timer.c:201