FD.io VPP  v21.10.1-2-g0a485f517
Vector Packet Processing
wireguard_api.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Cisco and/or its affiliates.
3  * Copyright (c) 2020 Doc.ai and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <vnet/vnet.h>
18 #include <vlibmemory/api.h>
19 
20 #include <vnet/format_fns.h>
21 #include <vnet/ip/ip_types_api.h>
22 #include <vlibapi/api.h>
23 
24 #include <wireguard/wireguard.api_enum.h>
25 #include <wireguard/wireguard.api_types.h>
26 
28 #include <wireguard/wireguard.h>
29 #include <wireguard/wireguard_if.h>
31 
32 #define REPLY_MSG_ID_BASE wmp->msg_id_base
34 
35 static void
38 {
40  wg_main_t *wmp = &wg_main;
43  u32 sw_if_index = ~0;
44  int rv = 0;
45 
46  wg_feature_init (wmp);
47 
48  ip_address_decode2 (&mp->interface.src_ip, &src);
49 
50  if (AF_IP6 == ip_addr_version (&src))
51  rv = VNET_API_ERROR_INVALID_PROTOCOL;
52  else
53  {
54  if (mp->generate_key)
56  else
57  clib_memcpy (private_key, mp->interface.private_key,
59 
60  rv = wg_if_create (ntohl (mp->interface.user_instance), private_key,
61  ntohs (mp->interface.port), &src, &sw_if_index);
62  }
63 
64  /* *INDENT-OFF* */
65  REPLY_MACRO2(VL_API_WIREGUARD_INTERFACE_CREATE_REPLY,
66  {
67  rmp->sw_if_index = htonl(sw_if_index);
68  });
69  /* *INDENT-ON* */
70 }
71 
72 static void
75 {
76  vl_api_wireguard_interface_delete_reply_t *rmp;
77  wg_main_t *wmp = &wg_main;
78  int rv = 0;
79 
80  wg_feature_init (wmp);
81 
83 
84  rv = wg_if_delete (ntohl (mp->sw_if_index));
85 
87 
88  /* *INDENT-OFF* */
89  REPLY_MACRO(VL_API_WIREGUARD_INTERFACE_DELETE_REPLY);
90  /* *INDENT-ON* */
91 }
92 
93 typedef struct wg_deatils_walk_t_
94 {
99 
100 static walk_rc_t
102 {
105  const wg_if_t *wgi;
106  const noise_local_t *local;
107 
108  wgi = wg_if_get (wgii);
109  local = noise_local_get (wgi->local_idx);
110 
111  rmp = vl_msg_api_alloc_zero (sizeof (*rmp));
112  rmp->_vl_msg_id = htons (VL_API_WIREGUARD_INTERFACE_DETAILS +
114 
115  if (ctx->show_private_key)
116  clib_memcpy (rmp->interface.private_key,
118  clib_memcpy (rmp->interface.public_key,
120  rmp->interface.sw_if_index = htonl (wgi->sw_if_index);
121  rmp->interface.port = htons (wgi->port);
122  ip_address_encode2 (&wgi->src_ip, &rmp->interface.src_ip);
123 
124  rmp->context = ctx->context;
125 
126  vl_api_send_msg (ctx->reg, (u8 *) rmp);
127 
128  return (WALK_CONTINUE);
129 }
130 
131 static void
133  mp)
134 {
136  wg_main_t *wmp = &wg_main;
137 
138  wg_feature_init (wmp);
139 
141  if (reg == 0)
142  return;
143 
145  .reg = reg,
146  .context = mp->context,
147  .show_private_key = mp->show_private_key,
148  };
149 
151 }
152 
153 static void
155 {
157  wg_main_t *wmp = &wg_main;
158  index_t peeri = INDEX_INVALID;
159  int ii, rv = 0;
160 
162  fib_prefix_t *allowed_ips = NULL;
163 
164  VALIDATE_SW_IF_INDEX (&(mp->peer));
165 
166  if (0 == mp->peer.n_allowed_ips)
167  {
168  rv = VNET_API_ERROR_INVALID_VALUE;
169  goto done;
170  }
171 
172  wg_feature_init (wmp);
173 
174  vec_validate (allowed_ips, mp->peer.n_allowed_ips - 1);
175  ip_address_decode2 (&mp->peer.endpoint, &endpoint);
176 
177  for (ii = 0; ii < mp->peer.n_allowed_ips; ii++)
178  ip_prefix_decode (&mp->peer.allowed_ips[ii], &allowed_ips[ii]);
179 
180  if (AF_IP6 == ip_addr_version (&endpoint) ||
181  FIB_PROTOCOL_IP6 == allowed_ips[0].fp_proto)
182  /* ip6 currently not supported, but the API needs to support it
183  * else we'll need to change it later, and that's a PITA */
184  rv = VNET_API_ERROR_INVALID_PROTOCOL;
185  else
186  rv = wg_peer_add (ntohl (mp->peer.sw_if_index),
187  mp->peer.public_key,
188  ntohl (mp->peer.table_id),
189  &ip_addr_46 (&endpoint),
190  allowed_ips,
191  ntohs (mp->peer.port),
192  ntohs (mp->peer.persistent_keepalive), &peeri);
193 
195 done:
197  /* *INDENT-OFF* */
198  REPLY_MACRO2(VL_API_WIREGUARD_PEER_ADD_REPLY,
199  {
200  rmp->peer_index = ntohl (peeri);
201  });
202  /* *INDENT-ON* */
203 }
204 
205 static void
207 {
208  vl_api_wireguard_peer_remove_reply_t *rmp;
209  wg_main_t *wmp = &wg_main;
210  int rv = 0;
211 
212  wg_feature_init (wmp);
213 
214  rv = wg_peer_remove (ntohl (mp->peer_index));
215 
216  /* *INDENT-OFF* */
217  REPLY_MACRO(VL_API_WIREGUARD_PEER_REMOVE_REPLY);
218  /* *INDENT-ON* */
219 }
220 
221 static walk_rc_t
223 {
226  const wg_peer_t *peer;
228  size_t ss;
229 
230  peer = wg_peer_get (peeri);
231  n_allowed_ips = vec_len (peer->allowed_ips);
232 
233  ss = (sizeof (*rmp) + (n_allowed_ips * sizeof (rmp->peer.allowed_ips[0])));
234 
235  rmp = vl_msg_api_alloc_zero (ss);
236 
237  rmp->_vl_msg_id = htons (VL_API_WIREGUARD_PEERS_DETAILS +
239 
240  if (peer->is_dead)
241  rmp->peer.flags = WIREGUARD_PEER_STATUS_DEAD;
242  clib_memcpy (rmp->peer.public_key,
243  peer->remote.r_public, NOISE_PUBLIC_KEY_LEN);
244 
245  ip_address_encode (&peer->dst.addr, IP46_TYPE_ANY, &rmp->peer.endpoint);
246  rmp->peer.port = htons (peer->dst.port);
247  rmp->peer.n_allowed_ips = n_allowed_ips;
248  rmp->peer.sw_if_index = htonl (peer->wg_sw_if_index);
249 
250  int ii;
251  for (ii = 0; ii < n_allowed_ips; ii++)
252  ip_prefix_encode (&peer->allowed_ips[ii].prefix,
253  &rmp->peer.allowed_ips[ii]);
254 
255  rmp->context = ctx->context;
256 
257  vl_api_send_msg (ctx->reg, (u8 *) rmp);
258 
259  return (WALK_CONTINUE);
260 }
261 
262 static void
264 {
266  wg_main_t *wmp = &wg_main;
267 
268  wg_feature_init (wmp);
269 
271  if (reg == NULL)
272  return;
273 
275  .reg = reg,
276  .context = mp->context,
277  };
278 
280 }
281 
282 /* set tup the API message handling tables */
283 #include <wireguard/wireguard.api.c>
284 static clib_error_t *
286 {
287  wg_main_t *wmp = &wg_main;
289  return 0;
290 }
291 
293 
294 /*
295  * fd.io coding-style-patch-verification: ON
296  *
297  * Local Variables:
298  * eval: (c-set-style "gnu")
299  * End:
300  */
ip_address
Definition: ip_types.h:79
ip_addr_46
#define ip_addr_46(_a)
Definition: ip_types.h:90
VALIDATE_SW_IF_INDEX
#define VALIDATE_SW_IF_INDEX(mp)
Definition: api_helper_macros.h:281
vl_api_client_index_to_registration
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
Definition: api.h:79
wg_if_get
static_always_inline wg_if_t * wg_if_get(index_t wgii)
Definition: wireguard_if.h:68
api.h
ntohs
#define ntohs(x)
Definition: af_xdp.bpf.c:29
wg_if_t_::src_ip
ip_address_t src_ip
Definition: wireguard_if.h:37
wireguard_key.h
WALK_CONTINUE
@ WALK_CONTINUE
Definition: interface_funcs.h:174
wg_if_create
int wg_if_create(u32 user_instance, const u8 private_key[NOISE_PUBLIC_KEY_LEN], u16 port, const ip_address_t *src_ip, u32 *sw_if_indexp)
Definition: wireguard_if.c:239
REPLY_MACRO2
#define REPLY_MACRO2(t, body)
Definition: api_helper_macros.h:65
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:197
vl_api_wireguard_interface_delete_t_handler
static void vl_api_wireguard_interface_delete_t_handler(vl_api_wireguard_interface_delete_t *mp)
Definition: wireguard_api.c:74
vl_api_send_msg
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
Definition: api.h:35
private_key
u8 private_key[32]
Definition: wireguard.api:35
wg_deatils_walk_t
struct wg_deatils_walk_t_ wg_deatils_walk_t
wg_peer_remove
int wg_peer_remove(index_t peeri)
Definition: wireguard_peer.c:336
vl_api_wireguard_interface_dump_t_handler
static void vl_api_wireguard_interface_dump_t_handler(vl_api_wireguard_interface_dump_t *mp)
Definition: wireguard_api.c:132
vl_api_wireguard_interface_dump_t::show_private_key
bool show_private_key
Definition: wireguard.api:73
vl_api_wireguard_interface_dump_t::context
u32 context
Definition: wireguard.api:72
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
api.h
wireguard_if_send_details
static walk_rc_t wireguard_if_send_details(index_t wgii, void *data)
Definition: wireguard_api.c:101
wg_deatils_walk_t_::reg
vl_api_registration_t * reg
Definition: wireguard_api.c:95
vl_api_wireguard_interface_create_t_handler
static void vl_api_wireguard_interface_create_t_handler(vl_api_wireguard_interface_create_t *mp)
Definition: wireguard_api.c:37
vl_msg_api_alloc_zero
void * vl_msg_api_alloc_zero(int nbytes)
Definition: memory_shared.c:214
WIREGUARD_PEER_STATUS_DEAD
@ WIREGUARD_PEER_STATUS_DEAD
Definition: wireguard.api:85
noise_local::l_private
uint8_t l_private[NOISE_PUBLIC_KEY_LEN]
Definition: wireguard_noise.h:118
ip_prefix_encode
void ip_prefix_encode(const fib_prefix_t *in, vl_api_prefix_t *out)
Definition: ip_types_api.c:273
vl_api_wireguard_peers_dump_t_handler
static void vl_api_wireguard_peers_dump_t_handler(vl_api_wireguard_peers_dump_t *mp)
Definition: wireguard_api.c:263
vl_api_wireguard_interface_create_t
Create an Wireguard interface.
Definition: wireguard.api:43
wg_feature_init
void wg_feature_init(wg_main_t *wmp)
Definition: wireguard_timer.c:407
ip_address_encode2
void ip_address_encode2(const ip_address_t *in, vl_api_address_t *out)
Definition: ip_types_api.c:228
vl_api_wireguard_peers_details_t
Dump peers response.
Definition: wireguard.api:155
vl_api_wireguard_peers_dump_t::client_index
u32 client_index
Definition: wireguard.api:145
wg_if_t_::port
u16 port
Definition: wireguard_if.h:32
ip_addr_version
#define ip_addr_version(_a)
Definition: ip_types.h:93
wireguard_peer.h
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
vl_api_wireguard_interface_create_reply_t
Add Wireguard interface interface response.
Definition: wireguard.api:55
vl_api_wireguard_peers_details_t::context
u32 context
Definition: wireguard.api:156
wg_api_hookup
static clib_error_t * wg_api_hookup(vlib_main_t *vm)
Definition: wireguard_api.c:285
vl_api_registration_
An API client registration, only in vpp/vlib.
Definition: api_common.h:47
REPLY_MACRO
#define REPLY_MACRO(t)
Definition: api_helper_macros.h:30
setup_message_id_table
static void setup_message_id_table(api_main_t *am)
Definition: sr_mpls_api.c:174
vl_api_wireguard_interface_delete_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:66
index_t
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:43
peer
vl_api_address_t peer
Definition: teib.api:28
ip_prefix_decode
void ip_prefix_decode(const vl_api_prefix_t *in, fib_prefix_t *out)
Definition: ip_types_api.c:245
wg_peer
Definition: wireguard_peer.h:48
wg_peer_add
int wg_peer_add(u32 tun_sw_if_index, const u8 public_key[NOISE_PUBLIC_KEY_LEN], u32 table_id, const ip46_address_t *endpoint, const fib_prefix_t *allowed_ips, u16 port, u16 persistent_keepalive, u32 *peer_index)
Definition: wireguard_peer.c:273
vl_api_wireguard_interface_create_t::generate_key
bool generate_key
Definition: wireguard.api:47
vl_api_wireguard_peer_add_t::peer
vl_api_wireguard_peer_t peer
Definition: wireguard.api:119
vl_api_wireguard_interface_dump_t::client_index
u32 client_index
Definition: wireguard.api:71
wg_main
wg_main_t wg_main
Definition: wireguard.c:26
vec_validate
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment)
Definition: vec.h:523
wg_if_delete
int wg_if_delete(u32 sw_if_index)
Definition: wireguard_if.c:322
vl_api_wireguard_interface_details_t
Definition: wireguard.api:77
src
vl_api_address_t src
Definition: gre.api:54
wg_if_t_
Definition: wireguard_if.h:23
VLIB_API_INIT_FUNCTION
VLIB_API_INIT_FUNCTION(wg_api_hookup)
vl_api_wireguard_interface_details_t::interface
vl_api_wireguard_interface_t interface
Definition: wireguard.api:80
vl_api_wireguard_interface_create_t::interface
vl_api_wireguard_interface_t interface
Definition: wireguard.api:46
wg_if_walk
void wg_if_walk(wg_if_walk_cb_t fn, void *data)
Definition: wireguard_if.c:371
curve25519_gen_secret
bool curve25519_gen_secret(u8 secret_key[CURVE25519_KEY_SIZE])
Definition: wireguard_key.c:84
vl_api_wireguard_interface_delete_t
Definition: wireguard.api:62
ip_address_decode2
void ip_address_decode2(const vl_api_address_t *in, ip_address_t *out)
Definition: ip_types_api.c:178
BAD_SW_IF_INDEX_LABEL
#define BAD_SW_IF_INDEX_LABEL
Definition: api_helper_macros.h:289
data
u8 data[128]
Definition: ipsec_types.api:95
wg_main_t
Definition: wireguard.h:31
vec_free
#define vec_free(V)
Free vector's memory (no header).
Definition: vec.h:395
allowed_ips
vl_api_prefix_t allowed_ips[n_allowed_ips]
Definition: wireguard.api:107
wg_deatils_walk_t_::show_private_key
u8 show_private_key
Definition: wireguard_api.c:97
wg_main_t::msg_id_base
u16 msg_id_base
Definition: wireguard.h:36
format_fns.h
noise_local_get
static_always_inline noise_local_t * noise_local_get(uint32_t locali)
Definition: wireguard_noise.h:134
vl_api_wireguard_peer_add_reply_t
Definition: wireguard.api:121
noise_local
Definition: wireguard_noise.h:115
endpoint
vl_api_address_t endpoint
Definition: wireguard.api:103
vl_api_wireguard_peer_add_t_handler
static void vl_api_wireguard_peer_add_t_handler(vl_api_wireguard_peer_add_t *mp)
Definition: wireguard_api.c:154
NOISE_PUBLIC_KEY_LEN
#define NOISE_PUBLIC_KEY_LEN
Definition: wireguard_noise.h:26
wg_deatils_walk_t_::context
u32 context
Definition: wireguard_api.c:96
u32
unsigned int u32
Definition: types.h:88
FIB_PROTOCOL_IP6
@ FIB_PROTOCOL_IP6
Definition: fib_types.h:37
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
api_helper_macros.h
AF_IP6
@ AF_IP6
Definition: ip_types.h:24
vl_api_wireguard_peers_dump_t::context
u32 context
Definition: wireguard.api:146
vlib_main_t
Definition: main.h:102
ip_address_encode
void ip_address_encode(const ip46_address_t *in, ip46_type_t type, vl_api_address_t *out)
Definition: ip_types_api.c:206
u8
unsigned char u8
Definition: types.h:56
clib_error_t
Definition: clib_error.h:21
wireguard.h
vl_api_wireguard_peer_remove_t_handler
static void vl_api_wireguard_peer_remove_t_handler(vl_api_wireguard_peer_remove_t *mp)
Definition: wireguard_api.c:206
noise_local::l_public
uint8_t l_public[NOISE_PUBLIC_KEY_LEN]
Definition: wireguard_noise.h:117
vl_api_wireguard_peer_add_t
Create new peer.
Definition: wireguard.api:115
wg_peer_get
static wg_peer_t * wg_peer_get(index_t peeri)
Definition: wireguard_peer.h:125
vl_api_wireguard_interface_dump_t
Definition: wireguard.api:69
vl_api_wireguard_peer_remove_t
Remove peer by public_key.
Definition: wireguard.api:133
wg_deatils_walk_t_
Definition: wireguard_api.c:93
rv
int __clib_unused rv
Definition: application.c:491
IP46_TYPE_ANY
@ IP46_TYPE_ANY
Definition: ip46_address.h:24
wireguard_if.h
wg_if_t_::sw_if_index
u32 sw_if_index
Definition: wireguard_if.h:26
vnet.h
send_wg_peers_details
static walk_rc_t send_wg_peers_details(index_t peeri, void *data)
Definition: wireguard_api.c:222
INDEX_INVALID
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
Definition: dpo.h:49
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34
ip_types_api.h
walk_rc_t
enum walk_rc_t_ walk_rc_t
Walk return code.
wg_if_t_::local_idx
u32 local_idx
Definition: wireguard_if.h:30
vl_api_wireguard_peer_remove_t::peer_index
u32 peer_index
Definition: wireguard.api:137
fib_prefix_t_
Aggregate type for a prefix.
Definition: fib_types.h:202
vl_api_wireguard_peers_details_t::peer
vl_api_wireguard_peer_t peer
Definition: wireguard.api:157
vl_api_wireguard_interface_details_t::context
u32 context
Definition: wireguard.api:79
wg_peer_walk
index_t wg_peer_walk(wg_peer_walk_cb_t fn, void *data)
Definition: wireguard_peer.c:358
vl_api_wireguard_peer_add_reply_t::peer_index
u32 peer_index
Definition: wireguard.api:125
n_allowed_ips
u8 n_allowed_ips
Definition: wireguard.api:106
vl_api_wireguard_interface_create_reply_t::sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:59
vl_api_wireguard_peers_dump_t
Dump all peers.
Definition: wireguard.api:144