FD.io VPP  v21.10.1-2-g0a485f517
Vector Packet Processing
wireguard_input.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Doc.ai and/or its affiliates.
3  * Copyright (c) 2020 Cisco and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <vlib/vlib.h>
18 #include <vnet/vnet.h>
19 #include <vppinfra/error.h>
20 #include <wireguard/wireguard.h>
21 
23 #include <wireguard/wireguard_if.h>
24 
25 #define foreach_wg_input_error \
26  _ (NONE, "No error") \
27  _ (HANDSHAKE_MAC, "Invalid MAC handshake") \
28  _ (PEER, "Peer error") \
29  _ (INTERFACE, "Interface error") \
30  _ (DECRYPTION, "Failed during decryption") \
31  _ (KEEPALIVE_SEND, "Failed while sending Keepalive") \
32  _ (HANDSHAKE_SEND, "Failed while sending Handshake") \
33  _ (HANDSHAKE_RECEIVE, "Failed while receiving Handshake") \
34  _ (TOO_BIG, "Packet too big") \
35  _ (UNDEFINED, "Undefined error")
36 
37 typedef enum
38 {
39 #define _(sym,str) WG_INPUT_ERROR_##sym,
41 #undef _
44 
45 static char *wg_input_error_strings[] = {
46 #define _(sym,string) string,
48 #undef _
49 };
50 
51 typedef struct
52 {
58 
59 u8 *
60 format_wg_message_type (u8 * s, va_list * args)
61 {
62  message_type_t type = va_arg (*args, message_type_t);
63 
64  switch (type)
65  {
66 #define _(v,a) case MESSAGE_##v: return (format (s, "%s", a));
68 #undef _
69  }
70  return (format (s, "unknown"));
71 }
72 
73 /* packet trace format function */
74 static u8 *
75 format_wg_input_trace (u8 * s, va_list * args)
76 {
77  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
78  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
79 
80  wg_input_trace_t *t = va_arg (*args, wg_input_trace_t *);
81 
82  s = format (s, "WG input: \n");
83  s = format (s, " Type: %U\n", format_wg_message_type, t->type);
84  s = format (s, " peer: %d\n", t->peer);
85  s = format (s, " Length: %d\n", t->current_length);
86  s = format (s, " Keepalive: %s", t->is_keepalive ? "true" : "false");
87 
88  return s;
89 }
90 
91 typedef enum
92 {
100 
101 /* static void */
102 /* set_peer_address (wg_peer_t * peer, ip4_address_t ip4, u16 udp_port) */
103 /* { */
104 /* if (peer) */
105 /* { */
106 /* ip46_address_set_ip4 (&peer->dst.addr, &ip4); */
107 /* peer->dst.port = udp_port; */
108 /* } */
109 /* } */
110 
111 static wg_input_error_t
113 {
114  ASSERT (vm->thread_index == 0);
115 
116  enum cookie_mac_state mac_state;
117  bool packet_needs_cookie;
118  bool under_load;
119  wg_if_t *wg_if;
120  wg_peer_t *peer = NULL;
121 
122  void *current_b_data = vlib_buffer_get_current (b);
123 
124  udp_header_t *uhd = current_b_data - sizeof (udp_header_t);
125  ip4_header_t *iph =
126  current_b_data - sizeof (udp_header_t) - sizeof (ip4_header_t);
127  ip4_address_t ip4_src = iph->src_address;
128  u16 udp_src_port = clib_host_to_net_u16 (uhd->src_port);;
129  u16 udp_dst_port = clib_host_to_net_u16 (uhd->dst_port);;
130 
131  message_header_t *header = current_b_data;
132  under_load = false;
133 
135 
136  if (NULL == wg_if)
137  return WG_INPUT_ERROR_INTERFACE;
138 
139  if (PREDICT_FALSE (header->type == MESSAGE_HANDSHAKE_COOKIE))
140  {
142  (message_handshake_cookie_t *) current_b_data;
143  u32 *entry =
144  wg_index_table_lookup (&wmp->index_table, packet->receiver_index);
145  if (entry)
146  peer = wg_peer_get (*entry);
147  else
148  return WG_INPUT_ERROR_PEER;
149 
150  // TODO: Implement cookie_maker_consume_payload
151 
152  return WG_INPUT_ERROR_NONE;
153  }
154 
155  u32 len = (header->type == MESSAGE_HANDSHAKE_INITIATION ?
158 
159  message_macs_t *macs = (message_macs_t *)
160  ((u8 *) current_b_data + len - sizeof (*macs));
161 
162  mac_state =
164  current_b_data, len, under_load, ip4_src,
165  udp_src_port);
166 
167  if ((under_load && mac_state == VALID_MAC_WITH_COOKIE)
168  || (!under_load && mac_state == VALID_MAC_BUT_NO_COOKIE))
169  packet_needs_cookie = false;
170  else if (under_load && mac_state == VALID_MAC_BUT_NO_COOKIE)
171  packet_needs_cookie = true;
172  else
173  return WG_INPUT_ERROR_HANDSHAKE_MAC;
174 
175  switch (header->type)
176  {
177  case MESSAGE_HANDSHAKE_INITIATION:
178  {
179  message_handshake_initiation_t *message = current_b_data;
180 
181  if (packet_needs_cookie)
182  {
183  // TODO: Add processing
184  }
185  noise_remote_t *rp;
187  (vm, noise_local_get (wg_if->local_idx), &rp,
188  message->sender_index, message->unencrypted_ephemeral,
189  message->encrypted_static, message->encrypted_timestamp))
190  {
191  peer = wg_peer_get (rp->r_peer_idx);
192  }
193  else
194  {
195  return WG_INPUT_ERROR_PEER;
196  }
197 
198  // set_peer_address (peer, ip4_src, udp_src_port);
200  {
202  WG_INPUT_ERROR_HANDSHAKE_SEND, 1);
203  }
204  break;
205  }
206  case MESSAGE_HANDSHAKE_RESPONSE:
207  {
208  message_handshake_response_t *resp = current_b_data;
209  u32 *entry =
211 
212  if (PREDICT_TRUE (entry != NULL))
213  {
214  peer = wg_peer_get (*entry);
215  if (peer->is_dead)
216  return WG_INPUT_ERROR_PEER;
217  }
218  else
219  return WG_INPUT_ERROR_PEER;
220 
222  (vm, &peer->remote, resp->sender_index,
224  resp->encrypted_nothing))
225  {
226  return WG_INPUT_ERROR_PEER;
227  }
228  if (packet_needs_cookie)
229  {
230  // TODO: Add processing
231  }
232 
233  // set_peer_address (peer, ip4_src, udp_src_port);
234  if (noise_remote_begin_session (vm, &peer->remote))
235  {
236 
240  {
242  WG_INPUT_ERROR_KEEPALIVE_SEND,
243  1);
244  }
245  }
246  break;
247  }
248  default:
249  return WG_INPUT_ERROR_HANDSHAKE_RECEIVE;
250  }
251 
254  return WG_INPUT_ERROR_NONE;
255 }
256 
259  const ip4_address_t * ip4)
260 {
261  switch (p1->fp_proto)
262  {
263  case FIB_PROTOCOL_IP4:
265  &p1->fp_addr.ip4,
266  ip4, p1->fp_len) != 0);
267  case FIB_PROTOCOL_IP6:
268  return (false);
269  case FIB_PROTOCOL_MPLS:
270  break;
271  }
272  return (false);
273 }
274 
278 {
279  message_type_t header_type;
281  u32 *from;
285 
287  n_left_from = frame->n_vectors;
288  b = bufs;
289  next = nexts;
290 
292 
293  wg_main_t *wmp = &wg_main;
294  wg_peer_t *peer = NULL;
295 
296  while (n_left_from > 0)
297  {
298  bool is_keepalive = false;
300  header_type =
302  u32 *peer_idx;
303 
304  if (PREDICT_TRUE (header_type == MESSAGE_DATA))
305  {
307 
308  peer_idx = wg_index_table_lookup (&wmp->index_table,
309  data->receiver_index);
310 
311  if (peer_idx)
312  {
313  peer = wg_peer_get (*peer_idx);
314  }
315  else
316  {
318  b[0]->error = node->errors[WG_INPUT_ERROR_PEER];
319  goto out;
320  }
321 
322  if (PREDICT_FALSE (~0 == peer->input_thread_index))
323  {
324  /* this is the first packet to use this peer, claim the peer
325  * for this thread.
326  */
327  clib_atomic_cmp_and_swap (&peer->input_thread_index, ~0,
329  }
330 
331  if (PREDICT_TRUE (thread_index != peer->input_thread_index))
332  {
334  goto next;
335  }
336 
337  u16 encr_len = b[0]->current_length - sizeof (message_data_t);
338  u16 decr_len = encr_len - NOISE_AUTHTAG_LEN;
339  if (PREDICT_FALSE (decr_len >= WG_DEFAULT_DATA_SIZE))
340  {
341  b[0]->error = node->errors[WG_INPUT_ERROR_TOO_BIG];
342  goto out;
343  }
344 
345  u8 *decr_data = wmp->per_thread_data[thread_index].data;
346 
347  enum noise_state_crypt state_cr = noise_remote_decrypt (vm,
348  &peer->remote,
349  data->receiver_index,
350  data->counter,
351  data->encrypted_data,
352  encr_len,
353  decr_data);
354 
355  if (PREDICT_FALSE (state_cr == SC_CONN_RESET))
356  {
358  }
359  else if (PREDICT_FALSE (state_cr == SC_KEEP_KEY_FRESH))
360  {
361  wg_send_handshake_from_mt (*peer_idx, false);
362  }
363  else if (PREDICT_FALSE (state_cr == SC_FAILED))
364  {
366  b[0]->error = node->errors[WG_INPUT_ERROR_DECRYPTION];
367  goto out;
368  }
369 
370  clib_memcpy (vlib_buffer_get_current (b[0]), decr_data, decr_len);
371  b[0]->current_length = decr_len;
373  VNET_BUFFER_OFFLOAD_F_UDP_CKSUM);
374 
377 
378  /* Keepalive packet has zero length */
379  if (decr_len == 0)
380  {
381  is_keepalive = true;
382  goto out;
383  }
384 
386 
388 
389  const wg_peer_allowed_ip_t *allowed_ip;
390  bool allowed = false;
391 
392  /*
393  * we could make this into an ACL, but the expectation
394  * is that there aren't many allowed IPs and thus a linear
395  * walk is fater than an ACL
396  */
397  vec_foreach (allowed_ip, peer->allowed_ips)
398  {
399  if (fib_prefix_is_cover_addr_4 (&allowed_ip->prefix,
400  &iph->src_address))
401  {
402  allowed = true;
403  break;
404  }
405  }
406  if (allowed)
407  {
408  vnet_buffer (b[0])->sw_if_index[VLIB_RX] = peer->wg_sw_if_index;
410  }
411  }
412  else
413  {
414  peer_idx = NULL;
415 
416  /* Handshake packets should be processed in main thread */
417  if (thread_index != 0)
418  {
420  goto next;
421  }
422 
423  wg_input_error_t ret = wg_handshake_process (vm, wmp, b[0]);
424  if (ret != WG_INPUT_ERROR_NONE)
425  {
427  b[0]->error = node->errors[ret];
428  }
429  }
430 
431  out:
432  if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
433  && (b[0]->flags & VLIB_BUFFER_IS_TRACED)))
434  {
435  wg_input_trace_t *t = vlib_add_trace (vm, node, b[0], sizeof (*t));
436  t->type = header_type;
438  t->is_keepalive = is_keepalive;
439  t->peer = peer_idx ? *peer_idx : INDEX_INVALID;
440  }
441  next:
442  n_left_from -= 1;
443  next += 1;
444  b += 1;
445  }
447 
448  return frame->n_vectors;
449 }
450 
451 /* *INDENT-OFF* */
453 {
454  .name = "wg-input",
455  .vector_size = sizeof (u32),
456  .format_trace = format_wg_input_trace,
458  .n_errors = ARRAY_LEN (wg_input_error_strings),
459  .error_strings = wg_input_error_strings,
460  .n_next_nodes = WG_INPUT_N_NEXT,
461  /* edit / add dispositions here */
462  .next_nodes = {
463  [WG_INPUT_NEXT_HANDOFF_HANDSHAKE] = "wg-handshake-handoff",
464  [WG_INPUT_NEXT_HANDOFF_DATA] = "wg-input-data-handoff",
465  [WG_INPUT_NEXT_IP4_INPUT] = "ip4-input-no-checksum",
466  [WG_INPUT_NEXT_PUNT] = "error-punt",
467  [WG_INPUT_NEXT_ERROR] = "error-drop",
468  },
469 };
470 /* *INDENT-ON* */
471 
472 /*
473  * fd.io coding-style-patch-verification: ON
474  *
475  * Local Variables:
476  * eval: (c-set-style "gnu")
477  * End:
478  */
vlib.h
format_wg_message_type
u8 * format_wg_message_type(u8 *s, va_list *args)
Definition: wireguard_input.c:60
udp_src_port
u16 udp_src_port[default=4500]
Definition: ipsec_types.api:140
udp_header_t::src_port
u16 src_port
Definition: udp_packet.h:48
wg_timers_session_derived
void wg_timers_session_derived(wg_peer_t *peer)
Definition: wireguard_timer.c:229
thread_index
u32 thread_index
Definition: nat44_ei_hairpinning.c:495
WG_INPUT_NEXT_IP4_INPUT
@ WG_INPUT_NEXT_IP4_INPUT
Definition: wireguard_input.c:95
bufs
vlib_buffer_t * bufs[VLIB_FRAME_SIZE]
Definition: nat44_ei_out2in.c:717
frame
vlib_main_t vlib_node_runtime_t vlib_frame_t * frame
Definition: nat44_ei.c:3048
wg_send_handshake_from_mt
void wg_send_handshake_from_mt(u32 peer_idx, bool is_retry)
Definition: wireguard_send.c:143
udp_dst_port
u16 udp_dst_port[default=4500]
Definition: ipsec_types.api:141
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:197
ip4
vl_api_ip4_address_t ip4
Definition: one.api:376
ip4_main
ip4_main_t ip4_main
Global ip4 main structure.
Definition: ip4_forward.c:1104
message_handshake_response
Definition: wireguard_messages.h:67
WG_INPUT_N_ERROR
@ WG_INPUT_N_ERROR
Definition: wireguard_input.c:42
NOISE_AUTHTAG_LEN
#define NOISE_AUTHTAG_LEN
Definition: wireguard_noise.h:29
SC_KEEP_KEY_FRESH
@ SC_KEEP_KEY_FRESH
Definition: wireguard_noise.h:56
vlib_get_buffers
vlib_get_buffers(vm, from, b, n_left_from)
next
u16 * next
Definition: nat44_ei_out2in.c:718
VLIB_NODE_TYPE_INTERNAL
@ VLIB_NODE_TYPE_INTERNAL
Definition: node.h:72
message_header
Definition: wireguard_messages.h:52
VLIB_FRAME_SIZE
#define VLIB_FRAME_SIZE
Definition: node.h:368
wg_peer_assign_thread
static u32 wg_peer_assign_thread(u32 thread_id)
Definition: wireguard_peer.h:140
node
vlib_main_t vlib_node_runtime_t * node
Definition: nat44_ei.c:3047
WG_INPUT_N_NEXT
@ WG_INPUT_N_NEXT
Definition: wireguard_input.c:98
wg_main_t::index_table
wg_index_table_t index_table
Definition: wireguard.h:38
message_type_t
enum message_type message_type_t
u16
unsigned short u16
Definition: types.h:57
message_handshake_initiation
Definition: wireguard_messages.h:57
wg_input_error_t
wg_input_error_t
Definition: wireguard_input.c:37
fib_prefix_t_::fp_len
u16 fp_len
The mask length.
Definition: fib_types.h:206
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
VLIB_RX
@ VLIB_RX
Definition: defs.h:46
noise_consume_initiation
bool noise_consume_initiation(vlib_main_t *vm, noise_local_t *l, noise_remote_t **rp, uint32_t s_idx, uint8_t ue[NOISE_PUBLIC_KEY_LEN], uint8_t es[NOISE_PUBLIC_KEY_LEN+NOISE_AUTHTAG_LEN], uint8_t ets[NOISE_TIMESTAMP_LEN+NOISE_AUTHTAG_LEN])
Definition: wireguard_noise.c:170
packet
description malformed packet
Definition: map.api:445
SC_FAILED
@ SC_FAILED
Definition: wireguard_noise.h:57
vlib_buffer_enqueue_to_next
vlib_buffer_enqueue_to_next(vm, node, from,(u16 *) nexts, frame->n_vectors)
WG_INPUT_NEXT_ERROR
@ WG_INPUT_NEXT_ERROR
Definition: wireguard_input.c:97
vlib_frame_t
Definition: node.h:372
message_handshake_response::encrypted_nothing
u8 encrypted_nothing[noise_encrypted_len(0)]
Definition: wireguard_messages.h:73
message_data_t
struct message_data message_data_t
udp_header_t
Definition: udp_packet.h:45
ip4_header_t
Definition: ip4_packet.h:87
foreach_wg_message_type
@ foreach_wg_message_type
Definition: wireguard_messages.h:48
WG_INPUT_NEXT_HANDOFF_DATA
@ WG_INPUT_NEXT_HANDOFF_DATA
Definition: wireguard_input.c:94
wg_index_table_lookup
u32 * wg_index_table_lookup(const wg_index_table_t *table, u32 key)
Definition: wireguard_index_table.c:48
vlib_buffer_t::error
vlib_error_t error
Error code for buffers to be enqueued to error handler.
Definition: buffer.h:145
len
u8 len
Definition: ip_types.api:103
error.h
VLIB_NODE_FN
#define VLIB_NODE_FN(node)
Definition: node.h:202
wg_if_t_::cookie_checker
cookie_checker_t cookie_checker
Definition: wireguard_if.h:31
CLIB_UNUSED
#define CLIB_UNUSED(x)
Definition: clib.h:90
wg_input_trace_t::type
message_type_t type
Definition: wireguard_input.c:53
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:441
fib_prefix_is_cover_addr_4
static_always_inline bool fib_prefix_is_cover_addr_4(const fib_prefix_t *p1, const ip4_address_t *ip4)
Definition: wireguard_input.c:258
VLIB_NODE_FLAG_TRACE
#define VLIB_NODE_FLAG_TRACE
Definition: node.h:291
wg_main_t::per_thread_data
wg_per_thread_data_t * per_thread_data
Definition: wireguard.h:43
wg_timers_any_authenticated_packet_received
void wg_timers_any_authenticated_packet_received(wg_peer_t *peer)
Definition: wireguard_timer.c:273
vnet_buffer_offload_flags_clear
static_always_inline void vnet_buffer_offload_flags_clear(vlib_buffer_t *b, vnet_buffer_oflags_t oflags)
Definition: buffer.h:544
wg_timers_data_received
void wg_timers_data_received(wg_peer_t *peer)
Definition: wireguard_timer.c:251
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:124
ARRAY_LEN
#define ARRAY_LEN(x)
Definition: clib.h:70
vlib_frame_vector_args
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:301
index_t
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:43
static_always_inline
#define static_always_inline
Definition: clib.h:112
peer
vl_api_address_t peer
Definition: teib.api:28
message_handshake_initiation::unencrypted_ephemeral
u8 unencrypted_ephemeral[NOISE_PUBLIC_KEY_LEN]
Definition: wireguard_messages.h:61
noise_remote
Definition: wireguard_noise.h:99
wg_peer
Definition: wireguard_peer.h:48
cookie_macs
Definition: wireguard_cookie.h:56
vlib_main_t::thread_index
u32 thread_index
Definition: main.h:215
wg_input_trace_t::current_length
u16 current_length
Definition: wireguard_input.c:54
vlib_node_increment_counter
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
Definition: node_funcs.h:1244
wg_send_handshake_response
bool wg_send_handshake_response(vlib_main_t *vm, wg_peer_t *peer)
Definition: wireguard_send.c:206
noise_state_crypt
noise_state_crypt
Definition: wireguard_noise.h:52
wg_main
wg_main_t wg_main
Definition: wireguard.c:26
SC_CONN_RESET
@ SC_CONN_RESET
Definition: wireguard_noise.h:55
wg_if_t_
Definition: wireguard_if.h:23
WG_INPUT_NEXT_HANDOFF_HANDSHAKE
@ WG_INPUT_NEXT_HANDOFF_HANDSHAKE
Definition: wireguard_input.c:93
ip4_address_t
Definition: ip4_packet.h:50
FIB_PROTOCOL_IP4
@ FIB_PROTOCOL_IP4
Definition: fib_types.h:36
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
noise_remote_decrypt
enum noise_state_crypt noise_remote_decrypt(vlib_main_t *vm, noise_remote_t *r, uint32_t r_idx, uint64_t nonce, uint8_t *src, size_t srclen, uint8_t *dst)
Definition: wireguard_noise.c:597
vlib_buffer_t::current_length
u16 current_length
Nbytes between current data and the end of this buffer.
Definition: buffer.h:122
fib_prefix_t_::fp_addr
ip46_address_t fp_addr
The address type is not deriveable from the fp_addr member.
Definition: fib_types.h:225
WG_INPUT_NEXT_PUNT
@ WG_INPUT_NEXT_PUNT
Definition: wireguard_input.c:96
wg_input_node
vlib_node_registration_t wg_input_node
(constructor) VLIB_REGISTER_NODE (wg_input_node)
Definition: wireguard_input.c:452
wireguard_send.h
data
u8 data[128]
Definition: ipsec_types.api:95
ip4_destination_matches_route
static uword ip4_destination_matches_route(const ip4_main_t *im, const ip4_address_t *key, const ip4_address_t *dest, uword dest_length)
Definition: ip4.h:187
message_handshake_response::sender_index
u32 sender_index
Definition: wireguard_messages.h:70
wg_main_t
Definition: wireguard.h:31
message_handshake_initiation::sender_index
u32 sender_index
Definition: wireguard_messages.h:60
ip4_header_t::src_address
ip4_address_t src_address
Definition: ip4_packet.h:125
message_handshake_initiation::encrypted_static
u8 encrypted_static[noise_encrypted_len(NOISE_PUBLIC_KEY_LEN)]
Definition: wireguard_messages.h:62
message_handshake_response::unencrypted_ephemeral
u8 unencrypted_ephemeral[NOISE_PUBLIC_KEY_LEN]
Definition: wireguard_messages.h:72
noise_local_get
static_always_inline noise_local_t * noise_local_get(uint32_t locali)
Definition: wireguard_noise.h:134
wg_send_keepalive
bool wg_send_keepalive(vlib_main_t *vm, wg_peer_t *peer)
Definition: wireguard_send.c:155
format
description fragment has unexpected format
Definition: map.api:433
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
format_wg_input_trace
static u8 * format_wg_input_trace(u8 *s, va_list *args)
Definition: wireguard_input.c:75
FIB_PROTOCOL_MPLS
@ FIB_PROTOCOL_MPLS
Definition: fib_types.h:38
u32
unsigned int u32
Definition: types.h:88
udp_header_t::dst_port
u16 dst_port
Definition: udp_packet.h:48
clib_atomic_cmp_and_swap
#define clib_atomic_cmp_and_swap(addr, old, new)
Definition: atomics.h:37
foreach_wg_input_error
#define foreach_wg_input_error
Definition: wireguard_input.c:25
FIB_PROTOCOL_IP6
@ FIB_PROTOCOL_IP6
Definition: fib_types.h:37
message_handshake_initiation_t
struct message_handshake_initiation message_handshake_initiation_t
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:213
noise_consume_response
bool noise_consume_response(vlib_main_t *vm, noise_remote_t *r, uint32_t s_idx, uint32_t r_idx, uint8_t ue[NOISE_PUBLIC_KEY_LEN], uint8_t en[0+NOISE_AUTHTAG_LEN])
Definition: wireguard_noise.c:307
wg_input_trace_t::is_keepalive
bool is_keepalive
Definition: wireguard_input.c:55
noise_remote::r_peer_idx
uint32_t r_peer_idx
Definition: wireguard_noise.h:101
fib_prefix_t_::fp_proto
fib_protocol_t fp_proto
protocol type
Definition: fib_types.h:211
wg_input_trace_t::peer
index_t peer
Definition: wireguard_input.c:56
vlib_main_t
Definition: main.h:102
vlib_node_t
Definition: node.h:247
wg_per_thread_data_t_::data
u8 data[WG_DEFAULT_DATA_SIZE]
Definition: wireguard.h:29
vlib_add_trace
void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace.c:628
WG_DEFAULT_DATA_SIZE
#define WG_DEFAULT_DATA_SIZE
Definition: wireguard.h:22
b
vlib_buffer_t ** b
Definition: nat44_ei_out2in.c:717
u8
unsigned char u8
Definition: types.h:56
wireguard.h
vlib_buffer_get_current
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:257
wg_peer_get
static wg_peer_t * wg_peer_get(index_t peeri)
Definition: wireguard_peer.h:125
message_data
Definition: wireguard_messages.h:85
nexts
u16 nexts[VLIB_FRAME_SIZE]
Definition: nat44_ei_out2in.c:718
wg_input_trace_t
Definition: wireguard_input.c:51
message_handshake_initiation::encrypted_timestamp
u8 encrypted_timestamp[noise_encrypted_len(NOISE_TIMESTAMP_LEN)]
Definition: wireguard_messages.h:63
wireguard_if.h
wg_input_next_t
wg_input_next_t
Definition: wireguard_input.c:91
vnet.h
vlib_node_runtime_t
Definition: node.h:454
wg_handshake_process
static wg_input_error_t wg_handshake_process(vlib_main_t *vm, wg_main_t *wmp, vlib_buffer_t *b)
Definition: wireguard_input.c:112
wg_input_error_strings
static char * wg_input_error_strings[]
Definition: wireguard_input.c:45
from
from
Definition: nat44_ei_hairpinning.c:415
INDEX_INVALID
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
Definition: dpo.h:49
PREDICT_TRUE
#define PREDICT_TRUE(x)
Definition: clib.h:125
wg_timers_handshake_complete
void wg_timers_handshake_complete(wg_peer_t *peer)
Definition: wireguard_timer.c:266
noise_remote_begin_session
bool noise_remote_begin_session(vlib_main_t *vm, noise_remote_t *r)
Definition: wireguard_noise.c:368
wg_peer_allowed_ip_t_::prefix
fib_prefix_t prefix
Definition: wireguard_peer.h:38
wg_peer_allowed_ip_t_
Definition: wireguard_peer.h:36
wg_if_t_::local_idx
u32 local_idx
Definition: wireguard_if.h:30
n_left_from
n_left_from
Definition: nat44_ei_hairpinning.c:416
fib_prefix_t_
Aggregate type for a prefix.
Definition: fib_types.h:202
type
vl_api_fib_path_type_t type
Definition: fib_types.api:123
message_header::type
message_type_t type
Definition: wireguard_messages.h:54
wg_if_get_by_port
static_always_inline wg_if_t * wg_if_get_by_port(u16 port)
Definition: wireguard_if.h:78
message_handshake_response::receiver_index
u32 receiver_index
Definition: wireguard_messages.h:71
vlib_buffer_t::flags
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index,...
Definition: buffer.h:133
vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:111
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169
wg_timers_any_authenticated_packet_traversal
void wg_timers_any_authenticated_packet_traversal(wg_peer_t *peer)
Definition: wireguard_timer.c:201