Lines Matching defs:peer
400 struct wg_peer *peer;
408 if ((peer = pool_get(&wg_peer_pool, PR_NOWAIT)) == NULL)
411 peer->p_id = peer_counter++;
412 peer->p_sc = sc;
414 noise_remote_init(&peer->p_remote, public, &sc->sc_local);
415 cookie_maker_init(&peer->p_cookie, public);
416 wg_timers_init(&peer->p_timers);
418 mtx_init(&peer->p_counters_mtx, IPL_NET);
419 peer->p_counters_tx = 0;
420 peer->p_counters_rx = 0;
422 strlcpy(peer->p_description, "", IFDESCRSIZE);
424 mtx_init(&peer->p_endpoint_mtx, IPL_NET);
425 bzero(&peer->p_endpoint, sizeof(peer->p_endpoint));
427 task_set(&peer->p_send_initiation, wg_send_initiation, peer);
428 task_set(&peer->p_send_keepalive, wg_send_keepalive, peer);
429 task_set(&peer->p_clear_secrets, wg_peer_clear_secrets, peer);
430 task_set(&peer->p_deliver_out, wg_deliver_out, peer);
431 task_set(&peer->p_deliver_in, wg_deliver_in, peer);
433 mq_init(&peer->p_stage_queue, MAX_STAGED_PKT, IPL_NET);
434 mtx_init(&peer->p_encap_queue.q_mtx, IPL_NET);
435 ml_init(&peer->p_encap_queue.q_list);
436 mtx_init(&peer->p_decap_queue.q_mtx, IPL_NET);
437 ml_init(&peer->p_decap_queue.q_list);
439 SLIST_INIT(&peer->p_unused_index);
440 SLIST_INSERT_HEAD(&peer->p_unused_index, &peer->p_index[0],
442 SLIST_INSERT_HEAD(&peer->p_unused_index, &peer->p_index[1],
444 SLIST_INSERT_HEAD(&peer->p_unused_index, &peer->p_index[2],
447 LIST_INIT(&peer->p_aip);
449 peer->p_start_onlist = 0;
455 LIST_INSERT_HEAD(&sc->sc_peer[idx], peer, p_pubkey_entry);
456 TAILQ_INSERT_TAIL(&sc->sc_peer_seq, peer, p_seq_entry);
460 WGPRINTF(LOG_INFO, sc, NULL, "Peer %llu created\n", peer->p_id);
461 return peer;
468 struct wg_peer *peer;
475 LIST_FOREACH(peer, &sc->sc_peer[idx], p_pubkey_entry) {
476 noise_remote_keys(&peer->p_remote, peer_key, NULL);
480 peer = NULL;
483 return peer;
487 wg_peer_destroy(struct wg_peer *peer)
489 struct wg_softc *sc = peer->p_sc;
495 * Remove peer from the pubkey hashtable and disable all timeouts.
500 LIST_REMOVE(peer, p_pubkey_entry);
501 TAILQ_REMOVE(&sc->sc_peer_seq, peer, p_seq_entry);
505 wg_timers_disable(&peer->p_timers);
511 * peer. Then drop all the indexes to drop all incoming packets to the
512 * peer. Then we can flush if_snd, wg_crypt_taskq and then nettq to
513 * ensure no more references to the peer exist.
515 LIST_FOREACH_SAFE(aip, &peer->p_aip, a_entry, taip)
516 wg_aip_remove(sc, peer, &aip->a_data);
518 noise_remote_clear(&peer->p_remote);
539 if (!mq_empty(&peer->p_stage_queue))
540 mq_purge(&peer->p_stage_queue);
542 WGPRINTF(LOG_INFO, sc, NULL, "Peer %llu destroyed\n", peer->p_id);
543 explicit_bzero(peer, sizeof(*peer));
544 pool_put(&wg_peer_pool, peer);
548 wg_peer_set_endpoint_from_tag(struct wg_peer *peer, struct wg_tag *t)
550 if (memcmp(&t->t_endpoint, &peer->p_endpoint,
554 mtx_enter(&peer->p_endpoint_mtx);
555 peer->p_endpoint = t->t_endpoint;
556 mtx_leave(&peer->p_endpoint_mtx);
560 wg_peer_set_sockaddr(struct wg_peer *peer, struct sockaddr *remote)
562 mtx_enter(&peer->p_endpoint_mtx);
563 memcpy(&peer->p_endpoint.e_remote, remote,
564 sizeof(peer->p_endpoint.e_remote));
565 bzero(&peer->p_endpoint.e_local, sizeof(peer->p_endpoint.e_local));
566 mtx_leave(&peer->p_endpoint_mtx);
570 wg_peer_get_sockaddr(struct wg_peer *peer, struct sockaddr *remote)
574 mtx_enter(&peer->p_endpoint_mtx);
575 if (peer->p_endpoint.e_remote.r_sa.sa_family != AF_UNSPEC)
576 memcpy(remote, &peer->p_endpoint.e_remote,
577 sizeof(peer->p_endpoint.e_remote));
580 mtx_leave(&peer->p_endpoint_mtx);
585 wg_peer_clear_src(struct wg_peer *peer)
587 mtx_enter(&peer->p_endpoint_mtx);
588 bzero(&peer->p_endpoint.e_local, sizeof(peer->p_endpoint.e_local));
589 mtx_leave(&peer->p_endpoint_mtx);
593 wg_peer_get_endpoint(struct wg_peer *peer, struct wg_endpoint *endpoint)
595 mtx_enter(&peer->p_endpoint_mtx);
596 memcpy(endpoint, &peer->p_endpoint, sizeof(*endpoint));
597 mtx_leave(&peer->p_endpoint_mtx);
601 wg_peer_counters_add(struct wg_peer *peer, uint64_t tx, uint64_t rx)
603 mtx_enter(&peer->p_counters_mtx);
604 peer->p_counters_tx += tx;
605 peer->p_counters_rx += rx;
606 mtx_leave(&peer->p_counters_mtx);
610 wg_aip_add(struct wg_softc *sc, struct wg_peer *peer, struct wg_aip_io *d)
632 aip->a_peer = peer;
634 LIST_INSERT_HEAD(&peer->p_aip, aip, a_entry);
639 if (aip->a_peer != peer) {
641 LIST_INSERT_HEAD(&peer->p_aip, aip, a_entry);
642 aip->a_peer = peer;
662 wg_aip_remove(struct wg_softc *sc, struct wg_peer *peer, struct wg_aip_io *d)
681 } else if (((struct wg_aip *) node)->a_peer != peer) {
1145 struct wg_peer *peer = CONTAINER_OF(t, struct wg_peer, p_timers);
1149 task_add(wg_handshake_taskq, &peer->p_send_initiation);
1156 struct wg_peer *peer = CONTAINER_OF(t, struct wg_peer, p_timers);
1164 WGPRINTF(LOG_INFO, peer->p_sc, &peer->p_endpoint_mtx,
1165 "Handshake for peer %llu (%s) did not complete after %d "
1166 "seconds, retrying (try %d)\n", peer->p_id,
1167 sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa, ipaddr,
1170 wg_peer_clear_src(peer);
1175 WGPRINTF(LOG_INFO, peer->p_sc, &peer->p_endpoint_mtx,
1176 "Handshake for peer %llu (%s) did not complete after %d "
1177 "retries, giving up\n", peer->p_id,
1178 sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa, ipaddr,
1182 mq_purge(&peer->p_stage_queue);
1193 struct wg_peer *peer = CONTAINER_OF(t, struct wg_peer, p_timers);
1195 task_add(wg_crypt_taskq, &peer->p_send_keepalive);
1206 struct wg_peer *peer = CONTAINER_OF(t, struct wg_peer, p_timers);
1209 WGPRINTF(LOG_INFO, peer->p_sc, &peer->p_endpoint_mtx,
1210 "Retrying handshake with peer %llu (%s) because we "
1211 "stopped hearing back after %d seconds\n", peer->p_id,
1212 sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa, ipaddr,
1214 wg_peer_clear_src(peer);
1223 struct wg_peer *peer = CONTAINER_OF(t, struct wg_peer, p_timers);
1226 WGPRINTF(LOG_INFO, peer->p_sc, &peer->p_endpoint_mtx, "Zeroing out "
1227 "keys for peer %llu (%s)\n", peer->p_id,
1228 sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa, ipaddr,
1230 task_add(wg_handshake_taskq, &peer->p_clear_secrets);
1237 struct wg_peer *peer = CONTAINER_OF(t, struct wg_peer, p_timers);
1239 task_add(wg_crypt_taskq, &peer->p_send_keepalive);
1244 wg_peer_send_buf(struct wg_peer *peer, uint8_t *buf, size_t len)
1248 wg_peer_counters_add(peer, len, 0);
1249 wg_timers_event_any_authenticated_packet_traversal(&peer->p_timers);
1250 wg_timers_event_any_authenticated_packet_sent(&peer->p_timers);
1251 wg_peer_get_endpoint(peer, &endpoint);
1252 wg_send_buf(peer->p_sc, &endpoint, buf, len);
1258 struct wg_peer *peer = _peer;
1262 if (wg_timers_check_handshake_last_sent(&peer->p_timers) != ETIMEDOUT)
1265 WGPRINTF(LOG_INFO, peer->p_sc, &peer->p_endpoint_mtx, "Sending "
1266 "handshake initiation to peer %llu (%s)\n", peer->p_id,
1267 sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa, ipaddr,
1270 if (noise_create_initiation(&peer->p_remote, &pkt.s_idx, pkt.ue, pkt.es,
1274 cookie_maker_mac(&peer->p_cookie, &pkt.m, &pkt,
1276 wg_peer_send_buf(peer, (uint8_t *)&pkt, sizeof(pkt));
1277 wg_timers_event_handshake_initiated(&peer->p_timers);
1281 wg_send_response(struct wg_peer *peer)
1286 WGPRINTF(LOG_INFO, peer->p_sc, &peer->p_endpoint_mtx, "Sending "
1287 "handshake response to peer %llu (%s)\n", peer->p_id,
1288 sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa, ipaddr,
1291 if (noise_create_response(&peer->p_remote, &pkt.s_idx, &pkt.r_idx,
1294 if (noise_remote_begin_session(&peer->p_remote) != 0)
1296 wg_timers_event_session_derived(&peer->p_timers);
1298 cookie_maker_mac(&peer->p_cookie, &pkt.m, &pkt,
1300 wg_timers_event_handshake_responded(&peer->p_timers);
1301 wg_peer_send_buf(peer, (uint8_t *)&pkt, sizeof(pkt));
1325 struct wg_peer *peer = _peer;
1326 struct wg_softc *sc = peer->p_sc;
1330 if (!mq_empty(&peer->p_stage_queue))
1341 t->t_peer = peer;
1346 mq_push(&peer->p_stage_queue, m);
1348 if (noise_remote_ready(&peer->p_remote) == 0) {
1349 wg_queue_out(sc, peer);
1352 wg_timers_event_want_initiation(&peer->p_timers);
1359 struct wg_peer *peer = _peer;
1360 noise_remote_clear(&peer->p_remote);
1370 struct wg_peer *peer;
1425 peer = CONTAINER_OF(remote, struct wg_peer, p_remote);
1428 "from peer %llu (%s)\n", peer->p_id,
1432 wg_peer_counters_add(peer, 0, sizeof(*init));
1433 wg_peer_set_endpoint_from_tag(peer, t);
1434 wg_send_response(peer);
1471 peer = CONTAINER_OF(remote, struct wg_peer, p_remote);
1483 "from peer %llu (%s)\n", peer->p_id,
1487 wg_peer_counters_add(peer, 0, sizeof(*resp));
1488 wg_peer_set_endpoint_from_tag(peer, t);
1489 if (noise_remote_begin_session(&peer->p_remote) == 0) {
1490 wg_timers_event_session_derived(&peer->p_timers);
1491 wg_timers_event_handshake_complete(&peer->p_timers);
1505 peer = CONTAINER_OF(remote, struct wg_peer, p_remote);
1507 if (cookie_maker_consume_payload(&peer->p_cookie,
1525 wg_timers_event_any_authenticated_packet_received(&peer->p_timers);
1526 wg_timers_event_any_authenticated_packet_traversal(&peer->p_timers);
1568 struct wg_peer *peer;
1576 peer = t->t_peer;
1611 res = noise_remote_encrypt(&peer->p_remote, &data->r_idx, &nonce,
1620 wg_timers_event_want_initiation(&peer->p_timers);
1627 WGPRINTF(LOG_DEBUG, sc, &peer->p_endpoint_mtx, "Sending "
1628 "keepalive packet to peer %llu (%s)\n", peer->p_id,
1629 sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa, ipaddr,
1642 wg_peer_counters_add(peer, mc->m_pkthdr.len, 0);
1647 task_add(net_tq(sc->sc_if.if_index), &peer->p_deliver_out);
1657 struct wg_peer *peer, *allowed_peer;
1664 peer = t->t_peer;
1678 res = noise_remote_decrypt(&peer->p_remote, data->r_idx, nonce,
1684 wg_timers_event_handshake_complete(&peer->p_timers);
1686 wg_timers_event_want_initiation(&peer->p_timers);
1691 wg_peer_set_endpoint_from_tag(peer, t);
1693 wg_peer_counters_add(peer, 0, m->m_pkthdr.len);
1703 WGPRINTF(LOG_DEBUG, sc, &peer->p_endpoint_mtx, "Receiving "
1704 "keepalive packet from peer %llu (%s)\n", peer->p_id,
1705 sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa,
1744 WGPRINTF(LOG_WARNING, sc, &peer->p_endpoint_mtx, "Packet "
1745 "is neither IPv4 nor IPv6 from peer %llu (%s)\n",
1746 peer->p_id, sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa,
1751 if (__predict_false(peer != allowed_peer)) {
1752 WGPRINTF(LOG_WARNING, sc, &peer->p_endpoint_mtx, "Packet "
1753 "has unallowed source IP from peer %llu (%s)\n",
1754 peer->p_id, sockaddr_ntop(&peer->p_endpoint.e_remote.r_sa,
1773 task_add(net_tq(sc->sc_if.if_index), &peer->p_deliver_in);
1797 struct wg_peer *peer = _peer;
1798 struct wg_softc *sc = peer->p_sc;
1804 wg_peer_get_endpoint(peer, &endpoint);
1806 while ((m = wg_queue_dequeue(&peer->p_encap_queue, &t)) != NULL) {
1818 &peer->p_timers);
1820 &peer->p_timers);
1823 wg_timers_event_data_sent(&peer->p_timers);
1825 wg_peer_clear_src(peer);
1826 wg_peer_get_endpoint(peer, &endpoint);
1836 struct wg_peer *peer = _peer;
1837 struct wg_softc *sc = peer->p_sc;
1841 while ((m = wg_queue_dequeue(&peer->p_decap_queue, &t)) != NULL) {
1853 &peer->p_timers);
1855 &peer->p_timers);
1879 wg_timers_event_data_received(&peer->p_timers);
1884 wg_queue_in(struct wg_softc *sc, struct wg_peer *peer, struct mbuf *m)
1887 struct wg_queue *serial = &peer->p_decap_queue;
1916 wg_queue_out(struct wg_softc *sc, struct wg_peer *peer)
1919 struct wg_queue *serial = &peer->p_encap_queue;
1930 mq_delist(&peer->p_stage_queue, &ml);
1999 struct wg_peer *peer;
2001 if ((peer = wg_peer_lookup(sc, public)) == NULL)
2003 return &peer->p_remote;
2009 struct wg_peer *peer;
2018 peer = CONTAINER_OF(remote, struct wg_peer, p_remote);
2019 index = SLIST_FIRST(&peer->p_unused_index);
2021 SLIST_REMOVE_HEAD(&peer->p_unused_index, i_unused_entry);
2064 struct wg_peer *peer = NULL;
2075 /* We expect a peer */
2076 peer = CONTAINER_OF(iter->i_value, struct wg_peer, p_remote);
2077 KASSERT(peer != NULL);
2078 SLIST_INSERT_HEAD(&peer->p_unused_index, iter, i_unused_entry);
2176 struct wg_peer *peer;
2190 peer = t->t_peer;
2191 if (mq_push(&peer->p_stage_queue, m) != 0)
2193 if (!peer->p_start_onlist) {
2194 SLIST_INSERT_HEAD(&start_list, peer, p_start_list);
2195 peer->p_start_onlist = 1;
2198 SLIST_FOREACH(peer, &start_list, p_start_list) {
2199 if (noise_remote_ready(&peer->p_remote) == 0)
2200 wg_queue_out(sc, peer);
2202 wg_timers_event_want_initiation(&peer->p_timers);
2203 peer->p_start_onlist = 0;
2213 struct wg_peer *peer;
2226 peer = wg_aip_lookup(sc->sc_aip4,
2230 peer = wg_aip_lookup(sc->sc_aip6,
2244 if (peer == NULL) {
2249 af = peer->p_endpoint.e_remote.r_sa.sa_family;
2252 "configured or discovered for peer %llu\n", peer->p_id);
2264 * As we hold a reference to peer in the mbuf, we can't handle a
2265 * delayed packet without doing some refcnting. If a peer is removed
2276 t->t_peer = peer;
2300 struct wg_peer *peer, *tpeer;
2320 TAILQ_FOREACH_SAFE(peer, &sc->sc_peer_seq, p_seq_entry, tpeer)
2321 wg_peer_destroy(peer);
2327 if ((peer = wg_peer_lookup(sc, public)) != NULL)
2328 wg_peer_destroy(peer);
2333 TAILQ_FOREACH(peer, &sc->sc_peer_seq, p_seq_entry) {
2334 noise_remote_precompute(&peer->p_remote);
2335 wg_timers_event_reset_handshake_last_sent(&peer->p_timers);
2336 noise_remote_expire_current(&peer->p_remote);
2354 TAILQ_FOREACH(peer, &sc->sc_peer_seq, p_seq_entry)
2355 wg_peer_clear_src(peer);
2382 /* Get local public and check that peer key doesn't match */
2387 /* Lookup peer, or create if it doesn't exist */
2388 if ((peer = wg_peer_lookup(sc, peer_o.p_public)) == NULL) {
2395 if ((peer = wg_peer_create(sc,
2402 /* Remove peer and continue if specified */
2404 wg_peer_destroy(peer);
2409 wg_peer_set_sockaddr(peer, &peer_o.p_sa);
2412 noise_remote_set_psk(&peer->p_remote, peer_o.p_psk);
2415 wg_timers_set_persistent_keepalive(&peer->p_timers,
2419 LIST_FOREACH_SAFE(aip, &peer->p_aip, a_entry, taip) {
2420 wg_aip_remove(sc, peer, &aip->a_data);
2425 strlcpy(peer->p_description, peer_o.p_description,
2432 ret = wg_aip_add(sc, peer, &aip_o);
2463 struct wg_peer *peer;
2504 TAILQ_FOREACH(peer, &sc->sc_peer_seq, p_seq_entry) {
2509 if (noise_remote_keys(&peer->p_remote, peer_o.p_public,
2513 if (wg_timers_get_persistent_keepalive(&peer->p_timers,
2517 if (wg_peer_get_sockaddr(peer, &peer_o.p_sa) == 0)
2520 mtx_enter(&peer->p_counters_mtx);
2521 peer_o.p_txbytes = peer->p_counters_tx;
2522 peer_o.p_rxbytes = peer->p_counters_rx;
2523 mtx_leave(&peer->p_counters_mtx);
2525 wg_timers_get_last_handshake(&peer->p_timers,
2530 LIST_FOREACH(aip, &peer->p_aip, a_entry) {
2538 strlcpy(peer_o.p_description, peer->p_description, IFDESCRSIZE);
2607 struct wg_peer *peer;
2624 * for the peer. This will send all staged packets and a
2629 TAILQ_FOREACH(peer, &sc->sc_peer_seq, p_seq_entry) {
2630 wg_timers_enable(&peer->p_timers);
2631 wg_queue_out(sc, peer);
2646 struct wg_peer *peer;
2659 TAILQ_FOREACH(peer, &sc->sc_peer_seq, p_seq_entry) {
2660 mq_purge(&peer->p_stage_queue);
2661 wg_timers_disable(&peer->p_timers);
2665 TAILQ_FOREACH(peer, &sc->sc_peer_seq, p_seq_entry) {
2666 noise_remote_clear(&peer->p_remote);
2667 wg_timers_event_reset_handshake_last_sent(&peer->p_timers);
2806 struct wg_peer *peer, *tpeer;
2811 TAILQ_FOREACH_SAFE(peer, &sc->sc_peer_seq, p_seq_entry, tpeer)
2812 wg_peer_destroy(peer);