| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: if_wg.c,v 1.31 2020/08/27 19:21:14 tih Exp $ */ | | 1 | /* $NetBSD: if_wg.c,v 1.32 2020/08/28 07:03:08 riastradh Exp $ */ |
| 2 | | | 2 | |
| 3 | /* | | 3 | /* |
| 4 | * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com> | | 4 | * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com> |
| 5 | * All rights reserved. | | 5 | * All rights reserved. |
| 6 | * | | 6 | * |
| 7 | * Redistribution and use in source and binary forms, with or without | | 7 | * Redistribution and use in source and binary forms, with or without |
| 8 | * modification, are permitted provided that the following conditions | | 8 | * modification, are permitted provided that the following conditions |
| 9 | * are met: | | 9 | * are met: |
| 10 | * 1. Redistributions of source code must retain the above copyright | | 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. | | 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the | | 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. | | 14 | * documentation and/or other materials provided with the distribution. |
| @@ -31,92 +31,93 @@ | | | @@ -31,92 +31,93 @@ |
| 31 | | | 31 | |
| 32 | /* | | 32 | /* |
| 33 | * This network interface aims to implement the WireGuard protocol. | | 33 | * This network interface aims to implement the WireGuard protocol. |
| 34 | * The implementation is based on the paper of WireGuard as of | | 34 | * The implementation is based on the paper of WireGuard as of |
| 35 | * 2018-06-30 [1]. The paper is referred in the source code with label | | 35 | * 2018-06-30 [1]. The paper is referred in the source code with label |
| 36 | * [W]. Also the specification of the Noise protocol framework as of | | 36 | * [W]. Also the specification of the Noise protocol framework as of |
| 37 | * 2018-07-11 [2] is referred with label [N]. | | 37 | * 2018-07-11 [2] is referred with label [N]. |
| 38 | * | | 38 | * |
| 39 | * [1] https://www.wireguard.com/papers/wireguard.pdf | | 39 | * [1] https://www.wireguard.com/papers/wireguard.pdf |
| 40 | * [2] http://noiseprotocol.org/noise.pdf | | 40 | * [2] http://noiseprotocol.org/noise.pdf |
| 41 | */ | | 41 | */ |
| 42 | | | 42 | |
| 43 | #include <sys/cdefs.h> | | 43 | #include <sys/cdefs.h> |
| 44 | __KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.31 2020/08/27 19:21:14 tih Exp $"); | | 44 | __KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.32 2020/08/28 07:03:08 riastradh Exp $"); |
| 45 | | | 45 | |
| 46 | #ifdef _KERNEL_OPT | | 46 | #ifdef _KERNEL_OPT |
| 47 | #include "opt_inet.h" | | 47 | #include "opt_inet.h" |
| 48 | #endif | | 48 | #endif |
| 49 | | | 49 | |
| 50 | #include <sys/param.h> | | 50 | #include <sys/param.h> |
| 51 | #include <sys/systm.h> | | 51 | #include <sys/types.h> |
| 52 | #include <sys/kernel.h> | | 52 | |
| 53 | #include <sys/mbuf.h> | | 53 | #include <sys/atomic.h> |
| 54 | #include <sys/socket.h> | | 54 | #include <sys/callout.h> |
| 55 | #include <sys/sockio.h> | | 55 | #include <sys/cprng.h> |
| 56 | #include <sys/errno.h> | | | |
| 57 | #include <sys/ioctl.h> | | | |
| 58 | #include <sys/time.h> | | | |
| 59 | #include <sys/timespec.h> | | | |
| 60 | #include <sys/socketvar.h> | | | |
| 61 | #include <sys/syslog.h> | | | |
| 62 | #include <sys/cpu.h> | | 56 | #include <sys/cpu.h> |
| | | 57 | #include <sys/device.h> |
| | | 58 | #include <sys/domain.h> |
| | | 59 | #include <sys/errno.h> |
| 63 | #include <sys/intr.h> | | 60 | #include <sys/intr.h> |
| | | 61 | #include <sys/ioctl.h> |
| | | 62 | #include <sys/kernel.h> |
| 64 | #include <sys/kmem.h> | | 63 | #include <sys/kmem.h> |
| 65 | #include <sys/device.h> | | 64 | #include <sys/kthread.h> |
| | | 65 | #include <sys/mbuf.h> |
| 66 | #include <sys/module.h> | | 66 | #include <sys/module.h> |
| 67 | #include <sys/mutex.h> | | 67 | #include <sys/mutex.h> |
| 68 | #include <sys/rwlock.h> | | 68 | #include <sys/pcq.h> |
| | | 69 | #include <sys/percpu.h> |
| 69 | #include <sys/pserialize.h> | | 70 | #include <sys/pserialize.h> |
| 70 | #include <sys/psref.h> | | 71 | #include <sys/psref.h> |
| 71 | #include <sys/kthread.h> | | | |
| 72 | #include <sys/cprng.h> | | | |
| 73 | #include <sys/atomic.h> | | | |
| 74 | #include <sys/sysctl.h> | | | |
| 75 | #include <sys/domain.h> | | | |
| 76 | #include <sys/pcq.h> | | | |
| 77 | #include <sys/queue.h> | | 72 | #include <sys/queue.h> |
| 78 | #include <sys/percpu.h> | | 73 | #include <sys/rwlock.h> |
| 79 | #include <sys/callout.h> | | 74 | #include <sys/socket.h> |
| | | 75 | #include <sys/socketvar.h> |
| | | 76 | #include <sys/sockio.h> |
| | | 77 | #include <sys/sysctl.h> |
| | | 78 | #include <sys/syslog.h> |
| | | 79 | #include <sys/systm.h> |
| | | 80 | #include <sys/time.h> |
| | | 81 | #include <sys/timespec.h> |
| 80 | | | 82 | |
| 81 | #include <net/bpf.h> | | 83 | #include <net/bpf.h> |
| 82 | #include <net/if.h> | | 84 | #include <net/if.h> |
| 83 | #include <net/if_types.h> | | 85 | #include <net/if_types.h> |
| | | 86 | #include <net/if_wg.h> |
| 84 | #include <net/route.h> | | 87 | #include <net/route.h> |
| 85 | | | 88 | |
| 86 | #include <netinet/in.h> | | 89 | #include <netinet/in.h> |
| | | 90 | #include <netinet/in_pcb.h> |
| | | 91 | #include <netinet/in_var.h> |
| 87 | #include <netinet/ip.h> | | 92 | #include <netinet/ip.h> |
| 88 | #include <netinet/ip_var.h> | | 93 | #include <netinet/ip_var.h> |
| 89 | #include <netinet/udp.h> | | 94 | #include <netinet/udp.h> |
| 90 | #include <netinet/udp_var.h> | | 95 | #include <netinet/udp_var.h> |
| 91 | #include <netinet/in_var.h> | | | |
| 92 | #include <netinet/in_pcb.h> | | | |
| 93 | | | 96 | |
| 94 | #ifdef INET6 | | 97 | #ifdef INET6 |
| 95 | #include <netinet6/in6_var.h> | | | |
| 96 | #include <netinet/ip6.h> | | 98 | #include <netinet/ip6.h> |
| 97 | #include <netinet6/ip6_var.h> | | | |
| 98 | #include <netinet6/in6_pcb.h> | | 99 | #include <netinet6/in6_pcb.h> |
| | | 100 | #include <netinet6/in6_var.h> |
| | | 101 | #include <netinet6/ip6_var.h> |
| 99 | #include <netinet6/udp6_var.h> | | 102 | #include <netinet6/udp6_var.h> |
| 100 | #endif /* INET6 */ | | 103 | #endif /* INET6 */ |
| 101 | | | 104 | |
| 102 | #include <net/if_wg.h> | | | |
| 103 | | | | |
| 104 | #include <prop/proplib.h> | | 105 | #include <prop/proplib.h> |
| 105 | | | 106 | |
| 106 | #include <crypto/blake2/blake2s.h> | | 107 | #include <crypto/blake2/blake2s.h> |
| 107 | #include <crypto/sodium/crypto_scalarmult.h> | | | |
| 108 | #include <crypto/sodium/crypto_aead_chacha20poly1305.h> | | 108 | #include <crypto/sodium/crypto_aead_chacha20poly1305.h> |
| 109 | #include <crypto/sodium/crypto_aead_xchacha20poly1305.h> | | 109 | #include <crypto/sodium/crypto_aead_xchacha20poly1305.h> |
| | | 110 | #include <crypto/sodium/crypto_scalarmult.h> |
| 110 | | | 111 | |
| 111 | #include "ioconf.h" | | 112 | #include "ioconf.h" |
| 112 | | | 113 | |
| 113 | #ifdef WG_RUMPKERNEL | | 114 | #ifdef WG_RUMPKERNEL |
| 114 | #include "wg_user.h" | | 115 | #include "wg_user.h" |
| 115 | #endif | | 116 | #endif |
| 116 | | | 117 | |
| 117 | /* | | 118 | /* |
| 118 | * Data structures | | 119 | * Data structures |
| 119 | * - struct wg_softc is an instance of wg interfaces | | 120 | * - struct wg_softc is an instance of wg interfaces |
| 120 | * - It has a list of peers (struct wg_peer) | | 121 | * - It has a list of peers (struct wg_peer) |
| 121 | * - It has a kthread that sends/receives handshake messages and | | 122 | * - It has a kthread that sends/receives handshake messages and |
| 122 | * runs event handlers | | 123 | * runs event handlers |