Switch mode WireGuard example!

Author: neilstephens

Examples/SwitchBytecode/README.md

@@ -165,4 +165,14 @@ b3 f3 53 00
 67 80 00 00
 13 05 f0 ff
 67 80 00 00
-```
+```
+
+### Example - WireGuard
+
+[WireGuard](https://www.wireguard.com/papers/wireguard.pdf) (WG) runs exclusively on UDP, and sessions use 32bit sender and receiver IDs. So it's a perfect candidate for MiniPlex Switch mode.
+
+Using MiniPlex as a central WireGuard switch, you could have a completely ephemeral VPN where all endpoints are dynamic (no fixed addresses and all initiators). MiniPlex would be the only fixed point, and it just forwards encrypted traffic, so the only risk is denial of service even if it's compromised.
+
+It's an interesting [Example](SwitchWireGuard.s), because sessions are established by a handshake which exchanges sender and receiver IDs. Following the handshake, packets only container the receiver ID, so the example showcases the ability for bytecode to use persistent memory for stateful protocols.
+
+Disclaimer: this example hasn't been performance tested. Obvioulsy, funnelling a WG VPN through a userspace app is going to create a performance constraint - your miliage may vary.

Examples/SwitchBytecode/SwitchWireGuard.bin

@@ -0,0 +1,71 @@
+	# a0: pointer to packet
+	# a1: size of packet
+	# a2: pointer to src (output u64)
+	# a3: pointer to dst (output u64)
+
+#
+#	WireGuard (WG) sessions are established by a handshake which establishes 32bit sender and receiver IDs
+#	After the first two handshake messages, packets only contain the receiver ID
+#	So, we need to keep a record of the sender/receiver pairs from the handshake
+#	Here we use a simple 'hash' table (the 'hash' is really just the 16 LSBits of an ID) to store the pairs
+#	Hash collisions aren't really a problem, a session will get dropped and it will just change IDs and restart
+#
+
+# macro to lookup a hash table entry
+.macro LOOKUP addr key
+	li t2, 0xFFFF
+	and t2, \key, t2	# take 'hash' (lower 16)
+	la t3, hash_table	# load the address of the hash table
+	li t4, 6			# size of an entry (2byte receiver msbs, 4byte sender)
+	mul \addr, t4, t2	# get the offset for the hash
+	add \addr, \addr, t3# address of the hash table entry
+.endm
+
+start:
+	li t0, 12           # All WG packets are more than 12 bytes
+	bltu a1, t0, err	# error, buffer size < 12
+	
+	lbu t0, 0(a0)		# load WG packet type
+	li t1, 4
+	beq t0, t1, trans	# transport message
+	li t1, 1
+	beq t0, t1, init	# initiation packet
+	li t1, 2
+	beq t0, t1, resp	# initiation response
+	li t1, 3
+	beq t0, t1, cookie	# under load - cookie
+	j err				# error, start bytes invalid
+init:
+	lwu t0, 4(a0)		# load sender
+	li t1, 0x123456789	# bogus receiver - 33 bits
+	j success
+resp:
+	lwu t0, 4(a0)		# load sender
+	lwu t1, 8(a0)		# load receiver
+	LOOKUP t5, t1		# lookup receiver
+	srli t2, t1, 16		# get most significant bytes of receiver
+	sh t2, 0(t5)		# store the receiver msbs
+	sd t0, 2(t5)		# store the sender
+	LOOKUP t5, t0		# lookup sender
+	srli t2, t0, 16		# get most significant bytes of sender
+	sh t2, 0(t5)		# store the sender msbs
+	sd t1, 2(t5)		# store the receiver
+	j success
+cookie:
+trans:
+	lwu t1, 4(a0)		# load receiver
+	LOOKUP t5, t1		# lookup receiver
+	lhu t2, 0(t5)		# load msbs from table
+	srli t3, t1, 16		# get receiver msbs
+	bne t2, t3, err		# error, 'hash' collision - drop and it'll switch addrs
+	lwu t0, 2(t5)		# load sender
+success:
+	sd t0, 0(a2)		# store src to output
+	sd t1, 0(a3)		# store dst to output
+	li a0, 0			# success return 0
+	jr ra
+err:
+    li a0, -1			# error return -1
+    jr ra
+hash_table:
+	.space 399360, 0	# 64k 6 byte slots

Examples/SwitchBytecode/SwitchWireGuard.s

@@ -246,7 +246,7 @@ You can download a pre-built binaries for various platforms from the github [Rel
 ## Example Use Case
 
 Suppose you have a network that doesn't support UDP multicast. Maybe it's disabled for security or performance, or maybe you like firewall policies to have strict point-to-point rules.
-But you would still like to stream UDP packets to multiple endpoints. This is where MiniPlex can help. MiniPlex can convert a single unicast stream into multiple streams. For example:
+But you would still like to stream UDP packets to multiple endpoints. This is where MiniPlex can help. MiniPlex can convert a single unicast stream into multiple streams, or route packets in any number of ways. For example:
 
 ### Stream some audio to multiple endpoints:
 
@@ -271,7 +271,7 @@ vlc udp://@:1234
 
 ### UDP Switch
 
-See [these examples](Examples/SwitchBytecode/README.md) for how to use MiniPlex as a layer 4 UDP switch! 
+See [these examples](Examples/SwitchBytecode/README.md) for how to use MiniPlex as a layer 4 UDP switch! The examples include VXLAN, WireGuard and DNP3, but any address based protocol is possible.
 
 ## Build