diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-02-13 15:55:36 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-02-14 14:05:02 +0100 |
| commit | c9ba029a1f1d1aa1000528a14fd2bda3eb2fb7c1 (patch) | |
| tree | ac696f46b9d30bc020acd1e873d2571361880d58 | |
| parent | bfde89418a6d1adb2f6ba487ccd9458583227264 (diff) | |
send: account for mtu=0 devices
It turns out there's an easy way to get packets queued up while still
having an MTU of zero, and that's via persistent keep alive. This commit
makes sure that in whatever condition, we don't wind up dividing by
zero. Note that an MTU of zero for a wireguard interface is something
quasi-valid, so I don't think the correct fix is to limit it via
min_mtu. This can be reproduced easily with:
ip link add wg0 type wireguard
ip link add wg1 type wireguard
ip link set wg0 up mtu 0
ip link set wg1 up
wg set wg0 private-key <(wg genkey)
wg set wg1 listen-port 1 private-key <(wg genkey) peer $(wg show wg0 public-key)
wg set wg0 peer $(wg show wg1 public-key) persistent-keepalive 1 endpoint 127.0.0.1:1
However, while min_mtu=0 seems fine, it makes sense to restrict the
max_mtu. This commit also restricts the maximum MTU to the greatest
number for which rounding up to the padding multiple won't overflow a
signed integer. Packets this large were always rejected anyway
eventually, due to checks deeper in, but it seems more sound not to even
let the administrator configure something that won't work anyway.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | src/compat/compat.h | 4 | ||||
| -rw-r--r-- | src/device.c | 9 | ||||
| -rw-r--r-- | src/send.c | 3 |
3 files changed, 12 insertions, 4 deletions
diff --git a/src/compat/compat.h b/src/compat/compat.h index 5978fe9..0d109be 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -1020,6 +1020,10 @@ out: #endif #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) +#define COMPAT_CANNOT_USE_MAX_MTU +#endif + #if defined(ISUBUNTU1604) #include <linux/siphash.h> #ifndef _WG_LINUX_SIPHASH_H diff --git a/src/device.c b/src/device.c index 2883bad..73c892a 100644 --- a/src/device.c +++ b/src/device.c @@ -266,6 +266,8 @@ static void wg_setup(struct net_device *dev) enum { WG_NETDEV_FEATURES = NETIF_F_HW_CSUM | NETIF_F_RXCSUM | NETIF_F_SG | NETIF_F_GSO | NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA }; + const int overhead = MESSAGE_MINIMUM_LENGTH + sizeof(struct udphdr) + + max(sizeof(struct ipv6hdr), sizeof(struct iphdr)); dev->netdev_ops = &netdev_ops; dev->hard_header_len = 0; @@ -283,9 +285,10 @@ static void wg_setup(struct net_device *dev) dev->features |= WG_NETDEV_FEATURES; dev->hw_features |= WG_NETDEV_FEATURES; dev->hw_enc_features |= WG_NETDEV_FEATURES; - dev->mtu = ETH_DATA_LEN - MESSAGE_MINIMUM_LENGTH - - sizeof(struct udphdr) - - max(sizeof(struct ipv6hdr), sizeof(struct iphdr)); + dev->mtu = ETH_DATA_LEN - overhead; +#ifndef COMPAT_CANNOT_USE_MAX_MTU + dev->max_mtu = round_down(INT_MAX, MESSAGE_PADDING_MULTIPLE) - overhead; +#endif SET_NETDEV_DEVTYPE(dev, &device_type); @@ -149,7 +149,8 @@ static unsigned int calculate_skb_padding(struct sk_buff *skb) * wouldn't want the final subtraction to overflow in the case of the * padded_size being clamped. */ - unsigned int last_unit = skb->len % PACKET_CB(skb)->mtu; + unsigned int last_unit = PACKET_CB(skb)->mtu ? + skb->len % PACKET_CB(skb)->mtu : skb->len; unsigned int padded_size = ALIGN(last_unit, MESSAGE_PADDING_MULTIPLE); if (padded_size > PACKET_CB(skb)->mtu) |