diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-11-10 23:28:35 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-11-15 02:42:36 +0100 |
commit | 032d0526c9b52d1391fc14fa532ef5162e4c1822 (patch) | |
tree | 0b93b6b25bdfc10632e4c6c4d065c659eb623106 /src/receive.c | |
parent | 450e45d9570450e6a10323902e4198c30cd312a0 (diff) |
socket: keep track of src address in sending packets
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/receive.c')
-rw-r--r-- | src/receive.c | 78 |
1 files changed, 36 insertions, 42 deletions
diff --git a/src/receive.c b/src/receive.c index 9f5c3d1..33c8ebe 100644 --- a/src/receive.c +++ b/src/receive.c @@ -25,19 +25,17 @@ static inline void rx_stats(struct wireguard_peer *peer, size_t len) static inline void update_latest_addr(struct wireguard_peer *peer, struct sk_buff *skb) { - struct sockaddr_storage addr = { 0 }; - if (!socket_addr_from_skb(&addr, skb)) - socket_set_peer_addr(peer, &addr); + struct endpoint endpoint; + if (!socket_endpoint_from_skb(&endpoint, skb)) + socket_set_peer_endpoint(peer, &endpoint); } static inline int skb_data_offset(struct sk_buff *skb, size_t *data_offset, size_t *data_len) { struct udphdr *udp; + struct endpoint endpoint; #if defined(CONFIG_DYNAMIC_DEBUG) || defined(DEBUG) - struct sockaddr_storage addr = { 0 }; - socket_addr_from_skb(&addr, skb); -#else - static const u8 addr; + socket_endpoint_from_skb(&endpoint, skb); #endif if (unlikely(skb->len < sizeof(struct iphdr))) @@ -50,26 +48,26 @@ static inline int skb_data_offset(struct sk_buff *skb, size_t *data_offset, size udp = udp_hdr(skb); *data_offset = (u8 *)udp - skb->data; if (unlikely(*data_offset > U16_MAX)) { - net_dbg_ratelimited("Packet has offset at impossible location from %pISpfsc\n", &addr); + net_dbg_ratelimited("Packet has offset at impossible location from %pISpfsc\n", &endpoint.addr_storage); return -EINVAL; } if (unlikely(*data_offset + sizeof(struct udphdr) > skb->len)) { - net_dbg_ratelimited("Packet isn't big enough to have UDP fields from %pISpfsc\n", &addr); + net_dbg_ratelimited("Packet isn't big enough to have UDP fields from %pISpfsc\n", &endpoint.addr_storage); return -EINVAL; } *data_len = ntohs(udp->len); if (unlikely(*data_len < sizeof(struct udphdr))) { - net_dbg_ratelimited("UDP packet is reporting too small of a size from %pISpfsc\n", &addr); + net_dbg_ratelimited("UDP packet is reporting too small of a size from %pISpfsc\n", &endpoint.addr_storage); return -EINVAL; } if (unlikely(*data_len > skb->len - *data_offset)) { - net_dbg_ratelimited("UDP packet is lying about its size from %pISpfsc\n", &addr); + net_dbg_ratelimited("UDP packet is lying about its size from %pISpfsc\n", &endpoint.addr_storage); return -EINVAL; } *data_len -= sizeof(struct udphdr); *data_offset = (u8 *)udp + sizeof(struct udphdr) - skb->data; if (!pskb_may_pull(skb, *data_offset + sizeof(struct message_header))) { - net_dbg_ratelimited("Could not pull header into data section from %pISpfsc\n", &addr); + net_dbg_ratelimited("Could not pull header into data section from %pISpfsc\n", &endpoint.addr_storage); return -EINVAL; } @@ -83,18 +81,16 @@ static void receive_handshake_packet(struct wireguard_device *wg, void *data, si bool under_load; enum cookie_mac_state mac_state; bool packet_needs_cookie; + struct endpoint endpoint; #if defined(CONFIG_DYNAMIC_DEBUG) || defined(DEBUG) - struct sockaddr_storage addr = { 0 }; - socket_addr_from_skb(&addr, skb); -#else - static const u8 addr; + socket_endpoint_from_skb(&endpoint, skb); #endif message_type = message_determine_type(data, len); if (message_type == MESSAGE_HANDSHAKE_COOKIE) { - net_dbg_ratelimited("Receiving cookie response from %pISpfsc\n", &addr); + net_dbg_ratelimited("Receiving cookie response from %pISpfsc\n", &endpoint.addr_storage); cookie_message_consume(data, wg); return; } @@ -106,7 +102,7 @@ static void receive_handshake_packet(struct wireguard_device *wg, void *data, si else if (under_load && mac_state == VALID_MAC_BUT_NO_COOKIE) packet_needs_cookie = true; else { - net_dbg_ratelimited("Invalid MAC of handshake, dropping packet from %pISpfsc\n", &addr); + net_dbg_ratelimited("Invalid MAC of handshake, dropping packet from %pISpfsc\n", &endpoint.addr_storage); return; } @@ -119,10 +115,10 @@ static void receive_handshake_packet(struct wireguard_device *wg, void *data, si } peer = noise_handshake_consume_initiation(data, wg); if (unlikely(!peer)) { - net_dbg_ratelimited("Invalid handshake initiation from %pISpfsc\n", &addr); + net_dbg_ratelimited("Invalid handshake initiation from %pISpfsc\n", &endpoint.addr_storage); return; } - net_dbg_ratelimited("Receiving handshake initiation from peer %Lu (%pISpfsc)\n", peer->internal_id, &addr); + net_dbg_ratelimited("Receiving handshake initiation from peer %Lu (%pISpfsc)\n", peer->internal_id, &endpoint.addr_storage); update_latest_addr(peer, skb); packet_send_handshake_response(peer); break; @@ -134,10 +130,10 @@ static void receive_handshake_packet(struct wireguard_device *wg, void *data, si } peer = noise_handshake_consume_response(data, wg); if (unlikely(!peer)) { - net_dbg_ratelimited("Invalid handshake response from %pISpfsc\n", &addr); + net_dbg_ratelimited("Invalid handshake response from %pISpfsc\n", &endpoint.addr_storage); return; } - net_dbg_ratelimited("Receiving handshake response from peer %Lu (%pISpfsc)\n", peer->internal_id, &addr); + net_dbg_ratelimited("Receiving handshake response from peer %Lu (%pISpfsc)\n", peer->internal_id, &endpoint.addr_storage); if (noise_handshake_begin_session(&peer->handshake, &peer->keypairs, true)) { timers_ephemeral_key_created(peer); timers_handshake_complete(peer); @@ -150,7 +146,7 @@ static void receive_handshake_packet(struct wireguard_device *wg, void *data, si } break; default: - net_err_ratelimited("Somehow a wrong type of packet wound up in the handshake queue from %pISpfsc!\n", &addr); + net_err_ratelimited("Somehow a wrong type of packet wound up in the handshake queue from %pISpfsc!\n", &endpoint.addr_storage); BUG(); return; } @@ -207,13 +203,13 @@ struct packet_cb { }; #define PACKET_CB(skb) ((struct packet_cb *)skb->cb) -static void receive_data_packet(struct sk_buff *skb, struct wireguard_peer *peer, struct sockaddr_storage *addr, bool used_new_key, int err) +static void receive_data_packet(struct sk_buff *skb, struct wireguard_peer *peer, struct endpoint *endpoint, bool used_new_key, int err) { struct net_device *dev; struct wireguard_peer *routed_peer; struct wireguard_device *wg; - if (unlikely(err < 0 || !peer || !addr)) { + if (unlikely(err < 0 || !peer || !endpoint)) { dev_kfree_skb(skb); return; } @@ -230,21 +226,21 @@ static void receive_data_packet(struct sk_buff *skb, struct wireguard_peer *peer /* A packet with length 0 is a keepalive packet */ if (unlikely(!skb->len)) { - net_dbg_ratelimited("Receiving keepalive packet from peer %Lu (%pISpfsc)\n", peer->internal_id, addr); + net_dbg_ratelimited("Receiving keepalive packet from peer %Lu (%pISpfsc)\n", peer->internal_id, &endpoint->addr_storage); goto packet_processed; } if (unlikely(skb->len < sizeof(struct iphdr))) { ++dev->stats.rx_errors; ++dev->stats.rx_length_errors; - net_dbg_ratelimited("Packet missing ip header from peer %Lu (%pISpfsc)\n", peer->internal_id, addr); + net_dbg_ratelimited("Packet missing ip header from peer %Lu (%pISpfsc)\n", peer->internal_id, &endpoint->addr_storage); goto packet_processed; } if (!pskb_may_pull(skb, 1 /* For checking the ip version below */)) { ++dev->stats.rx_errors; ++dev->stats.rx_length_errors; - net_dbg_ratelimited("Packet missing IP version from peer %Lu (%pISpfsc)\n", peer->internal_id, addr); + net_dbg_ratelimited("Packet missing IP version from peer %Lu (%pISpfsc)\n", peer->internal_id, &endpoint->addr_storage); goto packet_processed; } @@ -258,7 +254,7 @@ static void receive_data_packet(struct sk_buff *skb, struct wireguard_peer *peer if (unlikely(skb->len < sizeof(struct ipv6hdr))) { ++dev->stats.rx_errors; ++dev->stats.rx_length_errors; - net_dbg_ratelimited("Packet missing ipv6 header from peer %Lu (%pISpfsc)\n", peer->internal_id, addr); + net_dbg_ratelimited("Packet missing ipv6 header from peer %Lu (%pISpfsc)\n", peer->internal_id, &endpoint->addr_storage); goto packet_processed; } skb->protocol = htons(ETH_P_IPV6); @@ -267,7 +263,7 @@ static void receive_data_packet(struct sk_buff *skb, struct wireguard_peer *peer } else { ++dev->stats.rx_errors; ++dev->stats.rx_length_errors; - net_dbg_ratelimited("Packet neither ipv4 nor ipv6 from peer %Lu (%pISpfsc)\n", peer->internal_id, addr); + net_dbg_ratelimited("Packet neither ipv4 nor ipv6 from peer %Lu (%pISpfsc)\n", peer->internal_id, &endpoint->addr_storage); goto packet_processed; } @@ -278,9 +274,9 @@ static void receive_data_packet(struct sk_buff *skb, struct wireguard_peer *peer if (unlikely(routed_peer != peer)) { #if defined(CONFIG_DYNAMIC_DEBUG) || defined(DEBUG) - struct sockaddr_storage unencrypted_addr = { 0 }; - socket_addr_from_skb(&unencrypted_addr, skb); - net_dbg_ratelimited("Packet has unallowed src IP (%pISc) from peer %Lu (%pISpfsc)\n", &unencrypted_addr, peer->internal_id, addr); + struct endpoint unencrypted_endpoint; + socket_endpoint_from_skb(&unencrypted_endpoint, skb); + net_dbg_ratelimited("Packet has unallowed src IP (%pISc) from peer %Lu (%pISpfsc)\n", &unencrypted_endpoint.addr_storage, peer->internal_id, &endpoint->addr_storage); #endif ++dev->stats.rx_errors; ++dev->stats.rx_frame_errors; @@ -292,7 +288,7 @@ static void receive_data_packet(struct sk_buff *skb, struct wireguard_peer *peer rx_stats(peer, skb->len); else { ++dev->stats.rx_dropped; - net_dbg_ratelimited("Failed to give packet to userspace from peer %Lu (%pISpfsc)\n", peer->internal_id, addr); + net_dbg_ratelimited("Failed to give packet to userspace from peer %Lu (%pISpfsc)\n", peer->internal_id, &endpoint->addr_storage); } goto continue_processing; @@ -301,18 +297,16 @@ packet_processed: continue_processing: timers_any_authenticated_packet_received(peer); timers_any_authenticated_packet_traversal(peer); - socket_set_peer_addr(peer, addr); + socket_set_peer_endpoint(peer, endpoint); peer_put(peer); } void packet_receive(struct wireguard_device *wg, struct sk_buff *skb) { size_t len, offset; + struct endpoint endpoint; #if defined(CONFIG_DYNAMIC_DEBUG) || defined(DEBUG) - struct sockaddr_storage addr = { 0 }; - socket_addr_from_skb(&addr, skb); -#else - static const u8 addr; + socket_endpoint_from_skb(&endpoint, skb); #endif if (unlikely(skb_data_offset(skb, &offset, &len) < 0)) @@ -322,11 +316,11 @@ void packet_receive(struct wireguard_device *wg, struct sk_buff *skb) case MESSAGE_HANDSHAKE_RESPONSE: case MESSAGE_HANDSHAKE_COOKIE: if (skb_queue_len(&wg->incoming_handshakes) > MAX_QUEUED_HANDSHAKES) { - net_dbg_ratelimited("Too many handshakes queued, dropping packet from %pISpfsc\n", &addr); + net_dbg_ratelimited("Too many handshakes queued, dropping packet from %pISpfsc\n", &endpoint.addr_storage); goto err; } if (skb_linearize(skb) < 0) { - net_dbg_ratelimited("Unable to linearize handshake skb from %pISpfsc\n", &addr); + net_dbg_ratelimited("Unable to linearize handshake skb from %pISpfsc\n", &endpoint.addr_storage); goto err; } skb_queue_tail(&wg->incoming_handshakes, skb); @@ -338,7 +332,7 @@ void packet_receive(struct wireguard_device *wg, struct sk_buff *skb) packet_consume_data(skb, offset, wg, receive_data_packet); break; default: - net_dbg_ratelimited("Invalid packet from %pISpfsc\n", &addr); + net_dbg_ratelimited("Invalid packet from %pISpfsc\n", &endpoint.addr_storage); goto err; } return; |