summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/device.c14
-rw-r--r--src/messages.h12
-rw-r--r--src/packets.h11
-rw-r--r--src/receive.c6
-rw-r--r--src/socket.h2
5 files changed, 21 insertions, 24 deletions
diff --git a/src/device.c b/src/device.c
index 5a294ec..bedf602 100644
--- a/src/device.c
+++ b/src/device.c
@@ -21,8 +21,6 @@
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_nat_core.h>
-#define MAX_QUEUED_PACKETS 1024
-
static int init(struct net_device *dev)
{
dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
@@ -128,7 +126,7 @@ static netdev_tx_t xmit(struct sk_buff *skb, struct net_device *dev)
/* If the queue is getting too big, we start removing the oldest packets until it's small again.
* We do this before adding the new packet, so we don't remove GSO segments that are in excess. */
- while (skb_queue_len(&peer->tx_packet_queue) > MAX_QUEUED_PACKETS)
+ while (skb_queue_len(&peer->tx_packet_queue) > MAX_QUEUED_OUTGOING_PACKETS)
dev_kfree_skb(skb_dequeue(&peer->tx_packet_queue));
if (!skb_is_gso(skb))
@@ -217,7 +215,9 @@ static void destruct(struct net_device *dev)
free_netdev(dev);
}
-#define WG_FEATURES (NETIF_F_HW_CSUM | NETIF_F_RXCSUM | NETIF_F_SG | NETIF_F_GSO | NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA)
+enum {
+ WG_NETDEV_FEATURES = NETIF_F_HW_CSUM | NETIF_F_RXCSUM | NETIF_F_SG | NETIF_F_GSO | NETIF_F_GSO_SOFTWARE | NETIF_F_HIGHDMA
+};
static void setup(struct net_device *dev)
{
@@ -237,9 +237,9 @@ static void setup(struct net_device *dev)
dev->tx_queue_len = 0;
#endif
dev->features |= NETIF_F_LLTX;
- dev->features |= WG_FEATURES;
- dev->hw_features |= WG_FEATURES;
- dev->hw_enc_features |= WG_FEATURES;
+ dev->features |= WG_NETDEV_FEATURES;
+ dev->hw_features |= WG_NETDEV_FEATURES;
+ dev->hw_enc_features |= WG_NETDEV_FEATURES;
dev->mtu = ETH_DATA_LEN - MESSAGE_MINIMUM_LENGTH - sizeof(struct udphdr) - max(sizeof(struct ipv6hdr), sizeof(struct iphdr));
/* We need to keep the dst around in case of icmp replies. */
diff --git a/src/messages.h b/src/messages.h
index 0a799eb..7a4b14e 100644
--- a/src/messages.h
+++ b/src/messages.h
@@ -46,7 +46,10 @@ enum limits {
INITIATIONS_PER_SECOND = HZ / 50,
MAX_PEERS_PER_DEVICE = U16_MAX,
KEEPALIVE_TIMEOUT = 10 * HZ,
- MAX_TIMER_HANDSHAKES = (90 * HZ) / REKEY_TIMEOUT
+ MAX_TIMER_HANDSHAKES = (90 * HZ) / REKEY_TIMEOUT,
+ MAX_QUEUED_INCOMING_HANDSHAKES = 4096,
+ MAX_BURST_INCOMING_HANDSHAKES = 16,
+ MAX_QUEUED_OUTGOING_PACKETS = 1024
};
enum message_type {
@@ -108,6 +111,13 @@ enum message_alignments {
MESSAGE_MINIMUM_LENGTH = message_data_len(0)
};
+#define SKB_HEADER_LEN (max(sizeof(struct iphdr), sizeof(struct ipv6hdr)) + sizeof(struct udphdr) + NET_SKB_PAD)
+#define DATA_PACKET_HEAD_ROOM ALIGN(sizeof(struct message_data) + SKB_HEADER_LEN, 4)
+
+enum {
+ HANDSHAKE_DSCP = 0b10001000 /* AF41, plus 00 ECN */
+};
+
static inline enum message_type message_determine_type(void *src, size_t src_len)
{
struct message_header *header = src;
diff --git a/src/packets.h b/src/packets.h
index 22ce8fa..9d1d6df 100644
--- a/src/packets.h
+++ b/src/packets.h
@@ -10,14 +10,6 @@
#include <linux/types.h>
#include <linux/padata.h>
-enum {
- MAX_QUEUED_HANDSHAKES = 4096,
- MAX_BURST_HANDSHAKES = 16
-};
-
-/* AF41, plus 00 ECN */
-#define HANDSHAKE_DSCP 0b10001000
-
struct wireguard_device;
struct wireguard_peer;
struct sk_buff;
@@ -34,7 +26,6 @@ void packet_send_queued_handshakes(struct work_struct *work);
void packet_send_handshake_response(struct wireguard_peer *peer);
void packet_send_handshake_cookie(struct wireguard_device *wg, struct sk_buff *initiating_skb, void *data, size_t data_len, __le32 sender_index);
-
/* data.c */
int packet_create_data(struct sk_buff_head *queue, struct wireguard_peer *peer, void(*callback)(struct sk_buff_head *, struct wireguard_peer *));
void packet_consume_data(struct sk_buff *skb, size_t offset, struct wireguard_device *wg, void(*callback)(struct sk_buff *, struct wireguard_peer *, struct endpoint *, bool, int));
@@ -44,8 +35,6 @@ int packet_init_data_caches(void);
void packet_deinit_data_caches(void);
#endif
-#define DATA_PACKET_HEAD_ROOM ALIGN(sizeof(struct message_data) + SKB_HEADER_LEN, 4)
-
#ifdef DEBUG
bool packet_counter_selftest(void);
#endif
diff --git a/src/receive.c b/src/receive.c
index 0878872..1f92faf 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -86,7 +86,7 @@ static void receive_handshake_packet(struct wireguard_device *wg, void *data, si
return;
}
- under_load = skb_queue_len(&wg->incoming_handshakes) >= MAX_QUEUED_HANDSHAKES / 2;
+ under_load = skb_queue_len(&wg->incoming_handshakes) >= MAX_QUEUED_INCOMING_HANDSHAKES / 2;
mac_state = cookie_validate_packet(&wg->cookie_checker, skb, data, len, under_load);
if ((under_load && mac_state == VALID_MAC_WITH_COOKIE) || (!under_load && mac_state == VALID_MAC_BUT_NO_COOKIE))
packet_needs_cookie = false;
@@ -161,7 +161,7 @@ void packet_process_queued_handshake_packets(struct work_struct *work)
if (!skb_data_offset(skb, &offset, &len))
receive_handshake_packet(wg, skb->data + offset, len, skb);
dev_kfree_skb(skb);
- if (++num_processed == MAX_BURST_HANDSHAKES) {
+ if (++num_processed == MAX_BURST_INCOMING_HANDSHAKES) {
queue_work(wg->workqueue, &wg->incoming_handshakes_work);
return;
}
@@ -298,7 +298,7 @@ void packet_receive(struct wireguard_device *wg, struct sk_buff *skb)
case MESSAGE_HANDSHAKE_INITIATION:
case MESSAGE_HANDSHAKE_RESPONSE:
case MESSAGE_HANDSHAKE_COOKIE:
- if (skb_queue_len(&wg->incoming_handshakes) > MAX_QUEUED_HANDSHAKES) {
+ if (skb_queue_len(&wg->incoming_handshakes) > MAX_QUEUED_INCOMING_HANDSHAKES) {
net_dbg_skb_ratelimited("Too many handshakes queued, dropping packet from %pISpfsc\n", skb);
goto err;
}
diff --git a/src/socket.h b/src/socket.h
index ce668ad..71d0a79 100644
--- a/src/socket.h
+++ b/src/socket.h
@@ -11,8 +11,6 @@
struct wireguard_device;
struct endpoint;
-#define SKB_HEADER_LEN (max(sizeof(struct iphdr), sizeof(struct ipv6hdr)) + sizeof(struct udphdr) + NET_SKB_PAD)
-
int socket_init(struct wireguard_device *wg);
void socket_uninit(struct wireguard_device *wg);
int socket_send_buffer_to_peer(struct wireguard_peer *peer, void *data, size_t len, uint8_t ds);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-27 09:55:15 +0000