diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/cookie.c | 3 | ||||
-rw-r--r-- | src/device.c | 3 | ||||
-rw-r--r-- | src/hashtables.c | 2 | ||||
-rw-r--r-- | src/netlink.c | 7 | ||||
-rw-r--r-- | src/noise.c | 6 | ||||
-rw-r--r-- | src/peer.c | 7 | ||||
-rw-r--r-- | src/peer.h | 4 | ||||
-rw-r--r-- | src/queueing.h | 2 | ||||
-rw-r--r-- | src/receive.c | 22 | ||||
-rw-r--r-- | src/send.c | 7 | ||||
-rw-r--r-- | src/socket.c | 1 | ||||
-rw-r--r-- | src/socket.h | 2 | ||||
-rw-r--r-- | src/timers.c | 8 |
13 files changed, 44 insertions, 30 deletions
diff --git a/src/cookie.c b/src/cookie.c index d25f9ec..7dffb86 100644 --- a/src/cookie.c +++ b/src/cookie.c @@ -40,8 +40,7 @@ void cookie_checker_precompute_device_keys(struct cookie_checker *checker) if (likely(checker->device->static_identity.has_identity)) { precompute_key(checker->cookie_encryption_key, checker->device->static_identity.static_public, cookie_key_label); precompute_key(checker->message_mac1_key, checker->device->static_identity.static_public, mac1_key_label); - } - else { + } else { memset(checker->cookie_encryption_key, 0, NOISE_SYMMETRIC_KEY_LEN); memset(checker->message_mac1_key, 0, NOISE_SYMMETRIC_KEY_LEN); } diff --git a/src/device.c b/src/device.c index a1c497b..433da3f 100644 --- a/src/device.c +++ b/src/device.c @@ -127,7 +127,7 @@ static netdev_tx_t xmit(struct sk_buff *skb, struct net_device *dev) family = READ_ONCE(peer->endpoint.addr.sa_family); if (unlikely(family != AF_INET && family != AF_INET6)) { ret = -EDESTADDRREQ; - net_dbg_ratelimited("%s: No valid endpoint has been configured or discovered for peer %Lu\n", dev->name, peer->internal_id); + net_dbg_ratelimited("%s: No valid endpoint has been configured or discovered for peer %llu\n", dev->name, peer->internal_id); goto err_peer; } @@ -136,6 +136,7 @@ static netdev_tx_t xmit(struct sk_buff *skb, struct net_device *dev) skb->next = NULL; else { struct sk_buff *segs = skb_gso_segment(skb, 0); + if (unlikely(IS_ERR(segs))) { ret = PTR_ERR(segs); goto err_peer; diff --git a/src/hashtables.c b/src/hashtables.c index a0cfa44..4a3798c 100644 --- a/src/hashtables.c +++ b/src/hashtables.c @@ -68,7 +68,7 @@ void index_hashtable_init(struct index_hashtable *table) * * >>> def calculation(tries, size): * ... return (size / 2**32)**(tries - 1) * (1 - (size / 2**32)) - * ... + * ... * >>> calculation(1, 2**20 * 3) * 0.999267578125 * >>> calculation(2, 2**20 * 3) diff --git a/src/netlink.c b/src/netlink.c index 71da081..72dfa2b 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -340,8 +340,10 @@ static int set_peer(struct wireguard_device *wg, struct nlattr **attrs) if (attrs[WGPEER_A_ENDPOINT]) { struct sockaddr *addr = nla_data(attrs[WGPEER_A_ENDPOINT]); size_t len = nla_len(attrs[WGPEER_A_ENDPOINT]); + if ((len == sizeof(struct sockaddr_in) && addr->sa_family == AF_INET) || (len == sizeof(struct sockaddr_in6) && addr->sa_family == AF_INET6)) { struct endpoint endpoint = { { { 0 } } }; + memcpy(&endpoint.addr, addr, len); socket_set_peer_endpoint(peer, &endpoint); } @@ -353,6 +355,7 @@ static int set_peer(struct wireguard_device *wg, struct nlattr **attrs) if (attrs[WGPEER_A_ALLOWEDIPS]) { int rem; struct nlattr *attr, *allowedip[WGALLOWEDIP_A_MAX + 1]; + nla_for_each_nested (attr, attrs[WGPEER_A_ALLOWEDIPS], rem) { ret = nla_parse_nested(allowedip, WGALLOWEDIP_A_MAX, attr, allowedip_policy, NULL); if (ret < 0) @@ -366,6 +369,7 @@ static int set_peer(struct wireguard_device *wg, struct nlattr **attrs) if (attrs[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]) { const u16 persistent_keepalive_interval = nla_get_u16(attrs[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]); const bool send_keepalive = !peer->persistent_keepalive_interval && persistent_keepalive_interval && netif_running(wg->dev); + peer->persistent_keepalive_interval = (unsigned long)persistent_keepalive_interval * HZ; if (send_keepalive) packet_send_keepalive(peer); @@ -397,6 +401,7 @@ static int set_device(struct sk_buff *skb, struct genl_info *info) if (info->attrs[WGDEVICE_A_FWMARK]) { struct wireguard_peer *peer, *temp; + wg->fwmark = nla_get_u32(info->attrs[WGDEVICE_A_FWMARK]); peer_for_each (wg, peer, temp, false) socket_clear_peer_endpoint_src(peer); @@ -416,6 +421,7 @@ static int set_device(struct sk_buff *skb, struct genl_info *info) u8 public_key[NOISE_PUBLIC_KEY_LEN] = { 0 }, *private_key = nla_data(info->attrs[WGDEVICE_A_PRIVATE_KEY]); /* We remove before setting, to prevent race, which means doing two 25519-genpub ops. */ bool unused __attribute((unused)) = curve25519_generate_public(public_key, private_key); + peer = pubkey_hashtable_lookup(&wg->peer_hashtable, public_key); if (peer) { peer_put(peer); @@ -432,6 +438,7 @@ static int set_device(struct sk_buff *skb, struct genl_info *info) if (info->attrs[WGDEVICE_A_PEERS]) { int rem; struct nlattr *attr, *peer[WGPEER_A_MAX + 1]; + nla_for_each_nested (attr, info->attrs[WGDEVICE_A_PEERS], rem) { ret = nla_parse_nested(peer, WGPEER_A_MAX, attr, peer_policy, NULL); if (ret < 0) diff --git a/src/noise.c b/src/noise.c index 8e4f2a6..99c5f53 100644 --- a/src/noise.c +++ b/src/noise.c @@ -97,7 +97,7 @@ static void keypair_free_rcu(struct rcu_head *rcu) { struct noise_keypair *keypair = container_of(rcu, struct noise_keypair, rcu); - net_dbg_ratelimited("%s: Keypair %Lu destroyed for peer %Lu\n", keypair->entry.peer->device->dev->name, keypair->internal_id, keypair->entry.peer->internal_id); + net_dbg_ratelimited("%s: Keypair %llu destroyed for peer %llu\n", keypair->entry.peer->device->dev->name, keypair->internal_id, keypair->entry.peer->internal_id); kzfree(keypair); } @@ -118,7 +118,7 @@ void noise_keypair_put(struct noise_keypair *keypair) struct noise_keypair *noise_keypair_get(struct noise_keypair *keypair) { - RCU_LOCKDEP_WARN(!rcu_read_lock_bh_held(), "Calling noise_keypair_get without holding the RCU BH read lock"); + RCU_LOCKDEP_WARN(!rcu_read_lock_bh_held(), "Calling " __func__ " without holding the RCU BH read lock"); if (unlikely(!keypair || !kref_get_unless_zero(&keypair->refcount))) return NULL; return keypair; @@ -612,7 +612,7 @@ bool noise_handshake_begin_session(struct noise_handshake *handshake, struct noi handshake_zero(handshake); add_new_keypair(keypairs, new_keypair); - net_dbg_ratelimited("%s: Keypair %Lu created for peer %Lu\n", new_keypair->entry.peer->device->dev->name, new_keypair->internal_id, new_keypair->entry.peer->internal_id); + net_dbg_ratelimited("%s: Keypair %llu created for peer %llu\n", new_keypair->entry.peer->device->dev->name, new_keypair->internal_id, new_keypair->entry.peer->internal_id); WARN_ON(!index_hashtable_replace(&handshake->entry.peer->device->index_hashtable, &handshake->entry, &new_keypair->entry)); up_write(&handshake->lock); @@ -51,13 +51,13 @@ struct wireguard_peer *peer_create(struct wireguard_device *wg, const u8 public_ skb_queue_head_init(&peer->staged_packet_queue); list_add_tail(&peer->peer_list, &wg->peer_list); pubkey_hashtable_add(&wg->peer_hashtable, peer); - pr_debug("%s: Peer %Lu created\n", wg->dev->name, peer->internal_id); + pr_debug("%s: Peer %llu created\n", wg->dev->name, peer->internal_id); return peer; } struct wireguard_peer *peer_get(struct wireguard_peer *peer) { - RCU_LOCKDEP_WARN(!rcu_read_lock_bh_held(), "Calling peer_get without holding the RCU read lock"); + RCU_LOCKDEP_WARN(!rcu_read_lock_bh_held(), "Calling " __func__ " without holding the RCU read lock"); if (unlikely(!peer || !kref_get_unless_zero(&peer->refcount))) return NULL; return peer; @@ -95,7 +95,8 @@ void peer_remove(struct wireguard_peer *peer) static void rcu_release(struct rcu_head *rcu) { struct wireguard_peer *peer = container_of(rcu, struct wireguard_peer, rcu); - pr_debug("%s: Peer %Lu (%pISpfsc) destroyed\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr); + + pr_debug("%s: Peer %llu (%pISpfsc) destroyed\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr); dst_cache_destroy(&peer->endpoint_cache); packet_queue_free(&peer->rx_queue, false); packet_queue_free(&peer->tx_queue, false); @@ -69,7 +69,9 @@ struct wireguard_peer *peer_lookup_by_index(struct wireguard_device *wg, u32 ind unsigned int peer_total_count(struct wireguard_device *wg); -/* This is a macro iterator of essentially this: +/* This is a macro iterator of essentially as follows, with the + * exception that typing `break` in the ITERATOR_BODY will still + * actually put the peer reference: * * if (__should_lock) * mutex_lock(&(__wg)->device_update_lock); diff --git a/src/queueing.h b/src/queueing.h index 2b79639..bf66c59 100644 --- a/src/queueing.h +++ b/src/queueing.h @@ -45,7 +45,7 @@ struct packet_cb { atomic_t state; u8 ds; }; -#define PACKET_PEER(skb) ((struct packet_cb *)skb->cb)->keypair->entry.peer +#define PACKET_PEER(skb) (((struct packet_cb *)skb->cb)->keypair->entry.peer) #define PACKET_CB(skb) ((struct packet_cb *)skb->cb) /* Returns either the correct skb->protocol value, or 0 if invalid. */ diff --git a/src/receive.c b/src/receive.c index b27876c..923c711 100644 --- a/src/receive.c +++ b/src/receive.c @@ -26,7 +26,7 @@ static inline void rx_stats(struct wireguard_peer *peer, size_t len) put_cpu_ptr(tstats); } -#define SKB_TYPE_LE32(skb) ((struct message_header *)(skb)->data)->type +#define SKB_TYPE_LE32(skb) (((struct message_header *)(skb)->data)->type) static inline size_t validate_header_len(struct sk_buff *skb) { @@ -76,7 +76,7 @@ static inline int skb_prepare_header(struct sk_buff *skb, struct wireguard_devic static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff *skb) { - static u64 last_under_load = 0; /* Yes this is global, so that our load calculation applies to the whole system. */ + static u64 last_under_load; /* Yes this is global, so that our load calculation applies to the whole system. */ struct wireguard_peer *peer = NULL; bool under_load; enum cookie_mac_state mac_state; @@ -106,6 +106,7 @@ static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff switch (SKB_TYPE_LE32(skb)) { case cpu_to_le32(MESSAGE_HANDSHAKE_INITIATION): { struct message_handshake_initiation *message = (struct message_handshake_initiation *)skb->data; + if (packet_needs_cookie) { packet_send_handshake_cookie(wg, skb, message->sender_index); return; @@ -116,12 +117,13 @@ static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff return; } socket_set_peer_endpoint_from_skb(peer, skb); - net_dbg_ratelimited("%s: Receiving handshake initiation from peer %Lu (%pISpfsc)\n", wg->dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Receiving handshake initiation from peer %llu (%pISpfsc)\n", wg->dev->name, peer->internal_id, &peer->endpoint.addr); packet_send_handshake_response(peer); break; } case cpu_to_le32(MESSAGE_HANDSHAKE_RESPONSE): { struct message_handshake_response *message = (struct message_handshake_response *)skb->data; + if (packet_needs_cookie) { packet_send_handshake_cookie(wg, skb, message->sender_index); return; @@ -132,7 +134,7 @@ static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff return; } socket_set_peer_endpoint_from_skb(peer, skb); - net_dbg_ratelimited("%s: Receiving handshake response from peer %Lu (%pISpfsc)\n", wg->dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Receiving handshake response from peer %llu (%pISpfsc)\n", wg->dev->name, peer->internal_id, &peer->endpoint.addr); if (noise_handshake_begin_session(&peer->handshake, &peer->keypairs)) { timers_session_derived(peer); timers_handshake_complete(peer); @@ -291,7 +293,7 @@ static void packet_consume_data_done(struct sk_buff *skb, struct endpoint *endpo /* A packet with length 0 is a keepalive packet */ if (unlikely(!skb->len)) { rx_stats(peer, message_data_len(0)); - net_dbg_ratelimited("%s: Receiving keepalive packet from peer %Lu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Receiving keepalive packet from peer %llu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); goto packet_processed; } @@ -332,23 +334,23 @@ static void packet_consume_data_done(struct sk_buff *skb, struct endpoint *endpo if (unlikely(netif_receive_skb(skb) == NET_RX_DROP)) { ++dev->stats.rx_dropped; - net_dbg_ratelimited("%s: Failed to give packet to userspace from peer %Lu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Failed to give packet to userspace from peer %llu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); } else rx_stats(peer, message_data_len(len_before_trim)); goto continue_processing; dishonest_packet_peer: - net_dbg_skb_ratelimited("%s: Packet has unallowed src IP (%pISc) from peer %Lu (%pISpfsc)\n", dev->name, skb, peer->internal_id, &peer->endpoint.addr); + net_dbg_skb_ratelimited("%s: Packet has unallowed src IP (%pISc) from peer %llu (%pISpfsc)\n", dev->name, skb, peer->internal_id, &peer->endpoint.addr); ++dev->stats.rx_errors; ++dev->stats.rx_frame_errors; goto packet_processed; dishonest_packet_type: - net_dbg_ratelimited("%s: Packet is neither ipv4 nor ipv6 from peer %Lu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Packet is neither ipv4 nor ipv6 from peer %llu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); ++dev->stats.rx_errors; ++dev->stats.rx_frame_errors; goto packet_processed; dishonest_packet_size: - net_dbg_ratelimited("%s: Packet has incorrect size from peer %Lu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Packet has incorrect size from peer %llu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); ++dev->stats.rx_errors; ++dev->stats.rx_length_errors; goto packet_processed; @@ -381,7 +383,7 @@ void packet_rx_worker(struct work_struct *work) goto next; if (unlikely(!counter_validate(&keypair->receiving.counter, PACKET_CB(skb)->nonce))) { - net_dbg_ratelimited("%s: Packet has invalid nonce %Lu (max %Lu)\n", peer->device->dev->name, PACKET_CB(skb)->nonce, keypair->receiving.counter.receive.counter); + net_dbg_ratelimited("%s: Packet has invalid nonce %llu (max %llu)\n", peer->device->dev->name, PACKET_CB(skb)->nonce, keypair->receiving.counter.receive.counter); goto next; } @@ -28,7 +28,7 @@ static void packet_send_handshake_initiation(struct wireguard_peer *peer) peer->last_sent_handshake = get_jiffies_64(); up_write(&peer->handshake.lock); - net_dbg_ratelimited("%s: Sending handshake initiation to peer %Lu (%pISpfsc)\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Sending handshake initiation to peer %llu (%pISpfsc)\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr); if (noise_handshake_create_initiation(&packet, &peer->handshake)) { cookie_add_mac_to_packet(&packet, sizeof(packet), peer); @@ -66,7 +66,7 @@ void packet_send_handshake_response(struct wireguard_peer *peer) { struct message_handshake_response packet; - net_dbg_ratelimited("%s: Sending handshake response to peer %Lu (%pISpfsc)\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Sending handshake response to peer %llu (%pISpfsc)\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr); peer->last_sent_handshake = get_jiffies_64(); if (noise_handshake_create_response(&packet, &peer->handshake)) { @@ -174,7 +174,7 @@ void packet_send_keepalive(struct wireguard_peer *peer) skb_reserve(skb, DATA_PACKET_HEAD_ROOM); skb->dev = peer->device->dev; skb_queue_tail(&peer->staged_packet_queue, skb); - net_dbg_ratelimited("%s: Sending keepalive packet to peer %Lu (%pISpfsc)\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr); + net_dbg_ratelimited("%s: Sending keepalive packet to peer %llu (%pISpfsc)\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr); } packet_send_staged_packets(peer); @@ -184,6 +184,7 @@ void packet_send_keepalive(struct wireguard_peer *peer) static inline void skb_free_null_queue(struct sk_buff *first) { struct sk_buff *skb, *next; + skb_walk_null_queue_safe (first, skb, next) dev_kfree_skb(skb); } diff --git a/src/socket.c b/src/socket.c index 913ad0a..d2e80d9 100644 --- a/src/socket.c +++ b/src/socket.c @@ -263,6 +263,7 @@ out: void socket_set_peer_endpoint_from_skb(struct wireguard_peer *peer, const struct sk_buff *skb) { struct endpoint endpoint; + if (!socket_endpoint_from_skb(&endpoint, skb)) socket_set_peer_endpoint(peer, &endpoint); } diff --git a/src/socket.h b/src/socket.h index f579d93..4f83926 100644 --- a/src/socket.h +++ b/src/socket.h @@ -27,7 +27,7 @@ void socket_clear_peer_endpoint_src(struct wireguard_peer *peer); struct endpoint __endpoint; \ socket_endpoint_from_skb(&__endpoint, skb); \ net_dbg_ratelimited(fmt, dev, &__endpoint.addr, ##__VA_ARGS__); \ -} while(0) +} while (0) #else #define net_dbg_skb_ratelimited(fmt, skb, ...) #endif diff --git a/src/timers.c b/src/timers.c index 2838821..53a082b 100644 --- a/src/timers.c +++ b/src/timers.c @@ -35,7 +35,7 @@ static void expired_retransmit_handshake(unsigned long ptr) peer_get_from_ptr(ptr); if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES) { - pr_debug("%s: Handshake for peer %Lu (%pISpfsc) did not complete after %d attempts, giving up\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, MAX_TIMER_HANDSHAKES + 2); + pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d attempts, giving up\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, MAX_TIMER_HANDSHAKES + 2); if (likely(timers_active(peer))) del_timer(&peer->timer_send_keepalive); @@ -49,7 +49,7 @@ static void expired_retransmit_handshake(unsigned long ptr) mod_timer(&peer->timer_zero_key_material, jiffies + (REJECT_AFTER_TIME * 3)); } else { ++peer->timer_handshake_attempts; - pr_debug("%s: Handshake for peer %Lu (%pISpfsc) did not complete after %d seconds, retrying (try %d)\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, REKEY_TIMEOUT / HZ, peer->timer_handshake_attempts + 1); + pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d seconds, retrying (try %d)\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, REKEY_TIMEOUT / HZ, peer->timer_handshake_attempts + 1); /* We clear the endpoint address src address, in case this is the cause of trouble. */ socket_clear_peer_endpoint_src(peer); @@ -76,7 +76,7 @@ static void expired_new_handshake(unsigned long ptr) { peer_get_from_ptr(ptr); - pr_debug("%s: Retrying handshake with peer %Lu (%pISpfsc) because we stopped hearing back after %d seconds\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) / HZ); + pr_debug("%s: Retrying handshake with peer %llu (%pISpfsc) because we stopped hearing back after %d seconds\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) / HZ); /* We clear the endpoint address src address, in case this is the cause of trouble. */ socket_clear_peer_endpoint_src(peer); packet_send_queued_handshake_initiation(peer, false); @@ -94,7 +94,7 @@ static void queued_expired_zero_key_material(struct work_struct *work) { struct wireguard_peer *peer = container_of(work, struct wireguard_peer, clear_peer_work); - pr_debug("%s: Zeroing out all keys for peer %Lu (%pISpfsc), since we haven't received a new one in %d seconds\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, (REJECT_AFTER_TIME * 3) / HZ); + pr_debug("%s: Zeroing out all keys for peer %llu (%pISpfsc), since we haven't received a new one in %d seconds\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, (REJECT_AFTER_TIME * 3) / HZ); noise_handshake_clear(&peer->handshake); noise_keypairs_clear(&peer->keypairs); peer_put(peer); |