summaryrefslogtreecommitdiffhomepage
path: root/src/receive.c
AgeCommit message (Collapse)Author
2017-06-01receive: trim incoming packets to IP header lengthJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31timers: reset retry-attempt counter when not retryingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31timers: the completion of a handshake also is on key confirmationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-31debug: print interface name in dmesgJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-30handshake: process in parallelJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-09receive: netif_rx consumesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-08data: cleanup parallel workqueue and use two max_activeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-04data: simplify flowJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-04locking: always use _bhJason A. Donenfeld
All locks are potentially between user context and softirq, which means we need to take the _bh variant. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-20data: big refactoringJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-27receive: last_rx use is discouraged and removed in recent kernelsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10Update copyrightJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-13peer: don't use sockaddr_storage to reduce memory usageJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-11receive: simplify ip header checking logicJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-21headers: cleanup noticesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-16packets: consolidate constantsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-15various: nits from willyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-15debug: cleanup skb printingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-15socket: keep track of src address in sending packetsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-07send: simplify handshake initiation queueing and introduce lockJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-06debug: support dynamic debug on skb addrJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19receive: always send confirmation, even if queue is emptyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19timers: only have initiator rekeyJason A. Donenfeld
If it's time to rekey, and the responder sends a message, the initator will begin the rekeying when sending his response message. In the worst case, this response message will actually just be the keepalive. This generally works well, with the one edge case of the message arriving less than 10 seconds before key expiration, in which the keepalive is not sufficient. In this case, we simply rehandshake immediately. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19timers: always delay handshakes for responderJason A. Donenfeld
With the prior behavior, when sending a packet, we checked to see if it was about time to start a new handshake, and if we were past a certain time, we started it. For the responder, we made that time a bit further in the future than for the initiator, to prevent the thundering herd problem of them both starting at the same time. However, this was flawed. If both parties stopped communicating after 2.2 minutes, and then one party decided to initiate a TCP connection before the 3 minute mark, the currently open session would be used. However, because it was after the 2.2 minute mark, both peers would try to initiate a handshake upon sending their first packet. The errant flow was as follows: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and initiates new handshake. Since these events happened after the 2.2 minute mark, there's no delay between handshake initiations, and problems begin. The new behavior is changed to: 1. Peer A sends SYN. 2. Peer A sees that his key is getting old and initiates new handshake. 3. Peer B receives SYN and sends ACK. 4. Peer B sees that his key is getting old and schedules a delayed handshake for 12.5 seconds in the future. 5. Peer B receives handshake initiation and cancels scheduled handshake. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-10-19debug: keep alive -> keepaliveJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-09-29Rework headers and includesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-29send: properly encapsulate ECNJason A. Donenfeld
We're not leaking the DSCP, but we do deal with ECN. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-10receive: assume we usually succeed with userspaceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-10receive: no need to test for !lenJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-10persistent keepalive: use authenticated keepalivesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-08timers: rename *authorized* functions to *authenticated*Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-08persistent keepalive: add kernel mechanismJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-03receive: protect against impossible conditionsJason A. Donenfeld
It should never be the case that skb->head + skb->transport_header - skb->data is greater than 2^16, but in case the kernel network stack borks this at some point in the future, we don't want this to slyly introduce a vulnerability into WireGuard. Further, really smart compilers might be able to make deductions about data_offset, and optimize accordingly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-01receive: error conditions are unlikelyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-06-25Initial commitJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>