From 4947482e22600b07b18b76c38901d648eaae7745 Mon Sep 17 00:00:00 2001 From: Matt Dunwoodie Date: Thu, 22 Apr 2021 15:22:53 +1000 Subject: [PATCH] if_wg: better loop detection While it was nice to have per peer loop detection, it was not meant to be. The loop tag has a tag type == 0, which conflicts with other tags. Therefore we want to at least be a little bit more sure that the tag cookie is unique to the loop tag. I guess the peer address was also quite hacky so on the other side, I'm glad to be rid of that. Now we have a loop of 8 (to any peer) which should be good enough for an edge case operation. Signed-off-by: Matt Dunwoodie --- src/if_wg.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/if_wg.c b/src/if_wg.c index 46a9910..9984a1e 100644 --- a/src/if_wg.c +++ b/src/if_wg.c @@ -272,6 +272,9 @@ struct wg_softc { #define WGF_DYING 0x0001 +#define MAX_LOOPS 8 +#define MTAG_WGLOOP 0x77676c70 /* wglp */ + /* TODO the following defines are freebsd specific, we should see what is * necessary and cleanup from there (i suspect a lot can be junked). */ @@ -2006,9 +2009,7 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m) goto err; } - /* Detect packet loops, TODO make better unique identifier than p_id - * (because it is truncated from uint64_t to uint32_t). */ - if (__predict_false(if_tunnel_check_nesting(ifp, m, peer->p_id, 1))) { + if (__predict_false(if_tunnel_check_nesting(ifp, m, MTAG_WGLOOP, MAX_LOOPS))) { DPRINTF(sc, "Packet looped"); rc = ELOOP; goto err;