mirror of
git://git.zx2c4.com/wireguard-freebsd
synced 2024-09-22 08:12:10 +02:00
if_wg: better loop detection
While it was nice to have per peer loop detection, it was not meant to be. The loop tag has a tag type == 0, which conflicts with other tags. Therefore we want to at least be a little bit more sure that the tag cookie is unique to the loop tag. I guess the peer address was also quite hacky so on the other side, I'm glad to be rid of that. Now we have a loop of 8 (to any peer) which should be good enough for an edge case operation. Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
This commit is contained in:
parent
eb2d6d7d14
commit
4947482e22
@ -272,6 +272,9 @@ struct wg_softc {
|
|||||||
|
|
||||||
#define WGF_DYING 0x0001
|
#define WGF_DYING 0x0001
|
||||||
|
|
||||||
|
#define MAX_LOOPS 8
|
||||||
|
#define MTAG_WGLOOP 0x77676c70 /* wglp */
|
||||||
|
|
||||||
/* TODO the following defines are freebsd specific, we should see what is
|
/* TODO the following defines are freebsd specific, we should see what is
|
||||||
* necessary and cleanup from there (i suspect a lot can be junked). */
|
* necessary and cleanup from there (i suspect a lot can be junked). */
|
||||||
|
|
||||||
@ -2006,9 +2009,7 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Detect packet loops, TODO make better unique identifier than p_id
|
if (__predict_false(if_tunnel_check_nesting(ifp, m, MTAG_WGLOOP, MAX_LOOPS))) {
|
||||||
* (because it is truncated from uint64_t to uint32_t). */
|
|
||||||
if (__predict_false(if_tunnel_check_nesting(ifp, m, peer->p_id, 1))) {
|
|
||||||
DPRINTF(sc, "Packet looped");
|
DPRINTF(sc, "Packet looped");
|
||||||
rc = ELOOP;
|
rc = ELOOP;
|
||||||
goto err;
|
goto err;
|
||||||
|
Loading…
Reference in New Issue
Block a user