diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-24 12:51:12 -0400 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-24 12:58:12 -0400 |
commit | 229840974084340dab14fd8b12c4c72b6e8072c0 (patch) | |
tree | 8523a13d6e6da64933b4866265a4d40722393571 | |
parent | if_wg: ensure peer lifetime (diff) | |
download | wireguard-freebsd-229840974084340dab14fd8b12c4c72b6e8072c0.tar.xz wireguard-freebsd-229840974084340dab14fd8b12c4c72b6e8072c0.zip |
if_wg: count on peers always having a remote
We do a pretty nasty hack in the allowedips selftest to avoid having to
allocate more memory. Seems to work.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | TODO.md | 8 | ||||
-rw-r--r-- | src/if_wg.c | 6 | ||||
-rw-r--r-- | src/selftest/allowedips.c | 2 |
3 files changed, 5 insertions, 11 deletions
@@ -1,20 +1,16 @@ -### Primary systems TODO +### Primary TODO - Finish porting [this script](https://git.zx2c4.com/wireguard-linux/tree/tools/testing/selftests/wireguard/netns.sh) to `./tests/netns.sh` using vnets and epairs. -- Rework locking and epoch lifetimes; come up with consistent set of rules. - Shore up vnet support and races/locking around moving between vnets. - Work out `priv_check` from vnet perspective. (There's no `ns_capable()` on FreeBSD, just `capable()`, which makes it a bit weird for one jail to have permissions in another.) - Make code style consistent with one FreeBSD way, rather than a mix of styles. -- Make sure noise state machine is correct. -- Investigate whether the allowed ips lookup structure needs reference - counting. ### Crypto TODO -- Do packet encryption using opencrypto/ with sg lists on the mbuf, so that we don't need to linearize mbufs. +- Do packet encryption using opencrypto/ with sg lists on the mbuf. - Send 25519 upstream to sys/crypto, and port to it. - Send simple chapoly upstream to sys/crypto, and port to it. - Port to sys/crypto's blake2s implementation. diff --git a/src/if_wg.c b/src/if_wg.c index 01888f9..095a4f3 100644 --- a/src/if_wg.c +++ b/src/if_wg.c @@ -634,11 +634,7 @@ wg_aip_lookup(struct wg_softc *sc, sa_family_t af, void *a) node = root->rnh_matchaddr(&addr, &root->rh); if (node != NULL) { peer = ((struct wg_aip *)node)->a_peer; - /* If we have a remote, we should take a reference. The only - * cases where we don't have a remote is in the allowedips - * selftest. */ - if (peer->p_remote != NULL) - noise_remote_ref(peer->p_remote); + noise_remote_ref(peer->p_remote); } else { peer = NULL; } diff --git a/src/selftest/allowedips.c b/src/selftest/allowedips.c index 294bb19..889118a 100644 --- a/src/selftest/allowedips.c +++ b/src/selftest/allowedips.c @@ -233,6 +233,7 @@ static bool randomized_test(void) } LIST_INIT(&peers[i]->p_aips); peers[i]->p_aips_num = 0; + peers[i]->p_remote = (struct noise_remote *)peers[i]; } if (!test_aip_init(&sc)) { @@ -389,6 +390,7 @@ static struct wg_peer *init_peer(void) return NULL; LIST_INIT(&peer->p_aips); peer->p_aips_num = 0; + peer->p_remote = (struct noise_remote *)peer; // Kind of dangerous, but probably fine. return peer; } |