path: root/TODO.md
diff options
authorMatt Dunwoodie <ncon@noconroy.net>2021-04-23 11:31:35 +1000
committerMatt Dunwoodie <ncon@noconroy.net>2021-04-23 12:17:04 +1000
commit69d65f583c18782b3b2fd302cbd310e6b9e7d7b5 (patch)
treeaa0c14cbc4f3f05cc3ce750a62fa58c0b22ddac1 /TODO.md
parentwg_cookie: make ratelimiter global (diff)
wg_cookie: add cookie_valid bool
Primarily this commit adds a cookie_valid state, to prevent a recently booted machine from sending a mac2. We also do a little bit of reworking on locking and a fixup for int to bool. There is one slight difference to cookie_valid (latest_cookie.is_valid) on Linux and that is to set cookie_valid to false when the cookie_birthdate has expired. The purpose of this is to prevent the expensive timer check after it has expired. For the locking, we want to hold a write lock in cookie_maker_mac because we write to mac1_last, mac1_valid and cookie_valid. This wouldn't cause too much contention as this is a per peer lock and we only do so when sending handshake packets. This is different from Linux as Linux writes all it's variables at the start, then downgrades to a read lock. We also match cookie_maker_consume_payload locking to Linux, that is to read lock while checking mac1_valid and decrypting the cookie then take a write lock to set the cookie. Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
Diffstat (limited to 'TODO.md')
1 files changed, 0 insertions, 3 deletions
diff --git a/TODO.md b/TODO.md
index 5f68380..3d13a8f 100644
--- a/TODO.md
+++ b/TODO.md
@@ -9,9 +9,6 @@
permissions in another.)
- Make code style consistent with one FreeBSD way, rather than a mix of styles.
- Make sure noise state machine is correct.
-- The cookie logic appears to be broken in unusual ways, in particular right
- after boot up. Audit and compare all `is_valid` checks, as well as
- `have_sent_mac1` guards.
- Investigate whether the allowed ips lookup structure needs reference
- Handle failures of `rn_inithead` and remember to call `rn_detachhead`