|author||Matt Dunwoodie <firstname.lastname@example.org>||2021-04-23 11:31:35 +1000|
|committer||Matt Dunwoodie <email@example.com>||2021-04-23 12:17:04 +1000|
|parent||wg_cookie: make ratelimiter global (diff)|
wg_cookie: add cookie_valid bool
Primarily this commit adds a cookie_valid state, to prevent a recently booted machine from sending a mac2. We also do a little bit of reworking on locking and a fixup for int to bool. There is one slight difference to cookie_valid (latest_cookie.is_valid) on Linux and that is to set cookie_valid to false when the cookie_birthdate has expired. The purpose of this is to prevent the expensive timer check after it has expired. For the locking, we want to hold a write lock in cookie_maker_mac because we write to mac1_last, mac1_valid and cookie_valid. This wouldn't cause too much contention as this is a per peer lock and we only do so when sending handshake packets. This is different from Linux as Linux writes all it's variables at the start, then downgrades to a read lock. We also match cookie_maker_consume_payload locking to Linux, that is to read lock while checking mac1_valid and decrypting the cookie then take a write lock to set the cookie. Signed-off-by: Matt Dunwoodie <firstname.lastname@example.org>
Diffstat (limited to 'TODO.md')
1 files changed, 0 insertions, 3 deletions
@@ -9,9 +9,6 @@
permissions in another.)
- Make code style consistent with one FreeBSD way, rather than a mix of styles.
- Make sure noise state machine is correct.
-- The cookie logic appears to be broken in unusual ways, in particular right
- after boot up. Audit and compare all `is_valid` checks, as well as
- `have_sent_mac1` guards.
- Investigate whether the allowed ips lookup structure needs reference
- Handle failures of `rn_inithead` and remember to call `rn_detachhead`