diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-25 19:55:12 -0400 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-27 22:49:04 -0400 |
| commit | e2ea5947743ae4d7faa50459136b6553cbb6b3b8 (patch) | |
| tree | d009431291ce07b1d7851afd141670ee5274b2f7 /TODO.md | |
| parent | if_wg: do not increment error counter when sc is null (diff) | |
| download | wireguard-freebsd-e2ea5947743ae4d7faa50459136b6553cbb6b3b8.tar.xz wireguard-freebsd-e2ea5947743ae4d7faa50459136b6553cbb6b3b8.zip | |
if_wg: handle if_transmit and if_output properly
The netmap code goes directly to if_transmit, which means it'll bypass
if_output, in which case, there's no packet allocated. Also, we're
relying on if_output's sockaddr structure to be legit, but who knows
what types of userspace hijynxes can forge this. Rather than relying on
that kind of black magic, determine the AF from the actual packet
contents. But still insist that it agrees with the sockaddr.
The extraction of the type from AF_UNSPEC follows the same pattern as
if_gif and if_gre.
We also use this as an opportunity to send icmp error messages in the
right place.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'TODO.md')
| -rw-r--r-- | TODO.md | 4 |
1 files changed, 1 insertions, 3 deletions
@@ -7,11 +7,9 @@ FreeBSD, just `capable()`, which makes it a bit weird for one jail to have permissions in another.) - Make code style consistent with one FreeBSD way, rather than a mix of styles. -- Send ICMP messages at the proper place. - Review all included headers, and minimize a bit. - Figure out clear locking rules for network stack stuff -- when different - functions run under what locks and what they race with. There's a lot of - weirdness with `wg_transmit`/`wg_output` to deal with. + functions run under what locks and what they race with. ### Crypto TODO |