diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-22 21:53:13 -0600 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-22 21:56:52 -0600 |
commit | 0c227d384b21793edf15067d8b8397584c7db5fe (patch) | |
tree | 0a7af8ea2cfc4ea0bb584d080eb95011b3f1f694 /src/if_wg.c | |
parent | if_wg: properly use rn_inithead and rn_detachhead (diff) | |
download | wireguard-freebsd-0c227d384b21793edf15067d8b8397584c7db5fe.tar.xz wireguard-freebsd-0c227d384b21793edf15067d8b8397584c7db5fe.zip |
wg_cookie: hash vnet into ratelimiter entry
IPs mean different things per-vnet.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/if_wg.c')
-rw-r--r-- | src/if_wg.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/if_wg.c b/src/if_wg.c index b678f68..8680337 100644 --- a/src/if_wg.c +++ b/src/if_wg.c @@ -1288,7 +1288,8 @@ wg_handshake(struct wg_softc *sc, struct wg_packet *pkt) res = cookie_checker_validate_macs(&sc->sc_cookie, &init->m, init, sizeof(*init) - sizeof(init->m), - underload, &e->e_remote.r_sa); + underload, &e->e_remote.r_sa, + sc->sc_ifp->if_vnet); if (res == EINVAL) { DPRINTF(sc, "Invalid initiation MAC\n"); @@ -1321,7 +1322,8 @@ wg_handshake(struct wg_softc *sc, struct wg_packet *pkt) res = cookie_checker_validate_macs(&sc->sc_cookie, &resp->m, resp, sizeof(*resp) - sizeof(resp->m), - underload, &e->e_remote.r_sa); + underload, &e->e_remote.r_sa, + sc->sc_ifp->if_vnet); if (res == EINVAL) { DPRINTF(sc, "Invalid response MAC\n"); |