wg_cookie: hash vnet into ratelimiter entry

IPs mean different things per-vnet. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2021-04-22 21:53:13 -0600
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2021-04-22 21:56:52 -0600
commit: 0c227d384b21793edf15067d8b8397584c7db5fe (patch)
tree: 0a7af8ea2cfc4ea0bb584d080eb95011b3f1f694 /src/if_wg.c
parent: if_wg: properly use rn_inithead and rn_detachhead (diff)
download: wireguard-freebsd-0c227d384b21793edf15067d8b8397584c7db5fe.tar.xz
wireguard-freebsd-0c227d384b21793edf15067d8b8397584c7db5fe.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/if_wg.c b/src/if_wg.c
index b678f68..8680337 100644
--- a/src/if_wg.c
+++ b/src/if_wg.c
@@ -1288,7 +1288,8 @@ wg_handshake(struct wg_softc *sc, struct wg_packet *pkt)
 
 		res = cookie_checker_validate_macs(&sc->sc_cookie, &init->m,
 				init, sizeof(*init) - sizeof(init->m),
-				underload, &e->e_remote.r_sa);
+				underload, &e->e_remote.r_sa,
+				sc->sc_ifp->if_vnet);
 
 		if (res == EINVAL) {
 			DPRINTF(sc, "Invalid initiation MAC\n");
@@ -1321,7 +1322,8 @@ wg_handshake(struct wg_softc *sc, struct wg_packet *pkt)
 
 		res = cookie_checker_validate_macs(&sc->sc_cookie, &resp->m,
 				resp, sizeof(*resp) - sizeof(resp->m),
-				underload, &e->e_remote.r_sa);
+				underload, &e->e_remote.r_sa,
+				sc->sc_ifp->if_vnet);
 
 		if (res == EINVAL) {
 			DPRINTF(sc, "Invalid response MAC\n");
author	Jason A. Donenfeld <Jason@zx2c4.com>	2021-04-22 21:53:13 -0600
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2021-04-22 21:56:52 -0600
commit	0c227d384b21793edf15067d8b8397584c7db5fe (patch)
tree	0a7af8ea2cfc4ea0bb584d080eb95011b3f1f694 /src/if_wg.c
parent	if_wg: properly use rn_inithead and rn_detachhead (diff)
download	wireguard-freebsd-0c227d384b21793edf15067d8b8397584c7db5fe.tar.xz wireguard-freebsd-0c227d384b21793edf15067d8b8397584c7db5fe.zip