aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--TODO.md5
-rw-r--r--src/if_wg.c11
2 files changed, 12 insertions, 4 deletions
diff --git a/TODO.md b/TODO.md
index 36756c9f35c2..b4377e225580 100644
--- a/TODO.md
+++ b/TODO.md
@@ -7,6 +7,11 @@
FreeBSD, just `capable()`, which makes it a bit weird for one jail to have
permissions in another.)
- Make code style consistent with one FreeBSD way, rather than a mix of styles.
+- Send ICMP messages at the proper place.
+- Review all included headers, and minimize a bit.
+- Figure out clear locking rules for network stack stuff -- when different
+ functions run under what locks and what they race with. There's a lot of
+ weirdness with `wg_transmit`/`wg_output` to deal with.
### Crypto TODO
diff --git a/src/if_wg.c b/src/if_wg.c
index 095a4f37f8dc..19fccff37fea 100644
--- a/src/if_wg.c
+++ b/src/if_wg.c
@@ -2073,7 +2073,7 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m)
/* Work around lifetime issue in the ipv6 mld code. */
if (__predict_false((ifp->if_flags & IFF_DYING) || !sc)) {
rc = ENXIO;
- goto err;
+ goto err_free;
}
BPF_MTAP2(ifp, &af, sizeof(af), m);
@@ -2084,12 +2084,12 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m)
peer = wg_aip_lookup(sc, AF_INET6, &mtod(m, struct ip6_hdr *)->ip6_dst);
} else {
rc = EAFNOSUPPORT;
- goto err;
+ goto err_counter;
}
if (__predict_false(peer == NULL)) {
rc = ENOKEY;
- goto err;
+ goto err_counter;
}
if (__predict_false(if_tunnel_check_nesting(ifp, m, MTAG_WGLOOP, MAX_LOOPS))) {
@@ -2110,10 +2110,13 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m)
wg_peer_send_staged(peer);
noise_remote_put(peer->p_remote);
return (0);
+
err_peer:
noise_remote_put(peer->p_remote);
-err:
+err_counter:
if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
+ /* TODO: send ICMP unreachable? */
+err_free:
wg_packet_free(pkt);
return (rc);
}