From 229840974084340dab14fd8b12c4c72b6e8072c0 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sat, 24 Apr 2021 12:51:12 -0400 Subject: if_wg: count on peers always having a remote We do a pretty nasty hack in the allowedips selftest to avoid having to allocate more memory. Seems to work. Signed-off-by: Jason A. Donenfeld --- TODO.md | 8 ++------ src/if_wg.c | 6 +----- src/selftest/allowedips.c | 2 ++ 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/TODO.md b/TODO.md index ad85d72..36756c9 100644 --- a/TODO.md +++ b/TODO.md @@ -1,20 +1,16 @@ -### Primary systems TODO +### Primary TODO - Finish porting [this script](https://git.zx2c4.com/wireguard-linux/tree/tools/testing/selftests/wireguard/netns.sh) to `./tests/netns.sh` using vnets and epairs. -- Rework locking and epoch lifetimes; come up with consistent set of rules. - Shore up vnet support and races/locking around moving between vnets. - Work out `priv_check` from vnet perspective. (There's no `ns_capable()` on FreeBSD, just `capable()`, which makes it a bit weird for one jail to have permissions in another.) - Make code style consistent with one FreeBSD way, rather than a mix of styles. -- Make sure noise state machine is correct. -- Investigate whether the allowed ips lookup structure needs reference - counting. ### Crypto TODO -- Do packet encryption using opencrypto/ with sg lists on the mbuf, so that we don't need to linearize mbufs. +- Do packet encryption using opencrypto/ with sg lists on the mbuf. - Send 25519 upstream to sys/crypto, and port to it. - Send simple chapoly upstream to sys/crypto, and port to it. - Port to sys/crypto's blake2s implementation. diff --git a/src/if_wg.c b/src/if_wg.c index 01888f9..095a4f3 100644 --- a/src/if_wg.c +++ b/src/if_wg.c @@ -634,11 +634,7 @@ wg_aip_lookup(struct wg_softc *sc, sa_family_t af, void *a) node = root->rnh_matchaddr(&addr, &root->rh); if (node != NULL) { peer = ((struct wg_aip *)node)->a_peer; - /* If we have a remote, we should take a reference. The only - * cases where we don't have a remote is in the allowedips - * selftest. */ - if (peer->p_remote != NULL) - noise_remote_ref(peer->p_remote); + noise_remote_ref(peer->p_remote); } else { peer = NULL; } diff --git a/src/selftest/allowedips.c b/src/selftest/allowedips.c index 294bb19..889118a 100644 --- a/src/selftest/allowedips.c +++ b/src/selftest/allowedips.c @@ -233,6 +233,7 @@ static bool randomized_test(void) } LIST_INIT(&peers[i]->p_aips); peers[i]->p_aips_num = 0; + peers[i]->p_remote = (struct noise_remote *)peers[i]; } if (!test_aip_init(&sc)) { @@ -389,6 +390,7 @@ static struct wg_peer *init_peer(void) return NULL; LIST_INIT(&peer->p_aips); peer->p_aips_num = 0; + peer->p_remote = (struct noise_remote *)peer; // Kind of dangerous, but probably fine. return peer; } -- cgit v1.2.3-59-g8ed1b