aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/messages.h2
-rw-r--r--src/queueing.h10
-rw-r--r--src/receive.c2
-rw-r--r--src/send.c7
4 files changed, 17 insertions, 4 deletions
diff --git a/src/messages.h b/src/messages.h
index f415cdd..1d1ed18 100644
--- a/src/messages.h
+++ b/src/messages.h
@@ -32,7 +32,7 @@ enum cookie_values {
};
enum counter_values {
- COUNTER_BITS_TOTAL = 2048,
+ COUNTER_BITS_TOTAL = 8192,
COUNTER_REDUNDANT_BITS = BITS_PER_LONG,
COUNTER_WINDOW_SIZE = COUNTER_BITS_TOTAL - COUNTER_REDUNDANT_BITS
};
diff --git a/src/queueing.h b/src/queueing.h
index fe6e5c9..ebad8d2 100644
--- a/src/queueing.h
+++ b/src/queueing.h
@@ -87,15 +87,23 @@ static inline bool wg_check_packet_protocol(struct sk_buff *skb)
return real_protocol && skb->protocol == real_protocol;
}
-static inline void wg_reset_packet(struct sk_buff *skb)
+static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating)
{
const int pfmemalloc = skb->pfmemalloc;
+ u8 l4_hash = skb->l4_hash;
+ u8 sw_hash = skb->sw_hash;
+ u32 hash = skb->hash;
skb_scrub_packet(skb, true);
memset(&skb->headers_start, 0,
offsetof(struct sk_buff, headers_end) -
offsetof(struct sk_buff, headers_start));
skb->pfmemalloc = pfmemalloc;
+ if (encapsulating) {
+ skb->l4_hash = l4_hash;
+ skb->sw_hash = sw_hash;
+ skb->hash = hash;
+ }
skb->queue_mapping = 0;
skb->nohdr = 0;
skb->peeked = 0;
diff --git a/src/receive.c b/src/receive.c
index c60d2ff..4585e7c 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -488,7 +488,7 @@ int wg_packet_rx_poll(struct napi_struct *napi, int budget)
if (unlikely(wg_socket_endpoint_from_skb(&endpoint, skb)))
goto next;
- wg_reset_packet(skb);
+ wg_reset_packet(skb, false);
wg_packet_consume_data_done(peer, skb, &endpoint);
free = false;
diff --git a/src/send.c b/src/send.c
index 3baae7f..700749c 100644
--- a/src/send.c
+++ b/src/send.c
@@ -169,6 +169,11 @@ static bool encrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair,
struct sk_buff *trailer;
int num_frags;
+ /* Force hash calculation before encryption so that flow analysis is
+ * consistent over the inner packet.
+ */
+ skb_get_hash(skb);
+
/* Calculate lengths. */
padding_len = calculate_skb_padding(skb);
trailer_len = padding_len + noise_encrypted_len(0);
@@ -301,7 +306,7 @@ void wg_packet_encrypt_worker(struct work_struct *work)
if (likely(encrypt_packet(skb,
PACKET_CB(first)->keypair,
&simd_context))) {
- wg_reset_packet(skb);
+ wg_reset_packet(skb, true);
} else {
state = PACKET_STATE_DEAD;
break;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.