diff options
author | Florent Daigniere <nextgens@freenetproject.org> | 2019-02-26 18:21:55 +0100 |
---|---|---|
committer | Florent Daigniere <nextgens@freenetproject.org> | 2019-02-26 18:21:55 +0100 |
commit | 9a55ed93e914d271167144b928411841e3472db9 (patch) | |
tree | d6006cd9e5e8ececa75c418f10ac2bb7c2415a00 | |
parent | send: propagate DSCP bits to the outer tunnel (diff) | |
download | wireguard-monolithic-historical-fd/propagate-DSCP-bits.tar.xz wireguard-monolithic-historical-fd/propagate-DSCP-bits.zip |
receive: fix the ECN-related behaviourfd/propagate-DSCP-bits
Match what the kernel would do; drop packets when it would
Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
-rw-r--r-- | src/receive.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/receive.c b/src/receive.c index 51d06d3..afc2fce 100644 --- a/src/receive.c +++ b/src/receive.c @@ -394,13 +394,21 @@ static void wg_packet_consume_data_done(struct wg_peer *peer, len = ntohs(ip_hdr(skb)->tot_len); if (unlikely(len < sizeof(struct iphdr))) goto dishonest_packet_size; - if (INET_ECN_is_ce(PACKET_CB(skb)->ds)) - IP_ECN_set_ce(ip_hdr(skb)); + if (INET_ECN_decapsulate(skb, PACKET_CB(skb)->ds, ip_tunnel_get_dsfield(ip_hdr(skb), skb)) == 2) { + net_dbg_ratelimited("%s: Dropping packet (ECN) from peer %llu (%pISpfsc)\n", + dev->name, peer->internal_id, + &peer->endpoint.addr); + goto packet_processed; + } } else if (skb->protocol == htons(ETH_P_IPV6)) { len = ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr); - if (INET_ECN_is_ce(PACKET_CB(skb)->ds)) - IP6_ECN_set_ce(skb, ipv6_hdr(skb)); + if (INET_ECN_decapsulate(skb, PACKET_CB(skb)->ds, ip_tunnel_get_dsfield(ip_hdr(skb), skb)) == 2) { + net_dbg_ratelimited("%s: Dropping packet (ECN) from peer %llu (%pISpfsc)\n", + dev->name, peer->internal_id, + &peer->endpoint.addr); + goto packet_processed; + } } else { goto dishonest_packet_type; } |