diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-10-27 02:38:51 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-10-27 14:20:00 +0200 |
commit | 159fc543658e9dbfe50f00f92e1a16c55cd06beb (patch) | |
tree | 38e3e5846c1c486c7753efb4138c35adc83e203c | |
parent | device: do not clear keys on sleep for PM_AUTOSLEEP (diff) | |
download | wireguard-monolithic-historical-159fc543658e9dbfe50f00f92e1a16c55cd06beb.tar.xz wireguard-monolithic-historical-159fc543658e9dbfe50f00f92e1a16c55cd06beb.zip |
receive: assume all levels have been checksumed, not just outer
This means we do less computation on encapsulated payloads.
-rw-r--r-- | src/receive.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/receive.c b/src/receive.c index d5bce92..81140e9 100644 --- a/src/receive.c +++ b/src/receive.c @@ -379,7 +379,14 @@ static void wg_packet_consume_data_done(struct wg_peer *peer, goto dishonest_packet_type; skb->dev = dev; + /* We've already verified the Poly1305 auth tag, which means this packet + * was not modified in transit. We can therefore tell the networking + * stack that all checksums of every layer of encapsulation have already + * been checked "by the hardware" and therefore is unneccessary to check + * again in software. + */ skb->ip_summed = CHECKSUM_UNNECESSARY; + skb->csum_level = ~0; /* All levels */ skb->protocol = wg_skb_examine_untrusted_ip_hdr(skb); if (skb->protocol == htons(ETH_P_IP)) { len = ntohs(ip_hdr(skb)->tot_len); |