diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-24 04:27:30 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-26 12:35:06 +0200 |
| commit | 1b2d7311001c98f1f32c739e7603a4247f5022ce (patch) | |
| tree | 072a4473e9e398116de0d4bf43eaac439fbaac8d /src/device.c | |
| parent | compat: clean up cruft (diff) | |
| download | wireguard-monolithic-historical-1b2d7311001c98f1f32c739e7603a4247f5022ce.tar.xz wireguard-monolithic-historical-1b2d7311001c98f1f32c739e7603a4247f5022ce.zip | |
device: remove icmp conntrack hacks
This logic belongs upstream.
Diffstat (limited to 'src/device.c')
| -rw-r--r-- | src/device.c | 39 |
1 files changed, 6 insertions, 33 deletions
diff --git a/src/device.c b/src/device.c index 1b7e151..22632e5 100644 --- a/src/device.c +++ b/src/device.c @@ -22,10 +22,6 @@ #include <net/rtnetlink.h> #include <net/ip_tunnels.h> #include <net/addrconf.h> -#if IS_ENABLED(CONFIG_NF_CONNTRACK) -#include <net/netfilter/nf_conntrack.h> -#include <net/netfilter/nf_nat_core.h> -#endif static LIST_HEAD(device_list); @@ -110,34 +106,6 @@ static int stop(struct net_device *dev) return 0; } -static void skb_unsendable(struct sk_buff *skb, struct net_device *dev) -{ -#if IS_ENABLED(CONFIG_NF_CONNTRACK) - /* This conntrack stuff is because the rate limiting needs to be applied - * to the original src IP, so we have to restore saddr in the IP header. - * It's not needed if conntracking isn't in the kernel, because in that - * case the saddr wouldn't be NAT-transformed anyway. */ - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); -#endif - ++dev->stats.tx_errors; - - if (skb->len >= sizeof(struct iphdr) && ip_hdr(skb)->version == 4) { -#if IS_ENABLED(CONFIG_NF_CONNTRACK) - if (ct) - ip_hdr(skb)->saddr = ct->tuplehash[0].tuple.src.u3.ip; -#endif - icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0); - } else if (skb->len >= sizeof(struct ipv6hdr) && ip_hdr(skb)->version == 6) { -#if IS_ENABLED(CONFIG_NF_CONNTRACK) - if (ct) - ipv6_hdr(skb)->saddr = ct->tuplehash[0].tuple.src.u3.in6; -#endif - icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0); - } - kfree_skb(skb); -} - static netdev_tx_t xmit(struct sk_buff *skb, struct net_device *dev) { struct wireguard_device *wg = netdev_priv(dev); @@ -205,7 +173,12 @@ static netdev_tx_t xmit(struct sk_buff *skb, struct net_device *dev) err_peer: peer_put(peer); err: - skb_unsendable(skb, dev); + ++dev->stats.tx_errors; + if (skb->protocol == htons(ETH_P_IP)) + icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0); + else if (skb->protocol == htons(ETH_P_IPV6)) + icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0); + kfree_skb(skb); return ret; } |