aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/receive.c
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-10-27 02:38:51 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-10-27 14:20:00 +0200
commit159fc543658e9dbfe50f00f92e1a16c55cd06beb (patch)
tree38e3e5846c1c486c7753efb4138c35adc83e203c /src/receive.c
parentdevice: do not clear keys on sleep for PM_AUTOSLEEP (diff)
downloadwireguard-monolithic-historical-159fc543658e9dbfe50f00f92e1a16c55cd06beb.tar.xz
wireguard-monolithic-historical-159fc543658e9dbfe50f00f92e1a16c55cd06beb.zip
receive: assume all levels have been checksumed, not just outer
This means we do less computation on encapsulated payloads.
Diffstat (limited to 'src/receive.c')
-rw-r--r--src/receive.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/receive.c b/src/receive.c
index d5bce92..81140e9 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -379,7 +379,14 @@ static void wg_packet_consume_data_done(struct wg_peer *peer,
goto dishonest_packet_type;
skb->dev = dev;
+ /* We've already verified the Poly1305 auth tag, which means this packet
+ * was not modified in transit. We can therefore tell the networking
+ * stack that all checksums of every layer of encapsulation have already
+ * been checked "by the hardware" and therefore is unneccessary to check
+ * again in software.
+ */
skb->ip_summed = CHECKSUM_UNNECESSARY;
+ skb->csum_level = ~0; /* All levels */
skb->protocol = wg_skb_examine_untrusted_ip_hdr(skb);
if (skb->protocol == htons(ETH_P_IP)) {
len = ntohs(ip_hdr(skb)->tot_len);