diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2017-12-29 18:04:45 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-01-03 21:54:25 +0100 |
| commit | 399d76640a3f3144223a9601b9390b28200abea0 (patch) | |
| tree | 9b3c281d359cfeba71763ee89f774bd7572387fd /src | |
| parent | version: bump snapshot (diff) | |
| download | wireguard-monolithic-historical-399d76640a3f3144223a9601b9390b28200abea0.tar.xz wireguard-monolithic-historical-399d76640a3f3144223a9601b9390b28200abea0.zip | |
receive: treat packet checking as irrelevant for timers
Receiving any type of authenticated data is a receive and a traversal.
When it isn't a keepalive it's a data. That's our rule. Whether or not
it's the correct type of data or has the right IP header shouldn't
influence timer decisions.
Diffstat (limited to 'src')
| -rw-r--r-- | src/receive.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/receive.c b/src/receive.c index 683c856..529ec76 100644 --- a/src/receive.c +++ b/src/receive.c @@ -296,6 +296,9 @@ static void packet_consume_data_done(struct sk_buff *skb, struct endpoint *endpo keep_key_fresh(peer); + timers_any_authenticated_packet_received(peer); + timers_any_authenticated_packet_traversal(peer); + /* A packet with length 0 is a keepalive packet */ if (unlikely(!skb->len)) { rx_stats(peer, message_data_len(0)); @@ -303,6 +306,8 @@ static void packet_consume_data_done(struct sk_buff *skb, struct endpoint *endpo goto packet_processed; } + timers_data_received(peer); + if (unlikely(skb_network_header(skb) < skb->head)) goto dishonest_packet_size; if (unlikely(!(pskb_network_may_pull(skb, sizeof(struct iphdr)) && (ip_hdr(skb)->version == 4 || (ip_hdr(skb)->version == 6 && pskb_network_may_pull(skb, sizeof(struct ipv6hdr))))))) @@ -330,8 +335,6 @@ static void packet_consume_data_done(struct sk_buff *skb, struct endpoint *endpo if (unlikely(pskb_trim(skb, len))) goto packet_processed; - timers_data_received(peer); - routed_peer = allowedips_lookup_src(&peer->device->peer_allowedips, skb); peer_put(routed_peer); /* We don't need the extra reference. */ @@ -343,7 +346,7 @@ static void packet_consume_data_done(struct sk_buff *skb, struct endpoint *endpo net_dbg_ratelimited("%s: Failed to give packet to userspace from peer %llu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); } else rx_stats(peer, message_data_len(len_before_trim)); - goto continue_processing; + return; dishonest_packet_peer: net_dbg_skb_ratelimited("%s: Packet has unallowed src IP (%pISc) from peer %llu (%pISpfsc)\n", dev->name, skb, peer->internal_id, &peer->endpoint.addr); @@ -362,9 +365,6 @@ dishonest_packet_size: goto packet_processed; packet_processed: dev_kfree_skb(skb); -continue_processing: - timers_any_authenticated_packet_received(peer); - timers_any_authenticated_packet_traversal(peer); } void packet_rx_worker(struct work_struct *work) |