aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-22 18:23:46 +0200
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-22 18:26:32 +0200
commit85419852b06bd208d757bb21c0af349b80840098 (patch)
treee82b53e460ebf004dc112139e05819a270ec359c
parentSet the number of threads to the ncpus (diff)
downloadwireguard-openbsd-85419852b06bd208d757bb21c0af349b80840098.tar.xz
wireguard-openbsd-85419852b06bd208d757bb21c0af349b80840098.zip
Fix cookie send now we don't have wg_output_deliver_mbuf
-rw-r--r--src/if_wg.c36
1 files changed, 26 insertions, 10 deletions
diff --git a/src/if_wg.c b/src/if_wg.c
index c01ea01..0c7f74b 100644
--- a/src/if_wg.c
+++ b/src/if_wg.c
@@ -152,12 +152,11 @@ void wg_peer_new_session(struct wg_peer *);
void wg_peer_send_initiation(struct wg_peer *);
void wg_peer_send_response(struct wg_peer *);
void wg_peer_send_keepalive(struct wg_peer *);
+
void wg_encrypt_hs(struct mbuf *);
void wg_encrypt(struct mbuf *);
-
void wg_decrypt_hs(struct mbuf *);
void wg_decrypt(struct mbuf *);
-void wg_rx_task_fn(void *);
void wg_start(struct ifnet *);
int wg_output(struct ifnet *, struct mbuf *, struct sockaddr *,
@@ -165,7 +164,6 @@ int wg_output(struct ifnet *, struct mbuf *, struct sockaddr *,
struct mbuf *wg_input(void *, struct mbuf *, struct sockaddr *, int);
void wg_input_deliver(struct mbuf *);
void wg_output_deliver(struct mbuf *);
-void wg_output_deliver_buf(struct wg_peer *, uint8_t *, size_t);
void wgattach(int);
int wg_clone_create(struct if_clone *, int);
@@ -410,18 +408,36 @@ wg_mbuf_ratelimit(struct wg_softc *sc, struct mbuf *m)
* bruteforce attack with a spoofed source address. We can use the
* cookie to validate the source address. TODO calcluate a good
* default value for high load, rather than just 10. */
-
if (bb_load(&wg_bb) > 10 && e == WG_MAC) {
- struct wg_msg_cookie cookie;
-
- wg_handshake_make_cookie(&sc->sc_kp, &c, sender, mac, &cookie);
+ int error;
+ struct socket *so;
+ struct mbuf peernam;
+ struct mbuf *m = m_clget(NULL, M_WAITOK,
+ sizeof(struct wg_msg_cookie));
+ struct wg_msg_cookie *cookie = mtod(m, struct wg_msg_cookie *);
DPRINTF(sc, "transmit cookie\n");
- /* TODO handle cookie out */
- //wg_output_deliver_buf(p, (uint8_t *) &cookie, sizeof(cookie));
+ wg_handshake_make_cookie(&sc->sc_kp, &c, sender, mac, cookie);
+
+ bzero(&peernam, sizeof(struct mbuf));
+
+ peernam.m_type = MT_SONAME;
+ peernam.m_data = (caddr_t) ip;
+ peernam.m_len = ip->sa.sa_len;
- return -1;
+ so = AF_VAL(ip->sa.sa_family, sc->sc_so4, sc->sc_so6);
+ /* TODO solock */
+ NET_RLOCK();
+ so = AF_VAL(p->p_ip.sa.sa_family, sc->sc_so4, sc->sc_so6);
+ if (so) {
+ if ((error = so->so_proto->pr_usrreq(so, PRU_SEND, m,
+ &peernam, NULL, NULL)) != 0)
+ DPRINTF(sc, "unable to send: %d\n", error);
+ } else {
+ m_freem(m);
+ }
+ NET_RUNLOCK();
}
/* If we get to here, we either have a valid packet, or we are under