aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-25 21:48:49 +0100
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-25 21:48:49 +0100
commitac379afdfef35ba5ccaf99e30b80afc253fe67f2 (patch)
tree58b82870b753bb5632b915b8e1e7e144c1c46e69
parentAdjust wg_encrypt (diff)
downloadwireguard-openbsd-ac379afdfef35ba5ccaf99e30b80afc253fe67f2.tar.xz
wireguard-openbsd-ac379afdfef35ba5ccaf99e30b80afc253fe67f2.zip
Move bpf_mtap to synchronous parts of the code
This made TCP debugging difficult as packets that were sent in order were BPF'd out of order in the parallel encrypt/decrypt function.
-rw-r--r--src/if_wg.c22
1 files changed, 11 insertions, 11 deletions
diff --git a/src/if_wg.c b/src/if_wg.c
index 751072a..21cb459 100644
--- a/src/if_wg.c
+++ b/src/if_wg.c
@@ -673,11 +673,6 @@ wg_encrypt(struct mbuf *m)
goto free;
}
-#if NBPFILTER > 0
- if (p->p_sc->sc_if.if_bpf && m->m_pkthdr.len > 0)
- bpf_mtap_af(p->p_sc->sc_if.if_bpf, m->m_pkthdr.ph_family, m,
- BPF_DIRECTION_OUT);
-#endif
if (plain_len > 0) {
p->p_tx_bytes += m->m_pkthdr.len;
counters_pkt(p->p_sc->sc_if.if_counters, ifc_opackets,
@@ -859,12 +854,6 @@ wg_decrypt(struct mbuf *m)
if (wg_softc_route_lookup(sc, m, false) != p)
goto error;
-#if NBPFILTER > 0
- if (sc->sc_if.if_bpf)
- bpf_mtap_af(sc->sc_if.if_bpf, m->m_pkthdr.ph_family, m,
- BPF_DIRECTION_IN);
-#endif
-
p->p_rx_bytes += m->m_pkthdr.len;
counters_pkt(sc->sc_if.if_counters, ifc_ipackets, ifc_ibytes,
m->m_pkthdr.len);
@@ -945,6 +934,12 @@ wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
return ENETUNREACH;
}
+#if NBPFILTER > 0
+ if (sc->sc_if.if_bpf)
+ bpf_mtap_af(sc->sc_if.if_bpf, m->m_pkthdr.ph_family, m,
+ BPF_DIRECTION_IN);
+#endif
+
if ((error = if_enqueue(ifp, m)) != 0) {
counters_inc(sc->sc_if.if_counters, ifc_oqdrops);
return error;
@@ -1013,6 +1008,11 @@ wg_input_deliver(struct mbuf *m)
else if (tag->t_state == WG_PKT_STATE_REQUEUED)
panic("unexpected state on: %p\n", m);
else if (tag->t_state == WG_PKT_STATE_DONE) {
+#if NBPFILTER > 0
+ if (sc->sc_if.if_bpf)
+ bpf_mtap_af(sc->sc_if.if_bpf, m->m_pkthdr.ph_family,
+ m, BPF_DIRECTION_OUT);
+#endif
fn_input = AF_VAL(m->m_pkthdr.ph_family, ipv4_input, ipv6_input);
NET_LOCK();
if (fn_input)