summaryrefslogtreecommitdiffstats
path: root/src/wireguard.h
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-08-22 20:02:14 +1000
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-08-22 21:52:16 +1000
commit0f81dae44d741a3ce2c6d1a59413c3703612b5f0 (patch)
tree14c3959e21414b0ac46b7761fc78bc2adb5eb6ef /src/wireguard.h
parentActually make sure wg.4 gets included in build (diff)
downloadwireguard-openbsd-0f81dae44d741a3ce2c6d1a59413c3703612b5f0.tar.xz
wireguard-openbsd-0f81dae44d741a3ce2c6d1a59413c3703612b5f0.zip
Add bloombucket.h for ratelimiting.
In my perpetual quest for allocationless datastructures, this bloombucket attempts to rate limit an arbitrary number of peers during initiation. It works on a mix of a bloom filter and a token bucket, and has configurable parameters for size and number of hashes. The hashes are kept independent by using unique siphash keys. The idea is that a unique input, in this case the peer ip will be hashed into multiple buckets, and each of those buckets incremented. When evaluating if a packet should be rate limited, it sees if at least one of those buckets is not at the threshold. I don't have any good mathematical notes behind this, but will need to sit down and do some tests to get some sane defaults for the values.
Diffstat (limited to 'src/wireguard.h')
-rw-r--r--src/wireguard.h5
1 files changed, 2 insertions, 3 deletions
diff --git a/src/wireguard.h b/src/wireguard.h
index 44872b49c37..d53f2ee9fa4 100644
--- a/src/wireguard.h
+++ b/src/wireguard.h
@@ -217,8 +217,7 @@ void wg_session_clean(struct wg_session *);
enum wg_error wg_handshake_make_initiation(struct wg_handshake *, uint32_t, struct wg_msg_initiation *);
enum wg_error wg_handshake_make_response(struct wg_handshake *, uint32_t, struct wg_msg_response *);
-enum wg_error wg_handshake_make_cookie(struct wg_keypair *kp, struct wg_cookie *, uint32_t, uint8_t mac[WG_MAC_SIZE], struct wg_msg_cookie *);
-enum wg_error wg_handshake_make_cookie(struct wg_keypair *, struct wg_cookie *, uint32_t sender, uint8_t mac[WG_MAC_SIZE], struct wg_msg_cookie *m);
+enum wg_error wg_handshake_make_cookie(struct wg_keypair *, struct wg_cookie *, uint32_t, uint8_t [WG_MAC_SIZE], struct wg_msg_cookie *);
enum wg_error wg_handshake_recv_initiation(struct wg_handshake *, struct wg_keypair *, struct wg_msg_initiation *);
enum wg_error wg_handshake_recv_response(struct wg_handshake *, struct wg_msg_response *);
@@ -235,7 +234,7 @@ enum wg_error wg_session_from_handshake(struct wg_session *, struct wg_handshake
void wg_keypair_from_bytes(struct wg_keypair *, const uint8_t [WG_KEY_SIZE]);
void wg_keypair_generate(struct wg_keypair *);
enum wg_pkt_type wg_pkt_type(uint8_t *, size_t);
-void wg_cookie_from_ip(struct wg_cookie *, struct wg_cookie_maker *, uint8_t *, uint8_t);
+void wg_cookie_from_token(struct wg_cookie *, struct wg_cookie_maker *, uint8_t *, uint8_t);
/* Timer functions */
void wg_timer_setup(struct wg_timers *, void *, void (*)(void *),