diff options
-rw-r--r-- | sys/net/if_wg.c | 65 |
1 files changed, 13 insertions, 52 deletions
diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c index e27a575cc1b..da65b48efd2 100644 --- a/sys/net/if_wg.c +++ b/sys/net/if_wg.c @@ -218,9 +218,6 @@ struct wg_peer { struct wg_index p_index[3]; LIST_HEAD(,wg_aip) p_aip; - - SLIST_ENTRY(wg_peer) p_start_list; - int p_start_onlist; }; struct wg_softc { @@ -433,8 +430,6 @@ wg_peer_create(struct wg_softc *sc, uint8_t public[WG_KEY_SIZE]) LIST_INIT(&peer->p_aip); - peer->p_start_onlist = 0; - idx = SipHash24(&sc->sc_secret, public, WG_KEY_SIZE); idx &= sc->sc_peer_mask; @@ -2066,43 +2061,6 @@ wg_input(void *_sc, struct mbuf *m, struct ip *ip, struct ip6_hdr *ip6, return NULL; } -void -wg_start(struct ifnet *ifp) -{ - struct wg_softc *sc = ifp->if_softc; - struct wg_peer *peer; - struct wg_tag *t; - struct mbuf *m; - SLIST_HEAD(,wg_peer) start_list; - - SLIST_INIT(&start_list); - - /* - * We should be OK to modify p_start_list, p_start_onlist in this - * function as the interface is not IFXF_MPSAFE and therefore should - * only be one instance of this function running at a time. These - * values are not modified anywhere else. - */ - while ((m = ifq_dequeue(&ifp->if_snd)) != NULL) { - t = wg_tag_get(m); - peer = t->t_peer; - if (mq_push(&peer->p_stage_queue, m) != 0) - counters_inc(ifp->if_counters, ifc_oqdrops); - if (!peer->p_start_onlist) { - SLIST_INSERT_HEAD(&start_list, peer, p_start_list); - peer->p_start_onlist = 1; - } - } - SLIST_FOREACH(peer, &start_list, p_start_list) { - if (noise_remote_ready(&peer->p_remote) == 0) - wg_queue_out(sc, peer); - else - wg_timers_event_want_initiation(&peer->p_timers); - peer->p_start_onlist = 0; - } - task_add(wg_crypt_taskq, &sc->sc_encap); -} - int wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, struct rtentry *rt) @@ -2120,11 +2078,11 @@ wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, } m->m_pkthdr.ph_family = sa->sa_family; - if (sa->sa_family == AF_INET) { + if (m->m_pkthdr.ph_family == AF_INET) { peer = wg_aip_lookup(sc->sc_aip4, &mtod(m, struct ip *)->ip_dst); #ifdef INET6 - } else if (sa->sa_family == AF_INET6) { + } else if (m->m_pkthdr.ph_family == AF_INET6) { peer = wg_aip_lookup(sc->sc_aip6, &mtod(m, struct ip6_hdr *)->ip6_dst); #endif @@ -2135,7 +2093,7 @@ wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, #if NBPFILTER > 0 if (sc->sc_if.if_bpf) - bpf_mtap_af(sc->sc_if.if_bpf, sa->sa_family, m, + bpf_mtap_af(sc->sc_if.if_bpf, m->m_pkthdr.ph_family, m, BPF_DIRECTION_OUT); #endif @@ -2176,12 +2134,16 @@ wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, t->t_done = 0; t->t_mtu = ifp->if_mtu; - /* - * We still have an issue with ifq that will count a packet that gets - * dropped in wg_start, or not encrypted. These get counted as - * ofails or oqdrops, so the packet gets counted twice. - */ - return if_enqueue(ifp, m); + if (mq_push(&peer->p_stage_queue, m) != 0) + counters_inc(ifp->if_counters, ifc_oqdrops); + if (noise_remote_ready(&peer->p_remote) == 0) { + wg_queue_out(sc, peer); + task_add(wg_crypt_taskq, &sc->sc_encap); + } else { + wg_timers_event_want_initiation(&peer->p_timers); + } + return 0; + error: counters_inc(ifp->if_counters, ifc_oerrors); m_freem(m); @@ -2653,7 +2615,6 @@ wg_clone_create(struct if_clone *ifc, int unit) ifp->if_xflags = IFXF_CLONED; ifp->if_ioctl = wg_ioctl; - ifp->if_start = wg_start; ifp->if_output = wg_output; ifp->if_type = IFT_WIREGUARD; |