summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sys/net/if_wg.c65
1 files changed, 13 insertions, 52 deletions
diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c
index e27a575cc1b..da65b48efd2 100644
--- a/sys/net/if_wg.c
+++ b/sys/net/if_wg.c
@@ -218,9 +218,6 @@ struct wg_peer {
struct wg_index p_index[3];
LIST_HEAD(,wg_aip) p_aip;
-
- SLIST_ENTRY(wg_peer) p_start_list;
- int p_start_onlist;
};
struct wg_softc {
@@ -433,8 +430,6 @@ wg_peer_create(struct wg_softc *sc, uint8_t public[WG_KEY_SIZE])
LIST_INIT(&peer->p_aip);
- peer->p_start_onlist = 0;
-
idx = SipHash24(&sc->sc_secret, public, WG_KEY_SIZE);
idx &= sc->sc_peer_mask;
@@ -2066,43 +2061,6 @@ wg_input(void *_sc, struct mbuf *m, struct ip *ip, struct ip6_hdr *ip6,
return NULL;
}
-void
-wg_start(struct ifnet *ifp)
-{
- struct wg_softc *sc = ifp->if_softc;
- struct wg_peer *peer;
- struct wg_tag *t;
- struct mbuf *m;
- SLIST_HEAD(,wg_peer) start_list;
-
- SLIST_INIT(&start_list);
-
- /*
- * We should be OK to modify p_start_list, p_start_onlist in this
- * function as the interface is not IFXF_MPSAFE and therefore should
- * only be one instance of this function running at a time. These
- * values are not modified anywhere else.
- */
- while ((m = ifq_dequeue(&ifp->if_snd)) != NULL) {
- t = wg_tag_get(m);
- peer = t->t_peer;
- if (mq_push(&peer->p_stage_queue, m) != 0)
- counters_inc(ifp->if_counters, ifc_oqdrops);
- if (!peer->p_start_onlist) {
- SLIST_INSERT_HEAD(&start_list, peer, p_start_list);
- peer->p_start_onlist = 1;
- }
- }
- SLIST_FOREACH(peer, &start_list, p_start_list) {
- if (noise_remote_ready(&peer->p_remote) == 0)
- wg_queue_out(sc, peer);
- else
- wg_timers_event_want_initiation(&peer->p_timers);
- peer->p_start_onlist = 0;
- }
- task_add(wg_crypt_taskq, &sc->sc_encap);
-}
-
int
wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
struct rtentry *rt)
@@ -2120,11 +2078,11 @@ wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
}
m->m_pkthdr.ph_family = sa->sa_family;
- if (sa->sa_family == AF_INET) {
+ if (m->m_pkthdr.ph_family == AF_INET) {
peer = wg_aip_lookup(sc->sc_aip4,
&mtod(m, struct ip *)->ip_dst);
#ifdef INET6
- } else if (sa->sa_family == AF_INET6) {
+ } else if (m->m_pkthdr.ph_family == AF_INET6) {
peer = wg_aip_lookup(sc->sc_aip6,
&mtod(m, struct ip6_hdr *)->ip6_dst);
#endif
@@ -2135,7 +2093,7 @@ wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
#if NBPFILTER > 0
if (sc->sc_if.if_bpf)
- bpf_mtap_af(sc->sc_if.if_bpf, sa->sa_family, m,
+ bpf_mtap_af(sc->sc_if.if_bpf, m->m_pkthdr.ph_family, m,
BPF_DIRECTION_OUT);
#endif
@@ -2176,12 +2134,16 @@ wg_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa,
t->t_done = 0;
t->t_mtu = ifp->if_mtu;
- /*
- * We still have an issue with ifq that will count a packet that gets
- * dropped in wg_start, or not encrypted. These get counted as
- * ofails or oqdrops, so the packet gets counted twice.
- */
- return if_enqueue(ifp, m);
+ if (mq_push(&peer->p_stage_queue, m) != 0)
+ counters_inc(ifp->if_counters, ifc_oqdrops);
+ if (noise_remote_ready(&peer->p_remote) == 0) {
+ wg_queue_out(sc, peer);
+ task_add(wg_crypt_taskq, &sc->sc_encap);
+ } else {
+ wg_timers_event_want_initiation(&peer->p_timers);
+ }
+ return 0;
+
error:
counters_inc(ifp->if_counters, ifc_oerrors);
m_freem(m);
@@ -2653,7 +2615,6 @@ wg_clone_create(struct if_clone *ifc, int unit)
ifp->if_xflags = IFXF_CLONED;
ifp->if_ioctl = wg_ioctl;
- ifp->if_start = wg_start;
ifp->if_output = wg_output;
ifp->if_type = IFT_WIREGUARD;