diff options
author | Jake McGinty <me@jake.su> | 2018-04-03 12:39:24 -0700 |
---|---|---|
committer | Jake McGinty <me@jake.su> | 2018-04-03 12:39:24 -0700 |
commit | 31f6e34c95928e56036e3bf5a818b00df65b33dd (patch) | |
tree | c17ad911026c610fc2c40733dee934cd590ad802 | |
parent | tools: ipv6 addr/routing support in wg-quick (diff) | |
download | wireguard-rs-31f6e34c95928e56036e3bf5a818b00df65b33dd.tar.xz wireguard-rs-31f6e34c95928e56036e3bf5a818b00df65b33dd.zip |
config: enforce max peers per device
-rw-r--r-- | src/consts.rs | 27 | ||||
-rw-r--r-- | src/interface/config.rs | 6 | ||||
-rw-r--r-- | src/interface/peer_server.rs | 2 |
3 files changed, 20 insertions, 15 deletions
diff --git a/src/consts.rs b/src/consts.rs index 3806bb6..a8c812d 100644 --- a/src/consts.rs +++ b/src/consts.rs @@ -16,20 +16,19 @@ lazy_static! { pub static ref TIMER_RESOLUTION : Duration = Duration::from_millis(100); pub static ref COOKIE_REFRESH_TIME : Duration = Duration::new(120, 0); - } // transport ratcheting message limits, in seconds -pub const REKEY_AFTER_MESSAGES: u64 = u64::MAX - (1 << 16) - 1; -pub const REJECT_AFTER_MESSAGES: u64 = u64::MAX - (1 << 4) - 1; - - -pub const TRANSPORT_HEADER_SIZE: usize = 16; -pub const AEAD_TAG_SIZE: usize = 16; -pub const TRANSPORT_OVERHEAD: usize = TRANSPORT_HEADER_SIZE + AEAD_TAG_SIZE; -pub const MAX_SEGMENT_SIZE: usize = (1 << 16) - 1; -pub const MAX_CONTENT_SIZE: usize = MAX_SEGMENT_SIZE - TRANSPORT_OVERHEAD; -pub const PADDING_MULTIPLE: usize = 16; - -pub const MAX_QUEUED_INCOMING_HANDSHAKES: usize = 4096; -pub const MAX_QUEUED_PACKETS: usize = 1024; +pub const REKEY_AFTER_MESSAGES : u64 = u64::MAX - (1 << 16) - 1; +pub const REJECT_AFTER_MESSAGES : u64 = u64::MAX - (1 << 4) - 1; + +pub const TRANSPORT_HEADER_SIZE : usize = 16; +pub const AEAD_TAG_SIZE : usize = 16; +pub const TRANSPORT_OVERHEAD : usize = TRANSPORT_HEADER_SIZE + AEAD_TAG_SIZE; +pub const MAX_SEGMENT_SIZE : usize = (1 << 16) - 1; +pub const MAX_CONTENT_SIZE : usize = MAX_SEGMENT_SIZE - TRANSPORT_OVERHEAD; +pub const PADDING_MULTIPLE : usize = 16; + +pub const MAX_QUEUED_INCOMING_HANDSHAKES : usize = 4096; +pub const MAX_QUEUED_PACKETS : usize = 1024; +pub const MAX_PEERS_PER_DEVICE : usize = 3 << 20; diff --git a/src/interface/config.rs b/src/interface/config.rs index 1768aaa..de24db4 100644 --- a/src/interface/config.rs +++ b/src/interface/config.rs @@ -5,6 +5,7 @@ use base64; use bytes::BytesMut; +use consts::MAX_PEERS_PER_DEVICE; use failure::{Error, err_msg}; use futures::{Async, Future, Poll, Stream, Sink, future, stream, unsync::mpsc}; use hex; @@ -261,6 +262,11 @@ impl ConfigurationService { return Ok(()) } } + + if state.pubkey_map.len() >= MAX_PEERS_PER_DEVICE { + bail!("already at max peers per device"); + } + debug!("adding new peer: {}", info); let mut peer = Peer::new(info.clone()); let peer_ref = Rc::new(RefCell::new(peer)); diff --git a/src/interface/peer_server.rs b/src/interface/peer_server.rs index c0b01bc..7abce1d 100644 --- a/src/interface/peer_server.rs +++ b/src/interface/peer_server.rs @@ -101,7 +101,7 @@ impl PeerServer { } fn unused_index(state: &mut State) -> u32 { - let mut rng = rand::thread_rng(); + let mut rng = rand::thread_rng(); // TODO: cache the thread RNG for perf loop { let tentative: u32 = rng.gen(); if !state.index_map.contains_key(&tentative) { |