diff options
author | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-11-18 12:04:20 +0100 |
---|---|---|
committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-11-18 12:04:20 +0100 |
commit | b1fbd7fbbaa92dde20d292307f4f4347e4c01450 (patch) | |
tree | 3ad79a99ff36568aa801121fad4b065cb819b1ea /src/wireguard/router | |
parent | Update configuration API (diff) | |
download | wireguard-rs-b1fbd7fbbaa92dde20d292307f4f4347e4c01450.tar.xz wireguard-rs-b1fbd7fbbaa92dde20d292307f4f4347e4c01450.zip |
Bug fixes from compliance tests with WireGuard
Diffstat (limited to '')
-rw-r--r-- | src/wireguard/router/device.rs | 14 | ||||
-rw-r--r-- | src/wireguard/router/peer.rs | 2 | ||||
-rw-r--r-- | src/wireguard/router/route.rs | 28 | ||||
-rw-r--r-- | src/wireguard/router/workers.rs | 3 |
4 files changed, 35 insertions, 12 deletions
diff --git a/src/wireguard/router/device.rs b/src/wireguard/router/device.rs index b3f1787..04b2045 100644 --- a/src/wireguard/router/device.rs +++ b/src/wireguard/router/device.rs @@ -147,6 +147,12 @@ impl<E: Endpoint, C: Callbacks, T: tun::Writer, B: bind::Writer<E>> Device<E, C, /// - msg: IP packet to crypt-key route /// pub fn send(&self, msg: Vec<u8>) -> Result<(), RouterError> { + debug_assert!(msg.len() > SIZE_MESSAGE_PREFIX); + log::trace!( + "Router, outbound packet = {}", + hex::encode(&msg[SIZE_MESSAGE_PREFIX..]) + ); + // ignore header prefix (for in-place transport message construction) let packet = &msg[SIZE_MESSAGE_PREFIX..]; @@ -182,12 +188,20 @@ impl<E: Endpoint, C: Callbacks, T: tun::Writer, B: bind::Writer<E>> Device<E, C, return Err(RouterError::MalformedTransportMessage); } }; + let header: LayoutVerified<&[u8], TransportHeader> = header; + debug_assert!( header.f_type.get() == TYPE_TRANSPORT as u32, "this should be checked by the message type multiplexer" ); + log::trace!( + "Router, handle transport message: (receiver = {}, counter = {})", + header.f_receiver, + header.f_counter + ); + // lookup peer based on receiver id let dec = self.state.recv.read(); let dec = dec diff --git a/src/wireguard/router/peer.rs b/src/wireguard/router/peer.rs index 0d9b435..21b596a 100644 --- a/src/wireguard/router/peer.rs +++ b/src/wireguard/router/peer.rs @@ -474,7 +474,7 @@ impl<E: Endpoint, C: Callbacks, T: tun::Writer, B: bind::Writer<E>> Peer<E, C, T /// since the only way to add additional keys to the peer is by using this method /// and a peer can have at most 3 keys allocated in the router at any time. pub fn add_keypair(&self, new: KeyPair) -> Vec<u32> { - debug!("peer.add_keypair"); + log::trace!("Router, add_keypair: {:?}", new); let initiator = new.initiator; let release = { diff --git a/src/wireguard/router/route.rs b/src/wireguard/router/route.rs index 94c7e23..29e7635 100644 --- a/src/wireguard/router/route.rs +++ b/src/wireguard/router/route.rs @@ -18,12 +18,15 @@ pub fn get_route<E: Endpoint, C: Callbacks, T: tun::Writer, B: bind::Writer<E>>( ) -> Option<Arc<PeerInner<E, C, T, B>>> { match packet.get(0)? >> 4 { VERSION_IP4 => { - trace!("cryptokey router, get route for IPv4 packet"); - // check length and cast to IPv4 header let (header, _): (LayoutVerified<&[u8], IPv4Header>, _) = LayoutVerified::new_from_prefix(packet)?; + log::trace!( + "Router, get route for IPv4 destination: {:?}", + Ipv4Addr::from(header.f_destination) + ); + // check IPv4 source address device .ipv4 @@ -32,12 +35,15 @@ pub fn get_route<E: Endpoint, C: Callbacks, T: tun::Writer, B: bind::Writer<E>>( .and_then(|(_, _, p)| Some(p.clone())) } VERSION_IP6 => { - trace!("cryptokey router, get route for IPv6 packet"); - // check length and cast to IPv6 header let (header, _): (LayoutVerified<&[u8], IPv6Header>, _) = LayoutVerified::new_from_prefix(packet)?; + log::trace!( + "Router, get route for IPv6 destination: {:?}", + Ipv6Addr::from(header.f_destination) + ); + // check IPv6 source address device .ipv6 @@ -57,12 +63,15 @@ pub fn check_route<E: Endpoint, C: Callbacks, T: tun::Writer, B: bind::Writer<E> ) -> Option<usize> { match packet.get(0)? >> 4 { VERSION_IP4 => { - trace!("cryptokey route, check route for IPv4 packet"); - // check length and cast to IPv4 header let (header, _): (LayoutVerified<&[u8], IPv4Header>, _) = LayoutVerified::new_from_prefix(packet)?; + log::trace!( + "Router, check route for IPv4 source: {:?}", + Ipv4Addr::from(header.f_source) + ); + // check IPv4 source address device .ipv4 @@ -77,12 +86,15 @@ pub fn check_route<E: Endpoint, C: Callbacks, T: tun::Writer, B: bind::Writer<E> }) } VERSION_IP6 => { - trace!("cryptokey route, check route for IPv6 packet"); - // check length and cast to IPv6 header let (header, _): (LayoutVerified<&[u8], IPv6Header>, _) = LayoutVerified::new_from_prefix(packet)?; + log::trace!( + "Router, check route for IPv6 source: {:?}", + Ipv6Addr::from(header.f_source) + ); + // check IPv6 source address device .ipv6 diff --git a/src/wireguard/router/workers.rs b/src/wireguard/router/workers.rs index 5482cee..d87174f 100644 --- a/src/wireguard/router/workers.rs +++ b/src/wireguard/router/workers.rs @@ -24,20 +24,17 @@ use super::super::{bind, tun, Endpoint}; pub const SIZE_TAG: usize = 16; -#[derive(Debug)] pub struct JobEncryption { pub msg: Vec<u8>, pub keypair: Arc<KeyPair>, pub counter: u64, } -#[derive(Debug)] pub struct JobDecryption { pub msg: Vec<u8>, pub keypair: Arc<KeyPair>, } -#[derive(Debug)] pub enum JobParallel { Encryption(oneshot::Sender<JobEncryption>, JobEncryption), Decryption(oneshot::Sender<Option<JobDecryption>>, JobDecryption), |