diff options
author | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-09-07 19:19:51 +0200 |
---|---|---|
committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2019-09-07 19:19:51 +0200 |
commit | eae915b2e8aacb86392239a984ca2028b4d93630 (patch) | |
tree | 44a52a75f319937368f985ace410e1b4df14ab62 /src | |
parent | Write inbound packets to TUN device (diff) | |
download | wireguard-rs-eae915b2e8aacb86392239a984ca2028b4d93630.tar.xz wireguard-rs-eae915b2e8aacb86392239a984ca2028b4d93630.zip |
Fixed outbound unittest
Diffstat (limited to 'src')
-rw-r--r-- | src/router/device.rs | 19 | ||||
-rw-r--r-- | src/router/ip.rs | 15 | ||||
-rw-r--r-- | src/router/tests.rs | 5 | ||||
-rw-r--r-- | src/router/workers.rs | 7 |
4 files changed, 22 insertions, 24 deletions
diff --git a/src/router/device.rs b/src/router/device.rs index 69304d8..1d10244 100644 --- a/src/router/device.rs +++ b/src/router/device.rs @@ -130,17 +130,23 @@ fn get_route<C: Callbacks, T: Tun, B: Bind>( device: &Arc<DeviceInner<C, T, B>>, packet: &[u8], ) -> Option<Arc<PeerInner<C, T, B>>> { + // ensure version access within bounds + if packet.len() < 1 { + return None; + }; + + // cast to correct IP header match packet[0] >> 4 { VERSION_IP4 => { // check length and cast to IPv4 header let (header, _) = LayoutVerified::new_from_prefix(packet)?; let header: LayoutVerified<&[u8], IPv4Header> = header; - // check IPv4 source address + // lookup destination address device .ipv4 .read() - .longest_match(Ipv4Addr::from(header.f_source)) + .longest_match(Ipv4Addr::from(header.f_destination)) .and_then(|(_, _, p)| Some(p.clone())) } VERSION_IP6 => { @@ -148,11 +154,11 @@ fn get_route<C: Callbacks, T: Tun, B: Bind>( let (header, packet) = LayoutVerified::new_from_prefix(packet)?; let header: LayoutVerified<&[u8], IPv6Header> = header; - // check IPv6 source address + // lookup destination address device .ipv6 .read() - .longest_match(Ipv6Addr::from(header.f_source)) + .longest_match(Ipv6Addr::from(header.f_destination)) .and_then(|(_, _, p)| Some(p.clone())) } _ => None, @@ -176,11 +182,6 @@ impl<C: Callbacks, T: Tun, B: Bind> Device<C, T, B> { /// - msg: IP packet to crypt-key route /// pub fn send(&self, msg: Vec<u8>) -> Result<(), RouterError> { - // ensure that the type field access is within bounds - if msg.len() < cmp::min(SIZE_IP4_HEADER, SIZE_IP6_HEADER) + SIZE_MESSAGE_PREFIX { - return Err(RouterError::MalformedIPHeader); - } - // ignore header prefix (for in-place transport message construction) let packet = &msg[SIZE_MESSAGE_PREFIX..]; diff --git a/src/router/ip.rs b/src/router/ip.rs index 6eb303c..e66144f 100644 --- a/src/router/ip.rs +++ b/src/router/ip.rs @@ -1,21 +1,10 @@ use byteorder::BigEndian; use zerocopy::byteorder::U16; -use zerocopy::{AsBytes, ByteSlice, FromBytes, LayoutVerified}; - -pub const SIZE_IP4_HEADER: usize = 16; -pub const SIZE_IP6_HEADER: usize = 36; +use zerocopy::{AsBytes, FromBytes}; pub const VERSION_IP4: u8 = 4; pub const VERSION_IP6: u8 = 6; -pub const OFFSET_IP4_SRC: usize = 12; -pub const OFFSET_IP6_SRC: usize = 8; - -pub const OFFSET_IP4_DST: usize = 16; -pub const OFFSET_IP6_DST: usize = 24; - -pub const TYPE_TRANSPORT: u8 = 4; - #[repr(packed)] #[derive(Copy, Clone, FromBytes, AsBytes)] pub struct IPv4Header { @@ -29,7 +18,7 @@ pub struct IPv4Header { #[repr(packed)] #[derive(Copy, Clone, FromBytes, AsBytes)] pub struct IPv6Header { - _f_pre: [u8; 4], + _f_space1: [u8; 4], pub f_len: U16<BigEndian>, _f_space2: [u8; 2], pub f_source: [u8; 16], diff --git a/src/router/tests.rs b/src/router/tests.rs index 7fe2b7a..f574096 100644 --- a/src/router/tests.rs +++ b/src/router/tests.rs @@ -185,6 +185,11 @@ mod tests { let ip: IpAddr = ip.parse().unwrap(); peer.add_subnet(mask, len); + for _ in 0..1024 { + let msg = make_packet(1024, ip); + router.send(msg).unwrap(); + } + b.iter(|| { opaque.store(0, Ordering::SeqCst); // wait till 10 MB diff --git a/src/router/workers.rs b/src/router/workers.rs index 45e1058..fb22280 100644 --- a/src/router/workers.rs +++ b/src/router/workers.rs @@ -35,11 +35,14 @@ pub struct JobBuffer { } pub type JobParallel = (oneshot::Sender<JobBuffer>, JobBuffer); + +#[allow(type_alias_bounds)] pub type JobInbound<C, T, B: Bind> = ( Arc<DecryptionState<C, T, B>>, B::Endpoint, oneshot::Receiver<JobBuffer>, ); + pub type JobOutbound = oneshot::Receiver<JobBuffer>; #[inline(always)] @@ -69,7 +72,7 @@ fn check_route<C: Callbacks, T: Tun, B: Bind>( } VERSION_IP6 => { // check length and cast to IPv6 header - let (header, packet) = LayoutVerified::new_from_prefix(packet)?; + let (header, _) = LayoutVerified::new_from_prefix(packet)?; let header: LayoutVerified<&[u8], IPv6Header> = header; // check IPv6 source address @@ -116,7 +119,7 @@ pub fn worker_inbound<C: Callbacks, T: Tun, B: Bind>( }; let header: LayoutVerified<&[u8], TransportHeader> = header; debug_assert!( - packet.len() >= 16, + packet.len() >= CHACHA20_POLY1305.tag_len(), "this should be checked earlier in the pipeline" ); |