Fixed outbound unittest

author: Mathias Hall-Andersen <mathias@hall-andersen.dk> 2019-09-07 19:19:51 +0200
committer: Mathias Hall-Andersen <mathias@hall-andersen.dk> 2019-09-07 19:19:51 +0200
commit: eae915b2e8aacb86392239a984ca2028b4d93630 (patch)
tree: 44a52a75f319937368f985ace410e1b4df14ab62 /src
parent: Write inbound packets to TUN device (diff)
download: wireguard-rs-eae915b2e8aacb86392239a984ca2028b4d93630.tar.xz
wireguard-rs-eae915b2e8aacb86392239a984ca2028b4d93630.zip
4 files changed, 22 insertions, 24 deletions
diff --git a/src/router/device.rs b/src/router/device.rs
index 69304d8..1d10244 100644
--- a/src/router/device.rs
+++ b/src/router/device.rs
@@ -130,17 +130,23 @@ fn get_route<C: Callbacks, T: Tun, B: Bind>(
     device: &Arc<DeviceInner<C, T, B>>,
     packet: &[u8],
 ) -> Option<Arc<PeerInner<C, T, B>>> {
+    // ensure version access within bounds
+    if packet.len() < 1 {
+        return None;
+    };
+
+    // cast to correct IP header
     match packet[0] >> 4 {
         VERSION_IP4 => {
             // check length and cast to IPv4 header
             let (header, _) = LayoutVerified::new_from_prefix(packet)?;
             let header: LayoutVerified<&[u8], IPv4Header> = header;
 
-            // check IPv4 source address
+            // lookup destination address
             device
                 .ipv4
                 .read()
-                .longest_match(Ipv4Addr::from(header.f_source))
+                .longest_match(Ipv4Addr::from(header.f_destination))
                 .and_then(|(_, _, p)| Some(p.clone()))
         }
         VERSION_IP6 => {
@@ -148,11 +154,11 @@ fn get_route<C: Callbacks, T: Tun, B: Bind>(
             let (header, packet) = LayoutVerified::new_from_prefix(packet)?;
             let header: LayoutVerified<&[u8], IPv6Header> = header;
 
-            // check IPv6 source address
+            // lookup destination address
             device
                 .ipv6
                 .read()
-                .longest_match(Ipv6Addr::from(header.f_source))
+                .longest_match(Ipv6Addr::from(header.f_destination))
                 .and_then(|(_, _, p)| Some(p.clone()))
         }
         _ => None,
@@ -176,11 +182,6 @@ impl<C: Callbacks, T: Tun, B: Bind> Device<C, T, B> {
     /// - msg: IP packet to crypt-key route
     ///
     pub fn send(&self, msg: Vec<u8>) -> Result<(), RouterError> {
-        // ensure that the type field access is within bounds
-        if msg.len() < cmp::min(SIZE_IP4_HEADER, SIZE_IP6_HEADER) + SIZE_MESSAGE_PREFIX {
-            return Err(RouterError::MalformedIPHeader);
-        }
-
         // ignore header prefix (for in-place transport message construction)
         let packet = &msg[SIZE_MESSAGE_PREFIX..];
 
diff --git a/src/router/ip.rs b/src/router/ip.rs
index 6eb303c..e66144f 100644
--- a/src/router/ip.rs
+++ b/src/router/ip.rs
@@ -1,21 +1,10 @@
 use byteorder::BigEndian;
 use zerocopy::byteorder::U16;
-use zerocopy::{AsBytes, ByteSlice, FromBytes, LayoutVerified};
-
-pub const SIZE_IP4_HEADER: usize = 16;
-pub const SIZE_IP6_HEADER: usize = 36;
+use zerocopy::{AsBytes, FromBytes};
 
 pub const VERSION_IP4: u8 = 4;
 pub const VERSION_IP6: u8 = 6;
 
-pub const OFFSET_IP4_SRC: usize = 12;
-pub const OFFSET_IP6_SRC: usize = 8;
-
-pub const OFFSET_IP4_DST: usize = 16;
-pub const OFFSET_IP6_DST: usize = 24;
-
-pub const TYPE_TRANSPORT: u8 = 4;
-
 #[repr(packed)]
 #[derive(Copy, Clone, FromBytes, AsBytes)]
 pub struct IPv4Header {
@@ -29,7 +18,7 @@ pub struct IPv4Header {
 #[repr(packed)]
 #[derive(Copy, Clone, FromBytes, AsBytes)]
 pub struct IPv6Header {
-    _f_pre: [u8; 4],
+    _f_space1: [u8; 4],
     pub f_len: U16<BigEndian>,
     _f_space2: [u8; 2],
     pub f_source: [u8; 16],
diff --git a/src/router/tests.rs b/src/router/tests.rs
index 7fe2b7a..f574096 100644
--- a/src/router/tests.rs
+++ b/src/router/tests.rs
@@ -185,6 +185,11 @@ mod tests {
         let ip: IpAddr = ip.parse().unwrap();
         peer.add_subnet(mask, len);
 
+        for _ in 0..1024 {
+            let msg = make_packet(1024, ip);
+            router.send(msg).unwrap();
+        }
+
         b.iter(|| {
             opaque.store(0, Ordering::SeqCst);
             // wait till 10 MB
diff --git a/src/router/workers.rs b/src/router/workers.rs
index 45e1058..fb22280 100644
--- a/src/router/workers.rs
+++ b/src/router/workers.rs
@@ -35,11 +35,14 @@ pub struct JobBuffer {
 }
 
 pub type JobParallel = (oneshot::Sender<JobBuffer>, JobBuffer);
+
+#[allow(type_alias_bounds)]
 pub type JobInbound<C, T, B: Bind> = (
     Arc<DecryptionState<C, T, B>>,
     B::Endpoint,
     oneshot::Receiver<JobBuffer>,
 );
+
 pub type JobOutbound = oneshot::Receiver<JobBuffer>;
 
 #[inline(always)]
@@ -69,7 +72,7 @@ fn check_route<C: Callbacks, T: Tun, B: Bind>(
         }
         VERSION_IP6 => {
             // check length and cast to IPv6 header
-            let (header, packet) = LayoutVerified::new_from_prefix(packet)?;
+            let (header, _) = LayoutVerified::new_from_prefix(packet)?;
             let header: LayoutVerified<&[u8], IPv6Header> = header;
 
             // check IPv6 source address
@@ -116,7 +119,7 @@ pub fn worker_inbound<C: Callbacks, T: Tun, B: Bind>(
                     };
                     let header: LayoutVerified<&[u8], TransportHeader> = header;
                     debug_assert!(
-                        packet.len() >= 16,
+                        packet.len() >= CHACHA20_POLY1305.tag_len(),
                         "this should be checked earlier in the pipeline"
                     );
author	Mathias Hall-Andersen <mathias@hall-andersen.dk>	2019-09-07 19:19:51 +0200
committer	Mathias Hall-Andersen <mathias@hall-andersen.dk>	2019-09-07 19:19:51 +0200
commit	eae915b2e8aacb86392239a984ca2028b4d93630 (patch)
tree	44a52a75f319937368f985ace410e1b4df14ab62 /src
parent	Write inbound packets to TUN device (diff)
download	wireguard-rs-eae915b2e8aacb86392239a984ca2028b4d93630.tar.xz wireguard-rs-eae915b2e8aacb86392239a984ca2028b4d93630.zip