net/wireguard-kmod: Update to 0.0.20210428
This commit is contained in:
parent
e25cdb3460
commit
4507e5034c
@ -1,6 +1,5 @@
|
||||
PORTNAME= wireguard-kmod
|
||||
PORTVERSION= 0.0.20210424
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 0.0.20210428
|
||||
CATEGORIES= net net-vpn
|
||||
MASTER_SITES= https://git.zx2c4.com/wireguard-freebsd/snapshot/
|
||||
DISTNAME= wireguard-freebsd-${PORTVERSION}
|
||||
|
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1619285662
|
||||
SHA256 (wireguard-freebsd-0.0.20210424.tar.xz) = bfa8d3c4854f802567db51a89fdea32e7bf98a3d54a525359bdb240f2e864735
|
||||
SIZE (wireguard-freebsd-0.0.20210424.tar.xz) = 49948
|
||||
TIMESTAMP = 1619688377
|
||||
SHA256 (wireguard-freebsd-0.0.20210428.tar.xz) = cceebd8f3f21d522342b3629fa0350e4fbc64a00035d330f82301741e56def46
|
||||
SIZE (wireguard-freebsd-0.0.20210428.tar.xz) = 50404
|
||||
|
@ -1,99 +0,0 @@
|
||||
From dd04bc5aa4a3607fd2277a5d7953a2a20a411696 Mon Sep 17 00:00:00 2001
|
||||
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
|
||||
Date: Sat, 24 Apr 2021 16:12:23 -0400
|
||||
Subject: wg_noise: compile on 32-bit
|
||||
|
||||
The lack of 64bit atomic helpers on 32bit is an annoyance.
|
||||
|
||||
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
||||
---
|
||||
src/wg_noise.c | 44 +++++++++++++++++++++++++++++++++++++-------
|
||||
1 file changed, 37 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/wg_noise.c b/src/wg_noise.c
|
||||
index 5ef7a58c3146..7acf1b6ab7cb 100644
|
||||
--- wg_noise.c
|
||||
+++ wg_noise.c
|
||||
@@ -780,11 +780,14 @@ noise_keypair_remote(struct noise_keypair *kp)
|
||||
int
|
||||
noise_keypair_nonce_next(struct noise_keypair *kp, uint64_t *send)
|
||||
{
|
||||
+ if (!ck_pr_load_bool(&kp->kp_can_send))
|
||||
+ return (EINVAL);
|
||||
+
|
||||
#ifdef __LP64__
|
||||
- *send = atomic_fetchadd_64(&kp->kp_nonce_send, 1);
|
||||
+ *send = ck_pr_faa_64(&kp->kp_nonce_send, 1);
|
||||
#else
|
||||
rw_wlock(&kp->kp_nonce_lock);
|
||||
- *send = ctr->c_send++;
|
||||
+ *send = kp->kp_nonce_send++;
|
||||
rw_wunlock(&kp->kp_nonce_lock);
|
||||
#endif
|
||||
if (*send < REJECT_AFTER_MESSAGES)
|
||||
@@ -821,7 +824,11 @@ noise_keypair_nonce_check(struct noise_keypair *kp, uint64_t recv)
|
||||
for (i = 1; i <= top; i++)
|
||||
kp->kp_backtrack[
|
||||
(i + index_ctr) & (COUNTER_NUM - 1)] = 0;
|
||||
+#ifdef __LP64__
|
||||
ck_pr_store_64(&kp->kp_nonce_recv, recv);
|
||||
+#else
|
||||
+ kp->kp_nonce_recv = recv;
|
||||
+#endif
|
||||
}
|
||||
|
||||
index_recv %= COUNTER_NUM;
|
||||
@@ -844,14 +851,27 @@ noise_keep_key_fresh_send(struct noise_remote *r)
|
||||
struct epoch_tracker et;
|
||||
struct noise_keypair *current;
|
||||
int keep_key_fresh;
|
||||
+ uint64_t nonce;
|
||||
|
||||
NET_EPOCH_ENTER(et);
|
||||
current = ck_pr_load_ptr(&r->r_current);
|
||||
- keep_key_fresh = current != NULL && ck_pr_load_bool(¤t->kp_can_send) && (
|
||||
- ck_pr_load_64(¤t->kp_nonce_send) > REKEY_AFTER_MESSAGES ||
|
||||
- (current->kp_is_initiator && noise_timer_expired(current->kp_birthdate, REKEY_AFTER_TIME, 0)));
|
||||
- NET_EPOCH_EXIT(et);
|
||||
+ keep_key_fresh = current != NULL && ck_pr_load_bool(¤t->kp_can_send);
|
||||
+ if (!keep_key_fresh)
|
||||
+ goto out;
|
||||
+#ifdef __LP64__
|
||||
+ nonce = ck_pr_load_64(¤t->kp_nonce_send);
|
||||
+#else
|
||||
+ rw_rlock(¤t->kp_nonce_lock);
|
||||
+ nonce = current->kp_nonce_send;
|
||||
+ rw_runlock(¤t->kp_nonce_lock);
|
||||
+#endif
|
||||
+ keep_key_fresh = nonce > REKEY_AFTER_MESSAGES;
|
||||
+ if (keep_key_fresh)
|
||||
+ goto out;
|
||||
+ keep_key_fresh = current->kp_is_initiator && noise_timer_expired(current->kp_birthdate, REKEY_AFTER_TIME, 0);
|
||||
|
||||
+out:
|
||||
+ NET_EPOCH_EXIT(et);
|
||||
return (keep_key_fresh ? ESTALE : 0);
|
||||
}
|
||||
|
||||
@@ -885,7 +905,17 @@ noise_keypair_encrypt(struct noise_keypair *kp, uint32_t *r_idx, uint64_t nonce,
|
||||
int
|
||||
noise_keypair_decrypt(struct noise_keypair *kp, uint64_t nonce, struct mbuf *m)
|
||||
{
|
||||
- if (ck_pr_load_64(&kp->kp_nonce_recv) >= REJECT_AFTER_MESSAGES ||
|
||||
+ uint64_t cur_nonce;
|
||||
+
|
||||
+#ifdef __LP64__
|
||||
+ cur_nonce = ck_pr_load_64(&kp->kp_nonce_recv);
|
||||
+#else
|
||||
+ rw_rlock(&kp->kp_nonce_lock);
|
||||
+ cur_nonce = kp->kp_nonce_recv;
|
||||
+ rw_runlock(&kp->kp_nonce_lock);
|
||||
+#endif
|
||||
+
|
||||
+ if (cur_nonce >= REJECT_AFTER_MESSAGES ||
|
||||
noise_timer_expired(kp->kp_birthdate, REJECT_AFTER_TIME, 0))
|
||||
return (EINVAL);
|
||||
|
||||
--
|
||||
cgit v1.2.3-11-g984f
|
||||
|
@ -1,52 +0,0 @@
|
||||
From e03bf597383cef7f16c41fa4952a6b04093e9e64 Mon Sep 17 00:00:00 2001
|
||||
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
|
||||
Date: Sun, 25 Apr 2021 10:45:39 -0400
|
||||
Subject: if_wg: re-add epoch tracking to transmit
|
||||
|
||||
This was accidentally removed before. We need it to work around v6 core
|
||||
bugs.
|
||||
|
||||
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
||||
---
|
||||
src/if_wg.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/if_wg.c b/src/if_wg.c
|
||||
index 095a4f37f8dc..0c2565ce56c0 100644
|
||||
--- if_wg.c
|
||||
+++ if_wg.c
|
||||
@@ -2063,6 +2063,7 @@ error:
|
||||
static int
|
||||
wg_transmit(struct ifnet *ifp, struct mbuf *m)
|
||||
{
|
||||
+ struct epoch_tracker et;
|
||||
struct wg_packet *pkt = m->m_pkthdr.PH_loc.ptr;
|
||||
struct wg_softc *sc = ifp->if_softc;
|
||||
struct wg_peer *peer;
|
||||
@@ -2070,6 +2071,7 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m)
|
||||
int rc = 0;
|
||||
sa_family_t peer_af;
|
||||
|
||||
+ NET_EPOCH_ENTER(et);
|
||||
/* Work around lifetime issue in the ipv6 mld code. */
|
||||
if (__predict_false((ifp->if_flags & IFF_DYING) || !sc)) {
|
||||
rc = ENXIO;
|
||||
@@ -2109,11 +2111,15 @@ wg_transmit(struct ifnet *ifp, struct mbuf *m)
|
||||
wg_queue_push_staged(&peer->p_stage_queue, pkt);
|
||||
wg_peer_send_staged(peer);
|
||||
noise_remote_put(peer->p_remote);
|
||||
+ NET_EPOCH_EXIT(et);
|
||||
+
|
||||
return (0);
|
||||
err_peer:
|
||||
noise_remote_put(peer->p_remote);
|
||||
err:
|
||||
if_inc_counter(sc->sc_ifp, IFCOUNTER_OERRORS, 1);
|
||||
+ NET_EPOCH_EXIT(et);
|
||||
+ /* TODO: send ICMP unreachable? */
|
||||
wg_packet_free(pkt);
|
||||
return (rc);
|
||||
}
|
||||
--
|
||||
cgit v1.2.3-11-g984f
|
||||
|
Loading…
Reference in New Issue
Block a user