Thu Aug 27 02:55:05 2020 UTC ()

wg: Drop invalid message types on the floor faster.

Don't even let them reach the thread -- drop them in softint.


(riastradh)

diff -r1.27 -r1.28 src/sys/net/if_wg.c

--- src/sys/net/if_wg.c 2020/08/27 02:54:31	1.27
+++ src/sys/net/if_wg.c 2020/08/27 02:55:04	1.28

 @@ -1,14 +1,14 @@
-/*	$NetBSD: if_wg.c,v 1.27 2020/08/27 02:54:31 riastradh Exp $	*/
+/*	$NetBSD: if_wg.c,v 1.28 2020/08/27 02:55:04 riastradh Exp $	*/
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -31,27 +31,27 @@
 /*
  * This network interface aims to implement the WireGuard protocol.
  * The implementation is based on the paper of WireGuard as of
  * 2018-06-30 [1].  The paper is referred in the source code with label
  * [W].  Also the specification of the Noise protocol framework as of
  * 2018-07-11 [2] is referred with label [N].
+ *
  * [1] https://www.wireguard.com/papers/wireguard.pdf
  * [2] http://noiseprotocol.org/noise.pdf
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.27 2020/08/27 02:54:31 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.28 2020/08/27 02:55:04 riastradh Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
 #endif
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <sys/errno.h>
 #include <sys/ioctl.h>
 @@ -2924,53 +2924,60 @@ wg_so_upcall(struct socket *so, void *ar
 static int
 wg_overudp_cb(struct mbuf **mp, int offset, struct socket *so,
     struct sockaddr *src, void *arg)
+{
 	struct wg_softc *wg = arg;
 	struct wg_msg wgm;
 	struct mbuf *m = *mp;
 	WG_TRACE("enter");
 	/* Verify the mbuf chain is long enough to have a wg msg header.  */
 	KASSERT(offset <= m_length(m));
 	if (__predict_false(m_length(m) - offset < sizeof(struct wg_msg))) {
 		/* drop on the floor */
 		m_freem(m);
 		return -1;
+	}
 	/*
 	 * Copy the message header (32-bit message type) out -- we'll
 	 * worry about contiguity and alignment later.
 	 */
 	m_copydata(m, offset, sizeof(struct wg_msg), &wgm);
 	WG_DLOG("type=%d\n", wgm.wgm_type);
 	/*
 	 * Handle DATA packets promptly as they arrive.  Other packets
 	 * may require expensive public-key crypto and are not as
 	 * sensitive to latency, so defer them to the worker thread.
 	 */
 	switch (wgm.wgm_type) {
 	case WG_MSG_TYPE_DATA:
 		/* handle immediately */
 		m_adj(m, offset);
 		wg_handle_msg_data(wg, m, src);
 		*mp = NULL;
 		return 1;
 	case WG_MSG_TYPE_INIT:
 	case WG_MSG_TYPE_RESP:
 	case WG_MSG_TYPE_COOKIE:
 		/* pass through to so_receive in wg_receive_packets */
 		return 0;
 	default:
-		break;
+		/* drop on the floor */
 		m_freem(m);
 		return -1;
+	}
 	return 0;
+}
 static int
 wg_worker_socreate(struct wg_softc *wg, struct wg_worker *wgw, const int af,
     struct socket **sop)
+{
 	int error;
 	struct socket *so;
 	error = socreate(af, &so, SOCK_DGRAM, 0, curlwp, NULL);
 	if (error != 0)
 		return error;