rixxc/wireguard-rs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed outbound unittest

Browse Source
This commit is contained in:
Mathias Hall-Andersen
2019-09-07 19:19:51 +02:00
parent 7b61ee4c2d
commit eae915b2e8
4 changed files with 22 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/router/device.rs
View File

@@ -130,17 +130,23 @@ fn get_route<C: Callbacks, T: Tun, B: Bind>(
device: &Arc<DeviceInner<C, T, B>>, device: &Arc<DeviceInner<C, T, B>>,
packet: &[u8], packet: &[u8],
) -> Option<Arc<PeerInner<C, T, B>>> { ) -> Option<Arc<PeerInner<C, T, B>>> {
// ensure version access within bounds
if packet.len() < 1 {
return None;
};
// cast to correct IP header
match packet[0] >> 4 { match packet[0] >> 4 {
VERSION_IP4 => { VERSION_IP4 => {
// check length and cast to IPv4 header // check length and cast to IPv4 header
let (header, _) = LayoutVerified::new_from_prefix(packet)?; let (header, _) = LayoutVerified::new_from_prefix(packet)?;
let header: LayoutVerified<&[u8], IPv4Header> = header; let header: LayoutVerified<&[u8], IPv4Header> = header;
// check IPv4 source address // lookup destination address
device device
.ipv4 .ipv4
.read() .read()
.longest_match(Ipv4Addr::from(header.f_source)) .longest_match(Ipv4Addr::from(header.f_destination))
.and_then(|(_, _, p)| Some(p.clone())) .and_then(|(_, _, p)| Some(p.clone()))
} }
VERSION_IP6 => { VERSION_IP6 => {
@@ -148,11 +154,11 @@ fn get_route<C: Callbacks, T: Tun, B: Bind>(
let (header, packet) = LayoutVerified::new_from_prefix(packet)?; let (header, packet) = LayoutVerified::new_from_prefix(packet)?;
let header: LayoutVerified<&[u8], IPv6Header> = header; let header: LayoutVerified<&[u8], IPv6Header> = header;
// check IPv6 source address // lookup destination address
device device
.ipv6 .ipv6
.read() .read()
.longest_match(Ipv6Addr::from(header.f_source)) .longest_match(Ipv6Addr::from(header.f_destination))
.and_then(|(_, _, p)| Some(p.clone())) .and_then(|(_, _, p)| Some(p.clone()))
} }
_ => None, _ => None,
@@ -176,11 +182,6 @@ impl<C: Callbacks, T: Tun, B: Bind> Device<C, T, B> {
/// - msg: IP packet to crypt-key route /// - msg: IP packet to crypt-key route
/// ///
pub fn send(&self, msg: Vec<u8>) -> Result<(), RouterError> { pub fn send(&self, msg: Vec<u8>) -> Result<(), RouterError> {
// ensure that the type field access is within bounds
if msg.len() < cmp::min(SIZE_IP4_HEADER, SIZE_IP6_HEADER) + SIZE_MESSAGE_PREFIX {
return Err(RouterError::MalformedIPHeader);
}
// ignore header prefix (for in-place transport message construction) // ignore header prefix (for in-place transport message construction)
let packet = &msg[SIZE_MESSAGE_PREFIX..]; let packet = &msg[SIZE_MESSAGE_PREFIX..];

15
src/router/ip.rs
View File

@@ -1,21 +1,10 @@
use byteorder::BigEndian; use byteorder::BigEndian;
use zerocopy::byteorder::U16; use zerocopy::byteorder::U16;
use zerocopy::{AsBytes, ByteSlice, FromBytes, LayoutVerified}; use zerocopy::{AsBytes, FromBytes};
pub const SIZE_IP4_HEADER: usize = 16;
pub const SIZE_IP6_HEADER: usize = 36;
pub const VERSION_IP4: u8 = 4; pub const VERSION_IP4: u8 = 4;
pub const VERSION_IP6: u8 = 6; pub const VERSION_IP6: u8 = 6;
pub const OFFSET_IP4_SRC: usize = 12;
pub const OFFSET_IP6_SRC: usize = 8;
pub const OFFSET_IP4_DST: usize = 16;
pub const OFFSET_IP6_DST: usize = 24;
pub const TYPE_TRANSPORT: u8 = 4;
#[repr(packed)] #[repr(packed)]
#[derive(Copy, Clone, FromBytes, AsBytes)] #[derive(Copy, Clone, FromBytes, AsBytes)]
pub struct IPv4Header { pub struct IPv4Header {
@@ -29,7 +18,7 @@ pub struct IPv4Header {
#[repr(packed)] #[repr(packed)]
#[derive(Copy, Clone, FromBytes, AsBytes)] #[derive(Copy, Clone, FromBytes, AsBytes)]
pub struct IPv6Header { pub struct IPv6Header {
_f_pre: [u8; 4], _f_space1: [u8; 4],
pub f_len: U16<BigEndian>, pub f_len: U16<BigEndian>,
_f_space2: [u8; 2], _f_space2: [u8; 2],
pub f_source: [u8; 16], pub f_source: [u8; 16],

5
src/router/tests.rs
View File

@@ -185,6 +185,11 @@ mod tests {
let ip: IpAddr = ip.parse().unwrap(); let ip: IpAddr = ip.parse().unwrap();
peer.add_subnet(mask, len); peer.add_subnet(mask, len);
for _ in 0..1024 {
let msg = make_packet(1024, ip);
router.send(msg).unwrap();
}
b.iter(|| { b.iter(|| {
opaque.store(0, Ordering::SeqCst); opaque.store(0, Ordering::SeqCst);
// wait till 10 MB // wait till 10 MB

7
src/router/workers.rs
View File

@@ -35,11 +35,14 @@ pub struct JobBuffer {
} }
pub type JobParallel = (oneshot::Sender<JobBuffer>, JobBuffer); pub type JobParallel = (oneshot::Sender<JobBuffer>, JobBuffer);
#[allow(type_alias_bounds)]
pub type JobInbound<C, T, B: Bind> = ( pub type JobInbound<C, T, B: Bind> = (
Arc<DecryptionState<C, T, B>>, Arc<DecryptionState<C, T, B>>,
B::Endpoint, B::Endpoint,
oneshot::Receiver<JobBuffer>, oneshot::Receiver<JobBuffer>,
); );
pub type JobOutbound = oneshot::Receiver<JobBuffer>; pub type JobOutbound = oneshot::Receiver<JobBuffer>;
#[inline(always)] #[inline(always)]
@@ -69,7 +72,7 @@ fn check_route<C: Callbacks, T: Tun, B: Bind>(
} }
VERSION_IP6 => { VERSION_IP6 => {
// check length and cast to IPv6 header // check length and cast to IPv6 header
let (header, packet) = LayoutVerified::new_from_prefix(packet)?; let (header, _) = LayoutVerified::new_from_prefix(packet)?;
let header: LayoutVerified<&[u8], IPv6Header> = header; let header: LayoutVerified<&[u8], IPv6Header> = header;
// check IPv6 source address // check IPv6 source address
@@ -116,7 +119,7 @@ pub fn worker_inbound<C: Callbacks, T: Tun, B: Bind>(
}; };
let header: LayoutVerified<&[u8], TransportHeader> = header; let header: LayoutVerified<&[u8], TransportHeader> = header;
debug_assert!( debug_assert!(
packet.len() >= 16, packet.len() >= CHACHA20_POLY1305.tag_len(),
"this should be checked earlier in the pipeline" "this should be checked earlier in the pipeline"
); );