gandc/awg-openwrt
1
0
Fork 0
mirror of https://github.com/Slava-Shchipunov/awg-openwrt.git synced 2026-03-19 19:35:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

UAPI errors handling

Browse Source
This commit is contained in:
Iurii Egorov
2024-02-01 14:52:10 +03:00
parent cc4945292c
commit 7a3e0aeb6f
1 changed files with 30 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
kmod-amneziawg/files/amnezia-sources.patch
View File

@@ -44,7 +44,7 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
pr_debug("%s: Interface created\n", dev->name);
return ret;
@@ -475,4 +480,92 @@
@@ -475,4 +480,118 @@
unregister_random_vmfork_notifier(&vm_notifier);
unregister_pm_notifier(&pm_notifier);
rcu_barrier();
@@ -59,8 +59,10 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
+ if (!asc->advanced_security_enabled)
+ goto out;
+
+ if (asc->junk_packet_count < 0)
+ if (asc->junk_packet_count < 0) {
+ net_dbg_ratelimited("%s: JunkPacketCount should be non negative\n", dev->name);
+ ret = -1;
+ }
+
+ wg->advanced_security_config.junk_packet_count = asc->junk_packet_count;
+ if (asc->junk_packet_count != 0)
@@ -77,8 +79,14 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
+ wg->advanced_security_config.junk_packet_min_size = 0;
+ wg->advanced_security_config.junk_packet_max_size = 1;
+
+ net_dbg_ratelimited("%s: JunkPacketMaxSize: %d; should be smaller than maxSegmentSize: %d\n",
+ dev->name, asc->junk_packet_max_size,
+ MESSAGE_MAX_SIZE);
+ ret = -1;
+ } else if (asc->junk_packet_max_size < asc->junk_packet_min_size) {
+ net_dbg_ratelimited("%s: maxSize: %d; should be greater than minSize: %d\n",
+ dev->name, asc->junk_packet_max_size,
+ asc->junk_packet_min_size);
+ ret = -1;
+ } else
+ wg->advanced_security_config.junk_packet_max_size = asc->junk_packet_max_size;
@@ -87,6 +95,9 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
+ a_sec_on = true;
+
+ if (asc->init_packet_junk_size + MESSAGE_INITIATION_SIZE >= MESSAGE_MAX_SIZE) {
+ net_dbg_ratelimited("%s: init header size (%d) + junkSize (%d) should be smaller than maxSegmentSize: %d\n",
+ dev->name, MESSAGE_INITIATION_SIZE,
+ asc->init_packet_junk_size, MESSAGE_MAX_SIZE);
+ ret = -1;
+ } else
+ wg->advanced_security_config.init_packet_junk_size = asc->init_packet_junk_size;
@@ -95,6 +106,9 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
+ a_sec_on = true;
+
+ if (asc->response_packet_junk_size + MESSAGE_RESPONSE_SIZE >= MESSAGE_MAX_SIZE) {
+ net_dbg_ratelimited("%s: response header size (%d) + junkSize (%d) should be smaller than maxSegmentSize: %d\n",
+ dev->name, MESSAGE_RESPONSE_SIZE,
+ asc->response_packet_junk_size, MESSAGE_MAX_SIZE);
+ ret = -1;
+ } else
+ wg->advanced_security_config.response_packet_junk_size = asc->response_packet_junk_size;
@@ -127,11 +141,23 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
+ asc->init_packet_magic_header == asc->transport_packet_magic_header ||
+ asc->response_packet_magic_header == asc->cookie_packet_magic_header ||
+ asc->response_packet_magic_header == asc->transport_packet_magic_header ||
+ asc->cookie_packet_magic_header == asc->transport_packet_magic_header)
+ asc->cookie_packet_magic_header == asc->transport_packet_magic_header) {
+ net_dbg_ratelimited("%s: magic headers should differ; got: init:%d; recv:%d; unde:%d; tran:%d\n",
+ dev->name,
+ asc->init_packet_magic_header,
+ asc->response_packet_magic_header,
+ asc->cookie_packet_magic_header,
+ asc->transport_packet_magic_header);
+ ret = -1;
+ }
+
+ if (MESSAGE_INITIATION_SIZE + asc->init_packet_junk_size == MESSAGE_RESPONSE_SIZE + asc->response_packet_junk_size)
+ if (MESSAGE_INITIATION_SIZE + asc->init_packet_junk_size == MESSAGE_RESPONSE_SIZE + asc->response_packet_junk_size) {
+ net_dbg_ratelimited("%s: new init size:%d; and new response size:%d; should differ\n",
+ dev->name,
+ MESSAGE_INITIATION_SIZE + asc->init_packet_junk_size,
+ MESSAGE_RESPONSE_SIZE + asc->response_packet_junk_size);
+ ret = -1;
+ }
+
+out:
+ wg->advanced_security_config.advanced_security_enabled = a_sec_on;