From 7a3e0aeb6fbed082a865dcfe53a04217f4ee3025 Mon Sep 17 00:00:00 2001
From: Iurii Egorov <ye@amnezia.org>
Date: Thu, 1 Feb 2024 14:52:10 +0300
Subject: [PATCH] UAPI errors handling

---
 kmod-amneziawg/files/amnezia-sources.patch | 34 +++++++++++++++++++---
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/kmod-amneziawg/files/amnezia-sources.patch b/kmod-amneziawg/files/amnezia-sources.patch
index 04dd188..d1f58d1 100644
--- a/kmod-amneziawg/files/amnezia-sources.patch
+++ b/kmod-amneziawg/files/amnezia-sources.patch
@@ -44,7 +44,7 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
  	pr_debug("%s: Interface created\n", dev->name);
  	return ret;
  
-@@ -475,4 +480,92 @@
+@@ -475,4 +480,118 @@
  	unregister_random_vmfork_notifier(&vm_notifier);
  	unregister_pm_notifier(&pm_notifier);
  	rcu_barrier();
@@ -59,8 +59,10 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
 +	if (!asc->advanced_security_enabled)
 +		goto out;
 +
-+	if (asc->junk_packet_count < 0)
++	if (asc->junk_packet_count < 0) {
++		net_dbg_ratelimited("%s: JunkPacketCount should be non negative\n", dev->name);
 +		ret = -1;
++	}
 +
 +	wg->advanced_security_config.junk_packet_count = asc->junk_packet_count;
 +	if (asc->junk_packet_count != 0)
@@ -77,8 +79,14 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
 +		wg->advanced_security_config.junk_packet_min_size = 0;
 +		wg->advanced_security_config.junk_packet_max_size = 1;
 +
++		net_dbg_ratelimited("%s: JunkPacketMaxSize: %d; should be smaller than maxSegmentSize: %d\n",
++							dev->name, asc->junk_packet_max_size,
++							MESSAGE_MAX_SIZE);
 +		ret = -1;
 +	} else if (asc->junk_packet_max_size < asc->junk_packet_min_size) {
++		net_dbg_ratelimited("%s: maxSize: %d; should be greater than minSize: %d\n",
++							dev->name, asc->junk_packet_max_size,
++							asc->junk_packet_min_size);
 +		ret = -1;
 +	} else
 +		wg->advanced_security_config.junk_packet_max_size = asc->junk_packet_max_size;
@@ -87,6 +95,9 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
 +		a_sec_on = true;
 +
 +	if (asc->init_packet_junk_size + MESSAGE_INITIATION_SIZE >= MESSAGE_MAX_SIZE) {
++		net_dbg_ratelimited("%s: init header size (%d) + junkSize (%d) should be smaller than maxSegmentSize: %d\n",
++		                    dev->name, MESSAGE_INITIATION_SIZE,
++							asc->init_packet_junk_size, MESSAGE_MAX_SIZE);
 +		ret = -1;
 +	} else
 +		wg->advanced_security_config.init_packet_junk_size = asc->init_packet_junk_size;
@@ -95,6 +106,9 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
 +		a_sec_on = true;
 +
 +	if (asc->response_packet_junk_size + MESSAGE_RESPONSE_SIZE >= MESSAGE_MAX_SIZE) {
++		net_dbg_ratelimited("%s: response header size (%d) + junkSize (%d) should be smaller than maxSegmentSize: %d\n",
++		                    dev->name, MESSAGE_RESPONSE_SIZE,
++		                    asc->response_packet_junk_size, MESSAGE_MAX_SIZE);
 +		ret = -1;
 +	} else
 +		wg->advanced_security_config.response_packet_junk_size = asc->response_packet_junk_size;
@@ -127,11 +141,23 @@ diff --color -urN -x uapi -x compat -x crypto -x .idea -x tests -x Kbuild -x Kco
 +			asc->init_packet_magic_header == asc->transport_packet_magic_header ||
 +			asc->response_packet_magic_header == asc->cookie_packet_magic_header ||
 +			asc->response_packet_magic_header == asc->transport_packet_magic_header ||
-+			asc->cookie_packet_magic_header == asc->transport_packet_magic_header)
++			asc->cookie_packet_magic_header == asc->transport_packet_magic_header) {
++		net_dbg_ratelimited("%s: magic headers should differ; got: init:%d; recv:%d; unde:%d; tran:%d\n",
++		                    dev->name,
++							asc->init_packet_magic_header,
++		                    asc->response_packet_magic_header,
++							asc->cookie_packet_magic_header,
++							asc->transport_packet_magic_header);
 +		ret = -1;
++	}
 +
-+	if (MESSAGE_INITIATION_SIZE + asc->init_packet_junk_size == MESSAGE_RESPONSE_SIZE + asc->response_packet_junk_size)
++	if (MESSAGE_INITIATION_SIZE + asc->init_packet_junk_size == MESSAGE_RESPONSE_SIZE + asc->response_packet_junk_size) {
++		net_dbg_ratelimited("%s: new init size:%d; and new response size:%d; should differ\n",
++		                    dev->name,
++		                    MESSAGE_INITIATION_SIZE + asc->init_packet_junk_size,
++		                    MESSAGE_RESPONSE_SIZE + asc->response_packet_junk_size);
 +		ret = -1;
++	}
 +
 +out:
 +	wg->advanced_security_config.advanced_security_enabled = a_sec_on;