CVS commit: src/sys/net

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/net
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Sun, 28 Jul 2024 14:45:51 +0000

Module Name:    src
Committed By:   riastradh
Date:           Sun Jul 28 14:45:51 UTC 2024

Modified Files:
        src/sys/net: if_wg.c

Log Message:
wg(4): On rx of valid ciphertext, make sure to update state machine.

Previously, we also required the plaintext to be a plausible-looking
IP packet before updating the state machine.

But keepalive packets are empty -- and if the peer initiated the
session to rekey after last tx but had no more data to tx, it will
send a keepalive to finish session initiation.

If we didn't update the state machine in that case, we would stay in
INIT_PASSIVE state unable to tx on the session, which would make
things hang.

So make sure to always update the state machine once we have accepted
a packet as genuine, even if it's genuine garbage on the inside.

PR kern/55729: net/if_wg/t_misc:wg_rekey test case fails
PR kern/56252: wg(4) state machine has race conditions
PR kern/58463: if_wg does not work when idle.


To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 src/sys/net/if_wg.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/net
Next by Date: CVS commit: src/sys/net
Previous by Thread: CVS commit: src/sys/net
Next by Thread: CVS commit: src/sys/net
Indexes:

Home | Main Index | Thread Index | Old Index