PR/56252 CVS commit: src/sys/net

To: riastradh%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, campbell+netbsd%mumble.net@localhost
Subject: PR/56252 CVS commit: src/sys/net
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Sun, 28 Jul 2024 14:50:06 +0000 (UTC)

The following reply was made to PR kern/56252; it has been noted by GNATS.

From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/56252 CVS commit: src/sys/net
Date: Sun, 28 Jul 2024 14:45:51 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Sun Jul 28 14:45:51 UTC 2024

 Modified Files:
 	src/sys/net: if_wg.c

 Log Message:
 wg(4): On rx of valid ciphertext, make sure to update state machine.

 Previously, we also required the plaintext to be a plausible-looking
 IP packet before updating the state machine.

 But keepalive packets are empty -- and if the peer initiated the
 session to rekey after last tx but had no more data to tx, it will
 send a keepalive to finish session initiation.

 If we didn't update the state machine in that case, we would stay in
 INIT_PASSIVE state unable to tx on the session, which would make
 things hang.

 So make sure to always update the state machine once we have accepted
 a packet as genuine, even if it's genuine garbage on the inside.

 PR kern/55729: net/if_wg/t_misc:wg_rekey test case fails
 PR kern/56252: wg(4) state machine has race conditions
 PR kern/58463: if_wg does not work when idle.

 To generate a diff of this commit:
 cvs rdiff -u -r1.101 -r1.102 src/sys/net/if_wg.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Prev by Date: PR/55729 CVS commit: src/sys/net
Next by Date: PR/56252 CVS commit: src/sys/net
Previous by Thread: PR/56252 CVS commit: src/sys/net
Next by Thread: PR/56252 CVS commit: src/sys/net
Indexes:

Home | Main Index | Thread Index | Old Index