aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard/wireguard_chachapoly.c
AgeCommit message (Collapse)AuthorFilesLines
47 hourswireguard: use clib helpers for endiannessGuillaume Solignac1-4/+4
In some cases, the Linux helpers for endianness conversion are not present. We use clib helpers to fix this. Type: fix Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I4d21fb5edae6fa6413b10f298a84ff4b88bda5db Signed-off-by: Pierre Pfister <ppfister@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-08-08wireguard: add dos mitigation supportAlexander Chernavin1-0/+30
Type: feature With this change: - if the number of received handshake messages exceeds the limit calculated based on the peers number, under load state will activate; - if being under load a handshake message with a valid mac1 is received, but mac2 is invalid, a cookie reply will be sent. Also, cover these with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I3003570a9cf807cfb0b5145b89a085455c30e717
2022-08-03wireguard: add processing of received cookie messagesAlexander Chernavin1-0/+103
Type: feature Currently, if a handshake message is sent and a cookie message is received in reply, the cookie message will be ignored. Thus, further handshake messages will not have valid mac2 and handshake will not be able to be completed. With this change, process received cookie messages to be able to calculate mac2 for further handshake messages sent. Cover this with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I6d51459778b7145be7077badec479b2aa85960b9