Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: src
Module Name: src
Committed By: riastradh
Date: Tue Jun 30 20:05:12 UTC 2026
Modified Files:
src/sys/net: if_wg.c
src/tests/net/if_wg: t_basic.sh
Log Message:
wg(4): Move DoS mitigation a little earlier.
1. Don't store the cookie -- just recompute it on the fly as a
pseudorandom function of the current two-minute unit, under a
secret key generated at interface configuration time.
This way we don't need to find what peer we're talking with --
which requires a DH key agreement -- before we can verify mac2.
2. Actually, recompute _two_ cookies on the fly, one for
floor(now/60) and the other for 1 + floor(now/60), and accept a
valid mac2 under either cookie, or if mac2 is not valid, send the
1 + floor(now/60) cookie.
This way every cookie is valid for a total possible time of 2min,
but the cookie we send is always valid for at least 1min in the
future, so we never send a cookie that's going to immediately
expire and require another REKEY-TIMEOUT delay (and this works
without keeping any state).
3. Send the cookie to the handshake's source address, not to the
peer's current address.
This way we don't need to find what peer we're talking with --
which requires a DH key agreement -- before we can send a cookie
back. And this way we don't send the cookie to a stale peer
address, in case the peer has migrated networks.
4. Count all handshakes from any sources together when estimating
whether we're under load.
This way, again, we don't need to find what peer we're talking
with -- which, you guessed it, requires a DH key agreement! --
before we can decide whether we're under load. Contention on
these timestamps may not be great, but it's probably cheaper than
computing DH key agreements (tens or hundreds of thousands of
cycles).
=> Side effect: this causes some of the tests (multiple
interfaces, multiple peers, bad handshake keys) to trigger the
`under load' estimation when they didn't before, so we have to
raise the test timeouts a little bit (from 1sec to 3sec for
various pings) even if we tune REKEY-TIMEOUT to the minimum
possible (1sec). So the wg(4) tests take a few more seconds to
run now.
PR kern/60386: experimental wg(4) DoS mitigation is suboptimal
To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 src/sys/net/if_wg.c
cvs rdiff -u -r1.9 -r1.10 src/tests/net/if_wg/t_basic.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index