33 #define SKB_TYPE_LE32(skb) (((struct message_header *)(skb)->data)->type)  argument
35 static size_t validate_header_len(struct sk_buff *skb)  in validate_header_len()  argument
37 	if (unlikely(skb->len < sizeof(struct message_header)))  in validate_header_len()
39 	if (SKB_TYPE_LE32(skb) == cpu_to_le32(MESSAGE_DATA) &&  in validate_header_len()
40 	    skb->len >= MESSAGE_MINIMUM_LENGTH)  in validate_header_len()
42 	if (SKB_TYPE_LE32(skb) == cpu_to_le32(MESSAGE_HANDSHAKE_INITIATION) &&  in validate_header_len()
43 	    skb->len == sizeof(struct message_handshake_initiation))  in validate_header_len()
45 	if (SKB_TYPE_LE32(skb) == cpu_to_le32(MESSAGE_HANDSHAKE_RESPONSE) &&  in validate_header_len()
46 	    skb->len == sizeof(struct message_handshake_response))  in validate_header_len()
48 	if (SKB_TYPE_LE32(skb) == cpu_to_le32(MESSAGE_HANDSHAKE_COOKIE) &&  in validate_header_len()
49 	    skb->len == sizeof(struct message_handshake_cookie))  in validate_header_len()
54 static int prepare_skb_header(struct sk_buff *skb, struct wg_device *wg)  in prepare_skb_header()  argument
59 	if (unlikely(!wg_check_packet_protocol(skb) ||  in prepare_skb_header()
60 		     skb_transport_header(skb) < skb->head ||  in prepare_skb_header()
61 		     (skb_transport_header(skb) + sizeof(struct udphdr)) >  in prepare_skb_header()
62 			     skb_tail_pointer(skb)))  in prepare_skb_header()
64 	udp = udp_hdr(skb);  in prepare_skb_header()
65 	data_offset = (u8 *)udp - skb->data;  in prepare_skb_header()
67 		     data_offset + sizeof(struct udphdr) > skb->len))  in prepare_skb_header()
74 		     data_len > skb->len - data_offset))  in prepare_skb_header()
80 	data_offset = (u8 *)udp + sizeof(struct udphdr) - skb->data;  in prepare_skb_header()
81 	if (unlikely(!pskb_may_pull(skb,  in prepare_skb_header()
83 		     pskb_trim(skb, data_len + data_offset) < 0))  in prepare_skb_header()
85 	skb_pull(skb, data_offset);  in prepare_skb_header()
86 	if (unlikely(skb->len != data_len))  in prepare_skb_header()
89 	header_len = validate_header_len(skb);  in prepare_skb_header()
92 	__skb_push(skb, data_offset);  in prepare_skb_header()
93 	if (unlikely(!pskb_may_pull(skb, data_offset + header_len)))  in prepare_skb_header()
95 	__skb_pull(skb, data_offset);  in prepare_skb_header()
100 					struct sk_buff *skb)  in wg_receive_handshake_packet()  argument
111 	if (SKB_TYPE_LE32(skb) == cpu_to_le32(MESSAGE_HANDSHAKE_COOKIE)) {  in wg_receive_handshake_packet()
113 					wg->dev->name, skb);  in wg_receive_handshake_packet()
115 			(struct message_handshake_cookie *)skb->data, wg);  in wg_receive_handshake_packet()
128 	mac_state = wg_cookie_validate_packet(&wg->cookie_checker, skb,  in wg_receive_handshake_packet()
137 					wg->dev->name, skb);  in wg_receive_handshake_packet()
141 	switch (SKB_TYPE_LE32(skb)) {  in wg_receive_handshake_packet()
144 			(struct message_handshake_initiation *)skb->data;  in wg_receive_handshake_packet()
147 			wg_packet_send_handshake_cookie(wg, skb,  in wg_receive_handshake_packet()
154 						wg->dev->name, skb);  in wg_receive_handshake_packet()
157 		wg_socket_set_peer_endpoint_from_skb(peer, skb);  in wg_receive_handshake_packet()
166 			(struct message_handshake_response *)skb->data;  in wg_receive_handshake_packet()
169 			wg_packet_send_handshake_cookie(wg, skb,  in wg_receive_handshake_packet()
176 						wg->dev->name, skb);  in wg_receive_handshake_packet()
179 		wg_socket_set_peer_endpoint_from_skb(peer, skb);  in wg_receive_handshake_packet()
205 	update_rx_stats(peer, skb->len);  in wg_receive_handshake_packet()
217 	struct sk_buff *skb;  in wg_packet_handshake_receive_worker()  local
219 	while ((skb = ptr_ring_consume_bh(&queue->ring)) != NULL) {  in wg_packet_handshake_receive_worker()
220 		wg_receive_handshake_packet(wg, skb);  in wg_packet_handshake_receive_worker()
221 		dev_kfree_skb(skb);  in wg_packet_handshake_receive_worker()
249 static bool decrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair)  in decrypt_packet()  argument
266 	PACKET_CB(skb)->nonce =  in decrypt_packet()
267 		le64_to_cpu(((struct message_data *)skb->data)->counter);  in decrypt_packet()
273 	offset = skb->data - skb_network_header(skb);  in decrypt_packet()
274 	skb_push(skb, offset);  in decrypt_packet()
275 	num_frags = skb_cow_data(skb, 0, &trailer);  in decrypt_packet()
277 	skb_pull(skb, offset);  in decrypt_packet()
282 	if (skb_to_sgvec(skb, sg, 0, skb->len) <= 0)  in decrypt_packet()
285 	if (!chacha20poly1305_decrypt_sg_inplace(sg, skb->len, NULL, 0,  in decrypt_packet()
286 					         PACKET_CB(skb)->nonce,  in decrypt_packet()
293 	skb_push(skb, offset);  in decrypt_packet()
294 	if (pskb_trim(skb, skb->len - noise_encrypted_len(0)))  in decrypt_packet()
296 	skb_pull(skb, offset);  in decrypt_packet()
343 					struct sk_buff *skb,  in wg_packet_consume_data_done()  argument
353 						    PACKET_CB(skb)->keypair))) {  in wg_packet_consume_data_done()
364 	if (unlikely(!skb->len)) {  in wg_packet_consume_data_done()
374 	if (unlikely(skb_network_header(skb) < skb->head))  in wg_packet_consume_data_done()
376 	if (unlikely(!(pskb_network_may_pull(skb, sizeof(struct iphdr)) &&  in wg_packet_consume_data_done()
377 		       (ip_hdr(skb)->version == 4 ||  in wg_packet_consume_data_done()
378 			(ip_hdr(skb)->version == 6 &&  in wg_packet_consume_data_done()
379 			 pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))))))  in wg_packet_consume_data_done()
382 	skb->dev = dev;  in wg_packet_consume_data_done()
389 	skb->ip_summed = CHECKSUM_UNNECESSARY;  in wg_packet_consume_data_done()
390 	skb->csum_level = ~0; /* All levels */  in wg_packet_consume_data_done()
391 	skb->protocol = ip_tunnel_parse_protocol(skb);  in wg_packet_consume_data_done()
392 	if (skb->protocol == htons(ETH_P_IP)) {  in wg_packet_consume_data_done()
393 		len = ntohs(ip_hdr(skb)->tot_len);  in wg_packet_consume_data_done()
396 		INET_ECN_decapsulate(skb, PACKET_CB(skb)->ds, ip_hdr(skb)->tos);  in wg_packet_consume_data_done()
397 	} else if (skb->protocol == htons(ETH_P_IPV6)) {  in wg_packet_consume_data_done()
398 		len = ntohs(ipv6_hdr(skb)->payload_len) +  in wg_packet_consume_data_done()
400 		INET_ECN_decapsulate(skb, PACKET_CB(skb)->ds, ipv6_get_dsfield(ipv6_hdr(skb)));  in wg_packet_consume_data_done()
405 	if (unlikely(len > skb->len))  in wg_packet_consume_data_done()
407 	len_before_trim = skb->len;  in wg_packet_consume_data_done()
408 	if (unlikely(pskb_trim(skb, len)))  in wg_packet_consume_data_done()
412 					       skb);  in wg_packet_consume_data_done()
418 	napi_gro_receive(&peer->napi, skb);  in wg_packet_consume_data_done()
424 				dev->name, skb, peer->internal_id,  in wg_packet_consume_data_done()
442 	dev_kfree_skb(skb);  in wg_packet_consume_data_done()
451 	struct sk_buff *skb;  in wg_packet_rx_poll()  local
458 	while ((skb = wg_prev_queue_peek(&peer->rx_queue)) != NULL &&  in wg_packet_rx_poll()
459 	       (state = atomic_read_acquire(&PACKET_CB(skb)->state)) !=  in wg_packet_rx_poll()
462 		keypair = PACKET_CB(skb)->keypair;  in wg_packet_rx_poll()
469 					       PACKET_CB(skb)->nonce))) {  in wg_packet_rx_poll()
472 					    PACKET_CB(skb)->nonce,  in wg_packet_rx_poll()
477 		if (unlikely(wg_socket_endpoint_from_skb(&endpoint, skb)))  in wg_packet_rx_poll()
480 		wg_reset_packet(skb, false);  in wg_packet_rx_poll()
481 		wg_packet_consume_data_done(peer, skb, &endpoint);  in wg_packet_rx_poll()
488 			dev_kfree_skb(skb);  in wg_packet_rx_poll()
504 	struct sk_buff *skb;  in wg_packet_decrypt_worker()  local
506 	while ((skb = ptr_ring_consume_bh(&queue->ring)) != NULL) {  in wg_packet_decrypt_worker()
508 			likely(decrypt_packet(skb, PACKET_CB(skb)->keypair)) ?  in wg_packet_decrypt_worker()
510 		wg_queue_enqueue_per_peer_rx(skb, state);  in wg_packet_decrypt_worker()
516 static void wg_packet_consume_data(struct wg_device *wg, struct sk_buff *skb)  in wg_packet_consume_data()  argument
518 	__le32 idx = ((struct message_data *)skb->data)->key_idx;  in wg_packet_consume_data()
523 	PACKET_CB(skb)->keypair =  in wg_packet_consume_data()
527 	if (unlikely(!wg_noise_keypair_get(PACKET_CB(skb)->keypair)))  in wg_packet_consume_data()
533 	ret = wg_queue_enqueue_per_device_and_peer(&wg->decrypt_queue, &peer->rx_queue, skb,  in wg_packet_consume_data()
536 		wg_queue_enqueue_per_peer_rx(skb, PACKET_STATE_DEAD);  in wg_packet_consume_data()
542 	wg_noise_keypair_put(PACKET_CB(skb)->keypair, false);  in wg_packet_consume_data()
546 	dev_kfree_skb(skb);  in wg_packet_consume_data()
549 void wg_packet_receive(struct wg_device *wg, struct sk_buff *skb)  in wg_packet_receive()  argument
551 	if (unlikely(prepare_skb_header(skb, wg) < 0))  in wg_packet_receive()
553 	switch (SKB_TYPE_LE32(skb)) {  in wg_packet_receive()
563 				ret = __ptr_ring_produce(&wg->handshake_queue.ring, skb);  in wg_packet_receive()
567 			ret = ptr_ring_produce_bh(&wg->handshake_queue.ring, skb);  in wg_packet_receive()
571 						wg->dev->name, skb);  in wg_packet_receive()
582 		PACKET_CB(skb)->ds = ip_tunnel_get_dsfield(ip_hdr(skb), skb);  in wg_packet_receive()
583 		wg_packet_consume_data(wg, skb);  in wg_packet_receive()
592 	dev_kfree_skb(skb);  in wg_packet_receive()