summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/config.c8
-rw-r--r--src/fastd.h10
-rw-r--r--src/methods/cipher_test/cipher_test.c7
-rw-r--r--src/methods/generic_gcm/generic_gcm.c7
-rw-r--r--src/methods/generic_gmac/generic_gmac.c7
-rw-r--r--src/methods/generic_poly1305/generic_poly1305.c6
-rw-r--r--src/methods/null/null.c6
-rw-r--r--src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c7
-rw-r--r--src/receive.c2
-rw-r--r--src/tuntap.c2
10 files changed, 19 insertions, 43 deletions
diff --git a/src/config.c b/src/config.c
index 5e5c131..8f68b41 100644
--- a/src/config.c
+++ b/src/config.c
@@ -476,8 +476,8 @@ static void configure_user(fastd_context_t *ctx, fastd_config_t *conf) {
}
}
-static void configure_method_parameters(fastd_context_t *ctx, fastd_config_t *conf) {
- conf->max_packet_size = 0;
+static void configure_method_parameters(fastd_config_t *conf) {
+ conf->max_overhead = 0;
conf->min_encrypt_head_space = 0;
conf->min_decrypt_head_space = 0;
conf->min_encrypt_tail_space = 0;
@@ -487,7 +487,7 @@ static void configure_method_parameters(fastd_context_t *ctx, fastd_config_t *co
for (method_name = conf->methods; method_name; method_name = method_name->next) {
const fastd_method_t *method = fastd_method_get_by_name(method_name->str);
- conf->max_packet_size = max_size_t(conf->max_packet_size, method->max_packet_size(ctx));
+ conf->max_overhead = max_size_t(conf->max_overhead, method->max_overhead);
conf->min_encrypt_head_space = max_size_t(conf->min_encrypt_head_space, method->min_encrypt_head_space);
conf->min_decrypt_head_space = max_size_t(conf->min_decrypt_head_space, method->min_decrypt_head_space);
conf->min_encrypt_tail_space = max_size_t(conf->min_encrypt_tail_space, method->min_encrypt_tail_space);
@@ -545,7 +545,7 @@ void fastd_configure(fastd_context_t *ctx, fastd_config_t *conf, int argc, char
pr_warn(ctx, "`secure handshakes' not set, please read the documentation about this option; defaulting to no");
configure_user(ctx, conf);
- configure_method_parameters(ctx, conf);
+ configure_method_parameters(conf);
}
static void peer_dirs_read_peer_group(fastd_context_t *ctx, fastd_config_t *new_conf) {
diff --git a/src/fastd.h b/src/fastd.h
index 2536e71..66dd06f 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -81,7 +81,7 @@ struct fastd_protocol {
struct fastd_method {
bool (*provides)(const char *name);
- size_t (*max_packet_size)(fastd_context_t *ctx);
+ size_t max_overhead;
size_t min_encrypt_head_space;
size_t min_decrypt_head_space;
size_t min_encrypt_tail_space;
@@ -240,7 +240,7 @@ struct fastd_config {
const fastd_protocol_t *protocol;
fastd_string_stack_t *methods;
- size_t max_packet_size;
+ size_t max_overhead;
size_t min_encrypt_head_space;
size_t min_decrypt_head_space;
size_t min_encrypt_tail_space;
@@ -468,7 +468,7 @@ static inline void fastd_buffer_push_head(const fastd_context_t *ctx, fastd_buff
buffer->len -= len;
}
-static inline size_t fastd_max_packet_size(const fastd_context_t *ctx) {
+static inline size_t fastd_max_inner_packet(const fastd_context_t *ctx) {
switch (ctx->conf->mode) {
case MODE_TAP:
return ctx->conf->mtu+ETH_HLEN;
@@ -479,6 +479,10 @@ static inline size_t fastd_max_packet_size(const fastd_context_t *ctx) {
}
}
+static inline size_t fastd_max_outer_packet(const fastd_context_t *ctx) {
+ return PACKET_TYPE_LEN + fastd_max_inner_packet(ctx) + ctx->conf->max_overhead;
+}
+
static inline fastd_string_stack_t* fastd_string_stack_dup(const char *str) {
fastd_string_stack_t *ret = malloc(alignto(sizeof(fastd_string_stack_t) + strlen(str) + 1, 8));
ret->next = NULL;
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c
index 050e2a5..4891781 100644
--- a/src/methods/cipher_test/cipher_test.c
+++ b/src/methods/cipher_test/cipher_test.c
@@ -64,11 +64,6 @@ static bool method_provides(const char *name) {
return cipher_get(NULL, name, NULL, NULL);
}
-static size_t method_max_packet_size(fastd_context_t *ctx) {
- return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES);
-}
-
-
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
const fastd_cipher_t *cipher = NULL;
const fastd_cipher_context_t *cctx;
@@ -207,7 +202,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
const fastd_method_t fastd_method_cipher_test = {
.provides = method_provides,
- .max_packet_size = method_max_packet_size,
+ .max_overhead = COMMON_HEADBYTES,
.min_encrypt_head_space = 0,
.min_decrypt_head_space = 0,
.min_encrypt_tail_space = sizeof(fastd_block128_t)-1,
diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c
index a35a6c9..9738a2d 100644
--- a/src/methods/generic_gcm/generic_gcm.c
+++ b/src/methods/generic_gcm/generic_gcm.c
@@ -71,11 +71,6 @@ static bool method_provides(const char *name) {
return cipher_get(NULL, name, NULL, NULL);
}
-static size_t method_max_packet_size(fastd_context_t *ctx) {
- return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + sizeof(fastd_block128_t));
-}
-
-
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
const fastd_cipher_t *cipher = NULL;
const fastd_cipher_context_t *cctx;
@@ -270,7 +265,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
const fastd_method_t fastd_method_generic_gcm = {
.provides = method_provides,
- .max_packet_size = method_max_packet_size,
+ .max_overhead = COMMON_HEADBYTES + sizeof(fastd_block128_t),
.min_encrypt_head_space = sizeof(fastd_block128_t),
.min_decrypt_head_space = 0,
.min_encrypt_tail_space = sizeof(fastd_block128_t)-1,
diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c
index 71ee898..d6f7f9b 100644
--- a/src/methods/generic_gmac/generic_gmac.c
+++ b/src/methods/generic_gmac/generic_gmac.c
@@ -86,11 +86,6 @@ static bool method_provides(const char *name) {
return cipher_get(NULL, name, NULL, NULL, NULL, NULL);
}
-static size_t method_max_packet_size(fastd_context_t *ctx) {
- return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + sizeof(fastd_block128_t));
-}
-
-
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
const fastd_cipher_t *cipher = NULL;
const fastd_cipher_context_t *cctx;
@@ -303,7 +298,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
const fastd_method_t fastd_method_generic_gmac = {
.provides = method_provides,
- .max_packet_size = method_max_packet_size,
+ .max_overhead = COMMON_HEADBYTES + sizeof(fastd_block128_t),
.min_encrypt_head_space = 0,
.min_decrypt_head_space = 0,
.min_encrypt_tail_space = sizeof(fastd_block128_t)-1,
diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c
index 588e294..f3d630a 100644
--- a/src/methods/generic_poly1305/generic_poly1305.c
+++ b/src/methods/generic_poly1305/generic_poly1305.c
@@ -69,10 +69,6 @@ static bool method_provides(const char *name) {
return cipher_get(NULL, name, NULL, NULL);
}
-static size_t method_max_packet_size(fastd_context_t *ctx) {
- return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + crypto_onetimeauth_poly1305_BYTES);
-}
-
static size_t method_key_length(fastd_context_t *ctx, const char *name) {
const fastd_cipher_t *cipher = NULL;
const fastd_cipher_context_t *cctx;
@@ -239,7 +235,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
const fastd_method_t fastd_method_generic_poly1305 = {
.provides = method_provides,
- .max_packet_size = method_max_packet_size,
+ .max_overhead = COMMON_HEADBYTES + crypto_onetimeauth_poly1305_BYTES,
.min_encrypt_head_space = AUTHBLOCKS*sizeof(fastd_block128_t),
.min_decrypt_head_space = AUTHBLOCKS*sizeof(fastd_block128_t) - crypto_onetimeauth_poly1305_BYTES,
.min_encrypt_tail_space = sizeof(fastd_block128_t)-1,
diff --git a/src/methods/null/null.c b/src/methods/null/null.c
index 1b50cfb..3f23866 100644
--- a/src/methods/null/null.c
+++ b/src/methods/null/null.c
@@ -37,10 +37,6 @@ static bool method_provides(const char *name) {
return !strcmp(name, "null");
}
-static size_t method_max_packet_size(fastd_context_t *ctx) {
- return fastd_max_packet_size(ctx);
-}
-
static size_t method_key_length(fastd_context_t *ctx UNUSED, const char *name UNUSED) {
return 0;
}
@@ -86,7 +82,7 @@ static bool method_passthrough(fastd_context_t *ctx UNUSED, fastd_peer_t *peer U
const fastd_method_t fastd_method_null = {
.provides = method_provides,
- .max_packet_size = method_max_packet_size,
+ .max_overhead = 0,
.min_encrypt_head_space = 0,
.min_decrypt_head_space = 0,
.min_encrypt_tail_space = 0,
diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
index f55db76..c6e22fb 100644
--- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
+++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
@@ -41,11 +41,6 @@ static bool method_provides(const char *name) {
return !strcmp(name, "xsalsa20-poly1305");
}
-static size_t method_max_packet_size(fastd_context_t *ctx) {
- return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES);
-}
-
-
static size_t method_key_length(fastd_context_t *ctx UNUSED, const char *name UNUSED) {
return crypto_secretbox_xsalsa20poly1305_KEYBYTES;
}
@@ -160,7 +155,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
const fastd_method_t fastd_method_xsalsa20_poly1305 = {
.provides = method_provides,
- .max_packet_size = method_max_packet_size,
+ .max_overhead = COMMON_HEADBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES,
.min_encrypt_head_space = crypto_secretbox_xsalsa20poly1305_ZEROBYTES,
.min_decrypt_head_space = crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES - COMMON_HEADBYTES,
.min_encrypt_tail_space = 0,
diff --git a/src/receive.c b/src/receive.c
index 9bf127d..39ede66 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -145,7 +145,7 @@ static inline void handle_socket_receive(fastd_context_t *ctx, fastd_socket_t *s
}
void fastd_receive(fastd_context_t *ctx, fastd_socket_t *sock) {
- size_t max_len = PACKET_TYPE_LEN + ctx->conf->max_packet_size;
+ size_t max_len = fastd_max_outer_packet(ctx);
fastd_buffer_t buffer = fastd_buffer_alloc(ctx, max_len, ctx->conf->min_decrypt_head_space, ctx->conf->min_decrypt_tail_space);
fastd_peer_address_t local_addr;
fastd_peer_address_t recvaddr;
diff --git a/src/tuntap.c b/src/tuntap.c
index b9ff646..b1820f9 100644
--- a/src/tuntap.c
+++ b/src/tuntap.c
@@ -281,7 +281,7 @@ void fastd_tuntap_open(fastd_context_t *ctx) {
fastd_buffer_t fastd_tuntap_read(fastd_context_t *ctx) {
- size_t max_len = fastd_max_packet_size(ctx);
+ size_t max_len = fastd_max_inner_packet(ctx);
fastd_buffer_t buffer;
if (multiaf_tun && ctx->conf->mode == MODE_TUN)