wireguard: add dos mitigation support

[vpp.git] / src / plugins / wireguard / wireguard_output_tun.c

diff --git a/src/plugins/wireguard/wireguard_output_tun.c b/src/plugins/wireguard/wireguard_output_tun.c
index f7ae4d1..64aaba7 100644 (file)
--- a/src/plugins/wireguard/wireguard_output_tun.c
+++ b/src/plugins/wireguard/wireguard_output_tun.c
@@ -282,7 +282,7 @@ wg_add_to_async_frame (vlib_main_t *vm, wg_per_thread_data_t *ptd,
   *r_idx = kp->kp_remote_index;
 
   clib_memset (iv, 0, 4);
-  clib_memcpy (iv + 4, nonce, sizeof (nonce));
+  clib_memcpy (iv + 4, nonce, sizeof (*nonce));
 
   /* this always succeeds because we know the frame is not full */
   wg_output_tun_add_to_frame (vm, async_frame, kp->kp_send_index, payload_len,
@@ -371,6 +371,11 @@ wg_output_tun_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
       if (PREDICT_FALSE (last_adj_index != adj_index))
        {
          peeri = wg_peer_get_by_adj_index (adj_index);
+         if (peeri == INDEX_INVALID)
+           {
+             b[0]->error = node->errors[WG_OUTPUT_ERROR_PEER];
+             goto out;
+           }
          peer = wg_peer_get (peeri);
        }