Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 03aae96) | patch
wireguard: add dos mitigation support 14/36714/4
authorAlexander Chernavin <achernavin@netgate.com>
Wed, 20 Jul 2022 12:43:42 +0000 (12:43 +0000)
committerFan Zhang <roy.fan.zhang@intel.com>
Mon, 8 Aug 2022 14:24:06 +0000 (14:24 +0000)
commitce91af8ad27e5ddef1e1f8316129bfcaa3de9ef6
tree42fa54977a8b413e43d7b03f27ce8a256ad8f109tree | snapshot
parent03aae9637922023dd77955cb15caafb7ce309200commit | diff
wireguard: add dos mitigation support

Type: feature

With this change:
 - if the number of received handshake messages exceeds the limit
   calculated based on the peers number, under load state will activate;
 - if being under load a handshake message with a valid mac1 is
   received, but mac2 is invalid, a cookie reply will be sent.

Also, cover these with tests.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I3003570a9cf807cfb0b5145b89a085455c30e717
src/plugins/wireguard/wireguard_chachapoly.c diff | blob | history
src/plugins/wireguard/wireguard_chachapoly.h diff | blob | history
src/plugins/wireguard/wireguard_cookie.c diff | blob | history
src/plugins/wireguard/wireguard_cookie.h diff | blob | history
src/plugins/wireguard/wireguard_if.c diff | blob | history
src/plugins/wireguard/wireguard_if.h diff | blob | history
src/plugins/wireguard/wireguard_input.c diff | blob | history
src/plugins/wireguard/wireguard_peer.c diff | blob | history
src/plugins/wireguard/wireguard_send.c diff | blob | history
src/plugins/wireguard/wireguard_send.h diff | blob | history
test/test_wireguard.py diff | blob | history
Vector Packet Processing