From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
"Dave Taht" <dave.taht@gmail.com>,
"Toke Høiland-Jørgensen" <toke@toke.dk>,
"David S . Miller" <davem@davemloft.net>,
"Sasha Levin" <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.6 24/47] wireguard: queueing: preserve flow hash across packet scrubbing
Date: Thu, 28 May 2020 07:55:37 -0400 [thread overview]
Message-ID: <20200528115600.1405808-24-sashal@kernel.org> (raw)
In-Reply-To: <20200528115600.1405808-1-sashal@kernel.org>
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
[ Upstream commit c78a0b4a78839d572d8a80f6a62221c0d7843135 ]
It's important that we clear most header fields during encapsulation and
decapsulation, because the packet is substantially changed, and we don't
want any info leak or logic bug due to an accidental correlation. But,
for encapsulation, it's wrong to clear skb->hash, since it's used by
fq_codel and flow dissection in general. Without it, classification does
not proceed as usual. This change might make it easier to estimate the
number of innerflows by examining clustering of out of order packets,
but this shouldn't open up anything that can't already be inferred
otherwise (e.g. syn packet size inference), and fq_codel can be disabled
anyway.
Furthermore, it might be the case that the hash isn't used or queried at
all until after wireguard transmits the encrypted UDP packet, which
means skb->hash might still be zero at this point, and thus no hash
taken over the inner packet data. In order to address this situation, we
force a calculation of skb->hash before encrypting packet data.
Of course this means that fq_codel might transmit packets slightly more
out of order than usual. Toke did some testing on beefy machines with
high quantities of parallel flows and found that increasing the
reply-attack counter to 8192 takes care of the most pathological cases
pretty well.
Reported-by: Dave Taht <dave.taht@gmail.com>
Reviewed-and-tested-by: Toke Høiland-Jørgensen <toke@toke.dk>
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireguard/messages.h | 2 +-
drivers/net/wireguard/queueing.h | 10 +++++++++-
drivers/net/wireguard/receive.c | 2 +-
drivers/net/wireguard/send.c | 7 ++++++-
4 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireguard/messages.h b/drivers/net/wireguard/messages.h
index b8a7b9ce32ba..208da72673fc 100644
--- a/drivers/net/wireguard/messages.h
+++ b/drivers/net/wireguard/messages.h
@@ -32,7 +32,7 @@ enum cookie_values {
};
enum counter_values {
- COUNTER_BITS_TOTAL = 2048,
+ COUNTER_BITS_TOTAL = 8192,
COUNTER_REDUNDANT_BITS = BITS_PER_LONG,
COUNTER_WINDOW_SIZE = COUNTER_BITS_TOTAL - COUNTER_REDUNDANT_BITS
};
diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h
index 3432232afe06..c58df439dbbe 100644
--- a/drivers/net/wireguard/queueing.h
+++ b/drivers/net/wireguard/queueing.h
@@ -87,12 +87,20 @@ static inline bool wg_check_packet_protocol(struct sk_buff *skb)
return real_protocol && skb->protocol == real_protocol;
}
-static inline void wg_reset_packet(struct sk_buff *skb)
+static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating)
{
+ u8 l4_hash = skb->l4_hash;
+ u8 sw_hash = skb->sw_hash;
+ u32 hash = skb->hash;
skb_scrub_packet(skb, true);
memset(&skb->headers_start, 0,
offsetof(struct sk_buff, headers_end) -
offsetof(struct sk_buff, headers_start));
+ if (encapsulating) {
+ skb->l4_hash = l4_hash;
+ skb->sw_hash = sw_hash;
+ skb->hash = hash;
+ }
skb->queue_mapping = 0;
skb->nohdr = 0;
skb->peeked = 0;
diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c
index 2566e13a292d..758d6a019184 100644
--- a/drivers/net/wireguard/receive.c
+++ b/drivers/net/wireguard/receive.c
@@ -485,7 +485,7 @@ int wg_packet_rx_poll(struct napi_struct *napi, int budget)
if (unlikely(wg_socket_endpoint_from_skb(&endpoint, skb)))
goto next;
- wg_reset_packet(skb);
+ wg_reset_packet(skb, false);
wg_packet_consume_data_done(peer, skb, &endpoint);
free = false;
diff --git a/drivers/net/wireguard/send.c b/drivers/net/wireguard/send.c
index e8a7d0a0cb88..0d64a7531f64 100644
--- a/drivers/net/wireguard/send.c
+++ b/drivers/net/wireguard/send.c
@@ -170,6 +170,11 @@ static bool encrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair)
struct sk_buff *trailer;
int num_frags;
+ /* Force hash calculation before encryption so that flow analysis is
+ * consistent over the inner packet.
+ */
+ skb_get_hash(skb);
+
/* Calculate lengths. */
padding_len = calculate_skb_padding(skb);
trailer_len = padding_len + noise_encrypted_len(0);
@@ -298,7 +303,7 @@ void wg_packet_encrypt_worker(struct work_struct *work)
skb_list_walk_safe(first, skb, next) {
if (likely(encrypt_packet(skb,
PACKET_CB(first)->keypair))) {
- wg_reset_packet(skb);
+ wg_reset_packet(skb, true);
} else {
state = PACKET_STATE_DEAD;
break;
--
2.25.1
next prev parent reply other threads:[~2020-05-28 12:09 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-28 11:55 [PATCH AUTOSEL 5.6 01/47] ARC: Fix ICCM & DCCM runtime size checks Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 02/47] ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 03/47] efi/libstub: Avoid returning uninitialized data from setup_graphics() Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 04/47] evm: Fix RCU list related warnings Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 05/47] scsi: pm: Balance pm_only counter of request queue during system resume Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 06/47] efi/earlycon: Fix early printk for wider fonts Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 07/47] x86/hyperv: Properly suspend/resume reenlightenment notifications Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 08/47] dmaengine: ti: k3-udma: Fix TR mode flags for slave_sg and memcpy Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 09/47] i2c: altera: Fix race between xfer_msg and isr thread Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 10/47] io_uring: initialize ctx->sqo_wait earlier Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 11/47] io_uring: don't prepare DRAIN reqs twice Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 12/47] io_uring: fix FORCE_ASYNC req preparation Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 13/47] net: phy: propagate an error back to the callers of phy_sfp_probe Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 14/47] net sched: fix reporting the first-time use timestamp Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 15/47] x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 16/47] net: bmac: Fix read of MAC address from ROM Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 17/47] r8152: support additional Microsoft Surface Ethernet Adapter variant Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 18/47] drm/edid: Add Oculus Rift S to non-desktop list Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 19/47] s390/mm: fix set_huge_pte_at() for empty ptes Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 20/47] io_uring: reset -EBUSY error when io sq thread is waken up Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 21/47] drm/amd/display: DP training to set properly SCRAMBLING_DISABLE Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 22/47] riscv: Fix print_vm_layout build error if NOMMU Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 23/47] wireguard: selftests: use newer iproute2 for gcc-10 Sasha Levin
2020-05-28 11:55 ` Sasha Levin [this message]
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 25/47] null_blk: return error for invalid zone size Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 26/47] net: ethernet: ti: fix some return value check of cpsw_ale_create() Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 27/47] net: sgi: ioc3-eth: Fix return value check in ioc3eth_probe() Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 28/47] felix: Fix initialization of ioremap resources Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 29/47] net: mvpp2: fix RX hashing for non-10G ports Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 30/47] net/ethernet/freescale: rework quiesce/activate for ucc_geth Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 31/47] net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 32/47] mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 33/47] selftests: mlxsw: qos_mc_aware: Specify arping timeout as an integer Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 34/47] r8169: fix OCP access on RTL8117 Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 35/47] net: mscc: ocelot: fix address ageing time (again) Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 36/47] net: sun: fix missing release regions in cas_init_one() Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 37/47] net/mlx5: Add command entry handling completion Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 38/47] net/mlx5: Fix a race when moving command interface to events mode Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 39/47] net/mlx5e: Fix inner tirs handling Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 40/47] net/mlx5: Fix memory leak in mlx5_events_init Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 41/47] net/mlx5: Fix cleaning unmanaged flow tables Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 42/47] net/mlx5e: Update netdev txq on completions during closure Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 43/47] net/mlx5: Fix error flow in case of function_setup failure Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 44/47] net: Fix return value about devm_platform_ioremap_resource() Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 45/47] net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend Sasha Levin
2020-05-28 11:55 ` [PATCH AUTOSEL 5.6 46/47] net/mlx4_core: fix a memory leak bug Sasha Levin
2020-05-28 11:56 ` [PATCH AUTOSEL 5.6 47/47] net: smsc911x: Fix runtime PM imbalance on error Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200528115600.1405808-24-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=Jason@zx2c4.com \
--cc=dave.taht@gmail.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=toke@toke.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).