-
Notifications
You must be signed in to change notification settings - Fork 2
/
atomic-u32.patch
69 lines (61 loc) · 2.41 KB
/
atomic-u32.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
--- b/boringtun/src/device/mod.rs
+++ a/boringtun/src/device/mod.rs
@@ -50,7 +50,7 @@
use dev_lock::{Lock, LockReadGuard};
-const HANDSHAKE_RATE_LIMIT: u64 = 100; // The number of handshakes per second we can tolerate before using cookies
+const HANDSHAKE_RATE_LIMIT: u32 = 100; // The number of handshakes per second we can tolerate before using cookies
const MAX_UDP_SIZE: usize = (1 << 16) - 1;
const MAX_ITR: usize = 100; // Number of packets to handle per handler call
--- b/boringtun/src/noise/mod.rs
+++ a/boringtun/src/noise/mod.rs
@@ -21,7 +21,7 @@
use std::time::Duration;
/// The default value to use for rate limiting, when no other rate limiter is defined
-const PEER_HANDSHAKE_RATE_LIMIT: u64 = 10;
+const PEER_HANDSHAKE_RATE_LIMIT: u32 = 10;
const IPV4_MIN_HEADER_SIZE: usize = 20;
const IPV4_LEN_OFF: usize = 2;
--- b/boringtun/src/noise/rate_limiter.rs
+++ a/boringtun/src/noise/rate_limiter.rs
@@ -3,7 +3,7 @@
use crate::noise::{HandshakeInit, HandshakeResponse, Packet, Tunn, TunnResult, WireGuardError};
use std::net::IpAddr;
-use std::sync::atomic::{AtomicU64, Ordering};
+use std::sync::atomic::{AtomicU32, Ordering};
use std::time::Instant;
use aead::generic_array::GenericArray;
@@ -37,29 +37,29 @@
secret_key: [u8; 16],
start_time: Instant,
/// A single 64 bit counter (should suffice for many years)
- nonce_ctr: AtomicU64,
+ nonce_ctr: AtomicU32,
mac1_key: [u8; 32],
cookie_key: Key,
- limit: u64,
+ limit: u32,
/// The counter since last reset
- count: AtomicU64,
+ count: AtomicU32,
/// The time last reset was performed on this rate limiter
last_reset: Mutex<Instant>,
}
impl RateLimiter {
- pub fn new(public_key: &x25519_dalek::PublicKey, limit: u64) -> Self {
+ pub fn new(public_key: &x25519_dalek::PublicKey, limit: u32) -> Self {
let mut secret_key = [0u8; 16];
OsRng.fill_bytes(&mut secret_key);
RateLimiter {
nonce_key: Self::rand_bytes(),
secret_key,
start_time: Instant::now(),
- nonce_ctr: AtomicU64::new(0),
+ nonce_ctr: AtomicU32::new(0),
mac1_key: b2s_hash(LABEL_MAC1, public_key.as_bytes()),
cookie_key: b2s_hash(LABEL_COOKIE, public_key.as_bytes()).into(),
limit,
- count: AtomicU64::new(0),
+ count: AtomicU32::new(0),
last_reset: Mutex::new(Instant::now()),
}
}