From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1456DC433DB for ; Wed, 17 Mar 2021 12:56:10 +0000 (UTC) Received: from lists.zx2c4.com (lists.zx2c4.com [165.227.139.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EF9D464F67 for ; Wed, 17 Mar 2021 12:56:08 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EF9D464F67 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=wandera.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c6f18056; Wed, 17 Mar 2021 12:53:26 +0000 (UTC) Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [2a00:1450:4864:20::630]) by lists.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 4502b525 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Wed, 17 Mar 2021 12:53:24 +0000 (UTC) Received: by mail-ej1-x630.google.com with SMTP id p7so2426208eju.6 for ; Wed, 17 Mar 2021 05:53:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wandera.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=IZTS/kMVSu6im9iw2qHuPITbqHRcc4rou3gOktWyQHc=; b=XsFT6OTnK3znqhk/DlZxc7QQ4vMwSbq72RWQYRIOjTXADEy1yy2Hbzm5idgHFTt/RE 04/NJg13wMY/NawIXPVMI2VWu40D9x9yJwjksvTJoPgdIUgXGG4v6lir96MnEZaJwVml X4QQNI9LTD8q61X22IKCBwGC4/3Zx5oYf5C0nsCUsYwQwYk495WTYlwlhr/1H1pEIbQT 1wTL9enaH399VFpUpx6mnm2QwowDk7epN/Q0lWGKx0MUgDxIZZSLh2ge2N1NL6Msd6Nq m6jYP6NYtXAwEiXfFNQe9IR9qrjqOD4SrayZm1HuZetTRd+5WhXvmkYEVjqoANWOc0gy KnIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=IZTS/kMVSu6im9iw2qHuPITbqHRcc4rou3gOktWyQHc=; b=tYpKfowUM5KQiIj3mF7K5YVe9YWeBOj5xyeqrQW/fPUTUSaCQHDSGg76UU1WhAeisV ocDI4R2TRs34TaZsNu9bVziJWAbWdSSVymAztGijqyfYxtt1oUf/0vX0lpEvOPRXO4JL tjh8hWclwVV+ZPdGAbvPZZbGNR5R8Iu/Kr6rCayxmsnmVF8Fo6idKzOWBZGBUww/UIlA UWMqpsrssDGx4KbVwK6uNIDXJbEmbFcWTisPYq7M1J0TMoj66cmMR+ZVs3RoSbHVm6bU Xl1B6OfEDIfFaJVdMiy5SZY3VATOhgS1A0JhyOPijTdNqOBTV9/OaaUjlSzFnHldtCt8 3CnA== X-Gm-Message-State: AOAM530Abnv7kCKbaMpzlbSlKEYF5177Ldw6NrT7abPqUwfGb3GN0+Kf gc7oxneu9UuyqCymmJtervsRljMfXnRIo+ryjkuy0vMGOOX9UY3OcY2S97oi3FwRYUXv1kmn3I+ ppztN1RrgNT77uZKGXC2nZVya X-Google-Smtp-Source: ABdhPJy6PshJzdbQkU3k83wU0Mpsah3+xHdkrudcDcD/U44nqwXHvZol0q7zpYc8eybkCXrilG8cBg== X-Received: by 2002:a17:906:7c48:: with SMTP id g8mr35603029ejp.138.1615985604019; Wed, 17 Mar 2021 05:53:24 -0700 (PDT) Received: from ?IPv6:fddd:dddd:1000:0:9a12:47ec:bb66:3813? (ec2-18-130-213-235.eu-west-2.compute.amazonaws.com. [18.130.213.235]) by smtp.gmail.com with ESMTPSA id d5sm7027433ejc.98.2021.03.17.05.53.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Mar 2021 05:53:23 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\)) Subject: Re: [PATCH] Respect WG protocol reserved bytes From: Laura Zelenku In-Reply-To: Date: Wed, 17 Mar 2021 13:53:22 +0100 Cc: WireGuard mailing list Message-Id: <2240E688-898B-4F74-B954-0754464F6352@wandera.com> References: <9C811F88-FD21-47D0-B3FE-A14FD5BC1816@wandera.com> To: Aaron Jones X-Mailer: Apple Mail (2.3654.60.0.2.21) Content-Type: text/plain; charset="ISO-8859-1" X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" If the client send some data in reserved bytes you will have logs full of errors because the message gets type from 4 bytes instead of 1 byte (like it is in protocol description). I would like implementation respects protocol - https://www.wireguard.com/papers/wireguard.pdf . Yes, in our project we use reserved bytes. I know that when there are zeros in reserved bytes, everything is correct. But if you receive some non-zero value in reserved bytes? Laura > On 17. 3. 2021, at 13:35, Aaron Jones wrote: > > On 17/03/2021 07:55, Laura Zelenku wrote: >> Packet that respects WG protocol contains Type on first byte followed by >> three reserved bytes. Because wireguard-go implementation uses element >> pools it is required to make sure that reserved bytes are cleared for >> outgoing traffic (can get dirty by "bad" clients). Clearing reserved >> bytes is also for backwards compatibility. > > Encoding the message type as a little-endian 32-bit integer already > takes care of setting the reserved bytes to zero; e.g. for a packet of > message type 1 (handshake initiation), its little-endian 32-bit encoding > is the following sequence of bytes: [ 0x01 0x00 0x00 0x00 ]. > > This is also the approach used for checking message types on the > receiving end, so packets whose reserved bytes are non-zero are already > discarded as being those of unknown types of message. > > Regards, > Aaron Jones > -- *IMPORTANT NOTICE*: This email, its attachments and any rights attaching hereto are confidential and intended exclusively for the person to whom the email is addressed. If you are not the intended recipient, do not read, copy, disclose or use the contents in any way. Wandera accepts no liability for any loss, damage or consequence resulting directly or indirectly from the use of this email and attachments.