Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replay window is only 4 packets wide, instead of 32 #4

Closed
bwindrim opened this issue Nov 10, 2022 · 1 comment
Closed

Replay window is only 4 packets wide, instead of 32 #4

bwindrim opened this issue Nov 10, 2022 · 1 comment

Comments

@bwindrim
Copy link

bwindrim commented Nov 10, 2022
edited
Loading

In wireguard_check_replay(), wireguard.c line 324, the replay window size is declared as:

size_t ReplayWindowSize = sizeof(keypair->replay_bitmap); // 32 bits

but this gives a value of 4, so that only 4 of the 32 bits in the replay bitmap are used. In RFC2401, which this is based on, the window size is declared as:

enum {
ReplayWindowSize = 32
};

This discrepancy shouldn't cause failures, but could cause out-of-order packets to be dropped unnecessarily.
@smartalock
Copy link
Owner

Thanks for reporting this - it looks like a bug. This should be fixed in commit 63b5865

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bwindrim @smartalock