github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(connlib): classify WireGuard first (#10890)

Browse Source 
WireGuard packets can have all kinds of byte-patterns at the very front
of the packet. Thus, we need to first check if a payload is a WireGuard
packet before attempting to classify it as anything else.

This function is currently only used for logging purposes. `snownet` has
its own logic for de-multiplexing and classifying packets.
This commit is contained in:
Thomas Eizinger
2025-11-17 10:57:04 +11:00
committed by GitHub
parent 7e5994b3c6
commit 663f23e9fb
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rust/connlib/tunnel/src/packet_kind.rs
View File

@@ -37,14 +37,14 @@ impl From<Kind> for opentelemetry::Value {
pub fn classify(packet: &[u8]) -> Kind {
match packet {
[0..=3, ..] => Kind::Stun,
// Channel-data is a 4-byte header so the actual payload starts on the 5th byte
[64..=79, _, _, _, 0..=3, ..] => Kind::StunOverTurn,
payload if snownet::is_wireguard(payload) => Kind::Wireguard,
[64..=79, _, _, _, payload @ ..] if snownet::is_wireguard(payload) => {
Kind::WireguardOverTurn
}
[0..=3, ..] => Kind::Stun,
// Channel-data is a 4-byte header so the actual payload starts on the 5th byte
[64..=79, _, _, _, 0..=3, ..] => Kind::StunOverTurn,
[64..=79, _, _, _, ..] => Kind::UnknownOverTurn,
payload if snownet::is_wireguard(payload) => Kind::Wireguard,
_ => Kind::Unknown,
}
}