Thomas Eizinger 4be73da21c fix(gateway): reply with cookie when rate limit is hit (#9657) ...

WireGuard implements a rate-limit mechanism when the number of handshake
initiations increases a certain limit. This is important because
handshakes involve asymmetric cryptography and are cryptographically
expensive. To prevent DoS attacks where other peers repeatedly ask for
new handshakes, the rate limiter implements a cookie mechanism where -
when under load - the remote peer needs to include a given cookie in new
handshakes. This cookie is tied to the peer's IP address to prevent it
from being reused by other peers.

Up until now, we have not been passing the sender's IP address to
`boringtun` and therefore, the only option when the rate limit was hit
was to error with `UnderLoad`.

By passing the source IP of the packet, `boringtun` can engage in the
cookie-reply mechanism and therefore avoid the `UnderLoad` error.

Resolves: #9643

2025-06-24 11:33:38 +00:00

..

app

feat(connlib): only conditionally hash firezone ID (#9633)

2025-06-24 07:05:48 +00:00

components

fix(gateway): reply with cookie when rate limit is hit (#9657)

2025-06-24 11:33:38 +00:00

hooks

feat(website): Add shadow to navbar on scroll (#5768)

2024-07-05 12:00:31 -07:00

lib

fix(website): New subscription cards style (#6549)

2024-09-04 00:40:40 +00:00

styles

fix(website): Sign in -> Admin portal and fix mobile safari SVG crash (#6839)

2024-09-26 22:58:33 +00:00

middleware.ts

feat(ci): Publish installer PKG for macOS standalone (#8795)

2025-04-16 16:21:40 +00:00