ipn/wg: choose msg type from lower random bits

ignoramous · ignoramous · commit f71fcc2b11f8 · 2024-11-05T22:52:06.000+05:30
diff --git a/intra/ipn/wg/wgconn.go b/intra/ipn/wg/wgconn.go
@@ -440,6 +440,8 @@ func isWgMsgInit(x byte) bool {
 	// We decided to put our identifier in this region and still support messages
 	// from other WireGuard clients (albeit with less reliable routing than we can
 	// offer).
+	// Though the open source Cloudflare WARP boring-tun impl does not do so:
+	// github.com/cloudflare/boringtun/blob/64a2fc7c63/boringtun/src/noise/handshake.rs#L734
 	return x == device.MessageInitiationType
 }
 
diff --git a/intra/ipn/wgproxy.go b/intra/ipn/wgproxy.go
@@ -523,9 +523,12 @@ func NewWgProxy(id string, ctl protect.Controller, rev netstack.GConnHandler, cf
 	// github.com/bepass-org/warp-plus/blob/19ac233cc6/wiresocks/config.go#L184
 	var reservedBytes [3]byte
 	if isRPN(id) {
-		reservedBytes[0] = uint8(rand.UintN(0x100))
-		reservedBytes[1] = uint8(rand.UintN(0x100))
-		reservedBytes[2] = uint8(rand.UintN(0x100))
+		// reservedBytes[0] = uint8(rand.UintN(0x100))
+		// reservedBytes[1] = uint8(rand.UintN(0x100))
+		// reservedBytes[2] = uint8(rand.UintN(0x100))
+		reservedBytes[0] = uint8(rand.UintN(0x1))
+		reservedBytes[1] = uint8(rand.UintN(0x2))
+		reservedBytes[2] = uint8(rand.UintN(0x3))
 	}
 
 	var wgep wgconn

Original file line number	Diff line number	Diff line change
`@@ -440,6 +440,8 @@ func isWgMsgInit(x byte) bool {`
`440`	`440`	`// We decided to put our identifier in this region and still support messages`
`441`	`441`	`// from other WireGuard clients (albeit with less reliable routing than we can`
`442`	`442`	`// offer).`
	`443`	`+ // Though the open source Cloudflare WARP boring-tun impl does not do so:`
	`444`	`+ // github.com/cloudflare/boringtun/blob/64a2fc7c63/boringtun/src/noise/handshake.rs#L734`
`443`	`445`	`return x == device.MessageInitiationType`
`444`	`446`	`}`
`445`	`447`