diff options
| -rw-r--r-- | tunnel-obfuscation/src/multiplexer.rs | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/tunnel-obfuscation/src/multiplexer.rs b/tunnel-obfuscation/src/multiplexer.rs index e7a70fa059..5239b23463 100644 --- a/tunnel-obfuscation/src/multiplexer.rs +++ b/tunnel-obfuscation/src/multiplexer.rs @@ -34,6 +34,9 @@ use crate::socket::create_remote_socket; const MAX_DATAGRAM_SIZE: usize = u16::MAX as usize; +/// Max number of initial outgoing packets to buffer for replaying to new transports +const MAX_INITIAL_PACKETS: usize = 100; + /// An obfuscator that manages multiple other obfuscators and automatically /// selects the first one that successfully establishes a connection. /// @@ -162,6 +165,14 @@ impl Multiplexer { } self.wg_addr = Some(from_addr); let pkt = &wg_recv_buf[..bytes_received]; + + if self.initial_packets_to_send.len() >= MAX_INITIAL_PACKETS { + // Initial packets should be handshake initiation packets, so we + // should not end up here if there's some reasonable timeout. + // If we do, fail so we don't use excessive memory. + return Err(io::Error::other("Too many initial packets")); + } + self.initial_packets_to_send.push(pkt.to_vec()); // Fan out latest WG packet to all currently spawned endpoints. |