On 4/20/23, Leon Woestenberg <[email protected]> wrote: > Hello all, > > I am trying to understand a few details in WireGuard protocol, looking > at the Linux kernel WireGuard implementation if I am unsure about the > description from the paper. One question I have: > > Does counter_validate() in the receive path update the bitmap from the > Type 4 counter (their_counter) before the received Type 4 packet was > authenticated?
No, it happens after authentication. Otherwise that'd be a real DoS vector.
