diff options
author | Artem Glazychev <artem.glazychev@xored.com> | 2023-01-24 16:10:29 +0700 |
---|---|---|
committer | Fan Zhang <fanzhang.oss@gmail.com> | 2023-01-26 10:02:55 +0000 |
commit | 53badfc6839da351c1d1dd7f1422418b0696c580 (patch) | |
tree | e760994070b01412a5098dbbc8652cfef8c34920 /src/plugins/wireguard | |
parent | 5616041aedf5e12da536aa4a8ffa8d3fe2270b88 (diff) |
wireguard: sending the first handshake
After creating a peer, we send a handshake request. But it's not quite right
to call wg_send_keepalive() directly.
According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms.
Since it's the first one - we don't need to take REKEY_TIMEOUT into account,
but we still have jitter.
It also makes no sense to immediately send keepalives,
because the connection is not created yet.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
Diffstat (limited to 'src/plugins/wireguard')
-rw-r--r-- | src/plugins/wireguard/wireguard_peer.c | 12 | ||||
-rw-r--r-- | src/plugins/wireguard/wireguard_timer.c | 10 | ||||
-rw-r--r-- | src/plugins/wireguard/wireguard_timer.h | 1 |
3 files changed, 13 insertions, 10 deletions
diff --git a/src/plugins/wireguard/wireguard_peer.c b/src/plugins/wireguard/wireguard_peer.c index a8f1ab91644..f7bf2352db4 100644 --- a/src/plugins/wireguard/wireguard_peer.c +++ b/src/plugins/wireguard/wireguard_peer.c @@ -244,11 +244,7 @@ wg_peer_enable (vlib_main_t *vm, wg_peer_t *peer) noise_remote_init (&peer->remote, peeri, public_key, wg_if->local_idx); - wg_send_handshake (vm, peer, false); - if (peer->persistent_keepalive_interval != 0) - { - wg_send_keepalive (vm, peer); - } + wg_timers_send_first_handshake (peer); } walk_rc_t @@ -494,11 +490,7 @@ wg_peer_add (u32 tun_sw_if_index, const u8 public_key[NOISE_PUBLIC_KEY_LEN], if (vnet_sw_interface_is_admin_up (vnet_get_main (), tun_sw_if_index)) { - wg_send_handshake (vm, peer, false); - if (peer->persistent_keepalive_interval != 0) - { - wg_send_keepalive (vm, peer); - } + wg_timers_send_first_handshake (peer); } *peer_index = peer - wg_peer_pool; diff --git a/src/plugins/wireguard/wireguard_timer.c b/src/plugins/wireguard/wireguard_timer.c index b95801122fc..4319d534ffc 100644 --- a/src/plugins/wireguard/wireguard_timer.c +++ b/src/plugins/wireguard/wireguard_timer.c @@ -239,6 +239,16 @@ wg_timers_handshake_initiated (wg_peer_t * peer) } void +wg_timers_send_first_handshake (wg_peer_t *peer) +{ + // zero value is not allowed + peer->new_handshake_interval_tick = + get_random_u32_max (REKEY_TIMEOUT_JITTER) + 1; + start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_NEW_HANDSHAKE, + peer->new_handshake_interval_tick); +} + +void wg_timers_session_derived (wg_peer_t * peer) { peer->session_derived = vlib_time_now (vlib_get_main ()); diff --git a/src/plugins/wireguard/wireguard_timer.h b/src/plugins/wireguard/wireguard_timer.h index ebde47e9067..47638bfd74d 100644 --- a/src/plugins/wireguard/wireguard_timer.h +++ b/src/plugins/wireguard/wireguard_timer.h @@ -50,6 +50,7 @@ void wg_timers_any_authenticated_packet_received_opt (wg_peer_t *peer, f64 time); void wg_timers_handshake_initiated (wg_peer_t * peer); void wg_timers_handshake_complete (wg_peer_t * peer); +void wg_timers_send_first_handshake (wg_peer_t *peer); void wg_timers_session_derived (wg_peer_t * peer); void wg_timers_any_authenticated_packet_traversal (wg_peer_t * peer); |