aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard
diff options
context:
space:
mode:
authorArtem Glazychev <artem.glazychev@xored.com>2023-01-24 16:10:29 +0700
committerFan Zhang <fanzhang.oss@gmail.com>2023-01-26 10:02:55 +0000
commit53badfc6839da351c1d1dd7f1422418b0696c580 (patch)
treee760994070b01412a5098dbbc8652cfef8c34920 /src/plugins/wireguard
parent5616041aedf5e12da536aa4a8ffa8d3fe2270b88 (diff)
wireguard: sending the first handshake
After creating a peer, we send a handshake request. But it's not quite right to call wg_send_keepalive() directly. According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms. Since it's the first one - we don't need to take REKEY_TIMEOUT into account, but we still have jitter. It also makes no sense to immediately send keepalives, because the connection is not created yet. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
Diffstat (limited to 'src/plugins/wireguard')
-rw-r--r--src/plugins/wireguard/wireguard_peer.c12
-rw-r--r--src/plugins/wireguard/wireguard_timer.c10
-rw-r--r--src/plugins/wireguard/wireguard_timer.h1
3 files changed, 13 insertions, 10 deletions
diff --git a/src/plugins/wireguard/wireguard_peer.c b/src/plugins/wireguard/wireguard_peer.c
index a8f1ab91644..f7bf2352db4 100644
--- a/src/plugins/wireguard/wireguard_peer.c
+++ b/src/plugins/wireguard/wireguard_peer.c
@@ -244,11 +244,7 @@ wg_peer_enable (vlib_main_t *vm, wg_peer_t *peer)
noise_remote_init (&peer->remote, peeri, public_key, wg_if->local_idx);
- wg_send_handshake (vm, peer, false);
- if (peer->persistent_keepalive_interval != 0)
- {
- wg_send_keepalive (vm, peer);
- }
+ wg_timers_send_first_handshake (peer);
}
walk_rc_t
@@ -494,11 +490,7 @@ wg_peer_add (u32 tun_sw_if_index, const u8 public_key[NOISE_PUBLIC_KEY_LEN],
if (vnet_sw_interface_is_admin_up (vnet_get_main (), tun_sw_if_index))
{
- wg_send_handshake (vm, peer, false);
- if (peer->persistent_keepalive_interval != 0)
- {
- wg_send_keepalive (vm, peer);
- }
+ wg_timers_send_first_handshake (peer);
}
*peer_index = peer - wg_peer_pool;
diff --git a/src/plugins/wireguard/wireguard_timer.c b/src/plugins/wireguard/wireguard_timer.c
index b95801122fc..4319d534ffc 100644
--- a/src/plugins/wireguard/wireguard_timer.c
+++ b/src/plugins/wireguard/wireguard_timer.c
@@ -239,6 +239,16 @@ wg_timers_handshake_initiated (wg_peer_t * peer)
}
void
+wg_timers_send_first_handshake (wg_peer_t *peer)
+{
+ // zero value is not allowed
+ peer->new_handshake_interval_tick =
+ get_random_u32_max (REKEY_TIMEOUT_JITTER) + 1;
+ start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_NEW_HANDSHAKE,
+ peer->new_handshake_interval_tick);
+}
+
+void
wg_timers_session_derived (wg_peer_t * peer)
{
peer->session_derived = vlib_time_now (vlib_get_main ());
diff --git a/src/plugins/wireguard/wireguard_timer.h b/src/plugins/wireguard/wireguard_timer.h
index ebde47e9067..47638bfd74d 100644
--- a/src/plugins/wireguard/wireguard_timer.h
+++ b/src/plugins/wireguard/wireguard_timer.h
@@ -50,6 +50,7 @@ void wg_timers_any_authenticated_packet_received_opt (wg_peer_t *peer,
f64 time);
void wg_timers_handshake_initiated (wg_peer_t * peer);
void wg_timers_handshake_complete (wg_peer_t * peer);
+void wg_timers_send_first_handshake (wg_peer_t *peer);
void wg_timers_session_derived (wg_peer_t * peer);
void wg_timers_any_authenticated_packet_traversal (wg_peer_t * peer);