wireguard: update ESTABLISHED flag

We cannot confidently say that if we have received and processed
the handshake_initiation message, then the connection has been established.
Because we also send a response.
The fact that the connection is established can only be considered if a keepalive packet was received.

Type: fix


Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15

1 files changed, 3 insertions, 5 deletions

diff --git a/src/plugins/wireguard/wireguard_input.c b/src/plugins/wireguard/wireguard_input.c
index 777f0ec54b3..6b8c803c97d 100644
--- a/src/plugins/wireguard/wireguard_input.c
+++ b/src/plugins/wireguard/wireguard_input.c
@@ -266,10 +266,6 @@ wg_handshake_process (vlib_main_t *vm, wg_main_t *wmp, vlib_buffer_t *b,
 	    vlib_node_increment_counter (vm, node_idx,
 					 WG_INPUT_ERROR_HANDSHAKE_SEND, 1);
 	  }
-	else
-	  {
-	    wg_peer_update_flags (rp->r_peer_idx, WG_PEER_ESTABLISHED, true);
-	  }
 	break;
       }
     case MESSAGE_HANDSHAKE_RESPONSE:
@@ -365,7 +361,7 @@ wg_input_post_process (vlib_main_t *vm, vlib_buffer_t *b, u16 *next,
   if (decr_len == 0)
     {
       *is_keepalive = true;
-      return -1;
+      return 0;
     }
 
   wg_timers_data_received (peer);
@@ -870,6 +866,7 @@ wg_input_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
 					     out_udp_src_port);
 	  wg_timers_any_authenticated_packet_received_opt (peer, time);
 	  wg_timers_any_authenticated_packet_traversal (peer);
+	  wg_peer_update_flags (*peer_idx, WG_PEER_ESTABLISHED, true);
 	  last_peer_time_idx = peer_idx;
 	}
 
@@ -1016,6 +1013,7 @@ wg_input_post (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame,
 					     out_udp_src_port);
 	  wg_timers_any_authenticated_packet_received_opt (peer, time);
 	  wg_timers_any_authenticated_packet_traversal (peer);
+	  wg_peer_update_flags (*peer_idx, WG_PEER_ESTABLISHED, true);
 	  last_peer_time_idx = peer_idx;
 	}