wireguard: sending the first handshake

After creating a peer, we send a handshake request. But it's not quite right to call wg_send_keepalive() directly. According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms. Since it's the first one - we don't need to take REKEY_TIMEOUT into account, but we still have jitter. It also makes no sense to immediately send keepalives, because the connection is not created yet. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
author: Artem Glazychev <artem.glazychev@xored.com> 2023-01-24 16:10:29 +0700
committer: Fan Zhang <fanzhang.oss@gmail.com> 2023-01-26 10:02:55 +0000
commit: 53badfc6839da351c1d1dd7f1422418b0696c580 (patch)
tree: e760994070b01412a5098dbbc8652cfef8c34920 /test/test_wireguard.py
parent: 5616041aedf5e12da536aa4a8ffa8d3fe2270b88 (diff)
1 files changed, 33 insertions, 0 deletions
diff --git a/test/test_wireguard.py b/test/test_wireguard.py
index 80ebdd89aa6..72a317ca8c2 100644
--- a/test/test_wireguard.py
+++ b/test/test_wireguard.py
@@ -147,6 +147,8 @@ UNDER_LOAD_INTERVAL = 1.0
 HANDSHAKE_NUM_PER_PEER_UNTIL_UNDER_LOAD = 40
 HANDSHAKE_NUM_BEFORE_RATELIMITING = 5
 
+HANDSHAKE_JITTER = 0.5
+
 
 class VppWgPeer(VppObject):
     def __init__(self, test, itf, endpoint, port, allowed_ips, persistent_keepalive=15):
@@ -672,6 +674,9 @@ class TestWg(VppTestCase):
         self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)
 
         if is_resp:
+            # skip the first automatic handshake
+            self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
             # prepare and send a handshake initiation
             # expect the peer to send a handshake response
             init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
@@ -764,6 +769,9 @@ class TestWg(VppTestCase):
             # reset noise to be able to turn into initiator later
             peer_1.noise_reset()
         else:
+            # skip the first automatic handshake
+            self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
             # prepare and send a bunch of handshake initiations
             # expect to switch to under load state
             init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
@@ -829,6 +837,9 @@ class TestWg(VppTestCase):
         ).add_vpp_config()
         self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)
 
+        # skip the first automatic handshake
+        self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
         # prepare and send a bunch of handshake initiations
         # expect to switch to under load state
         init = peer_1.mk_handshake(self.pg1)
@@ -893,6 +904,9 @@ class TestWg(VppTestCase):
             ).add_vpp_config()
         self.assertEqual(len(self.vapi.wireguard_peers_dump()), 1)
 
+        # skip the first automatic handshake
+        self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
         # prepare and send a bunch of handshake initiations
         # expect to switch to under load state
         init = peer_1.mk_handshake(self.pg1, is_ip6=is_ip6)
@@ -963,6 +977,9 @@ class TestWg(VppTestCase):
         ).add_vpp_config()
         self.assertEqual(len(self.vapi.wireguard_peers_dump()), 2)
 
+        # skip the first automatic handshake
+        self.pg1.get_capture(NUM_PEERS, timeout=HANDSHAKE_JITTER)
+
         # (peer_1) prepare and send a bunch of handshake initiations
         # expect not to switch to under load state
         init_1 = peer_1.mk_handshake(self.pg1)
@@ -2098,6 +2115,9 @@ class TestWg(VppTestCase):
         self.pg0.generate_remote_hosts(NUM_IFS)
         self.pg0.configure_ipv4_neighbors()
 
+        self.pg_enable_capture(self.pg_interfaces)
+        self.pg_start()
+
         # Create interfaces with a peer on each
         peers = []
         routes = []
@@ -2129,6 +2149,9 @@ class TestWg(VppTestCase):
 
         self.assertEqual(len(self.vapi.wireguard_peers_dump()), NUM_IFS)
 
+        # skip the first automatic handshake
+        self.pg1.get_capture(NUM_IFS, timeout=HANDSHAKE_JITTER)
+
         for i in range(NUM_IFS):
             # send a valid handsake init for which we expect a response
             p = peers[i].mk_handshake(self.pg1)
@@ -2282,6 +2305,10 @@ class TestWg(VppTestCase):
 
         self.assertEqual(len(self.vapi.wireguard_peers_dump()), NUM_PEERS * 2)
 
+        # skip the first automatic handshake
+        self.pg1.get_capture(NUM_PEERS, timeout=HANDSHAKE_JITTER)
+        self.pg2.get_capture(NUM_PEERS, timeout=HANDSHAKE_JITTER)
+
         # Want events from the first perr of wg0
         # and from all wg1 peers
         peers_0[0].want_events()
@@ -2472,6 +2499,9 @@ class WireguardHandoffTests(TestWg):
         wg0.admin_up()
         wg0.config_ip4()
 
+        self.pg_enable_capture(self.pg_interfaces)
+        self.pg_start()
+
         peer_1 = VppWgPeer(
             self, wg0, self.pg1.remote_ip4, port + 1, ["10.11.2.0/24", "10.11.3.0/24"]
         ).add_vpp_config()
@@ -2481,6 +2511,9 @@ class WireguardHandoffTests(TestWg):
             self, "10.11.3.0", 24, [VppRoutePath("10.11.3.1", wg0.sw_if_index)]
         ).add_vpp_config()
 
+        # skip the first automatic handshake
+        self.pg1.get_capture(1, timeout=HANDSHAKE_JITTER)
+
         # send a valid handsake init for which we expect a response
         p = peer_1.mk_handshake(self.pg1)
author	Artem Glazychev <artem.glazychev@xored.com>	2023-01-24 16:10:29 +0700
committer	Fan Zhang <fanzhang.oss@gmail.com>	2023-01-26 10:02:55 +0000
commit	53badfc6839da351c1d1dd7f1422418b0696c580 (patch)
tree	e760994070b01412a5098dbbc8652cfef8c34920 /test/test_wireguard.py
parent	5616041aedf5e12da536aa4a8ffa8d3fe2270b88 (diff)