aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/wireguard')
-rw-r--r--src/plugins/wireguard/wireguard_peer.c12
-rw-r--r--src/plugins/wireguard/wireguard_timer.c10
-rw-r--r--src/plugins/wireguard/wireguard_timer.h1
3 files changed, 13 insertions, 10 deletions
diff --git a/src/plugins/wireguard/wireguard_peer.c b/src/plugins/wireguard/wireguard_peer.c
index a8f1ab91644..f7bf2352db4 100644
--- a/src/plugins/wireguard/wireguard_peer.c
+++ b/src/plugins/wireguard/wireguard_peer.c
@@ -244,11 +244,7 @@ wg_peer_enable (vlib_main_t *vm, wg_peer_t *peer)
noise_remote_init (&peer->remote, peeri, public_key, wg_if->local_idx);
- wg_send_handshake (vm, peer, false);
- if (peer->persistent_keepalive_interval != 0)
- {
- wg_send_keepalive (vm, peer);
- }
+ wg_timers_send_first_handshake (peer);
}
walk_rc_t
@@ -494,11 +490,7 @@ wg_peer_add (u32 tun_sw_if_index, const u8 public_key[NOISE_PUBLIC_KEY_LEN],
if (vnet_sw_interface_is_admin_up (vnet_get_main (), tun_sw_if_index))
{
- wg_send_handshake (vm, peer, false);
- if (peer->persistent_keepalive_interval != 0)
- {
- wg_send_keepalive (vm, peer);
- }
+ wg_timers_send_first_handshake (peer);
}
*peer_index = peer - wg_peer_pool;
diff --git a/src/plugins/wireguard/wireguard_timer.c b/src/plugins/wireguard/wireguard_timer.c
index b95801122fc..4319d534ffc 100644
--- a/src/plugins/wireguard/wireguard_timer.c
+++ b/src/plugins/wireguard/wireguard_timer.c
@@ -239,6 +239,16 @@ wg_timers_handshake_initiated (wg_peer_t * peer)
}
void
+wg_timers_send_first_handshake (wg_peer_t *peer)
+{
+ // zero value is not allowed
+ peer->new_handshake_interval_tick =
+ get_random_u32_max (REKEY_TIMEOUT_JITTER) + 1;
+ start_timer_from_mt (peer - wg_peer_pool, WG_TIMER_NEW_HANDSHAKE,
+ peer->new_handshake_interval_tick);
+}
+
+void
wg_timers_session_derived (wg_peer_t * peer)
{
peer->session_derived = vlib_time_now (vlib_get_main ());
diff --git a/src/plugins/wireguard/wireguard_timer.h b/src/plugins/wireguard/wireguard_timer.h
index ebde47e9067..47638bfd74d 100644
--- a/src/plugins/wireguard/wireguard_timer.h
+++ b/src/plugins/wireguard/wireguard_timer.h
@@ -50,6 +50,7 @@ void wg_timers_any_authenticated_packet_received_opt (wg_peer_t *peer,
f64 time);
void wg_timers_handshake_initiated (wg_peer_t * peer);
void wg_timers_handshake_complete (wg_peer_t * peer);
+void wg_timers_send_first_handshake (wg_peer_t *peer);
void wg_timers_session_derived (wg_peer_t * peer);
void wg_timers_any_authenticated_packet_traversal (wg_peer_t * peer);