1
2
3
4
5
6#include "timers.h"
7#include "device.h"
8#include "peer.h"
9#include "queueing.h"
10#include "socket.h"
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30static inline void mod_peer_timer(struct wg_peer *peer,
31 struct timer_list *timer,
32 unsigned long expires)
33{
34 rcu_read_lock_bh();
35 if (likely(netif_running(peer->device->dev) &&
36 !READ_ONCE(peer->is_dead)))
37 mod_timer(timer, expires);
38 rcu_read_unlock_bh();
39}
40
41static void wg_expired_retransmit_handshake(struct timer_list *timer)
42{
43 struct wg_peer *peer = from_timer(peer, timer,
44 timer_retransmit_handshake);
45
46 if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES) {
47 pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d attempts, giving up\n",
48 peer->device->dev->name, peer->internal_id,
49 &peer->endpoint.addr, MAX_TIMER_HANDSHAKES + 2);
50
51 del_timer(&peer->timer_send_keepalive);
52
53
54
55 wg_packet_purge_staged_packets(peer);
56
57
58
59
60 if (!timer_pending(&peer->timer_zero_key_material))
61 mod_peer_timer(peer, &peer->timer_zero_key_material,
62 jiffies + REJECT_AFTER_TIME * 3 * HZ);
63 } else {
64 ++peer->timer_handshake_attempts;
65 pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d seconds, retrying (try %d)\n",
66 peer->device->dev->name, peer->internal_id,
67 &peer->endpoint.addr, REKEY_TIMEOUT,
68 peer->timer_handshake_attempts + 1);
69
70
71
72
73 wg_socket_clear_peer_endpoint_src(peer);
74
75 wg_packet_send_queued_handshake_initiation(peer, true);
76 }
77}
78
79static void wg_expired_send_keepalive(struct timer_list *timer)
80{
81 struct wg_peer *peer = from_timer(peer, timer, timer_send_keepalive);
82
83 wg_packet_send_keepalive(peer);
84 if (peer->timer_need_another_keepalive) {
85 peer->timer_need_another_keepalive = false;
86 mod_peer_timer(peer, &peer->timer_send_keepalive,
87 jiffies + KEEPALIVE_TIMEOUT * HZ);
88 }
89}
90
91static void wg_expired_new_handshake(struct timer_list *timer)
92{
93 struct wg_peer *peer = from_timer(peer, timer, timer_new_handshake);
94
95 pr_debug("%s: Retrying handshake with peer %llu (%pISpfsc) because we stopped hearing back after %d seconds\n",
96 peer->device->dev->name, peer->internal_id,
97 &peer->endpoint.addr, KEEPALIVE_TIMEOUT + REKEY_TIMEOUT);
98
99
100
101 wg_socket_clear_peer_endpoint_src(peer);
102 wg_packet_send_queued_handshake_initiation(peer, false);
103}
104
105static void wg_expired_zero_key_material(struct timer_list *timer)
106{
107 struct wg_peer *peer = from_timer(peer, timer, timer_zero_key_material);
108
109 rcu_read_lock_bh();
110 if (!READ_ONCE(peer->is_dead)) {
111 wg_peer_get(peer);
112 if (!queue_work(peer->device->handshake_send_wq,
113 &peer->clear_peer_work))
114
115
116
117 wg_peer_put(peer);
118 }
119 rcu_read_unlock_bh();
120}
121
122static void wg_queued_expired_zero_key_material(struct work_struct *work)
123{
124 struct wg_peer *peer = container_of(work, struct wg_peer,
125 clear_peer_work);
126
127 pr_debug("%s: Zeroing out all keys for peer %llu (%pISpfsc), since we haven't received a new one in %d seconds\n",
128 peer->device->dev->name, peer->internal_id,
129 &peer->endpoint.addr, REJECT_AFTER_TIME * 3);
130 wg_noise_handshake_clear(&peer->handshake);
131 wg_noise_keypairs_clear(&peer->keypairs);
132 wg_peer_put(peer);
133}
134
135static void wg_expired_send_persistent_keepalive(struct timer_list *timer)
136{
137 struct wg_peer *peer = from_timer(peer, timer,
138 timer_persistent_keepalive);
139
140 if (likely(peer->persistent_keepalive_interval))
141 wg_packet_send_keepalive(peer);
142}
143
144
145void wg_timers_data_sent(struct wg_peer *peer)
146{
147 if (!timer_pending(&peer->timer_new_handshake))
148 mod_peer_timer(peer, &peer->timer_new_handshake,
149 jiffies + (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) * HZ +
150 prandom_u32_max(REKEY_TIMEOUT_JITTER_MAX_JIFFIES));
151}
152
153
154void wg_timers_data_received(struct wg_peer *peer)
155{
156 if (likely(netif_running(peer->device->dev))) {
157 if (!timer_pending(&peer->timer_send_keepalive))
158 mod_peer_timer(peer, &peer->timer_send_keepalive,
159 jiffies + KEEPALIVE_TIMEOUT * HZ);
160 else
161 peer->timer_need_another_keepalive = true;
162 }
163}
164
165
166
167
168void wg_timers_any_authenticated_packet_sent(struct wg_peer *peer)
169{
170 del_timer(&peer->timer_send_keepalive);
171}
172
173
174
175
176void wg_timers_any_authenticated_packet_received(struct wg_peer *peer)
177{
178 del_timer(&peer->timer_new_handshake);
179}
180
181
182void wg_timers_handshake_initiated(struct wg_peer *peer)
183{
184 mod_peer_timer(peer, &peer->timer_retransmit_handshake,
185 jiffies + REKEY_TIMEOUT * HZ +
186 prandom_u32_max(REKEY_TIMEOUT_JITTER_MAX_JIFFIES));
187}
188
189
190
191
192void wg_timers_handshake_complete(struct wg_peer *peer)
193{
194 del_timer(&peer->timer_retransmit_handshake);
195 peer->timer_handshake_attempts = 0;
196 peer->sent_lastminute_handshake = false;
197 ktime_get_real_ts64(&peer->walltime_last_handshake);
198}
199
200
201
202
203void wg_timers_session_derived(struct wg_peer *peer)
204{
205 mod_peer_timer(peer, &peer->timer_zero_key_material,
206 jiffies + REJECT_AFTER_TIME * 3 * HZ);
207}
208
209
210
211
212void wg_timers_any_authenticated_packet_traversal(struct wg_peer *peer)
213{
214 if (peer->persistent_keepalive_interval)
215 mod_peer_timer(peer, &peer->timer_persistent_keepalive,
216 jiffies + peer->persistent_keepalive_interval * HZ);
217}
218
219void wg_timers_init(struct wg_peer *peer)
220{
221 timer_setup(&peer->timer_retransmit_handshake,
222 wg_expired_retransmit_handshake, 0);
223 timer_setup(&peer->timer_send_keepalive, wg_expired_send_keepalive, 0);
224 timer_setup(&peer->timer_new_handshake, wg_expired_new_handshake, 0);
225 timer_setup(&peer->timer_zero_key_material,
226 wg_expired_zero_key_material, 0);
227 timer_setup(&peer->timer_persistent_keepalive,
228 wg_expired_send_persistent_keepalive, 0);
229 INIT_WORK(&peer->clear_peer_work, wg_queued_expired_zero_key_material);
230 peer->timer_handshake_attempts = 0;
231 peer->sent_lastminute_handshake = false;
232 peer->timer_need_another_keepalive = false;
233}
234
235void wg_timers_stop(struct wg_peer *peer)
236{
237 del_timer_sync(&peer->timer_retransmit_handshake);
238 del_timer_sync(&peer->timer_send_keepalive);
239 del_timer_sync(&peer->timer_new_handshake);
240 del_timer_sync(&peer->timer_zero_key_material);
241 del_timer_sync(&peer->timer_persistent_keepalive);
242 flush_work(&peer->clear_peer_work);
243}
244