wireguard-go/timers.go

/* SPDX-License-Identifier: GPL-2.0
 *
 * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 *
 * This is based heavily on timers.c from the kernel implementation.
 */

package main

import (
	"math/rand"
	"sync/atomic"
	"time"
)

/* This Timer structure and related functions should roughly copy the interface of
 * the Linux kernel's struct timer_list.
 */

type Timer struct {
	timer     *time.Timer
	isPending bool
}

func (peer *Peer) NewTimer(expirationFunction func(*Peer)) *Timer {
	timer := &Timer{}
	timer.timer = time.AfterFunc(time.Hour, func() {
		timer.isPending = false
		expirationFunction(peer)
	})
	timer.timer.Stop()
	return timer
}

func (timer *Timer) Mod(d time.Duration) {
	timer.isPending = true
	timer.timer.Reset(d)
}

func (timer *Timer) Del() {
	timer.isPending = false
	timer.timer.Stop()
}

func (peer *Peer) timersActive() bool {
	return peer.isRunning.Get() && peer.device != nil && peer.device.isUp.Get() && len(peer.device.peers.keyMap) > 0
}

func expiredRetransmitHandshake(peer *Peer) {
	if peer.timers.handshakeAttempts > MaxTimerHandshakes {
		peer.device.log.Debug.Printf("%s: Handshake did not complete after %d attempts, giving up\n", peer, MaxTimerHandshakes+2)

		if peer.timersActive() {
			peer.timers.sendKeepalive.Del()
		}

		/* We drop all packets without a keypair and don't try again,
		 * if we try unsuccessfully for too long to make a handshake.
		 */
		peer.FlushNonceQueue()

		/* We set a timer for destroying any residue that might be left
		 * of a partial exchange.
		 */
		if peer.timersActive() && !peer.timers.zeroKeyMaterial.isPending {
			peer.timers.zeroKeyMaterial.Mod(RejectAfterTime * 3)
		}
	} else {
		peer.timers.handshakeAttempts++
		peer.device.log.Debug.Printf("%s: Handshake did not complete after %d seconds, retrying (try %d)\n", peer, int(RekeyTimeout.Seconds()), peer.timers.handshakeAttempts+1)

		/* We clear the endpoint address src address, in case this is the cause of trouble. */
		peer.mutex.Lock()
		if peer.endpoint != nil {
			peer.endpoint.ClearSrc()
		}
		peer.mutex.Unlock()

		peer.SendHandshakeInitiation(true)
	}
}

func expiredSendKeepalive(peer *Peer) {
	peer.SendKeepalive()
	if peer.timers.needAnotherKeepalive {
		peer.timers.needAnotherKeepalive = false
		if peer.timersActive() {
			peer.timers.sendKeepalive.Mod(KeepaliveTimeout)
		}
	}
}

func expiredNewHandshake(peer *Peer) {
	peer.device.log.Debug.Printf("%s: Retrying handshake because we stopped hearing back after %d seconds\n", peer, int((KeepaliveTimeout + RekeyTimeout).Seconds()))
	/* We clear the endpoint address src address, in case this is the cause of trouble. */
	peer.mutex.Lock()
	if peer.endpoint != nil {
		peer.endpoint.ClearSrc()
	}
	peer.mutex.Unlock()
	peer.SendHandshakeInitiation(false)

}

func expiredZeroKeyMaterial(peer *Peer) {
	peer.device.log.Debug.Printf(":%s Removing all keys, since we haven't received a new one in %d seconds\n", peer, int((RejectAfterTime * 3).Seconds()))

	hs := &peer.handshake
	hs.mutex.Lock()

	kp := &peer.keypairs
	kp.mutex.Lock()

	if kp.previous != nil {
		peer.device.DeleteKeypair(kp.previous)
		kp.previous = nil
	}
	if kp.current != nil {
		peer.device.DeleteKeypair(kp.current)
		kp.current = nil
	}
	if kp.next != nil {
		peer.device.DeleteKeypair(kp.next)
		kp.next = nil
	}
	kp.mutex.Unlock()

	peer.device.indexTable.Delete(hs.localIndex)
	hs.Clear()
	hs.mutex.Unlock()
}

func expiredPersistentKeepalive(peer *Peer) {
	if peer.persistentKeepaliveInterval > 0 {
		if peer.timersActive() {
			peer.timers.sendKeepalive.Del()
		}
		peer.SendKeepalive()
	}
}

/* Should be called after an authenticated data packet is sent. */
func (peer *Peer) timersDataSent() {
	if peer.timersActive() {
		peer.timers.sendKeepalive.Del()
	}

	if peer.timersActive() && !peer.timers.newHandshake.isPending {
		peer.timers.newHandshake.Mod(KeepaliveTimeout + RekeyTimeout)
	}
}

/* Should be called after an authenticated data packet is received. */
func (peer *Peer) timersDataReceived() {
	if peer.timersActive() {
		if !peer.timers.sendKeepalive.isPending {
			peer.timers.sendKeepalive.Mod(KeepaliveTimeout)
		} else {
			peer.timers.needAnotherKeepalive = true
		}
	}
}

/* Should be called after any type of authenticated packet is received -- keepalive or data. */
func (peer *Peer) timersAnyAuthenticatedPacketReceived() {
	if peer.timersActive() {
		peer.timers.newHandshake.Del()
	}
}

/* Should be called after a handshake initiation message is sent. */
func (peer *Peer) timersHandshakeInitiated() {
	if peer.timersActive() {
		peer.timers.sendKeepalive.Del()
		peer.timers.retransmitHandshake.Mod(RekeyTimeout + time.Millisecond*time.Duration(rand.Int31n(RekeyTimeoutJitterMaxMs)))
	}
}

/* Should be called after a handshake response message is received and processed or when getting key confirmation via the first data message. */
func (peer *Peer) timersHandshakeComplete() {
	if peer.timersActive() {
		peer.timers.retransmitHandshake.Del()
	}
	peer.timers.handshakeAttempts = 0
	peer.timers.sentLastMinuteHandshake = false
	atomic.StoreInt64(&peer.stats.lastHandshakeNano, time.Now().UnixNano())
}

/* Should be called after an ephemeral key is created, which is before sending a handshake response or after receiving a handshake response. */
func (peer *Peer) timersSessionDerived() {
	if peer.timersActive() {
		peer.timers.zeroKeyMaterial.Mod(RejectAfterTime * 3)
	}
}

/* Should be called before a packet with authentication -- data, keepalive, either handshake -- is sent, or after one is received. */
func (peer *Peer) timersAnyAuthenticatedPacketTraversal() {
	if peer.persistentKeepaliveInterval > 0 && peer.timersActive() {
		peer.timers.persistentKeepalive.Mod(time.Duration(peer.persistentKeepaliveInterval) * time.Second)
	}
}

func (peer *Peer) timersInit() {
	peer.timers.retransmitHandshake = peer.NewTimer(expiredRetransmitHandshake)
	peer.timers.sendKeepalive = peer.NewTimer(expiredSendKeepalive)
	peer.timers.newHandshake = peer.NewTimer(expiredNewHandshake)
	peer.timers.zeroKeyMaterial = peer.NewTimer(expiredZeroKeyMaterial)
	peer.timers.persistentKeepalive = peer.NewTimer(expiredPersistentKeepalive)
	peer.timers.handshakeAttempts = 0
	peer.timers.sentLastMinuteHandshake = false
	peer.timers.needAnotherKeepalive = false
	peer.timers.lastSentHandshake = time.Now().Add(-(RekeyTimeout + time.Second))
}

func (peer *Peer) timersStop() {
	peer.timers.retransmitHandshake.Del()
	peer.timers.sendKeepalive.Del()
	peer.timers.newHandshake.Del()
	peer.timers.zeroKeyMaterial.Del()
	peer.timers.persistentKeepalive.Del()
}
global: Add SPDX tags and copyright header Mathias should probably add his copyright headers to each file too. 2018-05-03 15:04:00 +02:00			`/* SPDX-License-Identifier: GPL-2.0`
			`*`
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`* Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.`
			`*`
			`* This is based heavily on timers.c from the kernel implementation.`
global: Add SPDX tags and copyright header Mathias should probably add his copyright headers to each file too. 2018-05-03 15:04:00 +02:00			`*/`

Fixed tabs 2018-02-11 19:02:50 +01:00			`package main`

			`import (`
			`"math/rand"`
			`"sync/atomic"`
			`"time"`
			`)`

Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* This Timer structure and related functions should roughly copy the interface of`
			`* the Linux kernel's struct timer_list.`
Fixed tabs 2018-02-11 19:02:50 +01:00			`*/`

Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`type Timer struct {`
			`timer *time.Timer`
			`isPending bool`
Fixed tabs 2018-02-11 19:02:50 +01:00			`}`

Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func (peer Peer) NewTimer(expirationFunction func(Peer)) *Timer {`
			`timer := &Timer{}`
			`timer.timer = time.AfterFunc(time.Hour, func() {`
			`timer.isPending = false`
			`expirationFunction(peer)`
			`})`
			`timer.timer.Stop()`
			`return timer`
Fixed tabs 2018-02-11 19:02:50 +01:00			`}`

Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func (timer *Timer) Mod(d time.Duration) {`
			`timer.isPending = true`
			`timer.timer.Reset(d)`
Fixed tabs 2018-02-11 19:02:50 +01:00			`}`

Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func (timer *Timer) Del() {`
			`timer.isPending = false`
			`timer.timer.Stop()`
Fixed tabs 2018-02-11 19:02:50 +01:00			`}`

Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func (peer *Peer) timersActive() bool {`
			`return peer.isRunning.Get() && peer.device != nil && peer.device.isUp.Get() && len(peer.device.peers.keyMap) > 0`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func expiredRetransmitHandshake(peer *Peer) {`
			`if peer.timers.handshakeAttempts > MaxTimerHandshakes {`
			`peer.device.log.Debug.Printf("%s: Handshake did not complete after %d attempts, giving up\n", peer, MaxTimerHandshakes+2)`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`if peer.timersActive() {`
			`peer.timers.sendKeepalive.Del()`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* We drop all packets without a keypair and don't try again,`
			`* if we try unsuccessfully for too long to make a handshake.`
			`*/`
			`peer.FlushNonceQueue()`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* We set a timer for destroying any residue that might be left`
			`* of a partial exchange.`
			`*/`
			`if peer.timersActive() && !peer.timers.zeroKeyMaterial.isPending {`
			`peer.timers.zeroKeyMaterial.Mod(RejectAfterTime * 3)`
			`}`
			`} else {`
			`peer.timers.handshakeAttempts++`
			`peer.device.log.Debug.Printf("%s: Handshake did not complete after %d seconds, retrying (try %d)\n", peer, int(RekeyTimeout.Seconds()), peer.timers.handshakeAttempts+1)`

			`/* We clear the endpoint address src address, in case this is the cause of trouble. */`
			`peer.mutex.Lock()`
			`if peer.endpoint != nil {`
			`peer.endpoint.ClearSrc()`
			`}`
			`peer.mutex.Unlock()`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`peer.SendHandshakeInitiation(true)`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00			`}`

Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func expiredSendKeepalive(peer *Peer) {`
			`peer.SendKeepalive()`
			`if peer.timers.needAnotherKeepalive {`
			`peer.timers.needAnotherKeepalive = false`
			`if peer.timersActive() {`
			`peer.timers.sendKeepalive.Mod(KeepaliveTimeout)`
			`}`
			`}`
Initial version of migration to new event model - Begin move away from global timer state. - Made logging format more consistent 2018-05-05 02:20:52 +02:00			`}`

Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func expiredNewHandshake(peer *Peer) {`
			`peer.device.log.Debug.Printf("%s: Retrying handshake because we stopped hearing back after %d seconds\n", peer, int((KeepaliveTimeout + RekeyTimeout).Seconds()))`
			`/* We clear the endpoint address src address, in case this is the cause of trouble. */`
			`peer.mutex.Lock()`
			`if peer.endpoint != nil {`
			`peer.endpoint.ClearSrc()`
Fixed tabs 2018-02-11 19:02:50 +01:00			`}`
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`peer.mutex.Unlock()`
			`peer.SendHandshakeInitiation(false)`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`}`
Removed old signals 2018-05-05 04:15:07 +02:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func expiredZeroKeyMaterial(peer *Peer) {`
			`peer.device.log.Debug.Printf(":%s Removing all keys, since we haven't received a new one in %d seconds\n", peer, int((RejectAfterTime * 3).Seconds()))`
Removed old signals 2018-05-05 04:15:07 +02:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`hs := &peer.handshake`
			`hs.mutex.Lock()`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rework index hashtable 2018-05-13 18:23:40 +02:00			`kp := &peer.keypairs`
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`kp.mutex.Lock()`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`if kp.previous != nil {`
			`peer.device.DeleteKeypair(kp.previous)`
			`kp.previous = nil`
			`}`
			`if kp.current != nil {`
			`peer.device.DeleteKeypair(kp.current)`
			`kp.current = nil`
			`}`
			`if kp.next != nil {`
			`peer.device.DeleteKeypair(kp.next)`
			`kp.next = nil`
			`}`
			`kp.mutex.Unlock()`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rework index hashtable 2018-05-13 18:23:40 +02:00			`peer.device.indexTable.Delete(hs.localIndex)`
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`hs.Clear()`
			`hs.mutex.Unlock()`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func expiredPersistentKeepalive(peer *Peer) {`
			`if peer.persistentKeepaliveInterval > 0 {`
			`if peer.timersActive() {`
			`peer.timers.sendKeepalive.Del()`
			`}`
			`peer.SendKeepalive()`
			`}`
			`}`
Initial version of migration to new event model - Begin move away from global timer state. - Made logging format more consistent 2018-05-05 02:20:52 +02:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* Should be called after an authenticated data packet is sent. */`
			`func (peer *Peer) timersDataSent() {`
			`if peer.timersActive() {`
			`peer.timers.sendKeepalive.Del()`
			`}`
Initial version of migration to new event model - Begin move away from global timer state. - Made logging format more consistent 2018-05-05 02:20:52 +02:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`if peer.timersActive() && !peer.timers.newHandshake.isPending {`
			`peer.timers.newHandshake.Mod(KeepaliveTimeout + RekeyTimeout)`
			`}`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* Should be called after an authenticated data packet is received. */`
			`func (peer *Peer) timersDataReceived() {`
			`if peer.timersActive() {`
			`if !peer.timers.sendKeepalive.isPending {`
			`peer.timers.sendKeepalive.Mod(KeepaliveTimeout)`
			`} else {`
			`peer.timers.needAnotherKeepalive = true`
			`}`
			`}`
			`}`
Removed old signals 2018-05-05 04:15:07 +02:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* Should be called after any type of authenticated packet is received -- keepalive or data. */`
			`func (peer *Peer) timersAnyAuthenticatedPacketReceived() {`
			`if peer.timersActive() {`
			`peer.timers.newHandshake.Del()`
			`}`
			`}`
Removed old signals 2018-05-05 04:15:07 +02:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* Should be called after a handshake initiation message is sent. */`
			`func (peer *Peer) timersHandshakeInitiated() {`
			`if peer.timersActive() {`
			`peer.timers.sendKeepalive.Del()`
			`peer.timers.retransmitHandshake.Mod(RekeyTimeout + time.Millisecond*time.Duration(rand.Int31n(RekeyTimeoutJitterMaxMs)))`
			`}`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* Should be called after a handshake response message is received and processed or when getting key confirmation via the first data message. */`
			`func (peer *Peer) timersHandshakeComplete() {`
			`if peer.timersActive() {`
			`peer.timers.retransmitHandshake.Del()`
			`}`
			`peer.timers.handshakeAttempts = 0`
			`peer.timers.sentLastMinuteHandshake = false`
			`atomic.StoreInt64(&peer.stats.lastHandshakeNano, time.Now().UnixNano())`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* Should be called after an ephemeral key is created, which is before sending a handshake response or after receiving a handshake response. */`
			`func (peer *Peer) timersSessionDerived() {`
			`if peer.timersActive() {`
			`peer.timers.zeroKeyMaterial.Mod(RejectAfterTime * 3)`
			`}`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`/* Should be called before a packet with authentication -- data, keepalive, either handshake -- is sent, or after one is received. */`
			`func (peer *Peer) timersAnyAuthenticatedPacketTraversal() {`
			`if peer.persistentKeepaliveInterval > 0 && peer.timersActive() {`
			`peer.timers.persistentKeepalive.Mod(time.Duration(peer.persistentKeepaliveInterval) * time.Second)`
			`}`
			`}`
Fixed tabs 2018-02-11 19:02:50 +01:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func (peer *Peer) timersInit() {`
			`peer.timers.retransmitHandshake = peer.NewTimer(expiredRetransmitHandshake)`
			`peer.timers.sendKeepalive = peer.NewTimer(expiredSendKeepalive)`
			`peer.timers.newHandshake = peer.NewTimer(expiredNewHandshake)`
			`peer.timers.zeroKeyMaterial = peer.NewTimer(expiredZeroKeyMaterial)`
			`peer.timers.persistentKeepalive = peer.NewTimer(expiredPersistentKeepalive)`
			`peer.timers.handshakeAttempts = 0`
			`peer.timers.sentLastMinuteHandshake = false`
			`peer.timers.needAnotherKeepalive = false`
			`peer.timers.lastSentHandshake = time.Now().Add(-(RekeyTimeout + time.Second))`
			`}`
Removed old signals 2018-05-05 04:15:07 +02:00
Rewrite timers and related state machines 2018-05-07 22:27:03 +02:00			`func (peer *Peer) timersStop() {`
			`peer.timers.retransmitHandshake.Del()`
			`peer.timers.sendKeepalive.Del()`
			`peer.timers.newHandshake.Del()`
			`peer.timers.zeroKeyMaterial.Del()`
			`peer.timers.persistentKeepalive.Del()`
Fixed tabs 2018-02-11 19:02:50 +01:00			`}`