git.ipfire.org Git - thirdparty/wireguard-tools.git/commit

author	Jason A. Donenfeld <Jason@zx2c4.com>
	Fri, 23 May 2025 18:22:37 +0000 (20:22 +0200)
committer	Jason A. Donenfeld <Jason@zx2c4.com>
	Fri, 23 May 2025 18:26:12 +0000 (20:26 +0200)
commit	780182e37d2b5981171766b8f31bcefd64da7a43
tree	304dd71cb13ed50300a6dc9fc60bf5493543bfd9	tree
parent	5150cd647073be1f1c12688aef291bdf17970154	commit \| diff

syncconf: account for psks removed from config file

Otherwise removing a psk from a config file wouldn't reflect on the
runtime state.

Note that this could have been implemented more simply, by just setting
WGPEER_HAS_PRESHARED_KEY on all of the file's peers, since the psk slot
is zeroed by calloc in config.c, and this way ones with no set key will
be cleared. The downside is that this means every peer update will take
the handshake lock in the kernel, creating more work and possibly
contention:

        if (preshared_key) {
                down_write(&peer->handshake.lock);
                memcpy(&peer->handshake.preshared_key, preshared_key,
                       NOISE_SYMMETRIC_KEY_LEN);
                up_write(&peer->handshake.lock);
        }

Avoid this by only setting it if there's a mismatch between the runtime
and the file. Computationally this shouldn't make much of a difference
because we can do it in the same iteration as the peer removal
detection.

Reported-by: Patrick Havelange <patrick.havelange_ext@softathome.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>