From: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Fri, 18 May 2018 23:19:53 +0000 (+0200)
Subject: timers: clear send_keepalive timer on sending handshake response
X-Git-Tag: 0.0.20180519~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=870734ab5e1ee1dd3f8859381c9f173c30ed197f;p=thirdparty%2Fwireguard-go.git

timers: clear send_keepalive timer on sending handshake response

We reorganize this into also doing so on sending keepalives itself,
which means the state machine is much more consistent, even if this was
already implied.

Kernel module commit 30290ef1d2581a3e6ee8ffcdb05d580cfba976be
---

diff --git a/send.go b/send.go
index 734c425..51ee7d3 100644
--- a/send.go
+++ b/send.go
@@ -157,6 +157,7 @@ func (peer *Peer) SendHandshakeInitiation(isRetry bool) error {
 	peer.cookieGenerator.AddMacs(packet)
 
 	peer.timersAnyAuthenticatedPacketTraversal()
+	peer.timersAnyAuthenticatedPacketSent()
 
 	err = peer.SendBuffer(packet)
 	if err != nil {
@@ -194,6 +195,7 @@ func (peer *Peer) SendHandshakeResponse() error {
 
 	peer.timersSessionDerived()
 	peer.timersAnyAuthenticatedPacketTraversal()
+	peer.timersAnyAuthenticatedPacketSent()
 
 	err = peer.SendBuffer(packet)
 	if err != nil {
@@ -544,6 +546,9 @@ func (peer *Peer) RoutineSequentialSender() {
 				continue
 			}
 
+			peer.timersAnyAuthenticatedPacketTraversal()
+			peer.timersAnyAuthenticatedPacketSent()
+
 			// send message and return buffer to pool
 
 			length := uint64(len(elem.packet))
@@ -555,9 +560,6 @@ func (peer *Peer) RoutineSequentialSender() {
 			}
 			atomic.AddUint64(&peer.stats.txBytes, length)
 
-			// update timers
-
-			peer.timersAnyAuthenticatedPacketTraversal()
 			if len(elem.packet) != MessageKeepaliveSize {
 				peer.timersDataSent()
 			}
diff --git a/timers.go b/timers.go
index b9f6b5a..75087cb 100644
--- a/timers.go
+++ b/timers.go
@@ -143,10 +143,6 @@ func expiredPersistentKeepalive(peer *Peer) {
 
 /* Should be called after an authenticated data packet is sent. */
 func (peer *Peer) timersDataSent() {
-	if peer.timersActive() {
-		peer.timers.sendKeepalive.Del()
-	}
-
 	if peer.timersActive() && !peer.timers.newHandshake.isPending {
 		peer.timers.newHandshake.Mod(KeepaliveTimeout + RekeyTimeout)
 	}
@@ -163,7 +159,14 @@ func (peer *Peer) timersDataReceived() {
 	}
 }
 
-/* Should be called after any type of authenticated packet is received -- keepalive or data. */
+/* Should be called after any type of authenticated packet is sent -- keepalive, data, or handshake. */
+func (peer *Peer) timersAnyAuthenticatedPacketSent() {
+	if peer.timersActive() {
+		peer.timers.sendKeepalive.Del()
+	}
+}
+
+/* Should be called after any type of authenticated packet is received -- keepalive, data, or handshake. */
 func (peer *Peer) timersAnyAuthenticatedPacketReceived() {
 	if peer.timersActive() {
 		peer.timers.newHandshake.Del()
@@ -173,7 +176,6 @@ func (peer *Peer) timersAnyAuthenticatedPacketReceived() {
 /* Should be called after a handshake initiation message is sent. */
 func (peer *Peer) timersHandshakeInitiated() {
 	if peer.timersActive() {
-		peer.timers.sendKeepalive.Del()
 		peer.timers.retransmitHandshake.Mod(RekeyTimeout + time.Millisecond*time.Duration(rand.Int31n(RekeyTimeoutJitterMaxMs)))
 	}
 }
@@ -195,7 +197,7 @@ func (peer *Peer) timersSessionDerived() {
 	}
 }
 
-/* Should be called before a packet with authentication -- data, keepalive, either handshake -- is sent, or after one is received. */
+/* Should be called before a packet with authentication -- keepalive, data, or handshake -- is sent, or after one is received. */
 func (peer *Peer) timersAnyAuthenticatedPacketTraversal() {
 	if peer.persistentKeepaliveInterval > 0 && peer.timersActive() {
 		peer.timers.persistentKeepalive.Mod(time.Duration(peer.persistentKeepaliveInterval) * time.Second)