summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2017-10-03 14:55:33 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2017-10-03 14:55:33 +0200
commit113faae1721bf918cb6993e13752063f73f0b173 (patch)
tree3c1299478c7b6156a77a4db67a7a093f320505ca /src
parent323636085e1a6c063818a697b30e074578db258e (diff)
global: add space around variable declarations
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
-rw-r--r--src/cookie.c1
-rw-r--r--src/device.c3
-rw-r--r--src/hashtables.c2
-rw-r--r--src/netlink.c6
-rw-r--r--src/noise.c11
-rw-r--r--src/peer.c4
-rw-r--r--src/queueing.c2
-rw-r--r--src/queueing.h6
-rw-r--r--src/receive.c5
-rw-r--r--src/routingtable.c9
-rw-r--r--src/send.c1
-rw-r--r--src/socket.c4
-rw-r--r--src/timers.c6
13 files changed, 59 insertions, 1 deletions
diff --git a/src/cookie.c b/src/cookie.c
index ec58903..d25f9ec 100644
--- a/src/cookie.c
+++ b/src/cookie.c
@@ -27,6 +27,7 @@ static const u8 cookie_key_label[COOKIE_KEY_LABEL_LEN] = "cookie--";
static void precompute_key(u8 key[NOISE_SYMMETRIC_KEY_LEN], const u8 pubkey[NOISE_PUBLIC_KEY_LEN], const u8 label[COOKIE_KEY_LABEL_LEN])
{
struct blake2s_state blake;
+
blake2s_init(&blake, NOISE_SYMMETRIC_KEY_LEN);
blake2s_update(&blake, label, COOKIE_KEY_LABEL_LEN);
blake2s_update(&blake, pubkey, NOISE_PUBLIC_KEY_LEN);
diff --git a/src/device.c b/src/device.c
index 1868027..fdade83 100644
--- a/src/device.c
+++ b/src/device.c
@@ -81,7 +81,6 @@ static int suspending_clear_noise_peers(struct notifier_block *nb, unsigned long
}
rtnl_unlock();
rcu_barrier_bh();
-
return 0;
}
static struct notifier_block clear_peers_on_suspend = { .notifier_call = suspending_clear_noise_peers };
@@ -91,6 +90,7 @@ static int stop(struct net_device *dev)
{
struct wireguard_device *wg = netdev_priv(dev);
struct wireguard_peer *peer, *temp;
+
peer_for_each (wg, peer, temp, true) {
skb_queue_purge(&peer->staged_packet_queue);
timers_stop(peer);
@@ -348,6 +348,7 @@ int __init device_init(void)
{
#ifdef CONFIG_PM_SLEEP
int ret = register_pm_notifier(&clear_peers_on_suspend);
+
if (ret)
return ret;
#endif
diff --git a/src/hashtables.c b/src/hashtables.c
index 978997a..a0cfa44 100644
--- a/src/hashtables.c
+++ b/src/hashtables.c
@@ -36,6 +36,7 @@ void pubkey_hashtable_remove(struct pubkey_hashtable *table, struct wireguard_pe
struct wireguard_peer *pubkey_hashtable_lookup(struct pubkey_hashtable *table, const u8 pubkey[NOISE_PUBLIC_KEY_LEN])
{
struct wireguard_peer *iter_peer, *peer = NULL;
+
rcu_read_lock_bh();
hlist_for_each_entry_rcu_bh (iter_peer, pubkey_bucket(table, pubkey), pubkey_hash) {
if (!memcmp(pubkey, iter_peer->handshake.remote_static, NOISE_PUBLIC_KEY_LEN)) {
@@ -142,6 +143,7 @@ void index_hashtable_remove(struct index_hashtable *table, struct index_hashtabl
struct index_hashtable_entry *index_hashtable_lookup(struct index_hashtable *table, const enum index_hashtable_type type_mask, const __le32 index)
{
struct index_hashtable_entry *iter_entry, *entry = NULL;
+
rcu_read_lock_bh();
hlist_for_each_entry_rcu_bh (iter_entry, index_bucket(table, index), index_hash) {
if (iter_entry->index == index) {
diff --git a/src/netlink.c b/src/netlink.c
index 84ca850..8734ddd 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -70,6 +70,7 @@ static int get_allowedips(void *ctx, union nf_inet_addr ip, u8 cidr, int family)
{
struct nlattr *allowedip_nest;
struct allowedips_ctx *actx = ctx;
+
if (++actx->idx < actx->idx_cursor)
return 0;
allowedip_nest = nla_nest_start(actx->skb, actx->idx - 1);
@@ -91,6 +92,7 @@ static int get_peer(struct wireguard_peer *peer, unsigned int index, unsigned in
struct allowedips_ctx ctx = { .skb = skb, .idx_cursor = *allowedips_idx_cursor };
struct nlattr *allowedips_nest, *peer_nest = nla_nest_start(skb, index);
bool fail;
+
if (!peer_nest)
return -EMSGSIZE;
@@ -144,6 +146,7 @@ static int get_start(struct netlink_callback *cb)
struct wireguard_device *wg;
struct nlattr **attrs = genl_family_attrbuf(&genl_family);
int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + genl_family.hdrsize, attrs, genl_family.maxattr, device_policy, NULL);
+
if (ret < 0)
return ret;
wg = lookup_interface(attrs, cb->skb);
@@ -246,6 +249,7 @@ static int get_done(struct netlink_callback *cb)
{
struct wireguard_device *wg = (struct wireguard_device *)cb->args[0];
struct wireguard_peer *peer = (struct wireguard_peer *)cb->args[1];
+
if (wg)
dev_put(wg->dev);
peer_put(peer);
@@ -255,6 +259,7 @@ static int get_done(struct netlink_callback *cb)
static int set_device_port(struct wireguard_device *wg, u16 port)
{
struct wireguard_peer *peer, *temp;
+
if (wg->incoming_port == port)
return 0;
socket_uninit(wg);
@@ -384,6 +389,7 @@ static int set(struct sk_buff *skb, struct genl_info *info)
{
int ret;
struct wireguard_device *wg = lookup_interface(info->attrs, skb);
+
if (IS_ERR(wg)) {
ret = PTR_ERR(wg);
goto out_nodev;
diff --git a/src/noise.c b/src/noise.c
index cbe3f39..f4d4deb 100644
--- a/src/noise.c
+++ b/src/noise.c
@@ -31,6 +31,7 @@ static atomic64_t keypair_counter = ATOMIC64_INIT(0);
void __init noise_init(void)
{
struct blake2s_state blake;
+
blake2s(handshake_init_chaining_key, handshake_name, NULL, NOISE_HASH_LEN, sizeof(handshake_name), 0);
blake2s_init(&blake, NOISE_HASH_LEN);
blake2s_update(&blake, handshake_init_chaining_key, NOISE_HASH_LEN);
@@ -82,6 +83,7 @@ void noise_handshake_clear(struct noise_handshake *handshake)
static struct noise_keypair *keypair_create(struct wireguard_peer *peer)
{
struct noise_keypair *keypair = kzalloc(sizeof(struct noise_keypair), GFP_KERNEL);
+
if (unlikely(!keypair))
return NULL;
keypair->internal_id = atomic64_inc_return(&keypair_counter);
@@ -94,6 +96,7 @@ static struct noise_keypair *keypair_create(struct wireguard_peer *peer)
static void keypair_free_rcu(struct rcu_head *rcu)
{
struct noise_keypair *keypair = container_of(rcu, struct noise_keypair, rcu);
+
net_dbg_ratelimited("%s: Keypair %Lu destroyed for peer %Lu\n", keypair->entry.peer->device->dev->name, keypair->internal_id, keypair->entry.peer->internal_id);
kzfree(keypair);
}
@@ -101,6 +104,7 @@ static void keypair_free_rcu(struct rcu_head *rcu)
static void keypair_free_kref(struct kref *kref)
{
struct noise_keypair *keypair = container_of(kref, struct noise_keypair, refcount);
+
index_hashtable_remove(&keypair->entry.peer->device->index_hashtable, &keypair->entry);
call_rcu_bh(&keypair->rcu, keypair_free_rcu);
}
@@ -123,6 +127,7 @@ struct noise_keypair *noise_keypair_get(struct noise_keypair *keypair)
void noise_keypairs_clear(struct noise_keypairs *keypairs)
{
struct noise_keypair *old;
+
spin_lock_bh(&keypairs->keypair_update_lock);
old = rcu_dereference_protected(keypairs->previous_keypair, lockdep_is_held(&keypairs->keypair_update_lock));
rcu_assign_pointer(keypairs->previous_keypair, NULL);
@@ -225,6 +230,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, si
{
u8 secret[BLAKE2S_OUTBYTES];
u8 output[BLAKE2S_OUTBYTES + 1];
+
BUG_ON(first_len > BLAKE2S_OUTBYTES || second_len > BLAKE2S_OUTBYTES || third_len > BLAKE2S_OUTBYTES || ((second_len || second_dst || third_len || third_dst) && (!first_len || !first_dst)) || ((third_len || third_dst) && (!second_len || !second_dst)));
/* Extract entropy from data into secret */
@@ -279,6 +285,7 @@ static void derive_keys(struct noise_symmetric_key *first_dst, struct noise_symm
static bool __must_check mix_dh(u8 chaining_key[NOISE_HASH_LEN], u8 key[NOISE_SYMMETRIC_KEY_LEN], const u8 private[NOISE_PUBLIC_KEY_LEN], const u8 public[NOISE_PUBLIC_KEY_LEN])
{
u8 dh_calculation[NOISE_PUBLIC_KEY_LEN];
+
if (unlikely(!curve25519(dh_calculation, private, public)))
return false;
kdf(chaining_key, key, NULL, dh_calculation, NOISE_HASH_LEN, NOISE_SYMMETRIC_KEY_LEN, 0, NOISE_PUBLIC_KEY_LEN, chaining_key);
@@ -289,6 +296,7 @@ static bool __must_check mix_dh(u8 chaining_key[NOISE_HASH_LEN], u8 key[NOISE_SY
static void mix_hash(u8 hash[NOISE_HASH_LEN], const u8 *src, size_t src_len)
{
struct blake2s_state blake;
+
blake2s_init(&blake, NOISE_HASH_LEN);
blake2s_update(&blake, hash, NOISE_HASH_LEN);
blake2s_update(&blake, src, src_len);
@@ -298,6 +306,7 @@ static void mix_hash(u8 hash[NOISE_HASH_LEN], const u8 *src, size_t src_len)
static void mix_psk(u8 chaining_key[NOISE_HASH_LEN], u8 hash[NOISE_HASH_LEN], u8 key[NOISE_SYMMETRIC_KEY_LEN], const u8 psk[NOISE_SYMMETRIC_KEY_LEN])
{
u8 temp_hash[NOISE_HASH_LEN];
+
kdf(chaining_key, temp_hash, key, psk, NOISE_HASH_LEN, NOISE_HASH_LEN, NOISE_SYMMETRIC_KEY_LEN, NOISE_SYMMETRIC_KEY_LEN, chaining_key);
mix_hash(hash, temp_hash, NOISE_HASH_LEN);
memzero_explicit(temp_hash, NOISE_HASH_LEN);
@@ -335,6 +344,7 @@ static void message_ephemeral(u8 ephemeral_dst[NOISE_PUBLIC_KEY_LEN], const u8 e
static void tai64n_now(u8 output[NOISE_TIMESTAMP_LEN])
{
struct timeval now;
+
do_gettimeofday(&now);
/* https://cr.yp.to/libtai/tai64.html */
*(__be64 *)output = cpu_to_be64(4611686018427387914ULL + now.tv_sec);
@@ -464,6 +474,7 @@ bool noise_handshake_create_response(struct message_handshake_response *dst, str
{
bool ret = false;
u8 key[NOISE_SYMMETRIC_KEY_LEN];
+
down_read(&handshake->static_identity->lock);
down_write(&handshake->lock);
diff --git a/src/peer.c b/src/peer.c
index ff0ff42..7357db5 100644
--- a/src/peer.c
+++ b/src/peer.c
@@ -17,6 +17,7 @@ static atomic64_t peer_counter = ATOMIC64_INIT(0);
struct wireguard_peer *peer_create(struct wireguard_device *wg, const u8 public_key[NOISE_PUBLIC_KEY_LEN], const u8 preshared_key[NOISE_SYMMETRIC_KEY_LEN])
{
struct wireguard_peer *peer;
+
lockdep_assert_held(&wg->device_update_lock);
if (peer_total_count(wg) >= MAX_PEERS_PER_DEVICE)
@@ -102,6 +103,7 @@ static void rcu_release(struct rcu_head *rcu)
static void kref_release(struct kref *refcount)
{
struct wireguard_peer *peer = container_of(refcount, struct wireguard_peer, refcount);
+
index_hashtable_remove(&peer->device->index_hashtable, &peer->handshake.entry);
skb_queue_purge(&peer->staged_packet_queue);
call_rcu_bh(&peer->rcu, rcu_release);
@@ -117,6 +119,7 @@ void peer_put(struct wireguard_peer *peer)
void peer_remove_all(struct wireguard_device *wg)
{
struct wireguard_peer *peer, *temp;
+
lockdep_assert_held(&wg->device_update_lock);
list_for_each_entry_safe (peer, temp, &wg->peer_list, peer_list)
peer_remove(peer);
@@ -126,6 +129,7 @@ unsigned int peer_total_count(struct wireguard_device *wg)
{
unsigned int i = 0;
struct wireguard_peer *peer;
+
lockdep_assert_held(&wg->device_update_lock);
list_for_each_entry (peer, &wg->peer_list, peer_list)
++i;
diff --git a/src/queueing.c b/src/queueing.c
index dec02ee..2e00d63 100644
--- a/src/queueing.c
+++ b/src/queueing.c
@@ -9,8 +9,10 @@ struct multicore_worker __percpu *packet_alloc_percpu_multicore_worker(work_func
{
int cpu;
struct multicore_worker __percpu *worker = alloc_percpu(struct multicore_worker);
+
if (!worker)
return NULL;
+
for_each_possible_cpu (cpu) {
per_cpu_ptr(worker, cpu)->ptr = ptr;
INIT_WORK(&per_cpu_ptr(worker, cpu)->work, function);
diff --git a/src/queueing.h b/src/queueing.h
index be3d15d..503445c 100644
--- a/src/queueing.h
+++ b/src/queueing.h
@@ -75,6 +75,7 @@ static inline unsigned int skb_padding(struct sk_buff *skb)
* shouldn't be a real problem, and this can likely be removed. But, caution! */
unsigned int last_unit = skb->len % skb->dev->mtu;
unsigned int padded_size = (last_unit + MESSAGE_PADDING_MULTIPLE - 1) & ~(MESSAGE_PADDING_MULTIPLE - 1);
+
if (padded_size > skb->dev->mtu)
padded_size = skb->dev->mtu;
return padded_size - last_unit;
@@ -103,6 +104,7 @@ static inline void skb_reset(struct sk_buff *skb)
static inline int cpumask_choose_online(int *stored_cpu, unsigned int id)
{
unsigned int cpu = *stored_cpu, cpu_index, i;
+
if (unlikely(cpu == nr_cpumask_bits || !cpumask_test_cpu(cpu, cpu_online_mask))) {
cpu_index = id % cpumask_weight(cpu_online_mask);
cpu = cpumask_first(cpu_online_mask);
@@ -122,6 +124,7 @@ static inline int cpumask_choose_online(int *stored_cpu, unsigned int id)
static inline int cpumask_next_online(int *next)
{
int cpu = *next;
+
while (unlikely(!cpumask_test_cpu(cpu, cpu_online_mask)))
cpu = cpumask_next(cpu, cpu_online_mask) % nr_cpumask_bits;
*next = cpumask_next(cpu, cpu_online_mask) % nr_cpumask_bits;
@@ -131,6 +134,7 @@ static inline int cpumask_next_online(int *next)
static inline struct list_head *queue_dequeue(struct crypt_queue *queue)
{
struct list_head *node;
+
spin_lock_bh(&queue->lock);
node = queue->queue.next;
if (&queue->queue == node) {
@@ -159,6 +163,7 @@ static inline bool queue_enqueue(struct crypt_queue *queue, struct list_head *no
static inline struct crypt_ctx *queue_dequeue_per_device(struct crypt_queue *queue)
{
struct list_head *node = queue_dequeue(queue);
+
return node ? list_entry(node, struct crypt_ctx, per_device_node) : NULL;
}
@@ -170,6 +175,7 @@ static inline struct crypt_ctx *queue_first_per_peer(struct crypt_queue *queue)
static inline bool queue_enqueue_per_device_and_peer(struct crypt_queue *device_queue, struct crypt_queue *peer_queue, struct crypt_ctx *ctx, struct workqueue_struct *wq, int *next_cpu)
{
int cpu;
+
if (unlikely(!queue_enqueue(peer_queue, &ctx->per_peer_node, MAX_QUEUED_PACKETS)))
return false;
cpu = cpumask_next_online(next_cpu);
diff --git a/src/receive.c b/src/receive.c
index 7177c59..aab8b32 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -16,6 +16,7 @@
static inline void rx_stats(struct wireguard_peer *peer, size_t len)
{
struct pcpu_sw_netstats *tstats = get_cpu_ptr(peer->device->dev->tstats);
+
u64_stats_update_begin(&tstats->syncp);
tstats->rx_bytes += len;
++tstats->rx_packets;
@@ -27,6 +28,7 @@ static inline void rx_stats(struct wireguard_peer *peer, size_t len)
static inline void update_latest_addr(struct wireguard_peer *peer, struct sk_buff *skb)
{
struct endpoint endpoint;
+
if (!socket_endpoint_from_skb(&endpoint, skb))
socket_set_peer_endpoint(peer, &endpoint);
}
@@ -52,6 +54,7 @@ static inline int skb_prepare_header(struct sk_buff *skb, struct wireguard_devic
{
struct udphdr *udp;
size_t data_offset, data_len, header_len;
+
if (unlikely(skb_examine_untrusted_ip_hdr(skb) != skb->protocol || skb_transport_header(skb) < skb->head || (skb_transport_header(skb) + sizeof(struct udphdr)) > skb_tail_pointer(skb)))
return -EINVAL; /* Bogus IP header */
udp = udp_hdr(skb);
@@ -177,6 +180,7 @@ static inline void keep_key_fresh(struct wireguard_peer *peer)
{
struct noise_keypair *keypair;
bool send = false;
+
if (peer->sent_lastminute_handshake)
return;
@@ -228,6 +232,7 @@ static inline bool counter_validate(union noise_counter *counter, u64 their_coun
{
bool ret = false;
unsigned long index, index_current, top, i;
+
spin_lock_bh(&counter->receive.lock);
if (unlikely(counter->receive.counter >= REJECT_AFTER_MESSAGES + 1 || their_counter >= REJECT_AFTER_MESSAGES))
diff --git a/src/routingtable.c b/src/routingtable.c
index 6fdad8a..781c758 100644
--- a/src/routingtable.c
+++ b/src/routingtable.c
@@ -40,6 +40,7 @@ static void node_free_rcu(struct rcu_head *rcu)
static void free_root_node(struct routing_table_node __rcu *top, struct mutex *lock)
{
walk_prep;
+
walk (top, lock)
call_rcu_bh(&node->rcu, node_free_rcu);
}
@@ -48,6 +49,7 @@ static size_t count_nodes(struct routing_table_node __rcu *top)
{
size_t ret = 0;
walk_prep;
+
walk (top, NULL) {
if (node->peer)
++ret;
@@ -258,6 +260,7 @@ void routing_table_free(struct routing_table *table)
int routing_table_insert_v4(struct routing_table *table, const struct in_addr *ip, u8 cidr, struct wireguard_peer *peer)
{
int ret;
+
if (unlikely(cidr > 32 || !peer))
return -EINVAL;
mutex_lock(&table->table_update_lock);
@@ -269,6 +272,7 @@ int routing_table_insert_v4(struct routing_table *table, const struct in_addr *i
int routing_table_insert_v6(struct routing_table *table, const struct in6_addr *ip, u8 cidr, struct wireguard_peer *peer)
{
int ret;
+
if (unlikely(cidr > 128 || !peer))
return -EINVAL;
mutex_lock(&table->table_update_lock);
@@ -288,6 +292,7 @@ void routing_table_remove_by_peer(struct routing_table *table, struct wireguard_
size_t routing_table_count_nodes(struct routing_table *table)
{
size_t ret;
+
rcu_read_lock_bh();
ret = count_nodes(table->root4) + count_nodes(table->root6);
rcu_read_unlock_bh();
@@ -297,11 +302,13 @@ size_t routing_table_count_nodes(struct routing_table *table)
int routing_table_walk_ips_by_peer(struct routing_table *table, void *ctx, struct wireguard_peer *peer, int (*func)(void *ctx, union nf_inet_addr ip, u8 cidr, int family))
{
int ret;
+
rcu_read_lock_bh();
ret = walk_ips_by_peer(table->root4, AF_INET, ctx, peer, func, NULL);
rcu_read_unlock_bh();
if (ret)
return ret;
+
rcu_read_lock_bh();
ret = walk_ips_by_peer(table->root6, AF_INET6, ctx, peer, func, NULL);
rcu_read_unlock_bh();
@@ -311,11 +318,13 @@ int routing_table_walk_ips_by_peer(struct routing_table *table, void *ctx, struc
int routing_table_walk_ips_by_peer_sleepable(struct routing_table *table, void *ctx, struct wireguard_peer *peer, int (*func)(void *ctx, union nf_inet_addr ip, u8 cidr, int family))
{
int ret;
+
mutex_lock(&table->table_update_lock);
ret = walk_ips_by_peer(table->root4, AF_INET, ctx, peer, func, &table->table_update_lock);
mutex_unlock(&table->table_update_lock);
if (ret)
return ret;
+
mutex_lock(&table->table_update_lock);
ret = walk_ips_by_peer(table->root6, AF_INET6, ctx, peer, func, &table->table_update_lock);
mutex_unlock(&table->table_update_lock);
diff --git a/src/send.c b/src/send.c
index 8238ca6..0d73560 100644
--- a/src/send.c
+++ b/src/send.c
@@ -41,6 +41,7 @@ static void packet_send_handshake_initiation(struct wireguard_peer *peer)
void packet_handshake_send_worker(struct work_struct *work)
{
struct wireguard_peer *peer = container_of(work, struct wireguard_peer, transmit_handshake_work);
+
packet_send_handshake_initiation(peer);
peer_put(peer);
}
diff --git a/src/socket.c b/src/socket.c
index 4f78de1..da2236c 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -166,8 +166,10 @@ int socket_send_skb_to_peer(struct wireguard_peer *peer, struct sk_buff *skb, u8
int socket_send_buffer_to_peer(struct wireguard_peer *peer, void *buffer, size_t len, u8 ds)
{
struct sk_buff *skb = alloc_skb(len + SKB_HEADER_LEN, GFP_ATOMIC);
+
if (unlikely(!skb))
return -ENOMEM;
+
skb_reserve(skb, SKB_HEADER_LEN);
memcpy(skb_put(skb, len), buffer, len);
return socket_send_skb_to_peer(peer, skb, ds);
@@ -326,6 +328,7 @@ int socket_init(struct wireguard_device *wg)
.ipv6_v6only = true
};
#endif
+
mutex_lock(&wg->socket_update_lock);
#if IS_ENABLED(CONFIG_IPV6)
retry:
@@ -373,6 +376,7 @@ out:
void socket_uninit(struct wireguard_device *wg)
{
struct sock *old4, *old6;
+
mutex_lock(&wg->socket_update_lock);
old4 = rcu_dereference_protected(wg->sock4, lockdep_is_held(&wg->socket_update_lock));
old6 = rcu_dereference_protected(wg->sock6, lockdep_is_held(&wg->socket_update_lock));
diff --git a/src/timers.c b/src/timers.c
index 42e188c..2838821 100644
--- a/src/timers.c
+++ b/src/timers.c
@@ -33,6 +33,7 @@ static inline bool timers_active(struct wireguard_peer *peer)
static void expired_retransmit_handshake(unsigned long ptr)
{
peer_get_from_ptr(ptr);
+
if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES) {
pr_debug("%s: Handshake for peer %Lu (%pISpfsc) did not complete after %d attempts, giving up\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, MAX_TIMER_HANDSHAKES + 2);
@@ -61,6 +62,7 @@ static void expired_retransmit_handshake(unsigned long ptr)
static void expired_send_keepalive(unsigned long ptr)
{
peer_get_from_ptr(ptr);
+
packet_send_keepalive(peer);
if (peer->timer_need_another_keepalive) {
peer->timer_need_another_keepalive = false;
@@ -73,6 +75,7 @@ static void expired_send_keepalive(unsigned long ptr)
static void expired_new_handshake(unsigned long ptr)
{
peer_get_from_ptr(ptr);
+
pr_debug("%s: Retrying handshake with peer %Lu (%pISpfsc) because we stopped hearing back after %d seconds\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) / HZ);
/* We clear the endpoint address src address, in case this is the cause of trouble. */
socket_clear_peer_endpoint_src(peer);
@@ -83,12 +86,14 @@ static void expired_new_handshake(unsigned long ptr)
static void expired_zero_key_material(unsigned long ptr)
{
peer_get_from_ptr(ptr);
+
if (!queue_work(peer->device->handshake_send_wq, &peer->clear_peer_work)) /* Takes our reference. */
peer_put(peer); /* If the work was already on the queue, we want to drop the extra reference */
}
static void queued_expired_zero_key_material(struct work_struct *work)
{
struct wireguard_peer *peer = container_of(work, struct wireguard_peer, clear_peer_work);
+
pr_debug("%s: Zeroing out all keys for peer %Lu (%pISpfsc), since we haven't received a new one in %d seconds\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, (REJECT_AFTER_TIME * 3) / HZ);
noise_handshake_clear(&peer->handshake);
noise_keypairs_clear(&peer->keypairs);
@@ -98,6 +103,7 @@ static void queued_expired_zero_key_material(struct work_struct *work)
static void expired_send_persistent_keepalive(unsigned long ptr)
{
peer_get_from_ptr(ptr);
+
if (likely(peer->persistent_keepalive_interval)) {
if (likely(timers_active(peer)))
del_timer(&peer->timer_send_keepalive);