wireguard-go/timers.go

/* SPDX-License-Identifier: GPL-2.0
 *
 * Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 *
 * This is based heavily on timers.c from the kernel implementation.
 */

package main

import (
	"math/rand"
	"sync"
	"sync/atomic"
	"time"
)

/* This Timer structure and related functions should roughly copy the interface of
 * the Linux kernel's struct timer_list.
 */

type Timer struct {
	timer         *time.Timer
	modifyingLock sync.RWMutex
	runningLock   sync.Mutex
	isPending     bool
}

func (peer *Peer) NewTimer(expirationFunction func(*Peer)) *Timer {
	timer := &Timer{}
	timer.timer = time.AfterFunc(time.Hour, func() {
		timer.runningLock.Lock()

		timer.modifyingLock.Lock()
		if !timer.isPending {
			timer.modifyingLock.Unlock()
			timer.runningLock.Unlock()
			return
		}
		timer.isPending = false
		timer.modifyingLock.Unlock()

		expirationFunction(peer)
		timer.runningLock.Unlock()
	})
	timer.timer.Stop()
	return timer
}

func (timer *Timer) Mod(d time.Duration) {
	timer.modifyingLock.Lock()
	timer.isPending = true
	timer.timer.Reset(d)
	timer.modifyingLock.Unlock()
}

func (timer *Timer) Del() {
	timer.modifyingLock.Lock()
	timer.isPending = false
	timer.timer.Stop()
	timer.modifyingLock.Unlock()
}

func (timer *Timer) DelSync() {
	timer.Del()
	timer.runningLock.Lock()
	timer.Del()
	timer.runningLock.Unlock()
}

func (timer *Timer) IsPending() bool {
	timer.modifyingLock.RLock()
	defer timer.modifyingLock.RUnlock()
	return timer.isPending
}

func (peer *Peer) timersActive() bool {
	return peer.isRunning.Get() && peer.device != nil && peer.device.isUp.Get() && len(peer.device.peers.keyMap) > 0
}

func expiredRetransmitHandshake(peer *Peer) {
	if atomic.LoadUint32(&peer.timers.handshakeAttempts) > MaxTimerHandshakes {
		peer.device.log.Debug.Printf("%s: Handshake did not complete after %d attempts, giving up\n", peer, MaxTimerHandshakes+2)

		if peer.timersActive() {
			peer.timers.sendKeepalive.Del()
		}

		/* We drop all packets without a keypair and don't try again,
		 * if we try unsuccessfully for too long to make a handshake.
		 */
		peer.FlushNonceQueue()

		/* We set a timer for destroying any residue that might be left
		 * of a partial exchange.
		 */
		if peer.timersActive() && !peer.timers.zeroKeyMaterial.IsPending() {
			peer.timers.zeroKeyMaterial.Mod(RejectAfterTime * 3)
		}
	} else {
		atomic.AddUint32(&peer.timers.handshakeAttempts, 1)
		peer.device.log.Debug.Printf("%s: Handshake did not complete after %d seconds, retrying (try %d)\n", peer, int(RekeyTimeout.Seconds()), atomic.LoadUint32(&peer.timers.handshakeAttempts)+1)

		/* We clear the endpoint address src address, in case this is the cause of trouble. */
		peer.mutex.Lock()
		if peer.endpoint != nil {
			peer.endpoint.ClearSrc()
		}
		peer.mutex.Unlock()

		peer.SendHandshakeInitiation(true)
	}
}

func expiredSendKeepalive(peer *Peer) {
	peer.SendKeepalive()
	if peer.timers.needAnotherKeepalive.Get() {
		peer.timers.needAnotherKeepalive.Set(false)
		if peer.timersActive() {
			peer.timers.sendKeepalive.Mod(KeepaliveTimeout)
		}
	}
}

func expiredNewHandshake(peer *Peer) {
	peer.device.log.Debug.Printf("%s: Retrying handshake because we stopped hearing back after %d seconds\n", peer, int((KeepaliveTimeout + RekeyTimeout).Seconds()))
	/* We clear the endpoint address src address, in case this is the cause of trouble. */
	peer.mutex.Lock()
	if peer.endpoint != nil {
		peer.endpoint.ClearSrc()
	}
	peer.mutex.Unlock()
	peer.SendHandshakeInitiation(false)

}

func expiredZeroKeyMaterial(peer *Peer) {
	peer.device.log.Debug.Printf(":%s Removing all keys, since we haven't received a new one in %d seconds\n", peer, int((RejectAfterTime * 3).Seconds()))
	peer.ZeroAndFlushAll()
}

func expiredPersistentKeepalive(peer *Peer) {
	if peer.persistentKeepaliveInterval > 0 {
		peer.SendKeepalive()
	}
}

/* Should be called after an authenticated data packet is sent. */
func (peer *Peer) timersDataSent() {
	if peer.timersActive() && !peer.timers.newHandshake.IsPending() {
		peer.timers.newHandshake.Mod(KeepaliveTimeout + RekeyTimeout)
	}
}

/* Should be called after an authenticated data packet is received. */
func (peer *Peer) timersDataReceived() {
	if peer.timersActive() {
		if !peer.timers.sendKeepalive.IsPending() {
			peer.timers.sendKeepalive.Mod(KeepaliveTimeout)
		} else {
			peer.timers.needAnotherKeepalive.Set(true)
		}
	}
}

/* Should be called after any type of authenticated packet is sent -- keepalive, data, or handshake. */
func (peer *Peer) timersAnyAuthenticatedPacketSent() {
	if peer.timersActive() {
		peer.timers.sendKeepalive.Del()
	}
}

/* Should be called after any type of authenticated packet is received -- keepalive, data, or handshake. */
func (peer *Peer) timersAnyAuthenticatedPacketReceived() {
	if peer.timersActive() {
		peer.timers.newHandshake.Del()
	}
}

/* Should be called after a handshake initiation message is sent. */
func (peer *Peer) timersHandshakeInitiated() {
	if peer.timersActive() {
		peer.timers.retransmitHandshake.Mod(RekeyTimeout + time.Millisecond*time.Duration(rand.Int31n(RekeyTimeoutJitterMaxMs)))
	}
}

/* Should be called after a handshake response message is received and processed or when getting key confirmation via the first data message. */
func (peer *Peer) timersHandshakeComplete() {
	if peer.timersActive() {
		peer.timers.retransmitHandshake.Del()
	}
	atomic.StoreUint32(&peer.timers.handshakeAttempts, 0)
	peer.timers.sentLastMinuteHandshake.Set(false)
	atomic.StoreInt64(&peer.stats.lastHandshakeNano, time.Now().UnixNano())
}

/* Should be called after an ephemeral key is created, which is before sending a handshake response or after receiving a handshake response. */
func (peer *Peer) timersSessionDerived() {
	if peer.timersActive() {
		peer.timers.zeroKeyMaterial.Mod(RejectAfterTime * 3)
	}
}

/* Should be called before a packet with authentication -- keepalive, data, or handshake -- is sent, or after one is received. */
func (peer *Peer) timersAnyAuthenticatedPacketTraversal() {
	if peer.persistentKeepaliveInterval > 0 && peer.timersActive() {
		peer.timers.persistentKeepalive.Mod(time.Duration(peer.persistentKeepaliveInterval) * time.Second)
	}
}

func (peer *Peer) timersInit() {
	peer.timers.retransmitHandshake = peer.NewTimer(expiredRetransmitHandshake)
	peer.timers.sendKeepalive = peer.NewTimer(expiredSendKeepalive)
	peer.timers.newHandshake = peer.NewTimer(expiredNewHandshake)
	peer.timers.zeroKeyMaterial = peer.NewTimer(expiredZeroKeyMaterial)
	peer.timers.persistentKeepalive = peer.NewTimer(expiredPersistentKeepalive)
	atomic.StoreUint32(&peer.timers.handshakeAttempts, 0)
	peer.timers.sentLastMinuteHandshake.Set(false)
	peer.timers.needAnotherKeepalive.Set(false)
}

func (peer *Peer) timersStop() {
	peer.timers.retransmitHandshake.DelSync()
	peer.timers.sendKeepalive.DelSync()
	peer.timers.newHandshake.DelSync()
	peer.timers.zeroKeyMaterial.DelSync()
	peer.timers.persistentKeepalive.DelSync()
}
global: Add SPDX tags and copyright header Mathias should probably add his copyright headers to each file too. 2018-05-03 13:04:00 +00:00			`/* SPDX-License-Identifier: GPL-2.0`
			`*`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`* Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.`
			`*`
			`* This is based heavily on timers.c from the kernel implementation.`
global: Add SPDX tags and copyright header Mathias should probably add his copyright headers to each file too. 2018-05-03 13:04:00 +00:00			`*/`

Fixed tabs 2018-02-11 18:02:50 +00:00			`package main`

			`import (`
			`"math/rand"`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`"sync"`
Fixed tabs 2018-02-11 18:02:50 +00:00			`"sync/atomic"`
			`"time"`
			`)`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`/* This Timer structure and related functions should roughly copy the interface of`
			`* the Linux kernel's struct timer_list.`
Fixed tabs 2018-02-11 18:02:50 +00:00			`*/`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`type Timer struct {`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`timer *time.Timer`
Fix race in lock pending 2018-05-20 01:31:27 +00:00			`modifyingLock sync.RWMutex`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`runningLock sync.Mutex`
			`isPending bool`
Fixed tabs 2018-02-11 18:02:50 +00:00			`}`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func (peer Peer) NewTimer(expirationFunction func(Peer)) *Timer {`
			`timer := &Timer{}`
			`timer.timer = time.AfterFunc(time.Hour, func() {`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`timer.runningLock.Lock()`

			`timer.modifyingLock.Lock()`
			`if !timer.isPending {`
			`timer.modifyingLock.Unlock()`
			`timer.runningLock.Unlock()`
			`return`
			`}`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`timer.isPending = false`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`timer.modifyingLock.Unlock()`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`expirationFunction(peer)`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`timer.runningLock.Unlock()`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`})`
			`timer.timer.Stop()`
			`return timer`
Fixed tabs 2018-02-11 18:02:50 +00:00			`}`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func (timer *Timer) Mod(d time.Duration) {`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`timer.modifyingLock.Lock()`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`timer.isPending = true`
			`timer.timer.Reset(d)`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`timer.modifyingLock.Unlock()`
Fixed tabs 2018-02-11 18:02:50 +00:00			`}`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func (timer *Timer) Del() {`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`timer.modifyingLock.Lock()`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`timer.isPending = false`
			`timer.timer.Stop()`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`timer.modifyingLock.Unlock()`
			`}`

			`func (timer *Timer) DelSync() {`
			`timer.Del()`
			`timer.runningLock.Lock()`
			`timer.Del()`
			`timer.runningLock.Unlock()`
Fixed tabs 2018-02-11 18:02:50 +00:00			`}`

Fix race in lock pending 2018-05-20 01:31:27 +00:00			`func (timer *Timer) IsPending() bool {`
			`timer.modifyingLock.RLock()`
			`defer timer.modifyingLock.RUnlock()`
			`return timer.isPending`
			`}`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func (peer *Peer) timersActive() bool {`
			`return peer.isRunning.Get() && peer.device != nil && peer.device.isUp.Get() && len(peer.device.peers.keyMap) > 0`
			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func expiredRetransmitHandshake(peer *Peer) {`
Fix data races in timers 2018-05-20 04:50:07 +00:00			`if atomic.LoadUint32(&peer.timers.handshakeAttempts) > MaxTimerHandshakes {`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`peer.device.log.Debug.Printf("%s: Handshake did not complete after %d attempts, giving up\n", peer, MaxTimerHandshakes+2)`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`if peer.timersActive() {`
			`peer.timers.sendKeepalive.Del()`
			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`/* We drop all packets without a keypair and don't try again,`
			`* if we try unsuccessfully for too long to make a handshake.`
			`*/`
			`peer.FlushNonceQueue()`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`/* We set a timer for destroying any residue that might be left`
			`* of a partial exchange.`
			`*/`
Fix race in lock pending 2018-05-20 01:31:27 +00:00			`if peer.timersActive() && !peer.timers.zeroKeyMaterial.IsPending() {`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`peer.timers.zeroKeyMaterial.Mod(RejectAfterTime * 3)`
			`}`
			`} else {`
Fix data races in timers 2018-05-20 04:50:07 +00:00			`atomic.AddUint32(&peer.timers.handshakeAttempts, 1)`
			`peer.device.log.Debug.Printf("%s: Handshake did not complete after %d seconds, retrying (try %d)\n", peer, int(RekeyTimeout.Seconds()), atomic.LoadUint32(&peer.timers.handshakeAttempts)+1)`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00
			`/* We clear the endpoint address src address, in case this is the cause of trouble. */`
			`peer.mutex.Lock()`
			`if peer.endpoint != nil {`
			`peer.endpoint.ClearSrc()`
			`}`
			`peer.mutex.Unlock()`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`peer.SendHandshakeInitiation(true)`
			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00			`}`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func expiredSendKeepalive(peer *Peer) {`
			`peer.SendKeepalive()`
Fix data races in timers 2018-05-20 04:50:07 +00:00			`if peer.timers.needAnotherKeepalive.Get() {`
			`peer.timers.needAnotherKeepalive.Set(false)`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`if peer.timersActive() {`
			`peer.timers.sendKeepalive.Mod(KeepaliveTimeout)`
			`}`
			`}`
Initial version of migration to new event model - Begin move away from global timer state. - Made logging format more consistent 2018-05-05 00:20:52 +00:00			`}`

Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func expiredNewHandshake(peer *Peer) {`
			`peer.device.log.Debug.Printf("%s: Retrying handshake because we stopped hearing back after %d seconds\n", peer, int((KeepaliveTimeout + RekeyTimeout).Seconds()))`
			`/* We clear the endpoint address src address, in case this is the cause of trouble. */`
			`peer.mutex.Lock()`
			`if peer.endpoint != nil {`
			`peer.endpoint.ClearSrc()`
Fixed tabs 2018-02-11 18:02:50 +00:00			`}`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`peer.mutex.Unlock()`
			`peer.SendHandshakeInitiation(false)`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`}`
Removed old signals 2018-05-05 02:15:07 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func expiredZeroKeyMaterial(peer *Peer) {`
			`peer.device.log.Debug.Printf(":%s Removing all keys, since we haven't received a new one in %d seconds\n", peer, int((RejectAfterTime * 3).Seconds()))`
More refactoring 2018-05-13 21:14:43 +00:00			`peer.ZeroAndFlushAll()`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func expiredPersistentKeepalive(peer *Peer) {`
			`if peer.persistentKeepaliveInterval > 0 {`
			`peer.SendKeepalive()`
			`}`
			`}`
Initial version of migration to new event model - Begin move away from global timer state. - Made logging format more consistent 2018-05-05 00:20:52 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`/* Should be called after an authenticated data packet is sent. */`
			`func (peer *Peer) timersDataSent() {`
Fix race in lock pending 2018-05-20 01:31:27 +00:00			`if peer.timersActive() && !peer.timers.newHandshake.IsPending() {`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`peer.timers.newHandshake.Mod(KeepaliveTimeout + RekeyTimeout)`
			`}`
			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`/* Should be called after an authenticated data packet is received. */`
			`func (peer *Peer) timersDataReceived() {`
			`if peer.timersActive() {`
Fix race in lock pending 2018-05-20 01:31:27 +00:00			`if !peer.timers.sendKeepalive.IsPending() {`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`peer.timers.sendKeepalive.Mod(KeepaliveTimeout)`
			`} else {`
Fix data races in timers 2018-05-20 04:50:07 +00:00			`peer.timers.needAnotherKeepalive.Set(true)`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`}`
			`}`
			`}`
Removed old signals 2018-05-05 02:15:07 +00:00
timers: clear send_keepalive timer on sending handshake response We reorganize this into also doing so on sending keepalives itself, which means the state machine is much more consistent, even if this was already implied. Kernel module commit 30290ef1d2581a3e6ee8ffcdb05d580cfba976be 2018-05-18 23:19:53 +00:00			`/* Should be called after any type of authenticated packet is sent -- keepalive, data, or handshake. */`
			`func (peer *Peer) timersAnyAuthenticatedPacketSent() {`
			`if peer.timersActive() {`
			`peer.timers.sendKeepalive.Del()`
			`}`
			`}`

			`/* Should be called after any type of authenticated packet is received -- keepalive, data, or handshake. */`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func (peer *Peer) timersAnyAuthenticatedPacketReceived() {`
			`if peer.timersActive() {`
			`peer.timers.newHandshake.Del()`
			`}`
			`}`
Removed old signals 2018-05-05 02:15:07 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`/* Should be called after a handshake initiation message is sent. */`
			`func (peer *Peer) timersHandshakeInitiated() {`
			`if peer.timersActive() {`
			`peer.timers.retransmitHandshake.Mod(RekeyTimeout + time.Millisecond*time.Duration(rand.Int31n(RekeyTimeoutJitterMaxMs)))`
			`}`
			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`/* Should be called after a handshake response message is received and processed or when getting key confirmation via the first data message. */`
			`func (peer *Peer) timersHandshakeComplete() {`
			`if peer.timersActive() {`
			`peer.timers.retransmitHandshake.Del()`
			`}`
Fix data races in timers 2018-05-20 04:50:07 +00:00			`atomic.StoreUint32(&peer.timers.handshakeAttempts, 0)`
			`peer.timers.sentLastMinuteHandshake.Set(false)`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`atomic.StoreInt64(&peer.stats.lastHandshakeNano, time.Now().UnixNano())`
			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`/* Should be called after an ephemeral key is created, which is before sending a handshake response or after receiving a handshake response. */`
			`func (peer *Peer) timersSessionDerived() {`
			`if peer.timersActive() {`
			`peer.timers.zeroKeyMaterial.Mod(RejectAfterTime * 3)`
			`}`
			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00
timers: clear send_keepalive timer on sending handshake response We reorganize this into also doing so on sending keepalives itself, which means the state machine is much more consistent, even if this was already implied. Kernel module commit 30290ef1d2581a3e6ee8ffcdb05d580cfba976be 2018-05-18 23:19:53 +00:00			`/* Should be called before a packet with authentication -- keepalive, data, or handshake -- is sent, or after one is received. */`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func (peer *Peer) timersAnyAuthenticatedPacketTraversal() {`
			`if peer.persistentKeepaliveInterval > 0 && peer.timersActive() {`
			`peer.timers.persistentKeepalive.Mod(time.Duration(peer.persistentKeepaliveInterval) * time.Second)`
			`}`
			`}`
Fixed tabs 2018-02-11 18:02:50 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func (peer *Peer) timersInit() {`
			`peer.timers.retransmitHandshake = peer.NewTimer(expiredRetransmitHandshake)`
			`peer.timers.sendKeepalive = peer.NewTimer(expiredSendKeepalive)`
			`peer.timers.newHandshake = peer.NewTimer(expiredNewHandshake)`
			`peer.timers.zeroKeyMaterial = peer.NewTimer(expiredZeroKeyMaterial)`
			`peer.timers.persistentKeepalive = peer.NewTimer(expiredPersistentKeepalive)`
Fix data races in timers 2018-05-20 04:50:07 +00:00			`atomic.StoreUint32(&peer.timers.handshakeAttempts, 0)`
			`peer.timers.sentLastMinuteHandshake.Set(false)`
			`peer.timers.needAnotherKeepalive.Set(false)`
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`}`
Removed old signals 2018-05-05 02:15:07 +00:00
Rewrite timers and related state machines 2018-05-07 20:27:03 +00:00			`func (peer *Peer) timersStop() {`
Lock timers on modification 2018-05-15 16:38:18 +00:00			`peer.timers.retransmitHandshake.DelSync()`
			`peer.timers.sendKeepalive.DelSync()`
			`peer.timers.newHandshake.DelSync()`
			`peer.timers.zeroKeyMaterial.DelSync()`
			`peer.timers.persistentKeepalive.DelSync()`
Fixed tabs 2018-02-11 18:02:50 +00:00			`}`