From 69d65f583c18782b3b2fd302cbd310e6b9e7d7b5 Mon Sep 17 00:00:00 2001 From: Matt Dunwoodie Date: Fri, 23 Apr 2021 11:31:35 +1000 Subject: wg_cookie: add cookie_valid bool Primarily this commit adds a cookie_valid state, to prevent a recently booted machine from sending a mac2. We also do a little bit of reworking on locking and a fixup for int to bool. There is one slight difference to cookie_valid (latest_cookie.is_valid) on Linux and that is to set cookie_valid to false when the cookie_birthdate has expired. The purpose of this is to prevent the expensive timer check after it has expired. For the locking, we want to hold a write lock in cookie_maker_mac because we write to mac1_last, mac1_valid and cookie_valid. This wouldn't cause too much contention as this is a per peer lock and we only do so when sending handshake packets. This is different from Linux as Linux writes all it's variables at the start, then downgrades to a read lock. We also match cookie_maker_consume_payload locking to Linux, that is to read lock while checking mac1_valid and decrypting the cookie then take a write lock to set the cookie. Signed-off-by: Matt Dunwoodie --- TODO.md | 3 --- 1 file changed, 3 deletions(-) (limited to 'TODO.md') diff --git a/TODO.md b/TODO.md index 5f68380..3d13a8f 100644 --- a/TODO.md +++ b/TODO.md @@ -9,9 +9,6 @@ permissions in another.) - Make code style consistent with one FreeBSD way, rather than a mix of styles. - Make sure noise state machine is correct. -- The cookie logic appears to be broken in unusual ways, in particular right - after boot up. Audit and compare all `is_valid` checks, as well as - `have_sent_mac1` guards. - Investigate whether the allowed ips lookup structure needs reference counting. - Handle failures of `rn_inithead` and remember to call `rn_detachhead` -- cgit v1.2.3-59-g8ed1b