device: add debug logs describing handshake rejection

Useful in testing when bad network stacks repeat or batch large numbers of packets. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
author: Avery Pennarun <apenwarr@tailscale.com> 2019-10-15 22:39:44 -0400
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2020-05-02 01:50:47 -0600
commit: d60857e1a7d82735c01f893f644455fc7ccc423f (patch)
tree: 7a92d072594af24494b4a1297e93c1ec01e79fb4
parent: tun: return a better error message if /dev/net/tun doesn't exist (diff)
download: wireguard-go-d60857e1a7d82735c01f893f644455fc7ccc423f.tar.xz
wireguard-go-d60857e1a7d82735c01f893f644455fc7ccc423f.zip
1 files changed, 8 insertions, 4 deletions
diff --git a/device/noise-protocol.go b/device/noise-protocol.go
index 6dcc831..a848c47 100644
--- a/device/noise-protocol.go
+++ b/device/noise-protocol.go
@@ -314,11 +314,15 @@ func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer {
 
 	// protect against replay & flood
 
-	var ok bool
-	ok = timestamp.After(handshake.lastTimestamp)
-	ok = ok && time.Since(handshake.lastInitiationConsumption) > HandshakeInitationRate
+	replay := !timestamp.After(handshake.lastTimestamp)
+	flood := time.Since(handshake.lastInitiationConsumption) <= HandshakeInitationRate
 	handshake.mutex.RUnlock()
-	if !ok {
+	if replay {
+		device.log.Debug.Printf("%v - ConsumeMessageInitiation: handshake replay @ %v\n", peer, timestamp)
+		return nil
+	}
+	if flood {
+		device.log.Debug.Printf("%v - ConsumeMessageInitiation: handshake flood\n", peer)
 		return nil
 	}
author	Avery Pennarun <apenwarr@tailscale.com>	2019-10-15 22:39:44 -0400
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2020-05-02 01:50:47 -0600
commit	d60857e1a7d82735c01f893f644455fc7ccc423f (patch)
tree	7a92d072594af24494b4a1297e93c1ec01e79fb4
parent	tun: return a better error message if /dev/net/tun doesn't exist (diff)
download	wireguard-go-d60857e1a7d82735c01f893f644455fc7ccc423f.tar.xz wireguard-go-d60857e1a7d82735c01f893f644455fc7ccc423f.zip