diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2018-06-23 04:20:14 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-06-23 06:08:37 +0200 |
| commit | d0bd6dc67d81236f66cb763c3d47dd6b5d7581a6 (patch) | |
| tree | 6b3669f075d28267e50bda153a32e9b7ea9ff30b /src/receive.c | |
| parent | tools: fix misspelling of strchrnul in comment (diff) | |
| download | wireguard-monolithic-historical-d0bd6dc67d81236f66cb763c3d47dd6b5d7581a6.tar.xz wireguard-monolithic-historical-d0bd6dc67d81236f66cb763c3d47dd6b5d7581a6.zip | |
global: use ktime boottime instead of jiffies
Since this is a network protocol, expirations need to be accounted for,
even across system suspend. On real systems, this isn't a problem, since
we're clearing all keys before suspend. But on Android, where we don't
do that, this is something of a problem. So, we switch to using boottime
instead of jiffies.
Diffstat (limited to 'src/receive.c')
| -rw-r--r-- | src/receive.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/receive.c b/src/receive.c index ac23e47..080e466 100644 --- a/src/receive.c +++ b/src/receive.c @@ -80,7 +80,7 @@ static inline int skb_prepare_header(struct sk_buff *skb, struct wireguard_devic static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff *skb) { - static u64 last_under_load; /* Yes this is global, so that our load calculation applies to the whole system. */ + static ktime_t last_under_load; /* Yes this is global, so that our load calculation applies to the whole system. */ struct wireguard_peer *peer = NULL; bool under_load; enum cookie_mac_state mac_state; @@ -94,9 +94,9 @@ static void receive_handshake_packet(struct wireguard_device *wg, struct sk_buff under_load = skb_queue_len(&wg->incoming_handshakes) >= MAX_QUEUED_INCOMING_HANDSHAKES / 8; if (under_load) - last_under_load = get_jiffies_64(); - else if (last_under_load) - under_load = time_is_after_jiffies64(last_under_load + HZ); + last_under_load = ktime_get_boottime(); + else if (ktime_to_ns(last_under_load)) + under_load = !has_expired(last_under_load, 1); mac_state = cookie_validate_packet(&wg->cookie_checker, skb, under_load); if ((under_load && mac_state == VALID_MAC_WITH_COOKIE) || (!under_load && mac_state == VALID_MAC_BUT_NO_COOKIE)) packet_needs_cookie = false; @@ -190,7 +190,7 @@ static inline void keep_key_fresh(struct wireguard_peer *peer) rcu_read_lock_bh(); keypair = rcu_dereference_bh(peer->keypairs.current_keypair); if (likely(keypair && keypair->sending.is_valid) && keypair->i_am_the_initiator && - unlikely(time_is_before_eq_jiffies64(keypair->sending.birthdate + REJECT_AFTER_TIME - KEEPALIVE_TIMEOUT - REKEY_TIMEOUT))) + unlikely(has_expired(keypair->sending.birthdate, REJECT_AFTER_TIME - KEEPALIVE_TIMEOUT - REKEY_TIMEOUT))) send = true; rcu_read_unlock_bh(); @@ -210,7 +210,7 @@ static inline bool skb_decrypt(struct sk_buff *skb, struct noise_symmetric_key * if (unlikely(!key)) return false; - if (unlikely(!key->is_valid || time_is_before_eq_jiffies64(key->birthdate + REJECT_AFTER_TIME) || key->counter.receive.counter >= REJECT_AFTER_MESSAGES)) { + if (unlikely(!key->is_valid || has_expired(key->birthdate, REJECT_AFTER_TIME) || key->counter.receive.counter >= REJECT_AFTER_MESSAGES)) { key->is_valid = false; return false; } |