From f3489814efef5041ccffd8c6b5a45e37c133627d Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 8 Aug 2016 13:53:00 +0200 Subject: persistent-keepalive: change range to [1,65535] --- src/config.c | 11 ++++------- src/tools/config.c | 4 ++-- src/tools/wg.8 | 4 ++-- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/src/config.c b/src/config.c index 3ca23f3..b065e0c 100644 --- a/src/config.c +++ b/src/config.c @@ -104,13 +104,10 @@ static int set_peer(struct wireguard_device *wg, void __user *user_peer, size_t } if (in_peer.persistent_keepalive_interval != (uint16_t)-1) { - if (in_peer.persistent_keepalive_interval && (in_peer.persistent_keepalive_interval < 10 || in_peer.persistent_keepalive_interval > 3600)) - ret = -EINVAL; - else { - if (!peer->persistent_keepalive_interval && in_peer.persistent_keepalive_interval && netdev_pub(wg)->flags & IFF_UP) - packet_send_keepalive(peer); - peer->persistent_keepalive_interval = (unsigned long)in_peer.persistent_keepalive_interval * HZ; - } + const bool send_keepalive = !peer->persistent_keepalive_interval && in_peer.persistent_keepalive_interval && netdev_pub(wg)->flags & IFF_UP; + peer->persistent_keepalive_interval = (unsigned long)in_peer.persistent_keepalive_interval * HZ; + if (send_keepalive) + packet_send_keepalive(peer); } if (netdev_pub(wg)->flags & IFF_UP) diff --git a/src/tools/config.c b/src/tools/config.c index 55a8ab5..d307007 100644 --- a/src/tools/config.c +++ b/src/tools/config.c @@ -193,8 +193,8 @@ static inline bool parse_persistent_keepalive(__u16 *interval, const char *value } ret = strtoul(value, &end, 10); - if (!*value || *value == '-' || *end || (ret && (ret < 10 || ret > 3600))) { - fprintf(stderr, "The persistent keepalive interval must be 0/off or 10-3600. Found: `%s`\n", value); + if (!*value || *value == '-' || *end || ret > 65535) { + fprintf(stderr, "The persistent keepalive interval must be 0/off or 1-65535. Found: `%s`\n", value); return false; } diff --git a/src/tools/wg.8 b/src/tools/wg.8 index 0795fdf..4e7e4c2 100644 --- a/src/tools/wg.8 +++ b/src/tools/wg.8 @@ -68,7 +68,7 @@ public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP is specified, but the value is the empty string, all allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP is optional and is by default off; setting it to 0 or "off", disables it. Otherwise it represents, -in seconds, between 10 and 3600 inclusive, how often to send an authenticated +in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind @@ -142,7 +142,7 @@ port number. This endpoint will be updated automatically to the most recent source IP address and port of correctly authenticated packets from the peer. Optional. .IP \(bu -PersistentKeepalive \(em a seconds interval, between 10 and 3600 inclusive, of +PersistentKeepalive \(em a seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, -- cgit v1.2.3-59-g8ed1b