Bump keepalive timers unconditionally on sendHEADmaster

The keepalive timers -- both persistent and mandatory -- are part of the
internal state machine, which needs to be cranked whether or not the
packet was actually sent. A packet might be dropped by the network. Or
the packet might be dropped by the local network stack. The latter case
gives a hint -- which is useful for the data_sent event -- but is
harmful to consider for the keepalive state machine. So, crank those
timers before even calling wg_send.

Incidentally, doing it this way matches exactly what Linux's send.c's
wg_packet_create_data_done and Go's send.go's RoutineSequentialSender do
too.

Suggested-by: Kyle Evans <kevans@freebsd.org>
Reported-by: Ryan Roosa <ryanroosa@gmail.com>

1 files changed, 5 insertions, 6 deletions

diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c
index 2e286fc9a74..5f564d2a998 100644
--- a/sys/net/if_wg.c
+++ b/sys/net/if_wg.c
@@ -1521,15 +1521,14 @@ wg_deliver_out(void *_peer)
 		m = pkt->p_mbuf;
 		if (pkt->p_state == WG_PACKET_CRYPTED) {
 
+			wg_timers_event_any_authenticated_packet_traversal(peer);
+			wg_timers_event_any_authenticated_packet_sent(peer);
+
 			data = m->m_pkthdr.len > (sizeof(struct wg_pkt_data) + NOISE_AUTHTAG_LEN);
 			ret = wg_send(sc, &endpoint, m);
 
-			if (ret == 0) {
-				wg_timers_event_any_authenticated_packet_traversal(peer);
-				wg_timers_event_any_authenticated_packet_sent(peer);
-
-				if (data)
-					wg_timers_event_data_sent(peer);
+			if (ret == 0 && data) {
+				wg_timers_event_data_sent(peer);
 			} else if (ret == EADDRNOTAVAIL) {
 				wg_peer_clear_src(peer);
 				wg_peer_get_endpoint(peer, &endpoint);