From 06a7d898961e2a7dd60c62529974c155c877a6a9 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Tue, 26 Oct 2021 11:33:43 +0200
Subject: Bump keepalive timers unconditionally on send

The keepalive timers -- both persistent and mandatory -- are part of the
internal state machine, which needs to be cranked whether or not the
packet was actually sent. A packet might be dropped by the network. Or
the packet might be dropped by the local network stack. The latter case
gives a hint -- which is useful for the data_sent event -- but is
harmful to consider for the keepalive state machine. So, crank those
timers before even calling wg_send.

Incidentally, doing it this way matches exactly what Linux's send.c's
wg_packet_create_data_done and Go's send.go's RoutineSequentialSender do
too.

Suggested-by: Kyle Evans <kevans@freebsd.org>
Reported-by: Ryan Roosa <ryanroosa@gmail.com>
---
 sys/net/if_wg.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c
index 2e286fc9a74..5f564d2a998 100644
--- a/sys/net/if_wg.c
+++ b/sys/net/if_wg.c
@@ -1521,15 +1521,14 @@ wg_deliver_out(void *_peer)
 		m = pkt->p_mbuf;
 		if (pkt->p_state == WG_PACKET_CRYPTED) {
 
+			wg_timers_event_any_authenticated_packet_traversal(peer);
+			wg_timers_event_any_authenticated_packet_sent(peer);
+
 			data = m->m_pkthdr.len > (sizeof(struct wg_pkt_data) + NOISE_AUTHTAG_LEN);
 			ret = wg_send(sc, &endpoint, m);
 
-			if (ret == 0) {
-				wg_timers_event_any_authenticated_packet_traversal(peer);
-				wg_timers_event_any_authenticated_packet_sent(peer);
-
-				if (data)
-					wg_timers_event_data_sent(peer);
+			if (ret == 0 && data) {
+				wg_timers_event_data_sent(peer);
 			} else if (ret == EADDRNOTAVAIL) {
 				wg_peer_clear_src(peer);
 				wg_peer_get_endpoint(peer, &endpoint);
-- 
cgit v1.2.3-59-g8ed1b