diff options
Diffstat (limited to 'src/interface/peer_server.rs')
-rw-r--r-- | src/interface/peer_server.rs | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/src/interface/peer_server.rs b/src/interface/peer_server.rs index 0e02080..ebcb01b 100644 --- a/src/interface/peer_server.rs +++ b/src/interface/peer_server.rs @@ -1,5 +1,5 @@ -use consts::{REKEY_TIMEOUT, REKEY_ATTEMPT_TIME, KEEPALIVE_TIMEOUT, STALE_SESSION_TIMEOUT, - MAX_CONTENT_SIZE, WIPE_AFTER_TIME}; +use consts::{REKEY_TIMEOUT, KEEPALIVE_TIMEOUT, STALE_SESSION_TIMEOUT, + MAX_CONTENT_SIZE, WIPE_AFTER_TIME, MAX_HANDSHAKE_ATTEMPTS}; use cookie; use interface::{SharedPeer, SharedState, State, UtunPacket}; use message::{Message, Initiation, Response, CookieReply, Transport}; @@ -265,6 +265,7 @@ impl PeerServer { let needs_handshake = { let mut peer = peer_ref.borrow_mut(); + let needs_handshake = peer.needs_new_handshake(true); peer.queue_egress(packet); if peer.ready_for_transport() { @@ -276,7 +277,8 @@ impl PeerServer { self.send_to_peer(peer.handle_outgoing_transport(packet.payload())?)?; } } - peer.needs_new_handshake(true) + + needs_handshake }; if needs_handshake { @@ -290,8 +292,13 @@ impl PeerServer { let shared_state = self.shared_state.clone(); let mut state = shared_state.borrow_mut(); let mut peer = peer_ref.borrow_mut(); - let private_key = &state.interface_info.private_key.ok_or_else(|| err_msg("no private key!"))?; - let new_index = self.unused_index(&mut state); + + if peer.timers.handshake_initialized.elapsed() < *REKEY_TIMEOUT { + bail!("skipping handshake init because of REKEY_TIMEOUT"); + } + + let private_key = &state.interface_info.private_key.ok_or_else(|| err_msg("no private key!"))?; + let new_index = self.unused_index(&mut state); let (endpoint, init_packet, dead_index) = peer.initiate_new_session(private_key, new_index)?; let _ = state.index_map.insert(new_index, peer_ref.clone()); @@ -323,11 +330,11 @@ impl PeerServer { let wait = *REKEY_TIMEOUT - peer.timers.handshake_initialized.elapsed(); self.timer.send_after(wait, Rekey(peer_ref.clone(), our_index)); bail!("too soon since last init sent, waiting {:?} ({})", wait, our_index); - } else if peer.timers.egress_queued.elapsed() > *REKEY_ATTEMPT_TIME { - peer.sessions.next = None; - bail!("REKEY_ATTEMPT_TIME exceeded, destroying session ({})", our_index); + } else if peer.timers.handshake_attempts >= *MAX_HANDSHAKE_ATTEMPTS { + bail!("REKEY_ATTEMPT_TIME exceeded, giving up."); } - debug!("sending hanshake init (rekey re-attempt)"); + peer.timers.handshake_attempts += 1; + debug!("sending hanshake init (rekey attempt #{})", peer.timers.handshake_attempts); }, Some((_, SessionType::Current)) => { let since_last_send = peer.timers.data_sent.elapsed(); |