Triffid, have you had a chance to test?

Jason, did you have any more thoughts? (You've clearly been busy given 
all the recent announcements!) This is the second version, which 
required a rebase but the code remained the same after verifying that 
the process did not change at all.

Thanks, ~Derrick


On 3/13/19 11:47 PM, Triffid Hunter wrote:
> This sounds interesting, as I often get long (10-30 minute) stalls 
> where wg is doing nothing but throwing keys back and forth. I'll let 
> you know if it helps when I have a chance to test properly.
>
> On Thu, 14 Mar 2019 at 06:44, <derrick@pallas.us 
> <mailto:derrick@pallas.us>> wrote:
>
>     From: Derrick Pallas <derrick@pallas.us <mailto:derrick@pallas.us>>
>
>     This function will clear the key state for the peer and reset its
>     handshake
>     timer.  This is useful, for instance, if it is known that the
>     current key
>     material is bad.  Currently, this happens when the private key is
>     changed.
>
>     Signed-off-by: Derrick Pallas <derrick@pallas.us
>     <mailto:derrick@pallas.us>>
>     ---
>      src/peer.c | 14 ++++++++++++++
>      src/peer.h |  1 +
>      2 files changed, 15 insertions(+)
>
>     diff --git a/src/peer.c b/src/peer.c
>     index 996f40b..be244a4 100644
>     --- a/src/peer.c
>     +++ b/src/peer.c
>     @@ -160,6 +160,20 @@ static void peer_remove_after_dead(struct
>     wg_peer *peer)
>             wg_peer_put(peer);
>      }
>
>     +void wg_peer_reset_keys(struct wg_peer *peer)
>     +{
>     +       if (unlikely(!peer))
>     +               return;
>     +  lockdep_assert_held(&peer->device->device_update_lock);
>     +
>     +       wg_noise_handshake_clear(&peer->handshake);
>     +       wg_noise_keypairs_clear(&peer->keypairs);
>     +       wg_cookie_checker_precompute_peer_keys(peer);
>     +       atomic64_set(&peer->last_sent_handshake,
>     +               ktime_get_boot_fast_ns() -
>     +                       (u64)(REKEY_TIMEOUT + 1) * NSEC_PER_SEC);
>     +}
>     +
>      /* We have a separate "remove" function make sure that all active
>     places where
>       * a peer is currently operating will eventually come to an end
>     and not pass
>       * their reference onto another context.
>     diff --git a/src/peer.h b/src/peer.h
>     index 23af409..f85817f 100644
>     --- a/src/peer.h
>     +++ b/src/peer.h
>     @@ -79,5 +79,6 @@ static inline struct wg_peer *wg_peer_get(struct
>     wg_peer *peer)
>      void wg_peer_put(struct wg_peer *peer);
>      void wg_peer_remove(struct wg_peer *peer);
>      void wg_peer_remove_all(struct wg_device *wg);
>     +void wg_peer_reset_keys(struct wg_peer *peer);
>
>      #endif /* _WG_PEER_H */
>     -- 
>     2.19.2
>
>     _______________________________________________
>     WireGuard mailing list
>     WireGuard@lists.zx2c4.com <mailto:WireGuard@lists.zx2c4.com>
>     https://lists.zx2c4.com/mailman/listinfo/wireguard
>