<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Triffid, have you had a chance to test?</p>
<p>Jason, did you have any more thoughts? (You've clearly been busy
given all the recent announcements!) This is the second version,
which required a rebase but the code remained the same after
verifying that the process did not change at all.<br>
</p>
<p>Thanks, ~Derrick<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 3/13/19 11:47 PM, Triffid Hunter
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACL3eKB7SLDoAbWc9+k5s4SE4jDKRu_FYSpUx0Co_83=cdfqog@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">This sounds interesting, as I often get long (10-30
minute) stalls where wg is doing nothing but throwing keys back
and forth. I'll let you know if it helps when I have a chance to
test properly.<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, 14 Mar 2019 at 06:44,
<<a href="mailto:derrick@pallas.us" moz-do-not-send="true">derrick@pallas.us</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">From:
Derrick Pallas <<a href="mailto:derrick@pallas.us"
target="_blank" moz-do-not-send="true">derrick@pallas.us</a>><br>
<br>
This function will clear the key state for the peer and reset
its handshake<br>
timer. This is useful, for instance, if it is known that the
current key<br>
material is bad. Currently, this happens when the private key
is changed.<br>
<br>
Signed-off-by: Derrick Pallas <<a
href="mailto:derrick@pallas.us" target="_blank"
moz-do-not-send="true">derrick@pallas.us</a>><br>
---<br>
src/peer.c | 14 ++++++++++++++<br>
src/peer.h | 1 +<br>
2 files changed, 15 insertions(+)<br>
<br>
diff --git a/src/peer.c b/src/peer.c<br>
index 996f40b..be244a4 100644<br>
--- a/src/peer.c<br>
+++ b/src/peer.c<br>
@@ -160,6 +160,20 @@ static void peer_remove_after_dead(struct
wg_peer *peer)<br>
wg_peer_put(peer);<br>
}<br>
<br>
+void wg_peer_reset_keys(struct wg_peer *peer)<br>
+{<br>
+ if (unlikely(!peer))<br>
+ return;<br>
+
lockdep_assert_held(&peer->device->device_update_lock);<br>
+<br>
+ wg_noise_handshake_clear(&peer->handshake);<br>
+ wg_noise_keypairs_clear(&peer->keypairs);<br>
+ wg_cookie_checker_precompute_peer_keys(peer);<br>
+ atomic64_set(&peer->last_sent_handshake,<br>
+ ktime_get_boot_fast_ns() -<br>
+ (u64)(REKEY_TIMEOUT + 1) *
NSEC_PER_SEC);<br>
+}<br>
+<br>
/* We have a separate "remove" function make sure that all
active places where<br>
* a peer is currently operating will eventually come to an
end and not pass<br>
* their reference onto another context.<br>
diff --git a/src/peer.h b/src/peer.h<br>
index 23af409..f85817f 100644<br>
--- a/src/peer.h<br>
+++ b/src/peer.h<br>
@@ -79,5 +79,6 @@ static inline struct wg_peer
*wg_peer_get(struct wg_peer *peer)<br>
void wg_peer_put(struct wg_peer *peer);<br>
void wg_peer_remove(struct wg_peer *peer);<br>
void wg_peer_remove_all(struct wg_device *wg);<br>
+void wg_peer_reset_keys(struct wg_peer *peer);<br>
<br>
#endif /* _WG_PEER_H */<br>
-- <br>
2.19.2<br>
<br>
_______________________________________________<br>
WireGuard mailing list<br>
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank"
moz-do-not-send="true">WireGuard@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
</blockquote>
</div>
</blockquote>
</body>
</html>