[WireGuard] [PATCH] persistent keepalive: start sending immediately

Jason A. Donenfeld Jason at zx2c4.com
Fri Jul 8 14:34:12 CEST 2016

Rather than only start sending the persistent keepalive packets when the
device first sends data, this changes it to send the packets immediately
on `ip link set up`. This makes things generally seem more stateless,
since the administrator does not have to manually ping the endpoint.

Of course, if you have a lot of peers and all of them have persistent
keepalive enabled, this could cause a lot of unwanted immediate traffic.
On the other hand, if all of those peers are at some point going to be
sending packets, this would happen anyway. I suppose the moral of the
story is that persistent keepalive is a feature really just for clients
behind NAT, not for servers, and it should be used sparingly, which is
why we've set it off by default in the first place.

Hi list,

I haven't merged this yet, and I'm debating whether it's something we want.
I'm open to all opinions here, so feed back would be most welcome.


 src/config.c | 5 ++++-
 src/device.c | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/config.c b/src/config.c
index 767d31a..910c31b 100644
--- a/src/config.c
+++ b/src/config.c
@@ -106,8 +106,11 @@ static int set_peer(struct wireguard_device *wg, void __user *user_peer, size_t
 	if (in_peer.persistent_keepalive_interval != (uint16_t)-1) {
 		if (in_peer.persistent_keepalive_interval && (in_peer.persistent_keepalive_interval < 10 || in_peer.persistent_keepalive_interval > 3600))
 			ret = -EINVAL;
-		else
+		else {
+			if (!peer->persistent_keepalive_interval && in_peer.persistent_keepalive_interval && netdev_pub(wg)->flags & IFF_UP)
+				socket_send_buffer_to_peer(peer, NULL, 0, 0);
 			peer->persistent_keepalive_interval = in_peer.persistent_keepalive_interval;
+		}
 	if (netdev_pub(wg)->flags & IFF_UP)
diff --git a/src/device.c b/src/device.c
index 120f8c9..198368f 100644
--- a/src/device.c
+++ b/src/device.c
@@ -40,6 +40,8 @@ static int open_peer(struct wireguard_peer *peer, void *data)
+	if (peer->persistent_keepalive_interval)
+		socket_send_buffer_to_peer(peer, NULL, 0, 0);
 	return 0;

More information about the WireGuard mailing list