WG: Need for HW-clock independent timestamps
neumann at cgws.de
Mon May 21 14:31:32 CEST 2018
On 21.05.2018 13:52, Axel Neumann wrote:
> On 21.05.2018 13:22, Reto Brunner wrote:
>> On Mon, May 21, 2018 at 12:07:38PM +0200, Axel Neumann wrote:
>>> entirely superfluous. As discussed earlier  it can be achieved with
>>> essentially one file-system write operation each boot.
>> You might as well achieve the same with the timestamp.
>> Just add a pre-shutdown hook, which touches a file.
> yes, can be an option, but would only work in "normal" soft-shut-down
> cases, not in case of a hard reset or power cycle. A not-so-uncommon
> scenario for embedded home-network devices and community-network
> deployments. Especially when considering the first choice of a normal
> user (desperately trying to fix its internet-via-WG tunnel connection):
> Power cycle the device.
>> Restore the system clock to this upon boot (which may very well be off
>> but who cares).
>> After the wg tunnel is back up, sync with any NTP server you trust and you
>> are back up and running.
>> What is the advantage of doing it with a counter?
>> I fail to see the benefit.
Sorry, forgot to reply here: The advantage is that
you could save a counter value in advance that is to-be-used after the
NEXT reboot. It can be saved during boot or before WG starts (not during
shut-down), so you are safe against unexpected hard resets.
The (WG) boot procedure would be:
1) Read saved_counter from disk (take zero first time) and memorize it
2) Write saved_counter + NextBootOffset to disk.
3) Use and incremented current_counter by +1 with each new WG handshake.
Considering NextBootOffset = (2^16 * 10^9):
With 1 WG handshake per ms the NextBootOffset would be exhausted every
With 1 system reboot every ms the total 96bits counter range would
overlap in ~9000 years.
>> WireGuard mailing list
>> WireGuard at lists.zx2c4.com
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
More information about the WireGuard