WG: Need for HW-clock independent timestamps

Axel Neumann neumann at cgws.de
Mon May 21 14:31:32 CEST 2018 

On 21.05.2018 13:52, Axel Neumann wrote:
> On 21.05.2018 13:22, Reto Brunner wrote:
>> On Mon, May 21, 2018 at 12:07:38PM +0200, Axel Neumann wrote:
>>> entirely superfluous. As discussed earlier [3] it can be achieved with
>>> essentially one file-system write operation each boot.
>>
>> You might as well achieve the same with the timestamp.
>> Just add a pre-shutdown hook, which touches a file.
> 
> yes, can be an option, but would only work in "normal" soft-shut-down
> cases, not in case of a hard reset or power cycle. A not-so-uncommon
> scenario for embedded home-network devices and community-network
> deployments. Especially when considering the first choice of a  normal
> user (desperately trying to fix its internet-via-WG tunnel connection):
> Power cycle the device.
> 
> /axel
> 
>> Restore the system clock to this upon boot (which may very well be off
>> but who cares).
>>
>> After the wg tunnel is back up, sync with any NTP server you trust and you
>> are back up and running.
>>
>> What is the advantage of doing it with a counter?
>> I fail to see the benefit.

Sorry, forgot to reply here: The advantage is that
you could save a counter value in advance that is to-be-used after the
NEXT reboot. It can be saved during boot or before WG starts (not during
shut-down), so you are safe against unexpected hard resets.

The (WG) boot procedure would be:
1) Read saved_counter from disk (take zero first time) and memorize it
as current_counter.
2) Write saved_counter + NextBootOffset to disk.
3) Use and incremented current_counter by +1 with each new WG handshake.

Considering NextBootOffset = (2^16 * 10^9):
With 1 WG handshake per ms the NextBootOffset would be exhausted every
~1800 years.
With 1 system reboot every ms the total 96bits counter range would
overlap in ~9000 years.

/axel





>> _______________________________________________
>> WireGuard mailing list
>> WireGuard at lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/wireguard
>>
> 
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>

More information about the WireGuard mailing list