Vary keepalive timeout when obfuscation is active

2018-12-10 23:46:59 +01:00 · 2018-12-10 23:46:59 +01:00 · 008dc6c785
commit 008dc6c785
parent 7736cc700f
2 changed files with 8 additions and 2 deletions
--- a/wireguard_proto.cpp
+++ b/wireguard_proto.cpp
@ -350,6 +350,7 @@ WgPeer::WgPeer(WgDevice *dev) {
  last_handshake_init_recv_timestamp_ = 0;
  last_complete_handskake_timestamp_ = 0;
  persistent_keepalive_ms_ = 0;
+  keepalive_timeout_ms_ = KEEPALIVE_TIMEOUT_MS;
  rx_bytes_ = 0;
  tx_bytes_ = 0;
  timers_ = 0;
@ -1178,7 +1179,11 @@ uint32 WgPeer::CheckTimeouts_Locked(uint64 now) {
        rv |= ACTION_SEND_HANDSHAKE;
      }
    }
-    if ((t & (1 << TIMER_SEND_KEEPALIVE)) && (now32 - timer_value_[TIMER_SEND_KEEPALIVE]) >= KEEPALIVE_TIMEOUT_MS) {
+    if ((t & (1 << TIMER_SEND_KEEPALIVE)) && (now32 - timer_value_[TIMER_SEND_KEEPALIVE]) >= keepalive_timeout_ms_) {
+      // When header obfuscation is enabled, vary this between 7,8,9,10,11,12
+      if (WITH_HEADER_OBFUSCATION && dev_->packet_obfuscator().enabled())
+        keepalive_timeout_ms_ = KEEPALIVE_TIMEOUT_MS + ((int)(dev_->GetRandomNumber() % 6) - 3) * 1000;
+
      t &= ~(1 << TIMER_SEND_KEEPALIVE);
      rv |= ACTION_SEND_KEEPALIVE;
      if (pending_keepalive_) {
--- a/wireguard_proto.h
+++ b/wireguard_proto.h
@ -60,7 +60,6 @@ enum ProtocolTimeouts {
  KEEPALIVE_TIMEOUT_MS = 10000,
  REKEY_AFTER_TIME_MS = 120000,
  REJECT_AFTER_TIME_MS = 180000,
-  PERSISTENT_KEEPALIVE_MS = 25000,
  MIN_HANDSHAKE_INTERVAL_MS = 20,

  MAX_SIZE_OF_HANDSHAKE_EXTENSION = 1024,
@ -650,6 +649,8 @@ private:
  uint8 num_ciphers_;
  uint8 ciphers_[MAX_CIPHERS];

+  uint32 keepalive_timeout_ms_; // Set to KEEPALIVE_TIMEOUT_MS
+
  uint64 rx_bytes_;
  uint64 tx_bytes_;