From 008dc6c7856a1292f8049f33c675c4a9f2246e49 Mon Sep 17 00:00:00 2001 From: Ludvig Strigeus Date: Mon, 10 Dec 2018 23:46:59 +0100 Subject: [PATCH] Vary keepalive timeout when obfuscation is active --- wireguard_proto.cpp | 7 ++++++- wireguard_proto.h | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/wireguard_proto.cpp b/wireguard_proto.cpp index 49af3fb..ca053df 100644 --- a/wireguard_proto.cpp +++ b/wireguard_proto.cpp @@ -350,6 +350,7 @@ WgPeer::WgPeer(WgDevice *dev) { last_handshake_init_recv_timestamp_ = 0; last_complete_handskake_timestamp_ = 0; persistent_keepalive_ms_ = 0; + keepalive_timeout_ms_ = KEEPALIVE_TIMEOUT_MS; rx_bytes_ = 0; tx_bytes_ = 0; timers_ = 0; @@ -1178,7 +1179,11 @@ uint32 WgPeer::CheckTimeouts_Locked(uint64 now) { rv |= ACTION_SEND_HANDSHAKE; } } - if ((t & (1 << TIMER_SEND_KEEPALIVE)) && (now32 - timer_value_[TIMER_SEND_KEEPALIVE]) >= KEEPALIVE_TIMEOUT_MS) { + if ((t & (1 << TIMER_SEND_KEEPALIVE)) && (now32 - timer_value_[TIMER_SEND_KEEPALIVE]) >= keepalive_timeout_ms_) { + // When header obfuscation is enabled, vary this between 7,8,9,10,11,12 + if (WITH_HEADER_OBFUSCATION && dev_->packet_obfuscator().enabled()) + keepalive_timeout_ms_ = KEEPALIVE_TIMEOUT_MS + ((int)(dev_->GetRandomNumber() % 6) - 3) * 1000; + t &= ~(1 << TIMER_SEND_KEEPALIVE); rv |= ACTION_SEND_KEEPALIVE; if (pending_keepalive_) { diff --git a/wireguard_proto.h b/wireguard_proto.h index 7049e82..1471036 100644 --- a/wireguard_proto.h +++ b/wireguard_proto.h @@ -60,7 +60,6 @@ enum ProtocolTimeouts { KEEPALIVE_TIMEOUT_MS = 10000, REKEY_AFTER_TIME_MS = 120000, REJECT_AFTER_TIME_MS = 180000, - PERSISTENT_KEEPALIVE_MS = 25000, MIN_HANDSHAKE_INTERVAL_MS = 20, MAX_SIZE_OF_HANDSHAKE_EXTENSION = 1024, @@ -650,6 +649,8 @@ private: uint8 num_ciphers_; uint8 ciphers_[MAX_CIPHERS]; + uint32 keepalive_timeout_ms_; // Set to KEEPALIVE_TIMEOUT_MS + uint64 rx_bytes_; uint64 tx_bytes_;