CVS commit: src/sys/net

["Taylor R Campbell" <riastradh%netbsd.org@localhost>]

Module Name:    src
Committed By:   riastradh
Date:           Sun Jul 28 14:38:19 UTC 2024

Modified Files:
        src/sys/net: if_wg.c

Log Message:
wg(4): Fix logic to ensure session initiation is underway.

Previously, wg_task_send_init_message would call
wg_send_handshake_msg_init if either:

(a) the stable session is UNKNOWN, meaning a session has not yet been
    established, either by us or by the peer (but it could be in
    progress); or

(b) the stable session is not UNKNOWN but the unstable session is
    _not_ INIT_ACTIVE, meaning there is an established session and we
    are not currently initiating a new session.

If wg_output (or wgintr) found no established session while there was
already a session being initiated, we may only enter
wg_task_send_init_message after the session is already established,
and trigger spurious reinitiation.

Instead, create a separate flag to indicate whether it is mandatory
to rekey because limits have passed.  Then create a session only if:

(a) the stable session is not ESTABLISHED, or
(b) the mandatory rekey flag is not set,

and clear the mandatory rekey flag.

While here, arrange to do rekey-after-time on tx, not on callout.  If
there's no data to tx, we shouldn't reinitiate a session -- we should
stay quiet on the network.

PR kern/55729: net/if_wg/t_misc:wg_rekey test case fails
PR kern/56252: wg(4) state machine has race conditions
PR kern/58463: if_wg does not work when idle.


To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 src/sys/net/if_wg.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.