kern/58521: experimental wg(4) may drop packet after minutes of quiet

[campbell+netbsd%mumble.net@localhost]

>Number:         58521
>Category:       kern
>Synopsis:       experimental wg(4) may drop packet after minutes of quiet
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 29 19:35:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
>Organization:
e NetWG Foundation
>Environment:
>Description:
3min after establishing a session, wg(4) is forbidden to transmit any new data with that session.

But if neither peer has transmitted anything in the last minute, neither peer has had a reason to rekey.

In that case, we might trigger the session limits and attempt to reinitiate the session:

   3712 		if (__predict_false(wg_session_hit_limits(wgs))) {
   3713 			WG_TRACE("stable session hit limits");
   3714 			wg_schedule_peer_task(wgp, WGP_TASK_SEND_INIT_MESSAGE);
https://nxr.netbsd.org/xref/src/sys/net/if_wg.c?r=1.122#3712

And when we do that, we drop the packet, even if a new session gets established within a few dozen milliseconds.

Note that this only happens for sessions that have already been established for a few minutes.  For new sessions, we don't drop the first packet -- we queue it up to be sent as soon as the session is established.
>How-To-Repeat:
1. code inspection
2. transmit for 2min - epsilon, then stop all traffic for 1min + 2epsilon, then try to transmit a packet (before the session destruction timer triggers)
>Fix:
Queue the packet in wgp_pending in this case too.