wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
* Are cookie-required handshakes at least REKEY_TIMEOUT long?
@ 2019-08-07 21:30 Reid Rankin
  2019-08-25 15:47 ` Jason A. Donenfeld
  0 siblings, 1 reply; 2+ messages in thread
From: Reid Rankin @ 2019-08-07 21:30 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1: Type: text/plain, Size: 415 bytes --]

Quick question: I've been looking at the code in
 wg_cookie_message_consume() and wg_receive_handshake_packet(), and as far
as I can tell there's no mechanism that re-initiates a handshake after
receiving a cookie reply to a first handshake other than the  REKEY_TIMEOUT
+ jitter timer.

Is this correct, and do, therefore, all handshakes involving cookies take
at least 5 seconds to complete?

Thanks,
Reid Rankin

[-- Attachment #1.2: Type: text/html, Size: 716 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Are cookie-required handshakes at least REKEY_TIMEOUT long?
  2019-08-07 21:30 Are cookie-required handshakes at least REKEY_TIMEOUT long? Reid Rankin
@ 2019-08-25 15:47 ` Jason A. Donenfeld
  0 siblings, 0 replies; 2+ messages in thread
From: Jason A. Donenfeld @ 2019-08-25 15:47 UTC (permalink / raw)
  To: Reid Rankin; +Cc: WireGuard mailing list

Yes, to prevent certain types of DoS. Most packets only move around
the timer state machine, but don't actually result in a direct action.
Rather, a timer firing sometime later is what starts an action. In the
case of cookies, the cookie is used in the subsequent message. See
section 6.6 of https://www.wireguard.com/papers/wireguard.pdf
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-25 15:52 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-07 21:30 Are cookie-required handshakes at least REKEY_TIMEOUT long? Reid Rankin
2019-08-25 15:47 ` Jason A. Donenfeld

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).