From ebb30426ec0ed1f2826e021f2d9701173e8cd85e Mon Sep 17 00:00:00 2001 From: Vincent Wiemann Date: Thu, 13 Jan 2022 20:44:14 +0100 Subject: [PATCH] wgpeerselector: expect actual traffic flow Situations may happen in which handshakes are being received, but no actual traffic flows. This commit adds checks on whether the tx/rx byte values have changed. If not the connection is handled as being broken. --- net/wgpeerselector/files/usr/bin/wgpeerselector | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/net/wgpeerselector/files/usr/bin/wgpeerselector b/net/wgpeerselector/files/usr/bin/wgpeerselector index 35c395b..334eabe 100755 --- a/net/wgpeerselector/files/usr/bin/wgpeerselector +++ b/net/wgpeerselector/files/usr/bin/wgpeerselector @@ -54,6 +54,8 @@ function WGPeer:new(o) -- some defaults o.rx_bytes = 0 o.tx_bytes = 0 + o.prev_rx_bytes = 0 + o.prev_tx_bytes = 0 o.latest_handshake = 0 o.established_at = 0 -- terminology: @@ -175,10 +177,17 @@ function WGPeer:established_time() return (time.time() - self.established_at) end -function WGPeer:has_recent_handshake() +function WGPeer:has_recent_success() -- WireGuard handshakes are sent at least every 2 minutes, if there is -- payload traffic. - return (time.time() - self.latest_handshake) < 150 + if 150 < (time.time() - self.latest_handshake) then return false end + -- Check if actually traffic was able to be received + if 0 == (self.rx_bytes - self.prev_rx_bytes) then return false end + self.prev_rx_bytes = self.rx_bytes + -- Check if actually traffic was able to be sent + if 0 == (self.tx_bytes - self.prev_tx_bytes) then return false end + self.prev_tx_bytes = self.tx_bytes + return true end local WGPeerSelector = {} @@ -236,7 +245,7 @@ function WGPeerSelector:try_connect_to_peer(peer, timeout) sleep(timeout) peer:update_stats_from_kernel() - local connection_successful = peer:has_recent_handshake() + local connection_successful = peer:has_recent_success() if not connection_successful then peer:uninstall_from_kernel()