Replace key flag with session-wide isRenegotiating

Prevent new if one in progress. Fixes #105
2019-07-09 12:14:20 +02:00 · 2019-07-09 12:14:20 +02:00 · 40139cbef0
parent 0f2234f1d1
commit 40139cbef0
2 changed files with 19 additions and 12 deletions
--- a/TunnelKit/Sources/Protocols/OpenVPN/OpenVPNSession.swift
+++ b/TunnelKit/Sources/Protocols/OpenVPN/OpenVPNSession.swift
@ -116,6 +116,8 @@ public class OpenVPNSession: Session {
    
    private var currentKeyIdx: UInt8?
    
+    private var isRenegotiating: Bool
+    
    private var negotiationKey: OpenVPN.SessionKey {
        guard let key = keys[negotiationKeyIdx] else {
            fatalError("Keys are empty or index \(negotiationKeyIdx) not found in \(keys.keys)")
@ -196,6 +198,7 @@ public class OpenVPNSession: Session {
        keys = [:]
        oldKeys = []
        negotiationKeyIdx = 0
+        isRenegotiating = false
        lastPing = BidirectionalState(withResetValue: Date.distantPast)
        isStopping = false
        
@ -324,6 +327,7 @@ public class OpenVPNSession: Session {
        oldKeys.removeAll()
        negotiationKeyIdx = 0
        currentKeyIdx = nil
+        isRenegotiating = false
        
        nextPushRequestDate = nil
        connectedDate = nil
@ -487,7 +491,7 @@ public class OpenVPNSession: Session {
                }
                
            case .softResetV1:
-                if !negotiationKey.softReset {
+                if !isRenegotiating {
                    softReset(isServerInitiated: true)
                }

@ -580,7 +584,7 @@ public class OpenVPNSession: Session {
        continuatedPushReplyMessage = nil
        pushReply = nil
        negotiationKeyIdx = 0
-        let newKey = OpenVPN.SessionKey(id: UInt8(negotiationKeyIdx))
+        let newKey = OpenVPN.SessionKey(id: UInt8(negotiationKeyIdx), timeout: CoreConfiguration.OpenVPN.negotiationTimeout)
        keys[negotiationKeyIdx] = newKey
        log.debug("Negotiation key index is \(negotiationKeyIdx)")

@ -614,6 +618,10 @@ public class OpenVPNSession: Session {
    
    // Ruby: soft_reset
    private func softReset(isServerInitiated: Bool) {
+        guard !isRenegotiating else {
+            log.warning("Renegotiation already in progress")
+            return
+        }
        if isServerInitiated {
            log.debug("Handle soft reset")
        } else {
@ -622,12 +630,12 @@ public class OpenVPNSession: Session {
        
        resetControlChannel(forNewSession: false)
        negotiationKeyIdx = max(1, (negotiationKeyIdx + 1) % OpenVPN.ProtocolMacros.numberOfKeys)
-        let newKey = OpenVPN.SessionKey(id: UInt8(negotiationKeyIdx))
+        let newKey = OpenVPN.SessionKey(id: UInt8(negotiationKeyIdx), timeout: CoreConfiguration.OpenVPN.softNegotiationTimeout)
        keys[negotiationKeyIdx] = newKey
        log.debug("Negotiation key index is \(negotiationKeyIdx)")

        negotiationKey.state = .softReset
-        negotiationKey.softReset = true
+        isRenegotiating = true
        loopNegotiation()
        if !isServerInitiated {
            enqueueControlPackets(code: .softResetV1, key: UInt8(negotiationKeyIdx), payload: Data())
@ -694,8 +702,9 @@ public class OpenVPNSession: Session {
        log.debug("TLS.ifconfig: Send pulled ciphertext (\(cipherTextOut.count) bytes)")
        enqueueControlPackets(code: .controlV1, key: negotiationKey.id, payload: cipherTextOut)
        
-        if negotiationKey.softReset {
+        if isRenegotiating {
            completeConnection()
+            isRenegotiating = false
        }
        nextPushRequestDate = Date().addingTimeInterval(CoreConfiguration.OpenVPN.pushRequestInterval)
    }
@ -862,7 +871,7 @@ public class OpenVPNSession: Session {
            }
            
            negotiationKey.controlState = .preIfConfig
-            nextPushRequestDate = Date().addingTimeInterval(negotiationKey.softReset ? CoreConfiguration.OpenVPN.softResetDelay : CoreConfiguration.OpenVPN.retransmissionLimit)
+            nextPushRequestDate = Date().addingTimeInterval(isRenegotiating ? CoreConfiguration.OpenVPN.softResetDelay : CoreConfiguration.OpenVPN.retransmissionLimit)
            pushRequest()
        }
        
--- a/TunnelKit/Sources/Protocols/OpenVPN/SessionKey.swift
+++ b/TunnelKit/Sources/Protocols/OpenVPN/SessionKey.swift
@ -53,6 +53,8 @@ extension OpenVPN {

        let id: UInt8 // 3-bit
        
+        let timeout: TimeInterval
+        
        let startTime: Date
        
        var state = State.invalid
@ -70,16 +72,14 @@ extension OpenVPN {
        
        var dataPath: DataPath?
        
-        var softReset: Bool
-
        private var isTLSConnected: Bool
        
-        init(id: UInt8) {
+        init(id: UInt8, timeout: TimeInterval) {
            self.id = id
+            self.timeout = timeout

            startTime = Date()
            state = .invalid
-            softReset = false
            isTLSConnected = false
        }

@ -90,8 +90,6 @@ extension OpenVPN {
        
        // Ruby: Key.negotiate_timeout
        func didNegotiationTimeOut(link: LinkInterface) -> Bool {
-            let timeout = (softReset ? CoreConfiguration.OpenVPN.softNegotiationTimeout : CoreConfiguration.OpenVPN.negotiationTimeout)
-            
            return ((controlState != .connected) && (-startTime.timeIntervalSinceNow > timeout))
        }