After suspend immediately timeout the wg watcher

netbirdio · Feb 5, 2025 · 8dafb61 · 8dafb61
1 parent 47aa0c2
commit 8dafb61
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/client/internal/peer/wg_watcher.go b/client/internal/peer/wg_watcher.go
@@ -15,7 +15,7 @@ const (
 )
 
 var (
-	wgHandshakeOvertime = 30 * time.Second
+	wgHandshakeOvertime = 30 * time.Second // allowed delay in network
 	checkPeriod         = wgHandshakePeriod + wgHandshakeOvertime
 )
 
@@ -101,10 +101,12 @@ func (w *WGWatcher) periodicHandshakeCheck(ctx context.Context, ctxCancel contex
 				onDisconnectedFn()
 				return
 			}
+			lastHandshake = *handshake
+
 			resetTime := time.Until(handshake.Add(checkPeriod))
-			w.log.Debugf("WireGuard watcher reset timer: %v", resetTime)
 			timer.Reset(resetTime)
-			lastHandshake = *handshake
+
+			w.log.Debugf("WireGuard watcher reset timer: %v", resetTime)
 		case <-ctx.Done():
 			w.log.Debugf("WireGuard watcher stopped")
 			return
@@ -120,6 +122,7 @@ func (w *WGWatcher) wgState() (time.Time, error) {
 	return wgState.LastHandshake, nil
 }
 
+// handshakeCheck checks the WireGuard handshake and return the new handshake time if it is different from the previous one
 func (w *WGWatcher) handshakeCheck(lastHandshake time.Time) (*time.Time, bool) {
 	handshake, err := w.wgState()
 	if err != nil {
@@ -134,5 +137,11 @@ func (w *WGWatcher) handshakeCheck(lastHandshake time.Time) (*time.Time, bool) {
 		return nil, false
 	}
 
+	// in case if the machine is suspended, the handshake time will be in the past
+	if handshake.Add(checkPeriod).Before(time.Now()) {
+		w.log.Infof("WireGuard handshake timed out, closing relay connection: %v", handshake)
+		return nil, false
+	}
+
 	return &handshake, true
 }