site: Randomise key setup retry time

This reduces the chance that retries (at both ends of a link, or
within a single secnet) end up synchronised.  Such synchronisation is
not supposed to matter but in practice there have been some bugs where
it does, and it is undesirable anyway.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
v2: New patch

diff --git a/README b/README
index da1ea0ba640ef9fc6e0820339b6b7921676ad628..5a4db52c9f2a54166c0ea3e2e5caa9b9e54a4410 100644 (file)
--- a/README
+++ b/README
@@ -395,8 +395,9 @@ site: dict argument
     packet [5; mobile: 30]
   setup-timeout (integer): time between retransmissions of key negotiation
     packets, in ms [2000; mobile: 1000]
-  wait-time (integer): after failed key setup, wait this long (in ms) before
-    allowing another attempt [20000; mobile: 10000]
+  wait-time (integer): after failed key setup, wait roughly this long
+    (in ms) before allowing another attempt [20000; mobile: 10000]
+    Actual wait time is randomly chosen between ~0.5x and ~1.5x this.
   renegotiate-time (integer): if we see traffic on the link after this time
     then renegotiate another session key immediately (in ms)
     [half key-lifetime, or key-lifetime minus 5 mins (mobile: 12 hours),

diff --git a/site.c b/site.c
index 6b09588653aef388ff0c7291b8392908482a5c22..3f5e66c63adf2a77af08192b2fee7105aa359e8e 100644 (file)
--- a/site.c
+++ b/site.c
@@ -536,7 +536,13 @@ struct msg {
 };
 
 static int32_t wait_timeout(struct site *st) {
-    return st->wait_timeout_mean;
+    int32_t t = st->wait_timeout_mean;
+    int8_t factor;
+    if (t < INT_MAX/2) {
+       st->random->generate(st->random->st,sizeof(factor),&factor);
+       t += (t / 256) * factor;
+    }
+    return t;
 }
 
 static _Bool set_new_transform(struct site *st, char *pk)