Skip to content

v0.7.2 — session-lifetime correctness

Choose a tag to compare

View all tags
@GeiserX GeiserX released this 10 Jun 00:02
· 13 commits to main since this release
v0.7.2
eacb800

Fixed (internal; no public API change)

Four session-lifetime fixes surfaced during the #20/#21 handshake-race review:

  • confirm() bounds the tentative responder session — rejects a delayed/replayed (still-AEAD-valid) transport packet from activating a stale not-yet-confirmed responder session. Mirrors WireGuard bounding a not-yet-confirmed keypair by the reject-after time.
  • get_recv previous-session expiry fix — the recv_prev branch checked the current session's expiry instead of the previous one's.
  • Receive-session id leak fixed — a transmit-session expiry that reset the session state dropped the receive sessions without freeing their ids (unreclaimable leak on long-lived hosts); now routed through the id-freeing path.
  • WireGuard timer constants — named REKEY_AFTER_TIME (120s) + REJECT_AFTER_TIME (180s, spec) on the transmit side; the receive bound is kept lenient (REJECT_AFTER_TIME_RECV = 240s) because this fork rekeys only on outbound traffic — a strict 180s receive bound would drop inbound traffic on a send-idle session until receive-triggered rekey exists.

Go interop KAT + the #19 keepalive / #20 simultaneous-init tests all pass.

This project is not associated with Tailscale Inc.

Assets 4
Loading