Reset CryptoAuth sessions in 10 seconds unless they become ESTABLISHED

cjdelisle · Mar 26, 2017 · 17dd3b0 · 17dd3b0
1 parent 6110977
commit 17dd3b0
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/crypto/CryptoAuth.c b/crypto/CryptoAuth.c
@@ -325,13 +325,17 @@ static void resetIfTimeout(struct CryptoAuth_Session_pvt* session)
     }
 
     uint64_t nowSecs = Time_currentTimeSeconds(session->context->eventBase);
-    if (nowSecs - session->timeOfLastPacket > session->pub.resetAfterInactivitySeconds) {
-        cryptoAuthDebug(session, "No traffic in [%d] seconds, resetting connection.",
-                  (int) (nowSecs - session->timeOfLastPacket));
-
-        session->timeOfLastPacket = nowSecs;
-        reset(session);
+    if (nowSecs - session->timeOfLastPacket < session->pub.setupResetAfterInactivitySeconds) {
+        return;
+    } else if (nowSecs - session->timeOfLastPacket < session->pub.resetAfterInactivitySeconds) {
+        if (session->established) { return; }
     }
+
+    cryptoAuthDebug(session, "No traffic in [%d] seconds, resetting connection.",
+              (int) (nowSecs - session->timeOfLastPacket));
+
+    session->timeOfLastPacket = nowSecs;
+    reset(session);
 }
 
 static void encryptHandshake(struct Message* message,
@@ -1045,6 +1049,8 @@ struct CryptoAuth_Session* CryptoAuth_newSession(struct CryptoAuth* ca,
     session->alloc = alloc;
 
     session->pub.resetAfterInactivitySeconds = CryptoAuth_DEFAULT_RESET_AFTER_INACTIVITY_SECONDS;
+    session->pub.setupResetAfterInactivitySeconds =
+        CryptoAuth_DEFAULT_SETUP_RESET_AFTER_INACTIVITY_SECONDS;
 
     Assert_true(herPublicKey);
     Bits_memcpy(session->pub.herPublicKey, herPublicKey, 32);

diff --git a/crypto/CryptoAuth.h b/crypto/CryptoAuth.h
@@ -30,6 +30,7 @@ Linker_require("crypto/CryptoAuth.c");
 #include <stdbool.h>
 
 #define CryptoAuth_DEFAULT_RESET_AFTER_INACTIVITY_SECONDS 60
+#define CryptoAuth_DEFAULT_SETUP_RESET_AFTER_INACTIVITY_SECONDS 10
 
 struct CryptoAuth
 {
@@ -55,6 +56,9 @@ struct CryptoAuth_Session
      * a connection will be reset to prevent them hanging in a bad state.
      */
     uint32_t resetAfterInactivitySeconds;
+
+    /** If a session is not completely setup, reset it after this many seconds of inactivity. */
+    uint32_t setupResetAfterInactivitySeconds;
 };
 
 /**