From a23319bbb29808310873e7310d47052bf6b7de26 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Sat, 17 Jan 2015 20:35:54 +0300
Subject: [PATCH] Allow nonce difference in specified orders, to prevent
 unordered packets dropping

Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
---
 govpn.go     |  8 +++++---
 handshake.go | 16 ++++++++++++----
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/govpn.go b/govpn.go
index c0f762a..de54a2f 100644
--- a/govpn.go
+++ b/govpn.go
@@ -46,6 +46,7 @@ var (
 	upPath     = flag.String("up", "", "Path to up-script")
 	downPath   = flag.String("down", "", "Path to down-script")
 	mtu        = flag.Int("mtu", 1500, "MTU")
+	nonceDiff  = flag.Int("noncediff", 1, "Allow nonce difference")
 	timeoutP   = flag.Int("timeout", 60, "Timeout seconds")
 	verboseP   = flag.Bool("v", false, "Increase verbosity")
 )
@@ -94,6 +95,7 @@ func main() {
 	flag.Parse()
 	timeout := *timeoutP
 	verbose := *verboseP
+	noncediff := uint64(*nonceDiff)
 	log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile)
 
 	// Key decoding
@@ -244,14 +246,14 @@ func main() {
 						state = &Handshake{addr: udpPkt.addr}
 						states[addr] = state
 					}
-					p = state.Server(conn, key, udpPktData)
+					p = state.Server(noncediff, conn, key, udpPktData)
 				} else {
 					if !exists {
 						fmt.Print("[HS?]")
 						udpSinkReady <- true
 						continue
 					}
-					p = state.Client(conn, key, udpPktData)
+					p = state.Client(noncediff, conn, key, udpPktData)
 				}
 				if p != nil {
 					fmt.Print("[HS-OK]")
@@ -269,7 +271,7 @@ func main() {
 				continue
 			}
 			nonceRecv, _ := binary.Uvarint(udpPktData[:8])
-			if peer.nonceRecv >= nonceRecv {
+			if nonceRecv < peer.nonceRecv-noncediff {
 				fmt.Print("R")
 				udpSinkReady <- true
 				continue
diff --git a/handshake.go b/handshake.go
index 697e75c..8cac69d 100644
--- a/handshake.go
+++ b/handshake.go
@@ -112,7 +112,7 @@ func HandshakeStart(conn *net.UDPConn, addr *net.UDPAddr, key *[32]byte) *Handsh
 	return &state
 }
 
-func (h *Handshake) Server(conn *net.UDPConn, key *[32]byte, data []byte) *Peer {
+func (h *Handshake) Server(noncediff uint64, conn *net.UDPConn, key *[32]byte, data []byte) *Peer {
 	switch len(data) {
 	case 56: // R + ENC(PSK, dh_client_pub) + NULLs
 		fmt.Print("[HS1]")
@@ -180,7 +180,11 @@ func (h *Handshake) Server(conn *net.UDPConn, key *[32]byte, data []byte) *Peer
 		}
 
 		// Switch peer
-		peer := Peer{addr: h.addr, nonceOur: 0, nonceRecv: 0}
+		peer := Peer{
+			addr: h.addr,
+			nonceOur: noncediff + 0,
+			nonceRecv: noncediff + 0,
+		}
 		peer.key = KeyFromSecrets(h.sServer[:], decRs[8+8:])
 		fmt.Print("[OK]")
 		return &peer
@@ -190,7 +194,7 @@ func (h *Handshake) Server(conn *net.UDPConn, key *[32]byte, data []byte) *Peer
 	return nil
 }
 
-func (h *Handshake) Client(conn *net.UDPConn, key *[32]byte, data []byte) *Peer {
+func (h *Handshake) Client(noncediff uint64, conn *net.UDPConn, key *[32]byte, data []byte) *Peer {
 	switch len(data) {
 	case 88: // ENC(PSK, dh_server_pub) + ENC(K, RS + SS) + NULLs
 		fmt.Print("[HS2]")
@@ -247,7 +251,11 @@ func (h *Handshake) Client(conn *net.UDPConn, key *[32]byte, data []byte) *Peer
 		}
 
 		// Switch peer
-		peer := Peer{addr: h.addr, nonceOur: 1, nonceRecv: 0}
+		peer := Peer{
+			addr: h.addr,
+			nonceOur: noncediff + 1,
+			nonceRecv: noncediff + 0,
+		}
 		peer.key = KeyFromSecrets(h.sServer[:], h.sClient[:])
 		fmt.Print("[OK]")
 		return &peer
-- 
2.44.0