Make under_load global for WireGuard device

2019-12-26 22:55:33 +01:00
parent aabefa5043
commit bb0a8acea3
13 changed files with 77 additions and 337 deletions
--- a/src/configuration/config.rs
+++ b/src/configuration/config.rs
@@ -27,24 +27,24 @@ pub struct PeerState {
    pub preshared_key: [u8; 32], // 0^32 is the "default value" (though treated like any other psk)
 }
-pub struct WireguardConfig<T: tun::Tun, B: udp::PlatformUDP>(Arc<Mutex<Inner<T, B>>>);
+pub struct WireGuardConfig<T: tun::Tun, B: udp::PlatformUDP>(Arc<Mutex<Inner<T, B>>>);
 struct Inner<T: tun::Tun, B: udp::PlatformUDP> {
-    wireguard: Wireguard<T, B>,
+    wireguard: WireGuard<T, B>,
    port: u16,
    bind: Option<B::Owner>,
    fwmark: Option<u32>,
 }
-impl<T: tun::Tun, B: udp::PlatformUDP> WireguardConfig<T, B> {
+impl<T: tun::Tun, B: udp::PlatformUDP> WireGuardConfig<T, B> {
    fn lock(&self) -> MutexGuard<Inner<T, B>> {
        self.0.lock().unwrap()
    }
 }
-impl<T: tun::Tun, B: udp::PlatformUDP> WireguardConfig<T, B> {
+impl<T: tun::Tun, B: udp::PlatformUDP> WireGuardConfig<T, B> {
-    pub fn new(wg: Wireguard<T, B>) -> WireguardConfig<T, B> {
+    pub fn new(wg: WireGuard<T, B>) -> WireGuardConfig<T, B> {
-        WireguardConfig(Arc::new(Mutex::new(Inner {
+        WireGuardConfig(Arc::new(Mutex::new(Inner {
            wireguard: wg,
            port: 0,
            bind: None,
@@ -53,9 +53,9 @@ impl<T: tun::Tun, B: udp::PlatformUDP> WireguardConfig<T, B> {
    }
 }
-impl<T: tun::Tun, B: udp::PlatformUDP> Clone for WireguardConfig<T, B> {
+impl<T: tun::Tun, B: udp::PlatformUDP> Clone for WireGuardConfig<T, B> {
    fn clone(&self) -> Self {
-        WireguardConfig(self.0.clone())
+        WireGuardConfig(self.0.clone())
    }
 }
@@ -195,7 +195,7 @@ pub trait Configuration {
    fn get_fwmark(&self) -> Option<u32>;
 }
-impl<T: tun::Tun, B: udp::PlatformUDP> Configuration for WireguardConfig<T, B> {
+impl<T: tun::Tun, B: udp::PlatformUDP> Configuration for WireGuardConfig<T, B> {
    fn up(&self, mtu: usize) {
        self.lock().wireguard.up(mtu);
    }
--- a/src/configuration/mod.rs
+++ b/src/configuration/mod.rs
@@ -4,9 +4,9 @@ pub mod uapi;
 use super::platform::Endpoint;
 use super::platform::{tun, udp};
-use super::wireguard::Wireguard;
+use super::wireguard::WireGuard;
 pub use error::ConfigError;
 pub use config::Configuration;
-pub use config::WireguardConfig;
+pub use config::WireGuardConfig;
--- a/src/main.rs
+++ b/src/main.rs
@@ -25,6 +25,8 @@ use platform::tun::{PlatformTun, Status};
 use platform::uapi::{BindUAPI, PlatformUAPI};
 use platform::*;
 use wireguard::WireGuard;
 #[cfg(feature = "profiler")]
 fn profiler_stop() {
    println!("Stopping profiler");
@@ -118,7 +120,7 @@ fn main() {
    profiler_start(name.as_str());
    // create WireGuard device
-    let wg: wireguard::Wireguard<plt::Tun, plt::UDP> = wireguard::Wireguard::new(writer);
+    let wg: WireGuard<plt::Tun, plt::UDP> = WireGuard::new(writer);
    // add all Tun readers
    while let Some(reader) = readers.pop() {
@@ -126,7 +128,7 @@ fn main() {
    }
    // wrap in configuration interface
-    let cfg = configuration::WireguardConfig::new(wg.clone());
+    let cfg = configuration::WireGuardConfig::new(wg.clone());
    // start Tun event thread
    {
--- a/src/platform/dummy/mod.rs
+++ b/src/platform/dummy/mod.rs
@@ -1,6 +1,6 @@
 mod udp;
 mod endpoint;
 mod tun;
 mod udp;
 /* A pure dummy platform available during "test-time"
 *
--- a/src/wireguard/handshake/device.rs
+++ b/src/wireguard/handshake/device.rs
@@ -252,15 +252,12 @@ impl Device {
    /// # Arguments
    ///
    /// * `msg` - Byte slice containing the message (untrusted input)
-    pub fn process<'a, R: RngCore + CryptoRng, S>(
+    pub fn process<'a, R: RngCore + CryptoRng>(
        &self,
-        rng: &mut R,        // rng instance to sample randomness from
+        rng: &mut R,    // rng instance to sample randomness from
-        msg: &[u8],         // message buffer
+        msg: &[u8],     // message buffer
-        src: Option<&'a S>, // optional source endpoint, set when "under load"
+        src: Option<SocketAddr>, // optional source endpoint, set when "under load"
-    ) -> Result<Output, HandshakeError>
+    ) -> Result<Output, HandshakeError> {
    where
        &'a S: Into<&'a SocketAddr>,
    {
        // ensure type read in-range
        if msg.len() < 4 {
            return Err(HandshakeError::InvalidMessageFormat);
@@ -286,16 +283,13 @@ impl Device {
                // address validation & DoS mitigation
                if let Some(src) = src {
                    // obtain ref to socket addr
                    let src = src.into();
                    // check mac2 field
-                    if !keyst.macs.check_mac2(msg.noise.as_bytes(), src, &msg.macs) {
+                    if !keyst.macs.check_mac2(msg.noise.as_bytes(), &src, &msg.macs) {
                        let mut reply = Default::default();
                        keyst.macs.create_cookie_reply(
                            rng,
                            msg.noise.f_sender.get(),
-                            src,
+                            &src,
                            &msg.macs,
                            &mut reply,
                        );
@@ -344,12 +338,12 @@ impl Device {
                    let src = src.into();
                    // check mac2 field
-                    if !keyst.macs.check_mac2(msg.noise.as_bytes(), src, &msg.macs) {
+                    if !keyst.macs.check_mac2(msg.noise.as_bytes(), &src, &msg.macs) {
                        let mut reply = Default::default();
                        keyst.macs.create_cookie_reply(
                            rng,
                            msg.noise.f_sender.get(),
-                            src,
+                            &src,
                            &msg.macs,
                            &mut reply,
                        );
--- a/src/wireguard/handshake/tests.rs
+++ b/src/wireguard/handshake/tests.rs
@@ -69,13 +69,13 @@ fn handshake_under_load() {
    let msg_init = dev1.begin(&mut rng, &pk2).unwrap();
    // 2. device-2 : responds with CookieReply
-    let msg_cookie = match dev2.process(&mut rng, &msg_init, Some(&src1)).unwrap() {
+    let msg_cookie = match dev2.process(&mut rng, &msg_init, Some(src1)).unwrap() {
        (None, Some(msg), None) => msg,
        _ => panic!("unexpected response"),
    };
    // device-1 : processes CookieReply (no response)
-    match dev1.process(&mut rng, &msg_cookie, Some(&src2)).unwrap() {
+    match dev1.process(&mut rng, &msg_cookie, Some(src2)).unwrap() {
        (None, None, None) => (),
        _ => panic!("unexpected response"),
    }
@@ -87,7 +87,7 @@ fn handshake_under_load() {
    let msg_init = dev1.begin(&mut rng, &pk2).unwrap();
    // 4. device-2 : responds with noise response
-    let msg_response = match dev2.process(&mut rng, &msg_init, Some(&src1)).unwrap() {
+    let msg_response = match dev2.process(&mut rng, &msg_init, Some(src1)).unwrap() {
        (Some(_), Some(msg), Some(kp)) => {
            assert_eq!(kp.initiator, false);
            msg
@@ -96,13 +96,13 @@ fn handshake_under_load() {
    };
    // 5. device-1 : responds with CookieReply
-    let msg_cookie = match dev1.process(&mut rng, &msg_response, Some(&src2)).unwrap() {
+    let msg_cookie = match dev1.process(&mut rng, &msg_response, Some(src2)).unwrap() {
        (None, Some(msg), None) => msg,
        _ => panic!("unexpected response"),
    };
    // device-2 : processes CookieReply (no response)
-    match dev2.process(&mut rng, &msg_cookie, Some(&src1)).unwrap() {
+    match dev2.process(&mut rng, &msg_cookie, Some(src1)).unwrap() {
        (None, None, None) => (),
        _ => panic!("unexpected response"),
    }
@@ -114,7 +114,7 @@ fn handshake_under_load() {
    let msg_init = dev1.begin(&mut rng, &pk2).unwrap();
    // 7. device-2 : responds with noise response
-    let (msg_response, kp1) = match dev2.process(&mut rng, &msg_init, Some(&src1)).unwrap() {
+    let (msg_response, kp1) = match dev2.process(&mut rng, &msg_init, Some(src1)).unwrap() {
        (Some(_), Some(msg), Some(kp)) => {
            assert_eq!(kp.initiator, false);
            (msg, kp)
@@ -123,7 +123,7 @@ fn handshake_under_load() {
    };
    // device-1 : process noise response
-    let kp2 = match dev1.process(&mut rng, &msg_response, Some(&src2)).unwrap() {
+    let kp2 = match dev1.process(&mut rng, &msg_response, Some(src2)).unwrap() {
        (Some(_), None, Some(kp)) => {
            assert_eq!(kp.initiator, true);
            kp
--- a/src/wireguard/mod.rs
+++ b/src/wireguard/mod.rs
@@ -24,7 +24,7 @@ mod tests;
 pub use peer::Peer;
 // represents a WireGuard interface
-pub use wireguard::Wireguard;
+pub use wireguard::WireGuard;
 #[cfg(test)]
 pub use types::dummy_keypair;
--- a/src/wireguard/peer.rs
+++ b/src/wireguard/peer.rs
@@ -3,8 +3,8 @@ use super::timers::{Events, Timers};
 use super::tun::Tun;
 use super::udp::UDP;
 use super::Wireguard;
 use super::wireguard::WireGuard;
 use super::constants::REKEY_TIMEOUT;
 use super::workers::HandshakeJob;
@@ -23,7 +23,7 @@ pub struct PeerInner<T: Tun, B: UDP> {
    pub id: u64,
    // wireguard device state
-    pub wg: Wireguard<T, B>,
+    pub wg: WireGuard<T, B>,
    // handshake state
    pub walltime_last_handshake: Mutex<Option<SystemTime>>, // walltime for last handshake (for UAPI status)
--- a/src/wireguard/router/tests.rs
+++ b/src/wireguard/router/tests.rs
@@ -50,6 +50,7 @@ mod tests {
            }))
        }
        #[allow(dead_code)]
        fn reset(&self) {
            self.0.send.lock().unwrap().clear();
            self.0.recv.lock().unwrap().clear();
@@ -103,7 +104,7 @@ mod tests {
        }
    }
-    // wait for scheduling
+    // wait for scheduling (VERY conservative)
    fn wait() {
        thread::sleep(Duration::from_millis(30));
    }
--- a/src/wireguard/router/workers.rs
+++ b/src/wireguard/router/workers.rs
@@ -1,258 +0,0 @@
 use std::sync::Arc;
 use log::{debug, trace};
 use ring::aead::{Aad, LessSafeKey, Nonce, UnboundKey, CHACHA20_POLY1305};
 use crossbeam_channel::Receiver;
 use std::sync::atomic::Ordering;
 use zerocopy::{AsBytes, LayoutVerified};
 use super::device::{DecryptionState, DeviceInner};
 use super::messages::{TransportHeader, TYPE_TRANSPORT};
 use super::peer::PeerInner;
 use super::types::Callbacks;
 use super::REJECT_AFTER_MESSAGES;
 use super::super::types::KeyPair;
 use super::super::{tun, udp, Endpoint};
 pub const SIZE_TAG: usize = 16;
 pub struct JobEncryption {
    pub msg: Vec<u8>,
    pub keypair: Arc<KeyPair>,
    pub counter: u64,
 }
 pub struct JobDecryption {
    pub msg: Vec<u8>,
    pub keypair: Arc<KeyPair>,
 }
 pub enum JobParallel {
    Encryption(oneshot::Sender<JobEncryption>, JobEncryption),
    Decryption(oneshot::Sender<Option<JobDecryption>>, JobDecryption),
 }
 #[allow(type_alias_bounds)]
 pub type JobInbound<E, C, T, B: udp::Writer<E>> = (
    Arc<DecryptionState<E, C, T, B>>,
    E,
    oneshot::Receiver<Option<JobDecryption>>,
 );
 pub type JobOutbound = oneshot::Receiver<JobEncryption>;
 /* TODO: Replace with run-queue
 */
 pub fn worker_inbound<E: Endpoint, C: Callbacks, T: tun::Writer, B: udp::Writer<E>>(
    device: Arc<DeviceInner<E, C, T, B>>, // related device
    peer: Arc<PeerInner<E, C, T, B>>,     // related peer
    receiver: Receiver<JobInbound<E, C, T, B>>,
 ) {
    loop {
        // fetch job
        let (state, endpoint, rx) = match receiver.recv() {
            Ok(v) => v,
            _ => {
                return;
            }
        };
        debug!("inbound worker: obtained job");
        // wait for job to complete
        let _ = rx
            .map(|buf| {
                debug!("inbound worker: job complete");
                if let Some(buf) = buf {
                    // cast transport header
                    let (header, packet): (LayoutVerified<&[u8], TransportHeader>, &[u8]) =
                        match LayoutVerified::new_from_prefix(&buf.msg[..]) {
                            Some(v) => v,
                            None => {
                                debug!("inbound worker: failed to parse message");
                                return;
                            }
                        };
                    debug_assert!(
                        packet.len() >= CHACHA20_POLY1305.tag_len(),
                        "this should be checked earlier in the pipeline (decryption should fail)"
                    );
                    // check for replay
                    if !state.protector.lock().update(header.f_counter.get()) {
                        debug!("inbound worker: replay detected");
                        return;
                    }
                    // check for confirms key
                    if !state.confirmed.swap(true, Ordering::SeqCst) {
                        debug!("inbound worker: message confirms key");
                        peer.confirm_key(&state.keypair);
                    }
                    // update endpoint
                    *peer.endpoint.lock() = Some(endpoint);
                    // calculate length of IP packet + padding
                    let length = packet.len() - SIZE_TAG;
                    debug!("inbound worker: plaintext length = {}", length);
                    // check if should be written to TUN
                    let mut sent = false;
                    if length > 0 {
                        if let Some(inner_len) = device.table.check_route(&peer, &packet[..length])
                        {
                            // TODO: Consider moving the cryptkey route check to parallel decryption worker
                            debug_assert!(inner_len <= length, "should be validated earlier");
                            if inner_len <= length {
                                sent = match device.inbound.write(&packet[..inner_len]) {
                                    Err(e) => {
                                        debug!("failed to write inbound packet to TUN: {:?}", e);
                                        false
                                    }
                                    Ok(_) => true,
                                }
                            }
                        }
                    } else {
                        debug!("inbound worker: received keepalive")
                    }
                    // trigger callback
                    C::recv(&peer.opaque, buf.msg.len(), sent, &buf.keypair);
                } else {
                    debug!("inbound worker: authentication failure")
                }
            })
            .wait();
    }
 }
 /* TODO: Replace with run-queue
 */
 pub fn worker_outbound<E: Endpoint, C: Callbacks, T: tun::Writer, B: udp::Writer<E>>(
    peer: Arc<PeerInner<E, C, T, B>>,
    receiver: Receiver<JobOutbound>,
 ) {
    loop {
        // fetch job
        let rx = match receiver.recv() {
            Ok(v) => v,
            _ => {
                return;
            }
        };
        debug!("outbound worker: obtained job");
        // wait for job to complete
        let _ = rx
            .map(|buf| {
                debug!("outbound worker: job complete");
                // send to peer
                let xmit = peer.send(&buf.msg[..]).is_ok();
                // trigger callback
                C::send(&peer.opaque, buf.msg.len(), xmit, &buf.keypair, buf.counter);
            })
            .wait();
    }
 }
 pub fn worker_parallel(receiver: Receiver<JobParallel>) {
    loop {
        // fetch next job
        let job = match receiver.recv() {
            Err(_) => {
                return;
            }
            Ok(val) => val,
        };
        trace!("parallel worker: obtained job");
        // handle job
        match job {
            JobParallel::Encryption(tx, mut job) => {
                job.msg.extend([0u8; SIZE_TAG].iter());
                // cast to header (should never fail)
                let (mut header, body): (LayoutVerified<&mut [u8], TransportHeader>, &mut [u8]) =
                    LayoutVerified::new_from_prefix(&mut job.msg[..])
                        .expect("earlier code should ensure that there is ample space");
                // set header fields
                debug_assert!(
                    job.counter < REJECT_AFTER_MESSAGES,
                    "should be checked when assigning counters"
                );
                header.f_type.set(TYPE_TRANSPORT);
                header.f_receiver.set(job.keypair.send.id);
                header.f_counter.set(job.counter);
                // create a nonce object
                let mut nonce = [0u8; 12];
                debug_assert_eq!(nonce.len(), CHACHA20_POLY1305.nonce_len());
                nonce[4..].copy_from_slice(header.f_counter.as_bytes());
                let nonce = Nonce::assume_unique_for_key(nonce);
                // do the weird ring AEAD dance
                let key = LessSafeKey::new(
                    UnboundKey::new(&CHACHA20_POLY1305, &job.keypair.send.key[..]).unwrap(),
                );
                // encrypt content of transport message in-place
                let end = body.len() - SIZE_TAG;
                let tag = key
                    .seal_in_place_separate_tag(nonce, Aad::empty(), &mut body[..end])
                    .unwrap();
                // append tag
                body[end..].copy_from_slice(tag.as_ref());
                // pass ownership
                let _ = tx.send(job);
            }
            JobParallel::Decryption(tx, mut job) => {
                // cast to header (could fail)
                let layout: Option<(LayoutVerified<&mut [u8], TransportHeader>, &mut [u8])> =
                    LayoutVerified::new_from_prefix(&mut job.msg[..]);
                let _ = tx.send(match layout {
                    Some((header, body)) => {
                        debug_assert_eq!(
                            header.f_type.get(),
                            TYPE_TRANSPORT,
                            "type and reserved bits should be checked by message de-multiplexer"
                        );
                        if header.f_counter.get() < REJECT_AFTER_MESSAGES {
                            // create a nonce object
                            let mut nonce = [0u8; 12];
                            debug_assert_eq!(nonce.len(), CHACHA20_POLY1305.nonce_len());
                            nonce[4..].copy_from_slice(header.f_counter.as_bytes());
                            let nonce = Nonce::assume_unique_for_key(nonce);
                            // do the weird ring AEAD dance
                            let key = LessSafeKey::new(
                                UnboundKey::new(&CHACHA20_POLY1305, &job.keypair.recv.key[..])
                                    .unwrap(),
                            );
                            // attempt to open (and authenticate) the body
                            match key.open_in_place(nonce, Aad::empty(), body) {
                                Ok(_) => Some(job),
                                Err(_) => None,
                            }
                        } else {
                            None
                        }
                    }
                    None => None,
                });
            }
        }
    }
 }
--- a/src/wireguard/tests.rs
+++ b/src/wireguard/tests.rs
@@ -1,12 +1,6 @@
 use super::dummy;
 use super::wireguard::Wireguard;
 use std::net::IpAddr;
 use std::thread;
 use std::time::Duration;
 use hex;
 use rand_chacha::ChaCha8Rng;
 use rand_core::{RngCore, SeedableRng};
 use x25519_dalek::{PublicKey, StaticSecret};
@@ -14,6 +8,9 @@ use x25519_dalek::{PublicKey, StaticSecret};
 use pnet::packet::ipv4::MutableIpv4Packet;
 use pnet::packet::ipv6::MutableIpv6Packet;
 use super::dummy;
 use super::wireguard::WireGuard;
 pub fn make_packet(size: usize, src: IpAddr, dst: IpAddr, id: u64) -> Vec<u8> {
    // expand pseudo random payload
    let mut rng: _ = ChaCha8Rng::seed_from_u64(id);
@@ -58,10 +55,6 @@ fn init() {
    let _ = env_logger::builder().is_test(true).try_init();
 }
 fn wait() {
    thread::sleep(Duration::from_millis(500));
 }
 /* Create and configure two matching pure instances of WireGuard
 */
 #[test]
@@ -71,12 +64,12 @@ fn test_pure_wireguard() {
    // create WG instances for dummy TUN devices
    let (fake1, tun_reader1, tun_writer1, _) = dummy::TunTest::create(true);
-    let wg1: Wireguard<dummy::TunTest, dummy::PairBind> = Wireguard::new(tun_writer1);
+    let wg1: WireGuard<dummy::TunTest, dummy::PairBind> = WireGuard::new(tun_writer1);
    wg1.add_tun_reader(tun_reader1);
    wg1.up(1500);
    let (fake2, tun_reader2, tun_writer2, _) = dummy::TunTest::create(true);
-    let wg2: Wireguard<dummy::TunTest, dummy::PairBind> = Wireguard::new(tun_writer2);
+    let wg2: WireGuard<dummy::TunTest, dummy::PairBind> = WireGuard::new(tun_writer2);
    wg2.add_tun_reader(tun_reader2);
    wg2.up(1500);
--- a/src/wireguard/wireguard.rs
+++ b/src/wireguard/wireguard.rs
@@ -58,33 +58,33 @@ pub struct WireguardInner<T: Tun, B: UDP> {
    // handshake related state
    pub handshake: RwLock<handshake::Device>,
-    pub last_under_load: AtomicUsize,
+    pub last_under_load: Mutex<Instant>,
-    pub pending: AtomicUsize, // num of pending handshake packets in queue
+    pub pending: AtomicUsize, // number of pending handshake packets in queue
    pub queue: ParallelQueue<HandshakeJob<B::Endpoint>>,
 }
-pub struct Wireguard<T: Tun, B: UDP> {
+pub struct WireGuard<T: Tun, B: UDP> {
    inner: Arc<WireguardInner<T, B>>,
 }
 pub struct WaitCounter(StdMutex<usize>, Condvar);
-impl<T: Tun, B: UDP> fmt::Display for Wireguard<T, B> {
+impl<T: Tun, B: UDP> fmt::Display for WireGuard<T, B> {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "wireguard({:x})", self.id)
    }
 }
-impl<T: Tun, B: UDP> Deref for Wireguard<T, B> {
+impl<T: Tun, B: UDP> Deref for WireGuard<T, B> {
    type Target = WireguardInner<T, B>;
    fn deref(&self) -> &Self::Target {
        &self.inner
    }
 }
-impl<T: Tun, B: UDP> Clone for Wireguard<T, B> {
+impl<T: Tun, B: UDP> Clone for WireGuard<T, B> {
    fn clone(&self) -> Self {
-        Wireguard {
+        WireGuard {
            inner: self.inner.clone(),
        }
    }
@@ -116,7 +116,7 @@ impl WaitCounter {
    }
 }
-impl<T: Tun, B: UDP> Wireguard<T, B> {
+impl<T: Tun, B: UDP> WireGuard<T, B> {
    /// Brings the WireGuard device down.
    /// Usually called when the associated interface is brought down.
    ///
@@ -307,7 +307,7 @@ impl<T: Tun, B: UDP> Wireguard<T, B> {
        self.tun_readers.wait();
    }
-    pub fn new(writer: T::Writer) -> Wireguard<T, B> {
+    pub fn new(writer: T::Writer) -> WireGuard<T, B> {
        // workers equal to number of physical cores
        let cpus = num_cpus::get();
@@ -318,14 +318,14 @@ impl<T: Tun, B: UDP> Wireguard<T, B> {
        let (tx, mut rxs) = ParallelQueue::new(cpus, 128);
        // create arc to state
-        let wg = Wireguard {
+        let wg = WireGuard {
            inner: Arc::new(WireguardInner {
                enabled: RwLock::new(false),
                tun_readers: WaitCounter::new(),
                id: rng.gen(),
                mtu: AtomicUsize::new(0),
                peers: RwLock::new(HashMap::new()),
-                last_under_load: AtomicUsize::new(0), // TODO
+                last_under_load: Mutex::new(Instant::now() - TIME_HORIZON),
                send: RwLock::new(None),
                router: router::Device::new(num_cpus::get(), writer), // router owns the writing half
                pending: AtomicUsize::new(0),
--- a/src/wireguard/workers.rs
+++ b/src/wireguard/workers.rs
@@ -25,7 +25,7 @@ use super::handshake::MAX_HANDSHAKE_MSG_SIZE;
 use super::handshake::{TYPE_COOKIE_REPLY, TYPE_INITIATION, TYPE_RESPONSE};
 use super::router::{CAPACITY_MESSAGE_POSTFIX, SIZE_MESSAGE_PREFIX, TYPE_TRANSPORT};
-use super::Wireguard;
+use super::wireguard::WireGuard;
 pub enum HandshakeJob<E> {
    Message(Vec<u8>, E),
@@ -54,7 +54,7 @@ const fn padding(size: usize, mtu: usize) -> usize {
    min(mtu, size + (pad - size % pad) % pad)
 }
-pub fn tun_worker<T: Tun, B: UDP>(wg: &Wireguard<T, B>, reader: T::Reader) {
+pub fn tun_worker<T: Tun, B: UDP>(wg: &WireGuard<T, B>, reader: T::Reader) {
    loop {
        // create vector big enough for any transport message (based on MTU)
        let mtu = wg.mtu.load(Ordering::Relaxed);
@@ -100,7 +100,7 @@ pub fn tun_worker<T: Tun, B: UDP>(wg: &Wireguard<T, B>, reader: T::Reader) {
    }
 }
-pub fn udp_worker<T: Tun, B: UDP>(wg: &Wireguard<T, B>, reader: B::Reader) {
+pub fn udp_worker<T: Tun, B: UDP>(wg: &WireGuard<T, B>, reader: B::Reader) {
    let mut last_under_load = Instant::now() - TIME_HORIZON;
    loop {
@@ -160,7 +160,7 @@ pub fn udp_worker<T: Tun, B: UDP>(wg: &Wireguard<T, B>, reader: B::Reader) {
 }
 pub fn handshake_worker<T: Tun, B: UDP>(
-    wg: &Wireguard<T, B>,
+    wg: &WireGuard<T, B>,
    rx: Receiver<HandshakeJob<B::Endpoint>>,
 ) {
    debug!("{} : handshake worker, started", wg);
@@ -170,30 +170,38 @@ pub fn handshake_worker<T: Tun, B: UDP>(
    // process elements from the handshake queue
    for job in rx {
-        // decrement pending pakcets (under_load)
+        // check if under load
        let job: HandshakeJob<B::Endpoint> = job;
-        wg.pending.fetch_sub(1, Ordering::SeqCst);
+        let pending = wg.pending.fetch_sub(1, Ordering::SeqCst);
        let mut under_load = false;
        // immediate go under load if too many handshakes pending
        if pending > THRESHOLD_UNDER_LOAD {
            *wg.last_under_load.lock() = Instant::now();
            under_load = true;
        }
        // remain under load for a while
        if !under_load {
            let elapsed = wg.last_under_load.lock().elapsed();
            if elapsed > DURATION_UNDER_LOAD {
                under_load = true;
            }
        }
-        // demultiplex staged handshake jobs and handshake messages
+        // de-multiplex staged handshake jobs and handshake messages
        match job {
            HandshakeJob::Message(msg, src) => {
                // feed message to handshake device
                let src_validate = (&src).into_address(); // TODO avoid
                // process message
                let device = wg.handshake.read();
                match device.process(
                    &mut rng,
                    &msg[..],
-                    None,
+                    if under_load {
-                    /*
+                        Some(src.into_address())
                    if wg.under_load.load(Ordering::Relaxed) {
                        debug!("{} : handshake worker, under load", wg);
                        Some(&src_validate)
                    } else {
                        None
                    }
                    */
                ) {
                    Ok((pk, resp, keypair)) => {
                        // send response (might be cookie reply or handshake response)