mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
added data structures for replay protection
This commit is contained in:
parent
895bbc2844
commit
b976379125
|
@ -197,6 +197,7 @@ struct peer_info {
|
||||||
time_t last_seen;
|
time_t last_seen;
|
||||||
time_t last_p2p;
|
time_t last_p2p;
|
||||||
time_t last_sent_query;
|
time_t last_sent_query;
|
||||||
|
uint64_t last_valid_time_stamp;
|
||||||
|
|
||||||
UT_hash_handle hh; /* makes this structure hashable */
|
UT_hash_handle hh; /* makes this structure hashable */
|
||||||
};
|
};
|
||||||
|
@ -304,8 +305,9 @@ struct n2n_edge {
|
||||||
n2n_trans_op_t transop; /**< The transop to use when encoding */
|
n2n_trans_op_t transop; /**< The transop to use when encoding */
|
||||||
n2n_cookie_t last_cookie; /**< Cookie sent in last REGISTER_SUPER. */
|
n2n_cookie_t last_cookie; /**< Cookie sent in last REGISTER_SUPER. */
|
||||||
n2n_route_t *sn_route_to_clean; /**< Supernode route to clean */
|
n2n_route_t *sn_route_to_clean; /**< Supernode route to clean */
|
||||||
n2n_edge_callbacks_t cb; /**< API callbacks */
|
n2n_edge_callbacks_t cb; /**< API callbacks */
|
||||||
void *user_data; /**< Can hold user data */
|
void *user_data; /**< Can hold user data */
|
||||||
|
uint64_t sn_last_valid_time_stamp;/*< last valid time stamp from supernode */
|
||||||
|
|
||||||
/* Sockets */
|
/* Sockets */
|
||||||
n2n_sock_t supernode;
|
n2n_sock_t supernode;
|
||||||
|
|
|
@ -1646,17 +1646,19 @@ static void readFromIPSocket(n2n_edge_t * eee, int in_sock) {
|
||||||
|
|
||||||
decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx);
|
decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx);
|
||||||
|
|
||||||
// !!!
|
if(is_valid_peer_sock(&pkt.sock))
|
||||||
/* if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) {
|
orig_sender = &(pkt.sock);
|
||||||
|
|
||||||
if ( !time_stamp_verify (stamp, &... !!!) ) {
|
/* // sketch for time stamp verification -- to be implemented !!!
|
||||||
traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error.");
|
|
||||||
return;
|
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) {
|
||||||
|
// find edge and its specific last time stamp or supernode's one !!!
|
||||||
|
if ( !time_stamp_verify (stamp, &found_time_stamp !!!) ) {
|
||||||
|
traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error.");
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
if(is_valid_peer_sock(&pkt.sock))
|
|
||||||
orig_sender = &(pkt.sock);
|
|
||||||
|
|
||||||
if(!from_supernode) {
|
if(!from_supernode) {
|
||||||
/* This is a P2P packet from the peer. We purge a pending
|
/* This is a P2P packet from the peer. We purge a pending
|
||||||
|
|
|
@ -439,6 +439,9 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx,
|
if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx,
|
||||||
comm->header_iv_ctx,
|
comm->header_iv_ctx,
|
||||||
&stamp, &checksum)) ) {
|
&stamp, &checksum)) ) {
|
||||||
|
// time stamp verification follows in the packet specific section as it requires to determine the
|
||||||
|
// sender from the hash list by its MAC, this all depends on packet type and packet structure
|
||||||
|
// (MAC is not always in the same place)
|
||||||
if (checksum != pearson_hash_16 (udp_buf, udp_size)) {
|
if (checksum != pearson_hash_16 (udp_buf, udp_size)) {
|
||||||
traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error.");
|
traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error.");
|
||||||
return -1;
|
return -1;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user