enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-19 16:41:11 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

added data structures for replay protection

Browse Source
This commit is contained in:
Logan007 2020-07-23 20:34:54 +05:45
parent 895bbc2844
commit b976379125
3 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/n2n.h
View File

@ -197,6 +197,7 @@ struct peer_info {
time_t last_seen; time_t last_seen;
time_t last_p2p; time_t last_p2p;
time_t last_sent_query; time_t last_sent_query;
uint64_t last_valid_time_stamp;
UT_hash_handle hh; /* makes this structure hashable */ UT_hash_handle hh; /* makes this structure hashable */
}; };
@ -304,8 +305,9 @@ struct n2n_edge {
n2n_trans_op_t transop; /**< The transop to use when encoding */ n2n_trans_op_t transop; /**< The transop to use when encoding */
n2n_cookie_t last_cookie; /**< Cookie sent in last REGISTER_SUPER. */ n2n_cookie_t last_cookie; /**< Cookie sent in last REGISTER_SUPER. */
n2n_route_t *sn_route_to_clean; /**< Supernode route to clean */ n2n_route_t *sn_route_to_clean; /**< Supernode route to clean */
n2n_edge_callbacks_t cb; /**< API callbacks */ n2n_edge_callbacks_t cb; /**< API callbacks */
void *user_data; /**< Can hold user data */ void *user_data; /**< Can hold user data */
uint64_t sn_last_valid_time_stamp;/*< last valid time stamp from supernode */
/* Sockets */ /* Sockets */
n2n_sock_t supernode; n2n_sock_t supernode;

16
src/edge_utils.c
View File

@ -1646,17 +1646,19 @@ static void readFromIPSocket(n2n_edge_t * eee, int in_sock) {
decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx); decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx);
// !!! if(is_valid_peer_sock(&pkt.sock))
/* if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) { orig_sender = &(pkt.sock);
if ( !time_stamp_verify (stamp, &... !!!) ) { /* // sketch for time stamp verification -- to be implemented !!!
traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error.");
return; if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) {
// find edge and its specific last time stamp or supernode's one !!!
if ( !time_stamp_verify (stamp, &found_time_stamp !!!) ) {
traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error.");
return;
} }
} }
*/ */
if(is_valid_peer_sock(&pkt.sock))
orig_sender = &(pkt.sock);
if(!from_supernode) { if(!from_supernode) {
/* This is a P2P packet from the peer. We purge a pending /* This is a P2P packet from the peer. We purge a pending

3
src/sn_utils.c
View File

@ -439,6 +439,9 @@ static int process_udp(n2n_sn_t * sss,
if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx, if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx,
comm->header_iv_ctx, comm->header_iv_ctx,
&stamp, &checksum)) ) { &stamp, &checksum)) ) {
// time stamp verification follows in the packet specific section as it requires to determine the
// sender from the hash list by its MAC, this all depends on packet type and packet structure
// (MAC is not always in the same place)
if (checksum != pearson_hash_16 (udp_buf, udp_size)) { if (checksum != pearson_hash_16 (udp_buf, udp_size)) {
traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error."); traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error.");
return -1; return -1;