mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
added data structures for replay protection
This commit is contained in:
parent
895bbc2844
commit
b976379125
|
@ -197,6 +197,7 @@ struct peer_info {
|
|||
time_t last_seen;
|
||||
time_t last_p2p;
|
||||
time_t last_sent_query;
|
||||
uint64_t last_valid_time_stamp;
|
||||
|
||||
UT_hash_handle hh; /* makes this structure hashable */
|
||||
};
|
||||
|
@ -306,6 +307,7 @@ struct n2n_edge {
|
|||
n2n_route_t *sn_route_to_clean; /**< Supernode route to clean */
|
||||
n2n_edge_callbacks_t cb; /**< API callbacks */
|
||||
void *user_data; /**< Can hold user data */
|
||||
uint64_t sn_last_valid_time_stamp;/*< last valid time stamp from supernode */
|
||||
|
||||
/* Sockets */
|
||||
n2n_sock_t supernode;
|
||||
|
|
|
@ -1646,17 +1646,19 @@ static void readFromIPSocket(n2n_edge_t * eee, int in_sock) {
|
|||
|
||||
decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx);
|
||||
|
||||
// !!!
|
||||
/* if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) {
|
||||
if(is_valid_peer_sock(&pkt.sock))
|
||||
orig_sender = &(pkt.sock);
|
||||
|
||||
if ( !time_stamp_verify (stamp, &... !!!) ) {
|
||||
/* // sketch for time stamp verification -- to be implemented !!!
|
||||
|
||||
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) {
|
||||
// find edge and its specific last time stamp or supernode's one !!!
|
||||
if ( !time_stamp_verify (stamp, &found_time_stamp !!!) ) {
|
||||
traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error.");
|
||||
return;
|
||||
}
|
||||
}
|
||||
*/
|
||||
if(is_valid_peer_sock(&pkt.sock))
|
||||
orig_sender = &(pkt.sock);
|
||||
|
||||
if(!from_supernode) {
|
||||
/* This is a P2P packet from the peer. We purge a pending
|
||||
|
|
|
@ -439,6 +439,9 @@ static int process_udp(n2n_sn_t * sss,
|
|||
if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx,
|
||||
comm->header_iv_ctx,
|
||||
&stamp, &checksum)) ) {
|
||||
// time stamp verification follows in the packet specific section as it requires to determine the
|
||||
// sender from the hash list by its MAC, this all depends on packet type and packet structure
|
||||
// (MAC is not always in the same place)
|
||||
if (checksum != pearson_hash_16 (udp_buf, udp_size)) {
|
||||
traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error.");
|
||||
return -1;
|
||||
|
|
Loading…
Reference in New Issue
Block a user