From b976379125210d1798649b04108d5c7041b87456 Mon Sep 17 00:00:00 2001
From: Logan007 <you@example.com>
Date: Thu, 23 Jul 2020 20:34:54 +0545
Subject: [PATCH] added data structures for replay protection

---
 include/n2n.h    |  6 ++++--
 src/edge_utils.c | 16 +++++++++-------
 src/sn_utils.c   |  3 +++
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/include/n2n.h b/include/n2n.h
index 547c585..6251ef7 100644
--- a/include/n2n.h
+++ b/include/n2n.h
@@ -197,6 +197,7 @@ struct peer_info {
   time_t              last_seen;
   time_t              last_p2p;
   time_t              last_sent_query;
+  uint64_t            last_valid_time_stamp;
 
   UT_hash_handle hh; /* makes this structure hashable */
 };
@@ -304,8 +305,9 @@ struct n2n_edge {
 	n2n_trans_op_t      transop;                /**< The transop to use when encoding */
 	n2n_cookie_t        last_cookie;            /**< Cookie sent in last REGISTER_SUPER. */
 	n2n_route_t         *sn_route_to_clean;     /**< Supernode route to clean */
-	n2n_edge_callbacks_t cb;		      /**< API callbacks */
-	void 	              *user_data;             /**< Can hold user data */
+	n2n_edge_callbacks_t cb;	            /**< API callbacks */
+	void 	            *user_data;             /**< Can hold user data */
+        uint64_t            sn_last_valid_time_stamp;/*< last valid time stamp from supernode */
 
 	/* Sockets */
 	n2n_sock_t          supernode;
diff --git a/src/edge_utils.c b/src/edge_utils.c
index ca97d34..7f78d50 100644
--- a/src/edge_utils.c
+++ b/src/edge_utils.c
@@ -1646,17 +1646,19 @@ static void readFromIPSocket(n2n_edge_t * eee, int in_sock) {
 
 	  decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx);
 
-// !!!
-/*   if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) {
+	  if(is_valid_peer_sock(&pkt.sock))
+	    orig_sender = &(pkt.sock);
 
-    if ( !time_stamp_verify (stamp, &... !!!) ) {
-      traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error.");
-      return;
+/*        // sketch for time stamp verification -- to be implemented !!!
+
+          if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) {
+            // find edge and its specific last time stamp or supernode's one !!!
+            if ( !time_stamp_verify (stamp, &found_time_stamp !!!) ) {
+              traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error.");
+              return;
     }
   }
 */
-	  if(is_valid_peer_sock(&pkt.sock))
-	    orig_sender = &(pkt.sock);
 
 	  if(!from_supernode) {
 	    /* This is a P2P packet from the peer. We purge a pending
diff --git a/src/sn_utils.c b/src/sn_utils.c
index 8cf5821..8a9896d 100644
--- a/src/sn_utils.c
+++ b/src/sn_utils.c
@@ -439,6 +439,9 @@ static int process_udp(n2n_sn_t * sss,
       if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx,
                                          comm->header_iv_ctx,
                                          &stamp, &checksum)) ) {
+        // time stamp verification follows in the packet specific section as it requires to determine the
+        // sender from the hash list by its MAC, this all depends on packet type and packet structure
+        // (MAC is not always in the same place)
        if (checksum != pearson_hash_16 (udp_buf, udp_size)) {
          traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error.");
          return -1;