kdxcxs
/
n2n
mirror of https://github.com/ntop/n2n.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

added data structures for replay protection

pull/327/head
Logan007 4 years ago
parent
895bbc2844
commit
b976379125
3 changed files with 16 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      include/n2n.h
  2. 12
      src/edge_utils.c
  3. 3
      src/sn_utils.c

2
include/n2n.h
View File

@ -197,6 +197,7 @@ struct peer_info {
time_t last_seen; time_t last_seen;
time_t last_p2p; time_t last_p2p;
time_t last_sent_query; time_t last_sent_query;
uint64_t last_valid_time_stamp;
UT_hash_handle hh; /* makes this structure hashable */ UT_hash_handle hh; /* makes this structure hashable */
}; };
@ -306,6 +307,7 @@ struct n2n_edge {
n2n_route_t *sn_route_to_clean; /**< Supernode route to clean */ n2n_route_t *sn_route_to_clean; /**< Supernode route to clean */
n2n_edge_callbacks_t cb; /**< API callbacks */ n2n_edge_callbacks_t cb; /**< API callbacks */
void *user_data; /**< Can hold user data */ void *user_data; /**< Can hold user data */
uint64_t sn_last_valid_time_stamp;/*< last valid time stamp from supernode */
/* Sockets */ /* Sockets */
n2n_sock_t supernode; n2n_sock_t supernode;

12
src/edge_utils.c
View File

@ -1646,17 +1646,19 @@ static void readFromIPSocket(n2n_edge_t * eee, int in_sock) {
decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx); decode_PACKET(&pkt, &cmn, udp_buf, &rem, &idx);
// !!! if(is_valid_peer_sock(&pkt.sock))
/* if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) { orig_sender = &(pkt.sock);
/* // sketch for time stamp verification -- to be implemented !!!
if ( !time_stamp_verify (stamp, &... !!!) ) { if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED) {
// find edge and its specific last time stamp or supernode's one !!!
if ( !time_stamp_verify (stamp, &found_time_stamp !!!) ) {
traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error."); traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to time stamp error.");
return; return;
} }
} }
*/ */
if(is_valid_peer_sock(&pkt.sock))
orig_sender = &(pkt.sock);
if(!from_supernode) { if(!from_supernode) {
/* This is a P2P packet from the peer. We purge a pending /* This is a P2P packet from the peer. We purge a pending

3
src/sn_utils.c
View File

@ -439,6 +439,9 @@ static int process_udp(n2n_sn_t * sss,
if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx, if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx,
comm->header_iv_ctx, comm->header_iv_ctx,
&stamp, &checksum)) ) { &stamp, &checksum)) ) {
// time stamp verification follows in the packet specific section as it requires to determine the
// sender from the hash list by its MAC, this all depends on packet type and packet structure
// (MAC is not always in the same place)
if (checksum != pearson_hash_16 (udp_buf, udp_size)) { if (checksum != pearson_hash_16 (udp_buf, udp_size)) {
traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error."); traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error.");
return -1; return -1;

Write Preview
Loading…
Cancel
Save