diff options
author | Christian Pointner <equinox@anytun.org> | 2009-01-12 23:39:51 +0000 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2009-01-12 23:39:51 +0000 |
commit | b979b0be8ac5623ff3f4c3b5a5331edd953aa0bb (patch) | |
tree | 7e8c3d344412ce4f2b916a70caaa0f7838f4590d | |
parent | cleaned up includes (diff) |
ported uAnytun sequence window to anytun
-rw-r--r-- | src/anytun.cpp | 20 | ||||
-rw-r--r-- | src/datatypes.h | 4 | ||||
-rw-r--r-- | src/seqWindow.cpp | 118 | ||||
-rw-r--r-- | src/seqWindow.h | 22 |
4 files changed, 114 insertions, 50 deletions
diff --git a/src/anytun.cpp b/src/anytun.cpp index f7f9358..a5f2218 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -112,20 +112,6 @@ void createConnection(const PacketSourceEndpoint & remote_end, window_size_t seq #endif } -bool checkPacketSeqNr(EncryptedPacket& pack,ConnectionParam& conn) -{ - // compare sender_id and seq with window - if(conn.seq_window_.hasSeqNr(pack.getSenderId(), pack.getSeqNr())) - { - cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_ - << " seq:"<<pack.getSeqNr() << " sid: "<<pack.getSenderId(); - return false; - } - - conn.seq_window_.addSeqNr(pack.getSenderId(), pack.getSeqNr()); - return true; -} - void sender(void* p) { try @@ -338,8 +324,12 @@ void receiver(void* p) } // Replay Protection - if (!checkPacketSeqNr(encrypted_packet, conn)) + if(conn.seq_window_.checkAndAdd(encrypted_packet.getSenderId(), encrypted_packet.getSeqNr())) + { + cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_ + << " seq:"<< encrypted_packet.getSeqNr() << " sid: "<< encrypted_packet.getSenderId(); continue; + } // generate packet-key conn.kd_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key); diff --git a/src/datatypes.h b/src/datatypes.h index f4c661a..536719c 100644 --- a/src/datatypes.h +++ b/src/datatypes.h @@ -32,7 +32,8 @@ #ifndef _DATATYPES_H_ #define _DATATYPES_H_ -#include<boost/cstdint.hpp> +#include <boost/cstdint.hpp> +#include <boost/integer_traits.hpp> typedef boost::uint8_t u_int8_t; typedef boost::uint16_t u_int16_t; @@ -46,6 +47,7 @@ typedef boost::int64_t int64_t; typedef u_int32_t window_size_t; typedef u_int32_t seq_nr_t; +#define SEQ_NR_MAX boost::integer_traits<seq_nr_t>::max() typedef u_int16_t sender_id_t; typedef u_int16_t payload_type_t; typedef u_int16_t mux_t; diff --git a/src/seqWindow.cpp b/src/seqWindow.cpp index 1a36392..1ddd3ca 100644 --- a/src/seqWindow.cpp +++ b/src/seqWindow.cpp @@ -34,55 +34,118 @@ #include "seqWindow.h" -SeqWindow::SeqWindow(window_size_t w) : window_size_(w) +SeqWindowElement::SeqWindowElement() { + window_ = NULL; + pos_ = 0; + max_ = 0; } -SeqWindow::~SeqWindow() +SeqWindowElement::~SeqWindowElement() { + if(window_) + delete[] window_; } -SeqWindow::SeqDeque::size_type SeqWindow::getLength(sender_id_t sender) +void SeqWindowElement::init(window_size_t w, seq_nr_t m) { - Lock lock(mutex_); - SenderMap::const_iterator s = sender_.find(sender); - if(s == sender_.end()) - return 0; + if(window_) + delete[] window_; + window_ = new u_int8_t[w]; + memset(window_, 0, w); + pos_ = 0; + max_ = m; + window_[pos_] = 1; +} - return s->second.size(); +SeqWindow::SeqWindow(window_size_t w) : window_size_(w) +{ } -bool SeqWindow::hasSeqNr(sender_id_t sender, seq_nr_t seq) +SeqWindow::~SeqWindow() +{ +} + +bool SeqWindow::checkAndAdd(sender_id_t sender, seq_nr_t seq_nr) { Lock lock(mutex_); if (!window_size_) return false; - SenderMap::const_iterator s = sender_.find(sender); - if(s == sender_.end()) + + SenderMap::iterator s = sender_.find(sender); + if(s == sender_.end()) { + sender_[sender].init(window_size_, seq_nr); return false; + } - SeqDeque::const_iterator it; - for(it = s->second.begin(); it != s->second.end(); it++) - if(*it == seq) - return true; + int shifted = 0; + if(s->second.max_ < window_size_) { + s->second.max_ += SEQ_NR_MAX/2; + seq_nr += SEQ_NR_MAX/2; + shifted = 1; + } + else if(s->second.max_ > (SEQ_NR_MAX - window_size_)) { + s->second.max_ -= SEQ_NR_MAX/2; + seq_nr -= SEQ_NR_MAX/2; + shifted = 2; + } - return false; -} - -void SeqWindow::addSeqNr(sender_id_t sender, seq_nr_t seq) -{ - Lock lock(mutex_); - if (!window_size_) - return; - if(sender_[sender].size() >= window_size_) - sender_[sender].pop_front(); - sender_[sender].push_back(seq); + seq_nr_t min = s->second.max_ - window_size_ + 1; + if(seq_nr < min || seq_nr == s->second.max_) { + if(shifted == 1) + s->second.max_ -= SEQ_NR_MAX/2; + else if(shifted == 2) + s->second.max_ += SEQ_NR_MAX/2; + return true; + } + + if(seq_nr > s->second.max_) { + seq_nr_t diff = seq_nr - s->second.max_; + if(diff >= window_size_) + diff = window_size_; + + window_size_t new_pos = s->second.pos_ + diff; + + if(new_pos >= window_size_) { + new_pos -= window_size_; + + if(s->second.pos_ < window_size_ - 1) + memset(&(s->second.window_[s->second.pos_ + 1]), 0, window_size_ - s->second.pos_ - 1); + + memset(s->second.window_, 0, new_pos); + } + else { + memset(&(s->second.window_[s->second.pos_ + 1]), 0, diff); + } + s->second.pos_ = new_pos; + s->second.window_[s->second.pos_] = 1; + s->second.max_ = seq_nr; + + if(shifted == 1) + s->second.max_ -= SEQ_NR_MAX/2; + else if(shifted == 2) + s->second.max_ += SEQ_NR_MAX/2; + + return false; + } + + seq_nr_t diff = s->second.max_ - seq_nr; + window_size_t pos = diff > s->second.pos_ ? s->second.pos_ + window_size_ : s->second.pos_; + pos -= diff; + + if(shifted == 1) + s->second.max_ -= SEQ_NR_MAX/2; + else if(shifted == 2) + s->second.max_ += SEQ_NR_MAX/2; + + int ret = s->second.window_[pos]; + s->second.window_[pos] = 1; + return ret; } void SeqWindow::clear(sender_id_t sender) { Lock lock(mutex_); - sender_[sender].clear(); sender_.erase(sender); } @@ -91,4 +154,3 @@ void SeqWindow::clear() Lock lock(mutex_); sender_.clear(); } - diff --git a/src/seqWindow.h b/src/seqWindow.h index 5bac491..e16e335 100644 --- a/src/seqWindow.h +++ b/src/seqWindow.h @@ -39,22 +39,32 @@ #include "threadUtils.hpp" #include "datatypes.h" +class SeqWindow; + +class SeqWindowElement { +public: + SeqWindowElement(); + ~SeqWindowElement(); + + void init(window_size_t w, seq_nr_t m); + + seq_nr_t max_; + window_size_t pos_; + u_int8_t* window_; +}; + class SeqWindow { public: - typedef std::deque<seq_nr_t> SeqDeque; - typedef std::map<sender_id_t, SeqDeque> SenderMap; + typedef std::map<sender_id_t, SeqWindowElement> SenderMap; SeqWindow(window_size_t w); ~SeqWindow(); - SeqDeque::size_type getLength(sender_id_t sender); - bool hasSeqNr(sender_id_t sender, seq_nr_t seq); - void addSeqNr(sender_id_t sender, seq_nr_t seq); + bool checkAndAdd(sender_id_t sender, seq_nr_t seq_nr); void clear(sender_id_t sender); void clear(); - private: window_size_t window_size_; Mutex mutex_; |