diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/anytun.cpp | 21 | ||||
-rw-r--r-- | src/anytun.suo | bin | 42496 -> 44544 bytes | |||
-rw-r--r-- | src/encryptedPacket.cpp | 5 | ||||
-rw-r--r-- | src/encryptedPacket.h | 8 | ||||
-rw-r--r-- | src/plainPacket.cpp | 5 | ||||
-rw-r--r-- | src/plainPacket.h | 8 |
6 files changed, 37 insertions, 10 deletions
diff --git a/src/anytun.cpp b/src/anytun.cpp index a2d7f05..47d2cb6 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -258,6 +258,8 @@ void receiver(void* p) // read packet from socket u_int32_t len = param->src.recv(encrypted_packet.getBuf(), encrypted_packet.getLength(), remote_end); + if(len < EncryptedPacket::getHeaderLength()) + continue; // ignore short packets encrypted_packet.setLength(len); mux_t mux = encrypted_packet.getMux(); @@ -279,6 +281,14 @@ void receiver(void* p) continue; } + // Replay Protection + if(conn.seq_window_.checkAndAdd(encrypted_packet.getSenderId(), encrypted_packet.getSeqNr())) + { + cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_ + << " seq:"<< encrypted_packet.getSeqNr() << " sid: "<< encrypted_packet.getSenderId(); + continue; + } + //Allow dynamic IP changes //TODO: add command line option to turn this off if (remote_end != conn.remote_end_) @@ -290,15 +300,10 @@ void receiver(void* p) gSyncQueue.push(sc); #endif } - - // Replay Protection - if(conn.seq_window_.checkAndAdd(encrypted_packet.getSenderId(), encrypted_packet.getSeqNr())) - { - cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_ - << " seq:"<< encrypted_packet.getSeqNr() << " sid: "<< encrypted_packet.getSenderId(); + // ignore zero length packets + if(encrypted_packet.getPayloadLength() <= PlainPacket::getHeaderLength()) continue; - } - + // decrypt packet c->decrypt(conn.kd_, encrypted_packet, plain_packet); diff --git a/src/anytun.suo b/src/anytun.suo Binary files differindex 847888f..dcee7a5 100644 --- a/src/anytun.suo +++ b/src/anytun.suo diff --git a/src/encryptedPacket.cpp b/src/encryptedPacket.cpp index b580a8a..692d221 100644 --- a/src/encryptedPacket.cpp +++ b/src/encryptedPacket.cpp @@ -52,6 +52,11 @@ EncryptedPacket::EncryptedPacket(u_int32_t payload_length, bool allow_realloc) } } +u_int32_t EncryptedPacket::getHeaderLength() +{ + return sizeof(struct HeaderStruct); +} + seq_nr_t EncryptedPacket::getSeqNr() const { if(header_) diff --git a/src/encryptedPacket.h b/src/encryptedPacket.h index ac67950..4f64022 100644 --- a/src/encryptedPacket.h +++ b/src/encryptedPacket.h @@ -53,6 +53,12 @@ public: ~EncryptedPacket() {}; /** + * Get the length of the header + * @return the length of the header + */ + static u_int32_t getHeaderLength(); + + /** * Get the sequence number * @return seqence number */ @@ -100,7 +106,7 @@ public: * Get the length of the payload * @return the length of the payload */ - u_int32_t getPayloadLength() const; + u_int32_t getPayloadLength() const; /** * Set the length of the payload diff --git a/src/plainPacket.cpp b/src/plainPacket.cpp index a12a7c8..6d06b3f 100644 --- a/src/plainPacket.cpp +++ b/src/plainPacket.cpp @@ -42,6 +42,11 @@ PlainPacket::PlainPacket(u_int32_t payload_length, bool allow_realloc) : Buffer( *payload_type_ = 0; } +u_int32_t PlainPacket::getHeaderLength() +{ + return sizeof(payload_type_t); +} + payload_type_t PlainPacket::getPayloadType() const { if(payload_type_) diff --git a/src/plainPacket.h b/src/plainPacket.h index a66f3fc..5919c32 100644 --- a/src/plainPacket.h +++ b/src/plainPacket.h @@ -64,6 +64,12 @@ public: ~PlainPacket() {}; /** + * Get the length of the header + * @return the length of the header + */ + static u_int32_t getHeaderLength(); + + /** * Get the payload type * @return the id of the payload type */ @@ -79,7 +85,7 @@ public: * Get the length of the payload * @return the length of the payload */ - u_int32_t getPayloadLength() const; + u_int32_t getPayloadLength() const; /** * Set the length of the payload |