summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/anytun.cpp21
-rw-r--r--src/anytun.suobin42496 -> 44544 bytes
-rw-r--r--src/encryptedPacket.cpp5
-rw-r--r--src/encryptedPacket.h8
-rw-r--r--src/plainPacket.cpp5
-rw-r--r--src/plainPacket.h8
6 files changed, 37 insertions, 10 deletions
diff --git a/src/anytun.cpp b/src/anytun.cpp
index a2d7f05..47d2cb6 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -258,6 +258,8 @@ void receiver(void* p)
// read packet from socket
u_int32_t len = param->src.recv(encrypted_packet.getBuf(), encrypted_packet.getLength(), remote_end);
+ if(len < EncryptedPacket::getHeaderLength())
+ continue; // ignore short packets
encrypted_packet.setLength(len);
mux_t mux = encrypted_packet.getMux();
@@ -279,6 +281,14 @@ void receiver(void* p)
continue;
}
+ // Replay Protection
+ if(conn.seq_window_.checkAndAdd(encrypted_packet.getSenderId(), encrypted_packet.getSeqNr()))
+ {
+ cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_
+ << " seq:"<< encrypted_packet.getSeqNr() << " sid: "<< encrypted_packet.getSenderId();
+ continue;
+ }
+
//Allow dynamic IP changes
//TODO: add command line option to turn this off
if (remote_end != conn.remote_end_)
@@ -290,15 +300,10 @@ void receiver(void* p)
gSyncQueue.push(sc);
#endif
}
-
- // Replay Protection
- if(conn.seq_window_.checkAndAdd(encrypted_packet.getSenderId(), encrypted_packet.getSeqNr()))
- {
- cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_
- << " seq:"<< encrypted_packet.getSeqNr() << " sid: "<< encrypted_packet.getSenderId();
+ // ignore zero length packets
+ if(encrypted_packet.getPayloadLength() <= PlainPacket::getHeaderLength())
continue;
- }
-
+
// decrypt packet
c->decrypt(conn.kd_, encrypted_packet, plain_packet);
diff --git a/src/anytun.suo b/src/anytun.suo
index 847888f..dcee7a5 100644
--- a/src/anytun.suo
+++ b/src/anytun.suo
Binary files differ
diff --git a/src/encryptedPacket.cpp b/src/encryptedPacket.cpp
index b580a8a..692d221 100644
--- a/src/encryptedPacket.cpp
+++ b/src/encryptedPacket.cpp
@@ -52,6 +52,11 @@ EncryptedPacket::EncryptedPacket(u_int32_t payload_length, bool allow_realloc)
}
}
+u_int32_t EncryptedPacket::getHeaderLength()
+{
+ return sizeof(struct HeaderStruct);
+}
+
seq_nr_t EncryptedPacket::getSeqNr() const
{
if(header_)
diff --git a/src/encryptedPacket.h b/src/encryptedPacket.h
index ac67950..4f64022 100644
--- a/src/encryptedPacket.h
+++ b/src/encryptedPacket.h
@@ -53,6 +53,12 @@ public:
~EncryptedPacket() {};
/**
+ * Get the length of the header
+ * @return the length of the header
+ */
+ static u_int32_t getHeaderLength();
+
+ /**
* Get the sequence number
* @return seqence number
*/
@@ -100,7 +106,7 @@ public:
* Get the length of the payload
* @return the length of the payload
*/
- u_int32_t getPayloadLength() const;
+ u_int32_t getPayloadLength() const;
/**
* Set the length of the payload
diff --git a/src/plainPacket.cpp b/src/plainPacket.cpp
index a12a7c8..6d06b3f 100644
--- a/src/plainPacket.cpp
+++ b/src/plainPacket.cpp
@@ -42,6 +42,11 @@ PlainPacket::PlainPacket(u_int32_t payload_length, bool allow_realloc) : Buffer(
*payload_type_ = 0;
}
+u_int32_t PlainPacket::getHeaderLength()
+{
+ return sizeof(payload_type_t);
+}
+
payload_type_t PlainPacket::getPayloadType() const
{
if(payload_type_)
diff --git a/src/plainPacket.h b/src/plainPacket.h
index a66f3fc..5919c32 100644
--- a/src/plainPacket.h
+++ b/src/plainPacket.h
@@ -64,6 +64,12 @@ public:
~PlainPacket() {};
/**
+ * Get the length of the header
+ * @return the length of the header
+ */
+ static u_int32_t getHeaderLength();
+
+ /**
* Get the payload type
* @return the id of the payload type
*/
@@ -79,7 +85,7 @@ public:
* Get the length of the payload
* @return the length of the payload
*/
- u_int32_t getPayloadLength() const;
+ u_int32_t getPayloadLength() const;
/**
* Set the length of the payload