4 files changed, 114 insertions, 50 deletions

diff --git a/src/anytun.cpp b/src/anytun.cpp
index f7f9358..a5f2218 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -112,20 +112,6 @@ void createConnection(const PacketSourceEndpoint & remote_end, window_size_t seq
 #endif
 }
 
-bool checkPacketSeqNr(EncryptedPacket& pack,ConnectionParam& conn)
-{
-	// compare sender_id and seq with window
-	if(conn.seq_window_.hasSeqNr(pack.getSenderId(), pack.getSeqNr()))
-	{
-		cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_ 
-                               << " seq:"<<pack.getSeqNr() << " sid: "<<pack.getSenderId();
-		return false;
-	}
-  
-	conn.seq_window_.addSeqNr(pack.getSenderId(), pack.getSeqNr());
-	return true;
-}
-
 void sender(void* p)
 {
   try 
@@ -338,8 +324,12 @@ void receiver(void* p)
       }	
       
           // Replay Protection
-      if (!checkPacketSeqNr(encrypted_packet, conn))
+      if(conn.seq_window_.checkAndAdd(encrypted_packet.getSenderId(), encrypted_packet.getSeqNr()))
+      {
+        cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_end_ 
+                                   << " seq:"<< encrypted_packet.getSeqNr() << " sid: "<< encrypted_packet.getSenderId();
         continue;
+      }
       
           // generate packet-key
       conn.kd_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key);
diff --git a/src/datatypes.h b/src/datatypes.h
index f4c661a..536719c 100644
--- a/src/datatypes.h
+++ b/src/datatypes.h
@@ -32,7 +32,8 @@
 #ifndef _DATATYPES_H_
 #define _DATATYPES_H_
 
-#include<boost/cstdint.hpp>
+#include <boost/cstdint.hpp>
+#include <boost/integer_traits.hpp>
 
 typedef boost::uint8_t u_int8_t;
 typedef boost::uint16_t u_int16_t;
@@ -46,6 +47,7 @@ typedef boost::int64_t int64_t;
 typedef u_int32_t window_size_t;
 
 typedef u_int32_t seq_nr_t;
+#define SEQ_NR_MAX boost::integer_traits<seq_nr_t>::max()
 typedef u_int16_t sender_id_t;
 typedef u_int16_t payload_type_t;
 typedef u_int16_t mux_t;
diff --git a/src/seqWindow.cpp b/src/seqWindow.cpp
index 1a36392..1ddd3ca 100644
--- a/src/seqWindow.cpp
+++ b/src/seqWindow.cpp
@@ -34,55 +34,118 @@
 
 #include "seqWindow.h"
 
-SeqWindow::SeqWindow(window_size_t w) : window_size_(w)
+SeqWindowElement::SeqWindowElement()
 {
+  window_ = NULL;
+  pos_ = 0;
+  max_ = 0;
 }
 
-SeqWindow::~SeqWindow()
+SeqWindowElement::~SeqWindowElement()
 {
+  if(window_)
+    delete[] window_;
 }
 
-SeqWindow::SeqDeque::size_type SeqWindow::getLength(sender_id_t sender)
+void SeqWindowElement::init(window_size_t w, seq_nr_t m)
 {
-  Lock lock(mutex_);
-  SenderMap::const_iterator s = sender_.find(sender);
-  if(s == sender_.end())
-    return 0;
+  if(window_)
+    delete[] window_;
+  window_ = new u_int8_t[w];
+  memset(window_, 0, w); 
+  pos_ = 0;
+  max_ = m;
+  window_[pos_] = 1;
+}
 
-  return s->second.size();
+SeqWindow::SeqWindow(window_size_t w) : window_size_(w)
+{
 }
 
-bool SeqWindow::hasSeqNr(sender_id_t sender, seq_nr_t seq)
+SeqWindow::~SeqWindow()
+{
+}
+
+bool SeqWindow::checkAndAdd(sender_id_t sender, seq_nr_t seq_nr)
 {
   Lock lock(mutex_);
   if (!window_size_)
     return false;
-  SenderMap::const_iterator s = sender_.find(sender);
-  if(s == sender_.end())
+
+  SenderMap::iterator s = sender_.find(sender);
+  if(s == sender_.end()) {
+    sender_[sender].init(window_size_, seq_nr);
     return false;
+  }
 
-  SeqDeque::const_iterator it;
-  for(it = s->second.begin(); it != s->second.end(); it++)
-    if(*it == seq)
-      return true;
+  int shifted = 0;
+  if(s->second.max_ < window_size_) {
+    s->second.max_ += SEQ_NR_MAX/2;
+    seq_nr += SEQ_NR_MAX/2;
+    shifted = 1;
+  }
+  else if(s->second.max_ > (SEQ_NR_MAX - window_size_)) {
+    s->second.max_ -= SEQ_NR_MAX/2;
+    seq_nr -= SEQ_NR_MAX/2;
+    shifted = 2;
+  }
   
-  return false;
-}
-
-void SeqWindow::addSeqNr(sender_id_t sender, seq_nr_t seq)
-{
-  Lock lock(mutex_);
-  if (!window_size_)
-    return;
-  if(sender_[sender].size() >= window_size_)
-    sender_[sender].pop_front();
-  sender_[sender].push_back(seq);
+  seq_nr_t min = s->second.max_ - window_size_ + 1;
+  if(seq_nr < min || seq_nr == s->second.max_) {
+    if(shifted == 1)
+      s->second.max_ -= SEQ_NR_MAX/2;
+    else if(shifted == 2)
+      s->second.max_ += SEQ_NR_MAX/2;
+    return true;
+  }
+  
+  if(seq_nr > s->second.max_) {
+    seq_nr_t diff = seq_nr - s->second.max_;
+    if(diff >= window_size_)
+      diff = window_size_;
+    
+    window_size_t new_pos = s->second.pos_ + diff;
+    
+    if(new_pos >= window_size_) {
+      new_pos -= window_size_;
+      
+      if(s->second.pos_ < window_size_ - 1)
+        memset(&(s->second.window_[s->second.pos_ + 1]), 0, window_size_ - s->second.pos_ - 1);
+      
+      memset(s->second.window_, 0, new_pos);
+    }
+    else {
+      memset(&(s->second.window_[s->second.pos_ + 1]), 0, diff);
+    }
+    s->second.pos_ = new_pos;
+    s->second.window_[s->second.pos_] = 1;
+    s->second.max_ = seq_nr;
+    
+    if(shifted == 1)
+      s->second.max_ -= SEQ_NR_MAX/2;
+    else if(shifted == 2)
+      s->second.max_ += SEQ_NR_MAX/2;
+    
+    return false;
+  }
+  
+  seq_nr_t diff = s->second.max_ - seq_nr;
+  window_size_t pos = diff > s->second.pos_ ? s->second.pos_ + window_size_ : s->second.pos_; 
+  pos -= diff;
+  
+  if(shifted == 1)
+    s->second.max_ -= SEQ_NR_MAX/2;
+  else if(shifted == 2)
+    s->second.max_ += SEQ_NR_MAX/2;
+  
+  int ret = s->second.window_[pos];
+  s->second.window_[pos] = 1;
+  return ret;
 }
 
 void SeqWindow::clear(sender_id_t sender)
 {
   Lock lock(mutex_);
-  sender_[sender].clear();
   sender_.erase(sender);
 }
 
@@ -91,4 +154,3 @@ void SeqWindow::clear()
   Lock lock(mutex_);
   sender_.clear();
 }
-
diff --git a/src/seqWindow.h b/src/seqWindow.h
index 5bac491..e16e335 100644
--- a/src/seqWindow.h
+++ b/src/seqWindow.h
@@ -39,22 +39,32 @@
 #include "threadUtils.hpp"
 #include "datatypes.h"
 
+class SeqWindow;
+
+class SeqWindowElement {
+public:
+  SeqWindowElement();
+  ~SeqWindowElement();
+
+  void init(window_size_t w, seq_nr_t m);
+
+  seq_nr_t max_;
+  window_size_t pos_;
+  u_int8_t* window_;
+};
+
 class SeqWindow
 {
 public:
-  typedef std::deque<seq_nr_t> SeqDeque;
-  typedef std::map<sender_id_t, SeqDeque> SenderMap;
+  typedef std::map<sender_id_t, SeqWindowElement> SenderMap;
 
   SeqWindow(window_size_t w);
   ~SeqWindow();
 
-  SeqDeque::size_type getLength(sender_id_t sender);
-  bool hasSeqNr(sender_id_t sender, seq_nr_t seq);
-  void addSeqNr(sender_id_t sender, seq_nr_t seq);
+  bool checkAndAdd(sender_id_t sender, seq_nr_t seq_nr);
   void clear(sender_id_t sender);
   void clear();
 
-
 private:
   window_size_t window_size_;
   Mutex mutex_;