Configurable ReplayWindow size, zero disables
This commit is contained in:
Brandon L Black
Guus Sliepen
parent
8dfe1b374e
commit
23acc19bc0
7 changed files with 43 additions and 18 deletions
|
|
@ -106,6 +106,7 @@ extern list_t *outgoing_list;
|
|||
extern int maxoutbufsize;
|
||||
extern int seconds_till_retry;
|
||||
extern int addressfamily;
|
||||
extern unsigned replaywin;
|
||||
|
||||
extern listen_socket_t listen_socket[MAXSOCKETS];
|
||||
extern int listen_sockets;
|
||||
|
|
|
|||
|
|
@ -60,6 +60,8 @@ static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999
|
|||
|
||||
static void send_udppacket(node_t *, vpn_packet_t *);
|
||||
|
||||
unsigned replaywin = 16;
|
||||
|
||||
#define MAX_SEQNO 1073741824
|
||||
|
||||
// mtuprobes == 1..30: initial discovery, send bursts with 1 second interval
|
||||
|
|
@ -293,25 +295,27 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
|||
inpkt->len -= sizeof(inpkt->seqno);
|
||||
inpkt->seqno = ntohl(inpkt->seqno);
|
||||
|
||||
if(inpkt->seqno != n->received_seqno + 1) {
|
||||
if(inpkt->seqno >= n->received_seqno + sizeof(n->late) * 8) {
|
||||
logger(LOG_WARNING, "Lost %d packets from %s (%s)",
|
||||
inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
|
||||
|
||||
memset(n->late, 0, sizeof(n->late));
|
||||
} else if (inpkt->seqno <= n->received_seqno) {
|
||||
if((n->received_seqno >= sizeof(n->late) * 8 && inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8) || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) {
|
||||
logger(LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
|
||||
n->name, n->hostname, inpkt->seqno, n->received_seqno);
|
||||
return;
|
||||
if(replaywin) {
|
||||
if(inpkt->seqno != n->received_seqno + 1) {
|
||||
if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
|
||||
logger(LOG_WARNING, "Lost %d packets from %s (%s)",
|
||||
inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
|
||||
|
||||
memset(n->late, 0, replaywin);
|
||||
} else if (inpkt->seqno <= n->received_seqno) {
|
||||
if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
|
||||
logger(LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
|
||||
n->name, n->hostname, inpkt->seqno, n->received_seqno);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
for(i = n->received_seqno + 1; i < inpkt->seqno; i++)
|
||||
n->late[(i / 8) % replaywin] |= 1 << i % 8;
|
||||
}
|
||||
} else {
|
||||
for(i = n->received_seqno + 1; i < inpkt->seqno; i++)
|
||||
n->late[(i / 8) % sizeof(n->late)] |= 1 << i % 8;
|
||||
}
|
||||
}
|
||||
|
||||
n->late[(inpkt->seqno / 8) % sizeof(n->late)] &= ~(1 << inpkt->seqno % 8);
|
||||
n->late[(inpkt->seqno / 8) % replaywin] &= ~(1 << inpkt->seqno % 8);
|
||||
}
|
||||
|
||||
if(inpkt->seqno > n->received_seqno)
|
||||
n->received_seqno = inpkt->seqno;
|
||||
|
|
|
|||
|
|
@ -276,6 +276,7 @@ bool setup_myself(void) {
|
|||
struct addrinfo *ai, *aip, hint = {0};
|
||||
bool choice;
|
||||
int i, err;
|
||||
int replaywin_int;
|
||||
|
||||
myself = new_node();
|
||||
myself->connection = new_connection();
|
||||
|
|
@ -419,6 +420,14 @@ bool setup_myself(void) {
|
|||
}
|
||||
}
|
||||
|
||||
if(get_config_int(lookup_config(config_tree, "ReplayWindow"), &replaywin_int)) {
|
||||
if(replaywin_int < 0) {
|
||||
logger(LOG_ERR, "ReplayWindow cannot be negative!");
|
||||
return false;
|
||||
}
|
||||
replaywin = (unsigned)replaywin_int;
|
||||
}
|
||||
|
||||
if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) {
|
||||
if(!strcasecmp(afname, "IPv4"))
|
||||
addressfamily = AF_INET;
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ void exit_nodes(void) {
|
|||
node_t *new_node(void) {
|
||||
node_t *n = xmalloc_and_zero(sizeof(*n));
|
||||
|
||||
if(replaywin) n->late = xmalloc_and_zero(replaywin);
|
||||
n->subnet_tree = new_subnet_tree();
|
||||
n->edge_tree = new_edge_tree();
|
||||
EVP_CIPHER_CTX_init(&n->inctx);
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ typedef struct node_t {
|
|||
|
||||
uint32_t sent_seqno; /* Sequence number last sent to this node */
|
||||
uint32_t received_seqno; /* Sequence number last received from this node */
|
||||
unsigned char late[16]; /* Bitfield marking late packets */
|
||||
unsigned char* late; /* Bitfield marking late packets */
|
||||
|
||||
length_t mtu; /* Maximum size of packets to send to this node */
|
||||
length_t minmtu; /* Probed minimum MTU */
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ bool send_ans_key(node_t *to) {
|
|||
// Reset sequence number and late packet window
|
||||
mykeyused = true;
|
||||
to->received_seqno = 0;
|
||||
memset(to->late, 0, sizeof(to->late));
|
||||
if(replaywin) memset(to->late, 0, replaywin);
|
||||
|
||||
// Convert to hexadecimal and send
|
||||
char key[2 * to->inkeylength + 1];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue