diff options
| author | erdgeist <> | 2012-06-03 00:17:07 +0000 | 
|---|---|---|
| committer | erdgeist <> | 2012-06-03 00:17:07 +0000 | 
| commit | 8741c91a7d6f9833301383aa819872e16ed43e25 (patch) | |
| tree | 82fa8070cc4f0cb987574160b770a523b6e57df3 | |
| parent | 7e2bef9bf77d101e10f0f0ec38b014814177f7e3 (diff) | |
Calculate the old hash for the ip address only, when the current one mismatches
| -rw-r--r-- | ot_udp.c | 41 | 
1 files changed, 22 insertions, 19 deletions
| @@ -35,22 +35,20 @@ static void udp_generate_rijndael_round_key() { | |||
| 35 | } | 35 | } | 
| 36 | 36 | ||
| 37 | /* Generate current and previous connection id for ip */ | 37 | /* Generate current and previous connection id for ip */ | 
| 38 | static void udp_make_connectionid( uint32_t connid[4], const ot_ip6 remoteip ) { | 38 | static void udp_make_connectionid( uint32_t connid[2], const ot_ip6 remoteip, int age ) { | 
| 39 | uint32_t plain[4], crypt[4]; | 39 | uint32_t plain[4], crypt[4]; | 
| 40 | int age, i; | 40 | int i; | 
| 41 | if( g_now_minutes + 60 > g_hour_of_the_key ) { | 41 | if( g_now_minutes + 60 > g_hour_of_the_key ) { | 
| 42 | g_hour_of_the_key = g_now_minutes; | 42 | g_hour_of_the_key = g_now_minutes; | 
| 43 | g_key_of_the_hour[1] = g_key_of_the_hour[0]; | 43 | g_key_of_the_hour[1] = g_key_of_the_hour[0]; | 
| 44 | g_key_of_the_hour[0] = random(); | 44 | g_key_of_the_hour[0] = random(); | 
| 45 | } | 45 | } | 
| 46 | 46 | ||
| 47 | for( age = 0; age < 1; ++age ) { | 47 | memcpy( plain, remoteip, sizeof( plain ) ); | 
| 48 | memcpy( plain, remoteip, sizeof( plain ) ); | 48 | for( i=0; i<4; ++i ) plain[i] ^= g_key_of_the_hour[age]; | 
| 49 | for( i=0; i<4; ++i ) plain[i] ^= g_key_of_the_hour[age]; | 49 | rijndaelEncrypt128( g_rijndael_round_key, (uint8_t*)remoteip, (uint8_t*)crypt ); | 
| 50 | rijndaelEncrypt128( g_rijndael_round_key, (uint8_t*)remoteip, (uint8_t*)crypt ); | 50 | connid[0] = crypt[0] ^ crypt[1]; | 
| 51 | connid[2*age ] = crypt[0] ^ crypt[1]; | 51 | connid[1] = crypt[2] ^ crypt[3]; | 
| 52 | connid[2*age+1] = crypt[2] ^ crypt[3]; | ||
| 53 | } | ||
| 54 | } | 52 | } | 
| 55 | 53 | ||
| 56 | /* UDP implementation according to http://xbtt.sourceforge.net/udp_tracker_protocol.html */ | 54 | /* UDP implementation according to http://xbtt.sourceforge.net/udp_tracker_protocol.html */ | 
| @@ -59,7 +57,7 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) { | |||
| 59 | uint32_t *inpacket = (uint32_t*)ws->inbuf; | 57 | uint32_t *inpacket = (uint32_t*)ws->inbuf; | 
| 60 | uint32_t *outpacket = (uint32_t*)ws->outbuf; | 58 | uint32_t *outpacket = (uint32_t*)ws->outbuf; | 
| 61 | uint32_t numwant, left, event, scopeid; | 59 | uint32_t numwant, left, event, scopeid; | 
| 62 | uint32_t connid[4]; | 60 | uint32_t connid[2]; | 
| 63 | uint16_t port, remoteport; | 61 | uint16_t port, remoteport; | 
| 64 | size_t byte_count, scrape_count; | 62 | size_t byte_count, scrape_count; | 
| 65 | 63 | ||
| @@ -75,7 +73,7 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) { | |||
| 75 | 73 | ||
| 76 | /* Generate the connection id we give out and expect to and from | 74 | /* Generate the connection id we give out and expect to and from | 
| 77 | the requesting ip address, this prevents udp spoofing */ | 75 | the requesting ip address, this prevents udp spoofing */ | 
| 78 | udp_make_connectionid( connid, remoteip ); | 76 | udp_make_connectionid( connid, remoteip, 0 ); | 
| 79 | 77 | ||
| 80 | /* Initialise hash pointer */ | 78 | /* Initialise hash pointer */ | 
| 81 | ws->hash = NULL; | 79 | ws->hash = NULL; | 
| @@ -83,14 +81,19 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) { | |||
| 83 | 81 | ||
| 84 | /* If action is not a ntohl(a) == a == 0, then we | 82 | /* If action is not a ntohl(a) == a == 0, then we | 
| 85 | expect the derived connection id in first 64 bit */ | 83 | expect the derived connection id in first 64 bit */ | 
| 86 | if( inpacket[2] && ( inpacket[0] != connid[0] || inpacket[1] != connid[1] ) && | 84 | if( inpacket[2] && ( inpacket[0] != connid[0] || inpacket[1] != connid[1] ) ) { | 
| 87 | ( inpacket[0] != connid[2] || inpacket[1] != connid[3] ) ) { | 85 | /* If connection id does not match, try the one that was | 
| 88 | const size_t s = sizeof( "Connection ID missmatch." ); | 86 | valid in the previous hour. Only if this also does not | 
| 89 | outpacket[0] = 3; outpacket[1] = inpacket[3]; | 87 | match, return an error packet */ | 
| 90 | memcpy( &outpacket[2], "Connection ID missmatch.", s ); | 88 | udp_make_connectionid( connid, remoteip, 1 ); | 
| 91 | socket_send6( serversocket, ws->outbuf, 8 + s, remoteip, remoteport, 0 ); | 89 | if( inpacket[0] != connid[0] || inpacket[1] != connid[1] ) { | 
| 92 | stats_issue_event( EVENT_CONNID_MISSMATCH, FLAG_UDP, 8 + s ); | 90 | const size_t s = sizeof( "Connection ID missmatch." ); | 
| 93 | return 1; | 91 | outpacket[0] = 3; outpacket[1] = inpacket[3]; | 
| 92 | memcpy( &outpacket[2], "Connection ID missmatch.", s ); | ||
| 93 | socket_send6( serversocket, ws->outbuf, 8 + s, remoteip, remoteport, 0 ); | ||
| 94 | stats_issue_event( EVENT_CONNID_MISSMATCH, FLAG_UDP, 8 + s ); | ||
| 95 | return 1; | ||
| 96 | } | ||
| 94 | } | 97 | } | 
| 95 | 98 | ||
| 96 | switch( ntohl( inpacket[2] ) ) { | 99 | switch( ntohl( inpacket[2] ) ) { | 
