From 8741c91a7d6f9833301383aa819872e16ed43e25 Mon Sep 17 00:00:00 2001 From: erdgeist <> Date: Sun, 3 Jun 2012 00:17:07 +0000 Subject: Calculate the old hash for the ip address only, when the current one mismatches --- ot_udp.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/ot_udp.c b/ot_udp.c index 1945247..bd84ebb 100644 --- a/ot_udp.c +++ b/ot_udp.c @@ -35,22 +35,20 @@ static void udp_generate_rijndael_round_key() { } /* Generate current and previous connection id for ip */ -static void udp_make_connectionid( uint32_t connid[4], const ot_ip6 remoteip ) { +static void udp_make_connectionid( uint32_t connid[2], const ot_ip6 remoteip, int age ) { uint32_t plain[4], crypt[4]; - int age, i; + int i; if( g_now_minutes + 60 > g_hour_of_the_key ) { g_hour_of_the_key = g_now_minutes; g_key_of_the_hour[1] = g_key_of_the_hour[0]; g_key_of_the_hour[0] = random(); } - for( age = 0; age < 1; ++age ) { - memcpy( plain, remoteip, sizeof( plain ) ); - for( i=0; i<4; ++i ) plain[i] ^= g_key_of_the_hour[age]; - rijndaelEncrypt128( g_rijndael_round_key, (uint8_t*)remoteip, (uint8_t*)crypt ); - connid[2*age ] = crypt[0] ^ crypt[1]; - connid[2*age+1] = crypt[2] ^ crypt[3]; - } + memcpy( plain, remoteip, sizeof( plain ) ); + for( i=0; i<4; ++i ) plain[i] ^= g_key_of_the_hour[age]; + rijndaelEncrypt128( g_rijndael_round_key, (uint8_t*)remoteip, (uint8_t*)crypt ); + connid[0] = crypt[0] ^ crypt[1]; + connid[1] = crypt[2] ^ crypt[3]; } /* UDP implementation according to http://xbtt.sourceforge.net/udp_tracker_protocol.html */ @@ -59,7 +57,7 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) { uint32_t *inpacket = (uint32_t*)ws->inbuf; uint32_t *outpacket = (uint32_t*)ws->outbuf; uint32_t numwant, left, event, scopeid; - uint32_t connid[4]; + uint32_t connid[2]; uint16_t port, remoteport; size_t byte_count, scrape_count; @@ -75,7 +73,7 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) { /* Generate the connection id we give out and expect to and from the requesting ip address, this prevents udp spoofing */ - udp_make_connectionid( connid, remoteip ); + udp_make_connectionid( connid, remoteip, 0 ); /* Initialise hash pointer */ ws->hash = NULL; @@ -83,14 +81,19 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) { /* If action is not a ntohl(a) == a == 0, then we expect the derived connection id in first 64 bit */ - if( inpacket[2] && ( inpacket[0] != connid[0] || inpacket[1] != connid[1] ) && - ( inpacket[0] != connid[2] || inpacket[1] != connid[3] ) ) { - const size_t s = sizeof( "Connection ID missmatch." ); - outpacket[0] = 3; outpacket[1] = inpacket[3]; - memcpy( &outpacket[2], "Connection ID missmatch.", s ); - socket_send6( serversocket, ws->outbuf, 8 + s, remoteip, remoteport, 0 ); - stats_issue_event( EVENT_CONNID_MISSMATCH, FLAG_UDP, 8 + s ); - return 1; + if( inpacket[2] && ( inpacket[0] != connid[0] || inpacket[1] != connid[1] ) ) { + /* If connection id does not match, try the one that was + valid in the previous hour. Only if this also does not + match, return an error packet */ + udp_make_connectionid( connid, remoteip, 1 ); + if( inpacket[0] != connid[0] || inpacket[1] != connid[1] ) { + const size_t s = sizeof( "Connection ID missmatch." ); + outpacket[0] = 3; outpacket[1] = inpacket[3]; + memcpy( &outpacket[2], "Connection ID missmatch.", s ); + socket_send6( serversocket, ws->outbuf, 8 + s, remoteip, remoteport, 0 ); + stats_issue_event( EVENT_CONNID_MISSMATCH, FLAG_UDP, 8 + s ); + return 1; + } } switch( ntohl( inpacket[2] ) ) { -- cgit v1.2.3