diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2013-12-31 11:03:45 -0800 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2013-12-31 11:03:45 -0800 |
| commit | 10df5dcf707e76d4f66daef8dfb4a51df27abce1 (patch) | |
| tree | e52a72a59461b0125f91261a4029e39c0a0b23dd /node/Peer.cpp | |
| parent | 8055635e85beba3f0cf028cf3efe50dbf99b0cc3 (diff) | |
| download | infinitytier-10df5dcf707e76d4f66daef8dfb4a51df27abce1.tar.gz infinitytier-10df5dcf707e76d4f66daef8dfb4a51df27abce1.zip | |
Fix several things:
(1) The changes to path learning in the two previous releases were poorly thought out,
and this version should remedy that by introducing PROBE. This is basically a kind of
ECHO request and is used to authenticate endpoints that are not learned via a valid
request/response pair. Thus we will still passively learn endpoints, but securely.
(2) Turns out there was a security oversight in _doHELLO() that could have permitted...
well... I'm not sure it was exploitable to do anything particularly interesting since
a bad identity would be discarded anyway, but fix it just the same.
Diffstat (limited to 'node/Peer.cpp')
| -rw-r--r-- | node/Peer.cpp | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/node/Peer.cpp b/node/Peer.cpp index e7db125d..6e5e5175 100644 --- a/node/Peer.cpp +++ b/node/Peer.cpp @@ -40,10 +40,10 @@ Peer::Peer() : _lastUnicastFrame(0), _lastMulticastFrame(0), _lastAnnouncedTo(0), - _latency(0), _vMajor(0), _vMinor(0), _vRevision(0), + _latency(0), _requestHistoryPtr(0) { } @@ -91,7 +91,7 @@ void Peer::onReceive( // Do things like learn latency or endpoints on OK or ERROR replies if (inReVerb != Packet::VERB_NOP) { for(unsigned int p=0;p<ZT_PEER_REQUEST_HISTORY_LENGTH;++p) { - if ((_requestHistory[p].packetId == inRePacketId)&&(_requestHistory[p].verb == inReVerb)) { + if ((_requestHistory[p].timestamp)&&(_requestHistory[p].packetId == inRePacketId)&&(_requestHistory[p].verb == inReVerb)) { _latency = std::min((unsigned int)(now - _requestHistory[p].timestamp),(unsigned int)0xffff); // Only learn paths on replies to packets we have sent, otherwise @@ -100,11 +100,17 @@ void Peer::onReceive( if (!wp->fixed) wp->addr = remoteAddr; - _requestHistory[p].packetId = 0; + _requestHistory[p].timestamp = 0; break; } } } + + // If we get a valid packet with a different address that is not a response + // to a request, send a PROBE to authenticate this endpoint and determine if + // it is reachable. + if ((!wp->fixed)&&(wp->addr != remoteAddr)) + _r->sw->sendPROBE(SharedPtr<Peer>(this),localPort,remoteAddr); } if (verb == Packet::VERB_FRAME) { |