Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
babeld
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
babeld
Commits
ba8f1168
Commit
ba8f1168
authored
Aug 20, 2020
by
Antonin Décimo
Committed by
Juliusz Chroboczek
May 30, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add rate limitations for challenges.
parent
6d442380
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
23 additions
and
6 deletions
+23
-6
message.c
message.c
+17
-4
message.h
message.h
+2
-2
neighbour.c
neighbour.c
+2
-0
neighbour.h
neighbour.h
+2
-0
No files found.
message.c
View file @
ba8f1168
...
@@ -549,7 +549,7 @@ preparse_packet(const unsigned char *from, struct interface *ifp,
...
@@ -549,7 +549,7 @@ preparse_packet(const unsigned char *from, struct interface *ifp,
if
(
neigh
==
NULL
)
if
(
neigh
==
NULL
)
return
NULL
;
return
NULL
;
rc
=
send_challenge_request
(
neigh
);
rc
=
send_challenge_request
(
neigh
);
if
(
rc
)
if
(
rc
<
-
1
)
fputs
(
"Could not send challenge request.
\n
"
,
stderr
);
fputs
(
"Could not send challenge request.
\n
"
,
stderr
);
goto
maybe_send_challenge_reply
;
goto
maybe_send_challenge_reply
;
}
}
...
@@ -1254,32 +1254,45 @@ int
...
@@ -1254,32 +1254,45 @@ int
send_challenge_request
(
struct
neighbour
*
neigh
)
send_challenge_request
(
struct
neighbour
*
neigh
)
{
{
int
rc
;
int
rc
;
gettime
(
&
now
);
if
(
timeval_compare
(
&
now
,
&
neigh
->
challenge_request_limitation
)
<=
0
)
return
-
1
;
debugf
(
"Sending challenge request to %s on %s.
\n
"
,
debugf
(
"Sending challenge request to %s on %s.
\n
"
,
format_address
(
neigh
->
address
),
neigh
->
ifp
->
name
);
format_address
(
neigh
->
address
),
neigh
->
ifp
->
name
);
rc
=
read_random_bytes
(
neigh
->
nonce
,
NONCE_LEN
);
rc
=
read_random_bytes
(
neigh
->
nonce
,
NONCE_LEN
);
if
(
rc
<
NONCE_LEN
)
{
if
(
rc
<
NONCE_LEN
)
{
perror
(
"read_random_bytes"
);
perror
(
"read_random_bytes"
);
return
-
1
;
return
-
2
;
}
}
start_message
(
&
neigh
->
buf
,
neigh
->
ifp
,
MESSAGE_CHALLENGE_REQUEST
,
NONCE_LEN
);
start_message
(
&
neigh
->
buf
,
neigh
->
ifp
,
MESSAGE_CHALLENGE_REQUEST
,
NONCE_LEN
);
accumulate_bytes
(
&
neigh
->
buf
,
neigh
->
nonce
,
NONCE_LEN
);
accumulate_bytes
(
&
neigh
->
buf
,
neigh
->
nonce
,
NONCE_LEN
);
end_message
(
&
neigh
->
buf
,
MESSAGE_CHALLENGE_REQUEST
,
NONCE_LEN
);
end_message
(
&
neigh
->
buf
,
MESSAGE_CHALLENGE_REQUEST
,
NONCE_LEN
);
gettime
(
&
now
);
gettime
(
&
now
);
timeval_add_msec
(
&
neigh
->
challenge_deadline
,
&
now
,
300
);
timeval_add_msec
(
&
neigh
->
challenge_deadline
,
&
now
,
30000
);
timeval_add_msec
(
&
neigh
->
challenge_request_limitation
,
&
now
,
300
);
schedule_flush_now
(
&
neigh
->
buf
);
schedule_flush_now
(
&
neigh
->
buf
);
return
0
;
return
0
;
}
}
void
int
send_challenge_reply
(
struct
neighbour
*
neigh
,
const
unsigned
char
*
crypto_nonce
,
send_challenge_reply
(
struct
neighbour
*
neigh
,
const
unsigned
char
*
crypto_nonce
,
int
len
)
int
len
)
{
{
gettime
(
&
now
);
if
(
timeval_compare
(
&
now
,
&
neigh
->
challenge_reply_limitation
)
<=
0
)
return
-
1
;
debugf
(
"Sending challenge reply to %s on %s.
\n
"
,
debugf
(
"Sending challenge reply to %s on %s.
\n
"
,
format_address
(
neigh
->
address
),
neigh
->
ifp
->
name
);
format_address
(
neigh
->
address
),
neigh
->
ifp
->
name
);
start_message
(
&
neigh
->
buf
,
neigh
->
ifp
,
MESSAGE_CHALLENGE_REPLY
,
len
);
start_message
(
&
neigh
->
buf
,
neigh
->
ifp
,
MESSAGE_CHALLENGE_REPLY
,
len
);
accumulate_bytes
(
&
neigh
->
buf
,
crypto_nonce
,
len
);
accumulate_bytes
(
&
neigh
->
buf
,
crypto_nonce
,
len
);
end_message
(
&
neigh
->
buf
,
MESSAGE_CHALLENGE_REPLY
,
len
);
end_message
(
&
neigh
->
buf
,
MESSAGE_CHALLENGE_REPLY
,
len
);
gettime
(
&
now
);
timeval_add_msec
(
&
neigh
->
challenge_reply_limitation
,
&
now
,
300
);
schedule_flush_now
(
&
neigh
->
buf
);
schedule_flush_now
(
&
neigh
->
buf
);
return
0
;
}
}
static
void
static
void
...
...
message.h
View file @
ba8f1168
...
@@ -64,7 +64,7 @@ int send_pc(struct buffered *buf, struct interface *ifp);
...
@@ -64,7 +64,7 @@ int send_pc(struct buffered *buf, struct interface *ifp);
void
send_ack
(
struct
neighbour
*
neigh
,
unsigned
short
nonce
,
void
send_ack
(
struct
neighbour
*
neigh
,
unsigned
short
nonce
,
unsigned
short
interval
);
unsigned
short
interval
);
int
send_challenge_request
(
struct
neighbour
*
neigh
);
int
send_challenge_request
(
struct
neighbour
*
neigh
);
void
send_challenge_reply
(
struct
neighbour
*
neigh
,
int
send_challenge_reply
(
struct
neighbour
*
neigh
,
const
unsigned
char
*
crypto_nonce
,
int
len
);
const
unsigned
char
*
crypto_nonce
,
int
len
);
void
send_multicast_hello
(
struct
interface
*
ifp
,
unsigned
interval
,
int
force
);
void
send_multicast_hello
(
struct
interface
*
ifp
,
unsigned
interval
,
int
force
);
void
send_unicast_hello
(
struct
neighbour
*
neigh
,
unsigned
interval
,
int
force
);
void
send_unicast_hello
(
struct
neighbour
*
neigh
,
unsigned
interval
,
int
force
);
...
...
neighbour.c
View file @
ba8f1168
...
@@ -110,6 +110,8 @@ find_neighbour(const unsigned char *address, struct interface *ifp)
...
@@ -110,6 +110,8 @@ find_neighbour(const unsigned char *address, struct interface *ifp)
neigh
->
rtt_time
=
zero
;
neigh
->
rtt_time
=
zero
;
neigh
->
index_len
=
-
1
;
neigh
->
index_len
=
-
1
;
neigh
->
challenge_deadline
=
zero
;
neigh
->
challenge_deadline
=
zero
;
neigh
->
challenge_request_limitation
=
zero
;
neigh
->
challenge_reply_limitation
=
zero
;
neigh
->
ifp
=
ifp
;
neigh
->
ifp
=
ifp
;
neigh
->
buf
.
buf
=
buf
;
neigh
->
buf
.
buf
=
buf
;
neigh
->
buf
.
size
=
ifp
->
buf
.
size
;
neigh
->
buf
.
size
=
ifp
->
buf
.
size
;
...
...
neighbour.h
View file @
ba8f1168
...
@@ -52,6 +52,8 @@ struct neighbour {
...
@@ -52,6 +52,8 @@ struct neighbour {
unsigned
char
index
[
32
];
unsigned
char
index
[
32
];
unsigned
char
nonce
[
NONCE_LEN
];
unsigned
char
nonce
[
NONCE_LEN
];
struct
timeval
challenge_deadline
;
struct
timeval
challenge_deadline
;
struct
timeval
challenge_request_limitation
;
struct
timeval
challenge_reply_limitation
;
struct
interface
*
ifp
;
struct
interface
*
ifp
;
struct
buffered
buf
;
struct
buffered
buf
;
};
};
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment