Commit ba8f1168 authored by Antonin Décimo's avatar Antonin Décimo Committed by Juliusz Chroboczek

Add rate limitations for challenges.

parent 6d442380
......@@ -549,7 +549,7 @@ preparse_packet(const unsigned char *from, struct interface *ifp,
if(neigh == NULL)
return NULL;
rc = send_challenge_request(neigh);
if(rc)
if(rc < -1)
fputs("Could not send challenge request.\n", stderr);
goto maybe_send_challenge_reply;
}
......@@ -1254,32 +1254,45 @@ int
send_challenge_request(struct neighbour *neigh)
{
int rc;
gettime(&now);
if(timeval_compare(&now, &neigh->challenge_request_limitation) <= 0)
return -1;
debugf("Sending challenge request to %s on %s.\n",
format_address(neigh->address), neigh->ifp->name);
rc = read_random_bytes(neigh->nonce, NONCE_LEN);
if(rc < NONCE_LEN) {
perror("read_random_bytes");
return -1;
return -2;
}
start_message(&neigh->buf, neigh->ifp, MESSAGE_CHALLENGE_REQUEST, NONCE_LEN);
accumulate_bytes(&neigh->buf, neigh->nonce, NONCE_LEN);
end_message(&neigh->buf, MESSAGE_CHALLENGE_REQUEST, NONCE_LEN);
gettime(&now);
timeval_add_msec(&neigh->challenge_deadline, &now, 300);
timeval_add_msec(&neigh->challenge_deadline, &now, 30000);
timeval_add_msec(&neigh->challenge_request_limitation, &now, 300);
schedule_flush_now(&neigh->buf);
return 0;
}
void
int
send_challenge_reply(struct neighbour *neigh, const unsigned char *crypto_nonce,
int len)
{
gettime(&now);
if(timeval_compare(&now, &neigh->challenge_reply_limitation) <= 0)
return -1;
debugf("Sending challenge reply to %s on %s.\n",
format_address(neigh->address), neigh->ifp->name);
start_message(&neigh->buf, neigh->ifp, MESSAGE_CHALLENGE_REPLY, len);
accumulate_bytes(&neigh->buf, crypto_nonce, len);
end_message(&neigh->buf, MESSAGE_CHALLENGE_REPLY, len);
gettime(&now);
timeval_add_msec(&neigh->challenge_reply_limitation, &now, 300);
schedule_flush_now(&neigh->buf);
return 0;
}
static void
......
......@@ -64,7 +64,7 @@ int send_pc(struct buffered *buf, struct interface *ifp);
void send_ack(struct neighbour *neigh, unsigned short nonce,
unsigned short interval);
int send_challenge_request(struct neighbour *neigh);
void send_challenge_reply(struct neighbour *neigh,
int send_challenge_reply(struct neighbour *neigh,
const unsigned char *crypto_nonce, int len);
void send_multicast_hello(struct interface *ifp, unsigned interval, int force);
void send_unicast_hello(struct neighbour *neigh, unsigned interval, int force);
......
......@@ -110,6 +110,8 @@ find_neighbour(const unsigned char *address, struct interface *ifp)
neigh->rtt_time = zero;
neigh->index_len = -1;
neigh->challenge_deadline = zero;
neigh->challenge_request_limitation = zero;
neigh->challenge_reply_limitation = zero;
neigh->ifp = ifp;
neigh->buf.buf = buf;
neigh->buf.size = ifp->buf.size;
......
......@@ -52,6 +52,8 @@ struct neighbour {
unsigned char index[32];
unsigned char nonce[NONCE_LEN];
struct timeval challenge_deadline;
struct timeval challenge_request_limitation;
struct timeval challenge_reply_limitation;
struct interface *ifp;
struct buffered buf;
};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment