From 682bbdfebdb8b97cbb7d9cd8a1ea6b424d1bc789 Mon Sep 17 00:00:00 2001 From: Keith Winstein Date: Wed, 23 May 2012 18:08:31 -0400 Subject: [PATCH] Warn on out-of-order or duplicated packets (or missing nonce increment!) --- src/frontend/stmclient.cc | 9 +++++++-- src/network/network.cc | 15 +++++++++++++-- src/network/network.h | 10 +++++++++- src/network/networktransport.h | 1 + 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/src/frontend/stmclient.cc b/src/frontend/stmclient.cc index 3ba7b36..4911c14 100644 --- a/src/frontend/stmclient.cc +++ b/src/frontend/stmclient.cc @@ -402,11 +402,16 @@ void STMClient::main( void ) network->tick(); - const Network::NetworkException *exn = network->get_send_exception(); + const Network::NetworkException *exn = network->get_recv_exception(); if ( exn ) { overlays.get_notification_engine().set_network_exception( *exn ); } else { - overlays.get_notification_engine().clear_network_exception(); + exn = network->get_send_exception(); + if ( exn ) { + overlays.get_notification_engine().set_network_exception( *exn ); + } else { + overlays.get_notification_engine().clear_network_exception(); + } } } catch ( Network::NetworkException e ) { if ( !network->shutdown_in_progress() ) { diff --git a/src/network/network.cc b/src/network/network.cc index 4df9506..1af2925 100644 --- a/src/network/network.cc +++ b/src/network/network.cc @@ -133,7 +133,9 @@ Connection::Connection( const char *desired_ip, const char *desired_port ) /* se SRTT( 1000 ), RTTVAR( 500 ), have_send_exception( false ), - send_exception() + send_exception(), + have_recv_exception( false ), + recv_exception() { setup(); @@ -242,7 +244,9 @@ Connection::Connection( const char *key_str, const char *ip, int port ) /* clien SRTT( 1000 ), RTTVAR( 500 ), have_send_exception( false ), - send_exception() + send_exception(), + have_recv_exception( false ), + recv_exception() { setup(); @@ -306,6 +310,11 @@ string Connection::recv( void ) dos_assert( p.direction == (server ? TO_SERVER : TO_CLIENT) ); /* prevent malicious playback to sender */ + if ( p.seq < expected_receiver_seq ) { + have_recv_exception = true; + recv_exception = NetworkException( "Out-of-order or duplicated packet received", 0 ); + } + if ( p.seq >= expected_receiver_seq ) { /* don't use out-of-order packets for timestamp or targeting */ expected_receiver_seq = p.seq + 1; /* this is security-sensitive because a replay attack could otherwise screw up the timestamp and targeting */ @@ -346,6 +355,8 @@ string Connection::recv( void ) ntohs( remote_addr.sin_port ) ); } } + + have_recv_exception = false; } return p.payload; /* we do return out-of-order or duplicated packets to caller */ diff --git a/src/network/network.h b/src/network/network.h index 83a29c4..f352901 100644 --- a/src/network/network.h +++ b/src/network/network.h @@ -102,11 +102,14 @@ namespace Network { double SRTT; double RTTVAR; - /* Exception from send(), to be delivered if the frontend asks for it, + /* Exception from send() or recv(), to be delivered if the frontend asks for it, without altering control flow. */ bool have_send_exception; NetworkException send_exception; + bool have_recv_exception; + NetworkException recv_exception; + Packet new_packet( string &s_payload ); public: @@ -132,6 +135,11 @@ namespace Network { { return have_send_exception ? &send_exception : NULL; } + + const NetworkException *get_recv_exception( void ) const + { + return have_recv_exception ? &recv_exception : NULL; + } }; } diff --git a/src/network/networktransport.h b/src/network/networktransport.h index 7019dd8..e4a38e0 100644 --- a/src/network/networktransport.h +++ b/src/network/networktransport.h @@ -104,6 +104,7 @@ namespace Network { const struct in_addr & get_remote_ip( void ) const { return connection.get_remote_ip(); } const NetworkException *get_send_exception( void ) const { return connection.get_send_exception(); } + const NetworkException *get_recv_exception( void ) const { return connection.get_recv_exception(); } }; }