Warn on out-of-order or duplicated packets (or missing nonce increment!)
This commit is contained in:
Keith Winstein
@@ -402,12 +402,17 @@ void STMClient::main( void )
|
|||||||
|
|
||||||
network->tick();
|
network->tick();
|
||||||
|
|
||||||
const Network::NetworkException *exn = network->get_send_exception();
|
const Network::NetworkException *exn = network->get_recv_exception();
|
||||||
|
if ( exn ) {
|
||||||
|
overlays.get_notification_engine().set_network_exception( *exn );
|
||||||
|
} else {
|
||||||
|
exn = network->get_send_exception();
|
||||||
if ( exn ) {
|
if ( exn ) {
|
||||||
overlays.get_notification_engine().set_network_exception( *exn );
|
overlays.get_notification_engine().set_network_exception( *exn );
|
||||||
} else {
|
} else {
|
||||||
overlays.get_notification_engine().clear_network_exception();
|
overlays.get_notification_engine().clear_network_exception();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} catch ( Network::NetworkException e ) {
|
} catch ( Network::NetworkException e ) {
|
||||||
if ( !network->shutdown_in_progress() ) {
|
if ( !network->shutdown_in_progress() ) {
|
||||||
overlays.get_notification_engine().set_network_exception( e );
|
overlays.get_notification_engine().set_network_exception( e );
|
||||||
|
|||||||
+13
-2
@@ -133,7 +133,9 @@ Connection::Connection( const char *desired_ip, const char *desired_port ) /* se
|
|||||||
SRTT( 1000 ),
|
SRTT( 1000 ),
|
||||||
RTTVAR( 500 ),
|
RTTVAR( 500 ),
|
||||||
have_send_exception( false ),
|
have_send_exception( false ),
|
||||||
send_exception()
|
send_exception(),
|
||||||
|
have_recv_exception( false ),
|
||||||
|
recv_exception()
|
||||||
{
|
{
|
||||||
setup();
|
setup();
|
||||||
|
|
||||||
@@ -242,7 +244,9 @@ Connection::Connection( const char *key_str, const char *ip, int port ) /* clien
|
|||||||
SRTT( 1000 ),
|
SRTT( 1000 ),
|
||||||
RTTVAR( 500 ),
|
RTTVAR( 500 ),
|
||||||
have_send_exception( false ),
|
have_send_exception( false ),
|
||||||
send_exception()
|
send_exception(),
|
||||||
|
have_recv_exception( false ),
|
||||||
|
recv_exception()
|
||||||
{
|
{
|
||||||
setup();
|
setup();
|
||||||
|
|
||||||
@@ -306,6 +310,11 @@ string Connection::recv( void )
|
|||||||
|
|
||||||
dos_assert( p.direction == (server ? TO_SERVER : TO_CLIENT) ); /* prevent malicious playback to sender */
|
dos_assert( p.direction == (server ? TO_SERVER : TO_CLIENT) ); /* prevent malicious playback to sender */
|
||||||
|
|
||||||
|
if ( p.seq < expected_receiver_seq ) {
|
||||||
|
have_recv_exception = true;
|
||||||
|
recv_exception = NetworkException( "Out-of-order or duplicated packet received", 0 );
|
||||||
|
}
|
||||||
|
|
||||||
if ( p.seq >= expected_receiver_seq ) { /* don't use out-of-order packets for timestamp or targeting */
|
if ( p.seq >= expected_receiver_seq ) { /* don't use out-of-order packets for timestamp or targeting */
|
||||||
expected_receiver_seq = p.seq + 1; /* this is security-sensitive because a replay attack could otherwise
|
expected_receiver_seq = p.seq + 1; /* this is security-sensitive because a replay attack could otherwise
|
||||||
screw up the timestamp and targeting */
|
screw up the timestamp and targeting */
|
||||||
@@ -346,6 +355,8 @@ string Connection::recv( void )
|
|||||||
ntohs( remote_addr.sin_port ) );
|
ntohs( remote_addr.sin_port ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
have_recv_exception = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return p.payload; /* we do return out-of-order or duplicated packets to caller */
|
return p.payload; /* we do return out-of-order or duplicated packets to caller */
|
||||||
|
|||||||
@@ -102,11 +102,14 @@ namespace Network {
|
|||||||
double SRTT;
|
double SRTT;
|
||||||
double RTTVAR;
|
double RTTVAR;
|
||||||
|
|
||||||
/* Exception from send(), to be delivered if the frontend asks for it,
|
/* Exception from send() or recv(), to be delivered if the frontend asks for it,
|
||||||
without altering control flow. */
|
without altering control flow. */
|
||||||
bool have_send_exception;
|
bool have_send_exception;
|
||||||
NetworkException send_exception;
|
NetworkException send_exception;
|
||||||
|
|
||||||
|
bool have_recv_exception;
|
||||||
|
NetworkException recv_exception;
|
||||||
|
|
||||||
Packet new_packet( string &s_payload );
|
Packet new_packet( string &s_payload );
|
||||||
|
|
||||||
public:
|
public:
|
||||||
@@ -132,6 +135,11 @@ namespace Network {
|
|||||||
{
|
{
|
||||||
return have_send_exception ? &send_exception : NULL;
|
return have_send_exception ? &send_exception : NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const NetworkException *get_recv_exception( void ) const
|
||||||
|
{
|
||||||
|
return have_recv_exception ? &recv_exception : NULL;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -104,6 +104,7 @@ namespace Network {
|
|||||||
const struct in_addr & get_remote_ip( void ) const { return connection.get_remote_ip(); }
|
const struct in_addr & get_remote_ip( void ) const { return connection.get_remote_ip(); }
|
||||||
|
|
||||||
const NetworkException *get_send_exception( void ) const { return connection.get_send_exception(); }
|
const NetworkException *get_send_exception( void ) const { return connection.get_send_exception(); }
|
||||||
|
const NetworkException *get_recv_exception( void ) const { return connection.get_recv_exception(); }
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user