Only update timestamp and targeting on higher sequence number
This commit is contained in:
Keith Winstein
+10
-3
@@ -93,6 +93,7 @@ Connection::Connection() /* server */
|
|||||||
direction( TO_CLIENT ),
|
direction( TO_CLIENT ),
|
||||||
next_seq( 0 ),
|
next_seq( 0 ),
|
||||||
saved_timestamp( -1 ),
|
saved_timestamp( -1 ),
|
||||||
|
expected_receiver_seq( 0 ),
|
||||||
RTT_hit( false ),
|
RTT_hit( false ),
|
||||||
SRTT( 1000 ),
|
SRTT( 1000 ),
|
||||||
RTTVAR( 500 )
|
RTTVAR( 500 )
|
||||||
@@ -111,6 +112,7 @@ Connection::Connection( const char *key_str, const char *ip, int port ) /* clien
|
|||||||
direction( TO_SERVER ),
|
direction( TO_SERVER ),
|
||||||
next_seq( 0 ),
|
next_seq( 0 ),
|
||||||
saved_timestamp( -1 ),
|
saved_timestamp( -1 ),
|
||||||
|
expected_receiver_seq( 0 ),
|
||||||
RTT_hit( false ),
|
RTT_hit( false ),
|
||||||
SRTT( 1000 ),
|
SRTT( 1000 ),
|
||||||
RTTVAR( 500 )
|
RTTVAR( 500 )
|
||||||
@@ -213,6 +215,12 @@ string Connection::recv( void )
|
|||||||
|
|
||||||
Packet p( string( buf, received_len ), &session );
|
Packet p( string( buf, received_len ), &session );
|
||||||
|
|
||||||
|
dos_assert( p.direction == (server ? TO_SERVER : TO_CLIENT) ); /* prevent malicious playback to sender */
|
||||||
|
|
||||||
|
if ( p.seq >= expected_receiver_seq ) { /* don't use out-of-order packets for timestamp or targeting */
|
||||||
|
expected_receiver_seq = p.seq + 1; /* this is security-sensitive because a replay attack could otherwise
|
||||||
|
screw up the timestamp and targeting */
|
||||||
|
|
||||||
if ( p.timestamp != uint64_t(-1) ) {
|
if ( p.timestamp != uint64_t(-1) ) {
|
||||||
saved_timestamp = p.timestamp;
|
saved_timestamp = p.timestamp;
|
||||||
}
|
}
|
||||||
@@ -237,8 +245,6 @@ string Connection::recv( void )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
dos_assert( p.direction == (server ? TO_SERVER : TO_CLIENT) ); /* prevent malicious playback to sender */
|
|
||||||
|
|
||||||
/* server auto-adjusts to client */
|
/* server auto-adjusts to client */
|
||||||
if ( server ) {
|
if ( server ) {
|
||||||
attached = true;
|
attached = true;
|
||||||
@@ -251,8 +257,9 @@ string Connection::recv( void )
|
|||||||
ntohs( remote_addr.sin_port ) );
|
ntohs( remote_addr.sin_port ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return p.payload;
|
return p.payload; /* we do return out-of-order or duplicated packets to caller */
|
||||||
}
|
}
|
||||||
|
|
||||||
int Connection::port( void )
|
int Connection::port( void )
|
||||||
|
|||||||
@@ -74,6 +74,7 @@ namespace Network {
|
|||||||
Direction direction;
|
Direction direction;
|
||||||
uint64_t next_seq;
|
uint64_t next_seq;
|
||||||
uint64_t saved_timestamp;
|
uint64_t saved_timestamp;
|
||||||
|
uint64_t expected_receiver_seq;
|
||||||
|
|
||||||
bool RTT_hit;
|
bool RTT_hit;
|
||||||
double SRTT;
|
double SRTT;
|
||||||
|
|||||||
@@ -196,7 +196,7 @@ void Transport<MyState, RemoteState>::recv( void )
|
|||||||
|
|
||||||
if ( !found ) {
|
if ( !found ) {
|
||||||
// fprintf( stderr, "Ignoring out-of-order packet. Reference state %d has been discarded or hasn't yet been received.\n", int(inst.old_num) );
|
// fprintf( stderr, "Ignoring out-of-order packet. Reference state %d has been discarded or hasn't yet been received.\n", int(inst.old_num) );
|
||||||
return;
|
return; /* this is security-sensitive and part of how we enforce idempotency */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* apply diff to reference state */
|
/* apply diff to reference state */
|
||||||
|
|||||||
Reference in New Issue
Block a user