ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.12 by pcg, Sun Apr 13 16:53:36 2003 UTC vs.
Revision 1.16 by pcg, Mon Sep 1 15:52:03 2003 UTC

197// only do action once every x seconds per host whole allowing bursts. 197// only do action once every x seconds per host whole allowing bursts.
198// this implementation ("splay list" ;) is inefficient, 198// this implementation ("splay list" ;) is inefficient,
199// but low on resources. 199// but low on resources.
200struct net_rate_limiter : list<net_rateinfo> 200struct net_rate_limiter : list<net_rateinfo>
201{ 201{
202 static const double ALPHA = 1. - 1. / 180.; // allow bursts 202 static const double ALPHA = 1. - 1. / 600.; // allow bursts
203 static const double CUTOFF = 10.; // one event every CUTOFF seconds 203 static const double CUTOFF = 10.; // one event every CUTOFF seconds
204 static const double EXPIRE = CUTOFF * 30.; // expire entries after this time 204 static const double EXPIRE = CUTOFF * 30.; // expire entries after this time
205 static const double MAXDIF = CUTOFF * (1. / (1. - ALPHA)); // maximum diff /count value 205 static const double MAXDIF = CUTOFF * (1. / (1. - ALPHA)); // maximum diff /count value
206 206
207 bool can (const sockinfo &si) { return can((u32)si.host); } 207 bool can (const sockinfo &si) { return can((u32)si.host); }
208 bool can (u32 host); 208 bool can (u32 host);
209}; 209};
210 210
211net_rate_limiter auth_rate_limiter, reset_rate_limiter; 211net_rate_limiter auth_rate_limiter, reset_rate_limiter;
212 212
475 set_hdr (type, dst); 475 set_hdr (type, dst);
476} 476}
477 477
478bool config_packet::chk_config () const 478bool config_packet::chk_config () const
479{ 479{
480 return prot_major == PROTOCOL_MAJOR 480 if (prot_major != PROTOCOL_MAJOR)
481 && randsize == RAND_SIZE 481 slog (L_WARN, _("major version mismatch (%d <=> %d)"), prot_major, PROTOCOL_MAJOR);
482 && hmaclen == HMACLENGTH 482 else if (randsize != RAND_SIZE)
483 && flags == curflags () 483 slog (L_WARN, _("rand size mismatch (%d <=> %d)"), randsize, RAND_SIZE);
484 else if (hmaclen != HMACLENGTH)
485 slog (L_WARN, _("hmac length mismatch (%d <=> %d)"), hmaclen, HMACLENGTH);
486 else if (flags != curflags ())
487 slog (L_WARN, _("flag mismatch (%x <=> %x)"), flags, curflags ());
484 && challengelen == sizeof (rsachallenge) 488 else if (challengelen != sizeof (rsachallenge))
489 slog (L_WARN, _("challenge length mismatch (%d <=> %d)"), challengelen, sizeof (rsachallenge));
485 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER)) 490 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER)))
491 slog (L_WARN, _("cipher mismatch (%x <=> %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER));
486 && digest_nid == htonl (EVP_MD_type (RSA_HASH)) 492 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH)))
493 slog (L_WARN, _("digest mismatch (%x <=> %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
487 && hmac_nid == htonl (EVP_MD_type (DIGEST)); 494 else if (hmac_nid != htonl (EVP_MD_type (DIGEST)))
495 slog (L_WARN, _("hmac mismatch (%x <=> %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST));
496 else
497 return true;
498
499 return false;
488} 500}
489 501
490struct auth_req_packet : config_packet 502struct auth_req_packet : config_packet
491{ 503{
492 char magic[8]; 504 char magic[8];
916 connection_established (); 928 connection_established ();
917 929
918 break; 930 break;
919 } 931 }
920 } 932 }
933 else
934 slog (L_WARN, _("%s(%s): protocol mismatch"),
935 conf->nodename, (const char *)rsi);
921 936
922 send_reset (rsi); 937 send_reset (rsi);
923 } 938 }
924 939
925 break; 940 break;
938 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 953 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
939 954
940 rsachallenge chg; 955 rsachallenge chg;
941 956
942 if (!rsa_cache.find (p->id, chg)) 957 if (!rsa_cache.find (p->id, chg))
958 {
943 slog (L_ERR, _("%s(%s): unrequested auth response"), 959 slog (L_ERR, _("%s(%s): unrequested auth response"),
944 conf->nodename, (const char *)rsi); 960 conf->nodename, (const char *)rsi);
961 break;
962 }
945 else 963 else
946 { 964 {
947 crypto_ctx *cctx = new crypto_ctx (chg, 0); 965 crypto_ctx *cctx = new crypto_ctx (chg, 0);
948 966
949 if (!p->hmac_chk (cctx)) 967 if (!p->hmac_chk (cctx))
1025 c->inject_data_packet (d); 1043 c->inject_data_packet (d);
1026 } 1044 }
1027 1045
1028 if (si != rsi) 1046 if (si != rsi)
1029 { 1047 {
1030 // fast re-sync on conneciton changes, useful especially for tcp/ip 1048 // fast re-sync on connection changes, useful especially for tcp/ip
1031 si = rsi; 1049 si = rsi;
1032 1050
1033 slog (L_INFO, _("%s(%s): socket address changed to %s"), 1051 slog (L_INFO, _("%s(%s): socket address changed to %s"),
1034 conf->nodename, (const char *)si, (const char *)rsi); 1052 conf->nodename, (const char *)si, (const char *)rsi);
1035 } 1053 }

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines