[ViewVC] Diff of: cvs/gvpe/src/protocol.C

Comparing gvpe/src/protocol.C (file contents):
Revision 1.6 by pcg, Sun Mar 9 12:40:18 2003 UTC vs.
Revision 1.8 by pcg, Mon Mar 17 15:20:18 2003 UTC

   if (conf->inherit_tos
       && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
       && ((*pkt)[14] & 0xf0) == 0x40)             // IPv4
     tos = (*pkt)[15] & IPTOS_TOS_MASK;
-  printf ("%d %02x %02x %02x %02x = %02x\n", (int)conf->inherit_tos, (*pkt)[12],(*pkt)[13],(*pkt)[14],(*pkt)[15], tos);
   p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
   vpn->send_vpn_packet (p, &sa, tos);
   delete p;
                 if (!memcmp ((u8 *)gen_challenge (ssa) + sizeof (u32), (u8 *)&k + sizeof (u32),
                              sizeof (rsachallenge) - sizeof (u32)))
                   {
                     delete ictx;
-                    ictx   = new crypto_ctx (k, 0);
+                    ictx = new crypto_ctx (k, 0);
-                    iseqno = *(u32 *)&k[CHG_SEQNO] & 0x7fffffff;	// at least 2**31 sequence numbers are valid
+                    iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff);	// at least 2**31 sequence numbers are valid
-                    ismask = 0xffffffff;				// initially, all lower sequence numbers are invalid
                     sa = *ssa;
                     next_rekey = now + ::conf.rekey;
                     next_wakeup (next_rekey);
               else
                 {
                   u32 seqno;
                   tap_packet *d = p->unpack (this, seqno);
-                  if (seqno <= iseqno - 32)
+                  if (iseqno.recv_ok (seqno))
-                    slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n"
-                                   "possible replay attack, or just massive packet reordering"), seqno, iseqno + 1);//D
-                  else if (seqno > iseqno + 32)
-                    slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n"
-                                   "possible replay attack, or just massive packet loss"), seqno, iseqno + 1);//D
-                  else
                     {
-                      if (seqno > iseqno)
-                        {
-                          ismask <<= seqno - iseqno;
-                          iseqno = seqno;
-                        }
-                      u32 mask = 1 << (iseqno - seqno);
-                      //printf ("received seqno %08lx, iseqno %08lx, mask %08lx is %08lx\n", seqno, iseqno, mask, ismask);
-                      if (ismask & mask)
-                        slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n"
-                                       "possible replay attack, or just packet duplication"), seqno, iseqno + 1);//D
-                      else
-                        {
-                          ismask |= mask;
-                          vpn->tap->send (d);
+                      vpn->tap->send (d);
-                          if (p->dst () == 0) // re-broadcast
+                      if (p->dst () == 0) // re-broadcast
-                            for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
+                        for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
-                              {
+                          {
-                                connection *c = *i;
+                            connection *c = *i;
-                                if (c->conf != THISNODE && c->conf != conf)
+                            if (c->conf != THISNODE && c->conf != conf)
-                                  c->inject_data_packet (d);
+                              c->inject_data_packet (d);
-                              }
-                          delete d;
-                          break;
-                        }
+                          }
+                      delete d;
+                      break;
                     }
                 }
             }
           else
             slog (L_ERR,  _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/protocol.C (file contents): Revision 1.6 by pcg, Sun Mar 9 12:40:18 2003 UTC vs. Revision 1.8 by pcg, Mon Mar 17 15:20:18 2003 UTC

Diff Legend

Comparing gvpe/src/protocol.C (file contents):
Revision 1.6 by pcg, Sun Mar 9 12:40:18 2003 UTC vs.
Revision 1.8 by pcg, Mon Mar 17 15:20:18 2003 UTC