… | |
… | |
160 | bool can (sockinfo &si) { return u32_rate_limiter::can((u32)si.host); } |
160 | bool can (sockinfo &si) { return u32_rate_limiter::can((u32)si.host); } |
161 | |
161 | |
162 | net_rate_limiter (time_t every) : u32_rate_limiter (every) {} |
162 | net_rate_limiter (time_t every) : u32_rate_limiter (every) {} |
163 | }; |
163 | }; |
164 | |
164 | |
|
|
165 | struct sliding_window { |
|
|
166 | u32 v[(WINDOWSIZE + 31) / 32]; |
|
|
167 | u32 seq; |
|
|
168 | |
|
|
169 | void reset (u32 seqno) |
|
|
170 | { |
|
|
171 | memset (v, -1, sizeof v); |
|
|
172 | seq = seqno; |
|
|
173 | } |
|
|
174 | |
|
|
175 | bool recv_ok (u32 seqno) |
|
|
176 | { |
|
|
177 | if (seqno <= seq - WINDOWSIZE) |
|
|
178 | slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n" |
|
|
179 | "possible replay attack, or just massive packet reordering"), seqno, seq + 1);//D |
|
|
180 | else if (seqno > seq + WINDOWSIZE) |
|
|
181 | slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n" |
|
|
182 | "possible replay attack, or just massive packet loss"), seqno, seq + 1);//D |
|
|
183 | else |
|
|
184 | { |
|
|
185 | while (seqno > seq) |
|
|
186 | { |
|
|
187 | seq++; |
|
|
188 | |
|
|
189 | u32 s = seq % WINDOWSIZE; |
|
|
190 | u32 *cell = v + (s >> 5); |
|
|
191 | u32 mask = 1 << (s & 31); |
|
|
192 | |
|
|
193 | *cell &= ~mask; |
|
|
194 | } |
|
|
195 | |
|
|
196 | u32 s = seqno % WINDOWSIZE; |
|
|
197 | u32 *cell = v + (s >> 5); |
|
|
198 | u32 mask = 1 << (s & 31); |
|
|
199 | |
|
|
200 | //printf ("received seqno %08lx, seq %08lx, mask %08lx is %08lx\n", seqno, seq, mask, ismask); |
|
|
201 | if (*cell & mask) |
|
|
202 | { |
|
|
203 | slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n" |
|
|
204 | "possible replay attack, or just packet duplication"), seqno, seq + 1);//D |
|
|
205 | return false; |
|
|
206 | } |
|
|
207 | else |
|
|
208 | { |
|
|
209 | *cell |= mask; |
|
|
210 | return true; |
|
|
211 | } |
|
|
212 | } |
|
|
213 | } |
|
|
214 | }; |
|
|
215 | |
165 | #endif |
216 | #endif |
166 | |
217 | |