| … | |
… | |
| 27 | #include <openssl/rsa.h> |
27 | #include <openssl/rsa.h> |
| 28 | |
28 | |
| 29 | #include "gettext.h" |
29 | #include "gettext.h" |
| 30 | |
30 | |
| 31 | #include "slog.h" |
31 | #include "slog.h" |
| 32 | #include "iom.h" |
32 | #include "ev_cpp.h" |
|
|
33 | #include "callback.h" |
|
|
34 | |
|
|
35 | typedef ev_tstamp tstamp; |
| 33 | |
36 | |
| 34 | /* |
37 | /* |
| 35 | * check for an existing gvpe for this net, and write pid to pidfile |
38 | * check for an existing gvpe for this net, and write pid to pidfile |
| 36 | */ |
39 | */ |
| 37 | extern int write_pidfile (void); |
40 | extern int write_pidfile (void); |
| … | |
… | |
| 57 | |
60 | |
| 58 | extern void id2mac (unsigned int id, void *m); |
61 | extern void id2mac (unsigned int id, void *m); |
| 59 | |
62 | |
| 60 | #define mac2id(p) ((p)[0] & 0x01 ? 0 : ((p)[4] << 8) | (p)[5]) |
63 | #define mac2id(p) ((p)[0] & 0x01 ? 0 : ((p)[4] << 8) | (p)[5]) |
| 61 | |
64 | |
| 62 | struct sliding_window { |
65 | struct sliding_window |
|
|
66 | { |
| 63 | u32 v[(WINDOWSIZE + 31) / 32]; |
67 | u32 v[(WINDOWSIZE + 31) / 32]; |
| 64 | u32 seq; |
68 | u32 seq; |
| 65 | |
69 | |
| 66 | void reset (u32 seqno) |
70 | void reset (u32 seqno) |
| 67 | { |
71 | { |
| … | |
… | |
| 71 | |
75 | |
| 72 | bool recv_ok (u32 seqno) |
76 | bool recv_ok (u32 seqno) |
| 73 | { |
77 | { |
| 74 | if (seqno <= seq - WINDOWSIZE) |
78 | if (seqno <= seq - WINDOWSIZE) |
| 75 | slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n" |
79 | slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n" |
| 76 | "possible replay attack, or just massive packet reordering"), seqno, seq + 1);//D |
80 | "possible replay attack, or just massive packet reordering"), seqno, seq + 1); |
| 77 | else if (seqno > seq + WINDOWSIZE) |
81 | else if (seqno > seq + WINDOWSIZE * 4) |
| 78 | slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n" |
82 | slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n" |
| 79 | "possible replay attack, or just massive packet loss"), seqno, seq + 1);//D |
83 | "possible replay attack, or just massive packet loss"), seqno, seq + 1); |
| 80 | else |
84 | else |
| 81 | { |
85 | { |
| 82 | while (seqno > seq) |
86 | while (seqno > seq) |
| 83 | { |
87 | { |
| 84 | seq++; |
88 | seq++; |
| … | |
… | |
| 93 | u32 s = seqno % WINDOWSIZE; |
97 | u32 s = seqno % WINDOWSIZE; |
| 94 | u32 *cell = v + (s >> 5); |
98 | u32 *cell = v + (s >> 5); |
| 95 | u32 mask = 1 << (s & 31); |
99 | u32 mask = 1 << (s & 31); |
| 96 | |
100 | |
| 97 | if (*cell & mask) |
101 | if (*cell & mask) |
| 98 | { |
|
|
| 99 | slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n" |
102 | slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n" |
| 100 | "possible replay attack, or just packet duplication"), seqno, seq + 1);//D |
103 | "possible replay attack, or just packet duplication"), seqno, seq + 1); |
| 101 | return false; |
|
|
| 102 | } |
|
|
| 103 | else |
104 | else |
| 104 | { |
105 | { |
| 105 | *cell |= mask; |
106 | *cell |= mask; |
| 106 | return true; |
107 | return true; |
| 107 | } |
108 | } |
| 108 | } |
109 | } |
|
|
110 | |
|
|
111 | return false; |
| 109 | } |
112 | } |
| 110 | }; |
113 | }; |
| 111 | |
114 | |
| 112 | typedef callback0<const char *> run_script_cb; |
115 | typedef callback<const char * ()> run_script_cb; |
| 113 | |
116 | |
| 114 | // run a shell script (or actually an external program). |
117 | // run a shell script (or actually an external program). |
| 115 | bool run_script (const run_script_cb &cb, bool wait); |
118 | bool run_script (const run_script_cb &cb, bool wait); |
| 116 | |
119 | |
| 117 | #if ENABLE_HTTP_PROXY |
120 | #if ENABLE_HTTP_PROXY |
