Commit ba8f1168 authored by Antonin Décimo's avatar Antonin Décimo Committed by Juliusz Chroboczek

Add rate limitations for challenges.

parent 6d442380
...@@ -549,7 +549,7 @@ preparse_packet(const unsigned char *from, struct interface *ifp, ...@@ -549,7 +549,7 @@ preparse_packet(const unsigned char *from, struct interface *ifp,
if(neigh == NULL) if(neigh == NULL)
return NULL; return NULL;
rc = send_challenge_request(neigh); rc = send_challenge_request(neigh);
if(rc) if(rc < -1)
fputs("Could not send challenge request.\n", stderr); fputs("Could not send challenge request.\n", stderr);
goto maybe_send_challenge_reply; goto maybe_send_challenge_reply;
} }
...@@ -1254,32 +1254,45 @@ int ...@@ -1254,32 +1254,45 @@ int
send_challenge_request(struct neighbour *neigh) send_challenge_request(struct neighbour *neigh)
{ {
int rc; int rc;
gettime(&now);
if(timeval_compare(&now, &neigh->challenge_request_limitation) <= 0)
return -1;
debugf("Sending challenge request to %s on %s.\n", debugf("Sending challenge request to %s on %s.\n",
format_address(neigh->address), neigh->ifp->name); format_address(neigh->address), neigh->ifp->name);
rc = read_random_bytes(neigh->nonce, NONCE_LEN); rc = read_random_bytes(neigh->nonce, NONCE_LEN);
if(rc < NONCE_LEN) { if(rc < NONCE_LEN) {
perror("read_random_bytes"); perror("read_random_bytes");
return -1; return -2;
} }
start_message(&neigh->buf, neigh->ifp, MESSAGE_CHALLENGE_REQUEST, NONCE_LEN); start_message(&neigh->buf, neigh->ifp, MESSAGE_CHALLENGE_REQUEST, NONCE_LEN);
accumulate_bytes(&neigh->buf, neigh->nonce, NONCE_LEN); accumulate_bytes(&neigh->buf, neigh->nonce, NONCE_LEN);
end_message(&neigh->buf, MESSAGE_CHALLENGE_REQUEST, NONCE_LEN); end_message(&neigh->buf, MESSAGE_CHALLENGE_REQUEST, NONCE_LEN);
gettime(&now); gettime(&now);
timeval_add_msec(&neigh->challenge_deadline, &now, 300); timeval_add_msec(&neigh->challenge_deadline, &now, 30000);
timeval_add_msec(&neigh->challenge_request_limitation, &now, 300);
schedule_flush_now(&neigh->buf); schedule_flush_now(&neigh->buf);
return 0; return 0;
} }
void int
send_challenge_reply(struct neighbour *neigh, const unsigned char *crypto_nonce, send_challenge_reply(struct neighbour *neigh, const unsigned char *crypto_nonce,
int len) int len)
{ {
gettime(&now);
if(timeval_compare(&now, &neigh->challenge_reply_limitation) <= 0)
return -1;
debugf("Sending challenge reply to %s on %s.\n", debugf("Sending challenge reply to %s on %s.\n",
format_address(neigh->address), neigh->ifp->name); format_address(neigh->address), neigh->ifp->name);
start_message(&neigh->buf, neigh->ifp, MESSAGE_CHALLENGE_REPLY, len); start_message(&neigh->buf, neigh->ifp, MESSAGE_CHALLENGE_REPLY, len);
accumulate_bytes(&neigh->buf, crypto_nonce, len); accumulate_bytes(&neigh->buf, crypto_nonce, len);
end_message(&neigh->buf, MESSAGE_CHALLENGE_REPLY, len); end_message(&neigh->buf, MESSAGE_CHALLENGE_REPLY, len);
gettime(&now);
timeval_add_msec(&neigh->challenge_reply_limitation, &now, 300);
schedule_flush_now(&neigh->buf); schedule_flush_now(&neigh->buf);
return 0;
} }
static void static void
......
...@@ -64,8 +64,8 @@ int send_pc(struct buffered *buf, struct interface *ifp); ...@@ -64,8 +64,8 @@ int send_pc(struct buffered *buf, struct interface *ifp);
void send_ack(struct neighbour *neigh, unsigned short nonce, void send_ack(struct neighbour *neigh, unsigned short nonce,
unsigned short interval); unsigned short interval);
int send_challenge_request(struct neighbour *neigh); int send_challenge_request(struct neighbour *neigh);
void send_challenge_reply(struct neighbour *neigh, int send_challenge_reply(struct neighbour *neigh,
const unsigned char *crypto_nonce, int len); const unsigned char *crypto_nonce, int len);
void send_multicast_hello(struct interface *ifp, unsigned interval, int force); void send_multicast_hello(struct interface *ifp, unsigned interval, int force);
void send_unicast_hello(struct neighbour *neigh, unsigned interval, int force); void send_unicast_hello(struct neighbour *neigh, unsigned interval, int force);
void send_hello(struct interface *ifp); void send_hello(struct interface *ifp);
......
...@@ -110,6 +110,8 @@ find_neighbour(const unsigned char *address, struct interface *ifp) ...@@ -110,6 +110,8 @@ find_neighbour(const unsigned char *address, struct interface *ifp)
neigh->rtt_time = zero; neigh->rtt_time = zero;
neigh->index_len = -1; neigh->index_len = -1;
neigh->challenge_deadline = zero; neigh->challenge_deadline = zero;
neigh->challenge_request_limitation = zero;
neigh->challenge_reply_limitation = zero;
neigh->ifp = ifp; neigh->ifp = ifp;
neigh->buf.buf = buf; neigh->buf.buf = buf;
neigh->buf.size = ifp->buf.size; neigh->buf.size = ifp->buf.size;
......
...@@ -52,6 +52,8 @@ struct neighbour { ...@@ -52,6 +52,8 @@ struct neighbour {
unsigned char index[32]; unsigned char index[32];
unsigned char nonce[NONCE_LEN]; unsigned char nonce[NONCE_LEN];
struct timeval challenge_deadline; struct timeval challenge_deadline;
struct timeval challenge_request_limitation;
struct timeval challenge_reply_limitation;
struct interface *ifp; struct interface *ifp;
struct buffered buf; struct buffered buf;
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment