Warn on out-of-order or duplicated packets (or missing nonce increment!)

mobile-shell · May 23, 2012 · 682bbdf · 682bbdf
1 parent 0b5a643
commit 682bbdf
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 5 deletions.
diff --git a/src/frontend/stmclient.cc b/src/frontend/stmclient.cc
@@ -402,11 +402,16 @@ void STMClient::main( void )
 
       network->tick();
 
-      const Network::NetworkException *exn = network->get_send_exception();
+      const Network::NetworkException *exn = network->get_recv_exception();
       if ( exn ) {
         overlays.get_notification_engine().set_network_exception( *exn );
       } else {
-        overlays.get_notification_engine().clear_network_exception();
+	exn = network->get_send_exception();
+	if ( exn ) {
+	  overlays.get_notification_engine().set_network_exception( *exn );
+	} else {
+	  overlays.get_notification_engine().clear_network_exception();
+	}
       }
     } catch ( Network::NetworkException e ) {
       if ( !network->shutdown_in_progress() ) {

diff --git a/src/network/network.cc b/src/network/network.cc
@@ -133,7 +133,9 @@ Connection::Connection( const char *desired_ip, const char *desired_port ) /* se
     SRTT( 1000 ),
     RTTVAR( 500 ),
     have_send_exception( false ),
-    send_exception()
+    send_exception(),
+    have_recv_exception( false ),
+    recv_exception()
 {
   setup();
 
@@ -242,7 +244,9 @@ Connection::Connection( const char *key_str, const char *ip, int port ) /* clien
     SRTT( 1000 ),
     RTTVAR( 500 ),
     have_send_exception( false ),
-    send_exception()
+    send_exception(),
+    have_recv_exception( false ),
+    recv_exception()
 {
   setup();
 
@@ -306,6 +310,11 @@ string Connection::recv( void )
 
   dos_assert( p.direction == (server ? TO_SERVER : TO_CLIENT) ); /* prevent malicious playback to sender */
 
+  if ( p.seq < expected_receiver_seq ) {
+    have_recv_exception = true;
+    recv_exception = NetworkException( "Out-of-order or duplicated packet received", 0 );
+  }
+
   if ( p.seq >= expected_receiver_seq ) { /* don't use out-of-order packets for timestamp or targeting */
     expected_receiver_seq = p.seq + 1; /* this is security-sensitive because a replay attack could otherwise
 					  screw up the timestamp and targeting */
@@ -346,6 +355,8 @@ string Connection::recv( void )
 		 ntohs( remote_addr.sin_port ) );
       }
     }
+
+    have_recv_exception = false;
   }
 
   return p.payload; /* we do return out-of-order or duplicated packets to caller */

diff --git a/src/network/network.h b/src/network/network.h
@@ -102,11 +102,14 @@ namespace Network {
     double SRTT;
     double RTTVAR;
 
-    /* Exception from send(), to be delivered if the frontend asks for it,
+    /* Exception from send() or recv(), to be delivered if the frontend asks for it,
        without altering control flow. */
     bool have_send_exception;
     NetworkException send_exception;
 
+    bool have_recv_exception;
+    NetworkException recv_exception;
+
     Packet new_packet( string &s_payload );
 
   public:
@@ -132,6 +135,11 @@ namespace Network {
     {
       return have_send_exception ? &send_exception : NULL;
     }
+
+    const NetworkException *get_recv_exception( void ) const
+    {
+      return have_recv_exception ? &recv_exception : NULL;
+    }
   };
 }
 

diff --git a/src/network/networktransport.h b/src/network/networktransport.h
@@ -104,6 +104,7 @@ namespace Network {
     const struct in_addr & get_remote_ip( void ) const { return connection.get_remote_ip(); }
 
     const NetworkException *get_send_exception( void ) const { return connection.get_send_exception(); }
+    const NetworkException *get_recv_exception( void ) const { return connection.get_recv_exception(); }
   };
 }