#include "trackerlogic.h"
#include "ot_udp.h"
#include "ot_stats.h"
+#include "ot_rijndael.h"
static const uint8_t g_static_connid[8] = { 0x23, 0x42, 0x05, 0x17, 0xde, 0x41, 0x50, 0xff };
+static uint32_t g_rijndael_round_key[44] = {0};
+static uint32_t g_key_of_the_hour[2] = {0};
+static ot_time g_hour_of_the_key;
-static void udp_make_connectionid( uint32_t * connid, const ot_ip6 remoteip ) {
- /* Touch unused variable */
- (void)remoteip;
+static void udp_generate_rijndael_round_key() {
+ uint8_t key[16];
+ key[0] = random(); key[1] = random(); key[2] = random(); key[3] = random();
+ rijndaelKeySetupEnc128( g_rijndael_round_key, key );
- /* Use a static secret for now */
- memcpy( connid, g_static_connid, 8 );
+ g_key_of_the_hour[0] = random();
+ g_hour_of_the_key = g_now_minutes;
+}
+
+/* Generate current and previous connection id for ip */
+static void udp_make_connectionid( uint32_t connid[4], const ot_ip6 remoteip ) {
+ uint32_t plain[4], crypt[4];
+ int age, i;
+
+ if( g_now_minutes + 60 > g_hour_of_the_key ) {
+ g_hour_of_the_key = g_now_minutes;
+ g_key_of_the_hour[1] = g_key_of_the_hour[0];
+ g_key_of_the_hour[0] = random();
+ }
+
+ for( age = 0; age < 1; ++age ) {
+ memcpy( plain, remoteip, sizeof( plain ) );
+ for( i=0; i<4; ++i ) plain[i] ^= g_key_of_the_hour[age];
+ rijndaelEncrypt128( g_rijndael_round_key, (uint8_t*)remoteip, (uint8_t*)crypt );
+ connid[2*age ] = crypt[0] ^ crypt[1];
+ connid[2*age+1] = crypt[2] ^ crypt[3];
+ }
}
/* UDP implementation according to http://xbtt.sourceforge.net/udp_tracker_protocol.html */
uint32_t *inpacket = (uint32_t*)ws->inbuf;
uint32_t *outpacket = (uint32_t*)ws->outbuf;
uint32_t numwant, left, event, scopeid;
+ uint32_t connid[4];
uint16_t port, remoteport;
size_t byte_count, scrape_count;
stats_issue_event( EVENT_ACCEPT, FLAG_UDP, (uintptr_t)remoteip );
stats_issue_event( EVENT_READ, FLAG_UDP, byte_count );
+ /* Minimum udp tracker packet size, also catches error */
+ if( byte_count < 16 )
+ return 1;
+
+ /* Generate the connection id we give out and expect to and from
+ the requesting ip address, this prevents udp spoofing */
+ udp_make_connectionid( connid, remoteip );
+
/* Initialise hash pointer */
ws->hash = NULL;
ws->peer_id = NULL;
- /* Minimum udp tracker packet size, also catches error */
- if( byte_count < 16 )
+ /* If action is not a ntohl(a) == a == 0, then we
+ expect the derived connection id in first 64 bit */
+ if( inpacket[2] && ( inpacket[0] != connid[0] || inpacket[1] != connid[1] ) &&
+ ( inpacket[0] != connid[2] || inpacket[1] != connid[3] ) ) {
+ const size_t s = sizeof( "Connection ID missmatch." );
+ outpacket[0] = 3; outpacket[1] = inpacket[3];
+ memcpy( &outpacket[2], "Connection ID missmatch.", s );
+ socket_send6( serversocket, ws->outbuf, 8 + s, remoteip, remoteport, 0 );
+ stats_issue_event( EVENT_CONNID_MISSMATCH, FLAG_UDP, 8 + s );
return 1;
+ }
switch( ntohl( inpacket[2] ) ) {
case 0: /* This is a connect action */
outpacket[0] = 0;
outpacket[1] = inpacket[3];
- udp_make_connectionid( outpacket + 2, remoteip );
+ outpacket[2] = connid[0];
+ outpacket[3] = connid[1];
socket_send6( serversocket, ws->outbuf, 16, remoteip, remoteport, 0 );
stats_issue_event( EVENT_CONNECT, FLAG_UDP, 16 );
void udp_init( int64 sock, unsigned int worker_count ) {
pthread_t thread_id;
+ if( !g_rijndael_round_key[0] )
+ udp_generate_rijndael_round_key();
#ifdef _DEBUG
fprintf( stderr, " installing %d workers on udp socket %ld", worker_count, (unsigned long)sock );
#endif
projects / thirdparty / opentracker.git / commitdiff
