]> Cypherpunks.ru repositories - govpn.git/commitdiff
projects / govpn.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 27d75f2)
Allow nonce difference in specified orders, to prevent unordered packets dropping 1.3
authorSergey Matveev <stargrave@stargrave.org>
Sat, 17 Jan 2015 17:35:54 +0000 (20:35 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Sat, 17 Jan 2015 17:35:54 +0000 (20:35 +0300)
Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
govpn.go patch | blob | history
handshake.go patch | blob | history

diff --git a/govpn.go b/govpn.go
index c0f762a9fc3796d270123cc5c611f2ffe8a069df..de54a2f5617fc2b5042e43fddedfd3297cb2f033 100644 (file)
--- a/govpn.go
+++ b/govpn.go
@@ -46,6 +46,7 @@ var (
        upPath     = flag.String("up", "", "Path to up-script")
        downPath   = flag.String("down", "", "Path to down-script")
        mtu        = flag.Int("mtu", 1500, "MTU")
+       nonceDiff  = flag.Int("noncediff", 1, "Allow nonce difference")
        timeoutP   = flag.Int("timeout", 60, "Timeout seconds")
        verboseP   = flag.Bool("v", false, "Increase verbosity")
 )
@@ -94,6 +95,7 @@ func main() {
        flag.Parse()
        timeout := *timeoutP
        verbose := *verboseP
+       noncediff := uint64(*nonceDiff)
        log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile)
 
        // Key decoding
@@ -244,14 +246,14 @@ func main() {
                                                state = &Handshake{addr: udpPkt.addr}
                                                states[addr] = state
                                        }
-                                       p = state.Server(conn, key, udpPktData)
+                                       p = state.Server(noncediff, conn, key, udpPktData)
                                } else {
                                        if !exists {
                                                fmt.Print("[HS?]")
                                                udpSinkReady <- true
                                                continue
                                        }
-                                       p = state.Client(conn, key, udpPktData)
+                                       p = state.Client(noncediff, conn, key, udpPktData)
                                }
                                if p != nil {
                                        fmt.Print("[HS-OK]")
@@ -269,7 +271,7 @@ func main() {
                                continue
                        }
                        nonceRecv, _ := binary.Uvarint(udpPktData[:8])
-                       if peer.nonceRecv >= nonceRecv {
+                       if nonceRecv < peer.nonceRecv-noncediff {
                                fmt.Print("R")
                                udpSinkReady <- true
                                continue
diff --git a/handshake.go b/handshake.go
index 697e75c50170a7a48a65e5eaf660fce81ffcd3e1..8cac69d8f8954965787a33de0c32b6a95b6e7f74 100644 (file)
--- a/handshake.go
+++ b/handshake.go
@@ -112,7 +112,7 @@ func HandshakeStart(conn *net.UDPConn, addr *net.UDPAddr, key *[32]byte) *Handsh
        return &state
 }
 
-func (h *Handshake) Server(conn *net.UDPConn, key *[32]byte, data []byte) *Peer {
+func (h *Handshake) Server(noncediff uint64, conn *net.UDPConn, key *[32]byte, data []byte) *Peer {
        switch len(data) {
        case 56: // R + ENC(PSK, dh_client_pub) + NULLs
                fmt.Print("[HS1]")
@@ -180,7 +180,11 @@ func (h *Handshake) Server(conn *net.UDPConn, key *[32]byte, data []byte) *Peer
                }
 
                // Switch peer
-               peer := Peer{addr: h.addr, nonceOur: 0, nonceRecv: 0}
+               peer := Peer{
+                       addr: h.addr,
+                       nonceOur: noncediff + 0,
+                       nonceRecv: noncediff + 0,
+               }
                peer.key = KeyFromSecrets(h.sServer[:], decRs[8+8:])
                fmt.Print("[OK]")
                return &peer
@@ -190,7 +194,7 @@ func (h *Handshake) Server(conn *net.UDPConn, key *[32]byte, data []byte) *Peer
        return nil
 }
 
-func (h *Handshake) Client(conn *net.UDPConn, key *[32]byte, data []byte) *Peer {
+func (h *Handshake) Client(noncediff uint64, conn *net.UDPConn, key *[32]byte, data []byte) *Peer {
        switch len(data) {
        case 88: // ENC(PSK, dh_server_pub) + ENC(K, RS + SS) + NULLs
                fmt.Print("[HS2]")
@@ -247,7 +251,11 @@ func (h *Handshake) Client(conn *net.UDPConn, key *[32]byte, data []byte) *Peer
                }
 
                // Switch peer
-               peer := Peer{addr: h.addr, nonceOur: 1, nonceRecv: 0}
+               peer := Peer{
+                       addr: h.addr,
+                       nonceOur: noncediff + 1,
+                       nonceRecv: noncediff + 0,
+               }
                peer.key = KeyFromSecrets(h.sServer[:], h.sClient[:])
                fmt.Print("[OK]")
                return &peer
Simple secure free software VPN daemon