// Incoming message which has passed through the cryptoauth and needs to be forwarded to the switch.
static Iface_DEFUN receivedPostCryptoAuth(struct Message* msg,
struct Peer* ep,
struct InterfaceController_pvt* ic)
{
ep->bytesIn += msg->length;
int caState = CryptoAuth_getState(ep->caSession);
if (ep->state < InterfaceController_PeerState_ESTABLISHED) {
// EP states track CryptoAuth states...
ep->state = caState;
SwitchCore_setInterfaceState(&ep->switchIf, SwitchCore_setInterfaceState_ifaceState_UP);
Bits_memcpy(ep->addr.key, ep->caSession->herPublicKey, 32);
Address_getPrefix(&ep->addr);
if (caState == CryptoAuth_ESTABLISHED) {
moveEndpointIfNeeded(ep);
//sendPeer(0xffffffff, PFChan_Core_PEER, ep);// version is not known at this point.
} else {
// prevent some kinds of nasty things which could be done with packet replay.
// This is checking the message switch header and will drop it unless the label
// directs it to *this* router.
if (msg->length < 8 || msg->bytes[7] != 1) {
Log_info(ic->logger, "DROP message because CA is not established.");
return 0;
} else {
// When a "server" gets a new connection from a "client" the router doesn't
// know about that client so if the client sends a packet to the server, the
// server will be unable to handle it until the client has sent inter-router
// communication to the server. Here we will ping the client so when the
// server gets the ping response, it will insert the client into its table
// and know its version.
// prevent DoS by limiting the number of times this can be called per second
// limit it to 7, this will affect innocent packets but it doesn't matter much
// since this is mostly just an optimization and for keeping the tests happy.
if ((ep->pingCount + 1) % 7) {
sendPing(ep);
}
}
}
} else if (ep->state == InterfaceController_PeerState_UNRESPONSIVE
&& caState == CryptoAuth_ESTABLISHED)
{
ep->state = InterfaceController_PeerState_ESTABLISHED;
SwitchCore_setInterfaceState(&ep->switchIf, SwitchCore_setInterfaceState_ifaceState_UP);
} else {
ep->timeOfLastMessage = Time_currentTimeMilliseconds(ic->eventBase);
}
Identity_check(ep);
Assert_true(!(msg->capacity % 4));
return Iface_next(&ep->switchIf, msg);
}
// Incoming message which has passed through the cryptoauth and needs to be forwarded to the switch.
static uint8_t receivedAfterCryptoAuth(struct Message* msg, struct Interface* cryptoAuthIf)
{
struct InterfaceController_Peer* ep =
Identity_check((struct InterfaceController_Peer*) cryptoAuthIf->receiverContext);
struct InterfaceController_pvt* ic = ifcontrollerForPeer(ep);
// nonce added by the CryptoAuth session.
Message_pop(msg, NULL, 4, NULL);
ep->bytesIn += msg->length;
int caState = CryptoAuth_getState(cryptoAuthIf);
if (ep->state < InterfaceController_PeerState_ESTABLISHED) {
// EP states track CryptoAuth states...
ep->state = caState;
if (caState == CryptoAuth_ESTABLISHED) {
moveEndpointIfNeeded(ep, ic);
} else {
// prevent some kinds of nasty things which could be done with packet replay.
// This is checking the message switch header and will drop it unless the label
// directs it to *this* router.
if (msg->length < 8 || msg->bytes[7] != 1) {
Log_info(ic->logger, "DROP message because CA is not established.");
return Error_NONE;
} else {
// When a "server" gets a new connection from a "client" the router doesn't
// know about that client so if the client sends a packet to the server, the
// server will be unable to handle it until the client has sent inter-router
// communication to the server. Here we will ping the client so when the
// server gets the ping response, it will insert the client into its table
// and know its version.
// prevent DoS by limiting the number of times this can be called per second
// limit it to 7, this will affect innocent packets but it doesn't matter much
// since this is mostly just an optimization and for keeping the tests happy.
if ((ep->pingCount + 1) % 7) {
sendPing(ep);
}
}
}
} else if (ep->state == InterfaceController_PeerState_UNRESPONSIVE
&& caState == CryptoAuth_ESTABLISHED)
{
ep->state = InterfaceController_PeerState_ESTABLISHED;
} else {
ep->timeOfLastMessage = Time_currentTimeMilliseconds(ic->eventBase);
}
Identity_check(ep);
Assert_true(!(msg->capacity % 4));
return Interface_receiveMessage(&ep->switchIf, msg);
}
// Incoming message which has passed through the cryptoauth and needs to be forwarded to the switch.
static uint8_t receivedAfterCryptoAuth(struct Message* msg, struct Interface* cryptoAuthIf)
{
struct IFCPeer* ep = Identity_cast((struct IFCPeer*) cryptoAuthIf->receiverContext);
struct Context* ic = ifcontrollerForPeer(ep);
ep->bytesIn += msg->length;
if (ep->state < InterfaceController_PeerState_ESTABLISHED) {
if (CryptoAuth_getState(cryptoAuthIf) >= CryptoAuth_HANDSHAKE3) {
moveEndpointIfNeeded(ep, ic);
ep->state = InterfaceController_PeerState_ESTABLISHED;
} else {
ep->state = InterfaceController_PeerState_HANDSHAKE;
// prevent some kinds of nasty things which could be done with packet replay.
// This is checking the message switch header and will drop it unless the label
// directs it to *this* router.
if (msg->length < 8 || msg->bytes[7] != 1) {
Log_info(ic->logger, "Dropping message because CA is not established.");
return Error_NONE;
} else {
// When a "server" gets a new connection from a "client" the router doesn't
// know about that client so if the client sends a packet to the server, the
// server will be unable to handle it until the client has sent inter-router
// communication to the server. Here we will ping the client so when the
// server gets the ping response, it will insert the client into its table
// and know its version.
pingCallback(ic);
}
}
} else if (ep->state == InterfaceController_PeerState_UNRESPONSIVE
&& CryptoAuth_getState(cryptoAuthIf) >= CryptoAuth_HANDSHAKE3)
{
ep->state = InterfaceController_PeerState_ESTABLISHED;
} else {
ep->timeOfLastMessage = Time_currentTimeMilliseconds(ic->eventBase);
}
return ep->switchIf.receiveMessage(msg, &ep->switchIf);
}
