Added photuris-like resource protection on the server. Added gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and gnutls_dtls_cookie_set() to avoid initializing a session before cookie is verified.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-03-13 18:11:39 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-03-13 18:11:49 +0100
commit: 541aed3982a0b4e6d968ff2d1a38cfd4306f2d2b (patch)
tree: 3d22f35dc173661d76e7d89aae0551e0c18cbf26 /src
parent: df7d8850afcd11ffa0801ace3f3c742f92327317 (diff)
download: gnutls-541aed3982a0b4e6d968ff2d1a38cfd4306f2d2b.tar.gz
1 files changed, 39 insertions, 4 deletions
diff --git a/src/udp-serv.c b/src/udp-serv.c
index f77961c840..9202565dba 100644
--- a/src/udp-serv.c
+++ b/src/udp-serv.c
@@ -29,11 +29,23 @@ int udp_server(const char* name, int port, int mtu)
     char buffer[MAX_BUFFER];
     priv_data_st priv;
     gnutls_session_t session;
+    gnutls_datum_t cookie_key;
+    gnutls_cookie_st cookie;
     unsigned char sequence[8];
 
+    ret = gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
+    if (ret < 0)
+      {
+        fprintf(stderr, "Cannot generate key\n");
+        exit(1);
+      }
+
     ret = listen_socket (name, port, SOCK_DGRAM);
     if (ret < 0)
-      exit (1);
+      {
+        fprintf(stderr, "Cannot listen\n");
+        exit (1);
+      }
 
     for (;;)
       {
@@ -43,16 +55,39 @@ int udp_server(const char* name, int port, int mtu)
           continue;
 
         cli_addr_size = sizeof(cli_addr);
-        ret = recvfrom(sock, buffer, 1, MSG_PEEK, (struct sockaddr*)&cli_addr, &cli_addr_size);
-        if (ret == 1)
-          printf ("Accepted connection from %s\n",
+        ret = recvfrom(sock, buffer, sizeof(buffer), MSG_PEEK, (struct sockaddr*)&cli_addr, &cli_addr_size);
+        if (ret > 0)
+          {
+            memset(&cookie, 0, sizeof(cookie));
+            ret = gnutls_dtls_cookie_verify(&cookie_key, &cli_addr, sizeof(cli_addr), buffer, ret, &cookie);
+            if (ret < 0) /* cookie not valid */
+              {
+                priv_data_st s;
+                
+                memset(&s,0,sizeof(s));
+                s.fd = sock;
+                s.cli_addr = (void*)&cli_addr;
+                s.cli_addr_size = sizeof(cli_addr);
+                
+                printf("Sending hello verify request to %s\n", human_addr ((struct sockaddr *)
+                  &cli_addr, sizeof(cli_addr), buffer, sizeof(buffer)));
+                gnutls_dtls_cookie_send(&cookie_key, &cli_addr, sizeof(cli_addr), &cookie, (gnutls_transport_ptr_t)&s, push_func);
+
+                /* discard peeked data*/
+                recvfrom(sock, buffer, sizeof(buffer), 0, (struct sockaddr*)&cli_addr, &cli_addr_size);
+                usleep(100);
+                continue;
+              }
+            printf ("Accepted connection from %s\n",
                             human_addr ((struct sockaddr *)
                                         &cli_addr, sizeof(cli_addr), buffer,
                                         sizeof (buffer)));
+          }
         else
           continue;
 
         session = initialize_session(1);
+        gnutls_dtls_cookie_set(session, &cookie);
         if (mtu) gnutls_dtls_set_mtu(session, mtu);
 
         priv.session = session;
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-03-13 18:11:39 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-03-13 18:11:49 +0100
commit	541aed3982a0b4e6d968ff2d1a38cfd4306f2d2b (patch)
tree	3d22f35dc173661d76e7d89aae0551e0c18cbf26 /src
parent	df7d8850afcd11ffa0801ace3f3c742f92327317 (diff)
download	gnutls-541aed3982a0b4e6d968ff2d1a38cfd4306f2d2b.tar.gz