diff options
author | Yawning Angel <yawning@schwanenlied.me> | 2014-05-22 18:42:16 +0000 |
---|---|---|
committer | Yawning Angel <yawning@schwanenlied.me> | 2014-05-22 18:42:16 +0000 |
commit | fd4e3c7c74ad4d1acb37c43fde8d18786616846a (patch) | |
tree | 7430e55ef826ed13a934df0a6d361711cc8308da /ntor/ntor_test.go | |
parent | 7dd875fe4cd214a7678e701adfd2a8bde7882e4d (diff) |
Add replay detection to handshakes.
This is done by maintaining a map keyed off the SipHash-2-4 digest of
the MAC_C component of the handshake. Collisions, while possible are
unlikely in the extreme and are thus treated as replays.
In concept this is fairly similar to the ScrambleSuit `replay.py` code,
with a few modifications:
* There is a upper bound on how large the replay filter can grow.
Currently this is set to 102400 entries, though it is unlikely that
this limit will be hit.
* A doubly linked list is also maintained parallel to the map, so the
filter compaction process does not need to iterate over the entire
filter.
Diffstat (limited to 'ntor/ntor_test.go')
0 files changed, 0 insertions, 0 deletions