Per E-Mail senden: commit.txt

Daniel Schall Daniel-Schall at web.de
Sun Jul 25 22:38:48 CEST 2010 

Hi Guus,

I've attached something like a commit message (I think).
Sorry, but I am not familiar with git and currently familiarizing with it.

In the meantime, I fixed some code and introduced a compatibility wrapper to
allow porting tinc to "Fritz!Box" (using Freetz http://trac.freetz.org/).
The file is called ifaddr-compat.h/c and wraps the function "getifaddrs".

I'm going to answer your questions now:

> Why the need for a response message?
Because a simple "announce/broadcast" can't be authenticated, thus, an
adversary could announce that he's a legitimate endpoint.
Although this would not allow the adversary to decrypt packets,
communication between nodes could be interrupted.
By requesting the nodes to answer by encrypting the challenge, a safe
authentication can be achieved.
Since the challenge is random, no replay attacks can be performed.

> The challenge field is also not necessary in my opinion, unless you meant
> this as a cookie to prevent a HMAC verification from bogus nodes?
Yes, as mentioned, to prevent replay attacks.

> On which version did you base your changes?
I checked out your branch using git, and started implementing.

> In the future, try not to change whitespace unnecesarily.
Sorry for that, I am using eclipse for developing, and I'm kinda used to
push "auto format code" too often.
I must have accidently used it against your code.

> Try to use the same code style as the rest of the tinc source.
I am trying to do this :-)

> It would be nice if send/receive_udp_packet() could be reused for the
multicast packets.
I'll have a look to check if I can reuse this function. If I remember
correctly, I already considered using this function, but something stood in
its way..

> You use strcmp() on the contents of a mcpacket_t without any input
> validation.
Fixed it. I validate the length of the received packet and use strncmp now.


Best,

Daniel
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: commit.txt
URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20100725/197b3b89/attachment-0001.txt>

More information about the tinc-devel mailing list