Per E-Mail senden: commit.txt
Daniel Schall
Daniel-Schall at web.de
Sun Jul 25 22:38:48 CEST 2010
Hi Guus,
I've attached something like a commit message (I think).
Sorry, but I am not familiar with git and currently familiarizing with it.
In the meantime, I fixed some code and introduced a compatibility wrapper to
allow porting tinc to "Fritz!Box" (using Freetz http://trac.freetz.org/).
The file is called ifaddr-compat.h/c and wraps the function "getifaddrs".
I'm going to answer your questions now:
> Why the need for a response message?
Because a simple "announce/broadcast" can't be authenticated, thus, an
adversary could announce that he's a legitimate endpoint.
Although this would not allow the adversary to decrypt packets,
communication between nodes could be interrupted.
By requesting the nodes to answer by encrypting the challenge, a safe
authentication can be achieved.
Since the challenge is random, no replay attacks can be performed.
> The challenge field is also not necessary in my opinion, unless you meant
> this as a cookie to prevent a HMAC verification from bogus nodes?
Yes, as mentioned, to prevent replay attacks.
> On which version did you base your changes?
I checked out your branch using git, and started implementing.
> In the future, try not to change whitespace unnecesarily.
Sorry for that, I am using eclipse for developing, and I'm kinda used to
push "auto format code" too often.
I must have accidently used it against your code.
> Try to use the same code style as the rest of the tinc source.
I am trying to do this :-)
> It would be nice if send/receive_udp_packet() could be reused for the
multicast packets.
I'll have a look to check if I can reuse this function. If I remember
correctly, I already considered using this function, but something stood in
its way..
> You use strcmp() on the contents of a mcpacket_t without any input
> validation.
Fixed it. I validate the length of the received packet and use strncmp now.
Best,
Daniel
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: commit.txt
URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20100725/197b3b89/attachment-0001.txt>
More information about the tinc-devel
mailing list