diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2012-04-19 17:42:56 +0200 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2012-04-19 17:42:56 +0200 |
| commit | 8c91443808ce376947ff387eaffca6e8cfbe9251 (patch) | |
| tree | 227a4367a2c013bbee40dc99c8abafc52da5ee2e /src/config.c | |
| parent | c5b12202c834fe484634131ee9a91465b9e6e7bc (diff) | |
| download | fastd-8c91443808ce376947ff387eaffca6e8cfbe9251.tar fastd-8c91443808ce376947ff387eaffca6e8cfbe9251.zip | |
Don't regenerate session handshake keypair for every handshake so a global state can be used; remove the concept of temporary peers
These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another
protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs
are removed completely.
Diffstat (limited to 'src/config.c')
| -rw-r--r-- | src/config.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/config.c b/src/config.c index 3e42f38..c5c4c65 100644 --- a/src/config.c +++ b/src/config.c @@ -55,7 +55,6 @@ static void default_config(fastd_config *conf) { conf->keepalive_interval = 60; conf->peer_stale_time = 300; - conf->peer_stale_time_temp = 30; conf->eth_addr_stale_time = 300; conf->ifname = NULL; @@ -668,7 +667,7 @@ static void reconfigure_handle_old_peers(fastd_context *ctx, fastd_peer_config * static void reconfigure_reset_waiting(fastd_context *ctx) { fastd_peer *peer; for (peer = ctx->peers; peer; peer = peer->next) { - if (fastd_peer_is_waiting(peer)) + if (!fastd_peer_is_established(peer)) fastd_peer_reset(ctx, peer); } } |