From 8c91443808ce376947ff387eaffca6e8cfbe9251 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Thu, 19 Apr 2012 17:42:56 +0200 Subject: Don't regenerate session handshake keypair for every handshake so a global state can be used; remove the concept of temporary peers These changes will fix the possibility of a TCP-SYN-Flood-like DoS attack, at the cost of another protocol change: as we can't count request IDs when we don't know have temporary peers, request IDs are removed completely. --- src/config.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/config.c') diff --git a/src/config.c b/src/config.c index 3e42f38..c5c4c65 100644 --- a/src/config.c +++ b/src/config.c @@ -55,7 +55,6 @@ static void default_config(fastd_config *conf) { conf->keepalive_interval = 60; conf->peer_stale_time = 300; - conf->peer_stale_time_temp = 30; conf->eth_addr_stale_time = 300; conf->ifname = NULL; @@ -668,7 +667,7 @@ static void reconfigure_handle_old_peers(fastd_context *ctx, fastd_peer_config * static void reconfigure_reset_waiting(fastd_context *ctx) { fastd_peer *peer; for (peer = ctx->peers; peer; peer = peer->next) { - if (fastd_peer_is_waiting(peer)) + if (!fastd_peer_is_established(peer)) fastd_peer_reset(ctx, peer); } } -- cgit v1.2.3