|
|
|
@ -74,6 +74,10 @@ |
|
|
|
#define MAX_FRAG 1 |
|
|
|
#endif |
|
|
|
|
|
|
|
#ifndef FRAG_TIMEOUT |
|
|
|
#define FRAG_TIMEOUT 0.5f |
|
|
|
#endif |
|
|
|
|
|
|
|
#ifdef USE_NFCONNTRACK_TOS |
|
|
|
|
|
|
|
#ifndef MARK_MAX_PACKET |
|
|
|
@ -707,6 +711,11 @@ server_recv_cb(EV_P_ ev_io *w, int revents) |
|
|
|
|
|
|
|
// Only timer the watcher if a valid connection is established |
|
|
|
ev_timer_again(EV_A_ & server->recv_ctx->watcher); |
|
|
|
} else if (server->stage == STAGE_INIT && server->frag > 0) { |
|
|
|
|
|
|
|
// reset the timer for fragment request |
|
|
|
ev_timer_set(&server->recv_ctx->watcher, MAX_REQUEST_TIMEOUT, MAX_REQUEST_TIMEOUT); |
|
|
|
ev_timer_again(EV_A_ & server->recv_ctx->watcher); |
|
|
|
} |
|
|
|
|
|
|
|
ssize_t r = recv(server->fd, buf->data, SOCKET_BUF_SIZE, 0); |
|
|
|
@ -744,12 +753,16 @@ server_recv_cb(EV_P_ ev_io *w, int revents) |
|
|
|
stop_server(EV_A_ server); |
|
|
|
return; |
|
|
|
} else if (err == CRYPTO_NEED_MORE) { |
|
|
|
if (server->stage != STAGE_STREAM && server->frag > MAX_FRAG) { |
|
|
|
report_addr(server->fd, "malicious fragmentation"); |
|
|
|
stop_server(EV_A_ server); |
|
|
|
return; |
|
|
|
if (server->stage != STAGE_STREAM) { |
|
|
|
ev_timer_set(&server->recv_ctx->watcher, FRAG_TIMEOUT, FRAG_TIMEOUT); |
|
|
|
ev_timer_again(EV_A_ & server->recv_ctx->watcher); |
|
|
|
if (server->frag > MAX_FRAG) { |
|
|
|
report_addr(server->fd, "malicious fragmentation"); |
|
|
|
stop_server(EV_A_ server); |
|
|
|
return; |
|
|
|
} |
|
|
|
server->frag++; |
|
|
|
} |
|
|
|
server->frag++; |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
|
Max Lv
5 years ago