[Pkg-privacy-commits] [obfs4proxy] 08/151: Reject clients that do not authenticate quickly enough.

Ximin Luo infinity0 at moszumanska.debian.org
Sat Aug 22 12:59:34 UTC 2015 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository obfs4proxy.

commit 9b6b3f825b47a5912ce03f85ab49da95323a1d7d
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Mon May 12 01:13:49 2014 +0000

    Reject clients that do not authenticate quickly enough.
    
    The current timeout value before the server fails the handshake is
    15 s.  This may need to be increased for clients over slow links.
---
 obfs4.go | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/obfs4.go b/obfs4.go
index 0bcd82c..45b7148 100644
--- a/obfs4.go
+++ b/obfs4.go
@@ -39,7 +39,8 @@ import (
 )
 
 const (
-	defaultReadSize = framing.MaximumSegmentLength
+	defaultReadSize   = framing.MaximumSegmentLength
+	connectionTimeout = time.Duration(15) * time.Second
 
 	minCloseThreshold = framing.MaximumSegmentLength
 	maxCloseThreshold = framing.MaximumSegmentLength * 5
@@ -150,8 +151,10 @@ func (c *Obfs4Conn) serverHandshake(nodeID *ntor.NodeID, keypair *ntor.Keypair)
 	}
 
 	hs := newServerHandshake(nodeID, keypair)
-
-	// XXX: Set the request timer.
+	err := c.conn.SetReadDeadline(time.Now().Add(connectionTimeout))
+	if err != nil {
+		return err
+	}
 
 	// Consume the client handshake.
 	hsBuf := make([]byte, clientMaxHandshakeLength)
@@ -169,17 +172,25 @@ func (c *Obfs4Conn) serverHandshake(nodeID *ntor.NodeID, keypair *ntor.Keypair)
 			return err
 		}
 		c.receiveBuffer.Reset()
+		err = c.conn.SetReadDeadline(time.Time{})
+		if err != nil {
+			return err
+		}
 
 		// Use the derived key material to intialize the link crypto.
 		okm := ntor.Kdf(seed, framing.KeyLength*2)
 		c.encoder = framing.NewEncoder(okm[framing.KeyLength:])
 		c.decoder = framing.NewDecoder(okm[:framing.KeyLength])
 
-		// XXX: Kill the request timer.
-
 		break
 	}
 
+	// Ensure that writing the response completes quickly.
+	err = c.conn.SetWriteDeadline(time.Now().Add(connectionTimeout))
+	if err != nil {
+		return err
+	}
+
 	// Generate/send the response.
 	blob, err := hs.generateHandshake()
 	if err != nil {
@@ -190,7 +201,13 @@ func (c *Obfs4Conn) serverHandshake(nodeID *ntor.NodeID, keypair *ntor.Keypair)
 		return err
 	}
 
-	// XXX: Generate/send the PRNG seed.
+	// TODO: Generate/send the PRNG seed.
+
+	// Disarm the write timer.
+	err = c.conn.SetWriteDeadline(time.Time{})
+	if err != nil {
+		return err
+	}
 
 	c.isOk = true
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfs4proxy.git

More information about the Pkg-privacy-commits mailing list