Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replay Protection #17

Open
ShadowJonathan opened this issue Dec 12, 2021 · 0 comments
Open

Replay Protection #17

ShadowJonathan opened this issue Dec 12, 2021 · 0 comments

Comments

@ShadowJonathan
Copy link
Owner

ShadowJonathan commented Dec 12, 2021

Brainstormed some ideas for anti-replay, and they're as follows;

  • Have a VecDeque with epoch and sequence information on the packets, plus their arrival time.
  • Have a "max age" parameter by which all older packets are discarded.

The first would be done with a 24-byte structure as;

pub struct PacketToken {
  epoch_seq: u64, // epoch and sequence in one
  at: Instant, // u128 on linux, u64 on macos and windows
}

This would discard anything older than 2 minutes, or FIFO at a max amount (configurable).

The oldest packet will update the "max age" sequence counter when it is popped from the stack, but only if it is younger than the age parameter.

Searching the VecDeque for a match when a packet comes in would introduce a little overhead, but at the cost of replay protection.

It would also cause a little memory overhead. (On linux, approximately 2.4MB for 100k packets indexed (150MB at max MTU, so 2 minutes of +10MBps download speeds))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant