ei
/
mtg
mirror da https://github.com/9seconds/mtg
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Rilasci 48 Wiki Attività
Sfoglia il codice sorgente

Use ristretto instead of bigcache

tags/1.0^2
9seconds 6 anni fa
parent
22905b2a25
commit
34ad883559
9 ha cambiato i file con 54 aggiunte e 71 eliminazioni
Visualizzazione unificata Mostra Diff Stats
  1. 21
    9
      antireplay/cache.go
  2. 0
    9
      antireplay/hasher.go
  3. 11
    20
      antireplay/init.go
  4. 2
    7
      config/config.go
  5. 9
    0
      faketls/client_protocol.go
  6. 1
    4
      go.mod
  7. 4
    10
      go.sum
  8. 3
    9
      main.go
  9. 3
    3
      obfuscated2/client_protocol.go

+ 21
- 9
antireplay/cache.go Vedi File

1 
 package antireplay
 1 
 package antireplay
2
2
3 
-import "github.com/allegro/bigcache"
3 
+import "github.com/dgraph-io/ristretto"
4 
+
5 
+var (
6 
+	prefixObfuscated2 = []byte{0x00}
7 
+	prefixTLS         = []byte{0x01}
8 
+)
4
9
5 
 type cache struct {
 10 
 type cache struct {
6 
-	obfuscated2 *bigcache.BigCache
7 
-	tls         *bigcache.BigCache
11 
+	data *ristretto.Cache
8 
 }
 12 
 }
9
13
10 
 func (c *cache) AddObfuscated2(data []byte) {
 14 
 func (c *cache) AddObfuscated2(data []byte) {
11 
-	c.obfuscated2.Set(string(data), nil) // nolint: errcheck
15 
+	c.data.Set(keyObfuscated2(data), nil, int64(len(data)))
12 
 }
 16 
 }
13
17
14 
 func (c *cache) AddTLS(data []byte) {
 18 
 func (c *cache) AddTLS(data []byte) {
15 
-	c.tls.Set(string(data), nil) // nolint: errcheck
19 
+	c.data.Set(keyTLS(data), nil, int64(len(data)))
16 
 }
 20 
 }
17
21
18 
 func (c *cache) HasObfuscated2(data []byte) bool {
 22 
 func (c *cache) HasObfuscated2(data []byte) bool {
19 
-	_, err := c.obfuscated2.Get(string(data))
20 
-	return err == nil
23 
+	_, ok := c.data.Get(keyObfuscated2(data))
24 
+	return ok
21 
 }
 25 
 }
22
26
23 
 func (c *cache) HasTLS(data []byte) bool {
 27 
 func (c *cache) HasTLS(data []byte) bool {
24 
-	_, err := c.tls.Get(string(data))
25 
-	return err == nil
28 
+	_, ok := c.data.Get(keyTLS(data))
29 
+	return ok
30 
+}
31 
+
32 
+func keyObfuscated2(data []byte) string {
33 
+	return string(append(prefixObfuscated2, data...))
34 
+}
35 
+
36 
+func keyTLS(data []byte) string {
37 
+	return string(append(prefixTLS, data...))
26 
 }
 38 
 }

+ 0
- 9
antireplay/hasher.go Vedi File

1 
-package antireplay
2 
-
3 
-import "github.com/cespare/xxhash"
4 
-
5 
-type hasher struct{}
6 
-
7 
-func (h hasher) Sum64(value string) uint64 {
8 
-	return xxhash.Sum64String(value)
9 
-}

+ 11
- 20
antireplay/init.go Vedi File

1 
 package antireplay
 1 
 package antireplay
2
2
3 
 import (
 3 
 import (
4 
+	"math"
4 
 	"sync"
 5 
 	"sync"
5
6
6 
 	"github.com/9seconds/mtg/config"
 7 
 	"github.com/9seconds/mtg/config"
7 
-	"github.com/allegro/bigcache"
8 
+	"github.com/dgraph-io/ristretto"
8 
 )
 9 
 )
9
10
10 
 var (
 11 
 var (
11 
-	Cache    *cache
12 
+	Cache    cache
12 
 	initOnce sync.Once
 13 
 	initOnce sync.Once
13 
 )
 14 
 )
14
15
15 
 func Init() {
 16 
 func Init() {
16 
 	initOnce.Do(func() {
 17 
 	initOnce.Do(func() {
17 
-		c1, err := bigcache.NewBigCache(bigcache.Config{
18 
-			Shards:           1024,
19 
-			LifeWindow:       config.C.AntiReplayEvictionTime,
20 
-			Hasher:           hasher{},
21 
-			HardMaxCacheSize: config.C.AntiReplayMaxSize,
22 
-		})
23 
-		if err != nil {
24 
-			panic(err)
25 
-		}
18 
+		cost := float64(config.C.AntiReplayMaxSize) / 32.0
19 
+		cost = math.Ceil(cost)
26
20
27 
-		c2, err := bigcache.NewBigCache(bigcache.Config{
28 
-			Shards:           1024,
29 
-			LifeWindow:       config.C.AntiReplayEvictionTime,
30 
-			Hasher:           hasher{},
31 
-			HardMaxCacheSize: config.C.AntiReplayMaxSize,
21 
+		c, err := ristretto.NewCache(&ristretto.Config{
22 
+			NumCounters: int64(cost) * 10,
23 
+			MaxCost:     config.C.AntiReplayMaxSize,
24 
+			BufferItems: 64,
25 
+			Metrics:     false,
32 
 		})
 26 
 		})
33 
 		if err != nil {
 27 
 		if err != nil {
34 
 			panic(err)
 28 
 			panic(err)
35 
 		}
 29 
 		}
36
30
37 
-		Cache = &cache{
38 
-			obfuscated2: c1,
39 
-			tls:         c2,
40 
-		}
31 
+		Cache.data = c
41 
 	})
 32 
 	})
42 
 }
 33 
 }

+ 2
- 7
config/config.go Vedi File

7 
 	"errors"
 7 
 	"errors"
8 
 	"fmt"
 8 
 	"fmt"
9 
 	"net"
 9 
 	"net"
10 
-	"time"
11
10
12 
 	"github.com/alecthomas/units"
 11 
 	"github.com/alecthomas/units"
13 
 	"go.uber.org/zap"
 12 
 	"go.uber.org/zap"
58 
 	OptionTypeCloakPort
 57 
 	OptionTypeCloakPort
59
58
60 
 	OptionTypeAntiReplayMaxSize
 59 
 	OptionTypeAntiReplayMaxSize
61 
-	OptionTypeAntiReplayEvictionTime
62
60
63 
 	OptionTypeSecret
 61 
 	OptionTypeSecret
64 
 	OptionTypeAdtag
 62 
 	OptionTypeAdtag
80 
 	ReadBuffer  int `json:"read_buffer"`
 78 
 	ReadBuffer  int `json:"read_buffer"`
81 
 	CloakPort   int `json:"cloak_port"`
 79 
 	CloakPort   int `json:"cloak_port"`
82
80
83 
-	AntiReplayMaxSize      int           `json:"anti_replay_max_size"`
84 
-	AntiReplayEvictionTime time.Duration `json:"anti_replay_eviction_time"`
81 
+	AntiReplayMaxSize int64 `json:"anti_replay_max_size"`
85
82
86 
 	Debug            bool             `json:"debug"`
 83 
 	Debug            bool             `json:"debug"`
87 
 	Verbose          bool             `json:"verbose"`
 84 
 	Verbose          bool             `json:"verbose"`
151 
 		case OptionTypeCloakPort:
 148 
 		case OptionTypeCloakPort:
152 
 			C.CloakPort = int(opt.Value.(uint16))
 149 
 			C.CloakPort = int(opt.Value.(uint16))
153 
 		case OptionTypeAntiReplayMaxSize:
 150 
 		case OptionTypeAntiReplayMaxSize:
154 
-			C.AntiReplayMaxSize = opt.Value.(int)
155 
-		case OptionTypeAntiReplayEvictionTime:
156 
-			C.AntiReplayEvictionTime = opt.Value.(time.Duration)
151 
+			C.AntiReplayMaxSize = int64(opt.Value.(units.Base2Bytes))
157 
 		case OptionTypeSecret:
 152 
 		case OptionTypeSecret:
158 
 			C.Secret = opt.Value.([]byte)
 153 
 			C.Secret = opt.Value.([]byte)
159 
 		case OptionTypeAdtag:
 154 
 		case OptionTypeAdtag:

+ 9
- 0
faketls/client_protocol.go Vedi File

11 
 	"sync"
 11 
 	"sync"
12 
 	"time"
 12 
 	"time"
13
13
14 
+	"github.com/9seconds/mtg/antireplay"
14 
 	"github.com/9seconds/mtg/config"
 15 
 	"github.com/9seconds/mtg/config"
15 
 	"github.com/9seconds/mtg/conntypes"
 16 
 	"github.com/9seconds/mtg/conntypes"
16 
 	"github.com/9seconds/mtg/obfuscated2"
 17 
 	"github.com/9seconds/mtg/obfuscated2"
17 
 	"github.com/9seconds/mtg/protocol"
 18 
 	"github.com/9seconds/mtg/protocol"
19 
+	"github.com/9seconds/mtg/stats"
18 
 	"github.com/9seconds/mtg/tlstypes"
 20 
 	"github.com/9seconds/mtg/tlstypes"
19 
 	"github.com/9seconds/mtg/wrappers/stream"
 21 
 	"github.com/9seconds/mtg/wrappers/stream"
20 
 )
 22 
 )
82 
 		return errBadTime
 84 
 		return errBadTime
83 
 	}
 85 
 	}
84
86
87 
+	if antireplay.Cache.HasTLS(clientHello.Random[:]) {
88 
+		stats.Stats.ReplayDetected()
89 
+		return errors.New("replay attack is detected")
90 
+	}
91 
+
92 
+	antireplay.Cache.AddTLS(clientHello.Random[:])
93 
+
85 
 	hostCert, err := connectionServerInstance.get()
 94 
 	hostCert, err := connectionServerInstance.get()
86 
 	if err != nil {
 95 
 	if err != nil {
87 
 		return fmt.Errorf("cannot get host certificate: %w", err)
 96 
 		return fmt.Errorf("cannot get host certificate: %w", err)

+ 1
- 4
go.mod Vedi File

3 
 replace github.com/golang/lint => github.com/golang/lint v0.0.0-20190227174305-8f45f776aaf1
 3 
 replace github.com/golang/lint => github.com/golang/lint v0.0.0-20190227174305-8f45f776aaf1
4
4
5 
 require (
 5 
 require (
6 
-	github.com/OneOfOne/xxhash v1.2.5 // indirect
7 
 	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d
 6 
 	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d
8 
-	github.com/allegro/bigcache v1.2.1
9 
 	github.com/beevik/ntp v0.2.0
 7 
 	github.com/beevik/ntp v0.2.0
10 
-	github.com/cespare/xxhash v1.1.0
8 
+	github.com/dgraph-io/ristretto v0.0.0-20191108194154-8d6a8a75b4ca
11 
 	github.com/prometheus/client_golang v1.2.1
 9 
 	github.com/prometheus/client_golang v1.2.1
12 
-	github.com/spaolacci/murmur3 v1.1.0 // indirect
13 
 	go.uber.org/multierr v1.4.0 // indirect
 10 
 	go.uber.org/multierr v1.4.0 // indirect
14 
 	go.uber.org/zap v1.12.0
 11 
 	go.uber.org/zap v1.12.0
15 
 	golang.org/x/crypto v0.0.0-20191106202628-ed6320f186d4
 12 
 	golang.org/x/crypto v0.0.0-20191106202628-ed6320f186d4

+ 4
- 10
go.sum Vedi File

1 
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 1 
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
2 
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 2 
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
3 
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
4 
-github.com/OneOfOne/xxhash v1.2.5 h1:zl/OfRA6nftbBK9qTohYBJ5xvw6C/oNKizR7cZGl3cI=
5 
-github.com/OneOfOne/xxhash v1.2.5/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
6 
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
 3 
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
7 
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 4 
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
8 
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
 5 
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
13 
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 10 
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
14 
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d h1:UQZhZ2O0vMHr2cI+DC1Mbh0TJxzA3RcLoMsFw+aXw7E=
 11 
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d h1:UQZhZ2O0vMHr2cI+DC1Mbh0TJxzA3RcLoMsFw+aXw7E=
15 
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 12 
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
16 
-github.com/allegro/bigcache v1.2.1 h1:hg1sY1raCwic3Vnsvje6TT7/pnZba83LeFck5NrFKSc=
17 
-github.com/allegro/bigcache v1.2.1/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM=
18 
 github.com/beevik/ntp v0.2.0 h1:sGsd+kAXzT0bfVfzJfce04g+dSRfrs+tbQW8lweuYgw=
 13 
 github.com/beevik/ntp v0.2.0 h1:sGsd+kAXzT0bfVfzJfce04g+dSRfrs+tbQW8lweuYgw=
19 
 github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
 14 
 github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
20 
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
 15 
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
23 
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 18 
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
24 
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 19 
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
25 
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 20 
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
26 
-github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
27 
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
28 
 github.com/cespare/xxhash/v2 v2.1.0 h1:yTUvW7Vhb89inJ+8irsUqiWjh8iT6sQPZiQzI6ReGkA=
 21 
 github.com/cespare/xxhash/v2 v2.1.0 h1:yTUvW7Vhb89inJ+8irsUqiWjh8iT6sQPZiQzI6ReGkA=
29 
 github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
 22 
 github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
30 
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 23 
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
31 
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 24 
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
32 
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 25 
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
26 
+github.com/dgraph-io/ristretto v0.0.0-20191108194154-8d6a8a75b4ca h1:NgFAOh7RDM5WbdADm6VyLG1koLrzG0G24M/f5395PcI=
27 
+github.com/dgraph-io/ristretto v0.0.0-20191108194154-8d6a8a75b4ca/go.mod h1:edzKIzGvqUCMzhTVWbiTSe75zD9Xxq0GtSBtFmaUTZs=
28 
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA=
29 
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
33 
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 30 
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
34 
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 31 
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
35 
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 32 
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
94 
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 91 
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
95 
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 92 
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
96 
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 93 
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
97 
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
98 
-github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
99 
-github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
100 
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 94 
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
101 
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 95 
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
102 
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 96 
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=

+ 3
- 9
main.go Vedi File

104 
 		Default("443").
 104 
 		Default("443").
105 
 		Uint16()
 105 
 		Uint16()
106 
 	runAntiReplayMaxSize = runCommand.Flag("anti-replay-max-size",
 106 
 	runAntiReplayMaxSize = runCommand.Flag("anti-replay-max-size",
107 
-		"Max size of antireplay cache in megabytes.").
107 
+		"Max size of antireplay cache.").
108 
 		Envar("MTG_ANTIREPLAY_MAXSIZE").
 108 
 		Envar("MTG_ANTIREPLAY_MAXSIZE").
109 
-		Default("128").
110 
-		Int()
111 
-	runAntiReplayEvictionTime = runCommand.Flag("anti-replay-eviction-time",
112 
-		"Eviction time period for obfuscated2 handshakes").
113 
-		Envar("MTG_ANTIREPLAY_EVICTIONTIME").
114 
-		Default("168h").
115 
-		Duration()
109 
+		Default("128MB").
110 
+		Bytes()
116 
 	runSecret = runCommand.Arg("secret", "Secret of this proxy.").Required().HexBytes()
 111 
 	runSecret = runCommand.Arg("secret", "Secret of this proxy.").Required().HexBytes()
117 
 	runAdtag  = runCommand.Arg("adtag", "ADTag of the proxy.").HexBytes()
 112 
 	runAdtag  = runCommand.Arg("adtag", "ADTag of the proxy.").HexBytes()
118 
 )
 113 
 )
146 
 			config.Opt{Option: config.OptionTypeReadBufferSize, Value: *runReadBufferSize},
 141 
 			config.Opt{Option: config.OptionTypeReadBufferSize, Value: *runReadBufferSize},
147 
 			config.Opt{Option: config.OptionTypeCloakPort, Value: *runTLSCloakPort},
 142 
 			config.Opt{Option: config.OptionTypeCloakPort, Value: *runTLSCloakPort},
148 
 			config.Opt{Option: config.OptionTypeAntiReplayMaxSize, Value: *runAntiReplayMaxSize},
 143 
 			config.Opt{Option: config.OptionTypeAntiReplayMaxSize, Value: *runAntiReplayMaxSize},
149 
-			config.Opt{Option: config.OptionTypeAntiReplayEvictionTime, Value: *runAntiReplayEvictionTime},
150 
 			config.Opt{Option: config.OptionTypeSecret, Value: *runSecret},
 144 
 			config.Opt{Option: config.OptionTypeSecret, Value: *runSecret},
151 
 			config.Opt{Option: config.OptionTypeAdtag, Value: *runAdtag},
 145 
 			config.Opt{Option: config.OptionTypeAdtag, Value: *runAdtag},
152 
 		)
 146 
 		)

+ 3
- 3
obfuscated2/client_protocol.go Vedi File

81 
 		c.dc = conntypes.DCDefaultIdx
 81 
 		c.dc = conntypes.DCDefaultIdx
82 
 	}
 82 
 	}
83
83
84 
-	replayKeys := decryptedFrame.Unique()
85 
-	if antireplay.Cache.HasObfuscated2(replayKeys) {
84 
+	replayKey := decryptedFrame.Unique()
85 
+	if antireplay.Cache.HasObfuscated2(replayKey) {
86 
 		stats.Stats.ReplayDetected()
 86 
 		stats.Stats.ReplayDetected()
87 
 		return nil, errors.New("replay attack is detected")
 87 
 		return nil, errors.New("replay attack is detected")
88 
 	}
 88 
 	}
89
89
90 
-	antireplay.Cache.AddObfuscated2(replayKeys)
90 
+	antireplay.Cache.AddObfuscated2(replayKey)
91
91
92 
 	return stream.NewObfuscated2(socket, encryptor, decryptor), nil
 92 
 	return stream.NewObfuscated2(socket, encryptor, decryptor), nil
93 
 }
 93 
 }

Write Preview
Loading…
Annulla
Salva