use ice-server heartbeat denial to trigger keypair re-gen

2025-04-05 21:22:07 +02:00 · 2016-02-23 15:26:13 -08:00 · 2016-02-23 15:26:13 -08:00 · 96ed19100b
commit 96ed19100b
parent 5fe74bb33c
3 changed files with 20 additions and 1 deletions
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@ -372,6 +372,7 @@ void DomainServer::setupNodeListAndAssignments(const QUuid& sessionUUID) {
    packetReceiver.registerListener(PacketType::ICEPing, &_gatekeeper, "processICEPingPacket");
    packetReceiver.registerListener(PacketType::ICEPingReply, &_gatekeeper, "processICEPingReplyPacket");
    packetReceiver.registerListener(PacketType::ICEServerPeerInformation, &_gatekeeper, "processICEPeerInformationPacket");
+    packetReceiver.registerListener(PacketType::ICEServerHeartbeatDenied, this, "processICEServerHeartbeatDenialPacket");
    
    // add whatever static assignments that have been parsed to the queue
    addStaticAssignmentsToQueue();
@ -2006,3 +2007,20 @@ void DomainServer::processNodeDisconnectRequestPacket(QSharedPointer<ReceivedMes
        });
    }
 }
+
+void DomainServer::processICEServerHeartbeatDenialPacket(QSharedPointer<ReceivedMessage> message) {
+    static const int NUM_HEARTBEAT_DENIALS_FOR_KEYPAIR_REGEN = 3;
+
+    static int numHeartbeatDenials = 0;
+    if (++numHeartbeatDenials > NUM_HEARTBEAT_DENIALS_FOR_KEYPAIR_REGEN) {
+        qDebug() << "Received" << NUM_HEARTBEAT_DENIALS_FOR_KEYPAIR_REGEN << "heartbeat denials from ice-server"
+            << "- re-generating keypair now";
+
+        // we've hit our threshold of heartbeat denials, trigger a keypair re-generation
+        auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
+        AccountManager::getInstance().generateNewDomainKeypair(limitedNodeList->getSessionUUID());
+
+        // reset our number of heartbeat denials
+        numHeartbeatDenials = 0;
+    }
+}
--- a/domain-server/src/DomainServer.h
+++ b/domain-server/src/DomainServer.h
@ -61,6 +61,7 @@ public slots:
    void processNodeJSONStatsPacket(QSharedPointer<ReceivedMessage> packetList, SharedNodePointer sendingNode);
    void processPathQueryPacket(QSharedPointer<ReceivedMessage> packet);
    void processNodeDisconnectRequestPacket(QSharedPointer<ReceivedMessage> message);
+    void processICEServerHeartbeatDenialPacket(QSharedPointer<ReceivedMessage> message);
    
 private slots:
    void aboutToQuit();
--- a/ice-server/src/IceServer.cpp
+++ b/ice-server/src/IceServer.cpp
@ -82,7 +82,7 @@ void IceServer::processPacket(std::unique_ptr<udt::Packet> packet) {
            } else {
                // we couldn't verify this peer - respond back to them so they know they may need to perform keypair re-generation
                static auto deniedPacket = NLPacket::create(PacketType::ICEServerHeartbeatDenied);
-                _serverSocket.writePacket(*deniedPacket, packet->getSenderSockAddr());
+                _serverSocket.writePacket(*deniedPacket, nlPacket->getSenderSockAddr());
            }
        } else if (nlPacket->getType() == PacketType::ICEServerQuery) {
            QDataStream heartbeatStream(nlPacket.get());