void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-07 21:13:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed comments

Browse source
This commit is contained in:
mamoniot 2022-12-29 13:48:43 -05:00
parent bc90b2da8d
commit fbd5e025d3
1 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
zssp/src/zssp.rs
View file

@ -25,39 +25,40 @@ use crate::counter::{Counter, CounterValue, CounterWindow};
use crate::sessionid::SessionId; use crate::sessionid::SessionId;
pub enum Error { pub enum Error {
/// The packet was addressed to an unrecognized local session (should usually be ignored) /// The packet was addressed to an unrecognized local session (should usually be ignored).
UnknownLocalSessionId(SessionId), UnknownLocalSessionId(SessionId),
/// Packet was not well formed /// Packet was not well formed.
InvalidPacket, InvalidPacket,
/// An invalid parameter was supplied to the function /// An invalid parameter was supplied to the function.
InvalidParameter, InvalidParameter,
/// Packet failed one or more authentication (MAC) checks /// Packet failed one or more authentication (MAC) checks.
/// IMPORTANT: Do not reply to a peer who has sent a packet that has failed authentication. Any response at all will leak to an attacker what authentication step their packet failed at (timing attack), which lowers the total authentication entropy they have to brute force. ///
/// **IMPORTANT**: Do not reply to a peer who has sent a packet that has failed authentication. Any response at all will leak to an attacker what authentication step their packet failed at (timing attack), which lowers the total authentication entropy they have to brute force.
/// There is a safe way to reply if absolutely necessary, by sending the reply back after a constant amount of time, but this is very difficult to get correct. /// There is a safe way to reply if absolutely necessary, by sending the reply back after a constant amount of time, but this is very difficult to get correct.
FailedAuthentication, FailedAuthentication,
/// New session was rejected by the application layer. /// New session was rejected by the application layer.
NewSessionRejected, NewSessionRejected,
/// Rekeying failed and session secret has reached its hard usage count limit /// Rekeying failed and session secret has reached its hard usage count limit.
MaxKeyLifetimeExceeded, MaxKeyLifetimeExceeded,
/// Attempt to send using session without established key /// Attempt to send using session without established key.
SessionNotEstablished, SessionNotEstablished,
/// Packet ignored by rate limiter. /// Packet ignored by rate limiter.
RateLimited, RateLimited,
/// The other peer specified an unrecognized protocol version /// The other peer specified an unrecognized protocol version.
UnknownProtocolVersion, UnknownProtocolVersion,
/// Caller supplied data buffer is too small to receive data /// Caller supplied data buffer is too small to receive data.
DataBufferTooSmall, DataBufferTooSmall,
/// Data object is too large to send, even with fragmentation /// Data object is too large to send, even with fragmentation.
DataTooLarge, DataTooLarge,
/// An unexpected buffer overrun occured while attempting to encode or decode a packet. /// An unexpected buffer overrun occured while attempting to encode or decode a packet.
@ -83,7 +84,8 @@ pub enum ReceiveResult<'a, H: ApplicationLayer> {
OkNewSession(Session<H>), OkNewSession(Session<H>),
/// Packet superficially appears valid but was ignored e.g. as a duplicate. /// Packet superficially appears valid but was ignored e.g. as a duplicate.
/// IMPORTANT: This packet was not authenticated, so for the most part treat this the same as an Error::FailedAuthentication ///
/// **IMPORTANT**: This packet was not authenticated, so for the most part treat this the same as an Error::FailedAuthentication.
Ignored, Ignored,
} }