package antireplay
|
|
import (
|
"sync"
|
"time"
|
|
cuckoo "github.com/seiflotfy/cuckoofilter"
|
)
|
|
const replayFilterCapacity = 100000
|
|
// ReplayFilter checks for replay attacks.
|
type ReplayFilter struct {
|
lock sync.Mutex
|
poolA *cuckoo.Filter
|
poolB *cuckoo.Filter
|
poolSwap bool
|
lastSwap int64
|
interval int64
|
}
|
|
// NewReplayFilter creates a new filter with specifying the expiration time interval in seconds.
|
func NewReplayFilter(interval int64) *ReplayFilter {
|
filter := &ReplayFilter{}
|
filter.interval = interval
|
return filter
|
}
|
|
// Interval in second for expiration time for duplicate records.
|
func (filter *ReplayFilter) Interval() int64 {
|
return filter.interval
|
}
|
|
// Check determines if there are duplicate records.
|
func (filter *ReplayFilter) Check(sum []byte) bool {
|
filter.lock.Lock()
|
defer filter.lock.Unlock()
|
|
now := time.Now().Unix()
|
if filter.lastSwap == 0 {
|
filter.lastSwap = now
|
filter.poolA = cuckoo.NewFilter(replayFilterCapacity)
|
filter.poolB = cuckoo.NewFilter(replayFilterCapacity)
|
}
|
|
elapsed := now - filter.lastSwap
|
if elapsed >= filter.Interval() {
|
if filter.poolSwap {
|
filter.poolA.Reset()
|
} else {
|
filter.poolB.Reset()
|
}
|
filter.poolSwap = !filter.poolSwap
|
filter.lastSwap = now
|
}
|
|
return filter.poolA.InsertUnique(sum) && filter.poolB.InsertUnique(sum)
|
}
|
