only accept in-order packets, drop duplicates and out-of-order packets

session.go

@@ -28,6 +28,7 @@ type Session struct {
 	Entropy EntropyAccumulator
 
 	lastSentPacketNumber     protocol.PacketNumber
+	lastObservedPacketNumber protocol.PacketNumber
 
 	streamCallback StreamCallback
 }
@@ -41,12 +42,24 @@ func NewSession(conn *net.UDPConn, v protocol.VersionNumber, connectionID protoc
 		ServerConfig:             sCfg,
 		cryptoSetup:              handshake.NewCryptoSetup(connectionID, v, sCfg),
 		streamCallback:           streamCallback,
+		lastObservedPacketNumber: 0,
 	}
 }
 
 // HandlePacket handles a packet
 func (s *Session) HandlePacket(addr *net.UDPAddr, publicHeaderBinary []byte, publicHeader *PublicHeader, r *bytes.Reader) error {
 	// TODO: Only do this after authenticating
+
+	if s.lastObservedPacketNumber > 0 { // the first packet doesn't neccessarily need to have packetNumber 1
+		if publicHeader.PacketNumber < s.lastObservedPacketNumber || publicHeader.PacketNumber > s.lastObservedPacketNumber+1 {
+			return errors.New("Out of order packet")
+		}
+		if publicHeader.PacketNumber == s.lastObservedPacketNumber {
+			return errors.New("Duplicate packet")
+		}
+	}
+	s.lastObservedPacketNumber = publicHeader.PacketNumber
+
 	if addr != s.CurrentRemoteAddr {
 		s.CurrentRemoteAddr = addr
 	}