diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-15 01:46:29 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-15 01:46:29 +0000 |
commit | 5fc108729b7b8411d20be9a8bc702d3b15cdacf0 (patch) | |
tree | 7139d31bc49cc5ad991c1ad09b939d6cd1f7be72 | |
parent | Version 2.1_rc10 (diff) | |
download | openvpn-5fc108729b7b8411d20be9a8bc702d3b15cdacf0.tar.xz |
Version 2.1_rc11v2.1_rc11
Fixed a bug that can cause SSL/TLS negotiations in UDP mode
to fail if UDP packets are dropped.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | gremlin.h | 2 | ||||
-rw-r--r-- | reliable.c | 39 | ||||
-rw-r--r-- | version.m4 | 2 |
4 files changed, 38 insertions, 10 deletions
@@ -3,6 +3,11 @@ Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net> $Id$ +2008.09.14 -- Version 2.1_rc11 + +* Fixed a bug that can cause SSL/TLS negotiations in UDP mode + to fail if UDP packets are dropped. + 2008.09.10 -- Version 2.1_rc10 * Added "--server-bridge" (without parameters) to enable @@ -43,6 +43,8 @@ #define GREMLIN_UP_DOWN_SHIFT (7) #define GREMLIN_UP_DOWN_MASK (0x03) +/* 512:1/500 1024:1/100 1536:1/50 */ + #define GREMLIN_DROP_SHIFT (9) #define GREMLIN_DROP_MASK (0x03) @@ -42,9 +42,9 @@ * verify that test - base < extent while allowing for base or test wraparound */ static inline bool -reliable_pid_in_range (const packet_id_type test, - const packet_id_type base, - const unsigned int extent) +reliable_pid_in_range1 (const packet_id_type test, + const packet_id_type base, + const unsigned int extent) { if (test >= base) { @@ -52,9 +52,30 @@ reliable_pid_in_range (const packet_id_type test, return true; } else - { - const packet_id_type be = base + extent; - if (test < be && be < base) + { + if ((test+0x80000000u) - (base+0x80000000u) < extent) + return true; + } + + return false; +} + +/* + * verify that test < base + extent while allowing for base or test wraparound + */ +static inline bool +reliable_pid_in_range2 (const packet_id_type test, + const packet_id_type base, + const unsigned int extent) +{ + if (base + extent >= base) + { + if (test < base + extent) + return true; + } + else + { + if ((test+0x80000000u) < (base+0x80000000u) + extent) return true; } @@ -68,7 +89,7 @@ static inline bool reliable_pid_min (const packet_id_type p1, const packet_id_type p2) { - return !reliable_pid_in_range (p1, p2, 0x80000000); + return !reliable_pid_in_range1 (p1, p2, 0x80000000u); } /* check if a particular packet_id is present in ack */ @@ -386,7 +407,7 @@ reliable_wont_break_sequentiality (const struct reliable *rel, packet_id_type id { struct gc_arena gc = gc_new (); - const int ret = reliable_pid_in_range (id, rel->packet_id, rel->size); + const int ret = reliable_pid_in_range2 (id, rel->packet_id, rel->size); if (!ret) { @@ -441,7 +462,7 @@ reliable_get_buf_output_sequenced (struct reliable *rel) } } - if (!min_id_defined || reliable_pid_in_range (rel->packet_id, min_id, rel->size)) + if (!min_id_defined || reliable_pid_in_range1 (rel->packet_id, min_id, rel->size)) { ret = reliable_get_buf (rel); } @@ -1,5 +1,5 @@ dnl define the OpenVPN version -define(PRODUCT_VERSION,[2.1_rc10]) +define(PRODUCT_VERSION,[2.1_rc11]) dnl define the TAP version define(PRODUCT_TAP_ID,[tap0901]) define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9]) |