aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-15 01:46:29 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-15 01:46:29 +0000
commit5fc108729b7b8411d20be9a8bc702d3b15cdacf0 (patch)
tree7139d31bc49cc5ad991c1ad09b939d6cd1f7be72
parentVersion 2.1_rc10 (diff)
downloadopenvpn-2.1_rc11.tar.xz
Version 2.1_rc11v2.1_rc11
Fixed a bug that can cause SSL/TLS negotiations in UDP mode to fail if UDP packets are dropped. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--ChangeLog5
-rw-r--r--gremlin.h2
-rw-r--r--reliable.c39
-rw-r--r--version.m42
4 files changed, 38 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 1da49bd..0d841d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,11 @@ Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net>
$Id$
+2008.09.14 -- Version 2.1_rc11
+
+* Fixed a bug that can cause SSL/TLS negotiations in UDP mode
+ to fail if UDP packets are dropped.
+
2008.09.10 -- Version 2.1_rc10
* Added "--server-bridge" (without parameters) to enable
diff --git a/gremlin.h b/gremlin.h
index d7ea424..990f17b 100644
--- a/gremlin.h
+++ b/gremlin.h
@@ -43,6 +43,8 @@
#define GREMLIN_UP_DOWN_SHIFT (7)
#define GREMLIN_UP_DOWN_MASK (0x03)
+/* 512:1/500 1024:1/100 1536:1/50 */
+
#define GREMLIN_DROP_SHIFT (9)
#define GREMLIN_DROP_MASK (0x03)
diff --git a/reliable.c b/reliable.c
index 4958f7e..bd77071 100644
--- a/reliable.c
+++ b/reliable.c
@@ -42,9 +42,9 @@
* verify that test - base < extent while allowing for base or test wraparound
*/
static inline bool
-reliable_pid_in_range (const packet_id_type test,
- const packet_id_type base,
- const unsigned int extent)
+reliable_pid_in_range1 (const packet_id_type test,
+ const packet_id_type base,
+ const unsigned int extent)
{
if (test >= base)
{
@@ -52,9 +52,30 @@ reliable_pid_in_range (const packet_id_type test,
return true;
}
else
- {
- const packet_id_type be = base + extent;
- if (test < be && be < base)
+ {
+ if ((test+0x80000000u) - (base+0x80000000u) < extent)
+ return true;
+ }
+
+ return false;
+}
+
+/*
+ * verify that test < base + extent while allowing for base or test wraparound
+ */
+static inline bool
+reliable_pid_in_range2 (const packet_id_type test,
+ const packet_id_type base,
+ const unsigned int extent)
+{
+ if (base + extent >= base)
+ {
+ if (test < base + extent)
+ return true;
+ }
+ else
+ {
+ if ((test+0x80000000u) < (base+0x80000000u) + extent)
return true;
}
@@ -68,7 +89,7 @@ static inline bool
reliable_pid_min (const packet_id_type p1,
const packet_id_type p2)
{
- return !reliable_pid_in_range (p1, p2, 0x80000000);
+ return !reliable_pid_in_range1 (p1, p2, 0x80000000u);
}
/* check if a particular packet_id is present in ack */
@@ -386,7 +407,7 @@ reliable_wont_break_sequentiality (const struct reliable *rel, packet_id_type id
{
struct gc_arena gc = gc_new ();
- const int ret = reliable_pid_in_range (id, rel->packet_id, rel->size);
+ const int ret = reliable_pid_in_range2 (id, rel->packet_id, rel->size);
if (!ret)
{
@@ -441,7 +462,7 @@ reliable_get_buf_output_sequenced (struct reliable *rel)
}
}
- if (!min_id_defined || reliable_pid_in_range (rel->packet_id, min_id, rel->size))
+ if (!min_id_defined || reliable_pid_in_range1 (rel->packet_id, min_id, rel->size))
{
ret = reliable_get_buf (rel);
}
diff --git a/version.m4 b/version.m4
index bc944ff..816cf9c 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1_rc10])
+define(PRODUCT_VERSION,[2.1_rc11])
dnl define the TAP version
define(PRODUCT_TAP_ID,[tap0901])
define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])