Incremented version to 2.1_rc7d.

Support asynchronous authentication by plugins by allowing
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY to return
OPENVPN_PLUGIN_FUNC_DEFERRED.  See comments in
openvpn-plugin.h for documentation.  Enabled by ENABLE_DEF_AUTH.

Added a simple packet filter functionality that can be driven by
a plugin.  See comments in openvpn-plugin.h for documentation.
Enabled by ENABLE_PF.

See openvpn/plugin/defer/simple.c for examples of ENABLE_DEF_AUTH
and ENABLE_PF.

"TLS Error: local/remote TLS keys are out of sync" is no longer a
fatal error for TCP-based sessions, since the error can arise
normally in the course of deferred authentication.  In a related
change, allow packet-id sequence to begin at some number n > 0 for
TCP sessions, rather than strictly requiring sequence to begin
at 1.

Added a test to configure.ac for LoadLibrary function on Windows.

Modified "make dist" function to include all files from
install-win32 so that ./domake-win can be run from a
tarball-expanded directory.

setenv and setenv-safe directives may now omit a value argument
which defaults to "".


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2978 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 2 insertions, 2 deletions

diff --git a/packet_id.c b/packet_id.c
index 08e5974..b1e1caa 100644
--- a/packet_id.c
+++ b/packet_id.c
@@ -209,12 +209,12 @@ packet_id_test (const struct packet_id_rec *p,
     {
       /*
        * In non-backtrack mode, all sequence number series must
-       * begin at 1 and must increment linearly without gaps.
+       * begin at some number n > 0 and must increment linearly without gaps.
        *
        * This mode is used with TCP.
        */
       if (pin->time == p->time)
-	return pin->id == p->id + 1;
+	return !p->id || pin->id == p->id + 1;
       else if (pin->time < p->time) /* if time goes back, reject */
 	return false;
       else                          /* time moved forward */