Browse code
Enable TCP non-linear packet ID
Implementation with multiple threads needs that to be able run encryption
in parallel. Tested with James' OpenVPN 3 server.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1474121738-19420-1-git-send-email-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12513.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2016/09/17 23:15:38Showing 6 changed files
- src/openvpn/comp.c
- src/openvpn/init.c
- src/openvpn/options.c
- src/openvpn/packet_id.c
- src/openvpn/packet_id.h
- src/openvpn/ssl.c
| ... | ... |
@@ -160,6 +160,7 @@ comp_generate_peer_info_string(const struct compress_options *opt, struct buffer |
| 160 | 160 |
buf_printf (out, "IV_LZO_STUB=1\n"); |
| 161 | 161 |
buf_printf (out, "IV_COMP_STUB=1\n"); |
| 162 | 162 |
buf_printf (out, "IV_COMP_STUBv2=1\n"); |
| 163 |
+ buf_printf (out, "IV_TCPNL=1\n"); |
|
| 163 | 164 |
} |
| 164 | 165 |
} |
| 165 | 166 |
|
| ... | ... |
@@ -2140,7 +2140,6 @@ do_init_crypto_static (struct context *c, const unsigned int flags) |
| 2140 | 2140 |
if (options->replay) |
| 2141 | 2141 |
{
|
| 2142 | 2142 |
packet_id_init (&c->c2.crypto_options.packet_id, |
| 2143 |
- link_socket_proto_connection_oriented (options->ce.proto), |
|
| 2144 | 2143 |
options->replay_window, |
| 2145 | 2144 |
options->replay_time, |
| 2146 | 2145 |
"STATIC", 0); |
| ... | ... |
@@ -2211,11 +2211,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
| 2211 | 2211 |
/* |
| 2212 | 2212 |
* Check consistency of replay options |
| 2213 | 2213 |
*/ |
| 2214 |
- if ((!proto_is_udp(ce->proto)) |
|
| 2215 |
- && (options->replay_window != defaults.replay_window |
|
| 2216 |
- || options->replay_time != defaults.replay_time)) |
|
| 2217 |
- msg (M_USAGE, "--replay-window only makes sense with --proto udp"); |
|
| 2218 |
- |
|
| 2219 | 2214 |
if (!options->replay |
| 2220 | 2215 |
&& (options->replay_window != defaults.replay_window |
| 2221 | 2216 |
|| options->replay_time != defaults.replay_time)) |
| ... | ... |
@@ -76,10 +76,9 @@ packet_id_debug (int msglevel, |
| 76 | 76 |
} |
| 77 | 77 |
|
| 78 | 78 |
void |
| 79 |
-packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit) |
|
| 79 |
+packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit) |
|
| 80 | 80 |
{
|
| 81 |
- dmsg (D_PID_DEBUG, "PID packet_id_init tcp_mode=%d seq_backtrack=%d time_backtrack=%d", |
|
| 82 |
- tcp_mode, |
|
| 81 |
+ dmsg (D_PID_DEBUG, "PID packet_id_init seq_backtrack=%d time_backtrack=%d", |
|
| 83 | 82 |
seq_backtrack, |
| 84 | 83 |
time_backtrack); |
| 85 | 84 |
|
| ... | ... |
@@ -88,7 +87,7 @@ packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_ |
| 88 | 88 |
|
| 89 | 89 |
p->rec.name = name; |
| 90 | 90 |
p->rec.unit = unit; |
| 91 |
- if (seq_backtrack && !tcp_mode) |
|
| 91 |
+ if (seq_backtrack) |
|
| 92 | 92 |
{
|
| 93 | 93 |
ASSERT (MIN_SEQ_BACKTRACK <= seq_backtrack && seq_backtrack <= MAX_SEQ_BACKTRACK); |
| 94 | 94 |
ASSERT (MIN_TIME_BACKTRACK <= time_backtrack && time_backtrack <= MAX_TIME_BACKTRACK); |
| ... | ... |
@@ -210,7 +210,7 @@ struct packet_id |
| 210 | 210 |
struct packet_id_rec rec; |
| 211 | 211 |
}; |
| 212 | 212 |
|
| 213 |
-void packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit); |
|
| 213 |
+void packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit); |
|
| 214 | 214 |
void packet_id_free (struct packet_id *p); |
| 215 | 215 |
|
| 216 | 216 |
/* should we accept an incoming packet id ? */ |
| ... | ... |
@@ -799,7 +799,7 @@ key_state_init (struct tls_session *session, struct key_state *ks) |
| 799 | 799 |
/* init packet ID tracker */ |
| 800 | 800 |
if (session->opt->replay) |
| 801 | 801 |
{
|
| 802 |
- packet_id_init (&ks->crypto_options.packet_id, session->opt->tcp_mode, |
|
| 802 |
+ packet_id_init (&ks->crypto_options.packet_id, |
|
| 803 | 803 |
session->opt->replay_window, session->opt->replay_time, "SSL", |
| 804 | 804 |
ks->key_id); |
| 805 | 805 |
} |
| ... | ... |
@@ -948,7 +948,6 @@ tls_session_init (struct tls_multi *multi, struct tls_session *session) |
| 948 | 948 |
|
| 949 | 949 |
/* initialize packet ID replay window for --tls-auth */ |
| 950 | 950 |
packet_id_init (&session->tls_auth.packet_id, |
| 951 |
- session->opt->tcp_mode, |
|
| 952 | 951 |
session->opt->replay_window, |
| 953 | 952 |
session->opt->replay_time, |
| 954 | 953 |
"TLS_AUTH", session->key_id); |