Fixed a bug that can cause SSL/TLS negotiations in UDP mode
to fail if UDP packets are dropped.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
... | ... |
@@ -3,6 +3,11 @@ Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net> |
3 | 3 |
|
4 | 4 |
$Id$ |
5 | 5 |
|
6 |
+2008.09.14 -- Version 2.1_rc11 |
|
7 |
+ |
|
8 |
+* Fixed a bug that can cause SSL/TLS negotiations in UDP mode |
|
9 |
+ to fail if UDP packets are dropped. |
|
10 |
+ |
|
6 | 11 |
2008.09.10 -- Version 2.1_rc10 |
7 | 12 |
|
8 | 13 |
* Added "--server-bridge" (without parameters) to enable |
... | ... |
@@ -42,9 +42,9 @@ |
42 | 42 |
* verify that test - base < extent while allowing for base or test wraparound |
43 | 43 |
*/ |
44 | 44 |
static inline bool |
45 |
-reliable_pid_in_range (const packet_id_type test, |
|
46 |
- const packet_id_type base, |
|
47 |
- const unsigned int extent) |
|
45 |
+reliable_pid_in_range1 (const packet_id_type test, |
|
46 |
+ const packet_id_type base, |
|
47 |
+ const unsigned int extent) |
|
48 | 48 |
{ |
49 | 49 |
if (test >= base) |
50 | 50 |
{ |
... | ... |
@@ -52,9 +52,30 @@ reliable_pid_in_range (const packet_id_type test, |
52 | 52 |
return true; |
53 | 53 |
} |
54 | 54 |
else |
55 |
- { |
|
56 |
- const packet_id_type be = base + extent; |
|
57 |
- if (test < be && be < base) |
|
55 |
+ { |
|
56 |
+ if ((test+0x80000000u) - (base+0x80000000u) < extent) |
|
57 |
+ return true; |
|
58 |
+ } |
|
59 |
+ |
|
60 |
+ return false; |
|
61 |
+} |
|
62 |
+ |
|
63 |
+/* |
|
64 |
+ * verify that test < base + extent while allowing for base or test wraparound |
|
65 |
+ */ |
|
66 |
+static inline bool |
|
67 |
+reliable_pid_in_range2 (const packet_id_type test, |
|
68 |
+ const packet_id_type base, |
|
69 |
+ const unsigned int extent) |
|
70 |
+{ |
|
71 |
+ if (base + extent >= base) |
|
72 |
+ { |
|
73 |
+ if (test < base + extent) |
|
74 |
+ return true; |
|
75 |
+ } |
|
76 |
+ else |
|
77 |
+ { |
|
78 |
+ if ((test+0x80000000u) < (base+0x80000000u) + extent) |
|
58 | 79 |
return true; |
59 | 80 |
} |
60 | 81 |
|
... | ... |
@@ -68,7 +89,7 @@ static inline bool |
68 | 68 |
reliable_pid_min (const packet_id_type p1, |
69 | 69 |
const packet_id_type p2) |
70 | 70 |
{ |
71 |
- return !reliable_pid_in_range (p1, p2, 0x80000000); |
|
71 |
+ return !reliable_pid_in_range1 (p1, p2, 0x80000000u); |
|
72 | 72 |
} |
73 | 73 |
|
74 | 74 |
/* check if a particular packet_id is present in ack */ |
... | ... |
@@ -386,7 +407,7 @@ reliable_wont_break_sequentiality (const struct reliable *rel, packet_id_type id |
386 | 386 |
{ |
387 | 387 |
struct gc_arena gc = gc_new (); |
388 | 388 |
|
389 |
- const int ret = reliable_pid_in_range (id, rel->packet_id, rel->size); |
|
389 |
+ const int ret = reliable_pid_in_range2 (id, rel->packet_id, rel->size); |
|
390 | 390 |
|
391 | 391 |
if (!ret) |
392 | 392 |
{ |
... | ... |
@@ -441,7 +462,7 @@ reliable_get_buf_output_sequenced (struct reliable *rel) |
441 | 441 |
} |
442 | 442 |
} |
443 | 443 |
|
444 |
- if (!min_id_defined || reliable_pid_in_range (rel->packet_id, min_id, rel->size)) |
|
444 |
+ if (!min_id_defined || reliable_pid_in_range1 (rel->packet_id, min_id, rel->size)) |
|
445 | 445 |
{ |
446 | 446 |
ret = reliable_get_buf (rel); |
447 | 447 |
} |