Browse code
Version 2.1_rc11
Fixed a bug that can cause SSL/TLS negotiations in UDP mode
to fail if UDP packets are dropped.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2008/09/15 10:46:29Showing 4 changed files
| ... | ... |
@@ -3,6 +3,11 @@ Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net> |
| 3 | 3 |
|
| 4 | 4 |
$Id$ |
| 5 | 5 |
|
| 6 |
+2008.09.14 -- Version 2.1_rc11 |
|
| 7 |
+ |
|
| 8 |
+* Fixed a bug that can cause SSL/TLS negotiations in UDP mode |
|
| 9 |
+ to fail if UDP packets are dropped. |
|
| 10 |
+ |
|
| 6 | 11 |
2008.09.10 -- Version 2.1_rc10 |
| 7 | 12 |
|
| 8 | 13 |
* Added "--server-bridge" (without parameters) to enable |
| ... | ... |
@@ -42,9 +42,9 @@ |
| 42 | 42 |
* verify that test - base < extent while allowing for base or test wraparound |
| 43 | 43 |
*/ |
| 44 | 44 |
static inline bool |
| 45 |
-reliable_pid_in_range (const packet_id_type test, |
|
| 46 |
- const packet_id_type base, |
|
| 47 |
- const unsigned int extent) |
|
| 45 |
+reliable_pid_in_range1 (const packet_id_type test, |
|
| 46 |
+ const packet_id_type base, |
|
| 47 |
+ const unsigned int extent) |
|
| 48 | 48 |
{
|
| 49 | 49 |
if (test >= base) |
| 50 | 50 |
{
|
| ... | ... |
@@ -52,9 +52,30 @@ reliable_pid_in_range (const packet_id_type test, |
| 52 | 52 |
return true; |
| 53 | 53 |
} |
| 54 | 54 |
else |
| 55 |
- {
|
|
| 56 |
- const packet_id_type be = base + extent; |
|
| 57 |
- if (test < be && be < base) |
|
| 55 |
+ {
|
|
| 56 |
+ if ((test+0x80000000u) - (base+0x80000000u) < extent) |
|
| 57 |
+ return true; |
|
| 58 |
+ } |
|
| 59 |
+ |
|
| 60 |
+ return false; |
|
| 61 |
+} |
|
| 62 |
+ |
|
| 63 |
+/* |
|
| 64 |
+ * verify that test < base + extent while allowing for base or test wraparound |
|
| 65 |
+ */ |
|
| 66 |
+static inline bool |
|
| 67 |
+reliable_pid_in_range2 (const packet_id_type test, |
|
| 68 |
+ const packet_id_type base, |
|
| 69 |
+ const unsigned int extent) |
|
| 70 |
+{
|
|
| 71 |
+ if (base + extent >= base) |
|
| 72 |
+ {
|
|
| 73 |
+ if (test < base + extent) |
|
| 74 |
+ return true; |
|
| 75 |
+ } |
|
| 76 |
+ else |
|
| 77 |
+ {
|
|
| 78 |
+ if ((test+0x80000000u) < (base+0x80000000u) + extent) |
|
| 58 | 79 |
return true; |
| 59 | 80 |
} |
| 60 | 81 |
|
| ... | ... |
@@ -68,7 +89,7 @@ static inline bool |
| 68 | 68 |
reliable_pid_min (const packet_id_type p1, |
| 69 | 69 |
const packet_id_type p2) |
| 70 | 70 |
{
|
| 71 |
- return !reliable_pid_in_range (p1, p2, 0x80000000); |
|
| 71 |
+ return !reliable_pid_in_range1 (p1, p2, 0x80000000u); |
|
| 72 | 72 |
} |
| 73 | 73 |
|
| 74 | 74 |
/* check if a particular packet_id is present in ack */ |
| ... | ... |
@@ -386,7 +407,7 @@ reliable_wont_break_sequentiality (const struct reliable *rel, packet_id_type id |
| 386 | 386 |
{
|
| 387 | 387 |
struct gc_arena gc = gc_new (); |
| 388 | 388 |
|
| 389 |
- const int ret = reliable_pid_in_range (id, rel->packet_id, rel->size); |
|
| 389 |
+ const int ret = reliable_pid_in_range2 (id, rel->packet_id, rel->size); |
|
| 390 | 390 |
|
| 391 | 391 |
if (!ret) |
| 392 | 392 |
{
|
| ... | ... |
@@ -441,7 +462,7 @@ reliable_get_buf_output_sequenced (struct reliable *rel) |
| 441 | 441 |
} |
| 442 | 442 |
} |
| 443 | 443 |
|
| 444 |
- if (!min_id_defined || reliable_pid_in_range (rel->packet_id, min_id, rel->size)) |
|
| 444 |
+ if (!min_id_defined || reliable_pid_in_range1 (rel->packet_id, min_id, rel->size)) |
|
| 445 | 445 |
{
|
| 446 | 446 |
ret = reliable_get_buf (rel); |
| 447 | 447 |
} |