UDP sessions when the client daemon was running in UDP/TCP adaptive
mode, and transitioned from TCP to UDP.
The bug would cause a single dropped packet in UDP mode to trigger a
barrage of packet replay errors followed by a disconnect and
reconnect.
Version 2.1.3r
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7125
e7ae566f-a301-0410-adde-
c780ea21d3b5
options->ping_rec_timeout_action = PING_RESTART;
}
#endif
-#ifdef USE_CRYPTO
- /*
- * Don't use replay window for TCP mode (i.e. require that packets be strictly in sequence).
- */
- if (link_socket_proto_connection_oriented (options->ce.proto))
- options->replay_window = options->replay_time = 0;
-#endif
}
#if HTTP_PROXY_FALLBACK
/* Initialize packet ID tracking */
if (options->replay)
{
- packet_id_init (&c->c2.packet_id, options->replay_window,
- options->replay_time, "STATIC", 0);
+ packet_id_init (&c->c2.packet_id,
+ link_socket_proto_connection_oriented (options->ce.proto),
+ options->replay_window,
+ options->replay_time,
+ "STATIC", 0);
c->c2.crypto_options.packet_id = &c->c2.packet_id;
c->c2.crypto_options.pid_persist = &c->c1.pid_persist;
c->c2.crypto_options.flags |= CO_PACKET_ID_LONG_FORM;
to.replay = options->replay;
to.replay_window = options->replay_window;
to.replay_time = options->replay_time;
+ to.tcp_mode = link_socket_proto_connection_oriented (options->ce.proto);
to.transition_window = options->transition_window;
to.handshake_window = options->handshake_window;
to.packet_timeout = options->tls_timeout;
}
void
-packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit)
+packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit)
{
- dmsg (D_PID_DEBUG, "PID packet_id_init seq_backtrack=%d time_backtrack=%d",
+ dmsg (D_PID_DEBUG, "PID packet_id_init tcp_mode=%d seq_backtrack=%d time_backtrack=%d",
+ tcp_mode,
seq_backtrack,
time_backtrack);
p->rec.name = name;
p->rec.unit = unit;
- if (seq_backtrack)
+ if (seq_backtrack && !tcp_mode)
{
ASSERT (MIN_SEQ_BACKTRACK <= seq_backtrack && seq_backtrack <= MAX_SEQ_BACKTRACK);
ASSERT (MIN_TIME_BACKTRACK <= time_backtrack && time_backtrack <= MAX_TIME_BACKTRACK);
struct packet_id_rec rec;
};
-void packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit);
+void packet_id_init (struct packet_id *p, bool tcp_mode, int seq_backtrack, int time_backtrack, const char *name, int unit);
void packet_id_free (struct packet_id *p);
/* should we accept an incoming packet id ? */
/* init packet ID tracker */
packet_id_init (&ks->packet_id,
+ session->opt->tcp_mode,
session->opt->replay_window,
session->opt->replay_time,
"SSL", ks->key_id);
/* initialize packet ID replay window for --tls-auth */
packet_id_init (session->tls_auth.packet_id,
+ session->opt->tcp_mode,
session->opt->replay_window,
session->opt->replay_time,
"TLS_AUTH", session->key_id);
int replay_window; /* --replay-window parm */
int replay_time; /* --replay-window parm */
+ bool tcp_mode;
/* packet authentication for TLS handshake */
struct crypto_options tls_auth;
dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1.3q])
+define(PRODUCT_VERSION,[2.1.3r])
dnl define the TAP version
define(PRODUCT_TAP_ID,[tap0901])
define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])