Version 2.1_rc11

Fixed a bug that can cause SSL/TLS negotiations in UDP mode
to fail if UDP packets are dropped.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/ChangeLog b/ChangeLog
index 1da49bd979e7caf79853aa81c7754274ef657e8f..0d841d75be52f1fc9193e939495cb603db061eef 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,11 @@ Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net>
 
 $Id$
 
+2008.09.14 -- Version 2.1_rc11
+
+* Fixed a bug that can cause SSL/TLS negotiations in UDP mode
+  to fail if UDP packets are dropped.
+
 2008.09.10 -- Version 2.1_rc10
 
 * Added "--server-bridge" (without parameters) to enable

diff --git a/gremlin.h b/gremlin.h
index d7ea4243a92919acc47b8ceef3f11f04663aafb0..990f17b96825e0f6e19197b16917253ee279746b 100644 (file)
--- a/gremlin.h
+++ b/gremlin.h
@@ -43,6 +43,8 @@
 #define GREMLIN_UP_DOWN_SHIFT            (7)
 #define GREMLIN_UP_DOWN_MASK             (0x03)
 
+/* 512:1/500 1024:1/100 1536:1/50 */
+
 #define GREMLIN_DROP_SHIFT               (9)
 #define GREMLIN_DROP_MASK                (0x03)
 

diff --git a/reliable.c b/reliable.c
index 4958f7ead7ef6f716d431743078bccc4728c593f..bd77071f275b318e4b70f7aa83a548641e67a840 100644 (file)
--- a/reliable.c
+++ b/reliable.c
@@ -42,9 +42,9 @@
  * verify that test - base < extent while allowing for base or test wraparound
  */
 static inline bool
-reliable_pid_in_range (const packet_id_type test,
-                      const packet_id_type base,
-                      const unsigned int extent)
+reliable_pid_in_range1 (const packet_id_type test,
+                       const packet_id_type base,
+                       const unsigned int extent)
 {
   if (test >= base)
     {
@@ -52,9 +52,30 @@ reliable_pid_in_range (const packet_id_type test,
        return true;
     }
   else
-    {      
-      const packet_id_type be = base + extent;
-      if (test < be && be < base)
+    {
+      if ((test+0x80000000u) - (base+0x80000000u) < extent)
+       return true;
+    }
+
+  return false;
+}
+
+/*
+ * verify that test < base + extent while allowing for base or test wraparound
+ */
+static inline bool
+reliable_pid_in_range2 (const packet_id_type test,
+                       const packet_id_type base,
+                       const unsigned int extent)
+{
+  if (base + extent >= base)
+    {
+      if (test < base + extent)
+       return true;
+    }
+  else
+    {
+      if ((test+0x80000000u) < (base+0x80000000u) + extent)
        return true;
     }
 
@@ -68,7 +89,7 @@ static inline bool
 reliable_pid_min (const packet_id_type p1,
                  const packet_id_type p2)
 {
-  return !reliable_pid_in_range (p1, p2, 0x80000000);
+  return !reliable_pid_in_range1 (p1, p2, 0x80000000u);
 }
 
 /* check if a particular packet_id is present in ack */
@@ -386,7 +407,7 @@ reliable_wont_break_sequentiality (const struct reliable *rel, packet_id_type id
 {
   struct gc_arena gc = gc_new ();
 
-  const int ret = reliable_pid_in_range (id, rel->packet_id, rel->size);
+  const int ret = reliable_pid_in_range2 (id, rel->packet_id, rel->size);
 
   if (!ret)
     {
@@ -441,7 +462,7 @@ reliable_get_buf_output_sequenced (struct reliable *rel)
        }
     }
 
-  if (!min_id_defined || reliable_pid_in_range (rel->packet_id, min_id, rel->size))
+  if (!min_id_defined || reliable_pid_in_range1 (rel->packet_id, min_id, rel->size))
     {
       ret = reliable_get_buf (rel);
     }

diff --git a/version.m4 b/version.m4
index bc944ff3d7acf2ff0cdf1a85f268603c9266044d..816cf9c51a61630e84ad620f9bd6616023495ca2 100644 (file)
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1_rc10])
+define(PRODUCT_VERSION,[2.1_rc11])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])