Ticket #879: 0001-XXX-Restore-pre-NCP-frame-parameters-for-new-session.patch

File 0001-XXX-Restore-pre-NCP-frame-parameters-for-new-session.patch, 3.4 KB (added by Steffan Karger, 7 years ago)

  • src/openvpn/forward.c 

    From 72327ec5d19983ddad646cc1e227579be1a8fdb3 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Sun, 7 May 2017 17:19:37 +0200
Subject: [PATCH] XXX Restore pre-NCP frame parameters for new sessions

---
 src/openvpn/forward.c | 7 +++++++
 src/openvpn/init.c    | 2 ++
 src/openvpn/openvpn.h | 3 ++-
 src/openvpn/ssl.c     | 9 +--------
 src/openvpn/ssl.h     | 8 ++++++++
 5 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 8102e94..2f3f3c5 100644
    a b process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, boo 
    866866             * will load crypto_options with the correct encryption key
    867867             * and return false.
    868868             */
     869            uint8_t opcode = *BPTR(&c->c2.buf) >> P_OPCODE_SHIFT;
    869870            if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co,
    870871                                floated, &ad_start))
    871872            {
     873                /* Restore pre-NCP frame parameters */
     874                if (is_hard_reset(opcode, c->options.key_method))
     875                {
     876                    c->c2.frame = c->c2.frame_initial;
     877                }
     878
    872879                interval_action(&c->c2.tmp_int);
    873880
    874881                /* reset packet received timer if TLS packet */

  • src/openvpn/init.c 

    diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 4c78d0b..607e2a5 100644
    a b init_instance(struct context *c, const struct env_set *env, const unsigned int f 
    40694069        c->c2.did_open_tun = do_open_tun(c);
    40704070    }
    40714071
     4072    c->c2.frame_initial = c->c2.frame;
     4073
    40724074    /* print MTU info */
    40734075    do_print_data_channel_mtu_parms(c);
    40744076

  • src/openvpn/openvpn.h 

    diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 893296e..f8682d1 100644
    a b struct context_2 
    263263    struct link_socket_actual from;             /* address of incoming datagram */
    264264
    265265    /* MTU frame parameters */
    266     struct frame frame;
     266    struct frame frame;                         /* Active frame parameters */
     267    struct frame frame_initial;                 /* Restored on new session */
    267268
    268269#ifdef ENABLE_FRAGMENT
    269270    /* Object to handle advanced MTU negotiation and datagram fragmentation */

  • src/openvpn/ssl.c 

    diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 1033e58..630b77f 100644
    a b print_key_id(struct tls_multi *multi, struct gc_arena *gc) 
    832832    return BSTR(&out);
    833833}
    834834
    835 /*
    836  * Given a key_method, return true if op
    837  * represents the required form of hard_reset.
    838  *
    839  * If key_method = 0, return true if any
    840  * form of hard reset is used.
    841  */
    842 static bool
     835bool
    843836is_hard_reset(int op, int key_method)
    844837{
    845838    if (!key_method || key_method == 1)

  • src/openvpn/ssl.h 

    diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index ed1344e..03688ca 100644
    a b void show_tls_performance_stats(void); 
    591591/*#define EXTRACT_X509_FIELD_TEST*/
    592592void extract_x509_field_test(void);
    593593
     594/**
     595 * Given a key_method, return true if opcode represents the required form of
     596 * hard_reset.
     597 *
     598 * If key_method == 0, return true if any form of hard reset is used.
     599 */
     600bool is_hard_reset(int op, int key_method);
     601
    594602#endif /* ENABLE_CRYPTO */
    595603
    596604#endif /* ifndef OPENVPN_SSL_H */