From 5fc108729b7b8411d20be9a8bc702d3b15cdacf0 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Mon, 15 Sep 2008 01:46:29 +0000
Subject: Version 2.1_rc11

Fixed a bug that can cause SSL/TLS negotiations in UDP mode
to fail if UDP packets are dropped.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3330 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 ChangeLog  |  5 +++++
 gremlin.h  |  2 ++
 reliable.c | 39 ++++++++++++++++++++++++++++++---------
 version.m4 |  2 +-
 4 files changed, 38 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1da49bd..0d841d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,11 @@ Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net>
 
 $Id$
 
+2008.09.14 -- Version 2.1_rc11
+
+* Fixed a bug that can cause SSL/TLS negotiations in UDP mode
+  to fail if UDP packets are dropped.
+
 2008.09.10 -- Version 2.1_rc10
 
 * Added "--server-bridge" (without parameters) to enable
diff --git a/gremlin.h b/gremlin.h
index d7ea424..990f17b 100644
--- a/gremlin.h
+++ b/gremlin.h
@@ -43,6 +43,8 @@
 #define GREMLIN_UP_DOWN_SHIFT            (7)
 #define GREMLIN_UP_DOWN_MASK             (0x03)
 
+/* 512:1/500 1024:1/100 1536:1/50 */
+
 #define GREMLIN_DROP_SHIFT               (9)
 #define GREMLIN_DROP_MASK                (0x03)
 
diff --git a/reliable.c b/reliable.c
index 4958f7e..bd77071 100644
--- a/reliable.c
+++ b/reliable.c
@@ -42,9 +42,9 @@
  * verify that test - base < extent while allowing for base or test wraparound
  */
 static inline bool
-reliable_pid_in_range (const packet_id_type test,
-		       const packet_id_type base,
-		       const unsigned int extent)
+reliable_pid_in_range1 (const packet_id_type test,
+			const packet_id_type base,
+			const unsigned int extent)
 {
   if (test >= base)
     {
@@ -52,9 +52,30 @@ reliable_pid_in_range (const packet_id_type test,
 	return true;
     }
   else
-    {      
-      const packet_id_type be = base + extent;
-      if (test < be && be < base)
+    {
+      if ((test+0x80000000u) - (base+0x80000000u) < extent)
+	return true;
+    }
+
+  return false;
+}
+
+/*
+ * verify that test < base + extent while allowing for base or test wraparound
+ */
+static inline bool
+reliable_pid_in_range2 (const packet_id_type test,
+			const packet_id_type base,
+			const unsigned int extent)
+{
+  if (base + extent >= base)
+    {
+      if (test < base + extent)
+	return true;
+    }
+  else
+    {
+      if ((test+0x80000000u) < (base+0x80000000u) + extent)
 	return true;
     }
 
@@ -68,7 +89,7 @@ static inline bool
 reliable_pid_min (const packet_id_type p1,
 		  const packet_id_type p2)
 {
-  return !reliable_pid_in_range (p1, p2, 0x80000000);
+  return !reliable_pid_in_range1 (p1, p2, 0x80000000u);
 }
 
 /* check if a particular packet_id is present in ack */
@@ -386,7 +407,7 @@ reliable_wont_break_sequentiality (const struct reliable *rel, packet_id_type id
 {
   struct gc_arena gc = gc_new ();
 
-  const int ret = reliable_pid_in_range (id, rel->packet_id, rel->size);
+  const int ret = reliable_pid_in_range2 (id, rel->packet_id, rel->size);
 
   if (!ret)
     {
@@ -441,7 +462,7 @@ reliable_get_buf_output_sequenced (struct reliable *rel)
 	}
     }
 
-  if (!min_id_defined || reliable_pid_in_range (rel->packet_id, min_id, rel->size))
+  if (!min_id_defined || reliable_pid_in_range1 (rel->packet_id, min_id, rel->size))
     {
       ret = reliable_get_buf (rel);
     }
diff --git a/version.m4 b/version.m4
index bc944ff..816cf9c 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1_rc10])
+define(PRODUCT_VERSION,[2.1_rc11])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])
-- 
cgit