Author: zawadaa Date: Thu Apr 6 21:58:27 2006 GMT Module: SOURCES Tag: HEAD ---- Log message: - for 2.0.6
---- Files affected: SOURCES: openvpn-2.0_rc16MH.patch (1.1 -> 1.2) ---- Diffs: ================================================================ Index: SOURCES/openvpn-2.0_rc16MH.patch diff -u SOURCES/openvpn-2.0_rc16MH.patch:1.1 SOURCES/openvpn-2.0_rc16MH.patch:1.2 --- SOURCES/openvpn-2.0_rc16MH.patch:1.1 Mon Aug 29 22:48:16 2005 +++ SOURCES/openvpn-2.0_rc16MH.patch Thu Apr 6 23:58:22 2006 @@ -528,15 +528,16 @@ if (!socket_defined (new_sd)) msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed"); -@@ -523,14 +532,14 @@ +@@ -522,7 +531,7 @@ #endif else { - new_sd = accept (sd, (struct sockaddr *) remote, &remote_len); + new_sd = accept (sd, (struct sockaddr *) &act->dest.sa, &remote_len); } - - if (!socket_defined (new_sd)) + + #if 0 /* For debugging only, test the effect of accept() failures */ +@@ -538,7 +547,7 @@ { msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd); } @@ -1719,9 +1720,9 @@ #endif #endif diff -ur openvpn-2.0_rc16/ssl.c openvpn-2.0_rc16MH/ssl.c ---- openvpn-2.0_rc16/ssl.c 2005-02-15 21:12:55.000000000 -0700 -+++ openvpn-2.0_rc16MH/ssl.c 2005-02-25 14:47:45.000000000 -0700 -@@ -362,7 +362,7 @@ +--- openvpn-2.0_rc16/ssl.c.orig 2005-12-13 17:10:01.000000000 +0000 ++++ openvpn-2.0_rc16MH/ssl.c 2006-04-06 20:23:48.000000000 +0000 +@@ -373,7 +373,7 @@ static void setenv_untrusted (struct tls_session *session) { @@ -1730,7 +1731,7 @@ } static void -@@ -1784,7 +1784,7 @@ +@@ -1814,7 +1814,7 @@ write_control_auth (struct tls_session *session, struct key_state *ks, struct buffer *buf, @@ -1739,7 +1740,7 @@ int opcode, int max_ack, bool prepend_ack) -@@ -1792,7 +1792,7 @@ +@@ -1822,7 +1822,7 @@ uint8_t *header; struct buffer null = clear_buf (); @@ -1748,7 +1749,7 @@ ASSERT (reliable_ack_write (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack)); ASSERT (session_id_write_prepend (&session->session_id, buf)); -@@ -1804,7 +1804,7 @@ +@@ -1834,7 +1834,7 @@ openvpn_encrypt (buf, null, &session->tls_auth, NULL); ASSERT (swap_hmac (buf, &session->tls_auth, false)); } @@ -1757,7 +1758,7 @@ } /* -@@ -1813,7 +1813,7 @@ +@@ -1843,7 +1843,7 @@ static bool read_control_auth (struct buffer *buf, const struct crypto_options *co, @@ -1766,7 +1767,7 @@ { struct gc_arena gc = gc_new (); -@@ -1826,7 +1826,7 @@ +@@ -1856,7 +1856,7 @@ { msg (D_TLS_ERRORS, "TLS Error: cannot locate HMAC in incoming packet from %s", @@ -1775,7 +1776,7 @@ gc_free (&gc); return false; } -@@ -1838,7 +1838,7 @@ +@@ -1868,7 +1868,7 @@ { msg (D_TLS_ERRORS, "TLS Error: incoming packet authentication failed from %s", @@ -1784,7 +1785,7 @@ gc_free (&gc); return false; } -@@ -2720,7 +2720,7 @@ +@@ -2757,7 +2757,7 @@ tls_process (struct tls_multi *multi, struct tls_session *session, struct buffer *to_link, @@ -1793,7 +1794,7 @@ struct link_socket_info *to_link_socket_info, interval_t *wakeup) { -@@ -3113,7 +3113,7 @@ +@@ -3151,7 +3151,7 @@ bool tls_multi_process (struct tls_multi *multi, struct buffer *to_link, @@ -1802,7 +1803,7 @@ struct link_socket_info *to_link_socket_info, interval_t *wakeup) { -@@ -3137,7 +3137,7 @@ +@@ -3177,7 +3177,7 @@ /* set initial remote address */ if (i == TM_ACTIVE && ks->state == S_INITIAL && @@ -1811,7 +1812,7 @@ ks->remote_addr = to_link_socket_info->lsa->actual; dmsg (D_TLS_DEBUG, -@@ -3146,17 +3146,30 @@ +@@ -3186,17 +3186,30 @@ state_name (ks->state), session_id_print (&session->session_id, &gc), session_id_print (&ks->session_id_remote, &gc), @@ -1845,7 +1846,7 @@ * If tls_process hits an error: * (1) If the session has an unexpired lame duck key, preserve it. * (2) Reinitialize the session. -@@ -3275,7 +3288,7 @@ +@@ -3315,7 +3328,7 @@ bool tls_pre_decrypt (struct tls_multi *multi, @@ -1854,7 +1855,7 @@ struct buffer *buf, struct crypto_options *opt) { -@@ -3317,7 +3330,7 @@ +@@ -3357,7 +3370,7 @@ if (DECRYPT_KEY_ENABLED (multi, ks) && key_id == ks->key_id && ks->authenticated @@ -1863,7 +1864,7 @@ { /* return appropriate data channel decrypt key in opt */ opt->key_ctx_bi = &ks->key; -@@ -3330,7 +3343,7 @@ +@@ -3370,7 +3383,7 @@ ks->n_bytes += buf->len; dmsg (D_TLS_DEBUG, "TLS: data channel, key_id=%d, IP=%s", @@ -1872,7 +1873,7 @@ gc_free (&gc); return ret; } -@@ -3343,14 +3356,14 @@ +@@ -3383,14 +3396,14 @@ key_id, ks->key_id, ks->authenticated, @@ -1889,7 +1890,7 @@ goto error; } else /* control channel packet */ -@@ -3364,7 +3377,7 @@ +@@ -3404,7 +3417,7 @@ { msg (D_TLS_ERRORS, "TLS Error: unknown opcode received from %s op=%d", @@ -1898,7 +1899,7 @@ goto error; } -@@ -3379,7 +3392,7 @@ +@@ -3419,7 +3432,7 @@ { msg (D_TLS_ERRORS, "TLS Error: client->client or server->server connection attempted from %s", @@ -1907,7 +1908,7 @@ goto error; } } -@@ -3388,7 +3401,7 @@ +@@ -3428,7 +3441,7 @@ * Authenticate Packet */ dmsg (D_TLS_DEBUG, "TLS: control channel, op=%s, IP=%s", @@ -1916,7 +1917,7 @@ /* get remote session-id */ { -@@ -3398,7 +3411,7 @@ +@@ -3438,7 +3451,7 @@ { msg (D_TLS_ERRORS, "TLS Error: session-id not found in packet from %s", @@ -1925,7 +1926,7 @@ goto error; } } -@@ -3415,9 +3428,9 @@ +@@ -3455,9 +3468,9 @@ state_name (ks->state), session_id_print (&session->session_id, &gc), session_id_print (&sid, &gc), @@ -1937,16 +1938,16 @@ if (session_id_equal (&ks->session_id_remote, &sid)) /* found a match */ -@@ -3462,7 +3475,7 @@ +@@ -3502,7 +3515,7 @@ { msg (D_TLS_ERRORS, - "TLS Error: Cannot accept new session request from %s due to --single-session [1]", + "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [1]", - print_sockaddr (from, &gc)); + print_link_socket_actual (from, &gc)); goto error; } -@@ -3478,13 +3491,13 @@ +@@ -3518,13 +3531,13 @@ msg (D_TLS_DEBUG_LOW, "TLS: Initial packet from %s, sid=%s", @@ -1962,16 +1963,16 @@ } } -@@ -3504,7 +3517,7 @@ +@@ -3544,7 +3557,7 @@ { msg (D_TLS_ERRORS, - "TLS Error: Cannot accept new session request from %s due to --single-session [2]", + "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [2]", - print_sockaddr (from, &gc)); + print_link_socket_actual (from, &gc)); goto error; } -@@ -3527,11 +3540,11 @@ +@@ -3567,11 +3580,11 @@ */ msg (D_TLS_DEBUG_LOW, "TLS: new session incoming connection from %s", @@ -1985,7 +1986,7 @@ } else { -@@ -3545,7 +3558,7 @@ +@@ -3585,7 +3598,7 @@ { msg (D_TLS_ERRORS, "TLS Error: Unroutable control packet received from %s (si=%d op=%s)", @@ -1994,7 +1995,7 @@ i, packet_opcode_name (op)); goto error; -@@ -3554,10 +3567,10 @@ +@@ -3594,10 +3607,10 @@ /* * Verify remote IP address */ @@ -2007,7 +2008,7 @@ goto error; } -@@ -3619,11 +3632,11 @@ +@@ -3659,11 +3672,11 @@ ks->remote_addr = *from; ++multi->n_sessions; } @@ -2021,7 +2022,7 @@ goto error; } -@@ -3720,8 +3733,9 @@ +@@ -3761,8 +3774,9 @@ */ bool tls_pre_decrypt_lite (const struct tls_auth_standalone *tas, @@ -2032,7 +2033,7 @@ { struct gc_arena gc = gc_new (); bool ret = false; -@@ -3748,7 +3762,7 @@ +@@ -3789,7 +3803,7 @@ */ dmsg (D_TLS_STATE_ERRORS, "TLS State Error: No TLS state for client %s, opcode=%d", @@ -2041,7 +2042,7 @@ op); goto error; } -@@ -3758,7 +3772,7 @@ +@@ -3799,7 +3813,7 @@ dmsg (D_TLS_STATE_ERRORS, "TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected", key_id, @@ -2050,7 +2051,7 @@ goto error; } -@@ -3767,7 +3781,7 @@ +@@ -3808,7 +3822,7 @@ dmsg (D_TLS_STATE_ERRORS, "TLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expected", buf->len, ================================================================ ---- CVS-web: http://cvs.pld-linux.org/SOURCES/openvpn-2.0_rc16MH.patch?r1=1.1&r2=1.2&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit