Update session id patch

--HG-- extra : rebase_source : 6bfd891e0eaf09b69bd2e588bd685c7fad1d2416
author: Arne Schwabe <arne@rfc2549.org> 2014-10-16 12:46:01 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2014-10-16 12:46:01 +0200
commit: 75c8a793a2789f5eb230bd83fe167cd537358360 (patch)
tree: 5cdb04296f07114ba03eea6e026417db0251b3de
parent: de0fb97e71f0bc63f59ad8a6cfa19dc4914f2514 (diff)
8 files changed, 38 insertions, 19 deletions
diff --git a/main/openvpn/src/openvpn/init.c b/main/openvpn/src/openvpn/init.c
index 6137588d..6380719f 100644
--- a/main/openvpn/src/openvpn/init.c
+++ b/main/openvpn/src/openvpn/init.c
@@ -1718,7 +1718,8 @@ pull_permission_mask (const struct context *c)
     | OPT_P_MESSAGES
     | OPT_P_EXPLICIT_NOTIFY
     | OPT_P_ECHO
-    | OPT_P_PULL_MODE;
+    | OPT_P_PULL_MODE
+    | OPT_P_SESSION_ID;
 
   if (!c->options.route_nopull)
     flags |= (OPT_P_ROUTE | OPT_P_IPWIN32);
@@ -1795,6 +1796,13 @@ do_deferred_options (struct context *c, const unsigned int found)
     msg (D_PUSH, "OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified");
   if (found & OPT_P_SETENV)
     msg (D_PUSH, "OPTIONS IMPORT: environment modified");
+
+  if (found & OPT_P_SESSION_ID)
+    {
+      msg (D_PUSH, "OPTIONS IMPORT: session-id set");
+      c->c2.tls_multi->use_session_id = true;
+      c->c2.tls_multi->vpn_session_id = c->options.vpn_session_id;
+    }
 }
 
 /*
diff --git a/main/openvpn/src/openvpn/mudp.c b/main/openvpn/src/openvpn/mudp.c
index f7ab6253..7a6911ca 100644
--- a/main/openvpn/src/openvpn/mudp.c
+++ b/main/openvpn/src/openvpn/mudp.c
@@ -112,7 +112,7 @@ multi_get_create_instance_udp (struct multi_context *m)
 
       if (op == P_DATA_V2)
 	{
-	  sess_id = (*(uint32_t*)ptr) >> 8;
+	  sess_id = ntohl((*(uint32_t*)ptr)) & 0xFFFFFF;
 	  if ((sess_id < m->max_clients) && (m->instances[sess_id]))
 	    {
 	      mi = m->instances[sess_id];
diff --git a/main/openvpn/src/openvpn/options.c b/main/openvpn/src/openvpn/options.c
index 6adccc6f..da143114 100644
--- a/main/openvpn/src/openvpn/options.c
+++ b/main/openvpn/src/openvpn/options.c
@@ -3913,19 +3913,9 @@ apply_push_options (struct options *options,
       ++line_num;
       if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc))
 	{
-	  if (streq(p[0], "session_id"))
-	    {
-	      /* Server supports P_DATA_V2 */
-	      tls_multi->vpn_session_id = atoi(p[1]);
-	      tls_multi->use_session_id = true;
-	      msg(D_PUSH, "session id: %d", tls_multi->vpn_session_id);
-	    }
-	  else
-	    {
 	      add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es);
 	    }
 	}
-    }
   return true;
 }
 
@@ -6986,6 +6976,12 @@ add_option (struct options *options,
       options->persist_mode = 1;
     }
 #endif
+  else if (streq (p[0], "session-id"))
+    {
+      VERIFY_PERMISSION (OPT_P_SESSION_ID);
+      options->use_session_id = true;
+      options->vpn_session_id = atoi(p[1]);
+    }
   else
     {
       int i;
diff --git a/main/openvpn/src/openvpn/options.h b/main/openvpn/src/openvpn/options.h
index 77c942ca..537b8314 100644
--- a/main/openvpn/src/openvpn/options.h
+++ b/main/openvpn/src/openvpn/options.h
@@ -591,6 +591,9 @@ struct options
   bool show_net_up;
   int route_method;
 #endif
+
+  bool use_session_id;
+  uint32_t vpn_session_id;
 };
 
 #define streq(x, y) (!strcmp((x), (y)))
@@ -626,6 +629,7 @@ struct options
 #define OPT_P_SOCKBUF         (1<<25)
 #define OPT_P_SOCKFLAGS       (1<<26)
 #define OPT_P_CONNECTION      (1<<27)
+#define OPT_P_SESSION_ID      (1<<28)
 
 #define OPT_P_DEFAULT   (~(OPT_P_INSTANCE|OPT_P_PULL_MODE))
 
diff --git a/main/openvpn/src/openvpn/push.c b/main/openvpn/src/openvpn/push.c
index 028d838e..af351763 100644
--- a/main/openvpn/src/openvpn/push.c
+++ b/main/openvpn/src/openvpn/push.c
@@ -303,9 +303,17 @@ send_push_reply (struct context *c)
   if (multi_push)
     buf_printf (&buf, ",push-continuation 1");
 
-  /* Send session_id if client supports it */
-  if (c->c2.tls_multi->peer_info && strstr(c->c2.tls_multi->peer_info, "IV_PROTO=2")) {
-      buf_printf(&buf, ",session_id %d", c->c2.tls_multi->vpn_session_id);
+  /* Send session-id if client supports it */
+  if (c->c2.tls_multi->peer_info)
+    {
+      const char* proto_str = strstr(c->c2.tls_multi->peer_info, "IV_PROTO=");
+      if (proto_str)
+	{
+	  int proto = 0;
+	  int r = sscanf(proto_str, "IV_PROTO=%d", &proto);
+	  if ((r == 1) && (proto >= 2))
+	    buf_printf(&buf, ",session-id %d", c->c2.tls_multi->vpn_session_id);
+	}
   }
 
   if (BLEN (&buf) > sizeof(cmd)-1)
diff --git a/main/openvpn/src/openvpn/ssl.c b/main/openvpn/src/openvpn/ssl.c
index 929f95fa..e1e0f31d 100644
--- a/main/openvpn/src/openvpn/ssl.c
+++ b/main/openvpn/src/openvpn/ssl.c
@@ -2826,7 +2826,10 @@ tls_pre_decrypt (struct tls_multi *multi,
 		  opt->flags &= multi->opt.crypto_flags_and;
 		  opt->flags |= multi->opt.crypto_flags_or;
 
-		  ASSERT (buf_advance (buf, op == P_DATA_V1 ? 1 : 4));
+		  ASSERT (buf_advance (buf, 1));
+		  if (op == P_DATA_V2) {
+		    buf_advance (buf, 3);
+		  }
 
 		  ++ks->n_packets;
 		  ks->n_bytes += buf->len;
@@ -3403,7 +3406,7 @@ tls_post_encrypt (struct tls_multi *multi, struct buffer *buf)
 
       if (!multi->opt.server && multi->use_session_id)
 	{
-	  sess = ((P_DATA_V2 << P_OPCODE_SHIFT) | ks->key_id) | (multi->vpn_session_id << 8);
+	  sess = htonl(((P_DATA_V2 << P_OPCODE_SHIFT) | ks->key_id) << 24 | (multi->vpn_session_id & 0xFFFFFF));
 	  ASSERT (buf_write_prepend (buf, &sess, 4));
 	}
       else
diff --git a/main/openvpn/src/openvpn/ssl.h b/main/openvpn/src/openvpn/ssl.h
index 9bdd641f..a53f4aef 100644
--- a/main/openvpn/src/openvpn/ssl.h
+++ b/main/openvpn/src/openvpn/ssl.h
@@ -60,7 +60,7 @@
 #define P_CONTROL_V1                   4     /* control channel packet (usually TLS ciphertext) */
 #define P_ACK_V1                       5     /* acknowledgement for packets received */
 #define P_DATA_V1                      6     /* data channel packet */
-#define P_DATA_V2                      9     /* data channel packet with session_id */
+#define P_DATA_V2                      9     /* data channel packet with session-id */
 
 /* indicates key_method >= 2 */
 #define P_CONTROL_HARD_RESET_CLIENT_V2 7     /* initial key from client, forget previous state */
diff --git a/main/openvpn/src/openvpn/ssl_common.h b/main/openvpn/src/openvpn/ssl_common.h
index 2fc72aa6..3288adf3 100644
--- a/main/openvpn/src/openvpn/ssl_common.h
+++ b/main/openvpn/src/openvpn/ssl_common.h
@@ -497,7 +497,7 @@ struct tls_multi
 
   /* For P_DATA_V2 */
   uint32_t vpn_session_id;
-  int use_session_id;
+  bool use_session_id;
 
   /*
    * Our session objects.
author	Arne Schwabe <arne@rfc2549.org>	2014-10-16 12:46:01 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2014-10-16 12:46:01 +0200
commit	75c8a793a2789f5eb230bd83fe167cd537358360 (patch)
tree	5cdb04296f07114ba03eea6e026417db0251b3de
parent	de0fb97e71f0bc63f59ad8a6cfa19dc4914f2514 (diff)