diff options
-rw-r--r-- | main/openvpn/src/openvpn/init.c | 10 | ||||
-rw-r--r-- | main/openvpn/src/openvpn/mudp.c | 2 | ||||
-rw-r--r-- | main/openvpn/src/openvpn/options.c | 16 | ||||
-rw-r--r-- | main/openvpn/src/openvpn/options.h | 4 | ||||
-rw-r--r-- | main/openvpn/src/openvpn/push.c | 14 | ||||
-rw-r--r-- | main/openvpn/src/openvpn/ssl.c | 7 | ||||
-rw-r--r-- | main/openvpn/src/openvpn/ssl.h | 2 | ||||
-rw-r--r-- | main/openvpn/src/openvpn/ssl_common.h | 2 |
8 files changed, 38 insertions, 19 deletions
diff --git a/main/openvpn/src/openvpn/init.c b/main/openvpn/src/openvpn/init.c index 6137588d..6380719f 100644 --- a/main/openvpn/src/openvpn/init.c +++ b/main/openvpn/src/openvpn/init.c @@ -1718,7 +1718,8 @@ pull_permission_mask (const struct context *c) | OPT_P_MESSAGES | OPT_P_EXPLICIT_NOTIFY | OPT_P_ECHO - | OPT_P_PULL_MODE; + | OPT_P_PULL_MODE + | OPT_P_SESSION_ID; if (!c->options.route_nopull) flags |= (OPT_P_ROUTE | OPT_P_IPWIN32); @@ -1795,6 +1796,13 @@ do_deferred_options (struct context *c, const unsigned int found) msg (D_PUSH, "OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified"); if (found & OPT_P_SETENV) msg (D_PUSH, "OPTIONS IMPORT: environment modified"); + + if (found & OPT_P_SESSION_ID) + { + msg (D_PUSH, "OPTIONS IMPORT: session-id set"); + c->c2.tls_multi->use_session_id = true; + c->c2.tls_multi->vpn_session_id = c->options.vpn_session_id; + } } /* diff --git a/main/openvpn/src/openvpn/mudp.c b/main/openvpn/src/openvpn/mudp.c index f7ab6253..7a6911ca 100644 --- a/main/openvpn/src/openvpn/mudp.c +++ b/main/openvpn/src/openvpn/mudp.c @@ -112,7 +112,7 @@ multi_get_create_instance_udp (struct multi_context *m) if (op == P_DATA_V2) { - sess_id = (*(uint32_t*)ptr) >> 8; + sess_id = ntohl((*(uint32_t*)ptr)) & 0xFFFFFF; if ((sess_id < m->max_clients) && (m->instances[sess_id])) { mi = m->instances[sess_id]; diff --git a/main/openvpn/src/openvpn/options.c b/main/openvpn/src/openvpn/options.c index 6adccc6f..da143114 100644 --- a/main/openvpn/src/openvpn/options.c +++ b/main/openvpn/src/openvpn/options.c @@ -3913,19 +3913,9 @@ apply_push_options (struct options *options, ++line_num; if (parse_line (line, p, SIZE (p), file, line_num, msglevel, &options->gc)) { - if (streq(p[0], "session_id")) - { - /* Server supports P_DATA_V2 */ - tls_multi->vpn_session_id = atoi(p[1]); - tls_multi->use_session_id = true; - msg(D_PUSH, "session id: %d", tls_multi->vpn_session_id); - } - else - { add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es); } } - } return true; } @@ -6986,6 +6976,12 @@ add_option (struct options *options, options->persist_mode = 1; } #endif + else if (streq (p[0], "session-id")) + { + VERIFY_PERMISSION (OPT_P_SESSION_ID); + options->use_session_id = true; + options->vpn_session_id = atoi(p[1]); + } else { int i; diff --git a/main/openvpn/src/openvpn/options.h b/main/openvpn/src/openvpn/options.h index 77c942ca..537b8314 100644 --- a/main/openvpn/src/openvpn/options.h +++ b/main/openvpn/src/openvpn/options.h @@ -591,6 +591,9 @@ struct options bool show_net_up; int route_method; #endif + + bool use_session_id; + uint32_t vpn_session_id; }; #define streq(x, y) (!strcmp((x), (y))) @@ -626,6 +629,7 @@ struct options #define OPT_P_SOCKBUF (1<<25) #define OPT_P_SOCKFLAGS (1<<26) #define OPT_P_CONNECTION (1<<27) +#define OPT_P_SESSION_ID (1<<28) #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE)) diff --git a/main/openvpn/src/openvpn/push.c b/main/openvpn/src/openvpn/push.c index 028d838e..af351763 100644 --- a/main/openvpn/src/openvpn/push.c +++ b/main/openvpn/src/openvpn/push.c @@ -303,9 +303,17 @@ send_push_reply (struct context *c) if (multi_push) buf_printf (&buf, ",push-continuation 1"); - /* Send session_id if client supports it */ - if (c->c2.tls_multi->peer_info && strstr(c->c2.tls_multi->peer_info, "IV_PROTO=2")) { - buf_printf(&buf, ",session_id %d", c->c2.tls_multi->vpn_session_id); + /* Send session-id if client supports it */ + if (c->c2.tls_multi->peer_info) + { + const char* proto_str = strstr(c->c2.tls_multi->peer_info, "IV_PROTO="); + if (proto_str) + { + int proto = 0; + int r = sscanf(proto_str, "IV_PROTO=%d", &proto); + if ((r == 1) && (proto >= 2)) + buf_printf(&buf, ",session-id %d", c->c2.tls_multi->vpn_session_id); + } } if (BLEN (&buf) > sizeof(cmd)-1) diff --git a/main/openvpn/src/openvpn/ssl.c b/main/openvpn/src/openvpn/ssl.c index 929f95fa..e1e0f31d 100644 --- a/main/openvpn/src/openvpn/ssl.c +++ b/main/openvpn/src/openvpn/ssl.c @@ -2826,7 +2826,10 @@ tls_pre_decrypt (struct tls_multi *multi, opt->flags &= multi->opt.crypto_flags_and; opt->flags |= multi->opt.crypto_flags_or; - ASSERT (buf_advance (buf, op == P_DATA_V1 ? 1 : 4)); + ASSERT (buf_advance (buf, 1)); + if (op == P_DATA_V2) { + buf_advance (buf, 3); + } ++ks->n_packets; ks->n_bytes += buf->len; @@ -3403,7 +3406,7 @@ tls_post_encrypt (struct tls_multi *multi, struct buffer *buf) if (!multi->opt.server && multi->use_session_id) { - sess = ((P_DATA_V2 << P_OPCODE_SHIFT) | ks->key_id) | (multi->vpn_session_id << 8); + sess = htonl(((P_DATA_V2 << P_OPCODE_SHIFT) | ks->key_id) << 24 | (multi->vpn_session_id & 0xFFFFFF)); ASSERT (buf_write_prepend (buf, &sess, 4)); } else diff --git a/main/openvpn/src/openvpn/ssl.h b/main/openvpn/src/openvpn/ssl.h index 9bdd641f..a53f4aef 100644 --- a/main/openvpn/src/openvpn/ssl.h +++ b/main/openvpn/src/openvpn/ssl.h @@ -60,7 +60,7 @@ #define P_CONTROL_V1 4 /* control channel packet (usually TLS ciphertext) */ #define P_ACK_V1 5 /* acknowledgement for packets received */ #define P_DATA_V1 6 /* data channel packet */ -#define P_DATA_V2 9 /* data channel packet with session_id */ +#define P_DATA_V2 9 /* data channel packet with session-id */ /* indicates key_method >= 2 */ #define P_CONTROL_HARD_RESET_CLIENT_V2 7 /* initial key from client, forget previous state */ diff --git a/main/openvpn/src/openvpn/ssl_common.h b/main/openvpn/src/openvpn/ssl_common.h index 2fc72aa6..3288adf3 100644 --- a/main/openvpn/src/openvpn/ssl_common.h +++ b/main/openvpn/src/openvpn/ssl_common.h @@ -497,7 +497,7 @@ struct tls_multi /* For P_DATA_V2 */ uint32_t vpn_session_id; - int use_session_id; + bool use_session_id; /* * Our session objects. |