From d02c5af48106c89d510a11b4b1b4ba3d47f502c1 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 25 Dec 2012 16:04:16 +0100 Subject: OpenVPN fixes --- openvpn/config.h | 2 +- openvpn/src/openvpn/init.c | 33 +++++++++++++++++++-------------- openvpn/src/openvpn/openvpn.h | 1 + openvpn/src/openvpn/options.h | 1 - openvpn/src/openvpn/push.c | 8 ++++++-- 5 files changed, 27 insertions(+), 18 deletions(-) diff --git a/openvpn/config.h b/openvpn/config.h index be6733fb..0d86c1d9 100644 --- a/openvpn/config.h +++ b/openvpn/config.h @@ -450,7 +450,7 @@ #define PACKAGE_NAME "OpenVPN" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "OpenVPN 2.3_rc1+dspatch2" +#define PACKAGE_STRING "OpenVPN 2.3_rc1+dspatch3" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "openvpn" diff --git a/openvpn/src/openvpn/init.c b/openvpn/src/openvpn/init.c index e2942c00..b3125282 100644 --- a/openvpn/src/openvpn/init.c +++ b/openvpn/src/openvpn/init.c @@ -341,24 +341,29 @@ next_connection_entry (struct context *c) } else { + /* FIXME (schwabe) fix the persist-remote-ip option for real, + * this is broken probably ever since connection lists and multiple + * remote existed + */ + + if (!c->options.persist_remote_ip) + clear_remote_addrlist (&c->c1.link_socket_addr); + else + c->c1.link_socket_addr.current_remote = + c->c1.link_socket_addr.remote_list; + + /* + * Increase the number of connection attempts + * If this is connect-retry-max * size(l) + * OpenVPN will quit + */ + c->options.unsuccessful_attempts++; + if (++l->current >= l->len) { - /* FIXME (schwabe) fix the persist-remote-ip option for real, - * this is broken probably ever since connection lists and multiple - * remote existed - */ - /* - * Increase the number of connection attempts - * If this is connect-retry-max * size(l) - * OpenVPN will quit - */ - - if (!c->options.persist_remote_ip) - clear_remote_addrlist (&c->c1.link_socket_addr); - + l->current = 0; - ++l->n_cycles; if (++n_cycles >= 2) msg (M_FATAL, "No usable connection profiles are present"); } diff --git a/openvpn/src/openvpn/openvpn.h b/openvpn/src/openvpn/openvpn.h index 7abfb087..bdfa6852 100644 --- a/openvpn/src/openvpn/openvpn.h +++ b/openvpn/src/openvpn/openvpn.h @@ -474,6 +474,7 @@ struct context_2 bool did_pre_pull_restore; /* hash of pulled options, so we can compare when options change */ + bool pulled_options_md5_init_done; struct md5_state pulled_options_state; struct md5_digest pulled_options_digest; diff --git a/openvpn/src/openvpn/options.h b/openvpn/src/openvpn/options.h index 91387845..909cb38a 100644 --- a/openvpn/src/openvpn/options.h +++ b/openvpn/src/openvpn/options.h @@ -153,7 +153,6 @@ struct connection_list { int len; int current; - int n_cycles; struct connection_entry *array[CONNECTION_LIST_SIZE]; }; diff --git a/openvpn/src/openvpn/push.c b/openvpn/src/openvpn/push.c index 148d7ebe..994b7ba7 100644 --- a/openvpn/src/openvpn/push.c +++ b/openvpn/src/openvpn/push.c @@ -446,10 +446,14 @@ process_incoming_push_msg (struct context *c, if (ch == ',') { struct buffer buf_orig = buf; + if (!c->c2.pulled_options_md5_init_done) + { + md5_state_init (&c->c2.pulled_options_state); + c->c2.pulled_options_md5_init_done = true; + } if (!c->c2.did_pre_pull_restore) { pre_pull_restore (&c->options); - md5_state_init (&c->c2.pulled_options_state); c->c2.did_pre_pull_restore = true; } if (apply_push_options (&c->options, @@ -463,8 +467,8 @@ process_incoming_push_msg (struct context *c, case 1: md5_state_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig)); md5_state_final (&c->c2.pulled_options_state, &c->c2.pulled_options_digest); + c->c2.pulled_options_md5_init_done = false; ret = PUSH_MSG_REPLY; - md5_state_init (&c->c2.pulled_options_state); break; case 2: md5_state_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig)); -- cgit v1.2.3