From 516194ebfcbb4a12cb9b4f078d6a9cc528ab5a87 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sun, 15 Jun 2014 22:37:17 +0200 Subject: Update OpenVPN --- main/openvpn/config-version.h | 2 +- main/openvpn/src/openvpn/crypto.c | 2 +- main/openvpn/src/openvpn/multi.c | 13 +++++++++++-- 3 files changed, 13 insertions(+), 4 deletions(-) (limited to 'main/openvpn') diff --git a/main/openvpn/config-version.h b/main/openvpn/config-version.h index ac6ff482..9770e100 100644 --- a/main/openvpn/config-version.h +++ b/main/openvpn/config-version.h @@ -1,2 +1,2 @@ -#define CONFIGURE_GIT_REVISION "icsopenvpn_613-86da111e79f644a7" +#define CONFIGURE_GIT_REVISION "icsopenvpn_615-c430ab0e0cef9994" #define CONFIGURE_GIT_FLAGS "" diff --git a/main/openvpn/src/openvpn/crypto.c b/main/openvpn/src/openvpn/crypto.c index c4c356dc..d0dc069a 100644 --- a/main/openvpn/src/openvpn/crypto.c +++ b/main/openvpn/src/openvpn/crypto.c @@ -171,7 +171,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work, /* Flush the encryption buffer */ ASSERT(cipher_ctx_final(ctx->cipher, BPTR (&work) + outlen, &outlen)); work.len += outlen; - ASSERT (outlen == iv_size); + ASSERT (mode != OPENVPN_MODE_CBC || outlen == iv_size); /* prepend the IV to the ciphertext */ if (opt->flags & CO_USE_IV) diff --git a/main/openvpn/src/openvpn/multi.c b/main/openvpn/src/openvpn/multi.c index 16250dc2..9a2b0237 100644 --- a/main/openvpn/src/openvpn/multi.c +++ b/main/openvpn/src/openvpn/multi.c @@ -2159,8 +2159,17 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins /* make sure that source address is associated with this client */ else if (multi_get_instance_by_virtual_addr (m, &src, true) != m->pending) { - msg (D_MULTI_DROPPED, "MULTI: bad source address from client [%s], packet dropped", - mroute_addr_print (&src, &gc)); + /* IPv6 link-local address (fe80::xxx)? */ + if ( (src.type & MR_ADDR_MASK) == MR_ADDR_IPV6 && + src.addr[0] == 0xfe && src.addr[1] == 0x80 ) + { + /* do nothing, for now. TODO: add address learning */ + } + else + { + msg (D_MULTI_DROPPED, "MULTI: bad source address from client [%s], packet dropped", + mroute_addr_print (&src, &gc)); + } c->c2.to_tun.len = 0; } /* client-to-client communication enabled? */ -- cgit v1.2.3