Skip to content

Commit

Permalink
Fix Softether using 4 instead of 8 for max allowed ACKs
Browse files Browse the repository at this point in the history 
OpenVPN always allowed 8 ACKs in P_ACK_V1 packets but only used
up to 4 in other control packets. Since Softether drops all packets with
more than 4 ACKs it also drops legimate P_ACK_V1.

See also this issue: schwabe/ics-openvpn#1486
  • Loading branch information
@schwabe @JackieKu
schwabe authored and JackieKu committed Jun 13, 2022
1 parent e9f610f commit 2c66938
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
6 changes: 5 additions & 1 deletion src/Cedar/Proto_OpenVPN.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1851,6 +1851,10 @@ BUF *OvsBuildPacket(OPENVPN_PACKET *p)

// NumAck
num_ack = MIN(p->NumAck, OPENVPN_MAX_NUMACK);
if (p->OpCode != OPENVPN_P_ACK_V1)
{
num_ack = MIN(num_ack, OPENVPN_MAX_NUMACK_NONACK);
}
WriteBufChar(b, (UCHAR)num_ack);

if (p->NumAck >= 1)
Expand Down Expand Up @@ -1931,7 +1935,7 @@ OPENVPN_PACKET *OvsParsePacket(UCHAR *data, UINT size)

ret->NumAck = uc;

if (ret->NumAck > 4)
if (ret->NumAck > OPENVPN_MAX_NUMACK)
{
goto LABEL_ERROR;
}
Expand Down
3 changes: 2 additions & 1 deletion src/Cedar/Proto_OpenVPN.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
#define OPENVPN_UDP_PORT 1194 // OpenVPN default UDP port number
#define OPENVPN_UDP_PORT_INCLUDE 1195 // OpenVPN default UDP port number (Operating within the client)

#define OPENVPN_MAX_NUMACK 4 // The maximum number of ACKs
#define OPENVPN_MAX_NUMACK 8 // The maximum number of ACKs
#define OPENVPN_MAX_NUMACK_NONACK 4 // The maximum number of ACKs in != P_ACK_V1
#define OPENVPN_NUM_CHANNELS 8 // Maximum number of channels during a session
#define OPENVPN_CONTROL_PACKET_RESEND_INTERVAL 500 // Control packet retransmission interval
#define OPENVPN_CONTROL_PACKET_MAX_DATASIZE 1200 // Maximum data size that can be stored in one control packet
Expand Down

0 comments on commit 2c66938

Please sign in to comment.