Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added new packet format P_DATA_V2, which includes peer-id. If server supports, client sends all data packets in the new format. When data packet arrives, server identifies peer by peer-id. If peer's ip/port has changed, server assumes that client has floated, verifies HMAC and updates ip/port in internal structs. Changes in v7: A few nitpicks. Changes in v6: Fixed: Make sure float won't happen if hmac check failed (regression). Fixed: Access outside of bounds of array, which has caused memory corruption and crash. Various review fixes. Changes in v5: Protection agains replay attack by commiting float changes only after existing packet processing flow has completed. If peer floats to an address which is already taken by another active session, drop float packet, otherwise disconnect existing session. Changes in v4: Handles correctly float to an address which is used by another peer. This also has fixed crash on assert in multi_client_disconnect. Changes in v3: Bugfix: If float happens after TLS renegotiation and there are no data packets between reneg and float, server will not recognize floated client. Acked-by: Steffan Karger <steffan.karger@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1416755831-21250-1-git-send-email-lstipakov@gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/9270 Signed-off-by: Gert Doering <gert@greenie.muc.de>
- Loading branch information
Showing
13 changed files
with
331 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.