diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2012-11-05 16:28:10 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2012-11-05 16:28:10 +0100 |
commit | d213c4e5576e2fd601679e0d7b2fb1262b807111 (patch) | |
tree | 5f0cc82bd0f11fb13b385417604d04c751245a92 /src/openvpn/proto.c | |
parent | 79c8d3ef7a938f86472e549ef64e1fb820dc80c4 (diff) | |
parent | 8dd0350e1607aa30f7a043c8d5ec7a7eeb874115 (diff) |
Merge tag 'upstream/2.3_rc1'
Upstream version 2.3_rc1
Diffstat (limited to 'src/openvpn/proto.c')
-rw-r--r-- | src/openvpn/proto.c | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/src/openvpn/proto.c b/src/openvpn/proto.c new file mode 100644 index 0000000..2cf8314 --- /dev/null +++ b/src/openvpn/proto.c @@ -0,0 +1,128 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" + +#include "proto.h" +#include "error.h" + +#include "memdbg.h" + +/* + * If raw tunnel packet is IPv4, return true and increment + * buffer offset to start of IP header. + */ +bool +is_ipv4 (int tunnel_type, struct buffer *buf) +{ + int offset; + const struct openvpn_iphdr *ih; + + verify_align_4 (buf); + if (tunnel_type == DEV_TYPE_TUN) + { + if (BLEN (buf) < (int) sizeof (struct openvpn_iphdr)) + return false; + offset = 0; + } + else if (tunnel_type == DEV_TYPE_TAP) + { + const struct openvpn_ethhdr *eh; + if (BLEN (buf) < (int)(sizeof (struct openvpn_ethhdr) + + sizeof (struct openvpn_iphdr))) + return false; + eh = (const struct openvpn_ethhdr *) BPTR (buf); + if (ntohs (eh->proto) != OPENVPN_ETH_P_IPV4) + return false; + offset = sizeof (struct openvpn_ethhdr); + } + else + return false; + + ih = (const struct openvpn_iphdr *) (BPTR (buf) + offset); + + if (OPENVPN_IPH_GET_VER (ih->version_len) == 4) + return buf_advance (buf, offset); + else + return false; +} + +#ifdef PACKET_TRUNCATION_CHECK + +void +ipv4_packet_size_verify (const uint8_t *data, + const int size, + const int tunnel_type, + const char *prefix, + counter_type *errors) +{ + if (size > 0) + { + struct buffer buf; + + buf_set_read (&buf, data, size); + + if (is_ipv4 (tunnel_type, &buf)) + { + const struct openvpn_iphdr *pip; + int hlen; + int totlen; + const char *msgstr = "PACKET SIZE INFO"; + unsigned int msglevel = D_PACKET_TRUNC_DEBUG; + + if (BLEN (&buf) < (int) sizeof (struct openvpn_iphdr)) + return; + + verify_align_4 (&buf); + pip = (struct openvpn_iphdr *) BPTR (&buf); + + hlen = OPENVPN_IPH_GET_LEN (pip->version_len); + totlen = ntohs (pip->tot_len); + + if (BLEN (&buf) != totlen) + { + msgstr = "PACKET TRUNCATION ERROR"; + msglevel = D_PACKET_TRUNC_ERR; + if (errors) + ++(*errors); + } + + msg (msglevel, "%s %s: size=%d totlen=%d hlen=%d errcount=" counter_format, + msgstr, + prefix, + BLEN (&buf), + totlen, + hlen, + errors ? *errors : (counter_type)0); + } + } +} + +#endif |