diff options
Diffstat (limited to 'src/Cedar/Interop_OpenVPN.c')
| -rw-r--r-- | src/Cedar/Interop_OpenVPN.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/src/Cedar/Interop_OpenVPN.c b/src/Cedar/Interop_OpenVPN.c index dbb203e9..a2eaa8ad 100644 --- a/src/Cedar/Interop_OpenVPN.c +++ b/src/Cedar/Interop_OpenVPN.c @@ -482,7 +482,7 @@ void OvsProcessRecvControlPacket(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN case OPENVPN_P_CONTROL_HARD_RESET_CLIENT_V2:
// New connection (hard reset)
- OvsSendControlPacket(c, OPENVPN_P_CONTROL_HARD_RESET_SERVER_V2, NULL, 0);
+ OvsSendControlPacketEx(c, OPENVPN_P_CONTROL_HARD_RESET_SERVER_V2, NULL, 0, true);
c->Status = OPENVPN_CHANNEL_STATUS_TLS_WAIT_CLIENT_KEY;
break;
@@ -1268,6 +1268,10 @@ void OvsSendControlPacketWithAutoSplit(OPENVPN_CHANNEL *c, UCHAR opcode, UCHAR * // Send the control packet
void OvsSendControlPacket(OPENVPN_CHANNEL *c, UCHAR opcode, UCHAR *data, UINT data_size)
{
+ OvsSendControlPacketEx(c, opcode, data, data_size, false);
+}
+void OvsSendControlPacketEx(OPENVPN_CHANNEL *c, UCHAR opcode, UCHAR *data, UINT data_size, bool no_resend)
+{
OPENVPN_CONTROL_PACKET *p;
// Validate arguments
if (c == NULL || (data_size != 0 && data == NULL))
@@ -1277,6 +1281,8 @@ void OvsSendControlPacket(OPENVPN_CHANNEL *c, UCHAR opcode, UCHAR *data, UINT da p = ZeroMalloc(sizeof(OPENVPN_CONTROL_PACKET));
+ p->NoResend = no_resend;
+
p->OpCode = opcode;
p->PacketId = c->NextSendPacketId++;
@@ -2258,20 +2264,25 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol) if (cp->NextSendTime <= s->Now)
{
- OPENVPN_PACKET *p;
+ if (cp->NoResend == false || cp->NumSent == 0) // To address the UDP reflection amplification attack: https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1001
+ {
+ OPENVPN_PACKET *p;
+
+ cp->NumSent++;
- num = OvsGetAckReplyList(c, acks);
+ num = OvsGetAckReplyList(c, acks);
- p = OvsNewControlPacket(cp->OpCode, j, se->ServerSessionId, num, acks,
- se->ClientSessionId, cp->PacketId, cp->DataSize, cp->Data);
+ p = OvsNewControlPacket(cp->OpCode, j, se->ServerSessionId, num, acks,
+ se->ClientSessionId, cp->PacketId, cp->DataSize, cp->Data);
- OvsSendPacketNow(s, se, p);
+ OvsSendPacketNow(s, se, p);
- OvsFreePacket(p);
+ OvsFreePacket(p);
- cp->NextSendTime = s->Now + (UINT64)OPENVPN_CONTROL_PACKET_RESEND_INTERVAL;
+ cp->NextSendTime = s->Now + (UINT64)OPENVPN_CONTROL_PACKET_RESEND_INTERVAL;
- AddInterrupt(s->Interrupt, cp->NextSendTime);
+ AddInterrupt(s->Interrupt, cp->NextSendTime);
+ }
}
}
|