mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-12-24 17:19:52 +03:00
Merge pull request #1994 from hiura2023/master
Fix Virtual DHCP Server: Correct IP reassignment
This commit is contained in:
commit
bfaff4fdb0
@ -9349,62 +9349,35 @@ UINT ServeDhcpDiscoverEx(VH *v, UCHAR *mac, UINT request_ip, bool is_static_ip)
|
||||
// check whether it is a request from the same MAC address
|
||||
if (Cmp(mac, d->MacAddress, 6) == 0)
|
||||
{
|
||||
// Examine whether the specified IP address is within the range of assignment
|
||||
// Examine whether the specified IP address is within the range of static assignment
|
||||
if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
|
||||
Endian32(request_ip) > Endian32(v->DhcpIpEnd))
|
||||
{
|
||||
// Accept if within the range
|
||||
// Accept if within the range of static assignment
|
||||
ret = request_ip;
|
||||
}
|
||||
}
|
||||
else {
|
||||
// Duplicated IPV4 address found. The DHCP server replies to DHCPREQUEST with DHCP NAK.
|
||||
// Duplicated IPV4 address found. The specified IP address is not available for use
|
||||
char ipstr[MAX_HOST_NAME_LEN + 1] = { 0 };
|
||||
char macstr[128] = { 0 };
|
||||
IPToStr32(ipstr, sizeof(ipstr), request_ip);
|
||||
BinToStr(macstr, sizeof(macstr), d->MacAddress, 6);
|
||||
Debug("Virtual DHC Server: Duplicated IP address detected. Static IP: %s, Used by MAC:%s\n", ipstr, macstr);
|
||||
return ret;
|
||||
MacToStr(macstr, sizeof(macstr), d->MacAddress);
|
||||
Debug("Virtual DHC Server: Duplicated IP address detected. Static IP: %s, with the MAC: %s\n", ipstr, macstr);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Examine whether the specified IP address is within the range of assignment
|
||||
// Examine whether the specified IP address is within the range of static assignment
|
||||
if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
|
||||
Endian32(request_ip) > Endian32(v->DhcpIpEnd))
|
||||
{
|
||||
// Accept if within the range
|
||||
// Accept if within the range of static assignment
|
||||
ret = request_ip;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Propose an IP in the range since it's a Discover although It is out of range
|
||||
}
|
||||
}
|
||||
if (ret == 0)
|
||||
{
|
||||
// If there is any entry with the same MAC address
|
||||
// that are already registered, use it with priority
|
||||
DHCP_LEASE *d = SearchDhcpLeaseByMac(v, mac);
|
||||
|
||||
if (d != NULL)
|
||||
{
|
||||
// Examine whether the found IP address is in the allocation region
|
||||
if (Endian32(v->DhcpIpStart) > Endian32(d->IpAddress) ||
|
||||
Endian32(d->IpAddress) > Endian32(v->DhcpIpEnd))
|
||||
{
|
||||
// Use the IP address if it's found within the range
|
||||
ret = d->IpAddress;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ret == 0)
|
||||
{
|
||||
// For static IP, the requested IP address must NOT be within the range of the DHCP pool
|
||||
if (Endian32(v->DhcpIpStart) > Endian32(request_ip) ||
|
||||
Endian32(request_ip) > Endian32(v->DhcpIpEnd))
|
||||
{
|
||||
ret = request_ip;
|
||||
// The specified IP address is not available for use
|
||||
}
|
||||
}
|
||||
|
||||
@ -9595,6 +9568,11 @@ void VirtualDhcpServer(VH *v, PKT *p)
|
||||
{
|
||||
ip = ServeDhcpRequestEx(v, p->MacAddressSrc, opt->RequestedIp, ip_static);
|
||||
}
|
||||
// If the IP address in user's note is changed, then reply to DHCP_REQUEST with DHCP_NAK
|
||||
if (p->L3.IPv4Header->SrcIP && ip != p->L3.IPv4Header->SrcIP)
|
||||
{
|
||||
ip = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (ip != 0 || opt->Opcode == DHCP_INFORM)
|
||||
@ -9607,6 +9585,14 @@ void VirtualDhcpServer(VH *v, PKT *p)
|
||||
char client_mac[MAX_SIZE];
|
||||
char client_ip[MAX_SIZE];
|
||||
|
||||
// If there is any entry with the same MAC address, then remove it
|
||||
d = SearchDhcpLeaseByMac(v, p->MacAddressSrc);
|
||||
if (d != NULL)
|
||||
{
|
||||
FreeDhcpLease(d);
|
||||
Delete(v->DhcpLeaseList, d);
|
||||
}
|
||||
|
||||
// Remove old records with the same IP address
|
||||
d = SearchDhcpLeaseByIp(v, ip);
|
||||
if (d != NULL)
|
||||
@ -9765,7 +9751,7 @@ void VirtualDhcpServer(VH *v, PKT *p)
|
||||
}
|
||||
else
|
||||
{
|
||||
// Reply of DHCP_REQUEST must be either DHCP_ACK or DHCP_NAK.
|
||||
// Reply of DHCP_REQUEST must be either DHCP_ACK or DHCP_NAK
|
||||
if (opt->Opcode == DHCP_REQUEST)
|
||||
{
|
||||
// There is no IP address that can be provided
|
||||
|
@ -12288,6 +12288,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
ret = SSL_peek(ssl, &c, sizeof(c));
|
||||
}
|
||||
Unlock(sock->ssl_lock);
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
|
||||
// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
|
||||
// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
|
||||
// > You should instead call SSL_get_error() to find out if it's retryable.
|
||||
if (ret == 0)
|
||||
{
|
||||
// The communication have been disconnected
|
||||
@ -12295,7 +12300,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
if (ret < 0)
|
||||
#endif
|
||||
if (ret <= 0)
|
||||
{
|
||||
// An error has occurred
|
||||
e = SSL_get_error(ssl, ret);
|
||||
@ -12303,14 +12309,16 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
{
|
||||
if (e == SSL_ERROR_SSL
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
&&
|
||||
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
|
||||
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
|
||||
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
|
||||
&&
|
||||
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
|
||||
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
|
||||
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
|
||||
#endif
|
||||
)
|
||||
)
|
||||
{
|
||||
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
|
||||
UINT ssl_err_no = ERR_get_error();
|
||||
|
||||
Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
|
||||
Disconnect(sock);
|
||||
return 0;
|
||||
}
|
||||
@ -12337,14 +12345,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
}
|
||||
#endif // OS_UNIX
|
||||
|
||||
// Run the time-out thread for SOLARIS
|
||||
// Run the time-out thread for SOLARIS
|
||||
#ifdef UNIX_SOLARIS
|
||||
ttparam = NewSocketTimeout(sock);
|
||||
#endif // UNIX_SOLARIS
|
||||
|
||||
ret = SSL_read(ssl, data, size);
|
||||
|
||||
// Stop the timeout thread
|
||||
// Stop the timeout thread
|
||||
#ifdef UNIX_SOLARIS
|
||||
FreeSocketTimeout(ttparam);
|
||||
#endif // UNIX_SOLARIS
|
||||
@ -12357,7 +12365,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
}
|
||||
#endif // OS_UNIX
|
||||
|
||||
if (ret < 0)
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (ret < 0) // OpenSSL version < 3.0.0
|
||||
#else
|
||||
if (ret <= 0) // OpenSSL version >= 3.0.0
|
||||
#endif
|
||||
{
|
||||
e = SSL_get_error(ssl, ret);
|
||||
}
|
||||
@ -12380,6 +12392,12 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
|
||||
return (UINT)ret;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
|
||||
// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
|
||||
// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
|
||||
// > You should instead call SSL_get_error() to find out if it's retryable.
|
||||
if (ret == 0)
|
||||
{
|
||||
// Disconnect the communication
|
||||
@ -12387,20 +12405,24 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
|
||||
//Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (sock->AsyncMode)
|
||||
{
|
||||
if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
|
||||
{
|
||||
if (e == SSL_ERROR_SSL
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
&&
|
||||
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
|
||||
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
|
||||
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
|
||||
&&
|
||||
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
|
||||
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
|
||||
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
|
||||
#endif
|
||||
)
|
||||
)
|
||||
{
|
||||
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
|
||||
UINT ssl_err_no = ERR_get_error();
|
||||
|
||||
Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
|
||||
Disconnect(sock);
|
||||
return 0;
|
||||
}
|
||||
@ -12438,7 +12460,11 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
|
||||
}
|
||||
|
||||
ret = SSL_write(ssl, data, size);
|
||||
if (ret < 0)
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (ret < 0) // OpenSSL version < 3.0.0
|
||||
#else
|
||||
if (ret <= 0) // OpenSSL version >= 3.0.0
|
||||
#endif
|
||||
{
|
||||
e = SSL_get_error(ssl, ret);
|
||||
}
|
||||
@ -12460,6 +12486,8 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
|
||||
sock->WriteBlocked = false;
|
||||
return (UINT)ret;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (ret == 0)
|
||||
{
|
||||
// Disconnect
|
||||
@ -12467,6 +12495,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
|
||||
Disconnect(sock);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (sock->AsyncMode)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user