GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

keep track of client entries in sec-mod and report them in status msg

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-04-26 17:04:22 +02:00
parent ea7b975840
commit 02aa9c691e
8 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/ctl.proto
View File

@@ -8,6 +8,7 @@ message status_rep
required uint32 start_time = 5; required uint32 start_time = 5;
required uint32 stored_tls_sessions = 7; required uint32 stored_tls_sessions = 7;
required uint32 banned_ips = 8; required uint32 banned_ips = 8;
required uint32 secmod_client_entries = 9;
} }
message bool_msg message bool_msg

1
src/ipc.proto
View File

@@ -121,6 +121,7 @@ message cli_stats_msg
optional string ipv4 = 6; optional string ipv4 = 6;
optional string ipv6 = 7; optional string ipv6 = 7;
optional bool invalidate_cookie = 8; optional bool invalidate_cookie = 8;
optional uint32 secmod_client_entries = 9; /* from sec-mod to main only */
} }
/* UDP_FD */ /* UDP_FD */

7
src/main-ctl-dbus.c
View File

@@ -157,6 +157,7 @@ typedef struct {
" <arg name=\"pid\" direction=\"out\" type=\"u\"/>\n" \ " <arg name=\"pid\" direction=\"out\" type=\"u\"/>\n" \
" <arg name=\"sec-mod-pid\" direction=\"out\" type=\"u\"/>\n" \ " <arg name=\"sec-mod-pid\" direction=\"out\" type=\"u\"/>\n" \
" <arg name=\"clients\" direction=\"out\" type=\"u\"/>\n" \ " <arg name=\"clients\" direction=\"out\" type=\"u\"/>\n" \
" <arg name=\"secmod-client-entries\" direction=\"out\" type=\"u\"/>\n" \
" <arg name=\"tls-sessions\" direction=\"out\" type=\"u\"/>\n" \ " <arg name=\"tls-sessions\" direction=\"out\" type=\"u\"/>\n" \
" <arg name=\"banned-ips\" direction=\"out\" type=\"u\"/>\n" \ " <arg name=\"banned-ips\" direction=\"out\" type=\"u\"/>\n" \
" </method>\n" " </method>\n"
@@ -306,6 +307,12 @@ static void method_status(main_server_st * s, struct dbus_ctx *ctx,
goto error; goto error;
} }
tmp = s->secmod_client_entries;
if (dbus_message_iter_append_basic(&args, DBUS_TYPE_UINT32, &tmp) == 0) {
mslog(s, NULL, LOG_ERR, "error appending to dbus reply");
goto error;
}
tmp = s->tls_db.entries; tmp = s->tls_db.entries;
if (dbus_message_iter_append_basic(&args, DBUS_TYPE_UINT32, &tmp) == 0) { if (dbus_message_iter_append_basic(&args, DBUS_TYPE_UINT32, &tmp) == 0) {
mslog(s, NULL, LOG_ERR, "error appending to dbus reply"); mslog(s, NULL, LOG_ERR, "error appending to dbus reply");

1
src/main-ctl-unix.c
View File

@@ -168,6 +168,7 @@ static void method_status(method_ctx *ctx, int cfd, uint8_t * msg,
rep.start_time = ctx->s->start_time; rep.start_time = ctx->s->start_time;
rep.sec_mod_pid = ctx->s->sec_mod_pid; rep.sec_mod_pid = ctx->s->sec_mod_pid;
rep.active_clients = ctx->s->active_clients; rep.active_clients = ctx->s->active_clients;
rep.secmod_client_entries = ctx->s->secmod_client_entries;
rep.stored_tls_sessions = ctx->s->tls_db.entries; rep.stored_tls_sessions = ctx->s->tls_db.entries;
rep.banned_ips = main_ban_db_elems(ctx->s); rep.banned_ips = main_ban_db_elems(ctx->s);

2
src/main-sec-mod-cmd.c
View File

@@ -338,6 +338,8 @@ int session_close(main_server_st * s, struct proc_st *proc)
proc->bytes_in = msg->bytes_in; proc->bytes_in = msg->bytes_in;
proc->bytes_out = msg->bytes_out; proc->bytes_out = msg->bytes_out;
if (msg->has_secmod_client_entries)
s->secmod_client_entries = msg->secmod_client_entries;
cli_stats_msg__free_unpacked(msg, &pa); cli_stats_msg__free_unpacked(msg, &pa);

3
src/main.h
View File

@@ -191,6 +191,9 @@ typedef struct main_server_st {
unsigned secmod_addr_len; unsigned secmod_addr_len;
unsigned active_clients; unsigned active_clients;
/* updated on the cli_stats_msg from sec-mod.
* Holds the number of entries in secmod list of users */
unsigned secmod_client_entries;
time_t start_time; time_t start_time;
void * auth_extra; void * auth_extra;

13
src/occtl-unix.c
View File

@@ -241,12 +241,13 @@ int handle_status_cmd(struct unix_ctx *ctx, const char *arg)
print_time_ival7(time(0), t, stdout); print_time_ival7(time(0), t, stdout);
fputs(")\n", stdout); fputs(")\n", stdout);
printf(" Clients: %u\n", (unsigned)rep->active_clients); printf(" Clients: %u\n", (unsigned)rep->active_clients);
printf(" IPs in ban list: %u\n", (unsigned)rep->banned_ips); printf("Sec-mod client entries: %u\n", (unsigned)rep->secmod_client_entries);
printf(" TLS DB entries: %u\n", (unsigned)rep->stored_tls_sessions); printf(" IPs in ban list: %u\n", (unsigned)rep->banned_ips);
printf(" TLS DB entries: %u\n", (unsigned)rep->stored_tls_sessions);
printf("\n"); printf("\n");
printf(" Server PID: %u\n", (unsigned)rep->pid); printf(" Server PID: %u\n", (unsigned)rep->pid);
printf(" Sec-mod PID: %u\n", (unsigned)rep->sec_mod_pid); printf(" Sec-mod PID: %u\n", (unsigned)rep->sec_mod_pid);
status_rep__free_unpacked(rep, &pa); status_rep__free_unpacked(rep, &pa);
@@ -255,7 +256,7 @@ int handle_status_cmd(struct unix_ctx *ctx, const char *arg)
error_status: error_status:
printf("OpenConnect SSL VPN server\n"); printf("OpenConnect SSL VPN server\n");
printf(" Status: offline\n"); printf(" Status: offline\n");
ret = 1; ret = 1;
cleanup: cleanup:

2
src/sec-mod-auth.c
View File

@@ -522,6 +522,8 @@ int handle_sec_auth_session_close(int cfd, sec_mod_st *sec, const SecAuthSession
/* send reply */ /* send reply */
rep.bytes_in = e->stats.bytes_in; rep.bytes_in = e->stats.bytes_in;
rep.bytes_out = e->stats.bytes_out; rep.bytes_out = e->stats.bytes_out;
rep.has_secmod_client_entries = 1;
rep.secmod_client_entries = sec_mod_client_db_elems(sec);
ret = send_msg(e, cfd, SM_CMD_AUTH_CLI_STATS, &rep, ret = send_msg(e, cfd, SM_CMD_AUTH_CLI_STATS, &rep,
(pack_size_func) cli_stats_msg__get_packed_size, (pack_size_func) cli_stats_msg__get_packed_size,