2026-02-10 00:37:00 +08:00 · 2015-01-15 18:31:33 +01:00
parent 67f621976b
commit 048b25ba45
5 changed files with 24 additions and 3 deletions
							
							
								
							
							
						
@@ -139,6 +139,15 @@ server-key = ../tests/server-key.pem
# The revocation list of the certificates issued by the 'ca-cert' above.
#crl = /path/to/crl.pem
# Uncomment this to disable compression negotiation.
#disable-compression = true
# Set the minimum size under which a packet will not be compressed.
# That is to allow low-latency for VoIP packets. The default size
# is 64 bytes. Modify it if the clients typically use compression
# as well of VoIP with codecs that exceed the default value.
#no-compress-limit = 256
# GnuTLS priority string; note that SSL 3.0 is disabled by default
# as there are no openconnect (and possibly anyconnect clients) using
# that protocol. The default string below enforces perfect forward secrecy (PFS) 
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -65,6 +65,7 @@ static struct cfg_options available_options[] = {
	{ .name = "listen-host", .type = OPTION_STRING, .mandatory = 0 },
	{ .name = "listen-host-is-dyndns", .type = OPTION_BOOLEAN, .mandatory = 0 },
	{ .name = "disable-compression", .type = OPTION_BOOLEAN, .mandatory = 0 },
	{ .name = "no-compress-limit", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "tcp-port", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "udp-port", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "keepalive", .type = OPTION_NUMERIC, .mandatory = 0 },
							
								
							
							
								
							
							
						
@@ -572,6 +573,9 @@ unsigned force_cert_auth;
	}
	READ_TF("disable-compression", config->disable_compression, 0);
	READ_NUMERIC("no-compress-limit", config->no_compress_limit);
	if (config->no_compress_limit < MIN_NO_COMPRESS_LIMIT)
		config->no_compress_limit = MIN_NO_COMPRESS_LIMIT;
	READ_TF("use-seccomp", config->isolate, 0);
	if (config->isolate) {
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -229,6 +229,12 @@ server-key = /path/to/key.pem
# Uncomment this to disable compression negotiation.
#disable-compression = true
# Set the minimum size under which a packet will not be compressed.
# That is to allow low-latency for VoIP packets. The default size
# is 64 bytes. Modify it if the clients typically use compression
# as well of VoIP with codecs that exceed the default value.
#no-compress-limit = 256
# GnuTLS priority string; note that SSL 3.0 is disabled by default
# as there are no openconnect (and possibly anyconnect clients) using
# that protocol. The string below does not enforce perfect forward
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -56,6 +56,8 @@ typedef enum {
	OC_COMP_LZS,
} comp_type_t;
#define MIN_NO_COMPRESS_LIMIT 64
#define DEBUG_BASIC 1
#define DEBUG_HTTP  2
#define DEBUG_TRANSFERRED 5
							
								
							
							
								
							
							
						
@@ -219,6 +221,7 @@ struct cfg_st {
	gnutls_certificate_request_t cert_req;
	char *priorities;
	unsigned disable_compression;
	unsigned no_compress_limit;	/* under this size (in bytes) of data there will be no compression */
	char *chroot_dir;	/* where the xml files are served from */
	char *banner;
	char *ocsp_response; /* file with the OCSP response */
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -65,7 +65,6 @@
/* The number of DPD packets a client skips before he's kicked */
#define DPD_TRIES 2
#define DPD_MAX_TRIES 3
#define MIN_COMPRESSED_SIZE 40
/* HTTP requests prior to disconnection */
#define MAX_HTTP_REQUESTS 16
							
								
							
							
								
							
							
						
@@ -1232,7 +1231,7 @@ static int tun_mainloop(struct worker_st *ws, struct timespec *tnow)
	cstp_to_send.data = ws->buffer;
	cstp_to_send.size = l;
	if (ws->udp_state == UP_ACTIVE && ws->dtls_selected_comp != NULL && l > MIN_COMPRESSED_SIZE) {
	if (ws->udp_state == UP_ACTIVE && ws->dtls_selected_comp != NULL && l > ws->config->no_compress_limit) {
		/* otherwise don't compress */
		ret = ws->dtls_selected_comp->compress(ws->decomp+8, sizeof(ws->decomp)-8, ws->buffer, l);
		if (ret > 0 && ret < l) {
							
							
							
								
							
						
@@ -1248,7 +1247,7 @@ static int tun_mainloop(struct worker_st *ws, struct timespec *tnow)
				}
			}
		}
	} else if (ws->cstp_selected_comp != NULL && l > MIN_COMPRESSED_SIZE) {
	} else if (ws->cstp_selected_comp != NULL && l > ws->config->no_compress_limit) {
		/* otherwise don't compress */
		ret = ws->cstp_selected_comp->compress(ws->decomp+8, sizeof(ws->decomp)-8, ws->buffer, l);
		if (ret > 0 && ret < l) {