2026-02-10 00:37:00 +08:00 · 2013-02-08 21:51:58 +01:00
parent 6ac7986342
commit 5f4b8711ef
8 changed files with 49 additions and 21 deletions
						
						
							
						
						
						
@@ -127,6 +127,7 @@ unsigned j;
	READ_NUMERIC("tcp-port", config->port, 1);
	READ_NUMERIC("tcp-port", config->port, 1);
	READ_NUMERIC("udp-port", config->udp_port, 0);
	READ_NUMERIC("udp-port", config->udp_port, 0);
	READ_NUMERIC("keepalive", config->keepalive, 0);
	READ_NUMERIC("keepalive", config->keepalive, 0);
	READ_NUMERIC("dpd", config->dpd, 0);
	READ_STRING("server-cert", config->cert, 1);
	READ_STRING("server-cert", config->cert, 1);
	READ_STRING("server-key", config->key, 1);
	READ_STRING("server-key", config->key, 1);
						
							
						
						
							
						
						
						
@@ -201,7 +202,10 @@ static void check_cfg( struct cfg_st *config)
	}
	}
	
	
	if (config->keepalive == 0)
	if (config->keepalive == 0)
		config->keepalive = 30;
		config->keepalive = 3600;
	if (config->dpd == 0)
		config->keepalive = 60;
	if (config->udp_port == 0)
	if (config->udp_port == 0)
		config->udp_port = config->port;
		config->udp_port = config->port;
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -414,7 +414,10 @@ int connected = 0;
		goto fail;
		goto fail;
	/* check version */
	/* check version */
	if (buffer[1] != 254 && (buffer[1] != 1 && buffer[2] != 0)) {
	mslog(s, NULL, LOG_DEBUG, "DTLS record version: %u.%u", (unsigned int)buffer[1], (unsigned int)buffer[2]);
	mslog(s, NULL, LOG_DEBUG, "DTLS hello version: %u.%u", (unsigned int)buffer[RECORD_PAYLOAD_POS], (unsigned int)buffer[RECORD_PAYLOAD_POS+1]);
	if (buffer[1] != 254 && (buffer[1] != 1 && buffer[2] != 0) &&
		buffer[RECORD_PAYLOAD_POS] != 254 && (buffer[RECORD_PAYLOAD_POS] != 0 && buffer[RECORD_PAYLOAD_POS+1] != 0)) {
		mslog(s, NULL, LOG_INFO, "Unknown DTLS version: %u.%u", (unsigned)buffer[1], (unsigned)buffer[2]);
		mslog(s, NULL, LOG_INFO, "Unknown DTLS version: %u.%u", (unsigned)buffer[1], (unsigned)buffer[2]);
		goto fail;
		goto fail;
	}
	}
						
						
						
							
						
						
@@ -422,8 +425,6 @@ int connected = 0;
		mslog(s, NULL, LOG_INFO, "Unexpected DTLS content type: %u", (unsigned int)buffer[0]);
		mslog(s, NULL, LOG_INFO, "Unexpected DTLS content type: %u", (unsigned int)buffer[0]);
		goto fail;
		goto fail;
	}
	}
	mslog(s, NULL, LOG_DEBUG, "DTLS record version: %u.%u", (unsigned int)buffer[1], (unsigned int)buffer[2]);
	mslog(s, NULL, LOG_DEBUG, "DTLS hello version: %u.%u", (unsigned int)buffer[RECORD_PAYLOAD_POS], (unsigned int)buffer[RECORD_PAYLOAD_POS+1]);
	/* read session_id */
	/* read session_id */
	session_id_size = buffer[RECORD_PAYLOAD_POS+HANDSHAKE_SESSION_ID_POS];
	session_id_size = buffer[RECORD_PAYLOAD_POS+HANDSHAKE_SESSION_ID_POS];
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -2,7 +2,7 @@
 *  
 *  
 *  DO NOT EDIT THIS FILE   (ocserv-args.c)
 *  DO NOT EDIT THIS FILE   (ocserv-args.c)
 *  
 *  
 *  It has been AutoGen-ed  February  8, 2013 at 10:02:15 AM by AutoGen 5.16
 *  It has been AutoGen-ed  February  8, 2013 at 09:35:09 PM by AutoGen 5.16
 *  From the definitions    ocserv-args.def
 *  From the definitions    ocserv-args.def
 *  and the template file   options
 *  and the template file   options
 *
 *
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -78,6 +78,12 @@ max-clients = 16
tcp-port = 3333
tcp-port = 3333
udp-port = 3333
udp-port = 3333
# Keepalive in seconds
keepalive = 3600
# Dead peer detection in seconds
dpd = 60
# The key and the certificates of the server
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
server-cert = /path/to/cert.pem
server-cert = /path/to/cert.pem
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -2,7 +2,7 @@
 *  
 *  
 *  DO NOT EDIT THIS FILE   (ocserv-args.h)
 *  DO NOT EDIT THIS FILE   (ocserv-args.h)
 *  
 *  
 *  It has been AutoGen-ed  February  8, 2013 at 10:02:15 AM by AutoGen 5.16
 *  It has been AutoGen-ed  February  8, 2013 at 09:35:09 PM by AutoGen 5.16
 *  From the definitions    ocserv-args.def
 *  From the definitions    ocserv-args.def
 *  and the template file   options
 *  and the template file   options
 *
 *
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -23,7 +23,10 @@ tcp-port = 3333
udp-port = 3333
udp-port = 3333
# Keepalive in seconds
# Keepalive in seconds
keepalive = 90
keepalive = 60
# Dead peer detection in seconds
dpd = 30
# The key and the certificates of the server
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -67,6 +67,7 @@ struct cfg_st {
	time_t cookie_validity;	/* in seconds */
	time_t cookie_validity;	/* in seconds */
	unsigned auth_timeout; /* timeout of HTTP auth */
	unsigned auth_timeout; /* timeout of HTTP auth */
	unsigned keepalive;
	unsigned keepalive;
	unsigned dpd;
	unsigned foreground;
	unsigned foreground;
	unsigned tls_debug;
	unsigned tls_debug;
	unsigned debug;
	unsigned debug;
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -563,7 +563,7 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
	ret = tls_puts(ws->session, "X-CSTP-Version: 1\r\n");
	ret = tls_puts(ws->session, "X-CSTP-Version: 1\r\n");
	SEND_ERR(ret);
	SEND_ERR(ret);
	ret = tls_puts(ws->session, "X-CSTP-DPD: 60\r\n");
	ret = tls_printf(ws->session, "X-CSTP-DPD: %u\r\n", ws->config->dpd);
	SEND_ERR(ret);
	SEND_ERR(ret);
	ws->udp_state = UP_DISABLED;
	ws->udp_state = UP_DISABLED;
						
							
						
						
							
						
						
						
@@ -631,10 +631,13 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
		ret = tls_printf(ws->session, "X-DTLS-Session-ID: %s\r\n", buffer);
		ret = tls_printf(ws->session, "X-DTLS-Session-ID: %s\r\n", buffer);
		SEND_ERR(ret);
		SEND_ERR(ret);
		ret = tls_printf(ws->session, "X-DTLS-DPD: %u\r\n", ws->config->dpd);
		SEND_ERR(ret);
		ret = tls_printf(ws->session, "X-DTLS-Port: %u\r\n", ws->config->udp_port);
		ret = tls_printf(ws->session, "X-DTLS-Port: %u\r\n", ws->config->udp_port);
		SEND_ERR(ret);
		SEND_ERR(ret);
		ret = tls_puts(ws->session, "X-DTLS-ReKey-Time: 86400\r\n");
		ret = tls_puts(ws->session, "X-DTLS-Rekey-Time: 86400\r\n");
		SEND_ERR(ret);
		SEND_ERR(ret);
		ret = tls_printf(ws->session, "X-DTLS-Keepalive: %u\r\n", ws->config->keepalive);
		ret = tls_printf(ws->session, "X-DTLS-Keepalive: %u\r\n", ws->config->keepalive);
						
							
						
						
							
						
						
						
@@ -690,9 +693,11 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
		if (terminate != 0) {
		if (terminate != 0) {
			if (ws->udp_state == UP_ACTIVE) {
			if (ws->udp_state == UP_ACTIVE) {
				buffer[7] = AC_PKT_DISCONN;
				buffer[0] = AC_PKT_TERM_SERVER;
				
				oclog(ws, LOG_DEBUG, "Sending disconnect message in DTLS channel");
				ret = tls_send(ws->dtls_session, buffer + 7, 1);
				ret = tls_send(ws->dtls_session, buffer, 1);
				GNUTLS_FATAL_ERR(ret);
				GNUTLS_FATAL_ERR(ret);
			}
			}
						
						
						
							
						
						
@@ -702,12 +707,13 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
			buffer[3] = 1;
			buffer[3] = 1;
			buffer[4] = 0;
			buffer[4] = 0;
			buffer[5] = 0;
			buffer[5] = 0;
			buffer[6] = AC_PKT_DISCONN;
			buffer[6] = AC_PKT_TERM_SERVER;
			buffer[7] = 0;
			buffer[7] = 0;
			oclog(ws, LOG_DEBUG, "Sending disconnect message in TLS channel");
			ret = tls_send(ws->session, buffer, 8);
			ret = tls_send(ws->session, buffer, 8);
			GNUTLS_FATAL_ERR(ret);
			GNUTLS_FATAL_ERR(ret);
			
			goto exit;
			goto exit;
		}
		}
						
							
						
						
							
						
						
						
@@ -898,8 +904,11 @@ hsk_restart:
exit:
exit:
	tls_close(ws->session);
	tls_close(ws->session);
	if (ws->udp_state == UP_ACTIVE && ws->dtls_session)
	/*gnutls_deinit(ws->session);*/
	if (ws->udp_state == UP_ACTIVE && ws->dtls_session) {
		tls_close(ws->dtls_session);
		tls_close(ws->dtls_session);
		/*gnutls_deinit(ws->dtls_session);*/
	}
exit_nomsg:
exit_nomsg:
	closelog();
	closelog();
	exit(1);
	exit(1);
						
							
						
						
							
						
						
						
@@ -1002,31 +1011,35 @@ int ret, e;
	switch (head) {
	switch (head) {
		case AC_PKT_DPD_RESP:
		case AC_PKT_DPD_RESP:
		case AC_PKT_KEEPALIVE:
			oclog(ws, LOG_INFO, "received DPD response");
			break;
		case AC_PKT_KEEPALIVE:
			oclog(ws, LOG_INFO, "received keepalive");
			break;
			break;
		case AC_PKT_DPD_OUT:
		case AC_PKT_DPD_OUT:
			oclog(ws, LOG_DEBUG, "Sending STF8\n");
			oclog(ws, LOG_DEBUG, "received DPD; sending response");
			ret =
			ret =
			    tls_send(ts, "STF\x01\x00\x00\x04\x00", 8);
			    tls_send(ts, "STF\x01\x00\x00\x04\x00", 8);
			if (ret < 0) {
			if (ret < 0) {
				oclog(ws, LOG_ERR, "Could not send TLS data: %s", gnutls_strerror(ret));
				oclog(ws, LOG_ERR, "could not send TLS data: %s", gnutls_strerror(ret));
				return -1;
				return -1;
			}
			}
			break;
			break;
		case AC_PKT_DISCONN:
		case AC_PKT_DISCONN:
			oclog(ws, LOG_INFO, "Received BYE packet\n");
			oclog(ws, LOG_INFO, "received BYE packet");
			break;
			break;
		case AC_PKT_DATA:
		case AC_PKT_DATA:
			oclog(ws, LOG_DEBUG, "Writing %d bytes to TUN\n", (int)buf_size);
			oclog(ws, LOG_DEBUG, "writing %d bytes to TUN", (int)buf_size);
			ret = tun_write(ws->tun_fd, buf, buf_size);
			ret = tun_write(ws->tun_fd, buf, buf_size);
			if (ret == -1) {
			if (ret == -1) {
				e = errno;
				e = errno;
				oclog(ws, LOG_ERR, "Could not write data to tun: %s", strerror(e));
				oclog(ws, LOG_ERR, "could not write data to tun: %s", strerror(e));
				return -1;
				return -1;
			}
			}
			break;
			break;
		default:
			oclog(ws, LOG_DEBUG, "received unknown packet %u", (unsigned)head);
	}
	}
	
	
	return head;
	return head;