GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added configurable DPD

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2013-02-08 21:51:58 +01:00
parent 6ac7986342
commit 5f4b8711ef
8 changed files with 49 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/config.c
View File

@@ -127,6 +127,7 @@ unsigned j;
READ_NUMERIC("tcp-port", config->port, 1);
READ_NUMERIC("udp-port", config->udp_port, 0);
READ_NUMERIC("keepalive", config->keepalive, 0);
READ_NUMERIC("dpd", config->dpd, 0);
READ_STRING("server-cert", config->cert, 1);
READ_STRING("server-key", config->key, 1);
@@ -201,7 +202,10 @@ static void check_cfg( struct cfg_st *config)
}
if (config->keepalive == 0)
config->keepalive = 30;
config->keepalive = 3600;
if (config->dpd == 0)
config->keepalive = 60;
if (config->udp_port == 0)
config->udp_port = config->port;

7
src/main.c
View File

@@ -414,7 +414,10 @@ int connected = 0;
goto fail;
/* check version */
if (buffer[1] != 254 && (buffer[1] != 1 && buffer[2] != 0)) {
mslog(s, NULL, LOG_DEBUG, "DTLS record version: %u.%u", (unsigned int)buffer[1], (unsigned int)buffer[2]);
mslog(s, NULL, LOG_DEBUG, "DTLS hello version: %u.%u", (unsigned int)buffer[RECORD_PAYLOAD_POS], (unsigned int)buffer[RECORD_PAYLOAD_POS+1]);
if (buffer[1] != 254 && (buffer[1] != 1 && buffer[2] != 0) &&
buffer[RECORD_PAYLOAD_POS] != 254 && (buffer[RECORD_PAYLOAD_POS] != 0 && buffer[RECORD_PAYLOAD_POS+1] != 0)) {
mslog(s, NULL, LOG_INFO, "Unknown DTLS version: %u.%u", (unsigned)buffer[1], (unsigned)buffer[2]);
goto fail;
}
@@ -422,8 +425,6 @@ int connected = 0;
mslog(s, NULL, LOG_INFO, "Unexpected DTLS content type: %u", (unsigned int)buffer[0]);
goto fail;
}
mslog(s, NULL, LOG_DEBUG, "DTLS record version: %u.%u", (unsigned int)buffer[1], (unsigned int)buffer[2]);
mslog(s, NULL, LOG_DEBUG, "DTLS hello version: %u.%u", (unsigned int)buffer[RECORD_PAYLOAD_POS], (unsigned int)buffer[RECORD_PAYLOAD_POS+1]);
/* read session_id */
session_id_size = buffer[RECORD_PAYLOAD_POS+HANDSHAKE_SESSION_ID_POS];

2
src/ocserv-args.c
View File

@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (ocserv-args.c)
*
* It has been AutoGen-ed February 8, 2013 at 10:02:15 AM by AutoGen 5.16
* It has been AutoGen-ed February 8, 2013 at 09:35:09 PM by AutoGen 5.16
* From the definitions ocserv-args.def
* and the template file options
*

6
src/ocserv-args.def
View File

@@ -78,6 +78,12 @@ max-clients = 16
tcp-port = 3333
udp-port = 3333
# Keepalive in seconds
keepalive = 3600
# Dead peer detection in seconds
dpd = 60
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
server-cert = /path/to/cert.pem

2
src/ocserv-args.h
View File

@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (ocserv-args.h)
*
* It has been AutoGen-ed February 8, 2013 at 10:02:15 AM by AutoGen 5.16
* It has been AutoGen-ed February 8, 2013 at 09:35:09 PM by AutoGen 5.16
* From the definitions ocserv-args.def
* and the template file options
*

5
src/sample.config
View File

@@ -23,7 +23,10 @@ tcp-port = 3333
udp-port = 3333
# Keepalive in seconds
keepalive = 90
keepalive = 60
# Dead peer detection in seconds
dpd = 30
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)

1
src/vpn.h
View File

@@ -67,6 +67,7 @@ struct cfg_st {
time_t cookie_validity; /* in seconds */
unsigned auth_timeout; /* timeout of HTTP auth */
unsigned keepalive;
unsigned dpd;
unsigned foreground;
unsigned tls_debug;
unsigned debug;

39
src/worker-vpn.c
View File

@@ -563,7 +563,7 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
ret = tls_puts(ws->session, "X-CSTP-Version: 1\r\n");
SEND_ERR(ret);
ret = tls_puts(ws->session, "X-CSTP-DPD: 60\r\n");
ret = tls_printf(ws->session, "X-CSTP-DPD: %u\r\n", ws->config->dpd);
SEND_ERR(ret);
ws->udp_state = UP_DISABLED;
@@ -631,10 +631,13 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
ret = tls_printf(ws->session, "X-DTLS-Session-ID: %s\r\n", buffer);
SEND_ERR(ret);
ret = tls_printf(ws->session, "X-DTLS-DPD: %u\r\n", ws->config->dpd);
SEND_ERR(ret);
ret = tls_printf(ws->session, "X-DTLS-Port: %u\r\n", ws->config->udp_port);
SEND_ERR(ret);
ret = tls_puts(ws->session, "X-DTLS-ReKey-Time: 86400\r\n");
ret = tls_puts(ws->session, "X-DTLS-Rekey-Time: 86400\r\n");
SEND_ERR(ret);
ret = tls_printf(ws->session, "X-DTLS-Keepalive: %u\r\n", ws->config->keepalive);
@@ -690,9 +693,11 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
if (terminate != 0) {
if (ws->udp_state == UP_ACTIVE) {
buffer[7] = AC_PKT_DISCONN;
buffer[0] = AC_PKT_TERM_SERVER;
ret = tls_send(ws->dtls_session, buffer + 7, 1);
oclog(ws, LOG_DEBUG, "Sending disconnect message in DTLS channel");
ret = tls_send(ws->dtls_session, buffer, 1);
GNUTLS_FATAL_ERR(ret);
}
@@ -702,9 +707,10 @@ unsigned mtu_overhead, dtls_mtu = 0, tls_mtu = 0;
buffer[3] = 1;
buffer[4] = 0;
buffer[5] = 0;
buffer[6] = AC_PKT_DISCONN;
buffer[6] = AC_PKT_TERM_SERVER;
buffer[7] = 0;
oclog(ws, LOG_DEBUG, "Sending disconnect message in TLS channel");
ret = tls_send(ws->session, buffer, 8);
GNUTLS_FATAL_ERR(ret);
@@ -898,8 +904,11 @@ hsk_restart:
exit:
tls_close(ws->session);
if (ws->udp_state == UP_ACTIVE && ws->dtls_session)
/*gnutls_deinit(ws->session);*/
if (ws->udp_state == UP_ACTIVE && ws->dtls_session) {
tls_close(ws->dtls_session);
/*gnutls_deinit(ws->dtls_session);*/
}
exit_nomsg:
closelog();
exit(1);
@@ -1002,31 +1011,35 @@ int ret, e;
switch (head) {
case AC_PKT_DPD_RESP:
case AC_PKT_KEEPALIVE:
oclog(ws, LOG_INFO, "received DPD response");
break;
case AC_PKT_KEEPALIVE:
oclog(ws, LOG_INFO, "received keepalive");
break;
case AC_PKT_DPD_OUT:
oclog(ws, LOG_DEBUG, "Sending STF8\n");
oclog(ws, LOG_DEBUG, "received DPD; sending response");
ret =
tls_send(ts, "STF\x01\x00\x00\x04\x00", 8);
if (ret < 0) {
oclog(ws, LOG_ERR, "Could not send TLS data: %s", gnutls_strerror(ret));
oclog(ws, LOG_ERR, "could not send TLS data: %s", gnutls_strerror(ret));
return -1;
}
break;
case AC_PKT_DISCONN:
oclog(ws, LOG_INFO, "Received BYE packet\n");
oclog(ws, LOG_INFO, "received BYE packet");
break;
case AC_PKT_DATA:
oclog(ws, LOG_DEBUG, "Writing %d bytes to TUN\n", (int)buf_size);
oclog(ws, LOG_DEBUG, "writing %d bytes to TUN", (int)buf_size);
ret = tun_write(ws->tun_fd, buf, buf_size);
if (ret == -1) {
e = errno;
oclog(ws, LOG_ERR, "Could not write data to tun: %s", strerror(e));
oclog(ws, LOG_ERR, "could not write data to tun: %s", strerror(e));
return -1;
}
break;
default:
oclog(ws, LOG_DEBUG, "received unknown packet %u", (unsigned)head);
}
return head;