mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-09 08:16:58 +08:00
Add check to disable adaptive rate limiting
Disable when targeting Linux kernels that do not support Unix socket monitoring (UNIX_DIAG), like the default OpenWrt kernel. This will avoid flooding the log with this error message: NLM query failed Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
This commit is contained in:
Dimitri Papadopoulos
2
NEWS
2
NEWS
@@ -6,6 +6,7 @@
|
||||
- The bundled llhtp was updated to 9.3.0.
|
||||
- The bundled protobuf-c was updated to 1.5.1.
|
||||
- Fixed issues with PAM authentication when combined with pam_sssd (#618)
|
||||
- Add autotools with/without check to disable use of sock_diag on OpenWrt.
|
||||
- Enhanced the seccomp filters to address issue in testing (#627)
|
||||
- Fixed "unexpected URL" errors for Cisco AnyConnect clients
|
||||
- Fixed the 'ping-leases' option, which was broken since version 1.1.1
|
||||
@@ -24,6 +25,7 @@
|
||||
- Single form to enter username and password (#551)
|
||||
|
||||
|
||||
|
||||
* Version 1.3.0 (released 2024-05-05)
|
||||
- Switch to https://github.com/nodejs/llhttp from http-parser.
|
||||
http-parser was a liability as an unmaintained project (#598)
|
||||
|
||||
77
configure.ac
77
configure.ac
@@ -600,10 +600,19 @@ fi
|
||||
|
||||
AM_CONDITIONAL(ENABLE_LATENCY_SUPPORT, test "x$have_latency_stats" = xyes)
|
||||
|
||||
AC_CHECK_HEADERS([linux/netlink.h linux/rtnetlink.h linux/sock_diag.h linux/unix_diag.h], [sockdiag_header=yes], [sockdiag_header=no])
|
||||
dnl sock_diag
|
||||
AC_ARG_WITH(sock-diag,
|
||||
AS_HELP_STRING([--without-sock-diag], [do not use the sock_diag netlink subsystem for adaptive rate limiting]),
|
||||
test_for_sock_diag=$withval,
|
||||
test_for_sock_diag=yes)
|
||||
|
||||
if test "x$sockdiag_header" = xyes; then
|
||||
AC_DEFINE([ENABLE_ADAPTIVE_RATE_LIMIT_SUPPORT], [1], [Enable adaptive rate limiting])
|
||||
enable_sock_diag=no
|
||||
if test "$test_for_sock_diag" = yes;then
|
||||
AC_CHECK_HEADERS([linux/netlink.h linux/rtnetlink.h linux/sock_diag.h linux/unix_diag.h], [sockdiag_header=yes], [sockdiag_header=no])
|
||||
if test "x$sockdiag_header" = xyes;then
|
||||
enable_sock_diag=yes
|
||||
AC_DEFINE([ENABLE_ADAPTIVE_RATE_LIMIT_SUPPORT], [1], [Enable adaptive rate limiting])
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@@ -718,39 +727,39 @@ chmod 640 tests/data/raddb/radiusd.conf
|
||||
|
||||
AC_MSG_NOTICE([
|
||||
Summary of build options:
|
||||
version: ${VERSION}
|
||||
Host type: ${host}
|
||||
Install prefix: ${prefix}
|
||||
Compiler: ${CC}
|
||||
CFlags: ${CFLAGS}
|
||||
CWrap testing: ${have_cwrap}
|
||||
CWrap PAM testing: ${have_cwrap_pam}
|
||||
CWrap NSS testing: ${have_cwrap_nss}
|
||||
version: ${VERSION}
|
||||
Host type: ${host}
|
||||
Install prefix: ${prefix}
|
||||
Compiler: ${CC}
|
||||
CFlags: ${CFLAGS}
|
||||
CWrap testing: ${have_cwrap}
|
||||
CWrap PAM testing: ${have_cwrap_pam}
|
||||
CWrap NSS testing: ${have_cwrap_nss}
|
||||
|
||||
PAM auth backend: ${pam_enabled}
|
||||
Radius auth backend: ${radius_enabled}
|
||||
GSSAPI auth backend: ${enable_gssapi}
|
||||
OIDC Auth backend: ${enable_oidc_auth}
|
||||
Anyconnect compat: ${anyconnect_enabled}
|
||||
TCP wrappers: ${libwrap_enabled}
|
||||
namespaces: ${namespaces_enabled}
|
||||
systemd: ${systemd_enabled}
|
||||
PAM auth backend: ${pam_enabled}
|
||||
Radius auth backend: ${radius_enabled}
|
||||
GSSAPI auth backend: ${enable_gssapi}
|
||||
OIDC Auth backend: ${enable_oidc_auth}
|
||||
Anyconnect compat: ${anyconnect_enabled}
|
||||
TCP wrappers: ${libwrap_enabled}
|
||||
namespaces: ${namespaces_enabled}
|
||||
systemd: ${systemd_enabled}
|
||||
(socket activation)
|
||||
worker isolation: ${isolation}
|
||||
Compression: ${enable_compression}
|
||||
LZ4 compression: ${enable_lz4}
|
||||
readline: ${have_readline}
|
||||
libnl3: ${have_libnl3}
|
||||
liboath: ${have_liboath}
|
||||
libgeoip: ${have_geoip}
|
||||
libmaxminddb: ${have_maxmind}
|
||||
glibc (sha2crypt): ${have_glibc}
|
||||
local talloc: ${with_local_talloc}
|
||||
local protobuf-c: ${with_local_protobuf_c}
|
||||
local PCL library: ${with_local_pcl}
|
||||
local llhttp: ${with_local_llhttp}
|
||||
seccomp trap: ${use_seccomp_trap}
|
||||
capture latency stats ${have_latency_stats}
|
||||
worker isolation: ${isolation}
|
||||
Compression: ${enable_compression}
|
||||
LZ4 compression: ${enable_lz4}
|
||||
readline: ${have_readline}
|
||||
libnl3: ${have_libnl3}
|
||||
liboath: ${have_liboath}
|
||||
libgeoip: ${have_geoip}
|
||||
libmaxminddb: ${have_maxmind}
|
||||
glibc (sha2crypt): ${have_glibc}
|
||||
local talloc: ${with_local_talloc}
|
||||
local protobuf-c: ${with_local_protobuf_c}
|
||||
local PCL library: ${with_local_pcl}
|
||||
local llhttp: ${with_local_llhttp}
|
||||
seccomp trap: ${use_seccomp_trap}
|
||||
capture latency stats: ${have_latency_stats}
|
||||
])
|
||||
|
||||
if test "${warn_leak}" = "yes";then
|
||||
|
||||
Reference in New Issue
Block a user