2026-02-10 00:37:00 +08:00 · 2013-02-19 19:12:05 +01:00
parent e5198dd40f
commit a98e48b9b7
6 changed files with 16 additions and 15 deletions
							
							
							
						
@@ -1,8 +1,8 @@
.TH ocserv 1 "18 Feb 2013" "0.0.1" "User Commands"
.TH ocserv 1 "19 Feb 2013" "0.0.1" "User Commands"
.\"
.\"  DO NOT EDIT THIS FILE   (ocserv-args.man)
.\"  
.\"  It has been AutoGen-ed  February 18, 2013 at 10:23:45 PM by AutoGen 5.16
.\"  It has been AutoGen-ed  February 19, 2013 at 07:11:24 PM by AutoGen 5.16
.\"  From the definitions    ../src/ocserv-args.def.tmp
.\"  and the template file   agman-cmd.tpl
.\"
							
								
							
							
								
							
							
						
@@ -187,11 +187,13 @@ dpd = 240
try\-mtu\-discovery = false
.sp
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (i.e., tpmkey or pkcs11)
# The key may be a file, or any URL supported by GnuTLS (e.g., 
# tpmkey:uuid=xxxxxxx\-xxxx\-xxxx\-xxxx\-xxxxxxxx;storage=user
# or pkcs11:object=my\-vpn\-key;object\-type=private)
server\-cert = /path/to/cert.pem
server\-key = /path/to/key.pem
.sp
# In case PKCS #11 tokens or TPM are used the PINs have to be available
# In case PKCS #11 or TPM keys are used the PINs should be available
# in files. The srk\-pin\-file is applicable to TPM keys only (It's the storage
# root key).
.in -file = /path/to/pin.txt
							
								
							
							
								
							
							
						
@@ -292,7 +294,7 @@ The operation failed or the command syntax was not valid.
.in +4
.ti -4
\fB*\fP
Supports both TCP and UDP VPN tunnels using TLS and Datagram TLS.
Supports both TCP and UDP VPN tunnels using TLS 1.2 and Datagram TLS.
.ti -4
\fB*\fP
Support for the server key being stored in TPM, hardware security modules (HSM), or even a smart card. They can be specified as files using the tpmkey or pkcs11 URLs.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -438,7 +438,7 @@ int connected = 0;
	/* search for the IP and the session ID in all procs */
	list_for_each(&s->clist->head, ctmp, list) {
		if (ctmp->udp_fd_received == 0 && session_id_size == ctmp->session_id_size &&
		if (session_id_size == ctmp->session_id_size &&
			memcmp(session_id, ctmp->session_id, session_id_size) == 0) {
			ret = connect(listener->fd, (void*)&cli_addr, cli_addr_size);
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -2,7 +2,7 @@
 *  
 *  DO NOT EDIT THIS FILE   (ocserv-args.c)
 *  
 *  It has been AutoGen-ed  February 18, 2013 at 10:29:19 PM by AutoGen 5.16
 *  It has been AutoGen-ed  February 19, 2013 at 07:07:24 PM by AutoGen 5.16
 *  From the definitions    ocserv-args.def
 *  and the template file   options
 *
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -291,7 +291,7 @@ doc-section = {
  ds-text   = <<-_EOT_
@subheading Features of the server
@itemize
@item Supports both TCP and UDP VPN tunnels using TLS and Datagram TLS.
@item Supports both TCP and UDP VPN tunnels using TLS 1.2 and Datagram TLS.
@item Support for the server key being stored in TPM, hardware security modules (HSM), or even a smart card. They can be specified as files using the tpmkey or pkcs11 URLs.
@item Authentication using PAM or certificates.
@item Each client is isolated from the others on a separate process with a separate tun device. This allows routing using the system facilies, allows having separate settings per user or group (e.g. bandwidth limits).
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -2,7 +2,7 @@
 *  
 *  DO NOT EDIT THIS FILE   (ocserv-args.h)
 *  
 *  It has been AutoGen-ed  February 18, 2013 at 10:29:19 PM by AutoGen 5.16
 *  It has been AutoGen-ed  February 19, 2013 at 07:07:24 PM by AutoGen 5.16
 *  From the definitions    ocserv-args.def
 *  and the template file   options
 *
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -111,8 +111,7 @@ int handle_worker_commands(struct worker_st *ws)
			exit(0);
		case CMD_UDP_FD:
			if (ws->udp_state != UP_WAIT_FD) {
				oclog(ws, LOG_ERR, "didn't expect a UDP fd!");
				goto fatal_error;
				oclog(ws, LOG_INFO, "received another a UDP fd!");
			}
			if ( (cmptr = CMSG_FIRSTHDR(&hdr)) != NULL && cmptr->cmsg_len == CMSG_LEN(sizeof(int))) {
							
							
							
								
							
						
@@ -120,6 +119,10 @@ int handle_worker_commands(struct worker_st *ws)
					goto udp_fd_fail;
				if (cmptr->cmsg_type != SCM_RIGHTS)
					goto udp_fd_fail;
				if (ws->udp_fd != -1)
					close(ws->udp_fd);
				memcpy(&ws->udp_fd, CMSG_DATA(cmptr), sizeof(int));
				ws->udp_state = UP_SETUP;
							
							
							
								
							
						
@@ -137,10 +140,6 @@ int handle_worker_commands(struct worker_st *ws)
	
	return 0;
fatal_error:
	closelog();
	exit(1);
udp_fd_fail:
	ws->udp_state = UP_DISABLED;
	close(ws->udp_fd);