ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-09 08:16:58 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	d504ba832b	sample.config: added warning for compression [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-19 22:36:33 +01:00
Nikos Mavrogiannopoulos	675c1280a8	added missing NEWS entry [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-17 21:50:36 +01:00
Nikos Mavrogiannopoulos	0f5ba83f76	released 1.2.3 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> 1.2.3	2023-12-17 12:26:58 +01:00
Nikos Mavrogiannopoulos	639a381a0d	subconfig: eliminated informational messages with little value Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-17 11:18:53 +01:00
Nikos Mavrogiannopoulos	161523dad1	config: do not print informational messages on worker load Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-17 11:18:53 +01:00
Stefan Bühler	b670a323b3	Log assigned IP addresses with NOTICE * Client IPs are essential for abuse handling * NOTICE instead of INFO means they will be logged by default Signed-off-by: Stefan Bühler <source@stbuehler.de>	2023-12-17 11:18:53 +01:00
Nikos Mavrogiannopoulos	e44cc6fd78	Separated logging for worker and main and oc_syslog() respects log-level This makes oc_syslog respect the configured log-level. This also introduces a clear separation of the logging function between the two processes. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-17 11:18:47 +01:00
Nikos Mavrogiannopoulos	f0067ae0ea	Cleanup of the logging subsystem; allow logging to stderr only Separated the logging logically from any remaining debugging features. Introduced command line option for logging to stderr only (for systemd and containers). The default log level is set to (2) info. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-15 13:04:40 +01:00
Nikos Mavrogiannopoulos	39f274fb01	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-14 14:16:05 +01:00
Nikos Mavrogiannopoulos	5779a9cac1	Merge branch 'IPv6_for_unknown_agents' into 'master' Don't disable IPv6 for unknown client agents See merge request openconnect/ocserv!377	2023-12-14 12:52:22 +00:00
Daniel Lenski	44fe565dbd	Remove obsolete comment ocserv has sent IPv6 DNS/routes to AnyConnect clients since `e9b79254e7`, but this comment was inadvertently retained. Signed-off-by: Daniel Lenski <dlenski@gmail.com>	2023-12-14 13:31:06 +01:00
Nikos Mavrogiannopoulos	c1a6f2b04a	Added test for IPv6 routes in openconnect v3 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-14 13:28:56 +01:00
Daniel Lenski	8b8a1a7b53	Don't disable IPv6 for unknown client agents We are now planning to change the default HTTP user-agent string in the OpenConnect client. In order to improve compatibility with Cisco servers, it needs to start with `AnyConnect`; likely, the complete prefix will be `AnyConnect-compatible OpenConnect VPN Agent`. (Details in https://gitlab.com/openconnect/openconnect/-/merge_requests/497) ocserv treats clients differently depending on their user-agent strings: 1. ocserv makes simplifications/accommodations in its authentication flow to accommodate old versions of OpenConnect (`AGENT_OPENCONNECTV3`). https://gitlab.com/openconnect/ocserv/-/blob/master/src/worker-auth.c 2. `ocserv` entirely disables IPv6 for old versions of OpenConnect (`AGENT_OPENCONNECTV3`) and for unknown client software (`AGENT_UNKNOWN`). https://gitlab.com/openconnect/ocserv/-/blob/master/src/worker-vpn.c#L2123-2136 At this point, ocserv seems to be aware of a reasonably-complete list of compatible client software: AnyConnect, OpenConnect, Clavister OneConnect, AnyLink, and Cisco SVC IPPhone. Among these, only old OpenConnect clients are known to require special handling to unconditionally disable IPv6. This patch modifies ocserv so that the IPv6 is disabled only for old OpenConnect clients, and not for unknown clients. This should make the transition to OpenConnect's modified UA string go more smoothly. This should also improve "future-proofness" generally. Accommodations for buggy clients should specifically list the affected clients, rather than include unknown clients, since unknown clients are most likely to be newer clients, in which bugs and incompatibilities may have been fixed. Signed-off-by: Daniel Lenski <dlenski@gmail.com>	2023-12-14 13:28:01 +01:00
Nikos Mavrogiannopoulos	aaf2a53246	Improve graceful termination Wait for all processes to terminate within 5 seconds, and report the number of processes that did not terminate. Resolves: #563 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-13 23:02:07 +01:00
Nikos Mavrogiannopoulos	eb011030d5	lzs: sync with version from openconnect Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-12 15:18:01 +01:00
Nikos Mavrogiannopoulos	6e05add266	code coverage: work with lcov 2.0 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-12 11:27:53 +01:00
Nikos Mavrogiannopoulos	86cd25dafb	sample.config: further clarify RX and TX meaning [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-10 02:11:13 +01:00
Nikos Mavrogiannopoulos	d192340484	sample.config: clarified RX and TX meaning [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-07 16:06:14 +01:00
Dimitri Papadopoulos Orfanos	a711aa4a22	Merge branch 'libexec' into 'master' bin/ocserv-fw → libexec/ocserv-fw Closes #78 See merge request openconnect/ocserv!388	2023-12-06 17:51:37 +00:00
Dimitri Papadopoulos Orfanos	69f7c0845d	Merge branch 'PRIu64' into 'master' Avoid compiler warning on 32-bit Linux See merge request openconnect/ocserv!391	2023-12-06 17:49:58 +00:00
Dimitri Papadopoulos Orfanos	db4caaefb0	Merge branch 'MAX_IP_STR' into 'master' MAX_IP_STR → INET6_ADDRSTRLEN / INET_ADDRSTRLEN Closes #556 See merge request openconnect/ocserv!382	2023-12-06 17:49:29 +00:00
Nikos Mavrogiannopoulos	30cf47ad60	sample.config: set default logging priority to 2 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-06 16:47:00 +01:00
Nikos Mavrogiannopoulos	bdc4d5988a	.triage-policies.yml: close merge requests without update for a year Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-06 16:43:26 +01:00
Dimitri Papadopoulos	99dfdb3b8f	Avoid compiler warning on 32-bit Linux From i386/Debian CI jobs: warning: format '%ld' expects argument of type 'long int', but argument 4 has type 'uint64_t' {aka 'long long unsigned int'} [-Wformat=] snprintf(output, output_size, "%ldms", microseconds / 1000); ~~^ ~~~~~~~~~~~~~~~~~~~ %lld Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-06 15:50:46 +01:00
Dimitri Papadopoulos	00ad2b7611	Move macros at the top of the header file Macros are usually defined at the top. In this specififc file, all other macros are already at the top. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-06 15:20:12 +01:00
Dimitri Papadopoulos	f3ded6f3ae	MAX_IP_STR → INET6_ADDRSTRLEN / INET_ADDRSTRLEN Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-06 15:08:02 +01:00
Dimitri Papadopoulos	8ada82ff5c	bin/ocserv-fw → libexec/ocserv-fw Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-11-28 21:57:02 +01:00
Dimitri Papadopoulos Orfanos	a3ff6864b9	Merge branch 'fix_clean_all_rules' into 'master' Fix clean_all_rules bug on multiple devices See merge request openconnect/ocserv!384	2023-11-27 21:35:39 +00:00
Gennady Sadchikov	392a6542d3	Fixed clean_all_rules logic on multiple similar devices Signed-off-by: Gennady Sadchikov <dessolo@mail.ru>	2023-11-27 15:29:42 +03:00
Nikos Mavrogiannopoulos	d7618b095f	Merge branch '311' into 'master' A few RADIUS changes See merge request openconnect/ocserv!381	2023-11-27 09:06:34 +00:00
Nikos Mavrogiannopoulos	aa2db56a9f	Merge branch 'protobuf' into 'master' updated to protobuf 1.5.0 See merge request openconnect/ocserv!386	2023-11-27 09:04:56 +00:00
Nikos Mavrogiannopoulos	6c2d3c165f	Merge branch 'autoconf' into 'master' Small autoconf fixes See merge request openconnect/ocserv!387	2023-11-27 07:46:28 +00:00
Nikos Mavrogiannopoulos	f8afbad5a9	Merge branch 'mailmap' into 'master' Merge my different identities in Git history See merge request openconnect/ocserv!385	2023-11-26 19:44:22 +00:00
Dimitri Papadopoulos	725be86e0c	Small autoconf fixes Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-11-26 14:43:01 +01:00
Dimitri Papadopoulos	a8e7e4a965	chmod -x Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-11-26 14:05:41 +01:00
Dimitri Papadopoulos	8bd5f8fe02	updated to protobuf 1.5.0 Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-11-26 14:05:03 +01:00
Dimitri Papadopoulos	5f3d75e7b2	Merge my different identities in Git history Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-11-26 12:49:11 +01:00
Dimitri Papadopoulos	86ea13b213	A few RADIUS changes * Use the exact names used in RFC 2548. * Warn in case Radius sends more than 2 DNS server IPv6 addresses. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-11-26 12:36:53 +01:00
Nikos Mavrogiannopoulos	20310ec202	.gitlab-ci.yml: corrected latest fedora release Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-11-22 21:06:42 +01:00
Nikos Mavrogiannopoulos	09779ea55b	.gitlab-ci.yml: use latest fedora Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-11-21 15:31:22 +01:00
Nikos Mavrogiannopoulos	f6f5109611	dtls_mainloop: corrected typo Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-11-13 11:54:49 +01:00
Dimitri Papadopoulos Orfanos	47a1de33f2	Merge branch 'master' into 'master' Add support for LoongArch: * Legacy syscalls 'fstat' and 'newfstatat' are not available on new Linux architectures such as LoongArch. This commit will fix related build-time errors. * They have been superseded by syscall 'statx', which should probably be enabled to avoid runtime errors. Runtime errors can be fixed in a different merge request. See merge request openconnect/ocserv!380	2023-11-06 13:17:19 +00:00
wuruilong	6dffaed641	add support for loongarch Signed-off-by: Ruilong Wu <wuruilong@loongson.cn>	2023-11-01 10:34:21 +00:00
Nikos Mavrogiannopoulos	c7ca2c0c46	bumped version Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-10-03 12:30:08 +02:00
Nikos Mavrogiannopoulos	80d6a32d11	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-10-03 12:29:47 +02:00
Rob van Oostenrijk	ed538039c3	Skip camouflage check for authenticated users Once a client has progressed through the initial auth checks (and successfully passed the initial camouflage check), it's safe to skip further camouflage checks. This allows the Cisco Secure client continue successfully through HTTP requests for /profiles//etc/ocserv/profile.xml and /1/VPNManifest.xml. Resolves: #544 Signed-off-by: Rob van Oostenrijk <robvanoostenrijk@users.noreply.github.com>	2023-10-03 12:27:11 +02:00
Nikos Mavrogiannopoulos	1476e66cbc	Merge branch 'occtl-user-raw-connected' into 'master' occtl: add machine-readable "raw_connected_at" field for user stats See merge request openconnect/ocserv!374	2023-09-25 19:31:05 +00:00
Florian Domain	798dce24ba	tests: add a test to validate occtl output * this test allows to validate the occtl output (JSON format) returns expected fields * we only test 2 fields for now (ID and raw_connected_at), but could be expanded easily Signed-off-by: Florian Domain <f.domain@criteo.com>	2023-09-25 18:02:56 +02:00
Florian Domain	ec6c48da4e	occtl: add machine-readable "raw_connected_at" field for user stats * useful for machines reading JSON to get directly the unix timestamp of the users connection start time Signed-off-by: Florian Domain <f.domain@criteo.com>	2023-09-22 18:49:27 +02:00
Nikos Mavrogiannopoulos	f616475643	released 1.2.2 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> 1.2.2	2023-09-21 21:14:05 +02:00

... 3 4 5 6 7 ...

4017 Commits