GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-11 09:16:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,053 Commits 19 Branches 88 Tags
b7b3f3416d44dc6608f5f0daceb15dedd2aaa6bf
Commit Graph

1053 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
b7b3f3416d doc update 2014-04-28 17:40:43 +02:00
Nikos Mavrogiannopoulos
4598a1b53b updated example script to account for STATS_BYTES variables. 2014-04-28 17:40:00 +02:00
Nikos Mavrogiannopoulos
b8bfbde41d Test whether the statistics are exported to disconnect script. 2014-04-28 17:36:02 +02:00
Nikos Mavrogiannopoulos
2a0cc77c2e Export TUN device statistics from the worker process. 
When a worker process terminates in authenticated state, then
export statistics from the tun device (currently bytes_in and
bytes_out). These statistics are sent to main process using an
informational message just prior to process exit. The statistics
are also exported to the disconnect script using the STATS_BYTES_IN
and STATS_BYTES_OUT environment variables.
 2014-04-28 17:32:51 +02:00
Nikos Mavrogiannopoulos
2c213d4e52 Active session timeout was reduced to 30 secs. 2014-04-21 14:08:50 +02:00
Nikos Mavrogiannopoulos
d090075502 corrected sigstack permissions. 2014-04-19 13:18:24 +02:00
Nikos Mavrogiannopoulos
d2931cfd88 Avoid running test if our conditions are not met. 2014-04-19 12:15:16 +02:00
Nikos Mavrogiannopoulos
03f6e7cc16 Setup an alternative stack for signals on heap. 2014-04-19 12:03:40 +02:00
Nikos Mavrogiannopoulos
2577f8bfa7 Allow the worker signal handlers to operate under seccomp. 2014-04-19 11:47:13 +02:00
Nikos Mavrogiannopoulos
bae34112fb Added sigprocmask to the list of seccomp allowed calls. 2014-04-19 10:57:16 +02:00
Nikos Mavrogiannopoulos
46c2965a67 doc update 2014-04-19 10:32:04 +02:00
Nikos Mavrogiannopoulos
489368c58e When receiving unexpected UDP packets, check if they match a known IP and forward them. 
This will not work for many clients that come from a single IP but will
work-around issues, when clients are behind a NAT that keeps their UDP port
state for shorter time than DPD.
 2014-04-19 10:29:57 +02:00
Nikos Mavrogiannopoulos
8e73f98502 changed the default DPD time to 90 seconds, to prevent UDP port from changing in several NATs. 2014-04-19 08:30:10 +02:00
Nikos Mavrogiannopoulos
bd7240e1d5 When a DTLS hello message is received, print the source address. 2014-04-18 20:37:27 +02:00
Nikos Mavrogiannopoulos
0258824647 corrected program name in license 2014-04-18 16:16:31 +02:00
Nikos Mavrogiannopoulos
cf759e33ed Added note on enable-local-libopts for full-test 2014-04-17 19:01:54 +02:00
Nikos Mavrogiannopoulos
f4e8bcc904 Modified full test for debian. 2014-04-17 18:51:34 +02:00
Nikos Mavrogiannopoulos
8e5bea0851 doc update 2014-04-17 16:27:13 +02:00
Nikos Mavrogiannopoulos
7bf24821ae Added a full test between openconnect and ocserv based on docker. 
That allows testing the establishment of a connection plus
the transferring of packets.
 2014-04-17 15:25:19 +02:00
Nikos Mavrogiannopoulos
62110975a7 Revert "Delay the cleanup of resources of a worker if a disconnect script is set." 
This reverts commit 7e0ee385c2.
 2014-04-16 12:00:16 +02:00
Nikos Mavrogiannopoulos
21d60106c2 doc update 2014-04-16 11:55:48 +02:00
Nikos Mavrogiannopoulos
3f8661a98a renamed function names for clarity. 2014-04-16 11:49:13 +02:00
Nikos Mavrogiannopoulos
4037bed48b doc update 2014-04-16 11:48:50 +02:00
Nikos Mavrogiannopoulos
276bdd49d1 do not require the device to be present in the connect script. 2014-04-15 11:34:17 +02:00
Nikos Mavrogiannopoulos
392c6a0178 Do not use renegotiation in old clients. 2014-04-15 11:22:27 +02:00
Nikos Mavrogiannopoulos
e6364e8e52 Revert "When a disconnect script is set, the main process will close the tun device on client exit." 
This reverts commit e50051b435.
 2014-04-15 10:33:53 +02:00
Nikos Mavrogiannopoulos
f8fbb9bde3 Corrected several coverity uncovered bugs. 2014-04-15 10:08:42 +02:00
Nikos Mavrogiannopoulos
b37fa7ae8c use list_for_each_safe() when disconnecting a user. 2014-04-15 09:48:48 +02:00
Nikos Mavrogiannopoulos
104f12cd11 check the return value of socket() 2014-04-15 09:47:31 +02:00
Nikos Mavrogiannopoulos
bec93731eb Simplified group configuration file loading. 2014-04-14 13:40:37 +02:00
Nikos Mavrogiannopoulos
be3920a08c Correctly close tun lease descriptors prior to running worker. 
That is, properly initialize them to -1, to avoid deinitializing
an unrelated descriptor.
 2014-04-13 14:04:55 +02:00
Nikos Mavrogiannopoulos
70f82e72d3 corrected ipv6 netmask assignment. 2014-04-13 11:12:43 +02:00
Nikos Mavrogiannopoulos
1c3ca402b3 Revert "close tun lease descriptors prior to running worker" 
This reverts commit 9496819a33.
 2014-04-13 09:35:20 +02:00
Nikos Mavrogiannopoulos
7071c75c85 correctly print message for no-ip. 2014-04-13 09:25:36 +02:00
Nikos Mavrogiannopoulos
d056ad5b4f Avoid assigning broadcast address as either lip or rip. 2014-04-13 09:25:16 +02:00
Nikos Mavrogiannopoulos
c410891421 send ID as signed integer over dbus. 2014-04-13 08:56:36 +02:00
Nikos Mavrogiannopoulos
9496819a33 close tun lease descriptors prior to running worker 2014-04-12 23:56:23 +02:00
Nikos Mavrogiannopoulos
7e0ee385c2 Delay the cleanup of resources of a worker if a disconnect script is set. 
In that case use the intermediate state PS_AUTH_DEAD to delay the
release of resources for few seconds. That would allow the disconnect
script to gather any required statistics from the device, IPs etc.
 2014-04-12 21:29:14 +02:00
Nikos Mavrogiannopoulos
3bf5c03b4b Test whether the connect and disconnect scripts have been called. 2014-04-12 21:07:53 +02:00
Nikos Mavrogiannopoulos
6410f6864c The tun device will be closed only after the disconnect script has been called. 
This allows gathering statistics from it. In addition, changed behavior of
script calling, and now will always contain the IP information.
 2014-04-12 12:44:13 +02:00
Nikos Mavrogiannopoulos
e50051b435 When a disconnect script is set, the main process will close the tun device on client exit. 
That allows the disconnect script to gather statistics from the client session.
 2014-04-12 12:37:47 +02:00
Nikos Mavrogiannopoulos
491b3c9c7e doc update 2014-04-12 08:51:40 +02:00
Nikos Mavrogiannopoulos
c1c9680efb document new behavior in calling disconnect script. 2014-04-12 08:50:28 +02:00
Nikos Mavrogiannopoulos
1185cb07ee Execute disconnect script for user that their IP was hijacked by a cookie reconnection 
This will prevent having the script be called to initiate connections
that are never disconnected. This patch also introduces IPV6_LOCAL and
IPV6_REMOTE script environment variables that allow passing both addresses
in case both IPv4 and IPv6 are assigned.
 2014-04-12 08:43:10 +02:00
Nikos Mavrogiannopoulos
3137c507e2 doc update 2014-04-08 22:02:12 +02:00
Nikos Mavrogiannopoulos
25137299c7 released 0.3.3 ocserv_0_3_3 2014-04-08 21:27:42 +02:00
Nikos Mavrogiannopoulos
ee12a7509d renamed function for consistency 2014-04-06 10:02:16 +02:00
Nikos Mavrogiannopoulos
bd9aaa1228 Revert "Try to read more than a single packet from the TUN device." 
This reverts commit 019126abfd.
 2014-04-06 09:08:44 +02:00
Nikos Mavrogiannopoulos
7d07ccb1e4 Revert "corrected DTLS data sending." 
This reverts commit 374f8d52a9.
 2014-04-06 09:08:37 +02:00
Nikos Mavrogiannopoulos
374f8d52a9 corrected DTLS data sending. 2014-04-05 19:57:53 +02:00