Capture all the required worker process state in a protobuf and
pass to worker via env. Snapshot all config files to ensure ocserv-sm
and ocserv-worker remain in sync. Split ocserv-worker functionality
into it's own executable with minimal dependencies.
Resolves: #285
Signed-off-by: Alan Jowett alanjo@microsoft.com
Export more information to the script, including client device platform,
type and user agent.
Resolves: #256
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
This provides virtualized server configurations which take
effect after client connection when client hello is received.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
That allows to set explicit expiration of the cookie, and
ensure that we can close a session in a way that we provide
a limited time window for it to re-open. That handles anyconnect
client compatibility; this client terminates and reconnects
using the original cookie, multiple times.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
That is, store:
* number of timed out sessions
* number of timed out due being idle sessions
* number of errored sessions
* total number of session handled (closed)
* total number of kbytes sent
* total number of kbytes received
* minimum MTU seen
* maximum MTU seen
* total authentication failures
* average/max authentication time (in secs)
* average/max session time (in minutes)
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Use instead a value derived from it, to avoid access to the debugging
log files, or radius result to access to the server.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
That is, even if we initially advertize the PID of the worker
handling the client as NAS-Port, the client may eventually end-up
being served by another process. In that case we make sure that
the radius server is notified on the next accounting message.
This change set eliminates the need for cryptographically authenticated
cookies and relies on sec-module providing accurate information on
the SID provided by the client.
That is, to allow referencing to these values from proc_st
without fearing of them being invalidated on a config reload. We
perform a cleanup of these values on the server periodic check.
Based on suggestions by Niels Peen. That adds:
Calling-Station-Id in auth message, and Service-Type,
Framed-Protocol, Framed-IP-Address, Acct-Authentic,
NAS-Port-Type, Acct-Session-Time in acct messages.
