This is to keep some static analyzers happy that check for the
thread safe functions, even if in practice we do not need to be
thread safe.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This increases the maximum number of fds by 96 to allow up to
128 scripts being run when close to the maximum limit of clients.
Resolves: #349
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This option was almost impossible to use in general and worked with
very few clients only (not including openconnect). That also meant that
it could not be tested. Removed to reduce maintenance to parameters
that are used in practice.
Resolves: #376
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This adds the syscalls used by socket wrapper as observed
in Fedora builders, as well as syscalls observed in different
platforms such as aarch64.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This also introduces better error reporting to inih, and
handling of the errors received by inih.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This also removes the stop on first error directive
which was set but not used for very long time.
Resolves: #364
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
while using udp, we later open a file descriptor for the worker. With a
listen netns config, I overlooked this case which oblige me to move the
struct containing the file descriptor in the main one. Then I can access
them from each worker to make it possible to open the socket in the
correct netns. I also need to keep the netns fd open during the whole
life of the process.
the issue was not visible on a tcp-only case, but while using udp you
can see logs such as:
main[user]: x.x.x.x:54024 bind UDP to 0.0.0.0:443: Cannot assign requested address
worker[user]: x.x.x.x setting up DTLS-PSK connection
main[user]: x.x.x.x:54024 bind UDP to 0.0.0.0:443: Cannot assign requested address
update tests to reflects that:
- instead of creating our own netns, use the one created in common.sh
- we start server in ns1, but listen in ns2, and test client from ns3
(we don't want to listen in ns1 to test listen-ns)
Signed-off-by: William Dauchy <w.dauchy@criteo.com>
This ignores any items following the first group class attribute.
Resolves: #332
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Add support for gracefully stopping the server.
Add primer on using ocserv with L3 load balancer.
Resolves: #345
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
The previously used HOSTNAME variable is being overriden by bash and
thus was not a reliable one. We switch to setting REMOTE_HOSTNAME,
but keep the HOSTNAME for compatibility.
This also changes 'test-pass-script' to check for the new variable.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
