svn merge -r 670:672 $SO/trunk/openvpn

Brought up-to-date with 2.0.x branch.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@673 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/ChangeLog b/ChangeLog
index cc763c99470267baabc0b7464e65eae8e89ccb70..9ddddaf10e65f61f22687f57756572c7b7043d16 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,11 @@ $Id$
 2005.10.xx -- Version 2.1-beta5
 
 * More PKCS#11 additions/changes (Alon Bar-Lev).
+* Fixed double fork issue that occurs when --management-hold
+  is used.
+* Moved TUN/TAP read/write log messages from --verb 8 to 6.
+* Warn when multiple clients having the same common name or
+  username usurp each other when --duplicate-cn is not used.
 
 2005.10.17 -- Version 2.1-beta4
 

diff --git a/errlevel.h b/errlevel.h
index 0bb97552549b6411551505c0a678588c628e4d56..d34e602ffc584f59153828fc8b8723a1d21943c8 100644 (file)
--- a/errlevel.h
+++ b/errlevel.h
@@ -104,6 +104,7 @@
 #define D_LOG_RW             LOGLEV(5, 0,  0)        /* Print 'R' or 'W' to stdout for read/write */
 
 #define D_LINK_RW            LOGLEV(6, 60, M_DEBUG)  /* show TCP/UDP reads/writes (terse) */
+#define D_TUN_RW             LOGLEV(6, 60, M_DEBUG)  /* show TUN/TAP reads/writes */
 #define D_TAP_WIN32_DEBUG    LOGLEV(6, 60, M_DEBUG)  /* show TAP-Win32 driver debug info */
 
 #define D_SHOW_KEYS          LOGLEV(7, 70, M_DEBUG)  /* show data channel encryption keys */
@@ -138,7 +139,6 @@
 #define D_GREMLIN_VERBOSE    LOGLEV(8, 70, M_DEBUG)  /* show verbose info from gremlin module */
 #define D_REL_DEBUG          LOGLEV(8, 70, M_DEBUG)  /* show detailed info from reliable routines */
 #define D_EVENT_WAIT         LOGLEV(8, 70, M_DEBUG)  /* show detailed info from event waits */
-#define D_TUN_RW             LOGLEV(8, 70, M_DEBUG)  /* show TUN/TAP reads/writes */
 #define D_MULTI_TCP          LOGLEV(8, 70, M_DEBUG)  /* show debug info from mtcp.c */
 
 #define D_TLS_DEBUG          LOGLEV(9, 70, M_DEBUG)  /* show detailed info from TLS routines */

diff --git a/forward.c b/forward.c
index a6b89230493a344779c7954229cb458614d0b9a2..23edfc80ddbb1490c477fad88e7d68448b98d041 100644 (file)
--- a/forward.c
+++ b/forward.c
@@ -899,10 +899,7 @@ process_incoming_tun (struct context *c)
 #endif
 
   /* Show packet content */
-  dmsg (D_TUN_RW, "TUN READ [%d]: %s md5=%s",
-       BLEN (&c->c2.buf),
-       format_hex (BPTR (&c->c2.buf), BLEN (&c->c2.buf), 80, &gc),
-       MD5SUM (BPTR (&c->c2.buf), BLEN (&c->c2.buf), &gc));
+  dmsg (D_TUN_RW, "TUN READ [%d]", BLEN (&c->c2.buf));
 
   if (c->c2.buf.len > 0)
     {
@@ -1118,10 +1115,7 @@ process_outgoing_tun (struct context *c)
       if (c->c2.log_rw)
        fprintf (stderr, "w");
 #endif
-      dmsg (D_TUN_RW, "TUN WRITE [%d]: %s md5=%s",
-          BLEN (&c->c2.to_tun),
-          format_hex (BPTR (&c->c2.to_tun), BLEN (&c->c2.to_tun), 80, &gc),
-          MD5SUM (BPTR (&c->c2.to_tun), BLEN (&c->c2.to_tun), &gc));
+      dmsg (D_TUN_RW, "TUN WRITE [%d]", BLEN (&c->c2.to_tun));
 
 #ifdef PACKET_TRUNCATION_CHECK
       ipv4_packet_size_verify (BPTR (&c->c2.to_tun),

diff --git a/multi.c b/multi.c
index a42c561beaba27553ed058b62ba6da5796f304ba..c4015d7c767b2a5b52f49ac376e0d24b2118a425 100644 (file)
--- a/multi.c
+++ b/multi.c
@@ -1045,6 +1045,7 @@ multi_delete_dup (struct multi_context *m, struct multi_instance *new_mi)
        {
          struct hash_iterator hi;
          struct hash_element *he;
+         int count = 0;
 
          hash_iterator_init (m->iter, &hi, true);
          while ((he = hash_iterator_next (&hi)))
@@ -1058,10 +1059,14 @@ multi_delete_dup (struct multi_context *m, struct multi_instance *new_mi)
                      mi->did_iter = false;
                      multi_close_instance (m, mi, false);
                      hash_iterator_delete_element (&hi);
+                     ++count;
                    }
                }
            }
          hash_iterator_free (&hi);
+
+         if (count)
+           msg (D_MULTI_LOW, "MULTI: new connection by client '%s' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.", new_cn);
        }
     }
 }