}
#endif
-#ifdef ENABLE_OCC
/* Should we send an OCC_REQUEST message? */
check_send_occ_req(c);
{
process_explicit_exit_notification_timer_wakeup(c);
}
-#endif
/* Should we ping the remote? */
check_ping_send(c);
}
else
{
-#ifdef ENABLE_OCC
if (event_timeout_defined(&c->c2.explicit_exit_notification_interval))
{
msg(D_STREAM_ERRORS, "Connection reset during exit notification period, ignoring [%d]", status);
management_sleep(1);
}
else
-#endif
{
register_signal(c, SIGUSR1, "connection-reset"); /* SOFT-SIGUSR1 -- TCP connection reset */
msg(D_STREAM_ERRORS, "Connection reset, restarting [%d]", status);
c->c2.buf.len = 0; /* drop packet */
}
-#ifdef ENABLE_OCC
/* Did we just receive an OCC packet? */
if (is_occ_msg(&c->c2.buf))
{
process_received_occ_msg(c);
}
-#endif
buffer_turnover(orig_buf, &c->c2.to_tun, &c->c2.buf, &c->c2.buffers->read_link_buf);
/* check for incoming configuration info on the control channel */
check_incoming_control_channel(c);
-#ifdef ENABLE_OCC
/* Should we send an OCC message? */
check_send_occ_msg(c);
-#endif
#ifdef ENABLE_FRAGMENT
/* Should we deliver a datagram fragment to remote? */
/* initialize connection establishment timer */
event_timeout_init(&c->c2.wait_for_connect, 1, now);
-#ifdef ENABLE_OCC
/* initialize occ timers */
if (c->options.occ
{
event_timeout_init(&c->c2.occ_mtu_load_test_interval, OCC_MTU_LOAD_INTERVAL_SECONDS, now);
}
-#endif
/* initialize packet_id persistence timer */
if (c->options.packet_id_file)
msg(D_PUSH, "OPTIONS IMPORT: timers and/or timeouts modified");
}
-#ifdef ENABLE_OCC
if (found & OPT_P_EXPLICIT_NOTIFY)
{
if (!proto_is_udp(c->options.ce.proto) && c->options.ce.explicit_exit_notification)
msg(D_PUSH, "OPTIONS IMPORT: explicit notify parm(s) modified");
}
}
-#endif
#ifdef USE_COMP
if (found & OPT_P_COMP)
to.xmit_hold = true;
}
-#ifdef ENABLE_OCC
to.disable_occ = !options->occ;
-#endif
to.verify_command = options->tls_verify;
to.verify_export_cert = options->tls_export_cert;
c->c2.frame_fragment_initial = c->c2.frame_fragment;
#endif
-#if defined(ENABLE_FRAGMENT) && defined(ENABLE_OCC)
+#if defined(ENABLE_FRAGMENT)
/*
* MTU advisories
*/
#endif
}
-#ifdef ENABLE_OCC
/*
* Get local and remote options compatibility strings.
*/
gc_free(&gc);
}
-#endif /* ifdef ENABLE_OCC */
/*
* These things can only be executed once per program instantiation.
c->c2.tls_multi = NULL;
}
-#ifdef ENABLE_OCC
/* free options compatibility strings */
if (c->c2.options_string_local)
{
free(c->c2.options_string_remote);
}
c->c2.options_string_local = c->c2.options_string_remote = NULL;
-#endif
if (c->c2.pulled_options_state)
{
do_open_ifconfig_pool_persist(c);
}
-#ifdef ENABLE_OCC
/* reset OCC state */
if (c->mode == CM_P2P || child)
{
c->c2.occ_op = occ_reset_op();
}
-#endif
/* our wait-for-i/o objects, different for posix vs. win32 */
if (c->mode == CM_P2P)
/* print MTU info */
do_print_data_channel_mtu_parms(c);
-#ifdef ENABLE_OCC
/* get local and remote options compatibility strings */
if (c->mode == CM_P2P || child)
{
do_compute_occ_strings(c);
}
-#endif
/* initialize output speed limiter */
if (c->mode == CM_P2P)
#include "syshead.h"
-#ifdef ENABLE_OCC
-
#include "occ.h"
#include "forward.h"
#include "memdbg.h"
}
c->c2.buf.len = 0; /* don't pass packet on */
}
-
-#else /* ifdef ENABLE_OCC */
-static void
-dummy(void)
-{
-}
-#endif /* ifdef ENABLE_OCC */
#ifndef OCC_H
#define OCC_H
-#ifdef ENABLE_OCC
-
#include "forward.h"
/* OCC_STRING_SIZE must be set to sizeof (occ_magic) */
}
}
-#endif /* ifdef ENABLE_OCC */
#endif /* ifndef OCC_H */
struct event_timeout inactivity_interval;
int inactivity_bytes;
-#ifdef ENABLE_OCC
/* the option strings must match across peers */
char *options_string_local;
char *options_string_remote;
int occ_op; /* INIT to -1 */
int occ_n_tries;
struct event_timeout occ_interval;
-#endif
/*
* Keep track of maximum packet size received so far
int max_send_size_local; /* max packet size sent */
int max_send_size_remote; /* max packet size sent by remote */
-#ifdef ENABLE_OCC
+
/* remote wants us to send back a load test packet of this size */
int occ_mtu_load_size;
struct event_timeout occ_mtu_load_test_interval;
int occ_mtu_load_n_tries;
-#endif
/*
* TLS-mode crypto objects.
/* indicates that the do_up_delay function has run */
bool do_up_ran;
-#ifdef ENABLE_OCC
/* indicates that we have received a SIGTERM when
* options->explicit_exit_notification is enabled,
* but we have not exited yet */
time_t explicit_exit_notification_time_wait;
struct event_timeout explicit_exit_notification_interval;
-#endif
/* environmental variables to pass to scripts */
struct env_set *es;
" 'no' -- Never send DF (Don't Fragment) frames\n"
" 'maybe' -- Use per-route hints\n"
" 'yes' -- Always DF (Don't Fragment)\n"
-#ifdef ENABLE_OCC
"--mtu-test : Empirically measure and report MTU.\n"
-#endif
#ifdef ENABLE_FRAGMENT
"--fragment max : Enable internal datagram fragmentation so that no UDP\n"
" datagrams are sent which are larger than max bytes.\n"
"--status file n : Write operational status to file every n seconds.\n"
"--status-version [n] : Choose the status file format version number.\n"
" Currently, n can be 1, 2, or 3 (default=1).\n"
-#ifdef ENABLE_OCC
"--disable-occ : Disable options consistency check between peers.\n"
-#endif
#ifdef ENABLE_DEBUG
"--gremlin mask : Special stress testing mode (for debugging only).\n"
#endif
"--allow-recursive-routing : When this option is set, OpenVPN will not drop\n"
" incoming tun packets with same destination as host.\n"
#endif /* if P2MP */
-#ifdef ENABLE_OCC
"--explicit-exit-notify [n] : On exit/restart, send exit signal to\n"
" server/remote. n = # of retries, default=1.\n"
-#endif
"\n"
"Data Channel Encryption Options (must be compatible between peers):\n"
"(These options are meaningful for both Static Key & TLS-mode)\n"
o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
o->resolve_in_advance = false;
o->proto_force = -1;
-#ifdef ENABLE_OCC
o->occ = true;
-#endif
#ifdef ENABLE_MANAGEMENT
o->management_log_history_cache = 250;
o->management_echo_buffer_size = 100;
#endif
SHOW_INT(mssfix);
-#ifdef ENABLE_OCC
SHOW_INT(explicit_exit_notification);
-#endif
SHOW_STR_INLINE(tls_auth_file);
SHOW_PARM(key_direction, keydirection2ascii(o->key_direction, false, true),
#ifdef ENABLE_FEATURE_SHAPER
SHOW_INT(shaper);
#endif
-#ifdef ENABLE_OCC
SHOW_INT(mtu_test);
-#endif
SHOW_BOOL(mlock);
SHOW_INT(status_file_version);
SHOW_INT(status_file_update_freq);
-#ifdef ENABLE_OCC
SHOW_BOOL(occ);
-#endif
SHOW_INT(rcvbuf);
SHOW_INT(sndbuf);
#if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
msg(M_USAGE, "only one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT);
}
-#ifdef ENABLE_OCC
if (!proto_is_udp(ce->proto) && options->mtu_test)
{
msg(M_USAGE, "--mtu-test only makes sense with --proto udp");
}
-#endif
/* will we be pulling options from server? */
#if P2MP
}
#endif
-#ifdef ENABLE_OCC
if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification)
{
msg(M_USAGE, "--explicit-exit-notify can only be used with --proto udp");
}
-#endif
if (!ce->remote && ce->proto == PROTO_TCP_CLIENT)
{
}
#endif /* if P2MP */
-
-#ifdef ENABLE_OCC
-
/**
* Calculate the link-mtu to advertise to our peer. The actual value is not
* relevant, because we will possibly perform data channel cipher negotiation
}
return link_mtu;
}
-
/*
* Build an options string to represent data channel encryption options.
* This string must match exactly between peers. The keysize is checked
return BSTR(&out);
}
-#endif /* ENABLE_OCC */
-
char *
options_string_extract_option(const char *options_string,const char *opt_name,
struct gc_arena *gc)
VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION);
options->ce.mtu_discover_type = translate_mtu_discover_type_name(p[1]);
}
-#ifdef ENABLE_OCC
else if (streq(p[0], "mtu-test") && !p[1])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
options->mtu_test = true;
}
-#endif
else if (streq(p[0], "nice") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_NICE);
VERIFY_PERMISSION(OPT_P_TIMER);
options->ping_timer_remote = true;
}
-#ifdef ENABLE_OCC
else if (streq(p[0], "explicit-exit-notify") && !p[2])
{
VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION|OPT_P_EXPLICIT_NOTIFY);
options->ce.explicit_exit_notification = 1;
}
}
-#endif
else if (streq(p[0], "persist-tun") && !p[1])
{
VERIFY_PERMISSION(OPT_P_PERSIST);
}
}
-#ifdef ENABLE_OCC
else if (streq(p[0], "disable-occ") && !p[1])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
options->occ = false;
}
-#endif
#if P2MP
else if (streq(p[0], "server") && p[1] && p[2] && !p[4])
{
int proto_force;
-#ifdef ENABLE_OCC
bool mtu_test;
-#endif
#ifdef ENABLE_MEMSTATS
char *memstats_fn;
bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
struct client_nat_option_list *client_nat;
-#ifdef ENABLE_OCC
/* Enable options consistency check between peers */
bool occ;
-#endif
#ifdef ENABLE_MANAGEMENT
const char *management_addr;
bool string_defined_equal(const char *s1, const char *s2);
-#ifdef ENABLE_OCC
-
const char *options_string_version(const char *s, struct gc_arena *gc);
char *options_string(const struct options *o,
void options_warning(char *actual, const char *expected);
-#endif
-
/**
* Given an OpenVPN options string, extract the value of an option.
*
gc_free(&gc);
}
-#ifdef ENABLE_OCC
/*
* Handle the triggering and time-wait of explicit
* exit notification.
}
}
}
-#endif /* ifdef ENABLE_OCC */
/*
* Process signals
process_sigterm(struct context *c)
{
bool ret = true;
-#ifdef ENABLE_OCC
if (c->options.ce.explicit_exit_notification
&& !c->c2.explicit_exit_notification_time_wait)
{
process_explicit_exit_notification_init(c);
ret = false;
}
-#endif
return ret;
}
ignore_restart_signals(struct context *c)
{
bool ret = false;
-#ifdef ENABLE_OCC
if ( (c->sig->signal_received == SIGUSR1 || c->sig->signal_received == SIGHUP)
&& event_timeout_defined(&c->c2.explicit_exit_notification_interval) )
{
ret = false;
}
}
-#endif
return ret;
}
void register_signal(struct context *c, int sig, const char *text);
-#ifdef ENABLE_OCC
void process_explicit_exit_notification_timer_wakeup(struct context *c);
-#endif
-
#ifdef _WIN32
static inline void
#include "memdbg.h"
-#ifndef ENABLE_OCC
-static const char ssl_default_options_string[] = "V0 UNDEF";
-#endif
-
-
-static inline const char *
-local_options_string(const struct tls_session *session)
-{
-#ifdef ENABLE_OCC
- return session->opt->local_options;
-#else
- return ssl_default_options_string;
-#endif
-}
-
#ifdef MEASURE_TLS_HANDSHAKE_STATS
static int tls_handshake_success; /* GLOBAL */
const char *local,
const char *remote)
{
-#ifdef ENABLE_OCC
/* initialize options string */
multi->opt.local_options = local;
multi->opt.remote_options = remote;
-#endif
}
/*
/* write options string */
{
- if (!write_string(buf, local_options_string(session), TLS_OPTIONS_LEN))
+ if (!write_string(buf, session->opt->local_options, TLS_OPTIONS_LEN))
{
goto error;
}
verify_final_auth_checks(multi, session);
}
-#ifdef ENABLE_OCC
/* check options consistency */
if (!session->opt->disable_occ
&& !options_cmp_equal(options, session->opt->remote_options))
ks->authenticated = KS_AUTH_FALSE;
}
}
-#endif
buf_clear(buf);
/* if true, don't xmit until first packet from peer is received */
bool xmit_hold;
-#ifdef ENABLE_OCC
/* local and remote options strings
* that must match between client and server */
const char *local_options;
const char *remote_options;
-#endif
/* from command line */
bool replay;
bool single_session;
-#ifdef ENABLE_OCC
bool disable_occ;
-#endif
int mode;
bool pull;
int push_peer_info_detail;
#define UNIX_SOCK_SUPPORT 0
#endif
-/*
- * Should we include OCC (options consistency check) code?
- */
-#define ENABLE_OCC
-
/*
* Should we include NTLM proxy functionality
*/
projects / thirdparty / openvpn.git / commitdiff
