AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-04-20 05:49:26 +03:00
Code Releases Activity

v4.13-9522-beta

Browse Source
This commit is contained in:
dnobori
2015-01-30 22:30:34 +09:00
parent 75f9836ce5
commit 06a72040a3
337 changed files with 1411 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Cedar/Admin.c
+41
View File
@@ -10400,6 +10400,8 @@ void SiEnumLocalLogFileList(SERVER *s, char *hubname, RPC_ENUM_LOG_FILE *t)
void SiEnumLocalSession(SERVER *s, char *hubname, RPC_ENUM_SESSION *t)
{
HUB *h;
UINT64 now = Tick64();
UINT64 dormant_interval = 0;
// Validate arguments
if (s == NULL || hubname == NULL || t == NULL)
{
@@ -10417,6 +10419,11 @@ void SiEnumLocalSession(SERVER *s, char *hubname, RPC_ENUM_SESSION *t)
return;
}
if (h->Option != NULL)
{
dormant_interval = h->Option->DetectDormantSessionInterval * (UINT64)1000;
}
LockList(h->SessionList);
{
UINT i;
@@ -10453,8 +10460,36 @@ void SiEnumLocalSession(SERVER *s, char *hubname, RPC_ENUM_SESSION *t)
e->Client_BridgeMode = s->IsBridgeMode;
e->Client_MonitorMode = s->IsMonitorMode;
Copy(e->UniqueId, s->NodeInfo.UniqueId, 16);
if (s->NormalClient)
{
e->IsDormantEnabled = (dormant_interval == 0 ? false : true);
if (e->IsDormantEnabled)
{
if (s->LastCommTimeForDormant == 0)
{
e->LastCommDormant = (UINT64)0x7FFFFFFF;
}
else
{
e->LastCommDormant = now - s->LastCommTimeForDormant;
}
if (s->LastCommTimeForDormant == 0)
{
e->IsDormant = true;
}
else
{
if ((s->LastCommTimeForDormant + dormant_interval) < now)
{
e->IsDormant = true;
}
}
}
}
}
Unlock(s->lock);
GetMachineName(e->RemoteHostname, sizeof(e->RemoteHostname));
}
}
@@ -12744,6 +12779,9 @@ void InRpcEnumSession(RPC_ENUM_SESSION *t, PACK *p)
PackGetStrEx(p, "RemoteHostname", e->RemoteHostname, sizeof(e->RemoteHostname), i);
e->VLanId = PackGetIntEx(p, "VLanId", i);
PackGetDataEx2(p, "UniqueId", e->UniqueId, sizeof(e->UniqueId), i);
e->IsDormantEnabled = PackGetBoolEx(p, "IsDormantEnabled", i);
e->IsDormant = PackGetBoolEx(p, "IsDormant", i);
e->LastCommDormant = PackGetInt64Ex(p, "LastCommDormant", i);
}
}
void OutRpcEnumSession(PACK *p, RPC_ENUM_SESSION *t)
@@ -12778,6 +12816,9 @@ void OutRpcEnumSession(PACK *p, RPC_ENUM_SESSION *t)
PackAddBoolEx(p, "Client_MonitorMode", e->Client_MonitorMode, i, t->NumSession);
PackAddIntEx(p, "VLanId", e->VLanId, i, t->NumSession);
PackAddDataEx(p, "UniqueId", e->UniqueId, sizeof(e->UniqueId), i, t->NumSession);
PackAddBoolEx(p, "IsDormantEnabled", e->IsDormantEnabled, i, t->NumSession);
PackAddBoolEx(p, "IsDormant", e->IsDormant, i, t->NumSession);
PackAddInt64Ex(p, "LastCommDormant", e->LastCommDormant, i, t->NumSession);
}
}
void FreeRpcEnumSession(RPC_ENUM_SESSION *t)
src/Cedar/Admin.h
+3
View File
@@ -672,6 +672,9 @@ struct RPC_ENUM_SESSION_ITEM
bool Client_MonitorMode; // Client is monitoring mode
UINT VLanId; // VLAN ID
UCHAR UniqueId[16]; // Unique ID
bool IsDormantEnabled; // Is the dormant state enabled
bool IsDormant; // Is in the dormant state
UINT64 LastCommDormant; // Last comm interval in the dormant state
};
// Disconnect the session
src/Cedar/BridgeUnix.c
+26 -2
View File
@@ -159,14 +159,22 @@ struct my_tpacket_auxdata
#define MY_PACKET_AUXDATA 8
#endif // UNIX_LINUX
static LIST *eth_offload_list = NULL;
// Initialize
void InitEth()
{
eth_offload_list = NewList(NULL);
}
// Free
void FreeEth()
{
if (eth_offload_list != NULL)
{
FreeStrList(eth_offload_list);
eth_offload_list = NULL;
}
}
// Check whether interface description string of Ethernet device can be retrieved in this system
@@ -683,8 +691,24 @@ ETH *OpenEthLinux(char *name, bool local, bool tapmode, char *tapaddr)
{
if (GetGlobalServerFlag(GSF_LOCALBRIDGE_NO_DISABLE_OFFLOAD) == false)
{
// Disable hardware offloading
UnixDisableInterfaceOffload(name);
bool b = false;
LockList(eth_offload_list);
{
if (IsInListStr(eth_offload_list, name) == false)
{
b = true;
Add(eth_offload_list, CopyStr(name));
}
}
UnlockList(eth_offload_list);
if (b)
{
// Disable hardware offloading
UnixDisableInterfaceOffload(name);
}
}
}
src/Cedar/Cedar.c
+3 -1
View File
@@ -237,7 +237,7 @@ bool IsSupportedWinVer(RPC_WINVER *v)
#if 0
// Enable in future when supported
if (v->VerMajor == 6 && v->VerMinor == 4)
if ((v->VerMajor == 6 && v->VerMinor == 4) ||(v->VerMajor == 10 && v->VerMinor == 0))
{
// Windows 10, Server 10
if (v->ServicePack <= 0)
@@ -908,6 +908,8 @@ void AddConnection(CEDAR *cedar, CONNECTION *c)
// Determine the name of the connection
i = Inc(cedar->ConnectionIncrement);
Format(tmp, sizeof(tmp), "CID-%u", i);
Lock(c->lock);
{
Free(c->Name);
src/Cedar/Cedar.h
+8 -8
View File
@@ -135,10 +135,10 @@
// Version number
#define CEDAR_VER 412
#define CEDAR_VER 413
// Build Number
#define CEDAR_BUILD 9514
#define CEDAR_BUILD 9522
// Beta number
//#define BETA_NUMBER 3
@@ -153,15 +153,15 @@
// Specify the location to build
#ifndef BUILD_PLACE
#define BUILD_PLACE "pc25"
#define BUILD_PLACE "pc30"
#endif // BUILD_PLACE
// Specifies the build date
#define BUILD_DATE_Y 2014
#define BUILD_DATE_M 11
#define BUILD_DATE_D 17
#define BUILD_DATE_HO 21
#define BUILD_DATE_MI 41
#define BUILD_DATE_Y 2015
#define BUILD_DATE_M 1
#define BUILD_DATE_D 30
#define BUILD_DATE_HO 19
#define BUILD_DATE_MI 27
#define BUILD_DATE_SE 16
// Tolerable time difference
src/Cedar/Client.c
+2 -2
View File
@@ -10462,7 +10462,7 @@ void CiWriteSettingToCfg(CLIENT *c, FOLDER *root)
}
// Create the inner VPN Server
SERVER *CiNewInnerVPNServer(CLIENT *c)
SERVER *CiNewInnerVPNServer(CLIENT *c, bool relay_server)
{
SERVER *s = NULL;
// Validate arguments
@@ -10473,7 +10473,7 @@ SERVER *CiNewInnerVPNServer(CLIENT *c)
SetNatTLowPriority();
s = SiNewServerEx(false, true);
s = SiNewServerEx(false, true, relay_server);
return s;
}
src/Cedar/Client.h
+1 -1
View File
@@ -797,7 +797,7 @@ bool CiEraseSensitiveInAccount(BUF *b);
bool CiHasAccountSensitiveInformation(BUF *b);
bool CiHasAccountSensitiveInformationFile(wchar_t *name);
void CiApplyInnerVPNServerConfig(CLIENT *c);
SERVER *CiNewInnerVPNServer(CLIENT *c);
SERVER *CiNewInnerVPNServer(CLIENT *c, bool relay_server);
void CiFreeInnerVPNServer(CLIENT *c, SERVER *s);
void CiIncrementNumActiveSessions();
void CiDecrementNumActiveSessions();
src/Cedar/DDNS.c
+33 -9
View File
@@ -518,7 +518,7 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
UCHAR machine_key[SHA1_SIZE];
char machine_key_str[MAX_SIZE];
char machine_name[MAX_SIZE];
BUF *cert_hash;
BUF *cert_hash = NULL;
UINT err = ERR_INTERNAL_ERROR;
UCHAR key_hash[SHA1_SIZE];
char key_hash_str[MAX_SIZE];
@@ -528,12 +528,18 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
UINT build = 0;
bool use_https = false;
bool use_vgs = false;
bool no_cert_verify = false;
char add_header_name[64];
char add_header_value[64];
// Validate arguments
if (c == NULL)
{
return ERR_INTERNAL_ERROR;
}
Zero(add_header_name, sizeof(add_header_name));
Zero(add_header_value, sizeof(add_header_value));
Zero(current_azure_ip, sizeof(current_azure_ip));
GetCurrentMachineIpProcessHash(machine_key);
@@ -642,8 +648,6 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
cert_hash = StrToBin(DDNS_CERT_HASH);
Format(url2, sizeof(url2), "%s?v=%I64u", url, Rand64());
Format(url3, sizeof(url3), url2, key_hash_str[2], key_hash_str[3]);
@@ -654,10 +658,23 @@ UINT DCRegister(DDNS_CLIENT *c, bool ipv6, DDNS_REGISTER_PARAM *p, char *replace
ReplaceStr(url3, sizeof(url3), url3, ".servers", ".open.servers");
Debug("WpcCall: %s\n", url3);
ret = WpcCallEx(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req,
NULL, NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL), NULL, DDNS_RPC_MAX_RECV_SIZE);
Debug("WpcCall Ret: %u\n", ret);
if (no_cert_verify == false)
{
cert_hash = StrToBin(DDNS_CERT_HASH);
}
ret = NULL;
if (ret == NULL)
{
Debug("WpcCall: %s\n", url3);
ret = WpcCallEx(url3, &t, DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, "register", req,
NULL, NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL), NULL, DDNS_RPC_MAX_RECV_SIZE,
add_header_name, add_header_value);
Debug("WpcCall Ret: %u\n", ret);
}
FreeBuf(cert_hash);
@@ -806,7 +823,8 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use
UINT ret = ERR_INTERNAL_ERROR;
URL_DATA data;
BUF *recv;
BUF *cert_hash;
BUF *cert_hash = NULL;
bool no_cert_verify = false;
// Validate arguments
if (dst == NULL || c == NULL)
{
@@ -844,12 +862,17 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use
ReplaceStr(url2, sizeof(url2), url2, "http://", "https://");
}
if (ParseUrl(&data, url2, false, NULL) == false)
{
return ERR_INTERNAL_ERROR;
}
cert_hash = StrToBin(DDNS_CERT_HASH);
if (no_cert_verify == false)
{
cert_hash = StrToBin(DDNS_CERT_HASH);
}
recv = HttpRequest(&data, (ipv6 ? NULL : &c->InternetSetting), DDNS_CONNECT_TIMEOUT, DDNS_COMM_TIMEOUT, &ret, false, NULL, NULL,
NULL, ((cert_hash != NULL && cert_hash->Size == SHA1_SIZE) ? cert_hash->Buf : NULL));
@@ -904,6 +927,7 @@ UINT DCGetMyIpMain(DDNS_CLIENT *c, bool ipv6, char *dst, UINT dst_size, bool use
return ret;
}
// Creating a DDNS client
DDNS_CLIENT *NewDDNSClient(CEDAR *cedar, UCHAR *key, INTERNET_SETTING *t)
{
src/Cedar/DDNS.h
+2
View File
@@ -236,6 +236,8 @@ UINT DCChangeHostName(DDNS_CLIENT *c, char *hostname);
void DCSetInternetSetting(DDNS_CLIENT *c, INTERNET_SETTING *t);
void DCGetInternetSetting(DDNS_CLIENT *c, INTERNET_SETTING *t);
#endif // DDNS_H
src/Cedar/Hub.c
+36
View File
@@ -598,6 +598,8 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
GetHubAdminOptionDataAndSet(ao, "SuppressClientUpdateNotification", &o->SuppressClientUpdateNotification);
GetHubAdminOptionDataAndSet(ao, "FloodingSendQueueBufferQuota", &o->FloodingSendQueueBufferQuota);
GetHubAdminOptionDataAndSet(ao, "AssignVLanIdByRadiusAttribute", &o->AssignVLanIdByRadiusAttribute);
GetHubAdminOptionDataAndSet(ao, "SecureNAT_RandomizeAssignIp", &o->SecureNAT_RandomizeAssignIp);
GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", &o->DetectDormantSessionInterval);
}
// Convert the contents of the HUB_OPTION to data
@@ -664,6 +666,8 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
Add(aol, NewAdminOption("SuppressClientUpdateNotification", o->SuppressClientUpdateNotification));
Add(aol, NewAdminOption("FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota));
Add(aol, NewAdminOption("AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute));
Add(aol, NewAdminOption("SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp));
Add(aol, NewAdminOption("DetectDormantSessionInterval", o->DetectDormantSessionInterval));
Zero(ao, sizeof(RPC_ADMIN_OPTION));
@@ -3973,6 +3977,7 @@ void StorePacket(HUB *hub, SESSION *s, PKT *packet)
bool drop_broadcast_packet_privacy = false;
bool drop_arp_packet_privacy = false;
UINT tcp_queue_quota = 0;
UINT64 dormant_interval = 0;
// Validate arguments
if (hub == NULL || packet == NULL)
{
@@ -3996,6 +4001,24 @@ void StorePacket(HUB *hub, SESSION *s, PKT *packet)
drop_broadcast_packet_privacy = hub->Option->DropBroadcastsInPrivacyFilterMode;
drop_arp_packet_privacy = hub->Option->DropArpInPrivacyFilterMode;
tcp_queue_quota = hub->Option->FloodingSendQueueBufferQuota;
if (hub->Option->DetectDormantSessionInterval != 0)
{
dormant_interval = (UINT64)hub->Option->DetectDormantSessionInterval * (UINT64)1000;
}
}
if (dormant_interval != 0)
{
if (s != NULL && s->NormalClient)
{
if (packet->MacAddressSrc != NULL)
{
if (IsHubMacAddress(packet->MacAddressSrc) == false)
{
s->LastCommTimeForDormant = now;
}
}
}
}
// Lock the entire MAC address table
@@ -4944,6 +4967,19 @@ DISCARD_UNICAST_PACKET:
discard = true;
}
if (dest_session->NormalClient)
{
if (dormant_interval != 0)
{
if (dest_session->LastCommTimeForDormant == 0 ||
(dest_session->LastCommTimeForDormant + dormant_interval) < now)
{
// This is dormant session
discard = true;
}
}
}
if (tcp_queue_quota != 0)
{
current_tcp_queue_size = CedarGetCurrentTcpQueueSize(hub->Cedar);
src/Cedar/Hub.h
+4
View File
@@ -276,6 +276,8 @@ struct HUB_OPTION
bool SuppressClientUpdateNotification; // Suppress the update notification function on the VPN Client
UINT FloodingSendQueueBufferQuota; // The global quota of send queues of flooding packets
bool AssignVLanIdByRadiusAttribute; // Assign the VLAN ID for the VPN session, by the attribute value of RADIUS
bool SecureNAT_RandomizeAssignIp; // Randomize the assignment IP address for new DHCP client
UINT DetectDormantSessionInterval; // Interval (seconds) threshold to detect a dormant VPN session
};
// MAC table entry
@@ -487,8 +489,10 @@ struct HUB
wchar_t *Msg; // Message to be displayed when the client is connected
LIST *UserList; // Cache of the user list file
bool IsVgsHub; // Whether it's a VGS Virtual HUB
bool IsVgsSuperRelayHub; // Whether it's a VGS Super Relay Virtual HUB
UINT64 LastFlushTick; // Last tick to flush the MAC address table
bool StopAllLinkFlag; // Stop all link flag
bool ForceDisableComm; // Disable the communication function
};
src/Cedar/IPsec.c
+6 -4
View File
@@ -392,12 +392,14 @@ void IPsecServerUdpPacketRecvProc(UDPLISTENER *u, LIST *packet_list)
if (ipsec_disable == false)
{
// Process the received packet
for (i = 0;i < LIST_NUM(packet_list);i++)
{
UDPPACKET *p = LIST_DATA(packet_list, i);
// Process the received packet
for (i = 0;i < LIST_NUM(packet_list);i++)
{
UDPPACKET *p = LIST_DATA(packet_list, i);
IPsecProcPacket(s, p);
IPsecProcPacket(s, p);
}
}
}
src/Cedar/IPsec_L2TP.c
+119 -86
View File
@@ -1312,6 +1312,11 @@ L2TP_SESSION *NewL2TPSession(L2TP_SERVER *l2tp, L2TP_TUNNEL *t, UINT session_id_
return NULL;
}
if (LIST_NUM(t->SessionList) >= L2TP_QUOTA_MAX_NUM_SESSIONS_PER_TUNNEL)
{
return NULL;
}
if (t->IsV3 == false)
{
session_id_by_server = GenerateNewSessionIdEx(t, t->IsV3);
@@ -1481,6 +1486,31 @@ L2TP_SESSION *GetSessionFromIdAssignedByClient(L2TP_TUNNEL *t, UINT session_id)
return NULL;
}
// Get the number of L2TP sessions connected from the client IP address
UINT GetNumL2TPTunnelsByClientIP(L2TP_SERVER *l2tp, IP *client_ip)
{
UINT i, ret;
// Validate arguments
if (l2tp == NULL || client_ip == NULL)
{
return 0;
}
ret = 0;
for (i = 0;i < LIST_NUM(l2tp->TunnelList);i++)
{
L2TP_TUNNEL *t = LIST_DATA(l2tp->TunnelList, i);
if (CmpIpAddr(&t->ClientIp, client_ip) == 0)
{
ret++;
}
}
return ret;
}
// Performs processing L2TP received packets.
void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p)
{
@@ -1509,106 +1539,109 @@ void ProcL2TPPacketRecv(L2TP_SERVER *l2tp, UDPPACKET *p)
UINT client_assigned_id = (pp->Ver == 3 ? READ_UINT(a->Data) : READ_USHORT(a->Data));
if (GetTunnelFromIdOfAssignedByClient(l2tp, &p->SrcIP, client_assigned_id) == NULL)
{
char ipstr[MAX_SIZE];
L2TP_PACKET *pp2;
UCHAR protocol_version[2];
UCHAR caps_data[4];
USHORT us;
char hostname[MAX_SIZE];
// Begin Tunneling
L2TP_TUNNEL *t = NewL2TPTunnel(l2tp, pp, p);
if (t != NULL)
if (LIST_NUM(l2tp->TunnelList) < L2TP_QUOTA_MAX_NUM_TUNNELS && GetNumL2TPTunnelsByClientIP(l2tp, &p->SrcIP) >= L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP)
{
IPToStr(ipstr, sizeof(ipstr), &t->ClientIp);
Debug("L2TP New Tunnel From %s (%s, %s): New Tunnel ID = %u/%u\n", ipstr, t->HostName, t->VendorName,
t->TunnelId1, t->TunnelId2);
char ipstr[MAX_SIZE];
L2TP_PACKET *pp2;
UCHAR protocol_version[2];
UCHAR caps_data[4];
USHORT us;
char hostname[MAX_SIZE];
// Add the tunnel to the list
Add(l2tp->TunnelList, t);
// Begin Tunneling
L2TP_TUNNEL *t = NewL2TPTunnel(l2tp, pp, p);
// Respond with SCCEP to SCCRQ
pp2 = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_SCCRP, t->IsV3);
// Protocol Version
protocol_version[0] = 1;
protocol_version[1] = 0;
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_PROTOCOL_VERSION, true, 0, protocol_version, sizeof(protocol_version)));
// Framing Capabilities
Zero(caps_data, sizeof(caps_data));
if (t->IsV3 == false)
if (t != NULL)
{
caps_data[3] = 3;
}
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_FRAME_CAP, false, 0, caps_data, sizeof(caps_data)));
IPToStr(ipstr, sizeof(ipstr), &t->ClientIp);
Debug("L2TP New Tunnel From %s (%s, %s): New Tunnel ID = %u/%u\n", ipstr, t->HostName, t->VendorName,
t->TunnelId1, t->TunnelId2);
if (t->IsV3 == false)
{
// Bearer Capabilities
// Add the tunnel to the list
Add(l2tp->TunnelList, t);
// Respond with SCCEP to SCCRQ
pp2 = NewL2TPControlPacket(L2TP_MESSAGE_TYPE_SCCRP, t->IsV3);
// Protocol Version
protocol_version[0] = 1;
protocol_version[1] = 0;
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_PROTOCOL_VERSION, true, 0, protocol_version, sizeof(protocol_version)));
// Framing Capabilities
Zero(caps_data, sizeof(caps_data));
caps_data[3] = 3;
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_BEARER_CAP, false, 0, caps_data, sizeof(caps_data)));
}
if (t->IsV3 == false)
{
caps_data[3] = 3;
}
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_FRAME_CAP, false, 0, caps_data, sizeof(caps_data)));
// Host Name
GetMachineHostName(hostname, sizeof(hostname));
if (IsEmptyStr(hostname))
{
StrCpy(hostname, sizeof(hostname), "vpn");
}
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_HOST_NAME, true, 0, hostname, StrLen(hostname)));
if (t->IsV3 == false)
{
// Bearer Capabilities
Zero(caps_data, sizeof(caps_data));
caps_data[3] = 3;
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_BEARER_CAP, false, 0, caps_data, sizeof(caps_data)));
}
// Vendor Name
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_VENDOR_NAME, false, 0, L2TP_VENDOR_NAME, StrLen(L2TP_VENDOR_NAME)));
// Host Name
GetMachineHostName(hostname, sizeof(hostname));
if (IsEmptyStr(hostname))
{
StrCpy(hostname, sizeof(hostname), "vpn");
}
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_HOST_NAME, true, 0, hostname, StrLen(hostname)));
// Assigned Tunnel ID
if (t->IsV3 == false)
{
us = Endian16(t->TunnelId2);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_TUNNEL, true, 0, &us, sizeof(USHORT)));
}
else
{
UINT ui = Endian32(t->TunnelId2);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_TUNNEL_ID, true, 0, &ui, sizeof(UINT)));
// Vendor Name
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_VENDOR_NAME, false, 0, L2TP_VENDOR_NAME, StrLen(L2TP_VENDOR_NAME)));
// Assigned Tunnel ID
if (t->IsV3 == false)
{
us = Endian16(t->TunnelId2);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_ASSIGNED_TUNNEL, true, 0, &us, sizeof(USHORT)));
}
else
{
UINT ui = Endian32(t->TunnelId2);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_TUNNEL_ID, true, 0, &ui, sizeof(UINT)));
if (t->IsCiscoV3)
{
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_TUNNEL_ID, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
}
}
// Pseudowire Capabilities List
if (t->IsV3)
{
// Only Ethernet
USHORT cap_list[2];
cap_list[0] = Endian16(L2TPV3_PW_TYPE_ETHERNET);
cap_list[1] = Endian16(L2TPV3_PW_TYPE_ETHERNET_VLAN);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_PW_CAP_LIST, true, 0, cap_list, sizeof(cap_list)));
if (t->IsCiscoV3)
{
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_PW_CAP_LIST, true, L2TP_AVP_VENDOR_ID_CISCO, cap_list, sizeof(cap_list)));
}
}
// Cisco AVP
if (t->IsCiscoV3)
{
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_TUNNEL_ID, true, L2TP_AVP_VENDOR_ID_CISCO, &ui, sizeof(UINT)));
USHORT us = Endian16(1);
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_DRAFT_AVP_VERSION, true, L2TP_AVP_VENDOR_ID_CISCO, &us, sizeof(USHORT)));
}
// Recv Window Size
us = Endian16(L2TP_WINDOW_SIZE);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_RECV_WINDOW_SIZE, false, 0, &us, sizeof(USHORT)));
SendL2TPControlPacket(l2tp, t, 0, pp2);
FreeL2TPPacket(pp2);
}
// Pseudowire Capabilities List
if (t->IsV3)
{
// Only Ethernet
USHORT cap_list[2];
cap_list[0] = Endian16(L2TPV3_PW_TYPE_ETHERNET);
cap_list[1] = Endian16(L2TPV3_PW_TYPE_ETHERNET_VLAN);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_V3_PW_CAP_LIST, true, 0, cap_list, sizeof(cap_list)));
if (t->IsCiscoV3)
{
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_PW_CAP_LIST, true, L2TP_AVP_VENDOR_ID_CISCO, cap_list, sizeof(cap_list)));
}
}
// Cisco AVP
if (t->IsCiscoV3)
{
USHORT us = Endian16(1);
Add(pp2->AvpList, NewAVP(L2TPV3_CISCO_AVP_DRAFT_AVP_VERSION, true, L2TP_AVP_VENDOR_ID_CISCO, &us, sizeof(USHORT)));
}
// Recv Window Size
us = Endian16(L2TP_WINDOW_SIZE);
Add(pp2->AvpList, NewAVP(L2TP_AVP_TYPE_RECV_WINDOW_SIZE, false, 0, &us, sizeof(USHORT)));
SendL2TPControlPacket(l2tp, t, 0, pp2);
FreeL2TPPacket(pp2);
}
}
}
src/Cedar/IPsec_L2TP.h
+6
View File
@@ -148,6 +148,11 @@
// Threshold number of registered items in the transmission queue for suppressing the L2TP Hello transmission
#define L2TP_HELLO_SUPRESS_MAX_THRETHORD_NUM_SEND_QUEUE 32
// Quota
#define L2TP_QUOTA_MAX_NUM_TUNNELS_PER_IP 1000 // Number of L2TP sessions per IP address
#define L2TP_QUOTA_MAX_NUM_TUNNELS 30000 // Limit of the number of sessions
#define L2TP_QUOTA_MAX_NUM_SESSIONS_PER_TUNNEL 1024 // Max sessions in a tunnel
// L2TP window size
#define L2TP_WINDOW_SIZE 16
@@ -328,6 +333,7 @@ struct L2TP_SERVER
//// Function prototype
L2TP_SERVER *NewL2TPServer(CEDAR *cedar);
L2TP_SERVER *NewL2TPServerEx(CEDAR *cedar, IKE_SERVER *ike, bool is_ipv6, UINT crypt_block_size);
UINT GetNumL2TPTunnelsByClientIP(L2TP_SERVER *l2tp, IP *client_ip);
void SetL2TPServerSockEvent(L2TP_SERVER *l2tp, SOCK_EVENT *e);
void FreeL2TPServer(L2TP_SERVER *l2tp);
void StopL2TPServer(L2TP_SERVER *l2tp, bool no_wait);
src/Cedar/Interop_SSTP.c
+1
View File
@@ -118,6 +118,7 @@ static bool g_no_sstp = false;
// Get the SSTP disabling flag
bool GetNoSstp()
{
return g_no_sstp;
}
src/Cedar/Protocol.c
+19 -2
View File
@@ -1596,6 +1596,16 @@ bool ServerAccept(CONNECTION *c)
goto CLEANUP;
}
if (hub->ForceDisableComm)
{
// Commnunication function is disabled
FreePack(p);
c->Err = ERR_SERVER_CANT_ACCEPT;
error_detail = "ERR_COMM_DISABLED";
ReleaseHub(hub);
goto CLEANUP;
}
if (GetGlobalServerFlag(GSF_DISABLE_AC) == 0)
{
if (hub->HubDb != NULL && c->FirstSock != NULL)
@@ -2974,8 +2984,11 @@ bool ServerAccept(CONNECTION *c)
if (s->UseUdpAcceleration)
{
bool no_nat_t = false;
// Initialize the UDP acceleration function
s->UdpAccel = NewUdpAccel(c->Cedar, (c->FirstSock->IsRUDPSocket ? NULL : &c->FirstSock->LocalIP), false, c->FirstSock->IsRUDPSocket, false);
s->UdpAccel = NewUdpAccel(c->Cedar, (c->FirstSock->IsRUDPSocket ? NULL : &c->FirstSock->LocalIP), false, c->FirstSock->IsRUDPSocket, no_nat_t);
if (s->UdpAccel == NULL)
{
s->UseUdpAcceleration = false;
@@ -6039,6 +6052,8 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
while (true)
{
bool not_found_error = false;
num++;
if (num > max)
{
@@ -6082,6 +6097,8 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
}
// Interpret
if (StrCmpi(h->Method, "POST") == 0)
{
@@ -6107,7 +6124,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
return false;
}
// Check the Target
if (StrCmpi(h->Target, vpn_http_target) != 0)
if ((StrCmpi(h->Target, vpn_http_target) != 0) || not_found_error)
{
// Target is invalid
HttpSendNotFound(s, h->Target);
src/Cedar/SM.c
+5
View File
@@ -9629,6 +9629,11 @@ void SmSessionDlgRefresh(HWND hWnd, SM_HUB *s)
}
}
if (e->IsDormantEnabled && e->IsDormant)
{
icon = ICO_TRAY0;
}
LvInsertAdd(b, icon, (void *)(e->RemoteSession), 8, tmp1, tmp8, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7);
if (free_tmp2)
src/Cedar/Server.c
+11 -2
View File
@@ -117,6 +117,7 @@ static SERVER *server = NULL;
static LOCK *server_lock = NULL;
char *SERVER_CONFIG_FILE_NAME = "@vpn_server.config";
char *SERVER_CONFIG_FILE_NAME_IN_CLIENT = "@vpn_gate_svc.config";
char *SERVER_CONFIG_FILE_NAME_IN_CLIENT_RELAY = "@vpn_gate_relay.config";
char *BRIDGE_CONFIG_FILE_NAME = "@vpn_bridge.config";
char *SERVER_CONFIG_TEMPLATE_NAME = "@vpn_server_template.config";
char *BRIDGE_CONFIG_TEMPLATE_NAME = "@vpn_server_template.config";
@@ -4102,6 +4103,8 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
o->DisableCorrectIpOffloadChecksum = CfgGetBool(f, "DisableCorrectIpOffloadChecksum");
o->SuppressClientUpdateNotification = CfgGetBool(f, "SuppressClientUpdateNotification");
o->AssignVLanIdByRadiusAttribute = CfgGetBool(f, "AssignVLanIdByRadiusAttribute");
o->SecureNAT_RandomizeAssignIp = CfgGetBool(f, "SecureNAT_RandomizeAssignIp");
o->DetectDormantSessionInterval = CfgGetInt(f, "DetectDormantSessionInterval");
// Enabled by default
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@@ -4178,6 +4181,8 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
CfgAddBool(f, "DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode);
CfgAddBool(f, "SuppressClientUpdateNotification", o->SuppressClientUpdateNotification);
CfgAddBool(f, "AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute);
CfgAddBool(f, "SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp);
CfgAddInt(f, "DetectDormantSessionInterval", o->DetectDormantSessionInterval);
CfgAddBool(f, "NoLookBPDUBridgeId", o->NoLookBPDUBridgeId);
CfgAddInt(f, "AdjustTcpMssValue", o->AdjustTcpMssValue);
CfgAddBool(f, "DisableAdjustTcpMss", o->DisableAdjustTcpMss);
@@ -7479,6 +7484,8 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
o.DropArpInPrivacyFilterMode = PackGetBool(p, "DropArpInPrivacyFilterMode");
o.SuppressClientUpdateNotification = PackGetBool(p, "SuppressClientUpdateNotification");
o.AssignVLanIdByRadiusAttribute = PackGetBool(p, "AssignVLanIdByRadiusAttribute");
o.SecureNAT_RandomizeAssignIp = PackGetBool(p, "SecureNAT_RandomizeAssignIp");
o.DetectDormantSessionInterval = PackGetInt(p, "DetectDormantSessionInterval");
o.VlanTypeId = PackGetInt(p, "VlanTypeId");
if (o.VlanTypeId == 0)
{
@@ -9320,6 +9327,8 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
PackAddBool(p, "SuppressClientUpdateNotification", h->Option->SuppressClientUpdateNotification);
PackAddBool(p, "AssignVLanIdByRadiusAttribute", h->Option->AssignVLanIdByRadiusAttribute);
PackAddInt(p, "ClientMinimumRequiredBuild", h->Option->ClientMinimumRequiredBuild);
PackAddBool(p, "SecureNAT_RandomizeAssignIp", h->Option->SecureNAT_RandomizeAssignIp);
PackAddInt(p, "DetectDormantSessionInterval", h->Option->DetectDormantSessionInterval);
PackAddBool(p, "FixForDLinkBPDU", h->Option->FixForDLinkBPDU);
PackAddBool(p, "BroadcastLimiterStrictMode", h->Option->BroadcastLimiterStrictMode);
PackAddBool(p, "NoLookBPDUBridgeId", h->Option->NoLookBPDUBridgeId);
@@ -10851,9 +10860,9 @@ void SiUpdateCurrentRegion(CEDAR *c, char *region, bool force_update)
// Create a server
SERVER *SiNewServer(bool bridge)
{
return SiNewServerEx(bridge, false);
return SiNewServerEx(bridge, false, false);
}
SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server)
SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server, bool relay_server)
{
SERVER *s;
LISTENER *inproc;
src/Cedar/Server.h
+1 -1
View File
@@ -472,7 +472,7 @@ struct SERVER_HUB_CREATE_HISTORY
// Function prototype declaration
SERVER *SiNewServer(bool bridge);
SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server);
SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server, bool relay_server);
void SiReleaseServer(SERVER *s);
void SiCleanupServer(SERVER *s);
void StStartServer(bool bridge);
src/Cedar/Session.c
+35 -4
View File
@@ -305,6 +305,16 @@ void SessionMain(SESSION *s)
}
if (is_server_session && s->LinkModeServer == false && s->SecureNATMode == false && s->BridgeMode == false && s->L3SwitchMode == false)
{
if (s->Hub != NULL && s->Hub->ForceDisableComm)
{
// Disconnect the session forcibly because the ForceDisableComm flag is set
err = ERR_SERVER_CANT_ACCEPT;
pa_fail = true;
}
}
if (s->InProcMode)
{
if (c->TubeSock == NULL || IsTubeConnected(c->TubeSock->SendTube) == false || IsTubeConnected(c->TubeSock->RecvTube) == false)
@@ -324,7 +334,6 @@ void SessionMain(SESSION *s)
pa_fail = true;
}
}
// Chance of additional connection
if (is_server_session == false)
@@ -1409,20 +1418,26 @@ void ClientThread(THREAD *t, void *param)
bool no_save_password = false;
bool is_vpngate_connection = false;
CEDAR *cedar;
bool num_active_sessions_incremented = false;
// Validate arguments
if (t == NULL || param == NULL)
{
return;
}
CiIncrementNumActiveSessions();
Debug("ClientThread 0x%x Started.\n", t);
s = (SESSION *)param;
AddRef(s->ref);
s->Thread = t;
AddRef(t->ref);
if (s->LinkModeClient == false)
{
CiIncrementNumActiveSessions();
num_active_sessions_incremented = true;
}
NoticeThreadInit(t);
cedar = s->Cedar;
@@ -1793,7 +1808,10 @@ SKIP:
ReleaseSession(s);
CiDecrementNumActiveSessions();
if (num_active_sessions_incremented)
{
CiDecrementNumActiveSessions();
}
}
// Name comparison of sessions
@@ -2209,6 +2227,19 @@ SESSION *NewServerSessionEx(CEDAR *cedar, CONNECTION *c, HUB *h, char *username,
{
Format(name, sizeof(name), "SID-%s-[%s]-%u", user_name_upper, c->InProcPrefix, Inc(h->SessionCounter));
}
if (h->IsVgsHub || h->IsVgsSuperRelayHub)
{
UCHAR rand[5];
char tmp[32];
Rand(rand, sizeof(rand));
BinToStr(tmp, sizeof(tmp), rand, sizeof(rand));
StrCat(name, sizeof(name), "-");
StrCat(name, sizeof(name), tmp);
}
}
else
{
src/Cedar/Session.h
+1
View File
@@ -230,6 +230,7 @@ struct SESSION
UINT64 CreatedTime; // Creation date and time
UINT64 LastCommTime; // Last communication date and time
UINT64 LastCommTimeForDormant; // Last communication date and time (for dormant)
TRAFFIC *Traffic; // Traffic data
TRAFFIC *OldTraffic; // Old traffic data
UINT64 TotalSendSize; // Total transmitted data size
src/Cedar/UdpAccel.c
+1 -1
View File
@@ -342,7 +342,7 @@ void UdpAccelPoll(UDP_ACCEL *a)
else
{
// NAT_T is disabled, but there is a reference host (such as VGC)
if (a->UseUdpIpQuery)
if (a->UseUdpIpQuery || a->UseSuperRelayQuery)
{
}
}
src/Cedar/UdpAccel.h
+1
View File
@@ -193,6 +193,7 @@ struct UDP_ACCEL
UINT64 CreatedTick; // Object creation time
bool FastDetect; // Fast disconnection detection mode
UINT64 FirstStableReceiveTick; // Start time of current stable continued receivable period
bool UseSuperRelayQuery; // Use the super relay query
bool UseUdpIpQuery; // Use the self IP address query by UDP
IP UdpIpQueryHost; // Host for the self IP address query by UDP
UINT UdpIpQueryPort; // Port number for self IP address for query by UDP
src/Cedar/Virtual.c
+60 -1
View File
@@ -9282,7 +9282,16 @@ UINT ServeDhcpDiscover(VH *v, UCHAR *mac, UINT request_ip)
if (ret == 0)
{
// Take an appropriate IP addresses that can be assigned newly
ret = GetFreeDhcpIpAddress(v);
HUB_OPTION *opt = NatGetHubOption(v);
if (opt != NULL && opt->SecureNAT_RandomizeAssignIp)
{
ret = GetFreeDhcpIpAddressByRandom(v, mac);
}
else
{
ret = GetFreeDhcpIpAddress(v);
}
}
return ret;
@@ -9316,6 +9325,56 @@ UINT GetFreeDhcpIpAddress(VH *v)
return 0;
}
// Take an appropriate IP addresses that can be assigned newly (random)
UINT GetFreeDhcpIpAddressByRandom(VH *v, UCHAR *mac)
{
UINT ip_start, ip_end;
UINT i;
UINT num_retry;
// Validate arguments
if (v == NULL || mac == NULL)
{
return 0;
}
ip_start = Endian32(v->DhcpIpStart);
ip_end = Endian32(v->DhcpIpEnd);
if (ip_start > ip_end)
{
return 0;
}
num_retry = (ip_end - ip_start + 1) * 2;
num_retry = MIN(num_retry, 65536 * 2);
for (i = 0;i < num_retry;i++)
{
UCHAR rand_seed[sizeof(UINT) + 6];
UCHAR hash[16];
UINT rand_int;
UINT new_ip;
WRITE_UINT(&rand_seed[0], i);
Copy(rand_seed + sizeof(UINT), mac, 6);
Hash(hash, rand_seed, sizeof(rand_seed), false);
rand_int = READ_UINT(hash);
new_ip = Endian32(ip_start + (rand_int % (ip_end - ip_start + 1)));
if (SearchDhcpLeaseByIp(v, new_ip) == NULL)
{
// A free IP address is found
return new_ip;
}
}
// There is no free address
return 0;
}
// Virtual DHCP Server
void VirtualDhcpServer(VH *v, PKT *p)
{
src/Cedar/Virtual.h
+1
View File
@@ -618,6 +618,7 @@ DHCP_LEASE *SearchDhcpLeaseByMac(VH *v, UCHAR *mac);
DHCP_LEASE *SearchDhcpLeaseByIp(VH *v, UINT ip);
UINT ServeDhcpDiscover(VH *v, UCHAR *mac, UINT request_ip);
UINT GetFreeDhcpIpAddress(VH *v);
UINT GetFreeDhcpIpAddressByRandom(VH *v, UCHAR *mac);
UINT ServeDhcpRequest(VH *v, UCHAR *mac, UINT request_ip);
void VirtualDhcpSend(VH *v, UINT tran_id, UINT dest_ip, UINT dest_port,
UINT new_ip, UCHAR *client_mac, BUF *b, UINT hw_type, UINT hw_addr_size);
src/Cedar/Wpc.c
+14 -2
View File
@@ -158,10 +158,11 @@ PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT t
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash)
{
return WpcCallEx(url, setting, timeout_connect, timeout_comm, function_name, pack, cert, key,
sha1_cert_hash, NULL, 0);
sha1_cert_hash, NULL, 0, NULL, NULL);
}
PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size)
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size,
char *additional_header_name, char *additional_header_value)
{
URL_DATA data;
BUF *b, *recv;
@@ -190,6 +191,12 @@ PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT
WriteBufInt(b, 0);
SeekBuf(b, 0, 0);
if (IsEmptyStr(additional_header_name) == false && IsEmptyStr(additional_header_value) == false)
{
StrCpy(data.AdditionalHeaderName, sizeof(data.AdditionalHeaderName), additional_header_name);
StrCpy(data.AdditionalHeaderValue, sizeof(data.AdditionalHeaderValue), additional_header_value);
}
recv = HttpRequestEx(&data, setting, timeout_connect, timeout_comm, &error,
false, b->Buf, NULL, NULL, sha1_cert_hash, cancel, max_recv_size);
@@ -822,6 +829,11 @@ BUF *HttpRequestEx2(URL_DATA *data, INTERNET_SETTING *setting,
AddHttpValue(h, NewHttpValue("Content-Length", len_str));
}
if (IsEmptyStr(data->AdditionalHeaderName) == false && IsEmptyStr(data->AdditionalHeaderValue) == false)
{
AddHttpValue(h, NewHttpValue(data->AdditionalHeaderName, data->AdditionalHeaderValue));
}
if (use_http_proxy)
{
AddHttpValue(h, NewHttpValue("Proxy-Connection", "Keep-Alive"));
src/Cedar/Wpc.h
+4 -1
View File
@@ -157,6 +157,8 @@ struct URL_DATA
char Method[32]; // Method
char Target[MAX_SIZE * 3]; // Target
char Referer[MAX_SIZE * 3]; // Referer
char AdditionalHeaderName[128]; // Additional header name
char AdditionalHeaderValue[MAX_SIZE]; // Additional header value
};
// WPC entry
@@ -219,7 +221,8 @@ void WpcFreePacket(WPC_PACKET *packet);
PACK *WpcCall(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash);
PACK *WpcCallEx(char *url, INTERNET_SETTING *setting, UINT timeout_connect, UINT timeout_comm,
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size);
char *function_name, PACK *pack, X *cert, K *key, void *sha1_cert_hash, bool *cancel, UINT max_recv_size,
char *additional_header_name, char *additional_header_value);
bool IsProxyPrivateIp(INTERNET_SETTING *s);
#endif // WPC_H