AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-07 16:25:01 +03:00
Code Releases Activity

v4.12-9514-beta

Browse Source
This commit is contained in:
dnobori
2014-11-18 12:05:48 +09:00
parent 2b3a4d0b75
commit 75f9836ce5
301 changed files with 1259 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Cedar/Cedar.c
View File

@ -1663,6 +1663,8 @@ CEDAR *NewCedar(X *server_x, K *server_k)
c->CurrentRegionLock = NewLock();
StrCpy(c->OpenVPNDefaultClientOption, sizeof(c->OpenVPNDefaultClientOption), OVPN_DEF_CLIENT_OPTION_STRING);
#ifdef BETA_NUMBER
c->Beta = BETA_NUMBER;
#endif // BETA_NUMBER

15
src/Cedar/Cedar.h
View File

@ -135,10 +135,10 @@
// Version number
#define CEDAR_VER 411
#define CEDAR_VER 412
// Build Number
#define CEDAR_BUILD 9506
#define CEDAR_BUILD 9514
// Beta number
//#define BETA_NUMBER 3
@ -158,11 +158,11 @@
// Specifies the build date
#define BUILD_DATE_Y 2014
#define BUILD_DATE_M 10
#define BUILD_DATE_D 22
#define BUILD_DATE_HO 19
#define BUILD_DATE_MI 51
#define BUILD_DATE_SE 55
#define BUILD_DATE_M 11
#define BUILD_DATE_D 17
#define BUILD_DATE_HO 21
#define BUILD_DATE_MI 41
#define BUILD_DATE_SE 16
// Tolerable time difference
#define ALLOW_TIMESTAMP_DIFF (UINT64)(3 * 24 * 60 * 60 * 1000)
@ -1052,6 +1052,7 @@ typedef struct CEDAR
LOCK *FifoBudgetLock; // Fifo budget lock
UINT FifoBudget; // Fifo budget
bool AcceptOnlyTls; // Accept only TLS (Disable SSL)
char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String
} CEDAR;
// Type of CEDAR

7
src/Cedar/CedarType.h
View File

@ -137,6 +137,13 @@ typedef struct AUTHRADIUS AUTHRADIUS;
typedef struct AUTHNT AUTHNT;
// ==============================================================
// RADIUS
// ==============================================================
typedef struct RADIUS_LOGIN_OPTION RADIUS_LOGIN_OPTION;
// ==============================================================
// Listener
// ==============================================================

2
src/Cedar/Hub.c
View File

@ -597,6 +597,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao)
GetHubAdminOptionDataAndSet(ao, "DropArpInPrivacyFilterMode", &o->DropArpInPrivacyFilterMode);
GetHubAdminOptionDataAndSet(ao, "SuppressClientUpdateNotification", &o->SuppressClientUpdateNotification);
GetHubAdminOptionDataAndSet(ao, "FloodingSendQueueBufferQuota", &o->FloodingSendQueueBufferQuota);
GetHubAdminOptionDataAndSet(ao, "AssignVLanIdByRadiusAttribute", &o->AssignVLanIdByRadiusAttribute);
}
// Convert the contents of the HUB_OPTION to data
@ -662,6 +663,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name)
Add(aol, NewAdminOption("DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode));
Add(aol, NewAdminOption("SuppressClientUpdateNotification", o->SuppressClientUpdateNotification));
Add(aol, NewAdminOption("FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota));
Add(aol, NewAdminOption("AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute));
Zero(ao, sizeof(RPC_ADMIN_OPTION));

1
src/Cedar/Hub.h
View File

@ -275,6 +275,7 @@ struct HUB_OPTION
bool DropArpInPrivacyFilterMode; // Drop ARP packets if the both source and destination session is PrivacyFilter mode
bool SuppressClientUpdateNotification; // Suppress the update notification function on the VPN Client
UINT FloodingSendQueueBufferQuota; // The global quota of send queues of flooding packets
bool AssignVLanIdByRadiusAttribute; // Assign the VLAN ID for the VPN session, by the attribute value of RADIUS
};
// MAC table entry

10
src/Cedar/Interop_OpenVPN.c
View File

@ -766,6 +766,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
{
LIST *o;
BUF *b;
char opt_str[MAX_SIZE];
// Validate arguments
if (s == NULL || se == NULL || c == NULL || data == NULL)
{
@ -779,7 +780,14 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
OvsLog(s, se, c, "LO_OPTION_STR_RECV", data->OptionString);
o = OvsParseOptions(data->OptionString);
Zero(opt_str, sizeof(opt_str));
StrCpy(opt_str, sizeof(opt_str), data->OptionString);
if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false))
{
StrCpy(opt_str, sizeof(opt_str), s->Cedar->OpenVPNDefaultClientOption);
}
o = OvsParseOptions(opt_str);
if (se->Mode == OPENVPN_MODE_UNKNOWN)
{

3
src/Cedar/Interop_OpenVPN.h
View File

@ -311,6 +311,9 @@ struct OPENVPN_SERVER_UDP
UINT64 VgsNextGetPublicPortsTick;
};
// OpenVPN Default Client Option String
#define OVPN_DEF_CLIENT_OPTION_STRING "dev-type tun,link-mtu 1500,tun-mtu 1500,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
//// Function prototype
OPENVPN_SERVER_UDP *NewOpenVpnServerUdp(CEDAR *cedar);

2
src/Cedar/Layer3.c
View File

@ -1031,7 +1031,7 @@ void L3PollingBeacon(L3IF *f)
Copy(udp_buf + sizeof(IPV4_HEADER) + sizeof(UDP_HEADER), beacon_str, sizeof(beacon_str));
udp->Checksum = IpChecksum(udp, sizeof(UDP_HEADER) + sizeof(beacon_str));
udp->Checksum = CalcChecksumForIPv4(f->IpAddress, dest_ip, 0x11, udp, sizeof(UDP_HEADER) + sizeof(beacon_str), 0);
ip->DstIP = dest_ip;
IPV4_SET_VERSION(ip, 4);

52
src/Cedar/Protocol.c
View File

@ -842,24 +842,24 @@ void GenerateMachineUniqueHash(void *data)
{
BUF *b;
char name[64];
char ip_str[64];
IP ip;
OS_INFO *osinfo;
UINT64 iphash = 0;
// Validate arguments
if (data == NULL)
{
return;
}
iphash = GetHostIPAddressListHash();
b = NewBuf();
GetMachineName(name, sizeof(name));
GetMachineIp(&ip);
IPToStr(ip_str, sizeof(ip_str), &ip);
osinfo = GetOsInfo();
WriteBuf(b, name, StrLen(name));
WriteBuf(b, ip_str, StrLen(ip_str));
WriteBufInt64(b, iphash);
WriteBuf(b, &osinfo->OsType, sizeof(osinfo->OsType));
WriteBuf(b, osinfo->KernelName, StrLen(osinfo->KernelName));
@ -1265,6 +1265,7 @@ bool ServerAccept(CONNECTION *c)
RC4_KEY_PAIR key_pair;
UINT authtype;
POLICY *policy;
UINT assigned_vlan_id = 0;
HUB *hub;
SESSION *s = NULL;
UINT64 user_expires = 0;
@ -1330,6 +1331,8 @@ bool ServerAccept(CONNECTION *c)
return false;
}
GenerateMachineUniqueHash(unique2);
Zero(ctoken_hash_str, sizeof(ctoken_hash_str));
Zero(mschap_v2_server_response_20, sizeof(mschap_v2_server_response_20));
@ -1623,6 +1626,8 @@ bool ServerAccept(CONNECTION *c)
USER *user;
USERGROUP *group;
char plain_password[MAX_PASSWORD_LEN + 1];
RADIUS_LOGIN_OPTION radius_login_opt;
if (hub->Halt || hub->Offline)
{
// HUB is off-line
@ -1633,6 +1638,13 @@ bool ServerAccept(CONNECTION *c)
goto CLEANUP;
}
Zero(&radius_login_opt, sizeof(radius_login_opt));
if (hub->Option != NULL)
{
radius_login_opt.In_CheckVLanId = hub->Option->AssignVLanIdByRadiusAttribute;
}
// Get the various flags
use_encrypt = PackGetInt(p, "use_encrypt") == 0 ? false : true;
use_compress = PackGetInt(p, "use_compress") == 0 ? false : true;
@ -1997,7 +2009,7 @@ bool ServerAccept(CONNECTION *c)
if (fail_ext_user_auth == false)
{
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, false, mschap_v2_server_response_20);
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, false, mschap_v2_server_response_20, &radius_login_opt);
}
if (auth_ret && pol == NULL)
@ -2028,7 +2040,7 @@ bool ServerAccept(CONNECTION *c)
// If there is asterisk user, log on as the user
if (b)
{
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20);
auth_ret = SamAuthUserByPlainPassword(c, hub, username, plain_password, true, mschap_v2_server_response_20, &radius_login_opt);
if (auth_ret && pol == NULL)
{
pol = SamGetUserPolicy(hub, "*");
@ -2180,6 +2192,12 @@ bool ServerAccept(CONNECTION *c)
// Authentication success
FreePack(p);
// Check the assigned VLAN ID
if (radius_login_opt.Out_VLanId != 0)
{
assigned_vlan_id = radius_login_opt.Out_VLanId;
}
if (StrCmpi(username, ADMINISTRATOR_USERNAME) != 0)
{
// Get the policy
@ -2468,8 +2486,6 @@ bool ServerAccept(CONNECTION *c)
policy->NoRouting = true;
}
GenerateMachineUniqueHash(unique2);
if (Cmp(unique, unique2, SHA1_SIZE) == 0)
{
// It's a localhost session
@ -2865,6 +2881,18 @@ bool ServerAccept(CONNECTION *c)
// Remove the connection from Cedar
DelConnection(c->Cedar, c);
// VLAN ID
if (assigned_vlan_id != 0)
{
if (policy != NULL)
{
if (policy->VLanId == 0)
{
policy->VLanId = assigned_vlan_id;
}
}
}
// Create a Session
StrLower(username);
s = NewServerSessionEx(c->Cedar, c, hub, username, policy, c->IsInProc);
@ -3050,6 +3078,7 @@ bool ServerAccept(CONNECTION *c)
s->QoS = qos;
s->NoReconnectToSession = no_reconnect_to_session;
if (policy != NULL)
{
s->VLanId = policy->VLanId;
@ -3245,6 +3274,11 @@ bool ServerAccept(CONNECTION *c)
NodeInfoToStr(tmp, sizeof(tmp), &s->NodeInfo);
HLog(hub, "LH_NODE_INFO", s->Name, tmp);
if (s->VLanId != 0)
{
HLog(hub, "LH_VLAN_ID", s->Name, s->VLanId);
}
}
// Shift the connection to the tunneling mode

103
src/Cedar/Radius.c
View File

@ -114,7 +114,8 @@
#include "CedarPch.h"
// Attempts Radius authentication (with specifying retry interval and multiple server)
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20)
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
RADIUS_LOGIN_OPTION *opt)
{
UCHAR random[MD5_SIZE];
UCHAR id;
@ -128,6 +129,7 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
IPC_MSCHAP_V2_AUTHINFO mschap;
bool is_mschap;
char client_ip_str[MAX_SIZE];
RADIUS_LOGIN_OPTION opt_dummy;
static UINT packet_id = 0;
// Validate arguments
if (server == NULL || port == 0 || (secret_size != 0 && secret == NULL) || username == NULL || password == NULL)
@ -135,6 +137,15 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec
return false;
}
if (opt == NULL)
{
Zero(&opt_dummy, sizeof(opt_dummy));
opt = &opt_dummy;
}
opt->Out_VLanId = 0;
Zero(client_ip_str, sizeof(client_ip_str));
if (c != NULL && c->FirstSock != NULL)
{
@ -450,6 +461,34 @@ RECV_RETRY:
FreeBuf(b);
}
}
if (opt->In_CheckVLanId)
{
BUF *buf = NewBufFromMemory(recv_buf, recv_size);
LIST *o = RadiusParseOptions(buf);
if (o != NULL)
{
DHCP_OPTION *vlan_option = GetDhcpOption(o, RADIUS_ATTRIBUTE_VLAN_ID);
if (vlan_option != NULL)
{
UINT vlan_id = 0;
char tmp[32];
Zero(tmp, sizeof(tmp));
Copy(tmp, vlan_option->Data, MIN(vlan_option->Size, sizeof(tmp) - 1));
vlan_id = ToInt(tmp);
opt->Out_VLanId = vlan_id;
}
}
FreeBuf(buf);
FreeDhcpOptions(o);
}
}
break;
}
@ -484,6 +523,68 @@ RECV_RETRY:
return ret;
}
// Parse RADIUS attributes
LIST *RadiusParseOptions(BUF *b)
{
LIST *o;
UCHAR code;
UCHAR id;
USHORT len;
UCHAR auth[16];
// Validate arguments
if (b == NULL)
{
return NULL;
}
o = NewList(NULL);
ReadBuf(b, &code, 1);
ReadBuf(b, &id, 1);
len = 0;
ReadBuf(b, &len, 2);
len = Endian16(len);
ReadBuf(b, auth, 16);
while (true)
{
UCHAR attribute_id;
UCHAR size;
UCHAR data[256];
DHCP_OPTION *d;
if (ReadBuf(b, &attribute_id, 1) != 1)
{
break;
}
if (ReadBuf(b, &size, 1) != 1)
{
break;
}
if (size <= 2)
{
break;
}
size -= 2;
if (ReadBuf(b, data, size) != size)
{
break;
}
d = ZeroMalloc(sizeof(DHCP_OPTION));
d->Id = attribute_id;
d->Size = size;
d->Data = Clone(data, d->Size);
Add(o, d);
}
return o;
}
// Adding Attributes
void RadiusAddValue(BUF *b, UCHAR t, UINT v, UCHAR vt, void *data, UINT size)
{

14
src/Cedar/Radius.h
View File

@ -118,13 +118,25 @@
#define RADIUS_RETRY_INTERVAL 500 // Retransmission interval
#define RADIUS_RETRY_TIMEOUT (10 * 1000) // Time-out period
// RADIUS attributes
#define RADIUS_ATTRIBUTE_VLAN_ID 81
struct RADIUS_LOGIN_OPTION
{
bool In_CheckVLanId;
UINT Out_VLanId;
};
// Function prototype
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20);
bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20,
RADIUS_LOGIN_OPTION *opt);
BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size);
BUF *RadiusCreateUserName(wchar_t *username);
BUF *RadiusCreateUserPassword(void *data, UINT size);
BUF *RadiusCreateNasId(char *name);
void RadiusAddValue(BUF *b, UCHAR t, UINT v, UCHAR vt, void *data, UINT size);
LIST *RadiusParseOptions(BUF *b);
#endif // RADIUS_H

2
src/Cedar/SW.c
View File

@ -2670,7 +2670,7 @@ void SwDefineTasks(SW *sw, SW_TASK *t, SW_COMPONENT *c)
SW_TASK_COPY *vpninstall;
wchar_t *src_config_filename;
CombinePathW(tmp, sizeof(tmp), sw->InstallDir, L"backup.vpn_vpnclient.config");
CombinePathW(tmp, sizeof(tmp), sw->InstallDir, L"backup.vpn_client.config");
Add(t->SetSecurityPaths, CopyUniStr(tmp));
if (x64 == false)

4
src/Cedar/Sam.c
View File

@ -175,7 +175,7 @@ bool SamAuthUserByAnonymous(HUB *h, char *username)
}
// Plaintext password authentication of user
bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *password, bool ast, UCHAR *mschap_v2_server_response_20)
bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *password, bool ast, UCHAR *mschap_v2_server_response_20, RADIUS_LOGIN_OPTION *opt)
{
bool b = false;
wchar_t *name = NULL;
@ -267,7 +267,7 @@ bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *p
// Attempt to login
b = RadiusLogin(c, radius_server_addr, radius_server_port,
radius_secret, StrLen(radius_secret),
name, password, interval, mschap_v2_server_response_20);
name, password, interval, mschap_v2_server_response_20, opt);
}
Lock(hub->lock);

2
src/Cedar/Sam.h
View File

@ -121,7 +121,7 @@ UINT SamGetUserAuthType(HUB *h, char *username);
bool SamAuthUserByPassword(HUB *h, char *username, void *random, void *secure_password, char *mschap_v2_password, UCHAR *mschap_v2_server_response_20, UINT *err);
bool SamAuthUserByAnonymous(HUB *h, char *username);
bool SamAuthUserByCert(HUB *h, char *username, X *x);
bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *password, bool ast, UCHAR *mschap_v2_server_response_20);
bool SamAuthUserByPlainPassword(CONNECTION *c, HUB *hub, char *username, char *password, bool ast, UCHAR *mschap_v2_server_response_20, RADIUS_LOGIN_OPTION *opt);
POLICY *SamGetUserPolicy(HUB *h, char *username);
void GenRamdom(void *random);

51
src/Cedar/Server.c
View File

@ -260,6 +260,7 @@ UINT SiDebug(SERVER *s, RPC_TEST *ret, UINT i, char *str)
{10, "Get VgsMessageDisplayed Flag", "", SiDebugProcGetVgsMessageDisplayedValue},
{11, "Set VgsMessageDisplayed Flag", "", SiDebugProcSetVgsMessageDisplayedValue},
{12, "Get the current TCP send queue length", "", SiDebugProcGetCurrentTcpSendQueueLength},
{13, "Get the current GetIP thread count", "", SiDebugProcGetCurrentGetIPThreadCount},
};
UINT num_proc_list = sizeof(proc_list) / sizeof(proc_list[0]);
UINT j;
@ -478,6 +479,25 @@ UINT SiDebugProcGetCurrentTcpSendQueueLength(SERVER *s, char *in_str, char *ret_
return ERR_NO_ERROR;
}
UINT SiDebugProcGetCurrentGetIPThreadCount(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size)
{
char tmp1[64], tmp2[64];
// Validate arguments
if (s == NULL || in_str == NULL || ret_str == NULL)
{
return ERR_INVALID_PARAMETER;
}
ToStr3(tmp1, 0, GetCurrentGetIpThreadNum());
ToStr3(tmp2, 0, GetGetIpThreadMaxNum());
Format(ret_str, 0,
"Current threads = %s\n"
"Quota = %s\n",
tmp1, tmp2);
return ERR_NO_ERROR;
}
UINT SiDebugProcSetVgsMessageDisplayedValue(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size)
{
// Validate arguments
@ -4081,6 +4101,7 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
o->DisableCheckMacOnLocalBridge = CfgGetBool(f, "DisableCheckMacOnLocalBridge");
o->DisableCorrectIpOffloadChecksum = CfgGetBool(f, "DisableCorrectIpOffloadChecksum");
o->SuppressClientUpdateNotification = CfgGetBool(f, "SuppressClientUpdateNotification");
o->AssignVLanIdByRadiusAttribute = CfgGetBool(f, "AssignVLanIdByRadiusAttribute");
// Enabled by default
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@ -4156,6 +4177,7 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
CfgAddBool(f, "DropBroadcastsInPrivacyFilterMode", o->DropBroadcastsInPrivacyFilterMode);
CfgAddBool(f, "DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode);
CfgAddBool(f, "SuppressClientUpdateNotification", o->SuppressClientUpdateNotification);
CfgAddBool(f, "AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute);
CfgAddBool(f, "NoLookBPDUBridgeId", o->NoLookBPDUBridgeId);
CfgAddInt(f, "AdjustTcpMssValue", o->AdjustTcpMssValue);
CfgAddBool(f, "DisableAdjustTcpMss", o->DisableAdjustTcpMss);
@ -5748,6 +5770,7 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
bool cluster_allowed = false;
UINT num_connections_per_ip = 0;
FOLDER *params_folder;
UINT i;
// Validate arguments
if (s == NULL || f == NULL)
{
@ -5765,6 +5788,16 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
s->AutoSaveConfigSpan = MAKESURE(s->AutoSaveConfigSpan, SERVER_FILE_SAVE_INTERVAL_MIN, SERVER_FILE_SAVE_INTERVAL_MAX);
}
i = CfgGetInt(f, "MaxConcurrentDnsClientThreads");
if (i != 0)
{
SetGetIpThreadMaxNum(i);
}
else
{
SetGetIpThreadMaxNum(DEFAULT_GETIP_THREAD_MAX_NUM);
}
s->DontBackupConfig = CfgGetBool(f, "DontBackupConfig");
if (CfgIsItem(f, "BackupConfigOnlyWhenModified"))
@ -5900,6 +5933,16 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// Disable the OpenVPN server function
s->DisableOpenVPNServer = CfgGetBool(f, "DisableOpenVPNServer");
// OpenVPN Default Option String
if (CfgGetStr(f, "OpenVPNDefaultClientOption", tmp, sizeof(tmp)))
{
if (IsEmptyStr(tmp) == false)
{
StrCpy(c->OpenVPNDefaultClientOption,
sizeof(c->OpenVPNDefaultClientOption), tmp);
}
}
// Disable the NAT-traversal feature
s->DisableNatTraversal = CfgGetBool(f, "DisableNatTraversal");
@ -6190,6 +6233,8 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
return;
}
CfgAddInt(f, "MaxConcurrentDnsClientThreads", GetGetIpThreadMaxNum());
CfgAddInt(f, "CurrentBuild", s->Cedar->Build);
CfgAddInt(f, "AutoSaveConfigSpan", s->AutoSaveConfigSpanSaved / 1000);
@ -6292,6 +6337,8 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
}
}
CfgAddStr(f, "OpenVPNDefaultClientOption", c->OpenVPNDefaultClientOption);
if (c->Bridge == false)
{
// VPN over ICMP
@ -7431,6 +7478,7 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
o.DropBroadcastsInPrivacyFilterMode = PackGetBool(p, "DropBroadcastsInPrivacyFilterMode");
o.DropArpInPrivacyFilterMode = PackGetBool(p, "DropArpInPrivacyFilterMode");
o.SuppressClientUpdateNotification = PackGetBool(p, "SuppressClientUpdateNotification");
o.AssignVLanIdByRadiusAttribute = PackGetBool(p, "AssignVLanIdByRadiusAttribute");
o.VlanTypeId = PackGetInt(p, "VlanTypeId");
if (o.VlanTypeId == 0)
{
@ -9270,6 +9318,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
PackAddBool(p, "DropBroadcastsInPrivacyFilterMode", h->Option->DropBroadcastsInPrivacyFilterMode);
PackAddBool(p, "DropArpInPrivacyFilterMode", h->Option->DropArpInPrivacyFilterMode);
PackAddBool(p, "SuppressClientUpdateNotification", h->Option->SuppressClientUpdateNotification);
PackAddBool(p, "AssignVLanIdByRadiusAttribute", h->Option->AssignVLanIdByRadiusAttribute);
PackAddInt(p, "ClientMinimumRequiredBuild", h->Option->ClientMinimumRequiredBuild);
PackAddBool(p, "FixForDLinkBPDU", h->Option->FixForDLinkBPDU);
PackAddBool(p, "BroadcastLimiterStrictMode", h->Option->BroadcastLimiterStrictMode);
@ -10811,6 +10860,8 @@ SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server)
LISTENER *azure;
LISTENER *rudp;
SetGetIpThreadMaxNum(DEFAULT_GETIP_THREAD_MAX_NUM);
s = ZeroMalloc(sizeof(SERVER));
SetEraserCheckInterval(0);

1
src/Cedar/Server.h
View File

@ -678,6 +678,7 @@ UINT SiDebugProcSetIPsecMessageDisplayedValue(SERVER *s, char *in_str, char *ret
UINT SiDebugProcGetVgsMessageDisplayedValue(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size);
UINT SiDebugProcSetVgsMessageDisplayedValue(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size);
UINT SiDebugProcGetCurrentTcpSendQueueLength(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size);
UINT SiDebugProcGetCurrentGetIPThreadCount(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size);
typedef UINT (SI_DEBUG_PROC)(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size);

21
src/Cedar/UdpAccel.c
View File

@ -1034,6 +1034,11 @@ UDP_ACCEL *NewUdpAccel(CEDAR *cedar, IP *ip, bool client_mode, bool random_port,
a->IsIPv6 = IsIP6(ip);
if (a->IsIPv6)
{
a->NoNatT = true;
}
a->RecvBlockQueue = NewQueue();
Rand(a->NextIv, sizeof(a->NextIv));
@ -1088,6 +1093,8 @@ void NatT_GetIpThread(THREAD *thread, void *param)
{
UDP_ACCEL *a;
char hostname[MAX_SIZE];
static IP dummy_ip = {0};
UINT num_retry = 0;
// Validate arguments
if (thread == NULL || param == NULL)
{
@ -1096,11 +1103,17 @@ void NatT_GetIpThread(THREAD *thread, void *param)
a = (UDP_ACCEL *)param;
RUDPGetRegisterHostNameByIP(hostname, sizeof(hostname), NULL);
if (IsZeroIP(&dummy_ip))
{
SetIP(&dummy_ip, 11, Rand8(), Rand8(), Rand8());
}
RUDPGetRegisterHostNameByIP(hostname, sizeof(hostname), &dummy_ip);
while (a->NatT_Halt == false)
{
IP ip;
UINT wait_time = UDP_NAT_T_GET_IP_INTERVAL;
// Get the IP address
bool ret = GetIP4Ex(&ip, hostname, 0, &a->NatT_Halt);
@ -1125,7 +1138,11 @@ void NatT_GetIpThread(THREAD *thread, void *param)
}
// Fail to get
Wait(a->NatT_HaltEvent, UDP_NAT_T_GET_IP_INTERVAL);
num_retry++;
wait_time = (UINT)(MIN((UINT64)UDP_NAT_T_GET_IP_INTERVAL * (UINT64)num_retry, (UINT64)UDP_NAT_T_GET_IP_INTERVAL_MAX));
Wait(a->NatT_HaltEvent, wait_time);
}
}