1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Merge PR #129 into master.

This commit is contained in:
Moataz Elmasry 2018-01-25 02:55:11 +01:00
commit 93d9ade990
9 changed files with 73 additions and 12 deletions

View File

@ -1765,6 +1765,8 @@ CEDAR *NewCedar(X *server_x, K *server_k)
c->UdpPortList = NewIntList(false); c->UdpPortList = NewIntList(false);
c->DhParamBits = DH_PARAM_BITS_DEFAULT;
InitNetSvcList(c); InitNetSvcList(c);
InitLocalBridgeList(c); InitLocalBridgeList(c);

View File

@ -308,6 +308,7 @@
#define FARM_BASE_POINT 100000 // Reference value of the cluster score #define FARM_BASE_POINT 100000 // Reference value of the cluster score
#define FARM_DEFAULT_WEIGHT 100 // Standard performance ratio #define FARM_DEFAULT_WEIGHT 100 // Standard performance ratio
#define DH_PARAM_BITS_DEFAULT 2048 // Bits of Diffie-Hellman Parameters
#define SE_UDP_SIGN "SE2P" // Not used (only old UDP mode) #define SE_UDP_SIGN "SE2P" // Not used (only old UDP mode)
@ -1053,6 +1054,7 @@ typedef struct CEDAR
LOCK *FifoBudgetLock; // Fifo budget lock LOCK *FifoBudgetLock; // Fifo budget lock
UINT FifoBudget; // Fifo budget UINT FifoBudget; // Fifo budget
SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings SSL_ACCEPT_SETTINGS SslAcceptSettings; // SSL Accept Settings
UINT DhParamBits; // Bits of Diffie-Hellman parameters
char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String
} CEDAR; } CEDAR;

View File

@ -2595,7 +2595,7 @@ OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOC
OvsLog(s, NULL, NULL, "LO_START"); OvsLog(s, NULL, NULL, "LO_START");
s->Dh = DhNewGroup2(); s->Dh = DhNewFromBits(DH_PARAM_BITS_DEFAULT);
return s; return s;
} }
@ -2703,6 +2703,21 @@ OPENVPN_SERVER_UDP *NewOpenVpnServerUdp(CEDAR *cedar)
return u; return u;
} }
void OpenVpnServerUdpSetDhParam(OPENVPN_SERVER_UDP *u, DH_CTX *dh)
{
// Validate arguments
if (u == NULL) {
return;
}
if (u->OpenVpnServer->Dh)
{
DhFree(u->OpenVpnServer->Dh);
}
u->OpenVpnServer->Dh = dh;
}
// Apply the port list to the OpenVPN server // Apply the port list to the OpenVPN server
void OvsApplyUdpPortList(OPENVPN_SERVER_UDP *u, char *port_list, IP *listen_ip) void OvsApplyUdpPortList(OPENVPN_SERVER_UDP *u, char *port_list, IP *listen_ip)
{ {

View File

@ -384,6 +384,8 @@ bool OvsGetNoOpenVpnTcp();
void OvsSetNoOpenVpnUdp(bool b); void OvsSetNoOpenVpnUdp(bool b);
void OpenVpnServerUdpSetDhParam(OPENVPN_SERVER_UDP *u, DH_CTX *dh);
#endif // INTEROP_OPENVPN_H #endif // INTEROP_OPENVPN_H

View File

@ -6186,6 +6186,18 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2"); c->SslAcceptSettings.Tls_Disable1_2 = CfgGetBool(f, "Tls_Disable1_2");
s->StrictSyslogDatetimeFormat = CfgGetBool(f, "StrictSyslogDatetimeFormat"); s->StrictSyslogDatetimeFormat = CfgGetBool(f, "StrictSyslogDatetimeFormat");
// Bits of Diffie-Hellman parameters
c->DhParamBits = CfgGetInt(f, "DhParamBits");
if (c->DhParamBits == 0)
{
c->DhParamBits = DH_PARAM_BITS_DEFAULT;
}
SetDhParam(DhNewFromBits(c->DhParamBits));
if (s->OpenVpnServerUdp)
{
OpenVpnServerUdpSetDhParam(s->OpenVpnServerUdp, DhNewFromBits(c->DhParamBits));
}
} }
Unlock(c->lock); Unlock(c->lock);
@ -6289,6 +6301,7 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
CfgAddBool(f, "BackupConfigOnlyWhenModified", s->BackupConfigOnlyWhenModified); CfgAddBool(f, "BackupConfigOnlyWhenModified", s->BackupConfigOnlyWhenModified);
CfgAddIp(f, "ListenIP", &s->ListenIP); CfgAddIp(f, "ListenIP", &s->ListenIP);
if (s->Logger != NULL) if (s->Logger != NULL)
{ {
CfgAddInt(f, "ServerLogSwitchType", s->Logger->SwitchType); CfgAddInt(f, "ServerLogSwitchType", s->Logger->SwitchType);
@ -6499,6 +6512,7 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0); CfgAddBool(f, "Tls_Disable1_0", c->SslAcceptSettings.Tls_Disable1_0);
CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1); CfgAddBool(f, "Tls_Disable1_1", c->SslAcceptSettings.Tls_Disable1_1);
CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2); CfgAddBool(f, "Tls_Disable1_2", c->SslAcceptSettings.Tls_Disable1_2);
CfgAddInt(f, "DhParamBits", c->DhParamBits);
// Disable session reconnect // Disable session reconnect
CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT)); CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT));

View File

@ -4895,12 +4895,36 @@ DH_CTX *DhNewGroup5()
return DhNew(DH_GROUP5_PRIME_1536, 2); return DhNew(DH_GROUP5_PRIME_1536, 2);
} }
// Creating a DH SIMPLE 160bits // Creating a DH SIMPLE 160bits
DH_CTX *DhNewSimple160() DH_CTX *DhNewSimple160()
{ {
return DhNew(DH_SIMPLE_160, 2); return DhNew(DH_SIMPLE_160, 2);
} }
DH_CTX *DhNewFromBits(UINT bits)
{
switch (bits)
{
case 160:
return DhNewSimple160();
case 768:
return DhNewGroup1();
case 1024:
return DhNewGroup2();
case 1536:
return DhNewGroup5();
case 2048:
return DhNew2048();
case 3072:
return DhNew3072();
case 4096:
return DhNew4096();
default:
return DhNew2048();
}
}
// Convert the DH parameters to file // Convert the DH parameters to file
BUF *DhToBuf(DH_CTX *dh) BUF *DhToBuf(DH_CTX *dh)
{ {

View File

@ -540,6 +540,7 @@ DH_CTX *DhNewSimple160();
DH_CTX *DhNew2048(); DH_CTX *DhNew2048();
DH_CTX *DhNew3072(); DH_CTX *DhNew3072();
DH_CTX *DhNew4096(); DH_CTX *DhNew4096();
DH_CTX *DhNewFromBits(UINT bits);
DH_CTX *DhNew(char *prime, UINT g); DH_CTX *DhNew(char *prime, UINT g);
void DhFree(DH_CTX *dh); void DhFree(DH_CTX *dh);
BUF *DhToBuf(DH_CTX *dh); BUF *DhToBuf(DH_CTX *dh);

View File

@ -250,7 +250,7 @@ static UINT rand_port_numbers[256] = {0};
static bool g_use_privateip_file = false; static bool g_use_privateip_file = false;
static bool g_source_ip_validation_force_disable = false; static bool g_source_ip_validation_force_disable = false;
static DH_CTX *dh_2048 = NULL; static DH_CTX *dh_param = NULL;
typedef struct PRIVATE_IP_SUBNET typedef struct PRIVATE_IP_SUBNET
{ {
@ -17810,9 +17810,9 @@ DH *TmpDhCallback(SSL *ssl, int is_export, int keylength)
{ {
DH *ret = NULL; DH *ret = NULL;
if (dh_2048 != NULL) if (dh_param != NULL)
{ {
ret = dh_2048->dh; ret = dh_param->dh;
} }
return ret; return ret;
@ -17932,9 +17932,6 @@ void InitNetwork()
disable_cache = false; disable_cache = false;
dh_2048 = DhNew2048();
Zero(rand_port_numbers, sizeof(rand_port_numbers)); Zero(rand_port_numbers, sizeof(rand_port_numbers));
SetGetIpThreadMaxNum(DEFAULT_GETIP_THREAD_MAX_NUM); SetGetIpThreadMaxNum(DEFAULT_GETIP_THREAD_MAX_NUM);
@ -18367,10 +18364,10 @@ void SetCurrentGlobalIP(IP *ip, bool ipv6)
void FreeNetwork() void FreeNetwork()
{ {
if (dh_2048 != NULL) if (dh_param != NULL)
{ {
DhFree(dh_2048); DhFree(dh_param);
dh_2048 = NULL; dh_param = NULL;
} }
// Release of thread-related // Release of thread-related
@ -20282,6 +20279,8 @@ LABEL_RESTART:
if (u->PollMyIpAndPort) if (u->PollMyIpAndPort)
{ {
// Create a thread to get a NAT-T IP address if necessary
if (u->GetNatTIpThread == NULL)
{ {
// Create a thread to get a NAT-T IP address if necessary // Create a thread to get a NAT-T IP address if necessary
if (u->GetNatTIpThread == NULL) if (u->GetNatTIpThread == NULL)

View File

@ -1020,6 +1020,8 @@ int GetCurrentTimezone();
bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UINT sni_size); bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UINT sni_size);
bool GetSniNameFromPreSslConnection(SOCK *s, char *sni, UINT sni_size); bool GetSniNameFromPreSslConnection(SOCK *s, char *sni, UINT sni_size);
void SetDhParam(DH_CTX *dh);
bool IsUseDnsProxy(); bool IsUseDnsProxy();
bool IsUseAlternativeHostname(); bool IsUseAlternativeHostname();