mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-12-26 18:19:53 +03:00
Cedar: use Proto API for protocol options
This commit is contained in:
parent
5209b310e3
commit
b853140626
@ -2113,7 +2113,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
||||
BUF *readme_buf;
|
||||
BUF *readme_pdf_buf;
|
||||
BUF *sample_buf;
|
||||
OPENVPN_SSTP_CONFIG config;
|
||||
LIST *port_list;
|
||||
char my_hostname[MAX_SIZE];
|
||||
|
||||
@ -2124,9 +2123,7 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
||||
return ERR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
SiGetOpenVPNAndSSTPConfig(s, &config);
|
||||
|
||||
if (config.EnableOpenVPN == false)
|
||||
if (ProtoEnabled(s->Proto, "OpenVPN") == false)
|
||||
{
|
||||
return ERR_OPENVPN_IS_NOT_ENABLED;
|
||||
}
|
||||
|
@ -308,9 +308,9 @@ const PROTO_CONTAINER *ProtoDetect(const PROTO *proto, const PROTO_MODE mode, co
|
||||
const PROTO_CONTAINER *container = LIST_DATA(proto->Containers, i);
|
||||
const PROTO_IMPL *impl = container->Impl;
|
||||
|
||||
if (StrCmp(impl->Name(), "OpenVPN") == 0 && proto->Cedar->Server->DisableOpenVPNServer)
|
||||
if (ProtoEnabled(proto, container->Name) == false)
|
||||
{
|
||||
Debug("ProtoDetect(): OpenVPN detected, but it's disabled\n");
|
||||
Debug("ProtoDetect(): skipping %s because it's disabled\n", container->Name);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -58,7 +58,7 @@ bool OvsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER
|
||||
|
||||
Debug("OvsInit(): cipher: %s, hostname: %s\n", cipher, hostname);
|
||||
|
||||
*param = NewOpenVpnServer(cedar, im, se);
|
||||
*param = NewOpenVpnServer(options, cedar, im, se);
|
||||
|
||||
return true;
|
||||
}
|
||||
@ -577,7 +577,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
|
||||
// Detect obfuscation mode and save it for the next packets in the same session
|
||||
if (se->ObfuscationMode == INFINITE)
|
||||
{
|
||||
se->ObfuscationMode = OvsDetectObfuscation(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask);
|
||||
se->ObfuscationMode = OvsDetectObfuscation(p->Data, p->Size, s->ObfuscationMask);
|
||||
if (se->ObfuscationMode != INFINITE)
|
||||
{
|
||||
Debug("OvsProceccRecvPacket(): detected packet obfuscation/scrambling mode: %u\n", se->ObfuscationMode);
|
||||
@ -595,7 +595,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
|
||||
case OPENVPN_SCRAMBLE_MODE_DISABLED:
|
||||
break;
|
||||
case OPENVPN_SCRAMBLE_MODE_XORMASK:
|
||||
OvsDataXorMask(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
|
||||
OvsDataXorMask(p->Data, p->Size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
|
||||
break;
|
||||
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
|
||||
OvsDataXorPtrPos(p->Data, p->Size);
|
||||
@ -604,7 +604,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
|
||||
OvsDataReverse(p->Data, p->Size);
|
||||
break;
|
||||
case OPENVPN_SCRAMBLE_MODE_OBFUSCATE:
|
||||
OvsDataXorMask(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
|
||||
OvsDataXorMask(p->Data, p->Size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
|
||||
OvsDataXorPtrPos(p->Data, p->Size);
|
||||
OvsDataReverse(p->Data, p->Size);
|
||||
OvsDataXorPtrPos(p->Data, p->Size);
|
||||
@ -1195,7 +1195,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
|
||||
StrCpy(opt_str, sizeof(opt_str), data->OptionString);
|
||||
if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false))
|
||||
{
|
||||
StrCpy(opt_str, sizeof(opt_str), s->Cedar->OpenVPNDefaultClientOption);
|
||||
StrCpy(opt_str, sizeof(opt_str), s->DefaultClientOption);
|
||||
}
|
||||
|
||||
o = NewEntryList(opt_str, ",", " \t");
|
||||
@ -2121,7 +2121,7 @@ OPENVPN_SESSION *OvsNewSession(OPENVPN_SERVER *s, IP *server_ip, UINT server_por
|
||||
Copy(&se->ServerIp, server_ip, sizeof(IP));
|
||||
se->ServerPort = server_port;
|
||||
|
||||
se->ObfuscationMode = s->Cedar->OpenVPNObfuscation ? INFINITE : OPENVPN_SCRAMBLE_MODE_DISABLED;
|
||||
se->ObfuscationMode = s->Obfuscation ? INFINITE : OPENVPN_SCRAMBLE_MODE_DISABLED;
|
||||
|
||||
se->LastCommTick = s->Now;
|
||||
|
||||
@ -2486,8 +2486,7 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
|
||||
// on Linux, the TAP device must be up after the OpenVPN client is connected.
|
||||
// However there is no direct push instruction to do so to OpenVPN client.
|
||||
// Therefore we push the dummy IPv4 address (RFC7600) to the OpenVPN client.
|
||||
|
||||
if (s->Cedar->OpenVPNPushDummyIPv4AddressOnL2Mode)
|
||||
if (s->PushDummyIPv4AddressOnL2Mode)
|
||||
{
|
||||
StrCat(option_str, sizeof(option_str), ",ifconfig 192.0.0.8 255.255.255.240");
|
||||
}
|
||||
@ -2836,7 +2835,7 @@ void OvsSendPacketRawNow(OPENVPN_SERVER *s, OPENVPN_SESSION *se, void *data, UIN
|
||||
case OPENVPN_SCRAMBLE_MODE_DISABLED:
|
||||
break;
|
||||
case OPENVPN_SCRAMBLE_MODE_XORMASK:
|
||||
OvsDataXorMask(data, size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
|
||||
OvsDataXorMask(data, size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
|
||||
break;
|
||||
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
|
||||
OvsDataXorPtrPos(data, size);
|
||||
@ -2848,7 +2847,7 @@ void OvsSendPacketRawNow(OPENVPN_SERVER *s, OPENVPN_SESSION *se, void *data, UIN
|
||||
OvsDataXorPtrPos(data, size);
|
||||
OvsDataReverse(data, size);
|
||||
OvsDataXorPtrPos(data, size);
|
||||
OvsDataXorMask(data, size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
|
||||
OvsDataXorMask(data, size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
|
||||
}
|
||||
|
||||
u = NewUdpPacket(&se->ServerIp, se->ServerPort, &se->ClientIp, se->ClientPort,
|
||||
@ -2937,17 +2936,39 @@ int OvsCompareSessionList(void *p1, void *p2)
|
||||
}
|
||||
|
||||
// Create a new OpenVPN server
|
||||
OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event)
|
||||
OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event)
|
||||
{
|
||||
UINT i;
|
||||
OPENVPN_SERVER *s;
|
||||
// Validate arguments
|
||||
if (cedar == NULL)
|
||||
|
||||
if (options == NULL || cedar == NULL || interrupt == NULL || sock_event == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
s = ZeroMalloc(sizeof(OPENVPN_SERVER));
|
||||
|
||||
for (i = 0; i < LIST_NUM(options); ++i)
|
||||
{
|
||||
const PROTO_OPTION *option = LIST_DATA(options, i);
|
||||
if (StrCmp(option->Name, "DefaultClientOption") == 0)
|
||||
{
|
||||
s->DefaultClientOption = CopyStr(option->String);
|
||||
}
|
||||
else if (StrCmp(option->Name, "Obfuscation") == 0)
|
||||
{
|
||||
s->Obfuscation = option->Bool;
|
||||
}
|
||||
else if (StrCmp(option->Name, "ObfuscationMask") == 0)
|
||||
{
|
||||
s->ObfuscationMask = CopyStr(option->String);
|
||||
}
|
||||
else if (StrCmp(option->Name, "PushDummyIPv4AddressOnL2Mode") == 0)
|
||||
{
|
||||
s->PushDummyIPv4AddressOnL2Mode = option->Bool;
|
||||
}
|
||||
}
|
||||
|
||||
s->Cedar = cedar;
|
||||
s->Interrupt = interrupt;
|
||||
s->SockEvent = sock_event;
|
||||
@ -3009,5 +3030,8 @@ void FreeOpenVpnServer(OPENVPN_SERVER *s)
|
||||
|
||||
DhFree(s->Dh);
|
||||
|
||||
Free(s->DefaultClientOption);
|
||||
Free(s->ObfuscationMask);
|
||||
|
||||
Free(s);
|
||||
}
|
||||
|
@ -202,11 +202,13 @@ struct OPENVPN_SERVER
|
||||
UINT NextSessionId; // Next session ID
|
||||
DH_CTX *Dh; // DH key
|
||||
UINT SessionEstablishedCount; // Number of session establishment
|
||||
// Options
|
||||
char *DefaultClientOption; // Default option string to push to client
|
||||
bool Obfuscation; // Obfuscation enabled/disabled
|
||||
char *ObfuscationMask; // String (mask) for XOR obfuscation
|
||||
bool PushDummyIPv4AddressOnL2Mode; // Push a dummy IPv4 address in L2 mode
|
||||
};
|
||||
|
||||
// OpenVPN Default Client Option String
|
||||
#define OVPN_DEF_CLIENT_OPTION_STRING "dev-type tun,link-mtu 1500,tun-mtu 1500,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
|
||||
|
||||
//// Function prototype
|
||||
const PROTO_IMPL *OvsGetProtoImpl();
|
||||
const char *OvsName();
|
||||
@ -219,7 +221,7 @@ bool OvsProcessDatagrams(void *param, LIST *in, LIST *out);
|
||||
bool OvsIsOk(void *param);
|
||||
UINT OvsEstablishedSessions(void *param);
|
||||
|
||||
OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event);
|
||||
OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event);
|
||||
void FreeOpenVpnServer(OPENVPN_SERVER *s);
|
||||
void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol);
|
||||
void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol);
|
||||
|
@ -7,15 +7,6 @@
|
||||
|
||||
#include "CedarPch.h"
|
||||
|
||||
static bool g_no_sstp = false;
|
||||
|
||||
// Get the SSTP disabling flag
|
||||
bool GetNoSstp()
|
||||
{
|
||||
|
||||
return g_no_sstp;
|
||||
}
|
||||
|
||||
const PROTO_IMPL *SstpGetProtoImpl()
|
||||
{
|
||||
static const PROTO_IMPL impl =
|
||||
|
@ -154,6 +154,5 @@ SSTP_PACKET *SstpNewDataPacket(UCHAR *data, UINT size);
|
||||
SSTP_PACKET *SstpNewControlPacket(USHORT message_type);
|
||||
SSTP_PACKET *SstpNewControlPacketWithAnAttribute(USHORT message_type, SSTP_ATTRIBUTE *a);
|
||||
void SstpSendPacket(SSTP_SERVER *s, SSTP_PACKET *p);
|
||||
bool GetNoSstp();
|
||||
|
||||
#endif // PROTO_SSTP_H
|
||||
|
@ -5878,9 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (server->DisableSSTPServer == false || s->IsReverseAcceptedSocket
|
||||
) &&
|
||||
GetServerCapsBool(server, "b_support_sstp") && GetNoSstp() == false)
|
||||
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (ProtoEnabled(server->Proto, "SSTP") || s->IsReverseAcceptedSocket) && GetServerCapsBool(server, "b_support_sstp"))
|
||||
{
|
||||
// SSTP client is connected
|
||||
c->WasSstp = true;
|
||||
|
Loading…
Reference in New Issue
Block a user