mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-26 11:29:53 +03:00
Cedar: use Proto API for protocol options
This commit is contained in:
parent
5209b310e3
commit
b853140626
@ -2113,7 +2113,6 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
|||||||
BUF *readme_buf;
|
BUF *readme_buf;
|
||||||
BUF *readme_pdf_buf;
|
BUF *readme_pdf_buf;
|
||||||
BUF *sample_buf;
|
BUF *sample_buf;
|
||||||
OPENVPN_SSTP_CONFIG config;
|
|
||||||
LIST *port_list;
|
LIST *port_list;
|
||||||
char my_hostname[MAX_SIZE];
|
char my_hostname[MAX_SIZE];
|
||||||
|
|
||||||
@ -2124,9 +2123,7 @@ UINT StMakeOpenVpnConfigFile(ADMIN *a, RPC_READ_LOG_FILE *t)
|
|||||||
return ERR_NOT_SUPPORTED;
|
return ERR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
SiGetOpenVPNAndSSTPConfig(s, &config);
|
if (ProtoEnabled(s->Proto, "OpenVPN") == false)
|
||||||
|
|
||||||
if (config.EnableOpenVPN == false)
|
|
||||||
{
|
{
|
||||||
return ERR_OPENVPN_IS_NOT_ENABLED;
|
return ERR_OPENVPN_IS_NOT_ENABLED;
|
||||||
}
|
}
|
||||||
|
@ -308,9 +308,9 @@ const PROTO_CONTAINER *ProtoDetect(const PROTO *proto, const PROTO_MODE mode, co
|
|||||||
const PROTO_CONTAINER *container = LIST_DATA(proto->Containers, i);
|
const PROTO_CONTAINER *container = LIST_DATA(proto->Containers, i);
|
||||||
const PROTO_IMPL *impl = container->Impl;
|
const PROTO_IMPL *impl = container->Impl;
|
||||||
|
|
||||||
if (StrCmp(impl->Name(), "OpenVPN") == 0 && proto->Cedar->Server->DisableOpenVPNServer)
|
if (ProtoEnabled(proto, container->Name) == false)
|
||||||
{
|
{
|
||||||
Debug("ProtoDetect(): OpenVPN detected, but it's disabled\n");
|
Debug("ProtoDetect(): skipping %s because it's disabled\n", container->Name);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -58,7 +58,7 @@ bool OvsInit(void **param, const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER
|
|||||||
|
|
||||||
Debug("OvsInit(): cipher: %s, hostname: %s\n", cipher, hostname);
|
Debug("OvsInit(): cipher: %s, hostname: %s\n", cipher, hostname);
|
||||||
|
|
||||||
*param = NewOpenVpnServer(cedar, im, se);
|
*param = NewOpenVpnServer(options, cedar, im, se);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -577,7 +577,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
|
|||||||
// Detect obfuscation mode and save it for the next packets in the same session
|
// Detect obfuscation mode and save it for the next packets in the same session
|
||||||
if (se->ObfuscationMode == INFINITE)
|
if (se->ObfuscationMode == INFINITE)
|
||||||
{
|
{
|
||||||
se->ObfuscationMode = OvsDetectObfuscation(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask);
|
se->ObfuscationMode = OvsDetectObfuscation(p->Data, p->Size, s->ObfuscationMask);
|
||||||
if (se->ObfuscationMode != INFINITE)
|
if (se->ObfuscationMode != INFINITE)
|
||||||
{
|
{
|
||||||
Debug("OvsProceccRecvPacket(): detected packet obfuscation/scrambling mode: %u\n", se->ObfuscationMode);
|
Debug("OvsProceccRecvPacket(): detected packet obfuscation/scrambling mode: %u\n", se->ObfuscationMode);
|
||||||
@ -595,7 +595,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
|
|||||||
case OPENVPN_SCRAMBLE_MODE_DISABLED:
|
case OPENVPN_SCRAMBLE_MODE_DISABLED:
|
||||||
break;
|
break;
|
||||||
case OPENVPN_SCRAMBLE_MODE_XORMASK:
|
case OPENVPN_SCRAMBLE_MODE_XORMASK:
|
||||||
OvsDataXorMask(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
|
OvsDataXorMask(p->Data, p->Size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
|
||||||
break;
|
break;
|
||||||
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
|
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
|
||||||
OvsDataXorPtrPos(p->Data, p->Size);
|
OvsDataXorPtrPos(p->Data, p->Size);
|
||||||
@ -604,7 +604,7 @@ void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol)
|
|||||||
OvsDataReverse(p->Data, p->Size);
|
OvsDataReverse(p->Data, p->Size);
|
||||||
break;
|
break;
|
||||||
case OPENVPN_SCRAMBLE_MODE_OBFUSCATE:
|
case OPENVPN_SCRAMBLE_MODE_OBFUSCATE:
|
||||||
OvsDataXorMask(p->Data, p->Size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
|
OvsDataXorMask(p->Data, p->Size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
|
||||||
OvsDataXorPtrPos(p->Data, p->Size);
|
OvsDataXorPtrPos(p->Data, p->Size);
|
||||||
OvsDataReverse(p->Data, p->Size);
|
OvsDataReverse(p->Data, p->Size);
|
||||||
OvsDataXorPtrPos(p->Data, p->Size);
|
OvsDataXorPtrPos(p->Data, p->Size);
|
||||||
@ -1195,7 +1195,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
|
|||||||
StrCpy(opt_str, sizeof(opt_str), data->OptionString);
|
StrCpy(opt_str, sizeof(opt_str), data->OptionString);
|
||||||
if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false))
|
if (s->Cedar != NULL && (IsEmptyStr(opt_str) || StartWith(opt_str, "V0 UNDEF") || InStr(opt_str, ",") == false))
|
||||||
{
|
{
|
||||||
StrCpy(opt_str, sizeof(opt_str), s->Cedar->OpenVPNDefaultClientOption);
|
StrCpy(opt_str, sizeof(opt_str), s->DefaultClientOption);
|
||||||
}
|
}
|
||||||
|
|
||||||
o = NewEntryList(opt_str, ",", " \t");
|
o = NewEntryList(opt_str, ",", " \t");
|
||||||
@ -2121,7 +2121,7 @@ OPENVPN_SESSION *OvsNewSession(OPENVPN_SERVER *s, IP *server_ip, UINT server_por
|
|||||||
Copy(&se->ServerIp, server_ip, sizeof(IP));
|
Copy(&se->ServerIp, server_ip, sizeof(IP));
|
||||||
se->ServerPort = server_port;
|
se->ServerPort = server_port;
|
||||||
|
|
||||||
se->ObfuscationMode = s->Cedar->OpenVPNObfuscation ? INFINITE : OPENVPN_SCRAMBLE_MODE_DISABLED;
|
se->ObfuscationMode = s->Obfuscation ? INFINITE : OPENVPN_SCRAMBLE_MODE_DISABLED;
|
||||||
|
|
||||||
se->LastCommTick = s->Now;
|
se->LastCommTick = s->Now;
|
||||||
|
|
||||||
@ -2486,8 +2486,7 @@ void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol)
|
|||||||
// on Linux, the TAP device must be up after the OpenVPN client is connected.
|
// on Linux, the TAP device must be up after the OpenVPN client is connected.
|
||||||
// However there is no direct push instruction to do so to OpenVPN client.
|
// However there is no direct push instruction to do so to OpenVPN client.
|
||||||
// Therefore we push the dummy IPv4 address (RFC7600) to the OpenVPN client.
|
// Therefore we push the dummy IPv4 address (RFC7600) to the OpenVPN client.
|
||||||
|
if (s->PushDummyIPv4AddressOnL2Mode)
|
||||||
if (s->Cedar->OpenVPNPushDummyIPv4AddressOnL2Mode)
|
|
||||||
{
|
{
|
||||||
StrCat(option_str, sizeof(option_str), ",ifconfig 192.0.0.8 255.255.255.240");
|
StrCat(option_str, sizeof(option_str), ",ifconfig 192.0.0.8 255.255.255.240");
|
||||||
}
|
}
|
||||||
@ -2836,7 +2835,7 @@ void OvsSendPacketRawNow(OPENVPN_SERVER *s, OPENVPN_SESSION *se, void *data, UIN
|
|||||||
case OPENVPN_SCRAMBLE_MODE_DISABLED:
|
case OPENVPN_SCRAMBLE_MODE_DISABLED:
|
||||||
break;
|
break;
|
||||||
case OPENVPN_SCRAMBLE_MODE_XORMASK:
|
case OPENVPN_SCRAMBLE_MODE_XORMASK:
|
||||||
OvsDataXorMask(data, size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
|
OvsDataXorMask(data, size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
|
||||||
break;
|
break;
|
||||||
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
|
case OPENVPN_SCRAMBLE_MODE_XORPTRPOS:
|
||||||
OvsDataXorPtrPos(data, size);
|
OvsDataXorPtrPos(data, size);
|
||||||
@ -2848,7 +2847,7 @@ void OvsSendPacketRawNow(OPENVPN_SERVER *s, OPENVPN_SESSION *se, void *data, UIN
|
|||||||
OvsDataXorPtrPos(data, size);
|
OvsDataXorPtrPos(data, size);
|
||||||
OvsDataReverse(data, size);
|
OvsDataReverse(data, size);
|
||||||
OvsDataXorPtrPos(data, size);
|
OvsDataXorPtrPos(data, size);
|
||||||
OvsDataXorMask(data, size, s->Cedar->OpenVPNObfuscationMask, StrLen(s->Cedar->OpenVPNObfuscationMask));
|
OvsDataXorMask(data, size, s->ObfuscationMask, StrLen(s->ObfuscationMask));
|
||||||
}
|
}
|
||||||
|
|
||||||
u = NewUdpPacket(&se->ServerIp, se->ServerPort, &se->ClientIp, se->ClientPort,
|
u = NewUdpPacket(&se->ServerIp, se->ServerPort, &se->ClientIp, se->ClientPort,
|
||||||
@ -2937,17 +2936,39 @@ int OvsCompareSessionList(void *p1, void *p2)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Create a new OpenVPN server
|
// Create a new OpenVPN server
|
||||||
OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event)
|
OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event)
|
||||||
{
|
{
|
||||||
|
UINT i;
|
||||||
OPENVPN_SERVER *s;
|
OPENVPN_SERVER *s;
|
||||||
// Validate arguments
|
|
||||||
if (cedar == NULL)
|
if (options == NULL || cedar == NULL || interrupt == NULL || sock_event == NULL)
|
||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
s = ZeroMalloc(sizeof(OPENVPN_SERVER));
|
s = ZeroMalloc(sizeof(OPENVPN_SERVER));
|
||||||
|
|
||||||
|
for (i = 0; i < LIST_NUM(options); ++i)
|
||||||
|
{
|
||||||
|
const PROTO_OPTION *option = LIST_DATA(options, i);
|
||||||
|
if (StrCmp(option->Name, "DefaultClientOption") == 0)
|
||||||
|
{
|
||||||
|
s->DefaultClientOption = CopyStr(option->String);
|
||||||
|
}
|
||||||
|
else if (StrCmp(option->Name, "Obfuscation") == 0)
|
||||||
|
{
|
||||||
|
s->Obfuscation = option->Bool;
|
||||||
|
}
|
||||||
|
else if (StrCmp(option->Name, "ObfuscationMask") == 0)
|
||||||
|
{
|
||||||
|
s->ObfuscationMask = CopyStr(option->String);
|
||||||
|
}
|
||||||
|
else if (StrCmp(option->Name, "PushDummyIPv4AddressOnL2Mode") == 0)
|
||||||
|
{
|
||||||
|
s->PushDummyIPv4AddressOnL2Mode = option->Bool;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
s->Cedar = cedar;
|
s->Cedar = cedar;
|
||||||
s->Interrupt = interrupt;
|
s->Interrupt = interrupt;
|
||||||
s->SockEvent = sock_event;
|
s->SockEvent = sock_event;
|
||||||
@ -3009,5 +3030,8 @@ void FreeOpenVpnServer(OPENVPN_SERVER *s)
|
|||||||
|
|
||||||
DhFree(s->Dh);
|
DhFree(s->Dh);
|
||||||
|
|
||||||
|
Free(s->DefaultClientOption);
|
||||||
|
Free(s->ObfuscationMask);
|
||||||
|
|
||||||
Free(s);
|
Free(s);
|
||||||
}
|
}
|
||||||
|
@ -202,11 +202,13 @@ struct OPENVPN_SERVER
|
|||||||
UINT NextSessionId; // Next session ID
|
UINT NextSessionId; // Next session ID
|
||||||
DH_CTX *Dh; // DH key
|
DH_CTX *Dh; // DH key
|
||||||
UINT SessionEstablishedCount; // Number of session establishment
|
UINT SessionEstablishedCount; // Number of session establishment
|
||||||
|
// Options
|
||||||
|
char *DefaultClientOption; // Default option string to push to client
|
||||||
|
bool Obfuscation; // Obfuscation enabled/disabled
|
||||||
|
char *ObfuscationMask; // String (mask) for XOR obfuscation
|
||||||
|
bool PushDummyIPv4AddressOnL2Mode; // Push a dummy IPv4 address in L2 mode
|
||||||
};
|
};
|
||||||
|
|
||||||
// OpenVPN Default Client Option String
|
|
||||||
#define OVPN_DEF_CLIENT_OPTION_STRING "dev-type tun,link-mtu 1500,tun-mtu 1500,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
|
|
||||||
|
|
||||||
//// Function prototype
|
//// Function prototype
|
||||||
const PROTO_IMPL *OvsGetProtoImpl();
|
const PROTO_IMPL *OvsGetProtoImpl();
|
||||||
const char *OvsName();
|
const char *OvsName();
|
||||||
@ -219,7 +221,7 @@ bool OvsProcessDatagrams(void *param, LIST *in, LIST *out);
|
|||||||
bool OvsIsOk(void *param);
|
bool OvsIsOk(void *param);
|
||||||
UINT OvsEstablishedSessions(void *param);
|
UINT OvsEstablishedSessions(void *param);
|
||||||
|
|
||||||
OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event);
|
OPENVPN_SERVER *NewOpenVpnServer(const LIST *options, CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOCK_EVENT *sock_event);
|
||||||
void FreeOpenVpnServer(OPENVPN_SERVER *s);
|
void FreeOpenVpnServer(OPENVPN_SERVER *s);
|
||||||
void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol);
|
void OvsRecvPacket(OPENVPN_SERVER *s, LIST *recv_packet_list, UINT protocol);
|
||||||
void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol);
|
void OvsProceccRecvPacket(OPENVPN_SERVER *s, UDPPACKET *p, UINT protocol);
|
||||||
|
@ -7,15 +7,6 @@
|
|||||||
|
|
||||||
#include "CedarPch.h"
|
#include "CedarPch.h"
|
||||||
|
|
||||||
static bool g_no_sstp = false;
|
|
||||||
|
|
||||||
// Get the SSTP disabling flag
|
|
||||||
bool GetNoSstp()
|
|
||||||
{
|
|
||||||
|
|
||||||
return g_no_sstp;
|
|
||||||
}
|
|
||||||
|
|
||||||
const PROTO_IMPL *SstpGetProtoImpl()
|
const PROTO_IMPL *SstpGetProtoImpl()
|
||||||
{
|
{
|
||||||
static const PROTO_IMPL impl =
|
static const PROTO_IMPL impl =
|
||||||
|
@ -154,6 +154,5 @@ SSTP_PACKET *SstpNewDataPacket(UCHAR *data, UINT size);
|
|||||||
SSTP_PACKET *SstpNewControlPacket(USHORT message_type);
|
SSTP_PACKET *SstpNewControlPacket(USHORT message_type);
|
||||||
SSTP_PACKET *SstpNewControlPacketWithAnAttribute(USHORT message_type, SSTP_ATTRIBUTE *a);
|
SSTP_PACKET *SstpNewControlPacketWithAnAttribute(USHORT message_type, SSTP_ATTRIBUTE *a);
|
||||||
void SstpSendPacket(SSTP_SERVER *s, SSTP_PACKET *p);
|
void SstpSendPacket(SSTP_SERVER *s, SSTP_PACKET *p);
|
||||||
bool GetNoSstp();
|
|
||||||
|
|
||||||
#endif // PROTO_SSTP_H
|
#endif // PROTO_SSTP_H
|
||||||
|
@ -5878,9 +5878,7 @@ bool ServerDownloadSignature(CONNECTION *c, char **error_detail_str)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (server->DisableSSTPServer == false || s->IsReverseAcceptedSocket
|
else if (StrCmpi(h->Method, "SSTP_DUPLEX_POST") == 0 && (ProtoEnabled(server->Proto, "SSTP") || s->IsReverseAcceptedSocket) && GetServerCapsBool(server, "b_support_sstp"))
|
||||||
) &&
|
|
||||||
GetServerCapsBool(server, "b_support_sstp") && GetNoSstp() == false)
|
|
||||||
{
|
{
|
||||||
// SSTP client is connected
|
// SSTP client is connected
|
||||||
c->WasSstp = true;
|
c->WasSstp = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user