James Yonan
bb642c6cd5
Minor additions to class LogPeriod.
2015-01-26 20:39:24 -07:00
James Yonan
e4b8aa6b80
Added class DevURand, conforming to RandomAPI base,
...
that grabs entropy directly from /dev/urandom.
2015-01-24 20:09:17 -07:00
James Yonan
169612f842
Add virtual void post_close() method to ScopedFD so derived
...
classes can do post-close actions.
2015-01-24 20:07:36 -07:00
James Yonan
65b24f39e9
Server: null-terminate transmitted control channel messages.
2015-01-22 17:55:57 -07:00
James Yonan
226785cbe2
Increased initial allocation of server-side AUTH_FAILED
...
buffer to 128 bytes.
2015-01-22 17:54:12 -07:00
James Yonan
433f4e362d
Minicrypto build fixes:
...
* Disable minicrypto for now in both Android and Apple builds.
* In deps/polarssl/build-polarssl, don't apply the minicrypto
patch unless "$USE_MINICRYPTO" = "1".
2015-01-19 17:48:10 -07:00
James Yonan
d4af03c205
Extended follow_references parameter of ProfileMerge class to allow
...
for full reference following (e.g. cert ssl/serv.crt) as is helpful
in server-side environments.
2015-01-19 14:30:37 -07:00
James Yonan
3350db2c41
For Listen::List parser, allow number of threads parameter
...
to be multiplied by the number of processor cores on the machine
using this syntax:
listen 0.0.0.0 1194 udp 4*N
The 4*N syntax indicates that OpenVPN should spawn 4 * N threads
to listen on 0.0.0.0:1194 where N is the number of processor
cores on the machine.
2015-01-19 14:26:41 -07:00
James Yonan
18c31bca14
Updated PolarSSL to 1.3.9a for CVE-2015-1182.
2015-01-19 14:25:42 -07:00
James Yonan
84fb5c7731
Added NULL=1 option to test/ovpncli/go to build a tunnull binary.
2015-01-17 04:41:46 -07:00
James Yonan
b53d8d5648
Added tunnull build option:
...
TUN_NULL_EXIT -- exit immediately on connection
2015-01-17 03:41:42 -07:00
James Yonan
1f08f57154
Make the stats store volatile to improve the accuracy of
...
lockless multi-threaded access.
2015-01-16 18:47:39 -07:00
James Yonan
79b9deb2bc
Added SIGUSR1/SIGUSR2 to class ASIOSignals.
...
Also added register_signals_all() method.
2015-01-16 01:52:59 -07:00
James Yonan
6f3aed5f90
Minor debug output change.
2015-01-16 00:22:14 -07:00
James Yonan
7daa811458
For consistency, ServerProto::Session should refer to base
...
class methods using a "Base::" prefix.
2015-01-15 17:06:12 -07:00
James Yonan
e2c90bf030
ServerProto::Session::stop() should reset the DC (data channel) factory.
2015-01-15 17:05:50 -07:00
James Yonan
69d0a9cefb
Added SetUserGroup class for downgrading UID/GID.
2015-01-14 23:50:40 -07:00
James Yonan
fbfc84f460
Refactored PThreadCond and added PThreadBarrier for cases
...
where all threads need to reach a known point before
executing some action.
2015-01-14 23:17:20 -07:00
James Yonan
8d61382731
Core version number updated to 3.0.3.
2015-01-14 12:12:34 -07:00
James Yonan
915d0220a4
Added methods for daemonization and redirecting stdout/stderr
...
to a log file.
2015-01-13 23:18:57 -07:00
James Yonan
d2bd31a80b
Added some missing #includes.
2015-01-13 17:02:47 -07:00
James Yonan
9af3a3d60d
In OpenSSL read_cleartext_ready(), be sure to allow
...
SSL_pending(ssl) to influence returned result.
2015-01-13 00:06:21 -07:00
James Yonan
762f84a7db
Added AuthCert::defined() method.
2015-01-12 23:23:41 -07:00
James Yonan
e0910bf6c4
Added PolarSSL AuthCert support (server-side only).
2015-01-12 23:20:23 -07:00
James Yonan
e817a9dc0b
Added dump_hex methods.
2015-01-12 23:16:51 -07:00
James Yonan
bb42a3b4f1
Minor fix to OpenSSL verify_callback_server method.
2015-01-12 23:14:29 -07:00
James Yonan
9004e8cbea
Added PThreadCond, a wrapper for pthread conditions.
2015-01-12 18:39:32 -07:00
James Yonan
58de6a371d
Added class OptionList convenience method get_num()
...
with range checking.
2015-01-12 18:35:53 -07:00
James Yonan
9965704558
Added write_string() method to write a std::string to a file.
2015-01-12 18:34:10 -07:00
James Yonan
b2190bbb7b
Added server-side APIs for peer address, client float,
...
and bandwidth stats notifications.
2015-01-12 10:58:20 -07:00
James Yonan
52858e8891
Added class LogPeriod, a class intended to help with server-side
...
logging by forming log filenames with a timestamp and facilitating
log rollover.
2015-01-12 10:54:40 -07:00
James Yonan
3816443db5
Added total_threads() method to struct Listen::List.
2015-01-12 10:53:28 -07:00
James Yonan
7f040d6482
Minor reordering of struct AuthCert data members.
2015-01-12 10:52:35 -07:00
James Yonan
64992a043b
Make date_time() method thread-safe, and allow
...
arbitrary time_t time value to be passed.
2015-01-12 10:49:49 -07:00
James Yonan
8cbac717b3
Added IPv4/v6 methods for converting to/from byte strings.
2015-01-12 10:48:38 -07:00
James Yonan
ec0e7d5549
On server side, collect client cert info in the
...
new AuthCert object, and pass it through to
management decision object along with other creds
to consider for authentication.
In OpenSSL driver, split the verify_callback
function into client/server versions.
Modified InitProcess to do a special one-time call of
SSL_get_ex_new_index in OpenSSL library, so that we
can store a private object pointer in an OpenSSL
SSL struct.
TODO: Add AuthCert functionality to PolarSSL driver.
2015-01-08 15:33:48 -07:00
James Yonan
90e53b3e9d
Moved load_duration_parm and set_duration_parm out of proto.hpp
...
and into a new file openvpn/time/durhelper.hpp.
Added skew_duration() to durhelper.hpp to randomly skew
duration values.
Added Duration::operator+(const int delta) method to
allow modification of raw duration value by an int.
2015-01-08 15:30:58 -07:00
James Yonan
8b8ff4afd9
In OpenSSL driver, modify x509_get_field to check
...
for embedded nulls in return strings.
2015-01-08 15:27:36 -07:00
James Yonan
a6fc108384
Modified auth fail APIs (both initial and mid-session) to
...
include a flag (bool tell_client) indicating whether or not
the reason string should be transmitted to the client.
2015-01-08 15:25:23 -07:00
James Yonan
2f65d5b550
Added enum_dir() function to return filenames in a directory
...
as a vector of strings.
2015-01-08 15:18:55 -07:00
James Yonan
730f3d8718
In class RandomIntBase in boostrand.hpp, added rand()
...
method that simply returns raw random value.
2015-01-08 15:18:16 -07:00
James Yonan
93ced6f8d9
Added string::root() function to return the
...
non-extension part of the filename.
2015-01-08 15:16:51 -07:00
James Yonan
d51c6c6dc4
Added render_hex_number() function to hexstr.hpp.
2015-01-08 15:16:11 -07:00
James Yonan
dbd5995d7a
OpenVPN Protocol extensions update.
...
1. Added specific details on DATA_V2/peer-id/float support.
2. For AEAD mode, emphasized that the leading 8 bytes (4 bytes for
DATA_V2/peer-id and 4 for packet ID) is all included in the AD.
3. Added specific details on protocol negotiation where the client
indicates protocol extension availability with IV_x parameters
in the peer info string, and the server responds by pushing
directives to the client to enable the feature.
4. Added "TCP nonlinear mode" section, a new protocol extension
that is needed by multithreaded TCP servers.
2015-01-06 17:16:06 -07:00
James Yonan
a80508ab21
Added initial OpenVPN Protocol extensions doc.
2015-01-06 17:14:31 -07:00
James Yonan
c2c7292a70
Updated copyright to 2015.
2015-01-06 12:56:21 -07:00
James Yonan
47236d5ab5
Updated OPENVPN_VERSION to "3.0.2".
2015-01-05 19:25:18 -07:00
James Yonan
cb7b87eaf9
Allow push of duration parameters (reneg-sec, tran-window, hand-window).
2015-01-05 12:43:29 -07:00
James Yonan
a8b951e1c6
Added debug logging to proto.hpp for
...
PROMOTE_SECONDARY_TO_PRIMARY event.
2015-01-05 12:42:27 -07:00
James Yonan
cc3a966ff5
TransportClientInstanceRecv::transport_recv now returns
...
true if incoming packet was successfully validated.
2015-01-04 20:35:53 -07:00