Merge branch 'bugfix2.1' into beta2.2

author: David Sommerseth <dazo@users.sourceforge.net> 2010-08-05 21:28:21 +0200
committer: David Sommerseth <dazo@users.sourceforge.net> 2010-08-05 21:28:21 +0200
commit: ee0f176643f7ac05a167fd0170ee95a3e0262974 (patch)
tree: b3c085c2fcb1af13203088cb718dfcd39e20fa75
parent: 328500c490c36c679e275dbf99c2820f58bcbaa3 (diff)
parent: ce722dc52bc062eb6e07f09133760579fd52f8dd (diff)
download: openvpn-ee0f176643f7ac05a167fd0170ee95a3e0262974.tar.gz
openvpn-ee0f176643f7ac05a167fd0170ee95a3e0262974.tar.xz
openvpn-ee0f176643f7ac05a167fd0170ee95a3e0262974.zip
5 files changed, 40 insertions, 8 deletions
diff --git a/forward.c b/forward.c
index a0d67d0..6e3c5f7 100644
--- a/forward.c
+++ b/forward.c
@@ -1168,8 +1168,9 @@ process_outgoing_link (struct context *c)
 		 size);
 	}
 
-      /* indicate activity regarding --inactive parameter */
-      register_activity (c, size);
+      /* if not a ping/control message, indicate activity regarding --inactive parameter */
+      if (c->c2.buf.len > 0 )
+        register_activity (c, size);
     }
   else
     {
diff --git a/openvpn-plugin.h b/openvpn-plugin.h
index 56b0a70..173a0c1 100644
--- a/openvpn-plugin.h
+++ b/openvpn-plugin.h
@@ -41,6 +41,7 @@
  * New Client Connection:
  *
  * FUNC: openvpn_plugin_client_constructor_v1
+ * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
  * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
  *                                                     in the server chain)
  * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
@@ -72,7 +73,7 @@
  * [Client session continues]
  *
  * FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_DISCONNECT
- * FUNC: openvpn_plugin_client_constructor_v1
+ * FUNC: openvpn_plugin_client_destructor_v1
  *
  * [ some time may pass ]
  *
diff --git a/openvpn.8 b/openvpn.8
index 54fe720..d8b8653 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -1366,15 +1366,25 @@ to be between 100 bytes/sec and 100 Mbytes/sec.
 .B \-\-inactive n [bytes]
 Causes OpenVPN to exit after
 .B n
-seconds of inactivity on the TUN/TAP device.  The time length
-of inactivity is measured since the last incoming tunnel packet.
+seconds of inactivity on the TUN/TAP device. The time length of
+inactivity is measured since the last incoming or outgoing tunnel
+packet.
 
 If the optional
 .B bytes
 parameter is included,
-exit after n seconds of activity on tun/tap device
-produces a combined in/out byte count that is less than
-.B bytes.
+exit if less than
+.B bytes
+of combined in/out traffic are produced on the tun/tap device
+in
+.B n
+seconds.
+
+In any case, OpenVPN's internal ping packets (which are just
+keepalives) and TLS control packets are not considered
+"activity", nor are they counted as traffic, as they are used
+internally by OpenVPN and are not an indication of actual user
+activity.
 .\"*********************************************************
 .TP
 .B \-\-ping n
diff --git a/options.c b/options.c
index 2c2a782..d40c7f0 100644
--- a/options.c
+++ b/options.c
@@ -3507,6 +3507,15 @@ msglevel_forward_compatible (struct options *options, const int msglevel)
 }
 
 static void
+warn_multiple_script (const char *script, const char *type) {
+      if (script) {
+	msg (M_WARN, "Multiple --%s scripts defined.  "
+	     "The previously configured script is overridden.", type);
+      }
+}
+
+
+static void
 add_option (struct options *options,
 	    char *p[],
 	    const char *file,
@@ -3906,6 +3915,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_SCRIPT);
       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
 	goto err;
+      warn_multiple_script (options->ipchange, "ipchange");
       options->ipchange = string_substitute (p[1], ',', ' ', &options->gc);
     }
   else if (streq (p[0], "float"))
@@ -3952,6 +3962,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_SCRIPT);
       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
 	goto err;
+      warn_multiple_script (options->up_script, "up");
       options->up_script = p[1];
     }
   else if (streq (p[0], "down") && p[1])
@@ -3959,6 +3970,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_SCRIPT);
       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
 	goto err;
+      warn_multiple_script (options->down_script, "down");
       options->down_script = p[1];
     }
   else if (streq (p[0], "down-pre"))
@@ -4627,6 +4639,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_SCRIPT);
       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
 	goto err;
+      warn_multiple_script (options->route_script, "route-up");
       options->route_script = p[1];
     }
   else if (streq (p[0], "route-noexec"))
@@ -4956,6 +4969,7 @@ add_option (struct options *options,
 	  msg (msglevel, "--auth-user-pass-verify requires a second parameter ('via-env' or 'via-file')");
 	  goto err;
 	}
+      warn_multiple_script (options->auth_user_pass_verify_script, "auth-user-pass-verify");
       options->auth_user_pass_verify_script = p[1];
     }
   else if (streq (p[0], "client-connect") && p[1])
@@ -4963,6 +4977,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_SCRIPT);
       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
 	goto err;
+      warn_multiple_script (options->client_connect_script, "client-connect");
       options->client_connect_script = p[1];
     }
   else if (streq (p[0], "client-disconnect") && p[1])
@@ -4970,6 +4985,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_SCRIPT);
       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
 	goto err;
+      warn_multiple_script (options->client_disconnect_script, "client-disconnect");
       options->client_disconnect_script = p[1];
     }
   else if (streq (p[0], "learn-address") && p[1])
@@ -4977,6 +4993,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_SCRIPT);
       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
 	goto err;
+      warn_multiple_script (options->learn_address_script, "learn-address");
       options->learn_address_script = p[1];
     }
   else if (streq (p[0], "tmp-dir") && p[1])
@@ -5750,6 +5767,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_SCRIPT);
       if (!no_more_than_n_args (msglevel, p, 2, NM_QUOTE_HINT))
 	goto err;
+      warn_multiple_script (options->tls_verify, "tls-verify");
       options->tls_verify = string_substitute (p[1], ',', ' ', &options->gc);
     }
   else if (streq (p[0], "tls-export-cert") && p[1])
diff --git a/ping.c b/ping.c
index b29927d..191ad74 100644
--- a/ping.c
+++ b/ping.c
@@ -86,5 +86,7 @@ check_ping_send_dowork (struct context *c)
    * encrypt, sign, etc.
    */
   encrypt_sign (c, true);
+  /* Set length to 0, so it won't be counted as activity */
+  c->c2.buf.len = 0;
   dmsg (D_PING, "SENT PING");
 }
author	David Sommerseth <dazo@users.sourceforge.net>	2010-08-05 21:28:21 +0200
committer	David Sommerseth <dazo@users.sourceforge.net>	2010-08-05 21:28:21 +0200
commit	ee0f176643f7ac05a167fd0170ee95a3e0262974 (patch)
tree	b3c085c2fcb1af13203088cb718dfcd39e20fa75
parent	328500c490c36c679e275dbf99c2820f58bcbaa3 (diff)
parent	ce722dc52bc062eb6e07f09133760579fd52f8dd (diff)
download	openvpn-ee0f176643f7ac05a167fd0170ee95a3e0262974.tar.gz openvpn-ee0f176643f7ac05a167fd0170ee95a3e0262974.tar.xz openvpn-ee0f176643f7ac05a167fd0170ee95a3e0262974.zip