diff options
| author | Lev Stipakov <lstipakov@gmail.com> | 2015-10-10 19:04:25 +0300 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2015-10-11 11:05:09 +0200 |
| commit | 0d1a75bfe241466230c41a52c6013494135c5935 (patch) | |
| tree | e432b2ffd5f0933aeca0d1a7366e273e56459896 /src/openvpn/multi.h | |
| parent | 9403e3f4b510fbc4187044f31be8f7dccbde1cf1 (diff) | |
| download | openvpn-0d1a75bfe241466230c41a52c6013494135c5935.tar.gz openvpn-0d1a75bfe241466230c41a52c6013494135c5935.tar.xz openvpn-0d1a75bfe241466230c41a52c6013494135c5935.zip | |
Send push reply right after async auth complete
v3:
* better comments
* better variable naming
* include sys/inotify.h if HAVE_SYS_INOTIFY_H is defined
v2:
More careful inotify_watchers handling
* Ensure that same multi_instance is added only once
* Ensure that multi_instance is always removed
v1:
This feature speeds up connection establishment in cases when async
authentication result is not ready when first push request arrives. At
the moment server sends push reply only when it receives next push
request, which comes 5 seconds later.
Implementation overview.
Add new configure option ENABLE_ASYNC_PUSH, which can be enabled if
system supports inotify.
Add inotify descriptor to an event loop. Add inotify watch for a
authentication control file. Store mapping between watch descriptor and
multi_instance in a dictionary. When file is closed, inotify fires an
event and we continue with connection establishment - call client-
connect etc and send push reply.
Inotify watch descriptor got automatically deleted after file is closed
or when file is removed. We catch that event and remove it from the
dictionary.
Feature is easily tested with sample "defer" plugin and following settings:
auth-user-pass-optional
setenv test_deferred_auth 3
plugin simple.so
Signed-off-by: Lev Stipakov <lstipakov@gmail.com>
Add doxygen comment
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: <1444493065-13506-1-git-send-email-lstipakov@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10248
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'src/openvpn/multi.h')
| -rw-r--r-- | src/openvpn/multi.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index 32b89d2..69ed85e 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -105,6 +105,10 @@ struct multi_instance { struct context context; /**< The context structure storing state * for this VPN tunnel. */ + +#ifdef ENABLE_ASYNC_PUSH + int inotify_watch; /* watch descriptor for acf */ +#endif }; @@ -172,6 +176,11 @@ struct multi_context { * Timer object for stale route check */ struct event_timeout stale_routes_check_et; + +#ifdef ENABLE_ASYNC_PUSH + /* mapping between inotify watch descriptors and multi_instances */ + struct hash *inotify_watchers; +#endif }; /* @@ -327,6 +336,18 @@ void multi_close_instance_on_signal (struct multi_context *m, struct multi_insta void init_management_callback_multi (struct multi_context *m); void uninit_management_callback_multi (struct multi_context *m); + +#ifdef ENABLE_ASYNC_PUSH +/** + * Called when inotify event is fired, which happens when acf file is closed or deleted. + * Continues authentication and sends push_repl + * + * @param m multi_context + * @param mpp_flags + */ +void multi_process_file_closed (struct multi_context *m, const unsigned int mpp_flags); +#endif + /* * Return true if our output queue is not full */ |