diff options
| -rw-r--r-- | forward.c | 2 | ||||
| -rw-r--r-- | init.c | 34 | ||||
| -rw-r--r-- | occ.c | 2 | ||||
| -rw-r--r-- | options.c | 125 | ||||
| -rw-r--r-- | options.h | 36 | ||||
| -rw-r--r-- | sig.c | 6 |
6 files changed, 104 insertions, 101 deletions
@@ -1005,7 +1005,7 @@ process_incoming_tun (struct context *c) void process_ipv4_header (struct context *c, unsigned int flags, struct buffer *buf) { - if (!c->options.mssfix) + if (!c->options.ce.mssfix) flags &= ~PIPV4_MSSFIX; #if PASSTOS_CAPABILITY if (!c->options.passtos) @@ -1779,10 +1779,10 @@ do_deferred_options (struct context *c, const unsigned int found) #ifdef ENABLE_OCC if (found & OPT_P_EXPLICIT_NOTIFY) { - if (!proto_is_udp(c->options.ce.proto) && c->options.explicit_exit_notification) + if (!proto_is_udp(c->options.ce.proto) && c->options.ce.explicit_exit_notification) { msg (D_PUSH, "OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp"); - c->options.explicit_exit_notification = 0; + c->options.ce.explicit_exit_notification = 0; } else msg (D_PUSH, "OPTIONS IMPORT: explicit notify parm(s) modified"); @@ -1955,10 +1955,10 @@ frame_finalize_options (struct context *c, const struct options *o) } frame_finalize (&c->c2.frame, - o->link_mtu_defined, - o->link_mtu, - o->tun_mtu_defined, - o->tun_mtu); + o->ce.link_mtu_defined, + o->ce.link_mtu, + o->ce.tun_mtu_defined, + o->ce.tun_mtu); } /* @@ -2404,8 +2404,8 @@ do_init_frame (struct context *c) /* * Adjust frame size based on the --tun-mtu-extra parameter. */ - if (c->options.tun_mtu_extra_defined) - tun_adjust_frame_parameters (&c->c2.frame, c->options.tun_mtu_extra); + if (c->options.ce.tun_mtu_extra_defined) + tun_adjust_frame_parameters (&c->c2.frame, c->options.ce.tun_mtu_extra); /* * Adjust frame size based on link socket parameters. @@ -2434,13 +2434,13 @@ do_init_frame (struct context *c) /* * MTU advisories */ - if (c->options.fragment && c->options.mtu_test) + if (c->options.ce.fragment && c->options.mtu_test) msg (M_WARN, "WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result"); #endif #ifdef ENABLE_FRAGMENT - if ((c->options.mssfix || c->options.fragment) + if ((c->options.ce.mssfix || c->options.ce.fragment) && TUN_MTU_SIZE (&c->c2.frame_fragment) != ETHERNET_MTU) msg (M_WARN, "WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu %d (currently it is %d)", @@ -2612,9 +2612,9 @@ do_init_buffers (struct context *c) static void do_init_fragment (struct context *c) { - ASSERT (c->options.fragment); + ASSERT (c->options.ce.fragment); frame_set_mtu_dynamic (&c->c2.frame_fragment, - c->options.fragment, SET_MTU_UPPER_BOUND); + c->options.ce.fragment, SET_MTU_UPPER_BOUND); fragment_frame_init (c->c2.fragment, &c->c2.frame_fragment); } #endif @@ -2625,10 +2625,10 @@ do_init_fragment (struct context *c) static void do_init_mssfix (struct context *c) { - if (c->options.mssfix) + if (c->options.ce.mssfix) { frame_set_mtu_dynamic (&c->c2.frame, - c->options.mssfix, SET_MTU_UPPER_BOUND); + c->options.ce.mssfix, SET_MTU_UPPER_BOUND); } } @@ -2684,7 +2684,7 @@ do_init_socket_1 (struct context *c, const int mode) c->options.ce.connect_retry_seconds, c->options.ce.connect_timeout, c->options.ce.connect_retry_max, - c->options.mtu_discover_type, + c->options.ce.mtu_discover_type, c->options.rcvbuf, c->options.sndbuf, c->options.mark, @@ -3399,7 +3399,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int #ifdef ENABLE_FRAGMENT /* initialize internal fragmentation object */ - if (options->fragment && (c->mode == CM_P2P || child)) + if (options->ce.fragment && (c->mode == CM_P2P || child)) c->c2.fragment = fragment_init (&c->c2.frame); #endif @@ -3435,7 +3435,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int #ifdef ENABLE_FRAGMENT /* initialize internal fragmentation capability with known frame size */ - if (options->fragment && (c->mode == CM_P2P || child)) + if (options->ce.fragment && (c->mode == CM_P2P || child)) do_init_fragment (c); #endif @@ -368,7 +368,7 @@ process_received_occ_msg (struct context *c) c->c2.max_recv_size_remote, c->c2.max_send_size_remote, c->c2.max_recv_size_local); - if (!c->options.fragment + if (!c->options.ce.fragment && (proto_is_dgram(c->options.ce.proto)) && c->c2.max_send_size_local > TUN_MTU_MIN && (c->c2.max_recv_size_remote < c->c2.max_send_size_local @@ -767,10 +767,10 @@ init_options (struct options *o, const bool init_gc) o->status_file_update_freq = 60; o->status_file_version = 1; o->ce.bind_local = true; - o->tun_mtu = TUN_MTU_DEFAULT; - o->link_mtu = LINK_MTU_DEFAULT; - o->mtu_discover_type = -1; - o->mssfix = MSSFIX_DEFAULT; + o->ce.tun_mtu = TUN_MTU_DEFAULT; + o->ce.link_mtu = LINK_MTU_DEFAULT; + o->ce.mtu_discover_type = -1; + o->ce.mssfix = MSSFIX_DEFAULT; o->route_delay_window = 30; o->max_routes = MAX_ROUTES_DEFAULT; o->resolve_retry_seconds = RESOLV_RETRY_INFINITE; @@ -1360,8 +1360,26 @@ show_connection_entry (const struct connection_entry *o) SHOW_INT (socks_proxy_port); SHOW_BOOL (socks_proxy_retry); #endif + SHOW_INT (tun_mtu); + SHOW_BOOL (tun_mtu_defined); + SHOW_INT (link_mtu); + SHOW_BOOL (link_mtu_defined); + SHOW_INT (tun_mtu_extra); + SHOW_BOOL (tun_mtu_extra_defined); + + SHOW_INT (mtu_discover_type); + +#ifdef ENABLE_FRAGMENT + SHOW_INT (fragment); +#endif + SHOW_INT (mssfix); + +#ifdef ENABLE_OCC + SHOW_INT (explicit_exit_notification); +#endif } + static void show_connection_entries (const struct options *o) { @@ -1432,19 +1450,6 @@ show_settings (const struct options *o) #ifdef HAVE_GETTIMEOFDAY SHOW_INT (shaper); #endif - SHOW_INT (tun_mtu); - SHOW_BOOL (tun_mtu_defined); - SHOW_INT (link_mtu); - SHOW_BOOL (link_mtu_defined); - SHOW_INT (tun_mtu_extra); - SHOW_BOOL (tun_mtu_extra_defined); - -#ifdef ENABLE_FRAGMENT - SHOW_INT (fragment); -#endif - - SHOW_INT (mtu_discover_type); - #ifdef ENABLE_OCC SHOW_INT (mtu_test); #endif @@ -1459,16 +1464,11 @@ show_settings (const struct options *o) SHOW_INT (ping_rec_timeout_action); SHOW_BOOL (ping_timer_remote); SHOW_INT (remap_sigusr1); -#ifdef ENABLE_OCC - SHOW_INT (explicit_exit_notification); -#endif SHOW_BOOL (persist_tun); SHOW_BOOL (persist_local_ip); SHOW_BOOL (persist_remote_ip); SHOW_BOOL (persist_key); - SHOW_INT (mssfix); - #if PASSTOS_CAPABILITY SHOW_BOOL (passtos); #endif @@ -1958,7 +1958,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne /* * Sanity check on MTU parameters */ - if (options->tun_mtu_defined && options->link_mtu_defined) + if (options->ce.tun_mtu_defined && options->ce.link_mtu_defined) msg (M_USAGE, "only one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT); #ifdef ENABLE_OCC @@ -2041,12 +2041,12 @@ options_postprocess_verify_ce (const struct options *options, const struct conne */ #ifdef ENABLE_FRAGMENT - if (!proto_is_udp(ce->proto) && options->fragment) + if (!proto_is_udp(ce->proto) && ce->fragment) msg (M_USAGE, "--fragment can only be used with --proto udp"); #endif #ifdef ENABLE_OCC - if (!proto_is_udp(ce->proto) && options->explicit_exit_notification) + if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification) msg (M_USAGE, "--explicit-exit-notify can only be used with --proto udp"); #endif @@ -2131,7 +2131,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne if (!(dev == DEV_TYPE_TAP || (dev == DEV_TYPE_TUN && options->topology == TOP_SUBNET)) && options->ifconfig_pool_netmask) msg (M_USAGE, "The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode"); #ifdef ENABLE_OCC - if (options->explicit_exit_notification) + if (ce->explicit_exit_notification) msg (M_USAGE, "--explicit-exit-notify cannot be used with --mode server"); #endif if (options->routes && (options->routes->flags & RG_ENABLE)) @@ -2426,27 +2426,28 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce) /* if protocol forcing is enabled, disable all protocols except for the forced one */ if (o->proto_force >= 0 && proto_is_tcp(o->proto_force) != proto_is_tcp(ce->proto)) ce->flags |= CE_DISABLED; -} - -static void -options_postprocess_mutate_invariant (struct options *options) -{ - const int dev = dev_type_enum (options->dev, options->dev_type); /* * If --mssfix is supplied without a parameter, default * it to --fragment value, if --fragment is specified. */ - if (options->mssfix_default) + if (o->ce.mssfix_default) { #ifdef ENABLE_FRAGMENT - if (options->fragment) - options->mssfix = options->fragment; + if (ce->fragment) + o->ce.mssfix = ce->fragment; #else msg (M_USAGE, "--mssfix must specify a parameter"); #endif } +} + +static void +options_postprocess_mutate_invariant (struct options *options) +{ + const int dev = dev_type_enum (options->dev, options->dev_type); + /* * In forking TCP server mode, you don't need to ifconfig * the tap device (the assumption is that it will be bridged). @@ -2458,14 +2459,14 @@ options_postprocess_mutate_invariant (struct options *options) * Set MTU defaults */ { - if (!options->tun_mtu_defined && !options->link_mtu_defined) + if (!options->ce.tun_mtu_defined && !options->ce.link_mtu_defined) { - options->tun_mtu_defined = true; + options->ce.tun_mtu_defined = true; } - if ((dev == DEV_TYPE_TAP) && !options->tun_mtu_extra_defined) + if ((dev == DEV_TYPE_TAP) && !options->ce.tun_mtu_extra_defined) { - options->tun_mtu_extra_defined = true; - options->tun_mtu_extra = TAP_MTU_EXTRA_DEFAULT; + options->ce.tun_mtu_extra_defined = true; + options->ce.tun_mtu_extra = TAP_MTU_EXTRA_DEFAULT; } } @@ -2951,7 +2952,7 @@ options_string (const struct options *o, #endif #ifdef ENABLE_FRAGMENT - if (o->fragment) + if (o->ce.fragment) buf_printf (&out, ",mtu-dynamic"); #endif @@ -4729,39 +4730,40 @@ add_option (struct options *options, } else if ((streq (p[0], "link-mtu") || streq (p[0], "udp-mtu")) && p[1]) { - VERIFY_PERMISSION (OPT_P_MTU); - options->link_mtu = positive_atoi (p[1]); - options->link_mtu_defined = true; + VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION); + options->ce.link_mtu = positive_atoi (p[1]); + options->ce.link_mtu_defined = true; } else if (streq (p[0], "tun-mtu") && p[1]) { - VERIFY_PERMISSION (OPT_P_MTU); - options->tun_mtu = positive_atoi (p[1]); - options->tun_mtu_defined = true; + VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION); + options->ce.tun_mtu = positive_atoi (p[1]); + options->ce.tun_mtu_defined = true; } else if (streq (p[0], "tun-mtu-extra") && p[1]) { - VERIFY_PERMISSION (OPT_P_MTU); - options->tun_mtu_extra = positive_atoi (p[1]); - options->tun_mtu_extra_defined = true; + VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION); + options->ce.tun_mtu_extra = positive_atoi (p[1]); + options->ce.tun_mtu_extra_defined = true; } #ifdef ENABLE_FRAGMENT else if (streq (p[0], "mtu-dynamic")) { - VERIFY_PERMISSION (OPT_P_GENERAL); + VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION); msg (msglevel, "--mtu-dynamic has been replaced by --fragment"); goto err; } else if (streq (p[0], "fragment") && p[1]) { - VERIFY_PERMISSION (OPT_P_MTU); - options->fragment = positive_atoi (p[1]); +// VERIFY_PERMISSION (OPT_P_MTU); + VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION); + options->ce.fragment = positive_atoi (p[1]); } #endif else if (streq (p[0], "mtu-disc") && p[1]) { - VERIFY_PERMISSION (OPT_P_MTU); - options->mtu_discover_type = translate_mtu_discover_type_name (p[1]); + VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION); + options->ce.mtu_discover_type = translate_mtu_discover_type_name (p[1]); } #ifdef ENABLE_OCC else if (streq (p[0], "mtu-test")) @@ -5106,14 +5108,15 @@ add_option (struct options *options, #ifdef ENABLE_OCC else if (streq (p[0], "explicit-exit-notify")) { - VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY); + VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); +// VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY); if (p[1]) { - options->explicit_exit_notification = positive_atoi (p[1]); + options->ce.explicit_exit_notification = positive_atoi (p[1]); } else { - options->explicit_exit_notification = 1; + options->ce.explicit_exit_notification = 1; } } #endif @@ -5369,13 +5372,13 @@ add_option (struct options *options, } else if (streq (p[0], "mssfix")) { - VERIFY_PERMISSION (OPT_P_GENERAL); + VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); if (p[1]) { - options->mssfix = positive_atoi (p[1]); + options->ce.mssfix = positive_atoi (p[1]); } else - options->mssfix_default = true; + options->ce.mssfix_default = true; } #ifdef ENABLE_OCC @@ -111,6 +111,24 @@ struct connection_entry bool socks_proxy_retry; #endif + int tun_mtu; /* MTU of tun device */ + bool tun_mtu_defined; /* true if user overriding parm with command line option */ + int tun_mtu_extra; + bool tun_mtu_extra_defined; + int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */ + bool link_mtu_defined; /* true if user overriding parm with command line option */ + + /* Advanced MTU negotiation and datagram fragmentation options */ + int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */ + + int fragment; /* internal fragmentation size */ + int mssfix; /* Upper bound on TCP MSS */ + bool mssfix_default; /* true if --mssfix was supplied without a parameter */ + +#ifdef ENABLE_OCC + int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT message */ +#endif + # define CE_DISABLED (1<<0) #if HTTP_PROXY_FALLBACK # define CE_HTTP_PROXY_FALLBACK (1<<1) @@ -245,24 +263,13 @@ struct options #ifdef HAVE_GETTIMEOFDAY int shaper; #endif - int tun_mtu; /* MTU of tun device */ - int tun_mtu_extra; - bool tun_mtu_extra_defined; - int link_mtu; /* MTU of device over which tunnel packets pass via TCP/UDP */ - bool tun_mtu_defined; /* true if user overriding parm with command line option */ - bool link_mtu_defined; /* true if user overriding parm with command line option */ int proto_force; - /* Advanced MTU negotiation and datagram fragmentation options */ - int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */ - #ifdef ENABLE_OCC bool mtu_test; #endif - int fragment; /* internal fragmentation size */ - #ifdef ENABLE_MEMSTATS char *memstats_fn; #endif @@ -285,18 +292,11 @@ struct options # define PING_RESTART 2 int ping_rec_timeout_action; /* What action to take on ping_rec_timeout (exit or restart)? */ -#ifdef ENABLE_OCC - int explicit_exit_notification; /* Explicitly tell peer when we are exiting via OCC_EXIT message */ -#endif - bool persist_tun; /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */ bool persist_local_ip; /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */ bool persist_remote_ip; /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */ bool persist_key; /* Don't re-read key files on SIGUSR1 or PING_RESTART */ - int mssfix; /* Upper bound on TCP MSS */ - bool mssfix_default; /* true if --mssfix was supplied without a parameter */ - #if PASSTOS_CAPABILITY bool passtos; #endif @@ -300,8 +300,8 @@ process_explicit_exit_notification_timer_wakeup (struct context *c) &c->c2.timeval, ETT_DEFAULT)) { - ASSERT (c->c2.explicit_exit_notification_time_wait && c->options.explicit_exit_notification); - if (now >= c->c2.explicit_exit_notification_time_wait + c->options.explicit_exit_notification) + ASSERT (c->c2.explicit_exit_notification_time_wait && c->options.ce.explicit_exit_notification); + if (now >= c->c2.explicit_exit_notification_time_wait + c->options.ce.explicit_exit_notification) { event_timeout_clear (&c->c2.explicit_exit_notification_interval); c->sig->signal_received = SIGTERM; @@ -340,7 +340,7 @@ process_sigterm (struct context *c) { bool ret = true; #ifdef ENABLE_OCC - if (c->options.explicit_exit_notification + if (c->options.ce.explicit_exit_notification && !c->c2.explicit_exit_notification_time_wait) { process_explicit_exit_notification_init (c); |