Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/SoftEtherVPN/SoftEtherVPN_Stable.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/Cedar/Server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/Cedar/Server.c')
-rw-r--r--src/Cedar/Server.c397
1 files changed, 378 insertions, 19 deletions
diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c
index 60f31ce5..9a2a4aab 100644
--- a/src/Cedar/Server.c
+++ b/src/Cedar/Server.c
@@ -3,9 +3,9 @@
//
// SoftEther VPN Server, Client and Bridge are free software under GPLv2.
//
-// Copyright (c) 2012-2014 Daiyuu Nobori.
-// Copyright (c) 2012-2014 SoftEther VPN Project, University of Tsukuba, Japan.
-// Copyright (c) 2012-2014 SoftEther Corporation.
+// Copyright (c) 2012-2016 Daiyuu Nobori.
+// Copyright (c) 2012-2016 SoftEther VPN Project, University of Tsukuba, Japan.
+// Copyright (c) 2012-2016 SoftEther Corporation.
//
// All Rights Reserved.
//
@@ -117,12 +117,17 @@ static SERVER *server = NULL;
static LOCK *server_lock = NULL;
char *SERVER_CONFIG_FILE_NAME = "@vpn_server.config";
char *SERVER_CONFIG_FILE_NAME_IN_CLIENT = "@vpn_gate_svc.config";
+char *SERVER_CONFIG_FILE_NAME_IN_CLIENT_RELAY = "@vpn_gate_relay.config";
char *BRIDGE_CONFIG_FILE_NAME = "@vpn_bridge.config";
+char *SERVER_CONFIG_TEMPLATE_NAME = "@vpn_server_template.config";
+char *BRIDGE_CONFIG_TEMPLATE_NAME = "@vpn_server_template.config";
static bool server_reset_setting = false;
static volatile UINT global_server_flags[NUM_GLOBAL_SERVER_FLAGS] = {0};
+UINT vpn_global_parameters[NUM_GLOBAL_PARAMS] = {0};
+
// Set the OpenVPN and SSTP setting
void SiSetOpenVPNAndSSTPConfig(SERVER *s, OPENVPN_SSTP_CONFIG *c)
{
@@ -255,6 +260,8 @@ UINT SiDebug(SERVER *s, RPC_TEST *ret, UINT i, char *str)
{9, "Set IPsecMessageDisplayed Flag", "", SiDebugProcSetIPsecMessageDisplayedValue},
{10, "Get VgsMessageDisplayed Flag", "", SiDebugProcGetVgsMessageDisplayedValue},
{11, "Set VgsMessageDisplayed Flag", "", SiDebugProcSetVgsMessageDisplayedValue},
+ {12, "Get the current TCP send queue length", "", SiDebugProcGetCurrentTcpSendQueueLength},
+ {13, "Get the current GetIP thread count", "", SiDebugProcGetCurrentGetIPThreadCount},
};
UINT num_proc_list = sizeof(proc_list) / sizeof(proc_list[0]);
UINT j;
@@ -452,6 +459,46 @@ UINT SiDebugProcGetVgsMessageDisplayedValue(SERVER *s, char *in_str, char *ret_s
return ERR_NO_ERROR;
}
+UINT SiDebugProcGetCurrentTcpSendQueueLength(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size)
+{
+ char tmp1[64], tmp2[64], tmp3[64];
+ // Validate arguments
+ if (s == NULL || in_str == NULL || ret_str == NULL)
+ {
+ return ERR_INVALID_PARAMETER;
+ }
+
+ ToStr3(tmp1, 0, CedarGetCurrentTcpQueueSize(s->Cedar));
+ ToStr3(tmp2, 0, CedarGetQueueBudgetConsuming(s->Cedar));
+ ToStr3(tmp3, 0, CedarGetFifoBudgetConsuming(s->Cedar));
+
+ Format(ret_str, 0,
+ "CurrentTcpQueueSize = %s\n"
+ "QueueBudgetConsuming = %s\n"
+ "FifoBudgetConsuming = %s\n",
+ tmp1, tmp2, tmp3);
+
+ return ERR_NO_ERROR;
+}
+UINT SiDebugProcGetCurrentGetIPThreadCount(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size)
+{
+ char tmp1[64], tmp2[64];
+ // Validate arguments
+ if (s == NULL || in_str == NULL || ret_str == NULL)
+ {
+ return ERR_INVALID_PARAMETER;
+ }
+
+ ToStr3(tmp1, 0, GetCurrentGetIpThreadNum());
+ ToStr3(tmp2, 0, GetGetIpThreadMaxNum());
+
+ Format(ret_str, 0,
+ "Current threads = %s\n"
+ "Quota = %s\n",
+ tmp1, tmp2);
+
+ return ERR_NO_ERROR;
+}
UINT SiDebugProcSetVgsMessageDisplayedValue(SERVER *s, char *in_str, char *ret_str, UINT ret_str_size)
{
// Validate arguments
@@ -491,6 +538,7 @@ void SiCheckDeadLockMain(SERVER *s, UINT timeout)
//Debug("SiCheckDeadLockMain Start.\n");
+
cedar = s->Cedar;
if (s->ServerListenerList != NULL)
@@ -2440,6 +2488,7 @@ void SiSetDefaultHubOption(HUB_OPTION *o)
o->NoDhcpPacketLogOutsideHub = true;
o->AccessListIncludeFileCacheLifetime = ACCESS_LIST_INCLUDE_FILE_CACHE_LIFETIME;
o->RemoveDefGwOnDhcpForLocalhost = true;
+ o->FloodingSendQueueBufferQuota = DEFAULT_FLOODING_QUEUE_LENGTH;
}
// Create a default virtual HUB
@@ -2528,12 +2577,17 @@ void SiLoadInitialConfiguration(SERVER *s)
return;
}
+ // Default to TLS only; mitigates CVE-2016-0800
+ s->Cedar->AcceptOnlyTls = true;
+
// Auto saving interval related
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
s->BackupConfigOnlyWhenModified = true;
s->Weight = FARM_DEFAULT_WEIGHT;
+ SiLoadGlobalParamsCfg(NULL);
+
// KEEP related
Zero(&k, sizeof(k));
@@ -2676,8 +2730,9 @@ bool SiLoadConfigurationFile(SERVER *s)
}
- s->CfgRw = NewCfgRw(&root,
- s->Cedar->Bridge == false ? server_config_filename : BRIDGE_CONFIG_FILE_NAME);
+ s->CfgRw = NewCfgRwEx2A(&root,
+ s->Cedar->Bridge == false ? server_config_filename : BRIDGE_CONFIG_FILE_NAME, false,
+ s->Cedar->Bridge == false ? SERVER_CONFIG_TEMPLATE_NAME : BRIDGE_CONFIG_TEMPLATE_NAME);
if (server_reset_setting)
{
@@ -2710,6 +2765,9 @@ void SiInitConfiguration(SERVER *s)
s->AutoSaveConfigSpan = SERVER_FILE_SAVE_INTERVAL_DEFAULT;
s->BackupConfigOnlyWhenModified = true;
+ // Default to TLS only; mitigates CVE-2016-0800
+ s->Cedar->AcceptOnlyTls = true;
+
// IPsec server
if (s->Cedar->Bridge == false)
{
@@ -2731,6 +2789,8 @@ void SiInitConfiguration(SERVER *s)
SLog(s->Cedar, "LS_LOAD_CONFIG_3");
SiLoadInitialConfiguration(s);
+ SetFifoCurrentReallocMemSize(MEM_FIFO_REALLOC_MEM_SIZE);
+
server_reset_setting = false;
}
else
@@ -3155,6 +3215,10 @@ void SiWriteLocalBridges(FOLDER *f, SERVER *s)
CfgAddBool(f, "EnableSoftEtherKernelModeDriver", Win32GetEnableSeLow());
#endif // OS_WIN32
+#ifdef UNIX_LINUX
+ CfgAddBool(f, "DoNotDisableOffloading", GetGlobalServerFlag(GSF_LOCALBRIDGE_NO_DISABLE_OFFLOAD));
+#endif // UNIX_LINUX
+
LockList(s->Cedar->LocalBridgeList);
{
UINT i;
@@ -3234,6 +3298,10 @@ void SiLoadLocalBridges(SERVER *s, FOLDER *f)
Win32EthSetShowAllIf(CfgGetBool(f, "ShowAllInterfaces"));
#endif // OS_WIN32
+#ifdef UNIX_LINUX
+ SetGlobalServerFlag(GSF_LOCALBRIDGE_NO_DISABLE_OFFLOAD, CfgGetBool(f, "DoNotDisableOffloading"));
+#endif // UNIX_LINUX
+
t = CfgEnumFolderToTokenList(f);
for (i = 0;i < t->NumTokens;i++)
@@ -3972,6 +4040,14 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
o->FixForDLinkBPDU = CfgGetBool(f, "FixForDLinkBPDU");
o->BroadcastLimiterStrictMode = CfgGetBool(f, "BroadcastLimiterStrictMode");
o->MaxLoggedPacketsPerMinute = CfgGetInt(f, "MaxLoggedPacketsPerMinute");
+ if (CfgIsItem(f, "FloodingSendQueueBufferQuota"))
+ {
+ o->FloodingSendQueueBufferQuota = CfgGetInt(f, "FloodingSendQueueBufferQuota");
+ }
+ else
+ {
+ o->FloodingSendQueueBufferQuota = DEFAULT_FLOODING_QUEUE_LENGTH;
+ }
o->DoNotSaveHeavySecurityLogs = CfgGetBool(f, "DoNotSaveHeavySecurityLogs");
if (CfgIsItem(f, "DropBroadcastsInPrivacyFilterMode"))
@@ -4028,10 +4104,18 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o)
}
o->DisableKernelModeSecureNAT = CfgGetBool(f, "DisableKernelModeSecureNAT");
+ o->DisableIpRawModeSecureNAT = CfgGetBool(f, "DisableIpRawModeSecureNAT");
o->DisableUserModeSecureNAT = CfgGetBool(f, "DisableUserModeSecureNAT");
o->DisableCheckMacOnLocalBridge = CfgGetBool(f, "DisableCheckMacOnLocalBridge");
o->DisableCorrectIpOffloadChecksum = CfgGetBool(f, "DisableCorrectIpOffloadChecksum");
o->SuppressClientUpdateNotification = CfgGetBool(f, "SuppressClientUpdateNotification");
+ o->AssignVLanIdByRadiusAttribute = CfgGetBool(f, "AssignVLanIdByRadiusAttribute");
+ o->DenyAllRadiusLoginWithNoVlanAssign = CfgGetBool(f, "DenyAllRadiusLoginWithNoVlanAssign");
+ o->SecureNAT_RandomizeAssignIp = CfgGetBool(f, "SecureNAT_RandomizeAssignIp");
+ o->DetectDormantSessionInterval = CfgGetInt(f, "DetectDormantSessionInterval");
+ o->NoPhysicalIPOnPacketLog = CfgGetBool(f, "NoPhysicalIPOnPacketLog");
+ o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption");
+ o->UseHubNameAsRadiusNasId = CfgGetBool(f, "UseHubNameAsRadiusNasId");
// Enabled by default
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@@ -4102,10 +4186,16 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
}
CfgAddBool(f, "BroadcastLimiterStrictMode", o->BroadcastLimiterStrictMode);
CfgAddInt(f, "MaxLoggedPacketsPerMinute", o->MaxLoggedPacketsPerMinute);
+ CfgAddInt(f, "FloodingSendQueueBufferQuota", o->FloodingSendQueueBufferQuota);
CfgAddBool(f, "DoNotSaveHeavySecurityLogs", o->DoNotSaveHeavySecurityLogs);
CfgAddBool(f, "DropBroadcastsInPrivacyFilterMode", o->DropBroadcastsInPrivacyFilterMode);
CfgAddBool(f, "DropArpInPrivacyFilterMode", o->DropArpInPrivacyFilterMode);
CfgAddBool(f, "SuppressClientUpdateNotification", o->SuppressClientUpdateNotification);
+ CfgAddBool(f, "AssignVLanIdByRadiusAttribute", o->AssignVLanIdByRadiusAttribute);
+ CfgAddBool(f, "DenyAllRadiusLoginWithNoVlanAssign", o->DenyAllRadiusLoginWithNoVlanAssign);
+ CfgAddBool(f, "SecureNAT_RandomizeAssignIp", o->SecureNAT_RandomizeAssignIp);
+ CfgAddBool(f, "NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog);
+ CfgAddInt(f, "DetectDormantSessionInterval", o->DetectDormantSessionInterval);
CfgAddBool(f, "NoLookBPDUBridgeId", o->NoLookBPDUBridgeId);
CfgAddInt(f, "AdjustTcpMssValue", o->AdjustTcpMssValue);
CfgAddBool(f, "DisableAdjustTcpMss", o->DisableAdjustTcpMss);
@@ -4122,9 +4212,12 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o)
CfgAddInt(f, "SecureNAT_MaxIcmpSessionsPerIp", o->SecureNAT_MaxIcmpSessionsPerIp);
CfgAddInt(f, "AccessListIncludeFileCacheLifetime", o->AccessListIncludeFileCacheLifetime);
CfgAddBool(f, "DisableKernelModeSecureNAT", o->DisableKernelModeSecureNAT);
+ CfgAddBool(f, "DisableIpRawModeSecureNAT", o->DisableIpRawModeSecureNAT);
CfgAddBool(f, "DisableUserModeSecureNAT", o->DisableUserModeSecureNAT);
CfgAddBool(f, "DisableCheckMacOnLocalBridge", o->DisableCheckMacOnLocalBridge);
CfgAddBool(f, "DisableCorrectIpOffloadChecksum", o->DisableCorrectIpOffloadChecksum);
+ CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
+ CfgAddBool(f, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
}
// Write the user
@@ -4926,6 +5019,9 @@ void SiWriteHubCfg(FOLDER *f, HUB *h)
CfgAddInt(f, "RadiusServerPort", h->RadiusServerPort);
CfgAddInt(f, "RadiusRetryInterval", h->RadiusRetryInterval);
CfgAddStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter);
+
+ CfgAddBool(f, "RadiusConvertAllMsChapv2AuthRequestToEap", h->RadiusConvertAllMsChapv2AuthRequestToEap);
+ CfgAddBool(f, "RadiusUsePeapInsteadOfEap", h->RadiusUsePeapInsteadOfEap);
CfgAddStr(f, "RadiusRealm", h->RadiusRealm);
}
Unlock(h->RadiusOptionLock);
@@ -5094,6 +5190,9 @@ void SiLoadHubCfg(SERVER *s, FOLDER *f, char *name)
CfgGetStr(f, "RadiusSuffixFilter", h->RadiusSuffixFilter, sizeof(h->RadiusSuffixFilter));
CfgGetStr(f, "RadiusRealm", h->RadiusRealm, sizeof(h->RadiusRealm));
+ h->RadiusConvertAllMsChapv2AuthRequestToEap = CfgGetBool(f, "RadiusConvertAllMsChapv2AuthRequestToEap");
+ h->RadiusUsePeapInsteadOfEap = CfgGetBool(f, "RadiusUsePeapInsteadOfEap");
+
if (interval == 0)
{
interval = RADIUS_RETRY_INTERVAL;
@@ -5699,6 +5798,8 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
K *k = NULL;
bool cluster_allowed = false;
UINT num_connections_per_ip = 0;
+ FOLDER *params_folder;
+ UINT i;
// Validate arguments
if (s == NULL || f == NULL)
{
@@ -5716,6 +5817,16 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
s->AutoSaveConfigSpan = MAKESURE(s->AutoSaveConfigSpan, SERVER_FILE_SAVE_INTERVAL_MIN, SERVER_FILE_SAVE_INTERVAL_MAX);
}
+ i = CfgGetInt(f, "MaxConcurrentDnsClientThreads");
+ if (i != 0)
+ {
+ SetGetIpThreadMaxNum(i);
+ }
+ else
+ {
+ SetGetIpThreadMaxNum(DEFAULT_GETIP_THREAD_MAX_NUM);
+ }
+
s->DontBackupConfig = CfgGetBool(f, "DontBackupConfig");
if (CfgIsItem(f, "BackupConfigOnlyWhenModified"))
@@ -5727,6 +5838,19 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
s->BackupConfigOnlyWhenModified = true;
}
+ // Server log switch type
+ if (CfgIsItem(f, "ServerLogSwitchType"))
+ {
+ UINT st = CfgGetInt(f, "ServerLogSwitchType");
+
+ SetLogSwitchType(s->Logger, st);
+ }
+
+ SetMaxLogSize(CfgGetInt64(f, "LoggerMaxLogSize"));
+
+ params_folder = CfgGetFolder(f, "GlobalParams");
+ SiLoadGlobalParamsCfg(params_folder);
+
c = s->Cedar;
Lock(c->lock);
{
@@ -5807,6 +5931,7 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
s->DisableDeadLockCheck = CfgGetBool(f, "DisableDeadLockCheck");
// Eraser
+ SetEraserCheckInterval(CfgGetInt(f, "AutoDeleteCheckIntervalSecs"));
s->Eraser = NewEraser(s->Logger, CfgGetInt64(f, "AutoDeleteCheckDiskFreeSpaceMin"));
// WebUI
@@ -5837,6 +5962,16 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// Disable the OpenVPN server function
s->DisableOpenVPNServer = CfgGetBool(f, "DisableOpenVPNServer");
+ // OpenVPN Default Option String
+ if (CfgGetStr(f, "OpenVPNDefaultClientOption", tmp, sizeof(tmp)))
+ {
+ if (IsEmptyStr(tmp) == false)
+ {
+ StrCpy(c->OpenVPNDefaultClientOption,
+ sizeof(c->OpenVPNDefaultClientOption), tmp);
+ }
+ }
+
// Disable the NAT-traversal feature
s->DisableNatTraversal = CfgGetBool(f, "DisableNatTraversal");
@@ -6017,8 +6152,144 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// Configuration of VPN Azure Client
s->EnableVpnAzure = CfgGetBool(f, "EnableVpnAzure");
+
+ // Disable GetHostName when accepting TCP
+ s->DisableGetHostNameWhenAcceptTcp = CfgGetBool(f, "DisableGetHostNameWhenAcceptTcp");
+
+ if (s->DisableGetHostNameWhenAcceptTcp)
+ {
+ DisableGetHostNameWhenAcceptInit();
+ }
+
+ // Disable core dump on UNIX
+ s->DisableCoreDumpOnUnix = CfgGetBool(f, "DisableCoreDumpOnUnix");
+
+ // Disable session reconnect
+ SetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT, CfgGetBool(f, "DisableSessionReconnect"));
+
+ // AcceptOnlyTls
+ if (CfgIsItem(f, "AcceptOnlyTls"))
+ {
+ c->AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
+ }
+ else
+ {
+ c->AcceptOnlyTls = true;
+ }
+
+ if (c->AcceptOnlyTls) {
+ c->DisableSslVersions |= SSL_VERSION_SSL_V2;
+ c->DisableSslVersions |= SSL_VERSION_SSL_V3;
+ }
+
+ if (CfgGetStr(f, "DisableSslVersions", tmp, sizeof(tmp))) {
+ TOKEN_LIST *sslVersions= ParseToken(tmp, ", ");
+ UINT i;
+ for (i = 0;i < sslVersions->NumTokens;i++)
+ {
+ char *sslVersion=sslVersions->Token[i];
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_SSL_V2)==0) {
+ c->DisableSslVersions |= SSL_VERSION_SSL_V2;
+ continue;
+ }
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_SSL_V3)==0) {
+ c->DisableSslVersions |= SSL_VERSION_SSL_V3;
+ continue;
+ }
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_0)==0) {
+ c->DisableSslVersions |= SSL_VERSION_TLS_V1_0;
+ continue;
+ }
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_1)==0) {
+ c->DisableSslVersions |= SSL_VERSION_TLS_V1_1;
+ continue;
+ }
+ if (StrCmp(sslVersion, NAME_SSL_VERSION_TLS_V1_2)==0) {
+ c->DisableSslVersions |= SSL_VERSION_TLS_V1_2;
+ continue;
+ }
+ }
+ FreeToken(sslVersions);
+ }
}
Unlock(c->lock);
+
+#ifdef OS_UNIX
+ if (s->DisableCoreDumpOnUnix)
+ {
+ UnixDisableCoreDump();
+ }
+#endif // OS_UNIX
+}
+
+// Load global params
+void SiLoadGlobalParamsCfg(FOLDER *f)
+{
+ SiLoadGlobalParamItem(GP_MAX_SEND_SOCKET_QUEUE_SIZE, CfgGetInt(f, "MAX_SEND_SOCKET_QUEUE_SIZE"));
+ SiLoadGlobalParamItem(GP_MIN_SEND_SOCKET_QUEUE_SIZE, CfgGetInt(f, "MIN_SEND_SOCKET_QUEUE_SIZE"));
+ SiLoadGlobalParamItem(GP_MAX_SEND_SOCKET_QUEUE_NUM, CfgGetInt(f, "MAX_SEND_SOCKET_QUEUE_NUM"));
+ SiLoadGlobalParamItem(GP_SELECT_TIME, CfgGetInt(f, "SELECT_TIME"));
+ SiLoadGlobalParamItem(GP_SELECT_TIME_FOR_NAT, CfgGetInt(f, "SELECT_TIME_FOR_NAT"));
+ SiLoadGlobalParamItem(GP_MAX_STORED_QUEUE_NUM, CfgGetInt(f, "MAX_STORED_QUEUE_NUM"));
+ SiLoadGlobalParamItem(GP_MAX_BUFFERING_PACKET_SIZE, CfgGetInt(f, "MAX_BUFFERING_PACKET_SIZE"));
+ SiLoadGlobalParamItem(GP_HUB_ARP_SEND_INTERVAL, CfgGetInt(f, "HUB_ARP_SEND_INTERVAL"));
+ SiLoadGlobalParamItem(GP_MAC_TABLE_EXPIRE_TIME, CfgGetInt(f, "MAC_TABLE_EXPIRE_TIME"));
+ SiLoadGlobalParamItem(GP_IP_TABLE_EXPIRE_TIME, CfgGetInt(f, "IP_TABLE_EXPIRE_TIME"));
+ SiLoadGlobalParamItem(GP_IP_TABLE_EXPIRE_TIME_DHCP, CfgGetInt(f, "IP_TABLE_EXPIRE_TIME_DHCP"));
+ SiLoadGlobalParamItem(GP_STORM_CHECK_SPAN, CfgGetInt(f, "STORM_CHECK_SPAN"));
+ SiLoadGlobalParamItem(GP_STORM_DISCARD_VALUE_START, CfgGetInt(f, "STORM_DISCARD_VALUE_START"));
+ SiLoadGlobalParamItem(GP_STORM_DISCARD_VALUE_END, CfgGetInt(f, "STORM_DISCARD_VALUE_END"));
+ SiLoadGlobalParamItem(GP_MAX_MAC_TABLES, CfgGetInt(f, "MAX_MAC_TABLES"));
+ SiLoadGlobalParamItem(GP_MAX_IP_TABLES, CfgGetInt(f, "MAX_IP_TABLES"));
+ SiLoadGlobalParamItem(GP_MAX_HUB_LINKS, CfgGetInt(f, "MAX_HUB_LINKS"));
+ SiLoadGlobalParamItem(GP_MEM_FIFO_REALLOC_MEM_SIZE, CfgGetInt(f, "MEM_FIFO_REALLOC_MEM_SIZE"));
+ SiLoadGlobalParamItem(GP_QUEUE_BUDGET, CfgGetInt(f, "QUEUE_BUDGET"));
+ SiLoadGlobalParamItem(GP_FIFO_BUDGET, CfgGetInt(f, "FIFO_BUDGET"));
+
+ SetFifoCurrentReallocMemSize(MEM_FIFO_REALLOC_MEM_SIZE);
+}
+
+// Load global param itesm
+void SiLoadGlobalParamItem(UINT id, UINT value)
+{
+ // Validate arguments
+ if (id == 0)
+ {
+ return;
+ }
+
+ vpn_global_parameters[id] = value;
+}
+
+// Write global params
+void SiWriteGlobalParamsCfg(FOLDER *f)
+{
+ // Validate arguments
+ if (f == NULL)
+ {
+ return;
+ }
+
+ CfgAddInt(f, "MAX_SEND_SOCKET_QUEUE_SIZE", MAX_SEND_SOCKET_QUEUE_SIZE);
+ CfgAddInt(f, "MIN_SEND_SOCKET_QUEUE_SIZE", MIN_SEND_SOCKET_QUEUE_SIZE);
+ CfgAddInt(f, "MAX_SEND_SOCKET_QUEUE_NUM", MAX_SEND_SOCKET_QUEUE_NUM);
+ CfgAddInt(f, "SELECT_TIME", SELECT_TIME);
+ CfgAddInt(f, "SELECT_TIME_FOR_NAT", SELECT_TIME_FOR_NAT);
+ CfgAddInt(f, "MAX_STORED_QUEUE_NUM", MAX_STORED_QUEUE_NUM);
+ CfgAddInt(f, "MAX_BUFFERING_PACKET_SIZE", MAX_BUFFERING_PACKET_SIZE);
+ CfgAddInt(f, "HUB_ARP_SEND_INTERVAL", HUB_ARP_SEND_INTERVAL);
+ CfgAddInt(f, "MAC_TABLE_EXPIRE_TIME", MAC_TABLE_EXPIRE_TIME);
+ CfgAddInt(f, "IP_TABLE_EXPIRE_TIME", IP_TABLE_EXPIRE_TIME);
+ CfgAddInt(f, "IP_TABLE_EXPIRE_TIME_DHCP", IP_TABLE_EXPIRE_TIME_DHCP);
+ CfgAddInt(f, "STORM_CHECK_SPAN", STORM_CHECK_SPAN);
+ CfgAddInt(f, "STORM_DISCARD_VALUE_START", STORM_DISCARD_VALUE_START);
+ CfgAddInt(f, "STORM_DISCARD_VALUE_END", STORM_DISCARD_VALUE_END);
+ CfgAddInt(f, "MAX_MAC_TABLES", MAX_MAC_TABLES);
+ CfgAddInt(f, "MAX_IP_TABLES", MAX_IP_TABLES);
+ CfgAddInt(f, "MAX_HUB_LINKS", MAX_HUB_LINKS);
+ CfgAddInt(f, "MEM_FIFO_REALLOC_MEM_SIZE", MEM_FIFO_REALLOC_MEM_SIZE);
+ CfgAddInt(f, "QUEUE_BUDGET", QUEUE_BUDGET);
+ CfgAddInt(f, "FIFO_BUDGET", FIFO_BUDGET);
}
// Write the server-specific settings
@@ -6026,12 +6297,15 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
{
BUF *b;
CEDAR *c;
+ FOLDER *params_folder;
// Validate arguments
if (f == NULL || s == NULL)
{
return;
}
+ CfgAddInt(f, "MaxConcurrentDnsClientThreads", GetGetIpThreadMaxNum());
+
CfgAddInt(f, "CurrentBuild", s->Cedar->Build);
CfgAddInt(f, "AutoSaveConfigSpan", s->AutoSaveConfigSpanSaved / 1000);
@@ -6039,6 +6313,20 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
CfgAddBool(f, "DontBackupConfig", s->DontBackupConfig);
CfgAddBool(f, "BackupConfigOnlyWhenModified", s->BackupConfigOnlyWhenModified);
+ if (s->Logger != NULL)
+ {
+ CfgAddInt(f, "ServerLogSwitchType", s->Logger->SwitchType);
+ }
+
+ CfgAddInt64(f, "LoggerMaxLogSize", GetMaxLogSize());
+
+ params_folder = CfgCreateFolder(f, "GlobalParams");
+
+ if (params_folder != NULL)
+ {
+ SiWriteGlobalParamsCfg(params_folder);
+ }
+
c = s->Cedar;
Lock(c->lock);
@@ -6086,6 +6374,7 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
// Eraser related
CfgAddInt64(f, "AutoDeleteCheckDiskFreeSpaceMin", s->Eraser->MinFreeSpace);
+ CfgAddInt(f, "AutoDeleteCheckIntervalSecs", GetEraserCheckInterval());
// WebUI
CfgAddBool(f, "UseWebUI", s->UseWebUI);
@@ -6119,6 +6408,8 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
}
}
+ CfgAddStr(f, "OpenVPNDefaultClientOption", c->OpenVPNDefaultClientOption);
+
if (c->Bridge == false)
{
// VPN over ICMP
@@ -6224,6 +6515,49 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
{
CfgAddBool(f, "EnableVpnAzure", s->EnableVpnAzure);
}
+
+ CfgAddBool(f, "DisableGetHostNameWhenAcceptTcp", s->DisableGetHostNameWhenAcceptTcp);
+ CfgAddBool(f, "DisableCoreDumpOnUnix", s->DisableCoreDumpOnUnix);
+
+ CfgAddBool(f, "AcceptOnlyTls", c->AcceptOnlyTls);
+
+ {
+ char tmp[MAX_SIZE];
+ tmp[0] = 0;
+ if (c->DisableSslVersions & SSL_VERSION_SSL_V2) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_SSL_V2);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (c->DisableSslVersions & SSL_VERSION_SSL_V3) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_SSL_V3);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (c->DisableSslVersions & SSL_VERSION_TLS_V1_0) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_0);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (c->DisableSslVersions & SSL_VERSION_TLS_V1_1) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_1);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (c->DisableSslVersions & SSL_VERSION_TLS_V1_2) {
+ StrCat(tmp, sizeof(tmp), NAME_SSL_VERSION_TLS_V1_2);
+ StrCat(tmp, sizeof(tmp), ",");
+ }
+ if (StrLen(tmp) >= 1)
+ {
+ if (tmp[StrLen(tmp) - 1] == ',')
+ {
+ tmp[StrLen(tmp) - 1] = 0;
+ }
+ }
+ CfgAddStr(f, "DisableSslVersions", tmp);
+ }
+
+
+
+ // Disable session reconnect
+ CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT));
}
Unlock(c->lock);
}
@@ -7117,7 +7451,7 @@ void SiCalledEnumHub(SERVER *s, PACK *p, PACK *req)
PackAddIntEx(p, "NumSessionsClient", Count(h->NumSessionsClient), i, num);
PackAddIntEx(p, "NumSessionsBridge", Count(h->NumSessionsBridge), i, num);
- PackAddIntEx(p, "NumMacTables", LIST_NUM(h->MacTable), i, num);
+ PackAddIntEx(p, "NumMacTables", HASH_LIST_NUM(h->MacHashTable), i, num);
PackAddIntEx(p, "NumIpTables", LIST_NUM(h->IpTable), i, num);
@@ -7245,11 +7579,17 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
o.NoLookBPDUBridgeId = PackGetBool(p, "NoLookBPDUBridgeId");
o.NoManageVlanId = PackGetBool(p, "NoManageVlanId");
o.MaxLoggedPacketsPerMinute = PackGetInt(p, "MaxLoggedPacketsPerMinute");
+ o.FloodingSendQueueBufferQuota = PackGetInt(p, "FloodingSendQueueBufferQuota");
o.DoNotSaveHeavySecurityLogs = PackGetBool(p, "DoNotSaveHeavySecurityLogs");
o.DropBroadcastsInPrivacyFilterMode = PackGetBool(p, "DropBroadcastsInPrivacyFilterMode");
o.DropArpInPrivacyFilterMode = PackGetBool(p, "DropArpInPrivacyFilterMode");
o.SuppressClientUpdateNotification = PackGetBool(p, "SuppressClientUpdateNotification");
+ o.AssignVLanIdByRadiusAttribute = PackGetBool(p, "AssignVLanIdByRadiusAttribute");
+ o.DenyAllRadiusLoginWithNoVlanAssign = PackGetBool(p, "DenyAllRadiusLoginWithNoVlanAssign");
+ o.SecureNAT_RandomizeAssignIp = PackGetBool(p, "SecureNAT_RandomizeAssignIp");
+ o.DetectDormantSessionInterval = PackGetInt(p, "DetectDormantSessionInterval");
o.VlanTypeId = PackGetInt(p, "VlanTypeId");
+ o.NoPhysicalIPOnPacketLog = PackGetBool(p, "NoPhysicalIPOnPacketLog");
if (o.VlanTypeId == 0)
{
o.VlanTypeId = MAC_PROTO_TAGVLAN;
@@ -7287,9 +7627,12 @@ void SiCalledUpdateHub(SERVER *s, PACK *p)
o.AccessListIncludeFileCacheLifetime = ACCESS_LIST_INCLUDE_FILE_CACHE_LIFETIME;
}
o.DisableKernelModeSecureNAT = PackGetBool(p, "DisableKernelModeSecureNAT");
+ o.DisableIpRawModeSecureNAT = PackGetBool(p, "DisableIpRawModeSecureNAT");
o.DisableUserModeSecureNAT = PackGetBool(p, "DisableUserModeSecureNAT");
o.DisableCheckMacOnLocalBridge = PackGetBool(p, "DisableCheckMacOnLocalBridge");
o.DisableCorrectIpOffloadChecksum = PackGetBool(p, "DisableCorrectIpOffloadChecksum");
+ o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption");
+ o.UseHubNameAsRadiusNasId = PackGetBool(p, "UseHubNameAsRadiusNasId");
save_packet_log = PackGetInt(p, "SavePacketLog");
packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType");
@@ -7466,16 +7809,13 @@ void SiCalledDeleteMacTable(SERVER *s, PACK *p)
return;
}
- LockList(h->MacTable);
+ LockHashList(h->MacHashTable);
{
- if (IsInList(h->MacTable, (void *)key))
- {
- MAC_TABLE_ENTRY *e = (MAC_TABLE_ENTRY *)key;
- Delete(h->MacTable, e);
- Free(e);
- }
+ MAC_TABLE_ENTRY *e = HashListKeyToPointer(h->MacHashTable, key);
+ DeleteHash(h->MacHashTable, e);
+ Free(e);
}
- UnlockList(h->MacTable);
+ UnlockHashList(h->MacHashTable);
ReleaseHub(h);
}
@@ -8318,11 +8658,11 @@ void SiCallEnumHub(SERVER *s, FARM_MEMBER *f)
}
UnlockList(h->SessionList);
- LockList(h->MacTable);
+ LockHashList(h->MacHashTable);
{
- hh->NumMacTables = LIST_NUM(h->MacTable);
+ hh->NumMacTables = HASH_LIST_NUM(h->MacHashTable);
}
- UnlockList(h->MacTable);
+ UnlockHashList(h->MacHashTable);
LockList(h->IpTable);
{
@@ -9086,11 +9426,17 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
PackAddBool(p, "NoSpinLockForPacketDelay", h->Option->NoSpinLockForPacketDelay);
PackAddInt(p, "BroadcastStormDetectionThreshold", h->Option->BroadcastStormDetectionThreshold);
PackAddInt(p, "MaxLoggedPacketsPerMinute", h->Option->MaxLoggedPacketsPerMinute);
+ PackAddInt(p, "FloodingSendQueueBufferQuota", h->Option->FloodingSendQueueBufferQuota);
PackAddBool(p, "DoNotSaveHeavySecurityLogs", h->Option->DoNotSaveHeavySecurityLogs);
PackAddBool(p, "DropBroadcastsInPrivacyFilterMode", h->Option->DropBroadcastsInPrivacyFilterMode);
PackAddBool(p, "DropArpInPrivacyFilterMode", h->Option->DropArpInPrivacyFilterMode);
PackAddBool(p, "SuppressClientUpdateNotification", h->Option->SuppressClientUpdateNotification);
+ PackAddBool(p, "AssignVLanIdByRadiusAttribute", h->Option->AssignVLanIdByRadiusAttribute);
+ PackAddBool(p, "DenyAllRadiusLoginWithNoVlanAssign", h->Option->DenyAllRadiusLoginWithNoVlanAssign);
PackAddInt(p, "ClientMinimumRequiredBuild", h->Option->ClientMinimumRequiredBuild);
+ PackAddBool(p, "SecureNAT_RandomizeAssignIp", h->Option->SecureNAT_RandomizeAssignIp);
+ PackAddBool(p, "NoPhysicalIPOnPacketLog", h->Option->NoPhysicalIPOnPacketLog);
+ PackAddInt(p, "DetectDormantSessionInterval", h->Option->DetectDormantSessionInterval);
PackAddBool(p, "FixForDLinkBPDU", h->Option->FixForDLinkBPDU);
PackAddBool(p, "BroadcastLimiterStrictMode", h->Option->BroadcastLimiterStrictMode);
PackAddBool(p, "NoLookBPDUBridgeId", h->Option->NoLookBPDUBridgeId);
@@ -9124,6 +9470,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
PackAddInt(p, "SecureNAT_MaxIcmpSessionsPerIp", h->Option->SecureNAT_MaxIcmpSessionsPerIp);
PackAddInt(p, "AccessListIncludeFileCacheLifetime", h->Option->AccessListIncludeFileCacheLifetime);
PackAddBool(p, "DisableKernelModeSecureNAT", h->Option->DisableKernelModeSecureNAT);
+ PackAddBool(p, "DisableIpRawModeSecureNAT", h->Option->DisableIpRawModeSecureNAT);
PackAddBool(p, "DisableUserModeSecureNAT", h->Option->DisableUserModeSecureNAT);
PackAddBool(p, "DisableCheckMacOnLocalBridge", h->Option->DisableCheckMacOnLocalBridge);
PackAddBool(p, "DisableCorrectIpOffloadChecksum", h->Option->DisableCorrectIpOffloadChecksum);
@@ -9138,6 +9485,8 @@ void SiPackAddCreateHub(PACK *p, HUB *h)
PackAddInt(p, "SecurityLogSwitchType", h->LogSetting.SecurityLogSwitchType);
PackAddData(p, "HashedPassword", h->HashedPassword, SHA1_SIZE);
PackAddData(p, "SecurePassword", h->SecurePassword, SHA1_SIZE);
+ PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption);
+ PackAddBool(p, "UseHubNameAsRadiusNasId", h->Option->UseHubNameAsRadiusNasId);
SiAccessListToPack(p, h->AccessList);
@@ -10622,17 +10971,21 @@ void SiUpdateCurrentRegion(CEDAR *c, char *region, bool force_update)
// Create a server
SERVER *SiNewServer(bool bridge)
{
- return SiNewServerEx(bridge, false);
+ return SiNewServerEx(bridge, false, false);
}
-SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server)
+SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server, bool relay_server)
{
SERVER *s;
LISTENER *inproc;
LISTENER *azure;
LISTENER *rudp;
+ SetGetIpThreadMaxNum(DEFAULT_GETIP_THREAD_MAX_NUM);
+
s = ZeroMalloc(sizeof(SERVER));
+ SetEraserCheckInterval(0);
+
SiInitHubCreateHistory(s);
InitServerCapsCache(s);
@@ -10701,6 +11054,8 @@ SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server)
// Initialize the configuration
SiInitConfiguration(s);
+ SetFifoCurrentReallocMemSize(MEM_FIFO_REALLOC_MEM_SIZE);
+
if (s->DisableIntelAesAcceleration)
{
@@ -10714,6 +11069,10 @@ SERVER *SiNewServerEx(bool bridge, bool in_client_inner_server)
OSSetHighPriority();
}
+#ifdef OS_UNIX
+ UnixSetHighOomScore();
+#endif // OS_UNIX
+
if (s->ServerType == SERVER_TYPE_FARM_MEMBER)
{
// Start a connection to the controller
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-03 14:48:57 +0300