Made some options connection-entry specific

The following options may now be used in a connection block: fragment mssfix tun-mtu tun-mtu-extra link-mtu mtu_discover_type explicit-exit-notification In order to support stuff like <connection> remote host proto udp fragment explicit-exit-notification 3 </connection> <connection> remote host proto tcp </connection> Signed-off-by: Jan Just Keijser <janjust@nikhef.nl> Acked-by: David Sommerseth <davids@redhat.com> Signed-off-by: David Sommerseth <davids@redhat.com>
2024-11-27 11:43:51 +08:00 · 2012-02-07 16:29:47 +01:00 · 2012-02-07 16:29:47 +01:00 · 76809cae0e
commit 76809cae0e
parent bdf9ab7516
6 changed files with 109 additions and 106 deletions
--- a/forward.c
+++ b/forward.c
@ -1005,7 +1005,7 @@ process_incoming_tun (struct context *c)
 void
 process_ipv4_header (struct context *c, unsigned int flags, struct buffer *buf)
 {
-  if (!c->options.mssfix)
+  if (!c->options.ce.mssfix)
    flags &= ~PIPV4_MSSFIX;
 #if PASSTOS_CAPABILITY
  if (!c->options.passtos)
--- a/init.c
+++ b/init.c
@ -1779,10 +1779,10 @@ do_deferred_options (struct context *c, const unsigned int found)
 #ifdef ENABLE_OCC
  if (found & OPT_P_EXPLICIT_NOTIFY)
    {
-      if (!proto_is_udp(c->options.ce.proto) && c->options.explicit_exit_notification)
+      if (!proto_is_udp(c->options.ce.proto) && c->options.ce.explicit_exit_notification)
 	{
 	  msg (D_PUSH, "OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp");
-	  c->options.explicit_exit_notification = 0;
+	  c->options.ce.explicit_exit_notification = 0;
 	}
      else
 	msg (D_PUSH, "OPTIONS IMPORT: explicit notify parm(s) modified");
@ -1955,10 +1955,10 @@ frame_finalize_options (struct context *c, const struct options *o)
    }
  
  frame_finalize (&c->c2.frame,
-		  o->link_mtu_defined,
-		  o->link_mtu,
-		  o->tun_mtu_defined,
-		  o->tun_mtu);
+		  o->ce.link_mtu_defined,
+		  o->ce.link_mtu,
+		  o->ce.tun_mtu_defined,
+		  o->ce.tun_mtu);
 }

 /*
@ -2404,8 +2404,8 @@ do_init_frame (struct context *c)
  /*
   * Adjust frame size based on the --tun-mtu-extra parameter.
   */
-  if (c->options.tun_mtu_extra_defined)
-    tun_adjust_frame_parameters (&c->c2.frame, c->options.tun_mtu_extra);
+  if (c->options.ce.tun_mtu_extra_defined)
+    tun_adjust_frame_parameters (&c->c2.frame, c->options.ce.tun_mtu_extra);

  /*
   * Adjust frame size based on link socket parameters.
@ -2434,13 +2434,13 @@ do_init_frame (struct context *c)
  /*
   * MTU advisories
   */
-  if (c->options.fragment && c->options.mtu_test)
+  if (c->options.ce.fragment && c->options.mtu_test)
    msg (M_WARN,
 	 "WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result");
 #endif

 #ifdef ENABLE_FRAGMENT
-  if ((c->options.mssfix || c->options.fragment)
+  if ((c->options.ce.mssfix || c->options.ce.fragment)
      && TUN_MTU_SIZE (&c->c2.frame_fragment) != ETHERNET_MTU)
    msg (M_WARN,
 	 "WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu %d (currently it is %d)",
@ -2612,9 +2612,9 @@ do_init_buffers (struct context *c)
 static void
 do_init_fragment (struct context *c)
 {
-  ASSERT (c->options.fragment);
+  ASSERT (c->options.ce.fragment);
  frame_set_mtu_dynamic (&c->c2.frame_fragment,
-			 c->options.fragment, SET_MTU_UPPER_BOUND);
+			 c->options.ce.fragment, SET_MTU_UPPER_BOUND);
  fragment_frame_init (c->c2.fragment, &c->c2.frame_fragment);
 }
 #endif
@ -2625,10 +2625,10 @@ do_init_fragment (struct context *c)
 static void
 do_init_mssfix (struct context *c)
 {
-  if (c->options.mssfix)
+  if (c->options.ce.mssfix)
    {
      frame_set_mtu_dynamic (&c->c2.frame,
-			     c->options.mssfix, SET_MTU_UPPER_BOUND);
+			     c->options.ce.mssfix, SET_MTU_UPPER_BOUND);
    }
 }

@ -2684,7 +2684,7 @@ do_init_socket_1 (struct context *c, const int mode)
 			   c->options.ce.connect_retry_seconds,
 			   c->options.ce.connect_timeout,
 			   c->options.ce.connect_retry_max,
-			   c->options.mtu_discover_type,
+			   c->options.ce.mtu_discover_type,
 			   c->options.rcvbuf,
 			   c->options.sndbuf,
 			   c->options.mark,
@ -3399,7 +3399,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int

 #ifdef ENABLE_FRAGMENT
  /* initialize internal fragmentation object */
-  if (options->fragment && (c->mode == CM_P2P || child))
+  if (options->ce.fragment && (c->mode == CM_P2P || child))
    c->c2.fragment = fragment_init (&c->c2.frame);
 #endif

@ -3435,7 +3435,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int

 #ifdef ENABLE_FRAGMENT
  /* initialize internal fragmentation capability with known frame size */
-  if (options->fragment && (c->mode == CM_P2P || child))
+  if (options->ce.fragment && (c->mode == CM_P2P || child))
    do_init_fragment (c);
 #endif

--- a/occ.c
+++ b/occ.c
@ -368,7 +368,7 @@ process_received_occ_msg (struct context *c)
 	       c->c2.max_recv_size_remote,
 	       c->c2.max_send_size_remote,
 	       c->c2.max_recv_size_local);
-	  if (!c->options.fragment
+	  if (!c->options.ce.fragment
 	      && (proto_is_dgram(c->options.ce.proto))
 	      && c->c2.max_send_size_local > TUN_MTU_MIN
 	      && (c->c2.max_recv_size_remote < c->c2.max_send_size_local
--- a/options.c
+++ b/options.c
@ -767,10 +767,10 @@ init_options (struct options *o, const bool init_gc)
  o->status_file_update_freq = 60;
  o->status_file_version = 1;
  o->ce.bind_local = true;
-  o->tun_mtu = TUN_MTU_DEFAULT;
-  o->link_mtu = LINK_MTU_DEFAULT;
-  o->mtu_discover_type = -1;
-  o->mssfix = MSSFIX_DEFAULT;
+  o->ce.tun_mtu = TUN_MTU_DEFAULT;
+  o->ce.link_mtu = LINK_MTU_DEFAULT;
+  o->ce.mtu_discover_type = -1;
+  o->ce.mssfix = MSSFIX_DEFAULT;
  o->route_delay_window = 30;
  o->max_routes = MAX_ROUTES_DEFAULT;
  o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
@ -1359,9 +1359,27 @@ show_connection_entry (const struct connection_entry *o)
  SHOW_STR (socks_proxy_server);
  SHOW_INT (socks_proxy_port);
  SHOW_BOOL (socks_proxy_retry);
+#endif
+  SHOW_INT (tun_mtu);
+  SHOW_BOOL (tun_mtu_defined);
+  SHOW_INT (link_mtu);
+  SHOW_BOOL (link_mtu_defined);
+  SHOW_INT (tun_mtu_extra);
+  SHOW_BOOL (tun_mtu_extra_defined);
+
+  SHOW_INT (mtu_discover_type);
+
+#ifdef ENABLE_FRAGMENT
+  SHOW_INT (fragment);
+#endif
+  SHOW_INT (mssfix);
+
+#ifdef ENABLE_OCC
+  SHOW_INT (explicit_exit_notification);
 #endif
 }

+
 static void
 show_connection_entries (const struct options *o)
 {
@ -1432,19 +1450,6 @@ show_settings (const struct options *o)
 #ifdef HAVE_GETTIMEOFDAY
  SHOW_INT (shaper);
 #endif
-  SHOW_INT (tun_mtu);
-  SHOW_BOOL (tun_mtu_defined);
-  SHOW_INT (link_mtu);
-  SHOW_BOOL (link_mtu_defined);
-  SHOW_INT (tun_mtu_extra);
-  SHOW_BOOL (tun_mtu_extra_defined);
-
-#ifdef ENABLE_FRAGMENT
-  SHOW_INT (fragment);
-#endif
-
-  SHOW_INT (mtu_discover_type);
-
 #ifdef ENABLE_OCC
  SHOW_INT (mtu_test);
 #endif
@ -1459,16 +1464,11 @@ show_settings (const struct options *o)
  SHOW_INT (ping_rec_timeout_action);
  SHOW_BOOL (ping_timer_remote);
  SHOW_INT (remap_sigusr1);
-#ifdef ENABLE_OCC
-  SHOW_INT (explicit_exit_notification);
-#endif
  SHOW_BOOL (persist_tun);
  SHOW_BOOL (persist_local_ip);
  SHOW_BOOL (persist_remote_ip);
  SHOW_BOOL (persist_key);

-  SHOW_INT (mssfix);
-  
 #if PASSTOS_CAPABILITY
  SHOW_BOOL (passtos);
 #endif
@ -1958,7 +1958,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
  /*
   * Sanity check on MTU parameters
   */
-  if (options->tun_mtu_defined && options->link_mtu_defined)
+  if (options->ce.tun_mtu_defined && options->ce.link_mtu_defined)
    msg (M_USAGE, "only one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT);

 #ifdef ENABLE_OCC
@ -2041,12 +2041,12 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
   */

 #ifdef ENABLE_FRAGMENT
-  if (!proto_is_udp(ce->proto) && options->fragment)
+  if (!proto_is_udp(ce->proto) && ce->fragment)
    msg (M_USAGE, "--fragment can only be used with --proto udp");
 #endif

 #ifdef ENABLE_OCC
-  if (!proto_is_udp(ce->proto) && options->explicit_exit_notification)
+  if (!proto_is_udp(ce->proto) && ce->explicit_exit_notification)
    msg (M_USAGE, "--explicit-exit-notify can only be used with --proto udp");
 #endif

@ -2131,7 +2131,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
      if (!(dev == DEV_TYPE_TAP || (dev == DEV_TYPE_TUN && options->topology == TOP_SUBNET)) && options->ifconfig_pool_netmask)
 	msg (M_USAGE, "The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode");
 #ifdef ENABLE_OCC
-      if (options->explicit_exit_notification)
+      if (ce->explicit_exit_notification)
 	msg (M_USAGE, "--explicit-exit-notify cannot be used with --mode server");
 #endif
      if (options->routes && (options->routes->flags & RG_ENABLE))
@ -2426,6 +2426,21 @@ options_postprocess_mutate_ce (struct options *o, struct connection_entry *ce)
  /* if protocol forcing is enabled, disable all protocols except for the forced one */
  if (o->proto_force >= 0 && proto_is_tcp(o->proto_force) != proto_is_tcp(ce->proto))
    ce->flags |= CE_DISABLED;
+
+  /*
+   * If --mssfix is supplied without a parameter, default
+   * it to --fragment value, if --fragment is specified.
+   */
+  if (o->ce.mssfix_default)
+    {
+#ifdef ENABLE_FRAGMENT
+      if (ce->fragment)
+	o->ce.mssfix = ce->fragment;
+#else
+      msg (M_USAGE, "--mssfix must specify a parameter");
+#endif      
+    }
+
 }

 static void
@ -2433,20 +2448,6 @@ options_postprocess_mutate_invariant (struct options *options)
 {
  const int dev = dev_type_enum (options->dev, options->dev_type);

-  /*
-   * If --mssfix is supplied without a parameter, default
-   * it to --fragment value, if --fragment is specified.
-   */
-  if (options->mssfix_default)
-    {
-#ifdef ENABLE_FRAGMENT
-      if (options->fragment)
-	options->mssfix = options->fragment;
-#else
-      msg (M_USAGE, "--mssfix must specify a parameter");
-#endif      
-    }
-
  /*
   * In forking TCP server mode, you don't need to ifconfig
   * the tap device (the assumption is that it will be bridged).
@ -2458,14 +2459,14 @@ options_postprocess_mutate_invariant (struct options *options)
   * Set MTU defaults
   */
  {
-    if (!options->tun_mtu_defined && !options->link_mtu_defined)
+    if (!options->ce.tun_mtu_defined && !options->ce.link_mtu_defined)
      {
-	options->tun_mtu_defined = true;
+	options->ce.tun_mtu_defined = true;
      }
-    if ((dev == DEV_TYPE_TAP) && !options->tun_mtu_extra_defined)
+    if ((dev == DEV_TYPE_TAP) && !options->ce.tun_mtu_extra_defined)
      {
-	options->tun_mtu_extra_defined = true;
-	options->tun_mtu_extra = TAP_MTU_EXTRA_DEFAULT;
+	options->ce.tun_mtu_extra_defined = true;
+	options->ce.tun_mtu_extra = TAP_MTU_EXTRA_DEFAULT;
      }
  }

@ -2951,7 +2952,7 @@ options_string (const struct options *o,
 #endif

 #ifdef ENABLE_FRAGMENT
-  if (o->fragment)
+  if (o->ce.fragment)
    buf_printf (&out, ",mtu-dynamic");
 #endif

@ -4729,39 +4730,40 @@ add_option (struct options *options,
    }
  else if ((streq (p[0], "link-mtu") || streq (p[0], "udp-mtu")) && p[1])
    {
-      VERIFY_PERMISSION (OPT_P_MTU);
-      options->link_mtu = positive_atoi (p[1]);
-      options->link_mtu_defined = true;
+      VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION);
+      options->ce.link_mtu = positive_atoi (p[1]);
+      options->ce.link_mtu_defined = true;
    }
  else if (streq (p[0], "tun-mtu") && p[1])
    {
-      VERIFY_PERMISSION (OPT_P_MTU);
-      options->tun_mtu = positive_atoi (p[1]);
-      options->tun_mtu_defined = true;
+      VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION);
+      options->ce.tun_mtu = positive_atoi (p[1]);
+      options->ce.tun_mtu_defined = true;
    }
  else if (streq (p[0], "tun-mtu-extra") && p[1])
    {
-      VERIFY_PERMISSION (OPT_P_MTU);
-      options->tun_mtu_extra = positive_atoi (p[1]);
-      options->tun_mtu_extra_defined = true;
+      VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION);
+      options->ce.tun_mtu_extra = positive_atoi (p[1]);
+      options->ce.tun_mtu_extra_defined = true;
    }
 #ifdef ENABLE_FRAGMENT
  else if (streq (p[0], "mtu-dynamic"))
    {
-      VERIFY_PERMISSION (OPT_P_GENERAL);
+      VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION);
      msg (msglevel, "--mtu-dynamic has been replaced by --fragment");
      goto err;
    }
  else if (streq (p[0], "fragment") && p[1])
    {
-      VERIFY_PERMISSION (OPT_P_MTU);
-      options->fragment = positive_atoi (p[1]);
+//      VERIFY_PERMISSION (OPT_P_MTU);
+      VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION);
+      options->ce.fragment = positive_atoi (p[1]);
    }
 #endif
  else if (streq (p[0], "mtu-disc") && p[1])
    {
-      VERIFY_PERMISSION (OPT_P_MTU);
-      options->mtu_discover_type = translate_mtu_discover_type_name (p[1]);
+      VERIFY_PERMISSION (OPT_P_MTU|OPT_P_CONNECTION);
+      options->ce.mtu_discover_type = translate_mtu_discover_type_name (p[1]);
    }
 #ifdef ENABLE_OCC
  else if (streq (p[0], "mtu-test"))
@ -5106,14 +5108,15 @@ add_option (struct options *options,
 #ifdef ENABLE_OCC
  else if (streq (p[0], "explicit-exit-notify"))
    {
-      VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY);
+      VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+//      VERIFY_PERMISSION (OPT_P_EXPLICIT_NOTIFY);
      if (p[1])
 	{
-	  options->explicit_exit_notification = positive_atoi (p[1]);
+	  options->ce.explicit_exit_notification = positive_atoi (p[1]);
 	}
      else
 	{
-	  options->explicit_exit_notification = 1;
+	  options->ce.explicit_exit_notification = 1;
 	}
    }
 #endif
@ -5369,13 +5372,13 @@ add_option (struct options *options,
    }
  else if (streq (p[0], "mssfix"))
    {
-      VERIFY_PERMISSION (OPT_P_GENERAL);
+      VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
      if (p[1])
 	{
-	  options->mssfix = positive_atoi (p[1]);
+	  options->ce.mssfix = positive_atoi (p[1]);
 	}
      else
-	options->mssfix_default = true;
+	options->ce.mssfix_default = true;

    }
 #ifdef ENABLE_OCC
--- a/options.h
+++ b/options.h
@ -111,6 +111,24 @@ struct connection_entry
  bool socks_proxy_retry;
 #endif

+  int tun_mtu;           /* MTU of tun device */
+  bool tun_mtu_defined;  /* true if user overriding parm with command line option */
+  int tun_mtu_extra;
+  bool tun_mtu_extra_defined;
+  int link_mtu;          /* MTU of device over which tunnel packets pass via TCP/UDP */
+  bool link_mtu_defined; /* true if user overriding parm with command line option */
+
+  /* Advanced MTU negotiation and datagram fragmentation options */
+  int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
+
+  int fragment;          /* internal fragmentation size */
+  int mssfix;            /* Upper bound on TCP MSS */
+  bool mssfix_default;   /* true if --mssfix was supplied without a parameter */
+
+#ifdef ENABLE_OCC
+  int explicit_exit_notification;  /* Explicitly tell peer when we are exiting via OCC_EXIT message */
+#endif
+
 # define CE_DISABLED (1<<0)
 #if HTTP_PROXY_FALLBACK
 # define CE_HTTP_PROXY_FALLBACK (1<<1)
@ -245,24 +263,13 @@ struct options
 #ifdef HAVE_GETTIMEOFDAY
  int shaper;
 #endif
-  int tun_mtu;           /* MTU of tun device */
-  int tun_mtu_extra;
-  bool tun_mtu_extra_defined;
-  int link_mtu;          /* MTU of device over which tunnel packets pass via TCP/UDP */
-  bool tun_mtu_defined;  /* true if user overriding parm with command line option */
-  bool link_mtu_defined; /* true if user overriding parm with command line option */

  int proto_force;

-  /* Advanced MTU negotiation and datagram fragmentation options */
-  int mtu_discover_type; /* used if OS supports setting Path MTU discovery options on socket */
-
 #ifdef ENABLE_OCC
  bool mtu_test;
 #endif

-  int fragment;                 /* internal fragmentation size */
-
 #ifdef ENABLE_MEMSTATS
  char *memstats_fn;
 #endif
@ -285,18 +292,11 @@ struct options
 # define PING_RESTART 2
  int ping_rec_timeout_action;  /* What action to take on ping_rec_timeout (exit or restart)? */

-#ifdef ENABLE_OCC
-  int explicit_exit_notification;  /* Explicitly tell peer when we are exiting via OCC_EXIT message */
-#endif
-
  bool persist_tun;             /* Don't close/reopen TUN/TAP dev on SIGUSR1 or PING_RESTART */
  bool persist_local_ip;        /* Don't re-resolve local address on SIGUSR1 or PING_RESTART */
  bool persist_remote_ip;       /* Don't re-resolve remote address on SIGUSR1 or PING_RESTART */
  bool persist_key;             /* Don't re-read key files on SIGUSR1 or PING_RESTART */

-  int mssfix;                   /* Upper bound on TCP MSS */
-  bool mssfix_default;          /* true if --mssfix was supplied without a parameter */
-
 #if PASSTOS_CAPABILITY
  bool passtos;                  
 #endif
--- a/sig.c
+++ b/sig.c
@ -300,8 +300,8 @@ process_explicit_exit_notification_timer_wakeup (struct context *c)
 			     &c->c2.timeval,
 			     ETT_DEFAULT))
    {
-      ASSERT (c->c2.explicit_exit_notification_time_wait && c->options.explicit_exit_notification);
-      if (now >= c->c2.explicit_exit_notification_time_wait + c->options.explicit_exit_notification)
+      ASSERT (c->c2.explicit_exit_notification_time_wait && c->options.ce.explicit_exit_notification);
+      if (now >= c->c2.explicit_exit_notification_time_wait + c->options.ce.explicit_exit_notification)
 	{
 	  event_timeout_clear (&c->c2.explicit_exit_notification_interval);
 	  c->sig->signal_received = SIGTERM;
@ -340,7 +340,7 @@ process_sigterm (struct context *c)
 {
  bool ret = true;
 #ifdef ENABLE_OCC
-  if (c->options.explicit_exit_notification
+  if (c->options.ce.explicit_exit_notification
      && !c->c2.explicit_exit_notification_time_wait)
    {
      process_explicit_exit_notification_init (c);