With this change all timeouts before the first packet from the OpenVPN
server are unified into the server-poll-timeout option.
The default of 120s has been chosen to be a safe value is larger as it is
larger the sums of the old small timeouts.
V3: fix some whitespace/typos problems
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1465656195-12722-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11899
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -106,6 +106,13 @@ User-visible Changes |
106 | 106 |
- mbed TLS builds: minimum RSA key size is now 2048 bits. Shorter keys will |
107 | 107 |
not be accepted, both local and from the peer. |
108 | 108 |
|
109 |
+- --http-proxy-timeout and the static non-changeable socks timeout (5s) |
|
110 |
+ have been folded into a "unified" --connect-timeout which covers all |
|
111 |
+ steps needed to connect to the server, up to the start of the TLS exchange. |
|
112 |
+ The default value has been raised to 120s, to handle slow http/socks |
|
113 |
+ proxies graciously. The old "fail TCP fast" behaviour can be achieved by |
|
114 |
+ adding "--connect-timeout 10" to the client config. |
|
115 |
+ |
|
109 | 116 |
|
110 | 117 |
Maintainer-visible changes |
111 | 118 |
-------------------------- |
... | ... |
@@ -357,7 +357,6 @@ block: |
357 | 357 |
.B http\-proxy, |
358 | 358 |
.B http\-proxy\-option, |
359 | 359 |
.B http\-proxy\-retry, |
360 |
-.B http\-proxy\-timeout, |
|
361 | 360 |
.B link\-mtu, |
362 | 361 |
.B local, |
363 | 362 |
.B lport, |
... | ... |
@@ -473,14 +472,6 @@ Wait |
473 | 473 |
seconds between connection attempts (default=5). |
474 | 474 |
.\"********************************************************* |
475 | 475 |
.TP |
476 |
-.B \-\-connect\-timeout n |
|
477 |
-For |
|
478 |
-.B \-\-proto tcp\-client, |
|
479 |
-set connection timeout to |
|
480 |
-.B n |
|
481 |
-seconds (default=10). |
|
482 |
-.\"********************************************************* |
|
483 |
-.TP |
|
484 | 476 |
.B \-\-connect\-retry\-max n |
485 | 477 |
.B n |
486 | 478 |
specifies the number of times all |
... | ... |
@@ -538,12 +529,6 @@ Retry indefinitely on HTTP proxy errors. If an HTTP proxy error |
538 | 538 |
occurs, simulate a SIGUSR1 reset. |
539 | 539 |
.\"********************************************************* |
540 | 540 |
.TP |
541 |
-.B \-\-http\-proxy\-timeout n |
|
542 |
-Set proxy timeout to |
|
543 |
-.B n |
|
544 |
-seconds, default=5. |
|
545 |
-.\"********************************************************* |
|
546 |
-.TP |
|
547 | 541 |
.B \-\-http\-proxy\-option type [parm] |
548 | 542 |
Set extended HTTP proxy options. |
549 | 543 |
Repeat to set multiple options. |
... | ... |
@@ -3976,14 +3961,12 @@ description of the OpenVPN challenge/response protocol. |
3976 | 3976 |
.\"********************************************************* |
3977 | 3977 |
.TP |
3978 | 3978 |
.B \-\-server\-poll\-timeout n |
3979 |
-when polling possible remote servers to connect to |
|
3980 |
-in a round-robin fashion, spend no more than |
|
3979 |
+.B \-\-connect\-timeout n |
|
3980 |
+when connecting to a remote server do not wait for more than |
|
3981 | 3981 |
.B n |
3982 | 3982 |
seconds waiting for a response before trying the next server. |
3983 |
-As this only makes sense in client-to-server setups, it cannot |
|
3984 |
-be used in point-to-point setups using |
|
3985 |
-.B \-\-secret |
|
3986 |
-symmetrical key mode. |
|
3983 |
+The default value is 120s. This timeout includes proxy and TCP |
|
3984 |
+connect timeouts. |
|
3987 | 3985 |
.\"********************************************************* |
3988 | 3986 |
.TP |
3989 | 3987 |
.B \-\-explicit\-exit\-notify [n] |
... | ... |
@@ -125,7 +125,7 @@ check_server_poll_timeout (struct context *c) |
125 | 125 |
{ |
126 | 126 |
void check_server_poll_timeout_dowork (struct context *c); |
127 | 127 |
|
128 |
- if (c->options.server_poll_timeout |
|
128 |
+ if (c->options.ce.connect_timeout |
|
129 | 129 |
&& event_timeout_trigger (&c->c2.server_poll_interval, &c->c2.timeval, ETT_DEFAULT)) |
130 | 130 |
check_server_poll_timeout_dowork (c); |
131 | 131 |
} |
... | ... |
@@ -324,6 +324,13 @@ check_inactivity_timeout_dowork (struct context *c) |
324 | 324 |
register_signal (c, SIGTERM, "inactive"); |
325 | 325 |
} |
326 | 326 |
|
327 |
+int |
|
328 |
+get_server_poll_remaining_time (struct event_timeout* server_poll_timeout) |
|
329 |
+{ |
|
330 |
+ update_time(); |
|
331 |
+ int remaining = event_timeout_remaining(server_poll_timeout); |
|
332 |
+ return max_int (0, remaining); |
|
333 |
+} |
|
327 | 334 |
#if P2MP |
328 | 335 |
|
329 | 336 |
void |
... | ... |
@@ -538,13 +545,16 @@ process_coarse_timers (struct context *c) |
538 | 538 |
return; |
539 | 539 |
|
540 | 540 |
#if P2MP |
541 |
- check_server_poll_timeout (c); |
|
542 |
- if (c->sig->signal_received) |
|
543 |
- return; |
|
541 |
+ if (c->c2.tls_multi) |
|
542 |
+ { |
|
543 |
+ check_server_poll_timeout (c); |
|
544 |
+ if (c->sig->signal_received) |
|
545 |
+ return; |
|
544 | 546 |
|
545 |
- check_scheduled_exit (c); |
|
546 |
- if (c->sig->signal_received) |
|
547 |
- return; |
|
547 |
+ check_scheduled_exit (c); |
|
548 |
+ if (c->sig->signal_received) |
|
549 |
+ return; |
|
550 |
+ } |
|
548 | 551 |
#endif |
549 | 552 |
|
550 | 553 |
#ifdef ENABLE_OCC |
... | ... |
@@ -103,7 +103,7 @@ void show_wait_status (struct context *c); |
103 | 103 |
* once for each remaining fragment with this parameter set to false. |
104 | 104 |
*/ |
105 | 105 |
void encrypt_sign (struct context *c, bool comp_frag); |
106 |
- |
|
106 |
+int get_server_poll_remaining_time (struct event_timeout* server_poll_timeout); |
|
107 | 107 |
|
108 | 108 |
/**********************************************************************/ |
109 | 109 |
/** |
... | ... |
@@ -1058,6 +1058,19 @@ reset_coarse_timers (struct context *c) |
1058 | 1058 |
} |
1059 | 1059 |
|
1060 | 1060 |
/* |
1061 |
+ * Initialise the server poll timeout timer |
|
1062 |
+ * This timer is used in the http/socks proxy setup so it needs to be setup |
|
1063 |
+ * before |
|
1064 |
+ */ |
|
1065 |
+static void |
|
1066 |
+do_init_server_poll_timeout (struct context *c) |
|
1067 |
+{ |
|
1068 |
+ update_time (); |
|
1069 |
+ if (c->options.ce.connect_timeout) |
|
1070 |
+ event_timeout_init (&c->c2.server_poll_interval, c->options.ce.connect_timeout, now); |
|
1071 |
+} |
|
1072 |
+ |
|
1073 |
+/* |
|
1061 | 1074 |
* Initialize timers |
1062 | 1075 |
*/ |
1063 | 1076 |
static void |
... | ... |
@@ -1078,11 +1091,6 @@ do_init_timers (struct context *c, bool deferred) |
1078 | 1078 |
if (c->options.ping_rec_timeout) |
1079 | 1079 |
event_timeout_init (&c->c2.ping_rec_interval, c->options.ping_rec_timeout, now); |
1080 | 1080 |
|
1081 |
-#if P2MP |
|
1082 |
- if (c->options.server_poll_timeout) |
|
1083 |
- event_timeout_init (&c->c2.server_poll_interval, c->options.server_poll_timeout, now); |
|
1084 |
-#endif |
|
1085 |
- |
|
1086 | 1081 |
if (!deferred) |
1087 | 1082 |
{ |
1088 | 1083 |
/* initialize connection establishment timer */ |
... | ... |
@@ -1969,11 +1977,6 @@ socket_restart_pause (struct context *c) |
1969 | 1969 |
#if P2MP |
1970 | 1970 |
if (auth_retry_get () == AR_NOINTERACT) |
1971 | 1971 |
sec = 10; |
1972 |
- |
|
1973 |
-#if 0 /* not really needed because of c->persist.restart_sleep_seconds */ |
|
1974 |
- if (c->options.server_poll_timeout && sec > 1) |
|
1975 |
- sec = 1; |
|
1976 |
-#endif |
|
1977 | 1972 |
#endif |
1978 | 1973 |
|
1979 | 1974 |
if (c->persist.restart_sleep_seconds > 0 && c->persist.restart_sleep_seconds > sec) |
... | ... |
@@ -2660,11 +2663,6 @@ do_option_warnings (struct context *c) |
2660 | 2660 |
msg (M_WARN, "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info."); |
2661 | 2661 |
#endif |
2662 | 2662 |
|
2663 |
-#ifndef CONNECT_NONBLOCK |
|
2664 |
- if (o->ce.connect_timeout_defined) |
|
2665 |
- msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS"); |
|
2666 |
-#endif |
|
2667 |
- |
|
2668 | 2663 |
/* If a script is used, print appropiate warnings */ |
2669 | 2664 |
if (o->user_script_used) |
2670 | 2665 |
{ |
... | ... |
@@ -2819,11 +2817,11 @@ do_init_socket_1 (struct context *c, const int mode) |
2819 | 2819 |
c->options.ipchange, |
2820 | 2820 |
c->plugins, |
2821 | 2821 |
c->options.resolve_retry_seconds, |
2822 |
- c->options.ce.connect_timeout, |
|
2823 | 2822 |
c->options.ce.mtu_discover_type, |
2824 | 2823 |
c->options.rcvbuf, |
2825 | 2824 |
c->options.sndbuf, |
2826 | 2825 |
c->options.mark, |
2826 |
+ &c->c2.server_poll_interval, |
|
2827 | 2827 |
sockflags); |
2828 | 2828 |
} |
2829 | 2829 |
|
... | ... |
@@ -3653,6 +3651,9 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int |
3653 | 3653 |
*/ |
3654 | 3654 |
do_uid_gid_chroot (c, c->c2.did_open_tun); |
3655 | 3655 |
|
3656 |
+ /* initialise connect timeout timer */ |
|
3657 |
+ do_init_server_poll_timeout(c); |
|
3658 |
+ |
|
3656 | 3659 |
/* finalize the TCP/UDP socket */ |
3657 | 3660 |
if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) |
3658 | 3661 |
do_init_socket_2 (c); |
... | ... |
@@ -186,6 +186,15 @@ event_timeout_modify_wakeup (struct event_timeout* et, interval_t n) |
186 | 186 |
} |
187 | 187 |
|
188 | 188 |
/* |
189 |
+ * Will return the time left for a timeout, this function does not check |
|
190 |
+ * if the timeout is actually valid |
|
191 |
+ */ |
|
192 |
+static inline interval_t event_timeout_remaining (struct event_timeout* et) |
|
193 |
+{ |
|
194 |
+ return (int) et->last + et->n - now; |
|
195 |
+} |
|
196 |
+ |
|
197 |
+/* |
|
189 | 198 |
* This is the principal function for testing and triggering recurring |
190 | 199 |
* timers and will return true on a timer signal event. |
191 | 200 |
* If et_const_retry == ETT_DEFAULT and a signal occurs, |
... | ... |
@@ -417,6 +417,10 @@ struct context_2 |
417 | 417 |
time_t update_timeout_random_component; |
418 | 418 |
struct timeval timeout_random_component; |
419 | 419 |
|
420 |
+ /* Timer for everything up to the first packet from the *OpenVPN* server |
|
421 |
+ * socks, http proxy, and tcp packets do not count */ |
|
422 |
+ struct event_timeout server_poll_interval; |
|
423 |
+ |
|
420 | 424 |
/* indicates that the do_up_delay function has run */ |
421 | 425 |
bool do_up_ran; |
422 | 426 |
|
... | ... |
@@ -472,8 +476,6 @@ struct context_2 |
472 | 472 |
md_ctx_t pulled_options_state; |
473 | 473 |
struct md5_digest pulled_options_digest; |
474 | 474 |
|
475 |
- struct event_timeout server_poll_interval; |
|
476 |
- |
|
477 | 475 |
struct event_timeout scheduled_exit; |
478 | 476 |
int scheduled_exit_signal; |
479 | 477 |
#endif |
... | ... |
@@ -125,7 +125,6 @@ static const char usage_message[] = |
125 | 125 |
" p = udp6, tcp6-server, or tcp6-client (ipv6)\n" |
126 | 126 |
"--connect-retry n : For --proto tcp-client, number of seconds to wait\n" |
127 | 127 |
" between connection retries (default=%d).\n" |
128 |
- "--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n" |
|
129 | 128 |
"--connect-retry-max n : Maximum connection attempt retries, default infinite.\n" |
130 | 129 |
"--http-proxy s p [up] [auth] : Connect to remote host\n" |
131 | 130 |
" through an HTTP proxy at address s and port p.\n" |
... | ... |
@@ -137,7 +136,6 @@ static const char usage_message[] = |
137 | 137 |
" determine auth method and query for username/password\n" |
138 | 138 |
" if needed. auto-nct disables weak proxy auth methods.\n" |
139 | 139 |
"--http-proxy-retry : Retry indefinitely on HTTP proxy errors.\n" |
140 |
- "--http-proxy-timeout n : Proxy timeout in seconds, default=5.\n" |
|
141 | 140 |
"--http-proxy-option type [parm] : Set extended HTTP proxy options.\n" |
142 | 141 |
" Repeat to set multiple options.\n" |
143 | 142 |
" VERSION version (default=1.0)\n" |
... | ... |
@@ -498,7 +496,7 @@ static const char usage_message[] = |
498 | 498 |
" none (default), interact, or nointeract.\n" |
499 | 499 |
"--static-challenge t e : Enable static challenge/response protocol using\n" |
500 | 500 |
" challenge text t, with e indicating echo flag (0|1)\n" |
501 |
- "--server-poll-timeout n : when polling possible remote servers to connect to\n" |
|
501 |
+ "--connect-timeout n : when polling possible remote servers to connect to\n" |
|
502 | 502 |
" in a round-robin fashion, spend no more than n seconds\n" |
503 | 503 |
" waiting for a response before trying the next server.\n" |
504 | 504 |
#endif |
... | ... |
@@ -773,7 +771,7 @@ init_options (struct options *o, const bool init_gc) |
773 | 773 |
o->ce.af = AF_UNSPEC; |
774 | 774 |
o->ce.bind_ipv6_only = false; |
775 | 775 |
o->ce.connect_retry_seconds = 5; |
776 |
- o->ce.connect_timeout = 10; |
|
776 |
+ o->ce.connect_timeout = 120; |
|
777 | 777 |
o->connect_retry_max = 0; |
778 | 778 |
o->ce.local_port = o->ce.remote_port = OPENVPN_PORT; |
779 | 779 |
o->verbosity = 1; |
... | ... |
@@ -825,7 +823,6 @@ init_options (struct options *o, const bool init_gc) |
825 | 825 |
#endif |
826 | 826 |
#if P2MP |
827 | 827 |
o->scheduled_exit_interval = 5; |
828 |
- o->server_poll_timeout = 0; |
|
829 | 828 |
#endif |
830 | 829 |
#ifdef ENABLE_CRYPTO |
831 | 830 |
o->ciphername = "BF-CBC"; |
... | ... |
@@ -1333,7 +1330,6 @@ show_http_proxy_options (const struct http_proxy_options *o) |
1333 | 1333 |
SHOW_STR (auth_method_string); |
1334 | 1334 |
SHOW_STR (auth_file); |
1335 | 1335 |
SHOW_BOOL (retry); |
1336 |
- SHOW_INT (timeout); |
|
1337 | 1336 |
SHOW_STR (http_version); |
1338 | 1337 |
SHOW_STR (user_agent); |
1339 | 1338 |
for (i=0; i < MAX_CUSTOM_HTTP_HEADER && o->custom_headers[i].name;i++) |
... | ... |
@@ -1754,7 +1750,6 @@ parse_http_proxy_override (const char *server, |
1754 | 1754 |
ho->server = string_alloc(server, gc); |
1755 | 1755 |
ho->port = port; |
1756 | 1756 |
ho->retry = true; |
1757 |
- ho->timeout = 5; |
|
1758 | 1757 |
if (flags && !strcmp(flags, "nct")) |
1759 | 1758 |
ho->auth_retry = PAR_NCT; |
1760 | 1759 |
else |
... | ... |
@@ -1952,13 +1947,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
1952 | 1952 |
msg (M_USAGE, "--lladdr can only be used in --dev tap mode"); |
1953 | 1953 |
|
1954 | 1954 |
/* |
1955 |
- * Sanity check on TCP mode options |
|
1956 |
- */ |
|
1957 |
- if (ce->connect_timeout_defined && ce->proto != PROTO_TCP_CLIENT) |
|
1958 |
- msg (M_USAGE, "--connect-timeout doesn't make sense unless also used with " |
|
1959 |
- "--proto tcp-client or tcp6-client"); |
|
1960 |
- |
|
1961 |
- /* |
|
1962 | 1955 |
* Sanity check on MTU parameters |
1963 | 1956 |
*/ |
1964 | 1957 |
if (options->ce.tun_mtu_defined && options->ce.link_mtu_defined) |
... | ... |
@@ -2411,9 +2399,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2411 | 2411 |
MUST_BE_UNDEF (pkcs11_id); |
2412 | 2412 |
MUST_BE_UNDEF (pkcs11_id_management); |
2413 | 2413 |
#endif |
2414 |
-#if P2MP |
|
2415 |
- MUST_BE_UNDEF (server_poll_timeout); |
|
2416 |
-#endif |
|
2417 | 2414 |
|
2418 | 2415 |
if (pull) |
2419 | 2416 |
msg (M_USAGE, err, "--pull"); |
... | ... |
@@ -4741,11 +4726,11 @@ add_option (struct options *options, |
4741 | 4741 |
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); |
4742 | 4742 |
options->ce.connect_retry_seconds = positive_atoi (p[1]); |
4743 | 4743 |
} |
4744 |
- else if (streq (p[0], "connect-timeout") && p[1] && !p[2]) |
|
4744 |
+ else if ((streq (p[0], "connect-timeout") || streq (p[0], "server-poll-timeout")) |
|
4745 |
+ && p[1] && !p[2]) |
|
4745 | 4746 |
{ |
4746 | 4747 |
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); |
4747 | 4748 |
options->ce.connect_timeout = positive_atoi (p[1]); |
4748 |
- options->ce.connect_timeout_defined = true; |
|
4749 | 4749 |
} |
4750 | 4750 |
else if (streq (p[0], "connect-retry-max") && p[1] && !p[2]) |
4751 | 4751 |
{ |
... | ... |
@@ -5238,11 +5223,9 @@ add_option (struct options *options, |
5238 | 5238 |
} |
5239 | 5239 |
else if (streq (p[0], "http-proxy-timeout") && p[1] && !p[2]) |
5240 | 5240 |
{ |
5241 |
- struct http_proxy_options *ho; |
|
5242 |
- |
|
5243 | 5241 |
VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION); |
5244 |
- ho = init_http_proxy_options_once (&options->ce.http_proxy_options, &options->gc); |
|
5245 |
- ho->timeout = positive_atoi (p[1]); |
|
5242 |
+ msg (M_WARN, "DEPRECATED OPTION: http-proxy-timeout: In OpenVPN 2.4 the timeout until a connection to a " |
|
5243 |
+ "server is established is managed with a single timeout set by connect-timeout"); |
|
5246 | 5244 |
} |
5247 | 5245 |
else if (streq (p[0], "http-proxy-option") && p[1] && !p[4]) |
5248 | 5246 |
{ |
... | ... |
@@ -5583,12 +5566,10 @@ add_option (struct options *options, |
5583 | 5583 |
options->push_peer_info = true; |
5584 | 5584 |
} |
5585 | 5585 |
#endif |
5586 |
-#if P2MP |
|
5587 | 5586 |
else if (streq (p[1], "SERVER_POLL_TIMEOUT") && p[2]) |
5588 | 5587 |
{ |
5589 |
- options->server_poll_timeout = positive_atoi(p[2]); |
|
5588 |
+ options->ce.connect_timeout = positive_atoi(p[2]); |
|
5590 | 5589 |
} |
5591 |
-#endif |
|
5592 | 5590 |
else |
5593 | 5591 |
{ |
5594 | 5592 |
if (streq (p[1], "FORWARD_COMPATIBLE") && p[2] && streq (p[2], "1")) |
... | ... |
@@ -6129,11 +6110,6 @@ add_option (struct options *options, |
6129 | 6129 |
VERIFY_PERMISSION (OPT_P_PULL_MODE); |
6130 | 6130 |
options->push_continuation = atoi(p[1]); |
6131 | 6131 |
} |
6132 |
- else if (streq (p[0], "server-poll-timeout") && p[1] && !p[2]) |
|
6133 |
- { |
|
6134 |
- VERIFY_PERMISSION (OPT_P_GENERAL); |
|
6135 |
- options->server_poll_timeout = positive_atoi(p[1]); |
|
6136 |
- } |
|
6137 | 6132 |
else if (streq (p[0], "auth-user-pass") && !p[2]) |
6138 | 6133 |
{ |
6139 | 6134 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -97,7 +97,6 @@ struct connection_entry |
97 | 97 |
bool bind_local; |
98 | 98 |
int connect_retry_seconds; |
99 | 99 |
int connect_timeout; |
100 |
- bool connect_timeout_defined; |
|
101 | 100 |
struct http_proxy_options *http_proxy_options; |
102 | 101 |
const char *socks_proxy_server; |
103 | 102 |
const char *socks_proxy_port; |
... | ... |
@@ -458,8 +457,6 @@ struct options |
458 | 458 |
const char *auth_user_pass_file; |
459 | 459 |
struct options_pre_pull *pre_pull; |
460 | 460 |
|
461 |
- int server_poll_timeout; |
|
462 |
- |
|
463 | 461 |
int scheduled_exit_interval; |
464 | 462 |
|
465 | 463 |
#ifdef ENABLE_CLIENT_CR |
... | ... |
@@ -41,6 +41,7 @@ |
41 | 41 |
#include "httpdigest.h" |
42 | 42 |
#include "ntlm.h" |
43 | 43 |
#include "memdbg.h" |
44 |
+#include "forward.h" |
|
44 | 45 |
|
45 | 46 |
#define UP_TYPE_PROXY "HTTP Proxy" |
46 | 47 |
|
... | ... |
@@ -52,7 +53,6 @@ init_http_proxy_options_once (struct http_proxy_options **hpo, |
52 | 52 |
{ |
53 | 53 |
ALLOC_OBJ_CLEAR_GC (*hpo, struct http_proxy_options, gc); |
54 | 54 |
/* http proxy defaults */ |
55 |
- (*hpo)->timeout = 5; |
|
56 | 55 |
(*hpo)->http_version = "1.0"; |
57 | 56 |
} |
58 | 57 |
return *hpo; |
... | ... |
@@ -255,6 +255,8 @@ clear_user_pass_http (void) |
255 | 255 |
purge_user_pass (&static_proxy_user_pass, true); |
256 | 256 |
} |
257 | 257 |
|
258 |
+#if 0 |
|
259 |
+/* function only used in #if 0 debug statement */ |
|
258 | 260 |
static void |
259 | 261 |
dump_residual (socket_descriptor_t sd, |
260 | 262 |
int timeout, |
... | ... |
@@ -269,6 +271,7 @@ dump_residual (socket_descriptor_t sd, |
269 | 269 |
msg (D_PROXY, "PROXY HEADER: '%s'", buf); |
270 | 270 |
} |
271 | 271 |
} |
272 |
+#endif |
|
272 | 273 |
|
273 | 274 |
/* |
274 | 275 |
* Extract the Proxy-Authenticate header from the stream. |
... | ... |
@@ -552,6 +555,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
552 | 552 |
socket_descriptor_t sd, /* already open to proxy */ |
553 | 553 |
const char *host, /* openvpn server remote */ |
554 | 554 |
const char *port, /* openvpn server port */ |
555 |
+ struct event_timeout* server_poll_timeout, |
|
555 | 556 |
struct buffer *lookahead, |
556 | 557 |
volatile int *signal_received) |
557 | 558 |
{ |
... | ... |
@@ -634,7 +638,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
634 | 634 |
goto error; |
635 | 635 |
|
636 | 636 |
/* receive reply from proxy */ |
637 |
- if (!recv_line (sd, buf, sizeof(buf), p->options.timeout, true, NULL, signal_received)) |
|
637 |
+ if (!recv_line (sd, buf, sizeof(buf), get_server_poll_remaining_time (server_poll_timeout), true, NULL, signal_received)) |
|
638 | 638 |
goto error; |
639 | 639 |
|
640 | 640 |
/* remove trailing CR, LF */ |
... | ... |
@@ -663,7 +667,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
663 | 663 |
|
664 | 664 |
while (true) |
665 | 665 |
{ |
666 |
- if (!recv_line (sd, buf, sizeof(buf), p->options.timeout, true, NULL, signal_received)) |
|
666 |
+ if (!recv_line (sd, buf, sizeof(buf), get_server_poll_remaining_time (server_poll_timeout), true, NULL, signal_received)) |
|
667 | 667 |
goto error; |
668 | 668 |
chomp (buf); |
669 | 669 |
msg (D_PROXY, "HTTP proxy returned: '%s'", buf); |
... | ... |
@@ -730,7 +734,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
730 | 730 |
goto error; |
731 | 731 |
|
732 | 732 |
/* receive reply from proxy */ |
733 |
- if (!recv_line (sd, buf, sizeof(buf), p->options.timeout, true, NULL, signal_received)) |
|
733 |
+ if (!recv_line (sd, buf, sizeof(buf), get_server_poll_remaining_time (server_poll_timeout), true, NULL, signal_received)) |
|
734 | 734 |
goto error; |
735 | 735 |
|
736 | 736 |
/* remove trailing CR, LF */ |
... | ... |
@@ -838,7 +842,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
838 | 838 |
goto error; |
839 | 839 |
|
840 | 840 |
/* receive reply from proxy */ |
841 |
- if (!recv_line (sd, buf, sizeof(buf), p->options.timeout, true, NULL, signal_received)) |
|
841 |
+ if (!recv_line (sd, buf, sizeof(buf), get_server_poll_remaining_time (server_poll_timeout), true, NULL, signal_received)) |
|
842 | 842 |
goto error; |
843 | 843 |
|
844 | 844 |
/* remove trailing CR, LF */ |
... | ... |
@@ -862,7 +866,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
862 | 862 |
/* figure out what kind of authentication the proxy needs */ |
863 | 863 |
char *pa = NULL; |
864 | 864 |
const int method = get_proxy_authenticate(sd, |
865 |
- p->options.timeout, |
|
865 |
+ get_server_poll_remaining_time (server_poll_timeout), |
|
866 | 866 |
&pa, |
867 | 867 |
NULL, |
868 | 868 |
signal_received); |
... | ... |
@@ -906,7 +910,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
906 | 906 |
msg (D_LINK_ERRORS, "HTTP proxy returned bad status"); |
907 | 907 |
#if 0 |
908 | 908 |
/* DEBUGGING -- show a multi-line HTTP error response */ |
909 |
- dump_residual(sd, p->options.timeout, signal_received); |
|
909 |
+ dump_residual(sd, get_server_poll_remaining_time (server_poll_timeout), signal_received); |
|
910 | 910 |
#endif |
911 | 911 |
goto error; |
912 | 912 |
} |
... | ... |
@@ -914,7 +918,7 @@ establish_http_proxy_passthru (struct http_proxy_info *p, |
914 | 914 |
/* SUCCESS */ |
915 | 915 |
|
916 | 916 |
/* receive line from proxy and discard */ |
917 |
- if (!recv_line (sd, NULL, 0, p->options.timeout, true, NULL, signal_received)) |
|
917 |
+ if (!recv_line (sd, NULL, 0, get_server_poll_remaining_time (server_poll_timeout), true, NULL, signal_received)) |
|
918 | 918 |
goto error; |
919 | 919 |
|
920 | 920 |
/* |
... | ... |
@@ -46,7 +46,6 @@ struct http_proxy_options { |
46 | 46 |
const char *server; |
47 | 47 |
const char *port; |
48 | 48 |
bool retry; |
49 |
- int timeout; |
|
50 | 49 |
|
51 | 50 |
# define PAR_NO 0 /* don't support any auth retries */ |
52 | 51 |
# define PAR_ALL 1 /* allow all proxy auth protocols */ |
... | ... |
@@ -86,6 +85,7 @@ bool establish_http_proxy_passthru (struct http_proxy_info *p, |
86 | 86 |
socket_descriptor_t sd, /* already open to proxy */ |
87 | 87 |
const char *host, /* openvpn server remote */ |
88 | 88 |
const char *port, /* openvpn server port */ |
89 |
+ struct event_timeout* server_poll_timeout, |
|
89 | 90 |
struct buffer *lookahead, |
90 | 91 |
volatile int *signal_received); |
91 | 92 |
|
... | ... |
@@ -40,6 +40,7 @@ |
40 | 40 |
#include "misc.h" |
41 | 41 |
#include "manage.h" |
42 | 42 |
#include "openvpn.h" |
43 |
+#include "forward.h" |
|
43 | 44 |
|
44 | 45 |
#include "memdbg.h" |
45 | 46 |
|
... | ... |
@@ -1519,11 +1520,11 @@ link_socket_init_phase1 (struct link_socket *sock, |
1519 | 1519 |
const char *ipchange_command, |
1520 | 1520 |
const struct plugin_list *plugins, |
1521 | 1521 |
int resolve_retry_seconds, |
1522 |
- int connect_timeout, |
|
1523 | 1522 |
int mtu_discover_type, |
1524 | 1523 |
int rcvbuf, |
1525 | 1524 |
int sndbuf, |
1526 | 1525 |
int mark, |
1526 |
+ struct event_timeout* server_poll_timeout, |
|
1527 | 1527 |
unsigned int sockflags) |
1528 | 1528 |
{ |
1529 | 1529 |
ASSERT (sock); |
... | ... |
@@ -1538,7 +1539,6 @@ link_socket_init_phase1 (struct link_socket *sock, |
1538 | 1538 |
sock->bind_local = bind_local; |
1539 | 1539 |
sock->inetd = inetd; |
1540 | 1540 |
sock->resolve_retry_seconds = resolve_retry_seconds; |
1541 |
- sock->connect_timeout = connect_timeout; |
|
1542 | 1541 |
sock->mtu_discover_type = mtu_discover_type; |
1543 | 1542 |
|
1544 | 1543 |
#ifdef ENABLE_DEBUG |
... | ... |
@@ -1558,6 +1558,7 @@ link_socket_init_phase1 (struct link_socket *sock, |
1558 | 1558 |
sock->info.bind_ipv6_only = bind_ipv6_only; |
1559 | 1559 |
sock->info.ipchange_command = ipchange_command; |
1560 | 1560 |
sock->info.plugins = plugins; |
1561 |
+ sock->server_poll_timeout = server_poll_timeout; |
|
1561 | 1562 |
|
1562 | 1563 |
sock->mode = mode; |
1563 | 1564 |
if (mode == LS_MODE_TCP_ACCEPT_FROM) |
... | ... |
@@ -1778,7 +1779,7 @@ phase2_tcp_client (struct link_socket *sock, struct signal_info *sig_info) |
1778 | 1778 |
do { |
1779 | 1779 |
socket_connect (&sock->sd, |
1780 | 1780 |
sock->info.lsa->current_remote->ai_addr, |
1781 |
- sock->connect_timeout, |
|
1781 |
+ get_server_poll_remaining_time (sock->server_poll_timeout), |
|
1782 | 1782 |
sig_info); |
1783 | 1783 |
|
1784 | 1784 |
if (sig_info->signal_received) |
... | ... |
@@ -1790,6 +1791,7 @@ phase2_tcp_client (struct link_socket *sock, struct signal_info *sig_info) |
1790 | 1790 |
sock->sd, |
1791 | 1791 |
sock->proxy_dest_host, |
1792 | 1792 |
sock->proxy_dest_port, |
1793 |
+ sock->server_poll_timeout, |
|
1793 | 1794 |
&sock->stream_buf.residual, |
1794 | 1795 |
&sig_info->signal_received); |
1795 | 1796 |
} |
... | ... |
@@ -1816,7 +1818,7 @@ phase2_socks_client (struct link_socket *sock, struct signal_info *sig_info) |
1816 | 1816 |
{ |
1817 | 1817 |
socket_connect (&sock->ctrl_sd, |
1818 | 1818 |
sock->info.lsa->current_remote->ai_addr, |
1819 |
- sock->connect_timeout, |
|
1819 |
+ get_server_poll_remaining_time (sock->server_poll_timeout), |
|
1820 | 1820 |
sig_info); |
1821 | 1821 |
|
1822 | 1822 |
if (sig_info->signal_received) |
... | ... |
@@ -200,7 +200,6 @@ struct link_socket |
200 | 200 |
int mode; |
201 | 201 |
|
202 | 202 |
int resolve_retry_seconds; |
203 |
- int connect_timeout; |
|
204 | 203 |
int mtu_discover_type; |
205 | 204 |
|
206 | 205 |
struct socket_buffer_size socket_buffer_sizes; |
... | ... |
@@ -231,6 +230,10 @@ struct link_socket |
231 | 231 |
const char *proxy_dest_host; |
232 | 232 |
const char *proxy_dest_port; |
233 | 233 |
|
234 |
+ /* Pointer to the server-poll to trigger the timeout in function which have |
|
235 |
+ * their own loop instead of using the main oop */ |
|
236 |
+ struct event_timeout* server_poll_timeout; |
|
237 |
+ |
|
234 | 238 |
#if PASSTOS_CAPABILITY |
235 | 239 |
/* used to get/set TOS. */ |
236 | 240 |
#if defined(TARGET_LINUX) |
... | ... |
@@ -319,11 +322,11 @@ link_socket_init_phase1 (struct link_socket *sock, |
319 | 319 |
const char *ipchange_command, |
320 | 320 |
const struct plugin_list *plugins, |
321 | 321 |
int resolve_retry_seconds, |
322 |
- int connect_timeout, |
|
323 | 322 |
int mtu_discover_type, |
324 | 323 |
int rcvbuf, |
325 | 324 |
int sndbuf, |
326 | 325 |
int mark, |
326 |
+ struct event_timeout* server_poll_timeout, |
|
327 | 327 |
unsigned int sockflags); |
328 | 328 |
|
329 | 329 |
void link_socket_init_phase2 (struct link_socket *sock, |