aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--forward-inline.h11
-rw-r--r--forward.c13
-rw-r--r--multi.c4
-rw-r--r--openvpn.813
-rw-r--r--openvpn.h5
-rw-r--r--options.c5
-rw-r--r--options.h4
7 files changed, 38 insertions, 17 deletions
diff --git a/forward-inline.h b/forward-inline.h
index 0ba0b23..09b9809 100644
--- a/forward-inline.h
+++ b/forward-inline.h
@@ -224,10 +224,17 @@ get_link_socket_info (struct context *c)
}
static inline void
-register_activity (struct context *c)
+register_activity (struct context *c, const int size)
{
if (c->options.inactivity_timeout)
- event_timeout_reset (&c->c2.inactivity_interval);
+ {
+ c->c2.inactivity_bytes += size;
+ if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes)
+ {
+ c->c2.inactivity_bytes = 0;
+ event_timeout_reset (&c->c2.inactivity_interval);
+ }
+ }
}
/*
diff --git a/forward.c b/forward.c
index 5fec532..6887a3c 100644
--- a/forward.c
+++ b/forward.c
@@ -1104,6 +1104,9 @@ process_outgoing_link (struct context *c)
BLEN (&c->c2.to_link),
size);
}
+
+ /* indicate activity regarding --inactive parameter */
+ register_activity (c, size);
}
else
{
@@ -1185,6 +1188,9 @@ process_outgoing_tun (struct context *c)
c->c1.tuntap->actual_name,
BLEN (&c->c2.to_tun),
size);
+
+ /* indicate activity regarding --inactive parameter */
+ register_activity (c, size);
}
}
else
@@ -1198,13 +1204,6 @@ process_outgoing_tun (struct context *c)
MAX_RW_SIZE_TUN (&c->c2.frame));
}
- /*
- * Putting the --inactive timeout reset here, ensures that we will timeout
- * if the remote goes away, even if we are trying to send data to the
- * remote and failing.
- */
- register_activity (c);
-
buf_reset (&c->c2.to_tun);
perf_pop ();
diff --git a/multi.c b/multi.c
index f0b630b..45ca7d1 100644
--- a/multi.c
+++ b/multi.c
@@ -1801,7 +1801,7 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins
if (mi)
{
multi_unicast (m, &c->c2.to_tun, mi);
- register_activity (c);
+ register_activity (c, BLEN(&c->c2.to_tun));
c->c2.to_tun.len = 0;
}
}
@@ -1834,7 +1834,7 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins
if (mi)
{
multi_unicast (m, &c->c2.to_tun, mi);
- register_activity (c);
+ register_activity (c, BLEN(&c->c2.to_tun));
c->c2.to_tun.len = 0;
}
}
diff --git a/openvpn.8 b/openvpn.8
index 1c05fd2..51e9f82 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -160,7 +160,7 @@ openvpn \- secure IP tunnel daemon.
[\ \fB\-\-ifconfig\-pool\fR\ \fIstart\-IP\ end\-IP\ [netmask]\fR\ ]
[\ \fB\-\-ifconfig\-push\fR\ \fIlocal\ remote\-netmask\fR\ ]
[\ \fB\-\-ifconfig\fR\ \fIl\ rn\fR\ ]
-[\ \fB\-\-inactive\fR\ \fIn\fR\ ]
+[\ \fB\-\-inactive\fR\ \fIn\ [bytes]\fR\ ]
[\ \fB\-\-inetd\fR\ \fI[wait|nowait]\ [progname]\fR\ ]
[\ \fB\-\-ip\-win32\fR\ \fImethod\fR\ ]
[\ \fB\-\-ipchange\fR\ \fIcmd\fR\ ]
@@ -1442,11 +1442,18 @@ OpenVPN allows
to be between 100 bytes/sec and 100 Mbytes/sec.
.\"*********************************************************
.TP
-.B --inactive n
-(Experimental) Causes OpenVPN to exit after
+.B --inactive n [bytes]
+Causes OpenVPN to exit after
.B n
seconds of inactivity on the TUN/TAP device. The time length
of inactivity is measured since the last incoming tunnel packet.
+
+If the optional
+.B bytes
+parameter is included,
+exit after n seconds of activity on tun/tap device
+produces a combined in/out byte count that is less than
+.B bytes.
.\"*********************************************************
.TP
.B --ping n
diff --git a/openvpn.h b/openvpn.h
index 3ddc1a7..2b6cf14 100644
--- a/openvpn.h
+++ b/openvpn.h
@@ -270,10 +270,13 @@ struct context_2
* timeout features.
*/
struct event_timeout wait_for_connect;
- struct event_timeout inactivity_interval;
struct event_timeout ping_send_interval;
struct event_timeout ping_rec_interval;
+ /* --inactive */
+ struct event_timeout inactivity_interval;
+ int inactivity_bytes;
+
#ifdef ENABLE_OCC
/* the option strings must match across peers */
char *options_string_local;
diff --git a/options.c b/options.c
index 8dcc645..3295c48 100644
--- a/options.c
+++ b/options.c
@@ -190,7 +190,8 @@ static const char usage_message[] =
"--keepalive n m : Helper option for setting timeouts in server mode. Send\n"
" ping once every n seconds, restart if ping not received\n"
" for m seconds.\n"
- "--inactive n : Exit after n seconds of inactivity on tun/tap device.\n"
+ "--inactive n [bytes] : Exit after n seconds of activity on tun/tap device\n"
+ " produces a combined in/out byte count < bytes.\n"
"--ping-exit n : Exit if n seconds pass without reception of remote ping.\n"
"--ping-restart n: Restart if n seconds pass without reception of remote ping.\n"
"--ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a\n"
@@ -3720,6 +3721,8 @@ add_option (struct options *options,
{
VERIFY_PERMISSION (OPT_P_TIMER);
options->inactivity_timeout = positive_atoi (p[1]);
+ if (p[2])
+ options->inactivity_minimum_bytes = positive_atoi (p[2]);
}
else if (streq (p[0], "proto") && p[1])
{
diff --git a/options.h b/options.h
index 99e68a2..21d131e 100644
--- a/options.h
+++ b/options.h
@@ -163,7 +163,9 @@ struct options
int keepalive_ping; /* a proxy for ping/ping-restart */
int keepalive_timeout;
- int inactivity_timeout;
+ int inactivity_timeout; /* --inactive */
+ int inactivity_minimum_bytes;
+
int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */
int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */
bool ping_timer_remote; /* Run ping timer only if we have a remote address */