aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--misc.c8
-rw-r--r--misc.h1
-rw-r--r--multi.c38
-rw-r--r--openvpn.824
4 files changed, 63 insertions, 8 deletions
diff --git a/misc.c b/misc.c
index ed3960c..161b9e4 100644
--- a/misc.c
+++ b/misc.c
@@ -864,6 +864,14 @@ setenv_int (struct env_set *es, const char *name, int value)
}
void
+setenv_unsigned (struct env_set *es, const char *name, unsigned int value)
+{
+ char buf[64];
+ openvpn_snprintf (buf, sizeof(buf), "%u", value);
+ setenv_str (es, name, buf);
+}
+
+void
setenv_str (struct env_set *es, const char *name, const char *value)
{
setenv_str_ex (es, name, value, CC_NAME, 0, 0, CC_PRINT, 0, 0);
diff --git a/misc.h b/misc.h
index b57185b..fa13daf 100644
--- a/misc.h
+++ b/misc.h
@@ -160,6 +160,7 @@ void setenv_str_ex (struct env_set *es,
void setenv_counter (struct env_set *es, const char *name, counter_type value);
void setenv_int (struct env_set *es, const char *name, int value);
+void setenv_unsigned (struct env_set *es, const char *name, unsigned int value);
void setenv_str (struct env_set *es, const char *name, const char *value);
void setenv_str_safe (struct env_set *es, const char *name, const char *value);
void setenv_del (struct env_set *es, const char *name);
diff --git a/multi.c b/multi.c
index 45ca7d1..ee74a46 100644
--- a/multi.c
+++ b/multi.c
@@ -407,6 +407,9 @@ multi_client_disconnect_setenv (struct multi_context *m,
setenv_counter (mi->context.c2.es, "bytes_received", mi->context.c2.link_read_bytes);
setenv_counter (mi->context.c2.es, "bytes_sent", mi->context.c2.link_write_bytes);
+ /* setenv connection duration */
+ const unsigned int duration = (unsigned int) now - mi->created;
+ setenv_unsigned (mi->context.c2.es, "time_duration", duration);
}
static void
@@ -1274,6 +1277,31 @@ multi_client_connect_post_plugin (struct multi_context *m,
#endif
+static void
+multi_client_connect_setenv (struct multi_context *m,
+ struct multi_instance *mi)
+{
+ struct gc_arena gc = gc_new ();
+
+ /* setenv incoming cert common name for script */
+ setenv_str (mi->context.c2.es, "common_name", tls_common_name (mi->context.c2.tls_multi, true));
+
+ /* setenv client real IP address */
+ setenv_trusted (mi->context.c2.es, get_link_socket_info (&mi->context));
+
+ /* setenv client virtual IP address */
+ multi_set_virtual_addr_env (m, mi);
+
+ /* setenv connection time */
+ {
+ const char *created_ascii = time_string (mi->created, 0, false, &gc);
+ setenv_str (mi->context.c2.es, "time_ascii", created_ascii);
+ setenv_unsigned (mi->context.c2.es, "time_unix", (unsigned int)mi->created);
+ }
+
+ gc_free (&gc);
+}
+
/*
* Called as soon as the SSL/TLS connection authenticates.
*
@@ -1365,14 +1393,8 @@ multi_connection_established (struct multi_context *m, struct multi_instance *mi
*/
multi_select_virtual_addr (m, mi);
- /* setenv incoming cert common name for script */
- setenv_str (mi->context.c2.es, "common_name", tls_common_name (mi->context.c2.tls_multi, true));
-
- /* setenv client real IP address */
- setenv_trusted (mi->context.c2.es, get_link_socket_info (&mi->context));
-
- /* setenv client virtual IP address */
- multi_set_virtual_addr_env (m, mi);
+ /* do --client-connect setenvs */
+ multi_client_connect_setenv (m, mi);
#ifdef ENABLE_PLUGIN
/*
diff --git a/openvpn.8 b/openvpn.8
index 69ee88e..48ae430 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -5080,6 +5080,30 @@ or
(unknown signal). This variable is set just prior to down script execution.
.\"*********************************************************
.TP
+.B time_ascii
+Client connection timestamp, formatted as a human-readable
+time string.
+Set prior to execution of the
+.B --client-connect
+script.
+.\"*********************************************************
+.TP
+.B time_duration
+The duration (in seconds) of the client session which is now
+disconnecting.
+Set prior to execution of the
+.B --client-disconnect
+script.
+.\"*********************************************************
+.TP
+.B time_unix
+Client connection timestamp, formatted as a unix integer
+date/time value.
+Set prior to execution of the
+.B --client-connect
+script.
+.\"*********************************************************
+.TP
.B tls_id_{n}
A series of certificate fields from the remote peer,
where