diff options
| -rw-r--r-- | helper.c | 39 | ||||
| -rw-r--r-- | helper.h | 1 | ||||
| -rw-r--r-- | openvpn.8 | 25 | ||||
| -rw-r--r-- | options.c | 10 | ||||
| -rw-r--r-- | options.h | 1 |
5 files changed, 76 insertions, 0 deletions
@@ -96,6 +96,14 @@ print_str_int (const char *str, const int i, struct gc_arena *gc) return BSTR (&out); } +static const char * +print_str (const char *str, struct gc_arena *gc) +{ + struct buffer out = alloc_buf_gc (128, gc); + buf_printf (&out, "%s", str); + return BSTR (&out); +} + static void helper_add_route (const in_addr_t network, const in_addr_t netmask, struct options *o) { @@ -438,3 +446,34 @@ helper_keepalive (struct options *o) } } } + +/* + * + * HELPER DIRECTIVE: + * + * tcp-nodelay + * + * EXPANDS TO: + * + * if mode server: + * socket-flags TCP_NODELAY + * push "socket-flags TCP_NODELAY" + */ +void +helper_tcp_nodelay (struct options *o) +{ +#if P2MP_SERVER + if (o->server_flags & SF_TCP_NODELAY_HELPER) + { + if (o->mode == MODE_SERVER) + { + o->sockflags |= SF_TCP_NODELAY; + push_option (o, print_str ("socket-flags TCP_NODELAY", &o->gc), M_USAGE); + } + else + { + ASSERT (0); + } + } +#endif +} @@ -33,5 +33,6 @@ void helper_keepalive (struct options *o); void helper_client_server (struct options *o); +void helper_tcp_nodelay (struct options *o); #endif @@ -2866,6 +2866,31 @@ OpenVPN will start to drop outgoing packets directed at this client. .\"********************************************************* .TP +.B --tcp-nodelay +This macro sets the TCP_NODELAY socket flag on the server +as well as pushes it to connecting clients. The TCP_NODELAY +flag disables the Nagle algorithm on TCP sockets causing +packets to be transmitted immediately with low latency, +rather than waiting a short period of time in order +to aggregate several packets into a larger containing +packet. In VPN applications over TCP, TCP_NODELAY +is generally a good latency optimization. + +The macro expands as follows: + +.RS +.ft 3 +.nf +.sp + if mode server: + socket-flags TCP_NODELAY + push "socket-flags TCP_NODELAY" +.ft +.LP +.RE +.fi +.\"********************************************************* +.TP .B --max-clients n Limit server to a maximum of .B n @@ -402,6 +402,8 @@ static const char usage_message[] = " virtual address table to v.\n" "--bcast-buffers n : Allocate n broadcast buffers.\n" "--tcp-queue-limit n : Maximum number of queued TCP output packets.\n" + "--tcp-nodelay : Macro that sets TCP_NODELAY socket flag on the server\n" + " as well as pushes it to connecting clients.\n" "--learn-address cmd : Run script cmd to validate client virtual addresses.\n" "--connect-freq n s : Allow a maximum of n new connections per s seconds.\n" "--max-clients n : Allow a maximum of n simultaneously connected clients.\n" @@ -1764,6 +1766,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg (M_USAGE, "--no-name-remapping requires --mode server"); if (options->ssl_flags & SSLF_OPT_VERIFY) msg (M_USAGE, "--opt-verify requires --mode server"); + if (options->server_flags & SF_TCP_NODELAY_HELPER) + msg (M_USAGE, "--tcp-nodelay requires --mode server"); if (options->auth_user_pass_verify_script) msg (M_USAGE, "--auth-user-pass-verify requires --mode server"); #if PORT_SHARE @@ -2065,6 +2069,7 @@ options_postprocess_mutate (struct options *o) */ helper_client_server (o); helper_keepalive (o); + helper_tcp_nodelay (o); options_postprocess_mutate_invariant (o); @@ -4797,6 +4802,11 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_INSTANCE); options->disable = true; } + else if (streq (p[0], "tcp-nodelay")) + { + VERIFY_PERMISSION (OPT_P_GENERAL); + options->server_flags |= SF_TCP_NODELAY_HELPER; + } #endif /* P2MP_SERVER */ else if (streq (p[0], "client")) @@ -346,6 +346,7 @@ struct options in_addr_t server_netmask; # define SF_NOPOOL (1<<0) +# define SF_TCP_NODELAY_HELPER (1<<1) unsigned int server_flags; bool server_bridge_proxy_dhcp; |