Commit 4df34b87 authored by Daniel Lenski's avatar Daniel Lenski

Merge branch 'stats_and_connection_info' into 'master'

add SIGUSR1 as trigger to print detailed connection information and stats

See merge request openconnect/openconnect!154
parents fd556742 dc013cbd
......@@ -1080,7 +1080,7 @@ const char *openconnect_get_dtls_cipher(struct openconnect_info *vpninfo)
* one is enabled. */
if (vpninfo->dtls_cipher_desc == NULL) {
#if defined(OPENCONNECT_GNUTLS)
vpninfo->dtls_cipher_desc = get_gnutls_cipher(vpninfo->dtls_ssl);
vpninfo->dtls_cipher_desc = get_gnutls_cipher(vpninfo->dtls_ssl);
#else
if (asprintf(&vpninfo->dtls_cipher_desc, "%s-%s",
SSL_get_version(vpninfo->dtls_ssl), SSL_get_cipher_name(vpninfo->dtls_ssl)) < 0)
......
......@@ -82,6 +82,7 @@ static int verbose = PRG_INFO;
static int timestamp;
#ifndef _WIN32
static int background;
static int use_syslog = 0;
static FILE *pid_fp = NULL;
static char *pidfile = NULL;
#endif
......@@ -757,6 +758,9 @@ static void handle_signal(int sig)
cmd = OC_CMD_CANCEL;
#endif
break;
case SIGUSR1:
cmd = OC_CMD_STATS;
break;
case SIGUSR2:
default:
cmd = OC_CMD_PAUSE;
......@@ -1391,10 +1395,12 @@ static int autocomplete(int argc, char **argv)
static void print_connection_info(struct openconnect_info *vpninfo)
{
const struct oc_ip_info *ip_info;
const char *ssl_compr, *udp_compr, *dtls_state;
const char *ssl_compr, *udp_compr, *dtls_state, *ssl_state;
openconnect_get_ip_info(vpninfo, &ip_info, NULL, NULL);
ssl_state = vpninfo->ssl_fd == -1 ? _("disconnected") : _("connected");
switch (vpninfo->dtls_state) {
case DTLS_NOSECRET:
dtls_state = _("unsuccessful");
......@@ -1413,11 +1419,12 @@ static void print_connection_info(struct openconnect_info *vpninfo)
ssl_compr = openconnect_get_cstp_compression(vpninfo);
udp_compr = openconnect_get_dtls_compression(vpninfo);
vpn_progress(vpninfo, PRG_INFO,
_("Connected as %s%s%s, using SSL%s%s, with %s%s%s %s\n"),
_("Configured as %s%s%s, with SSL%s%s %s and %s%s%s %s\n"),
ip_info->addr?:"",
(ip_info->netmask6 && ip_info->addr) ? " + " : "",
ip_info->netmask6 ? : "",
ssl_compr ? " + " : "", ssl_compr ? : "",
ssl_state,
vpninfo->proto->udp_protocol ? : "UDP", udp_compr ? " + " : "", udp_compr ? : "",
dtls_state);
if (vpninfo->auth_expiration != 0)
......@@ -1425,6 +1432,39 @@ static void print_connection_info(struct openconnect_info *vpninfo)
ctime(&vpninfo->auth_expiration));
}
static void print_connection_stats(void *_vpninfo, const struct oc_stats *stats)
{
struct openconnect_info *vpninfo = _vpninfo;
int saved_loglevel = vpninfo->verbose;
/* XX: print even if loglevel would otherwise suppress */
openconnect_set_loglevel(vpninfo, PRG_INFO);
print_connection_info(vpninfo);
vpn_progress(vpninfo, PRG_INFO,
_("RX: %ld packets (%ld B); TX: %ld packets (%ld B)\n"),
stats->rx_pkts, stats->rx_bytes, stats->tx_pkts, stats->tx_bytes);
if (vpninfo->ssl_fd != -1)
vpn_progress(vpninfo, PRG_INFO, _("SSL ciphersuite: %s\n"), openconnect_get_cstp_cipher(vpninfo));
if (vpninfo->dtls_state == DTLS_CONNECTED)
vpn_progress(vpninfo, PRG_INFO, _("%s ciphersuite: %s\n"),
vpninfo->proto->udp_protocol ? : "UDP", openconnect_get_dtls_cipher(vpninfo));
if (vpninfo->ssl_times.last_rekey && vpninfo->ssl_times.rekey)
vpn_progress(vpninfo, PRG_INFO, _("Next SSL rekey in %ld seconds\n"),
time(NULL) - vpninfo->ssl_times.last_rekey + vpninfo->ssl_times.rekey);
if (vpninfo->dtls_times.last_rekey && vpninfo->dtls_times.rekey)
vpn_progress(vpninfo, PRG_INFO, _("Next %s rekey in %ld seconds\n"),
vpninfo->proto->udp_protocol ? : "UDP",
time(NULL) - vpninfo->ssl_times.last_rekey + vpninfo->ssl_times.rekey);
if (vpninfo->trojan_interval && vpninfo->last_trojan)
vpn_progress(vpninfo, PRG_INFO, _("Next Trojan invocation in %ld seconds\n"),
time(NULL) - vpninfo->last_trojan + vpninfo->trojan_interval);
/* XX: restore loglevel */
openconnect_set_loglevel(vpninfo, saved_loglevel);
}
#ifndef _WIN32
static FILE *background_self(struct openconnect_info *vpninfo, char *pidfile) {
FILE *fp = NULL;
......@@ -1470,7 +1510,14 @@ static void fully_up_cb(void *_vpninfo) {
#ifndef _WIN32
if (background)
pid_fp = background_self(vpninfo, pidfile);
#endif
#ifndef __native_client__
if (use_syslog) {
openlog("openconnect", LOG_PID, LOG_DAEMON);
vpninfo->progress = syslog_progress;
}
#endif /* !__native_client__ */
#endif /* !_WIN32 */
}
int main(int argc, char **argv)
......@@ -1495,7 +1542,6 @@ int main(int argc, char **argv)
#ifndef _WIN32
struct sigaction sa;
struct utsname utsbuf;
int use_syslog = 0;
#endif
#ifdef ENABLE_NLS
......@@ -1953,6 +1999,7 @@ int main(int argc, char **argv)
sigaction(SIGTERM, &sa, NULL);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGHUP, &sa, NULL);
sigaction(SIGUSR1, &sa, NULL);
sigaction(SIGUSR2, &sa, NULL);
#endif /* !_WIN32 */
......@@ -2031,13 +2078,6 @@ int main(int argc, char **argv)
}
#if !defined(_WIN32) && !defined(__native_client__)
if (use_syslog) {
openlog("openconnect", LOG_PID, LOG_DAEMON);
vpninfo->progress = syslog_progress;
}
#endif /* !_WIN32 && !__native_client__ */
if (!vpninfo->vpnc_script) {
vpn_progress(vpninfo, PRG_INFO,
_("No --script argument provided; DNS and routing are not configured\n"));
......@@ -2048,6 +2088,7 @@ int main(int argc, char **argv)
openconnect_set_loglevel(vpninfo, verbose);
openconnect_set_setup_tun_handler(vpninfo, fully_up_cb);
openconnect_set_stats_handler(vpninfo, print_connection_stats);
while (1) {
ret = openconnect_mainloop(vpninfo, reconnect_timeout, RECONNECT_INTERVAL_MIN);
......@@ -2097,7 +2138,10 @@ int main(int argc, char **argv)
ret = 1;
break;
default:
vpn_progress(vpninfo, PRG_ERR, _("Unknown error; exiting.\n"));
if (vpninfo->quit_reason)
vpn_progress(vpninfo, PRG_ERR, "%s; exiting\n", vpninfo->quit_reason);
else
vpn_progress(vpninfo, PRG_ERR, _("Unknown error; exiting.\n"));
ret = 1;
break;
}
......
......@@ -226,7 +226,7 @@ Use
for tunnel interface
.TP
.B \-l,\-\-syslog
Use syslog for progress messages
After tunnel is brought up, use syslog for further progress messages
.TP
.B \-\-timestamp
Prepend a timestamp to each progress message
......@@ -607,6 +607,9 @@ disconnects from the gateway and runs the vpnc\-script, but does not log the
session off; this allows for reconnection later using
.BR \-\-cookie .
.TP
.B SIGUSR1
writes progress message with detailed connection information and statistics.
.TP
.B SIGUSR2
forces an immediate disconnection and reconnection; this can be used to
quickly recover from LAN IP address changes.
......
......@@ -22,6 +22,7 @@
<li><i>Add obsolete-server-crypto test (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/114">!114</a>)</i></li>
<li>Allow protocols to delay tunnel setup and shutdown (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/117">!117</a>)</li>
<li>Incomplete, speculative support for GlobalProtect IPv6 (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/155">!155</a>; previous work in <a href="https://gitlab.com/openconnect/openconnect/commit/d6db0ec03394234d41fbec7ffc794ceeb486a8f0">d6db0ec</a>)</li>
<li>SIGUSR1 causes OpenConnect to log detailed connection information and statistics (<a href="https://gitlab.com/openconnect/openconnect/-/merge_requests/154">!154</a>)</li>
</ul><br/>
</li>
<li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.10.tar.gz">OpenConnect v8.10</a></b>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment