Hi,
On Mon, Sep 19, 2022 at 12:29:20AM +0200, Antonio Quartulli wrote:
> On 18/09/2022 12:37, Gert Doering wrote:
> > On Sun, Sep 18, 2022 at 01:10:30AM +0200, Antonio Quartulli wrote:
> >> From: Dmitry Zelenkovsky <dmitry.zelenkovs...@nokia.com>
> >>
> >> Disconnect clients after session-timeout expires.
> >> session-timeout can be defined in ccd files in order to limit
> >> per-user connection time.
> >
> > I find this implementation needlessly complicated.
> >
> >> +/*
> >> + * Should we exit due to session timeout?
> >> + */
> >> +static void
> >> +check_session_timeout(struct context *c)
> >> +{
> >> + if (c->options.session_timeout
> >> + && event_timeout_trigger(&c->c2.session_interval, &c->c2.timeval,
> >> + ETT_DEFAULT))
> >> + {
> >> + msg(M_INFO, "Session timeout, exiting");
> >> + register_signal(c, SIGTERM, "session-timeout");
> >> + }
> >> +}
> >
> > Why are we working with event triggers here, if all we *want* to do is
> > a single-shot
> >
> > if ( now > $somectx->session_must_end_at_this_time )
> > {
> > /* kick out this user now */
> > ...
> > }
> >
>
> we don't get here at all, if we have no event object that is timing out.
process_coarse_timers() is run once per second, and does not need
additional timers to be called.
This new check is added to process_coarse_timers().
Why do we need an extra event object, again?
I can see the need for event objects for recurring things, but for
a single-shot "terminate client instance at this time, done", I'm not
convinced.
> So, although one shot, we still need to setup a timer object that will
> trigger the machinery upon timeout.
> >> + else if (streq(p[0], "session-timeout") && p[1] && !p[2])
> >> + {
> >> + VERIFY_PERMISSION(OPT_P_TIMER);
> >
> > OPT_P_INSTANCE?
>
> makes sense to add OPT_P_INSTANCE, although I wonder why other
> activity/timeout knobs are not marks as such, i.e. --inactivity)
Not "add" OPT_P_INSTANCE, but "just" OPT_P_INSTANCE.
This is not something you want in the client config file.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
