Hi, On Mon, Sep 19, 2022 at 12:29:20AM +0200, Antonio Quartulli wrote: > On 18/09/2022 12:37, Gert Doering wrote: > > On Sun, Sep 18, 2022 at 01:10:30AM +0200, Antonio Quartulli wrote: > >> From: Dmitry Zelenkovsky <[email protected]> > >> > >> Disconnect clients after session-timeout expires. > >> session-timeout can be defined in ccd files in order to limit > >> per-user connection time. > > > > I find this implementation needlessly complicated. > > > >> +/* > >> + * Should we exit due to session timeout? > >> + */ > >> +static void > >> +check_session_timeout(struct context *c) > >> +{ > >> + if (c->options.session_timeout > >> + && event_timeout_trigger(&c->c2.session_interval, &c->c2.timeval, > >> + ETT_DEFAULT)) > >> + { > >> + msg(M_INFO, "Session timeout, exiting"); > >> + register_signal(c, SIGTERM, "session-timeout"); > >> + } > >> +} > > > > Why are we working with event triggers here, if all we *want* to do is > > a single-shot > > > > if ( now > $somectx->session_must_end_at_this_time ) > > { > > /* kick out this user now */ > > ... > > } > > > > we don't get here at all, if we have no event object that is timing out.
process_coarse_timers() is run once per second, and does not need
additional timers to be called.
This new check is added to process_coarse_timers().
Why do we need an extra event object, again?
I can see the need for event objects for recurring things, but for
a single-shot "terminate client instance at this time, done", I'm not
convinced.
> So, although one shot, we still need to setup a timer object that will
> trigger the machinery upon timeout.
> >> + else if (streq(p[0], "session-timeout") && p[1] && !p[2])
> >> + {
> >> + VERIFY_PERMISSION(OPT_P_TIMER);
> >
> > OPT_P_INSTANCE?
>
> makes sense to add OPT_P_INSTANCE, although I wonder why other
> activity/timeout knobs are not marks as such, i.e. --inactivity)
Not "add" OPT_P_INSTANCE, but "just" OPT_P_INSTANCE.
This is not something you want in the client config file.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
