diff options
| author | Selva Nair | 2016-06-05 17:41:23 -0400 |
|---|---|---|
| committer | Gert Doering | 2016-06-07 22:31:18 +0200 |
| commit | 7f74c27e105a365d278181d00708c55a299398a0 (patch) | |
| tree | cd4d36c2162b6fbab49e77d2327934cb7c47ec2d /Changes.rst | |
| parent | 451d2177d762e93677cad52bb2360a8dfb389ac7 (diff) | |
| download | openvpn-7f74c27e105a365d278181d00708c55a299398a0.zip openvpn-7f74c27e105a365d278181d00708c55a299398a0.tar.gz | |
Add an option to filter options received from server
v2 changes:
- Add the flag "ignore" and have "reject" trigger a restart.
- Unlimited number of filters: yes, going against the consensus,
but the code looks simpler and cleaner this way.
- New commit message to reflect the changes.
Usage: --pull-filter accept|ignore|reject "option"
Permit a client to selectively accept, ignore or reject options
pushed by the server. May be used multiple times. The filters
are applied in the order specified to each pushed option received.
The filtering stops as soon as a match is found. The action "ignore"
removes the option and continues processing the next option, while
"reject" flags an error and restarts the connection with SIGUSR1.
Prefix matching is used so that all options starting with the
specified "option" string are filtered.
Example:
pull-filter accept "route 192.168."
pull-filter ignore "route "
pull-filter accept "ifconfig 10.9.0."
pull-filter reject "ifconfig "
will ignore all pushed routes except those starting with "192.168."
and reject the assigned ip unless its in the "10.9.0.0/24"
range. A match of the reject filter will trigger a restart. SIGUSR1
restart is used instead of SIGHUP so as to try the next remote
for reconnection.
Note the space at the end of "route " to not reject "route-gateway",
for example. All options not matched by any filter are accepted.
Acknowledges shameless imitation of --push-remove.
Inspired by Trac #682.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1465162884-32520-1-git-send-email-selva.nair@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11808
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'Changes.rst')
| -rw-r--r-- | Changes.rst | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Changes.rst b/Changes.rst index a6bb2a5..1ac3c2b 100644 --- a/Changes.rst +++ b/Changes.rst @@ -5,6 +5,10 @@ Version 2.4.0 New features ------------ +pull-filter + New option to explicitly allow or reject options pushed by the server. + May be used multiple times and is applied in the order specified. + push-remove new option to remove options on a per-client basis from the "push" list (more fine-grained than "push-reset") |