OpenVPN
socket.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #include "socket.h"
33 #include "fdmisc.h"
34 #include "misc.h"
35 #include "gremlin.h"
36 #include "plugin.h"
37 #include "ps.h"
38 #include "manage.h"
39 #include "misc.h"
40 #include "manage.h"
41 #include "openvpn.h"
42 #include "forward.h"
43 
44 #include "memdbg.h"
45 
46 const int proto_overhead[] = { /* indexed by PROTO_x */
47  0,
48  IPv4_UDP_HEADER_SIZE, /* IPv4 */
51  IPv6_UDP_HEADER_SIZE, /* IPv6 */
55 };
56 
57 /*
58  * Convert sockflags/getaddr_flags into getaddr_flags
59  */
60 static unsigned int
61 sf2gaf(const unsigned int getaddr_flags,
62  const unsigned int sockflags)
63 {
64  if (sockflags & SF_HOST_RANDOMIZE)
65  {
66  return getaddr_flags | GETADDR_RANDOMIZE;
67  }
68  else
69  {
70  return getaddr_flags;
71  }
72 }
73 
74 /*
75  * Functions related to the translation of DNS names to IP addresses.
76  */
77 
78 /*
79  * Translate IP addr or hostname to in_addr_t.
80  * If resolve error, try again for
81  * resolve_retry_seconds seconds.
82  */
84 getaddr(unsigned int flags,
85  const char *hostname,
86  int resolve_retry_seconds,
87  bool *succeeded,
88  volatile int *signal_received)
89 {
90  struct addrinfo *ai;
91  int status;
92  status = openvpn_getaddrinfo(flags & ~GETADDR_HOST_ORDER, hostname, NULL,
93  resolve_retry_seconds, signal_received, AF_INET, &ai);
94  if (status==0)
95  {
96  struct in_addr ia;
97  if (succeeded)
98  {
99  *succeeded = true;
100  }
101  ia = ((struct sockaddr_in *)ai->ai_addr)->sin_addr;
102  freeaddrinfo(ai);
103  return (flags & GETADDR_HOST_ORDER) ? ntohl(ia.s_addr) : ia.s_addr;
104  }
105  else
106  {
107  if (succeeded)
108  {
109  *succeeded = false;
110  }
111  return 0;
112  }
113 }
114 
115 static inline bool
116 streqnull(const char *a, const char *b)
117 {
118  if (a == NULL && b == NULL)
119  {
120  return true;
121  }
122  else if (a == NULL || b == NULL)
123  {
124  return false;
125  }
126  else
127  {
128  return streq(a, b);
129  }
130 }
131 
132 /*
133  * get_cached_dns_entry return 0 on success and -1
134  * otherwise. (like getaddrinfo)
135  */
136 static int
138  const char *hostname,
139  const char *servname,
140  int ai_family,
141  int resolve_flags,
142  struct addrinfo **ai)
143 {
144  struct cached_dns_entry *ph;
145  int flags;
146 
147  /* Only use flags that are relevant for the structure */
148  flags = resolve_flags & GETADDR_CACHE_MASK;
149 
150  for (ph = dns_cache; ph; ph = ph->next)
151  {
152  if (streqnull(ph->hostname, hostname)
153  && streqnull(ph->servname, servname)
154  && ph->ai_family == ai_family
155  && ph->flags == flags)
156  {
157  *ai = ph->ai;
158  return 0;
159  }
160  }
161  return -1;
162 }
163 
164 
165 static int
167  const char *hostname,
168  const char *servname,
169  const int af,
170  const int flags)
171 {
172  struct addrinfo *ai;
173  int status;
174 
176  hostname,
177  servname,
178  af,
179  flags,
180  &ai) == 0)
181  {
182  /* entry already cached, return success */
183  return 0;
184  }
185 
186  status = openvpn_getaddrinfo(flags, hostname, servname,
188  af, &ai);
189  if (status == 0)
190  {
191  struct cached_dns_entry *ph;
192 
193  ALLOC_OBJ_CLEAR_GC(ph, struct cached_dns_entry, &c->gc);
194  ph->ai = ai;
195  ph->hostname = hostname;
196  ph->servname = servname;
197  ph->flags = flags & GETADDR_CACHE_MASK;
198 
199  if (!c->c1.dns_cache)
200  {
201  c->c1.dns_cache = ph;
202  }
203  else
204  {
205  struct cached_dns_entry *prev = c->c1.dns_cache;
206  while (prev->next)
207  {
208  prev = prev->next;
209  }
210  prev->next = ph;
211  }
212 
214 
215  }
216  return status;
217 }
218 
219 void
221 {
222  int i;
223  struct connection_list *l = c->options.connection_list;
224  const unsigned int preresolve_flags = GETADDR_RESOLVE
227  |GETADDR_FATAL;
228 
229 
230  for (i = 0; i < l->len; ++i)
231  {
232  int status;
233  const char *remote;
234  int flags = preresolve_flags;
235 
236  struct connection_entry *ce = c->options.connection_list->array[i];
237 
238  if (proto_is_dgram(ce->proto))
239  {
240  flags |= GETADDR_DATAGRAM;
241  }
242 
244  {
245  flags |= GETADDR_RANDOMIZE;
246  }
247 
248  if (c->options.ip_remote_hint)
249  {
250  remote = c->options.ip_remote_hint;
251  }
252  else
253  {
254  remote = ce->remote;
255  }
256 
257  /* HTTP remote hostname does not need to be resolved */
258  if (!ce->http_proxy_options)
259  {
260  status = do_preresolve_host(c, remote, ce->remote_port, ce->af, flags);
261  if (status != 0)
262  {
263  goto err;
264  }
265  }
266 
267  /* Preresolve proxy */
268  if (ce->http_proxy_options)
269  {
270  status = do_preresolve_host(c,
273  ce->af,
274  preresolve_flags);
275 
276  if (status != 0)
277  {
278  goto err;
279  }
280  }
281 
282  if (ce->socks_proxy_server)
283  {
284  status = do_preresolve_host(c,
285  ce->socks_proxy_server,
286  ce->socks_proxy_port,
287  ce->af,
288  flags);
289  if (status != 0)
290  {
291  goto err;
292  }
293  }
294 
295  if (ce->bind_local)
296  {
297  flags |= GETADDR_PASSIVE;
298  flags &= ~GETADDR_RANDOMIZE;
299  status = do_preresolve_host(c, ce->local, ce->local_port, ce->af, flags);
300  if (status != 0)
301  {
302  goto err;
303  }
304 
305  }
306 
307  }
308  return;
309 
310 err:
311  throw_signal_soft(SIGHUP, "Preresolving failed");
312 }
313 
314 /*
315  * Translate IPv4/IPv6 addr or hostname into struct addrinfo
316  * If resolve error, try again for resolve_retry_seconds seconds.
317  */
318 int
320  const char *hostname,
321  const char *servname,
322  int resolve_retry_seconds,
323  volatile int *signal_received,
324  int ai_family,
325  struct addrinfo **res)
326 {
327  struct addrinfo hints;
328  int status;
329  int sigrec = 0;
330  int msglevel = (flags & GETADDR_FATAL) ? M_FATAL : D_RESOLVE_ERRORS;
331  struct gc_arena gc = gc_new();
332  const char *print_hostname;
333  const char *print_servname;
334 
335  ASSERT(res);
336 
337  ASSERT(hostname || servname);
338  ASSERT(!(flags & GETADDR_HOST_ORDER));
339 
340  if (servname)
341  {
342  print_servname = servname;
343  }
344  else
345  {
346  print_servname = "";
347  }
348 
349  if (flags & GETADDR_MSG_VIRT_OUT)
350  {
351  msglevel |= M_MSG_VIRT_OUT;
352  }
353 
355  && !signal_received)
356  {
357  signal_received = &sigrec;
358  }
359 
360  /* try numeric ipv6 addr first */
361  CLEAR(hints);
362  hints.ai_family = ai_family;
363  hints.ai_flags = AI_NUMERICHOST;
364 
365  if (flags & GETADDR_PASSIVE)
366  {
367  hints.ai_flags |= AI_PASSIVE;
368  }
369 
370  if (flags & GETADDR_DATAGRAM)
371  {
372  hints.ai_socktype = SOCK_DGRAM;
373  }
374  else
375  {
376  hints.ai_socktype = SOCK_STREAM;
377  }
378 
379  status = getaddrinfo(hostname, servname, &hints, res);
380 
381  if (status != 0) /* parse as numeric address failed? */
382  {
383  const int fail_wait_interval = 5; /* seconds */
384  /* Add +4 to cause integer division rounding up (1 + 4) = 5, (0+4)/5=0 */
385  int resolve_retries = (flags & GETADDR_TRY_ONCE) ? 1 :
386  ((resolve_retry_seconds + 4)/ fail_wait_interval);
387  const char *fmt;
388  int level = 0;
389 
390  if (hostname && (flags & GETADDR_RANDOMIZE))
391  {
392  hostname = hostname_randomize(hostname, &gc);
393  }
394 
395  if (hostname)
396  {
397  print_hostname = hostname;
398  }
399  else
400  {
401  print_hostname = "undefined";
402  }
403 
404  fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)";
405  if ((flags & GETADDR_MENTION_RESOLVE_RETRY)
406  && !resolve_retry_seconds)
407  {
408  fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) (I would have retried this name query if you had specified the --resolv-retry option.)";
409  }
410 
411  if (!(flags & GETADDR_RESOLVE) || status == EAI_FAIL)
412  {
413  msg(msglevel, "RESOLVE: Cannot parse IP address: %s:%s (%s)",
414  print_hostname,print_servname, gai_strerror(status));
415  goto done;
416  }
417 
418 #ifdef ENABLE_MANAGEMENT
420  {
421  if (management)
422  {
425  NULL,
426  NULL,
427  NULL,
428  NULL,
429  NULL);
430  }
431  }
432 #endif
433 
434  /*
435  * Resolve hostname
436  */
437  while (true)
438  {
439 #ifndef _WIN32
440  res_init();
441 #endif
442  /* try hostname lookup */
443  hints.ai_flags &= ~AI_NUMERICHOST;
444  dmsg(D_SOCKET_DEBUG, "GETADDRINFO flags=0x%04x ai_family=%d ai_socktype=%d",
445  flags, hints.ai_family, hints.ai_socktype);
446  status = getaddrinfo(hostname, servname, &hints, res);
447 
448  if (signal_received)
449  {
450  get_signal(signal_received);
451  if (*signal_received) /* were we interrupted by a signal? */
452  {
453  if (*signal_received == SIGUSR1) /* ignore SIGUSR1 */
454  {
455  msg(level, "RESOLVE: Ignored SIGUSR1 signal received during DNS resolution attempt");
456  *signal_received = 0;
457  }
458  else
459  {
460  /* turn success into failure (interrupted syscall) */
461  if (0 == status)
462  {
463  ASSERT(res);
464  freeaddrinfo(*res);
465  *res = NULL;
466  status = EAI_AGAIN; /* = temporary failure */
467  errno = EINTR;
468  }
469  goto done;
470  }
471  }
472  }
473 
474  /* success? */
475  if (0 == status)
476  {
477  break;
478  }
479 
480  /* resolve lookup failed, should we
481  * continue or fail? */
482  level = msglevel;
483  if (resolve_retries > 0)
484  {
485  level = D_RESOLVE_ERRORS;
486  }
487 
488  msg(level,
489  fmt,
490  print_hostname,
491  print_servname,
492  gai_strerror(status));
493 
494  if (--resolve_retries <= 0)
495  {
496  goto done;
497  }
498 
499  management_sleep(fail_wait_interval);
500  }
501 
502  ASSERT(res);
503 
504  /* hostname resolve succeeded */
505 
506  /*
507  * Do not choose an IP Addresse by random or change the order *
508  * of IP addresses, doing so will break RFC 3484 address selection *
509  */
510  }
511  else
512  {
513  /* IP address parse succeeded */
514  if (flags & GETADDR_RANDOMIZE)
515  {
516  msg(M_WARN, "WARNING: ignoring --remote-random-hostname because the hostname is an IP address");
517  }
518  }
519 
520 done:
521  if (signal_received && *signal_received)
522  {
523  int level = 0;
524  if (flags & GETADDR_FATAL_ON_SIGNAL)
525  {
526  level = M_FATAL;
527  }
528  else if (flags & GETADDR_WARN_ON_SIGNAL)
529  {
530  level = M_WARN;
531  }
532  msg(level, "RESOLVE: signal received during DNS resolution attempt");
533  }
534 
535  gc_free(&gc);
536  return status;
537 }
538 
539 /*
540  * We do our own inet_aton because the glibc function
541  * isn't very good about error checking.
542  */
543 int
544 openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
545 {
546  unsigned int a, b, c, d;
547 
548  CLEAR(*addr);
549  if (sscanf(dotted_quad, "%u.%u.%u.%u", &a, &b, &c, &d) == 4)
550  {
551  if (a < 256 && b < 256 && c < 256 && d < 256)
552  {
553  addr->s_addr = htonl(a<<24 | b<<16 | c<<8 | d);
554  return OIA_IP; /* good dotted quad */
555  }
556  }
557  if (string_class(dotted_quad, CC_DIGIT|CC_DOT, 0))
558  {
559  return OIA_ERROR; /* probably a badly formatted dotted quad */
560  }
561  else
562  {
563  return OIA_HOSTNAME; /* probably a hostname */
564  }
565 }
566 
567 bool
568 ip_addr_dotted_quad_safe(const char *dotted_quad)
569 {
570  /* verify non-NULL */
571  if (!dotted_quad)
572  {
573  return false;
574  }
575 
576  /* verify length is within limits */
577  if (strlen(dotted_quad) > 15)
578  {
579  return false;
580  }
581 
582  /* verify that all chars are either numeric or '.' and that no numeric
583  * substring is greater than 3 chars */
584  {
585  int nnum = 0;
586  const char *p = dotted_quad;
587  int c;
588 
589  while ((c = *p++))
590  {
591  if (c >= '0' && c <= '9')
592  {
593  ++nnum;
594  if (nnum > 3)
595  {
596  return false;
597  }
598  }
599  else if (c == '.')
600  {
601  nnum = 0;
602  }
603  else
604  {
605  return false;
606  }
607  }
608  }
609 
610  /* verify that string will convert to IP address */
611  {
612  struct in_addr a;
613  return openvpn_inet_aton(dotted_quad, &a) == OIA_IP;
614  }
615 }
616 
617 bool
618 ipv6_addr_safe(const char *ipv6_text_addr)
619 {
620  /* verify non-NULL */
621  if (!ipv6_text_addr)
622  {
623  return false;
624  }
625 
626  /* verify length is within limits */
627  if (strlen(ipv6_text_addr) > INET6_ADDRSTRLEN)
628  {
629  return false;
630  }
631 
632  /* verify that string will convert to IPv6 address */
633  {
634  struct in6_addr a6;
635  return inet_pton( AF_INET6, ipv6_text_addr, &a6 ) == 1;
636  }
637 }
638 
639 static bool
640 dns_addr_safe(const char *addr)
641 {
642  if (addr)
643  {
644  const size_t len = strlen(addr);
645  return len > 0 && len <= 255 && string_class(addr, CC_ALNUM|CC_DASH|CC_DOT, 0);
646  }
647  else
648  {
649  return false;
650  }
651 }
652 
653 bool
654 ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
655 {
656  if (ip_addr_dotted_quad_safe(addr))
657  {
658  return true;
659  }
660  else if (allow_fqdn)
661  {
662  return dns_addr_safe(addr);
663  }
664  else
665  {
666  return false;
667  }
668 }
669 
670 bool
671 mac_addr_safe(const char *mac_addr)
672 {
673  /* verify non-NULL */
674  if (!mac_addr)
675  {
676  return false;
677  }
678 
679  /* verify length is within limits */
680  if (strlen(mac_addr) > 17)
681  {
682  return false;
683  }
684 
685  /* verify that all chars are either alphanumeric or ':' and that no
686  * alphanumeric substring is greater than 2 chars */
687  {
688  int nnum = 0;
689  const char *p = mac_addr;
690  int c;
691 
692  while ((c = *p++))
693  {
694  if ( (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') )
695  {
696  ++nnum;
697  if (nnum > 2)
698  {
699  return false;
700  }
701  }
702  else if (c == ':')
703  {
704  nnum = 0;
705  }
706  else
707  {
708  return false;
709  }
710  }
711  }
712 
713  /* error-checking is left to script invoked in lladdr.c */
714  return true;
715 }
716 
717 static int
719 {
720 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
721  int val;
722  socklen_t len;
723 
724  len = sizeof(val);
725  if (getsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *) &val, &len) == 0
726  && len == sizeof(val))
727  {
728  return val;
729  }
730 #endif
731  return 0;
732 }
733 
734 static void
735 socket_set_sndbuf(int sd, int size)
736 {
737 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
738  if (setsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *) &size, sizeof(size)) != 0)
739  {
740  msg(M_WARN, "NOTE: setsockopt SO_SNDBUF=%d failed", size);
741  }
742 #endif
743 }
744 
745 static int
747 {
748 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
749  int val;
750  socklen_t len;
751 
752  len = sizeof(val);
753  if (getsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *) &val, &len) == 0
754  && len == sizeof(val))
755  {
756  return val;
757  }
758 #endif
759  return 0;
760 }
761 
762 static bool
763 socket_set_rcvbuf(int sd, int size)
764 {
765 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
766  if (setsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *) &size, sizeof(size)) != 0)
767  {
768  msg(M_WARN, "NOTE: setsockopt SO_RCVBUF=%d failed", size);
769  return false;
770  }
771  return true;
772 #endif
773 }
774 
775 static void
776 socket_set_buffers(int fd, const struct socket_buffer_size *sbs)
777 {
778  if (sbs)
779  {
780  const int sndbuf_old = socket_get_sndbuf(fd);
781  const int rcvbuf_old = socket_get_rcvbuf(fd);
782 
783  if (sbs->sndbuf)
784  {
785  socket_set_sndbuf(fd, sbs->sndbuf);
786  }
787 
788  if (sbs->rcvbuf)
789  {
790  socket_set_rcvbuf(fd, sbs->rcvbuf);
791  }
792 
793  msg(D_OSBUF, "Socket Buffers: R=[%d->%d] S=[%d->%d]",
794  rcvbuf_old,
795  socket_get_rcvbuf(fd),
796  sndbuf_old,
797  socket_get_sndbuf(fd));
798  }
799 }
800 
801 /*
802  * Set other socket options
803  */
804 
805 static bool
806 socket_set_tcp_nodelay(int sd, int state)
807 {
808 #if defined(_WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY))
809  if (setsockopt(sd, IPPROTO_TCP, TCP_NODELAY, (void *) &state, sizeof(state)) != 0)
810  {
811  msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed", state);
812  return false;
813  }
814  else
815  {
816  dmsg(D_OSBUF, "Socket flags: TCP_NODELAY=%d succeeded", state);
817  return true;
818  }
819 #else /* if defined(_WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY)) */
820  msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed (No kernel support)", state);
821  return false;
822 #endif
823 }
824 
825 static inline void
826 socket_set_mark(int sd, int mark)
827 {
828 #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
829  if (mark && setsockopt(sd, SOL_SOCKET, SO_MARK, (void *) &mark, sizeof(mark)) != 0)
830  {
831  msg(M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark);
832  }
833 #endif
834 }
835 
836 static bool
837 socket_set_flags(int sd, unsigned int sockflags)
838 {
839  if (sockflags & SF_TCP_NODELAY)
840  {
841  return socket_set_tcp_nodelay(sd, 1);
842  }
843  else
844  {
845  return true;
846  }
847 }
848 
849 bool
850 link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
851 {
852  if (ls && socket_defined(ls->sd))
853  {
854  return socket_set_flags(ls->sd, ls->sockflags = sockflags);
855  }
856  else
857  {
858  return false;
859  }
860 }
861 
862 void
863 link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf)
864 {
865  if (ls && socket_defined(ls->sd))
866  {
867  ls->socket_buffer_sizes.sndbuf = sndbuf;
868  ls->socket_buffer_sizes.rcvbuf = rcvbuf;
870  }
871 }
872 
873 /*
874  * SOCKET INITALIZATION CODE.
875  * Create a TCP/UDP socket
876  */
877 
879 create_socket_tcp(struct addrinfo *addrinfo)
880 {
882 
883  ASSERT(addrinfo);
884  ASSERT(addrinfo->ai_socktype == SOCK_STREAM);
885 
886  if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
887  {
888  msg(M_ERR, "Cannot create TCP socket");
889  }
890 
891 #ifndef _WIN32 /* using SO_REUSEADDR on Windows will cause bind to succeed on port conflicts! */
892  /* set SO_REUSEADDR on socket */
893  {
894  int on = 1;
895  if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR,
896  (void *) &on, sizeof(on)) < 0)
897  {
898  msg(M_ERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP socket");
899  }
900  }
901 #endif
902 
903  /* set socket file descriptor to not pass across execs, so that
904  * scripts don't have access to it */
905  set_cloexec(sd);
906 
907  return sd;
908 }
909 
910 static socket_descriptor_t
911 create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
912 {
914 
915  ASSERT(addrinfo);
916  ASSERT(addrinfo->ai_socktype == SOCK_DGRAM);
917 
918  if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
919  {
920  msg(M_ERR, "UDP: Cannot create UDP/UDP6 socket");
921  }
922 #if ENABLE_IP_PKTINFO
923  else if (flags & SF_USE_IP_PKTINFO)
924  {
925  int pad = 1;
926  if (addrinfo->ai_family == AF_INET)
927  {
928 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
929  if (setsockopt(sd, SOL_IP, IP_PKTINFO,
930  (void *)&pad, sizeof(pad)) < 0)
931  {
932  msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO");
933  }
934 #elif defined(IP_RECVDSTADDR)
935  if (setsockopt(sd, IPPROTO_IP, IP_RECVDSTADDR,
936  (void *)&pad, sizeof(pad)) < 0)
937  {
938  msg(M_ERR, "UDP: failed setsockopt for IP_RECVDSTADDR");
939  }
940 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
941 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
942 #endif
943  }
944  else if (addrinfo->ai_family == AF_INET6)
945  {
946 #ifndef IPV6_RECVPKTINFO /* Some older Darwin platforms require this */
947  if (setsockopt(sd, IPPROTO_IPV6, IPV6_PKTINFO,
948  (void *)&pad, sizeof(pad)) < 0)
949 #else
950  if (setsockopt(sd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
951  (void *)&pad, sizeof(pad)) < 0)
952 #endif
953  { msg(M_ERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");}
954  }
955  }
956 #endif /* if ENABLE_IP_PKTINFO */
957 
958  /* set socket file descriptor to not pass across execs, so that
959  * scripts don't have access to it */
960  set_cloexec(sd);
961 
962  return sd;
963 }
964 
965 static void
966 bind_local(struct link_socket *sock, const sa_family_t ai_family)
967 {
968  /* bind to local address/port */
969  if (sock->bind_local)
970  {
971  if (sock->socks_proxy && sock->info.proto == PROTO_UDP)
972  {
973  socket_bind(sock->ctrl_sd, sock->info.lsa->bind_local,
974  ai_family, "SOCKS", false);
975  }
976  else
977  {
978  socket_bind(sock->sd, sock->info.lsa->bind_local,
979  ai_family,
980  "TCP/UDP", sock->info.bind_ipv6_only);
981  }
982  }
983 }
984 
985 static void
986 create_socket(struct link_socket *sock, struct addrinfo *addr)
987 {
988  if (addr->ai_protocol == IPPROTO_UDP || addr->ai_socktype == SOCK_DGRAM)
989  {
990  sock->sd = create_socket_udp(addr, sock->sockflags);
992 
993  /* Assume that control socket and data socket to the socks proxy
994  * are using the same IP family */
995  if (sock->socks_proxy)
996  {
997  /* Construct a temporary addrinfo to create the socket,
998  * currently resolve two remote addresses is not supported,
999  * TODO: Rewrite the whole resolve_remote */
1000  struct addrinfo addrinfo_tmp = *addr;
1001  addrinfo_tmp.ai_socktype = SOCK_STREAM;
1002  addrinfo_tmp.ai_protocol = IPPROTO_TCP;
1003  sock->ctrl_sd = create_socket_tcp(&addrinfo_tmp);
1004  }
1005  }
1006  else if (addr->ai_protocol == IPPROTO_TCP || addr->ai_socktype == SOCK_STREAM)
1007  {
1008  sock->sd = create_socket_tcp(addr);
1009  }
1010  else
1011  {
1012  ASSERT(0);
1013  }
1014  /* set socket buffers based on --sndbuf and --rcvbuf options */
1015  socket_set_buffers(sock->sd, &sock->socket_buffer_sizes);
1016 
1017  /* set socket to --mark packets with given value */
1018  socket_set_mark(sock->sd, sock->mark);
1019 
1020  bind_local(sock, addr->ai_family);
1021 }
1022 
1023 #ifdef TARGET_ANDROID
1024 static void
1025 protect_fd_nonlocal(int fd, const struct sockaddr *addr)
1026 {
1027  /* pass socket FD to management interface to pass on to VPNService API
1028  * as "protected socket" (exempt from being routed into tunnel)
1029  */
1030  if (addr_local(addr))
1031  {
1032  msg(D_SOCKET_DEBUG, "Address is local, not protecting socket fd %d", fd);
1033  return;
1034  }
1035 
1036  msg(D_SOCKET_DEBUG, "Protecting socket fd %d", fd);
1037  management->connection.fdtosend = fd;
1038  management_android_control(management, "PROTECTFD", __func__);
1039 }
1040 #endif
1041 
1042 /*
1043  * Functions used for establishing a TCP stream connection.
1044  */
1045 static void
1047  const struct addrinfo *local,
1048  bool do_listen,
1049  bool do_set_nonblock)
1050 {
1051  struct gc_arena gc = gc_new();
1052  if (do_listen)
1053  {
1054  ASSERT(local);
1055  msg(M_INFO, "Listening for incoming TCP connection on %s",
1056  print_sockaddr(local->ai_addr, &gc));
1057  if (listen(sd, 1))
1058  {
1059  msg(M_ERR, "TCP: listen() failed");
1060  }
1061  }
1062 
1063  /* set socket to non-blocking mode */
1064  if (do_set_nonblock)
1065  {
1066  set_nonblock(sd);
1067  }
1068 
1069  gc_free(&gc);
1070 }
1071 
1074  struct link_socket_actual *act,
1075  const bool nowait)
1076 {
1077  /* af_addr_size WILL return 0 in this case if AFs other than AF_INET
1078  * are compiled because act is empty here.
1079  * could use getsockname() to support later remote_len check
1080  */
1081  socklen_t remote_len_af = af_addr_size(act->dest.addr.sa.sa_family);
1082  socklen_t remote_len = sizeof(act->dest.addr);
1084 
1085  CLEAR(*act);
1086 
1087 #ifdef HAVE_GETPEERNAME
1088  if (nowait)
1089  {
1090  new_sd = getpeername(sd, &act->dest.addr.sa, &remote_len);
1091 
1092  if (!socket_defined(new_sd))
1093  {
1094  msg(D_LINK_ERRORS | M_ERRNO, "TCP: getpeername() failed");
1095  }
1096  else
1097  {
1098  new_sd = sd;
1099  }
1100  }
1101 #else /* ifdef HAVE_GETPEERNAME */
1102  if (nowait)
1103  {
1104  msg(M_WARN, "TCP: this OS does not provide the getpeername() function");
1105  }
1106 #endif
1107  else
1108  {
1109  new_sd = accept(sd, &act->dest.addr.sa, &remote_len);
1110  }
1111 
1112 #if 0 /* For debugging only, test the effect of accept() failures */
1113  {
1114  static int foo = 0;
1115  ++foo;
1116  if (foo & 1)
1117  {
1118  new_sd = -1;
1119  }
1120  }
1121 #endif
1122 
1123  if (!socket_defined(new_sd))
1124  {
1125  msg(D_LINK_ERRORS | M_ERRNO, "TCP: accept(%d) failed", sd);
1126  }
1127  /* only valid if we have remote_len_af!=0 */
1128  else if (remote_len_af && remote_len != remote_len_af)
1129  {
1130  msg(D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len);
1131  openvpn_close_socket(new_sd);
1132  new_sd = SOCKET_UNDEFINED;
1133  }
1134  else
1135  {
1136  /* set socket file descriptor to not pass across execs, so that
1137  * scripts don't have access to it */
1138  set_cloexec(sd);
1139  }
1140  return new_sd;
1141 }
1142 
1143 static void
1145 {
1146  struct gc_arena gc = gc_new();
1147  msg(M_INFO, "TCP connection established with %s",
1148  print_link_socket_actual(act, &gc));
1149  gc_free(&gc);
1150 }
1151 
1152 static socket_descriptor_t
1154  struct link_socket_actual *act,
1155  const char *remote_dynamic,
1156  const struct addrinfo *local,
1157  bool do_listen,
1158  bool nowait,
1159  volatile int *signal_received)
1160 {
1161  struct gc_arena gc = gc_new();
1162  /* struct openvpn_sockaddr *remote = &act->dest; */
1163  struct openvpn_sockaddr remote_verify = act->dest;
1165 
1166  CLEAR(*act);
1167  socket_do_listen(sd, local, do_listen, true);
1168 
1169  while (true)
1170  {
1171  int status;
1172  fd_set reads;
1173  struct timeval tv;
1174 
1175  FD_ZERO(&reads);
1176  openvpn_fd_set(sd, &reads);
1177  tv.tv_sec = 0;
1178  tv.tv_usec = 0;
1179 
1180  status = select(sd + 1, &reads, NULL, NULL, &tv);
1181 
1182  get_signal(signal_received);
1183  if (*signal_received)
1184  {
1185  gc_free(&gc);
1186  return sd;
1187  }
1188 
1189  if (status < 0)
1190  {
1191  msg(D_LINK_ERRORS | M_ERRNO, "TCP: select() failed");
1192  }
1193 
1194  if (status <= 0)
1195  {
1196  management_sleep(1);
1197  continue;
1198  }
1199 
1200  new_sd = socket_do_accept(sd, act, nowait);
1201 
1202  if (socket_defined(new_sd))
1203  {
1204  struct addrinfo *ai = NULL;
1205  if (remote_dynamic)
1206  {
1207  openvpn_getaddrinfo(0, remote_dynamic, NULL, 1, NULL,
1208  remote_verify.addr.sa.sa_family, &ai);
1209  }
1210 
1211  if (ai && !addrlist_match(&remote_verify, ai))
1212  {
1213  msg(M_WARN,
1214  "TCP NOTE: Rejected connection attempt from %s due to --remote setting",
1215  print_link_socket_actual(act, &gc));
1216  if (openvpn_close_socket(new_sd))
1217  {
1218  msg(M_ERR, "TCP: close socket failed (new_sd)");
1219  }
1220  freeaddrinfo(ai);
1221  }
1222  else
1223  {
1224  if (ai)
1225  {
1226  freeaddrinfo(ai);
1227  }
1228  break;
1229  }
1230  }
1231  management_sleep(1);
1232  }
1233 
1234  if (!nowait && openvpn_close_socket(sd))
1235  {
1236  msg(M_ERR, "TCP: close socket failed (sd)");
1237  }
1238 
1240 
1241  gc_free(&gc);
1242  return new_sd;
1243 }
1244 
1245 /* older mingw versions and WinXP do not have this define,
1246  * but Vista and up support the functionality - just define it here
1247  */
1248 #ifdef _WIN32
1249 #ifndef IPV6_V6ONLY
1250 #define IPV6_V6ONLY 27
1251 #endif
1252 #endif
1253 void
1255  struct addrinfo *local,
1256  int ai_family,
1257  const char *prefix,
1258  bool ipv6only)
1259 {
1260  struct gc_arena gc = gc_new();
1261 
1262  /* FIXME (schwabe)
1263  * getaddrinfo for the bind address might return multiple AF_INET/AF_INET6
1264  * entries for the requested protocol.
1265  * For example if an address has multiple A records
1266  * What is the correct way to deal with it?
1267  */
1268 
1269  struct addrinfo *cur;
1270 
1271  ASSERT(local);
1272 
1273 
1274  /* find the first addrinfo with correct ai_family */
1275  for (cur = local; cur; cur = cur->ai_next)
1276  {
1277  if (cur->ai_family == ai_family)
1278  {
1279  break;
1280  }
1281  }
1282  if (!cur)
1283  {
1284  msg(M_FATAL, "%s: Socket bind failed: Addr to bind has no %s record",
1285  prefix, addr_family_name(ai_family));
1286  }
1287 
1288  if (ai_family == AF_INET6)
1289  {
1290  int v6only = ipv6only ? 1 : 0; /* setsockopt must have an "int" */
1291 
1292  msg(M_INFO, "setsockopt(IPV6_V6ONLY=%d)", v6only);
1293  if (setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (void *) &v6only, sizeof(v6only)))
1294  {
1295  msg(M_NONFATAL|M_ERRNO, "Setting IPV6_V6ONLY=%d failed", v6only);
1296  }
1297  }
1298  if (bind(sd, cur->ai_addr, cur->ai_addrlen))
1299  {
1300  msg(M_FATAL | M_ERRNO, "%s: Socket bind failed on local address %s",
1301  prefix,
1302  print_sockaddr_ex(local->ai_addr, ":", PS_SHOW_PORT, &gc));
1303  }
1304  gc_free(&gc);
1305 }
1306 
1307 int
1309  const struct sockaddr *remote,
1310  int connect_timeout,
1311  volatile int *signal_received)
1312 {
1313  int status = 0;
1314 
1315 #ifdef TARGET_ANDROID
1316  protect_fd_nonlocal(sd, remote);
1317 #endif
1318 
1319 #ifdef CONNECT_NONBLOCK
1320  set_nonblock(sd);
1321  status = connect(sd, remote, af_addr_size(remote->sa_family));
1322  if (status)
1323  {
1324  status = openvpn_errno();
1325  }
1326  if (
1327 #ifdef _WIN32
1328  status == WSAEWOULDBLOCK
1329 #else
1330  status == EINPROGRESS
1331 #endif
1332  )
1333  {
1334  while (true)
1335  {
1336 #if POLL
1337  struct pollfd fds[1];
1338  fds[0].fd = sd;
1339  fds[0].events = POLLOUT;
1340  status = poll(fds, 1, 0);
1341 #else
1342  fd_set writes;
1343  struct timeval tv;
1344 
1345  FD_ZERO(&writes);
1346  openvpn_fd_set(sd, &writes);
1347  tv.tv_sec = 0;
1348  tv.tv_usec = 0;
1349 
1350  status = select(sd + 1, NULL, &writes, NULL, &tv);
1351 #endif
1352  if (signal_received)
1353  {
1354  get_signal(signal_received);
1355  if (*signal_received)
1356  {
1357  status = 0;
1358  break;
1359  }
1360  }
1361  if (status < 0)
1362  {
1363  status = openvpn_errno();
1364  break;
1365  }
1366  if (status <= 0)
1367  {
1368  if (--connect_timeout < 0)
1369  {
1370 #ifdef _WIN32
1371  status = WSAETIMEDOUT;
1372 #else
1373  status = ETIMEDOUT;
1374 #endif
1375  break;
1376  }
1377  management_sleep(1);
1378  continue;
1379  }
1380 
1381  /* got it */
1382  {
1383  int val = 0;
1384  socklen_t len;
1385 
1386  len = sizeof(val);
1387  if (getsockopt(sd, SOL_SOCKET, SO_ERROR, (void *) &val, &len) == 0
1388  && len == sizeof(val))
1389  {
1390  status = val;
1391  }
1392  else
1393  {
1394  status = openvpn_errno();
1395  }
1396  break;
1397  }
1398  }
1399  }
1400 #else /* ifdef CONNECT_NONBLOCK */
1401  status = connect(sd, remote, af_addr_size(remote->sa_family));
1402  if (status)
1403  {
1404  status = openvpn_errno();
1405  }
1406 #endif /* ifdef CONNECT_NONBLOCK */
1407 
1408  return status;
1409 }
1410 
1411 void
1412 set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
1413 {
1414  CLEAR(*actual);
1415  ASSERT(ai);
1416 
1417  if (ai->ai_family == AF_INET)
1418  {
1419  actual->dest.addr.in4 =
1420  *((struct sockaddr_in *) ai->ai_addr);
1421  }
1422  else if (ai->ai_family == AF_INET6)
1423  {
1424  actual->dest.addr.in6 =
1425  *((struct sockaddr_in6 *) ai->ai_addr);
1426  }
1427  else
1428  {
1429  ASSERT(0);
1430  }
1431 
1432 }
1433 
1434 static void
1436  const struct sockaddr *dest,
1437  const int connect_timeout,
1438  struct signal_info *sig_info)
1439 {
1440  struct gc_arena gc = gc_new();
1441  int status;
1442 
1443 #ifdef CONNECT_NONBLOCK
1444  msg(M_INFO, "Attempting to establish TCP connection with %s [nonblock]",
1445  print_sockaddr(dest, &gc));
1446 #else
1447  msg(M_INFO, "Attempting to establish TCP connection with %s",
1448  print_sockaddr(dest, &gc));
1449 #endif
1450 
1451 #ifdef ENABLE_MANAGEMENT
1452  if (management)
1453  {
1456  NULL,
1457  NULL,
1458  NULL,
1459  NULL,
1460  NULL);
1461  }
1462 #endif
1463 
1464  /* Set the actual address */
1465  status = openvpn_connect(*sd, dest, connect_timeout, &sig_info->signal_received);
1466 
1467  get_signal(&sig_info->signal_received);
1468  if (sig_info->signal_received)
1469  {
1470  goto done;
1471  }
1472 
1473  if (status)
1474  {
1475 
1476  msg(D_LINK_ERRORS, "TCP: connect to %s failed: %s",
1477  print_sockaddr(dest, &gc), strerror(status));
1478 
1479  openvpn_close_socket(*sd);
1480  *sd = SOCKET_UNDEFINED;
1481  sig_info->signal_received = SIGUSR1;
1483  }
1484  else
1485  {
1486  msg(M_INFO, "TCP connection established with %s",
1487  print_sockaddr(dest, &gc));
1488  }
1489 
1490 done:
1491  gc_free(&gc);
1492 }
1493 
1494 /* For stream protocols, allocate a buffer to build up packet.
1495  * Called after frame has been finalized. */
1496 
1497 static void
1498 socket_frame_init(const struct frame *frame, struct link_socket *sock)
1499 {
1500 #ifdef _WIN32
1501  overlapped_io_init(&sock->reads, frame, FALSE, false);
1502  overlapped_io_init(&sock->writes, frame, TRUE, false);
1503  sock->rw_handle.read = sock->reads.overlapped.hEvent;
1504  sock->rw_handle.write = sock->writes.overlapped.hEvent;
1505 #endif
1506 
1508  {
1509 #ifdef _WIN32
1510  stream_buf_init(&sock->stream_buf,
1511  &sock->reads.buf_init,
1512  sock->sockflags,
1513  sock->info.proto);
1514 #else
1516  frame,
1517  false,
1519 
1520  stream_buf_init(&sock->stream_buf,
1521  &sock->stream_buf_data,
1522  sock->sockflags,
1523  sock->info.proto);
1524 #endif
1525  }
1526 }
1527 
1528 /*
1529  * Adjust frame structure based on a Path MTU value given
1530  * to us by the OS.
1531  */
1532 void
1533 frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
1534 {
1536 }
1537 
1538 static void
1540 {
1541  struct gc_arena gc = gc_new();
1542 
1543  /* resolve local address if undefined */
1544  if (!sock->info.lsa->bind_local)
1545  {
1548  int status;
1549 
1550  if (proto_is_dgram(sock->info.proto))
1551  {
1552  flags |= GETADDR_DATAGRAM;
1553  }
1554 
1555  /* will return AF_{INET|INET6}from local_host */
1556  status = get_cached_dns_entry(sock->dns_cache,
1557  sock->local_host,
1558  sock->local_port,
1559  af,
1560  flags,
1561  &sock->info.lsa->bind_local);
1562 
1563  if (status)
1564  {
1565  status = openvpn_getaddrinfo(flags, sock->local_host, sock->local_port, 0,
1566  NULL, af, &sock->info.lsa->bind_local);
1567  }
1568 
1569  if (status !=0)
1570  {
1571  msg(M_FATAL, "getaddrinfo() failed for local \"%s:%s\": %s",
1572  sock->local_host, sock->local_port,
1573  gai_strerror(status));
1574  }
1575  }
1576 
1577  gc_free(&gc);
1578 }
1579 
1580 static void
1582  int phase,
1583  const char **remote_dynamic,
1584  volatile int *signal_received)
1585 {
1586  struct gc_arena gc = gc_new();
1587 
1588  /* resolve remote address if undefined */
1589  if (!sock->info.lsa->remote_list)
1590  {
1591  if (sock->remote_host)
1592  {
1593  unsigned int flags = sf2gaf(GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE, sock->sockflags);
1594  int retry = 0;
1595  int status = -1;
1596  struct addrinfo *ai;
1597  if (proto_is_dgram(sock->info.proto))
1598  {
1599  flags |= GETADDR_DATAGRAM;
1600  }
1601 
1603  {
1604  if (phase == 2)
1605  {
1606  flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL);
1607  }
1608  retry = 0;
1609  }
1610  else if (phase == 1)
1611  {
1612  if (sock->resolve_retry_seconds)
1613  {
1614  retry = 0;
1615  }
1616  else
1617  {
1619  retry = 0;
1620  }
1621  }
1622  else if (phase == 2)
1623  {
1624  if (sock->resolve_retry_seconds)
1625  {
1626  flags |= GETADDR_FATAL;
1627  retry = sock->resolve_retry_seconds;
1628  }
1629  else
1630  {
1631  ASSERT(0);
1632  }
1633  }
1634  else
1635  {
1636  ASSERT(0);
1637  }
1638 
1639 
1640  status = get_cached_dns_entry(sock->dns_cache,
1641  sock->remote_host,
1642  sock->remote_port,
1643  sock->info.af,
1644  flags, &ai);
1645  if (status)
1646  {
1647  status = openvpn_getaddrinfo(flags, sock->remote_host, sock->remote_port,
1648  retry, signal_received, sock->info.af, &ai);
1649  }
1650 
1651  if (status == 0)
1652  {
1653  sock->info.lsa->remote_list = ai;
1654  sock->info.lsa->current_remote = ai;
1655 
1656  dmsg(D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d",
1657  flags,
1658  phase,
1659  retry,
1660  signal_received ? *signal_received : -1,
1661  status);
1662  }
1663  if (signal_received)
1664  {
1665  if (*signal_received)
1666  {
1667  goto done;
1668  }
1669  }
1670  if (status!=0)
1671  {
1672  if (signal_received)
1673  {
1674  *signal_received = SIGUSR1;
1675  }
1676  goto done;
1677  }
1678  }
1679  }
1680 
1681  /* should we re-use previous active remote address? */
1683  {
1684  msg(M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
1685  print_link_socket_actual(&sock->info.lsa->actual, &gc));
1686  if (remote_dynamic)
1687  {
1688  *remote_dynamic = NULL;
1689  }
1690  }
1691  else
1692  {
1693  CLEAR(sock->info.lsa->actual);
1694  if (sock->info.lsa->current_remote)
1695  {
1697  sock->info.lsa->current_remote);
1698  }
1699  }
1700 
1701 done:
1702  gc_free(&gc);
1703 }
1704 
1705 
1706 
1707 struct link_socket *
1709 {
1710  struct link_socket *sock;
1711 
1712  ALLOC_OBJ_CLEAR(sock, struct link_socket);
1713  sock->sd = SOCKET_UNDEFINED;
1714  sock->ctrl_sd = SOCKET_UNDEFINED;
1715  return sock;
1716 }
1717 
1718 void
1720  const char *local_host,
1721  const char *local_port,
1722  const char *remote_host,
1723  const char *remote_port,
1724  struct cached_dns_entry *dns_cache,
1725  int proto,
1726  sa_family_t af,
1727  bool bind_ipv6_only,
1728  int mode,
1729  const struct link_socket *accept_from,
1730  struct http_proxy_info *http_proxy,
1731  struct socks_proxy_info *socks_proxy,
1732 #ifdef ENABLE_DEBUG
1733  int gremlin,
1734 #endif
1735  bool bind_local,
1736  bool remote_float,
1737  int inetd,
1738  struct link_socket_addr *lsa,
1739  const char *ipchange_command,
1740  const struct plugin_list *plugins,
1742  int mtu_discover_type,
1743  int rcvbuf,
1744  int sndbuf,
1745  int mark,
1747  unsigned int sockflags)
1748 {
1749  ASSERT(sock);
1750 
1751  sock->local_host = local_host;
1752  sock->local_port = local_port;
1753  sock->remote_host = remote_host;
1754  sock->remote_port = remote_port;
1755  sock->dns_cache = dns_cache;
1756  sock->http_proxy = http_proxy;
1757  sock->socks_proxy = socks_proxy;
1758  sock->bind_local = bind_local;
1759  sock->inetd = inetd;
1762 
1763 #ifdef ENABLE_DEBUG
1764  sock->gremlin = gremlin;
1765 #endif
1766 
1767  sock->socket_buffer_sizes.rcvbuf = rcvbuf;
1768  sock->socket_buffer_sizes.sndbuf = sndbuf;
1769 
1770  sock->sockflags = sockflags;
1771  sock->mark = mark;
1772 
1773  sock->info.proto = proto;
1774  sock->info.af = af;
1775  sock->info.remote_float = remote_float;
1776  sock->info.lsa = lsa;
1777  sock->info.bind_ipv6_only = bind_ipv6_only;
1778  sock->info.ipchange_command = ipchange_command;
1779  sock->info.plugins = plugins;
1781 
1782  sock->mode = mode;
1783  if (mode == LS_MODE_TCP_ACCEPT_FROM)
1784  {
1785  ASSERT(accept_from);
1786  ASSERT(sock->info.proto == PROTO_TCP_SERVER);
1787  ASSERT(!sock->inetd);
1788  sock->sd = accept_from->sd;
1789  /* inherit (possibly guessed) info AF from parent context */
1790  sock->info.af = accept_from->info.af;
1791  }
1792 
1793  /* are we running in HTTP proxy mode? */
1794  if (sock->http_proxy)
1795  {
1796  ASSERT(sock->info.proto == PROTO_TCP_CLIENT);
1797  ASSERT(!sock->inetd);
1798 
1799  /* the proxy server */
1800  sock->remote_host = http_proxy->options.server;
1801  sock->remote_port = http_proxy->options.port;
1802 
1803  /* the OpenVPN server we will use the proxy to connect to */
1804  sock->proxy_dest_host = remote_host;
1805  sock->proxy_dest_port = remote_port;
1806  }
1807  /* or in Socks proxy mode? */
1808  else if (sock->socks_proxy)
1809  {
1810  ASSERT(!sock->inetd);
1811 
1812  /* the proxy server */
1813  sock->remote_host = socks_proxy->server;
1814  sock->remote_port = socks_proxy->port;
1815 
1816  /* the OpenVPN server we will use the proxy to connect to */
1817  sock->proxy_dest_host = remote_host;
1818  sock->proxy_dest_port = remote_port;
1819  }
1820  else
1821  {
1822  sock->remote_host = remote_host;
1823  sock->remote_port = remote_port;
1824  }
1825 
1826  /* bind behavior for TCP server vs. client */
1827  if (sock->info.proto == PROTO_TCP_SERVER)
1828  {
1829  if (sock->mode == LS_MODE_TCP_ACCEPT_FROM)
1830  {
1831  sock->bind_local = false;
1832  }
1833  else
1834  {
1835  sock->bind_local = true;
1836  }
1837  }
1838 
1839  /* were we started by inetd or xinetd? */
1840  if (sock->inetd)
1841  {
1842  ASSERT(sock->info.proto != PROTO_TCP_CLIENT);
1844  sock->sd = inetd_socket_descriptor;
1845  set_cloexec(sock->sd); /* not created by create_socket*() */
1846  }
1847  else if (mode != LS_MODE_TCP_ACCEPT_FROM)
1848  {
1849  if (sock->bind_local)
1850  {
1851  resolve_bind_local(sock, sock->info.af);
1852  }
1853  resolve_remote(sock, 1, NULL, NULL);
1854  }
1855 }
1856 
1857 static
1858 void
1859 phase2_inetd(struct link_socket *sock, const struct frame *frame,
1860  const char *remote_dynamic, volatile int *signal_received)
1861 {
1862  bool remote_changed = false;
1863 
1864  if (sock->info.proto == PROTO_TCP_SERVER)
1865  {
1866  /* AF_INET as default (and fallback) for inetd */
1867  sock->info.lsa->actual.dest.addr.sa.sa_family = AF_INET;
1868 #ifdef HAVE_GETSOCKNAME
1869  {
1870  /* inetd: hint family type for dest = local's */
1871  struct openvpn_sockaddr local_addr;
1872  socklen_t addrlen = sizeof(local_addr);
1873  if (getsockname(sock->sd, &local_addr.addr.sa, &addrlen) == 0)
1874  {
1875  sock->info.lsa->actual.dest.addr.sa.sa_family = local_addr.addr.sa.sa_family;
1876  dmsg(D_SOCKET_DEBUG, "inetd(%s): using sa_family=%d from getsockname(%d)",
1877  proto2ascii(sock->info.proto, sock->info.af, false),
1878  local_addr.addr.sa.sa_family, sock->sd);
1879  }
1880  else
1881  {
1882  msg(M_WARN, "inetd(%s): getsockname(%d) failed, using AF_INET",
1883  proto2ascii(sock->info.proto, sock->info.af, false), sock->sd);
1884  }
1885  }
1886 #else /* ifdef HAVE_GETSOCKNAME */
1887  msg(M_WARN, "inetd(%s): this OS does not provide the getsockname() "
1888  "function, using AF_INET",
1889  proto2ascii(sock->info.proto, false));
1890 #endif /* ifdef HAVE_GETSOCKNAME */
1891  sock->sd =
1892  socket_listen_accept(sock->sd,
1893  &sock->info.lsa->actual,
1894  remote_dynamic,
1895  sock->info.lsa->bind_local,
1896  false,
1897  sock->inetd == INETD_NOWAIT,
1898  signal_received);
1899 
1900  }
1901  ASSERT(!remote_changed);
1902 }
1903 
1904 static void
1906 {
1907  /* set misc socket parameters */
1908  socket_set_flags(sock->sd, sock->sockflags);
1909 
1910  /* set socket to non-blocking mode */
1911  set_nonblock(sock->sd);
1912 
1913  /* set Path MTU discovery options on the socket */
1914  set_mtu_discover_type(sock->sd, sock->mtu_discover_type, sock->info.af);
1915 
1916 #if EXTENDED_SOCKET_ERROR_CAPABILITY
1917  /* if the OS supports it, enable extended error passing on the socket */
1918  set_sock_extended_error_passing(sock->sd);
1919 #endif
1920 }
1921 
1922 
1923 static void
1925 {
1926  struct gc_arena gc = gc_new();
1927  const int msglevel = (sock->mode == LS_MODE_TCP_ACCEPT_FROM) ? D_INIT_MEDIUM : M_INFO;
1928 
1929  /* print local address */
1930  if (sock->inetd)
1931  {
1932  msg(msglevel, "%s link local: [inetd]", proto2ascii(sock->info.proto, sock->info.af, true));
1933  }
1934  else if (sock->bind_local)
1935  {
1936  sa_family_t ai_family = sock->info.lsa->actual.dest.addr.sa.sa_family;
1937  /* Socket is always bound on the first matching address,
1938  * For bound sockets with no remote addr this is the element of
1939  * the list */
1940  struct addrinfo *cur;
1941  for (cur = sock->info.lsa->bind_local; cur; cur = cur->ai_next)
1942  {
1943  if (!ai_family || ai_family == cur->ai_family)
1944  {
1945  break;
1946  }
1947  }
1948  ASSERT(cur);
1949  msg(msglevel, "%s link local (bound): %s",
1950  proto2ascii(sock->info.proto, sock->info.af, true),
1951  print_sockaddr(cur->ai_addr,&gc));
1952  }
1953  else
1954  {
1955  msg(msglevel, "%s link local: (not bound)",
1956  proto2ascii(sock->info.proto, sock->info.af, true));
1957  }
1958 
1959  /* print active remote address */
1960  msg(msglevel, "%s link remote: %s",
1961  proto2ascii(sock->info.proto, sock->info.af, true),
1963  ":",
1965  &gc));
1966  gc_free(&gc);
1967 }
1968 
1969 static void
1970 phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic,
1971  volatile int *signal_received)
1972 {
1973  switch (sock->mode)
1974  {
1975  case LS_MODE_DEFAULT:
1976  sock->sd = socket_listen_accept(sock->sd,
1977  &sock->info.lsa->actual,
1978  remote_dynamic,
1979  sock->info.lsa->bind_local,
1980  true,
1981  false,
1982  signal_received);
1983  break;
1984 
1985  case LS_MODE_TCP_LISTEN:
1986  socket_do_listen(sock->sd,
1987  sock->info.lsa->bind_local,
1988  true,
1989  false);
1990  break;
1991 
1993  sock->sd = socket_do_accept(sock->sd,
1994  &sock->info.lsa->actual,
1995  false);
1996  if (!socket_defined(sock->sd))
1997  {
1998  *signal_received = SIGTERM;
1999  return;
2000  }
2002  break;
2003 
2004  default:
2005  ASSERT(0);
2006  }
2007 }
2008 
2009 
2010 static void
2011 phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
2012 {
2013  bool proxy_retry = false;
2014  do
2015  {
2016  socket_connect(&sock->sd,
2017  sock->info.lsa->current_remote->ai_addr,
2019  sig_info);
2020 
2021  if (sig_info->signal_received)
2022  {
2023  return;
2024  }
2025 
2026  if (sock->http_proxy)
2027  {
2028  proxy_retry = establish_http_proxy_passthru(sock->http_proxy,
2029  sock->sd,
2030  sock->proxy_dest_host,
2031  sock->proxy_dest_port,
2032  sock->server_poll_timeout,
2033  &sock->stream_buf.residual,
2034  &sig_info->signal_received);
2035  }
2036  else if (sock->socks_proxy)
2037  {
2039  sock->sd,
2040  sock->proxy_dest_host,
2041  sock->proxy_dest_port,
2042  &sig_info->signal_received);
2043  }
2044  if (proxy_retry)
2045  {
2046  openvpn_close_socket(sock->sd);
2047  sock->sd = create_socket_tcp(sock->info.lsa->current_remote);
2048  }
2049 
2050  } while (proxy_retry);
2051 
2052 }
2053 
2054 static void
2055 phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
2056 {
2057  socket_connect(&sock->ctrl_sd,
2058  sock->info.lsa->current_remote->ai_addr,
2060  sig_info);
2061 
2062  if (sig_info->signal_received)
2063  {
2064  return;
2065  }
2066 
2068  sock->ctrl_sd,
2069  sock->sd,
2070  &sock->socks_relay.dest,
2071  &sig_info->signal_received);
2072 
2073  if (sig_info->signal_received)
2074  {
2075  return;
2076  }
2077 
2078  sock->remote_host = sock->proxy_dest_host;
2079  sock->remote_port = sock->proxy_dest_port;
2080 
2081  addr_zero_host(&sock->info.lsa->actual.dest);
2082  if (sock->info.lsa->remote_list)
2083  {
2084  freeaddrinfo(sock->info.lsa->remote_list);
2085  sock->info.lsa->current_remote = NULL;
2086  sock->info.lsa->remote_list = NULL;
2087  }
2088 
2089  resolve_remote(sock, 1, NULL, &sig_info->signal_received);
2090 }
2091 
2092 /* finalize socket initialization */
2093 void
2095  const struct frame *frame,
2096  struct signal_info *sig_info)
2097 {
2098  const char *remote_dynamic = NULL;
2099  int sig_save = 0;
2100 
2101  ASSERT(sock);
2102  ASSERT(sig_info);
2103 
2104  if (sig_info->signal_received)
2105  {
2106  sig_save = sig_info->signal_received;
2107  sig_info->signal_received = 0;
2108  }
2109 
2110  /* initialize buffers */
2111  socket_frame_init(frame, sock);
2112 
2113  /*
2114  * Pass a remote name to connect/accept so that
2115  * they can test for dynamic IP address changes
2116  * and throw a SIGUSR1 if appropriate.
2117  */
2118  if (sock->resolve_retry_seconds)
2119  {
2120  remote_dynamic = sock->remote_host;
2121  }
2122 
2123  /* were we started by inetd or xinetd? */
2124  if (sock->inetd)
2125  {
2126  phase2_inetd(sock, frame, remote_dynamic, &sig_info->signal_received);
2127  if (sig_info->signal_received)
2128  {
2129  goto done;
2130  }
2131 
2132  }
2133  else
2134  {
2135  /* Second chance to resolv/create socket */
2136  resolve_remote(sock, 2, &remote_dynamic, &sig_info->signal_received);
2137 
2138  /* If a valid remote has been found, create the socket with its addrinfo */
2139  if (sock->info.lsa->current_remote)
2140  {
2141  create_socket(sock, sock->info.lsa->current_remote);
2142  }
2143 
2144  /* If socket has not already been created create it now */
2145  if (sock->sd == SOCKET_UNDEFINED)
2146  {
2147  /* If we have no --remote and have still not figured out the
2148  * protocol family to use we will use the first of the bind */
2149 
2150  if (sock->bind_local && !sock->remote_host && sock->info.lsa->bind_local)
2151  {
2152  /* Warn if this is because neither v4 or v6 was specified
2153  * and we should not connect a remote */
2154  if (sock->info.af == AF_UNSPEC)
2155  {
2156  msg(M_WARN, "Could not determine IPv4/IPv6 protocol. Using %s",
2157  addr_family_name(sock->info.lsa->bind_local->ai_family));
2158  sock->info.af = sock->info.lsa->bind_local->ai_family;
2159  }
2160 
2161  create_socket(sock, sock->info.lsa->bind_local);
2162  }
2163  }
2164 
2165  /* Socket still undefined, give a warning and abort connection */
2166  if (sock->sd == SOCKET_UNDEFINED)
2167  {
2168  msg(M_WARN, "Could not determine IPv4/IPv6 protocol");
2169  sig_info->signal_received = SIGUSR1;
2170  goto done;
2171  }
2172 
2173  if (sig_info->signal_received)
2174  {
2175  goto done;
2176  }
2177 
2178  if (sock->info.proto == PROTO_TCP_SERVER)
2179  {
2180  phase2_tcp_server(sock, remote_dynamic,
2181  &sig_info->signal_received);
2182  }
2183  else if (sock->info.proto == PROTO_TCP_CLIENT)
2184  {
2185  phase2_tcp_client(sock, sig_info);
2186 
2187  }
2188  else if (sock->info.proto == PROTO_UDP && sock->socks_proxy)
2189  {
2190  phase2_socks_client(sock, sig_info);
2191  }
2192 #ifdef TARGET_ANDROID
2193  if (sock->sd != -1)
2194  {
2195  protect_fd_nonlocal(sock->sd, &sock->info.lsa->actual.dest.addr.sa);
2196  }
2197 #endif
2198  if (sig_info->signal_received)
2199  {
2200  goto done;
2201  }
2202  }
2203 
2205  linksock_print_addr(sock);
2206 
2207 done:
2208  if (sig_save)
2209  {
2210  if (!sig_info->signal_received)
2211  {
2212  sig_info->signal_received = sig_save;
2213  }
2214  }
2215 }
2216 
2217 void
2219 {
2220  if (sock)
2221  {
2222 #ifdef ENABLE_DEBUG
2223  const int gremlin = GREMLIN_CONNECTION_FLOOD_LEVEL(sock->gremlin);
2224 #else
2225  const int gremlin = 0;
2226 #endif
2227 
2228  if (socket_defined(sock->sd))
2229  {
2230 #ifdef _WIN32
2231  close_net_event_win32(&sock->listen_handle, sock->sd, 0);
2232 #endif
2233  if (!gremlin)
2234  {
2235  msg(D_LOW, "TCP/UDP: Closing socket");
2236  if (openvpn_close_socket(sock->sd))
2237  {
2238  msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket failed");
2239  }
2240  }
2241  sock->sd = SOCKET_UNDEFINED;
2242 #ifdef _WIN32
2243  if (!gremlin)
2244  {
2245  overlapped_io_close(&sock->reads);
2246  overlapped_io_close(&sock->writes);
2247  }
2248 #endif
2249  }
2250 
2251  if (socket_defined(sock->ctrl_sd))
2252  {
2253  if (openvpn_close_socket(sock->ctrl_sd))
2254  {
2255  msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket (ctrl_sd) failed");
2256  }
2257  sock->ctrl_sd = SOCKET_UNDEFINED;
2258  }
2259 
2260  stream_buf_close(&sock->stream_buf);
2261  free_buf(&sock->stream_buf_data);
2262  if (!gremlin)
2263  {
2264  free(sock);
2265  }
2266  }
2267 }
2268 
2269 /* for stream protocols, allow for packet length prefix */
2270 void
2272 {
2274  {
2276  }
2277 }
2278 
2279 void
2280 setenv_trusted(struct env_set *es, const struct link_socket_info *info)
2281 {
2282  setenv_link_socket_actual(es, "trusted", &info->lsa->actual, SA_IP_PORT);
2283 }
2284 
2285 static void
2286 ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
2287 {
2288  const char *host = print_sockaddr_ex(&info->lsa->actual.dest.addr.sa, " ", PS_SHOW_PORT, gc);
2289  if (include_cmd)
2290  {
2291  argv_parse_cmd(argv, info->ipchange_command);
2292  argv_printf_cat(argv, "%s", host);
2293  }
2294  else
2295  {
2296  argv_printf(argv, "%s", host);
2297  }
2298 
2299 }
2300 
2301 void
2303  struct link_socket_info *info,
2304  const struct link_socket_actual *act,
2305  const char *common_name,
2306  struct env_set *es)
2307 {
2308  struct gc_arena gc = gc_new();
2309 
2310  info->lsa->actual = *act; /* Note: skip this line for --force-dest */
2311  setenv_trusted(es, info);
2312  info->connection_established = true;
2313 
2314  /* Print connection initiated message, with common name if available */
2315  {
2316  struct buffer out = alloc_buf_gc(256, &gc);
2317  if (common_name)
2318  {
2319  buf_printf(&out, "[%s] ", common_name);
2320  }
2321  buf_printf(&out, "Peer Connection Initiated with %s", print_link_socket_actual(&info->lsa->actual, &gc));
2322  msg(M_INFO, "%s", BSTR(&out));
2323  }
2324 
2325  /* set environmental vars */
2326  setenv_str(es, "common_name", common_name);
2327 
2328  /* Process --ipchange plugin */
2329  if (plugin_defined(info->plugins, OPENVPN_PLUGIN_IPCHANGE))
2330  {
2331  struct argv argv = argv_new();
2332  ipchange_fmt(false, &argv, info, &gc);
2333  if (plugin_call(info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
2334  {
2335  msg(M_WARN, "WARNING: ipchange plugin call failed");
2336  }
2337  argv_reset(&argv);
2338  }
2339 
2340  /* Process --ipchange option */
2341  if (info->ipchange_command)
2342  {
2343  struct argv argv = argv_new();
2344  setenv_str(es, "script_type", "ipchange");
2345  ipchange_fmt(true, &argv, info, &gc);
2346  openvpn_run_script(&argv, es, 0, "--ipchange");
2347  argv_reset(&argv);
2348  }
2349 
2350  gc_free(&gc);
2351 }
2352 
2353 void
2355  const struct link_socket_info *info,
2356  const struct link_socket_actual *from_addr)
2357 {
2358  struct gc_arena gc = gc_new();
2359  struct addrinfo *ai;
2360 
2361  switch (from_addr->dest.addr.sa.sa_family)
2362  {
2363  case AF_INET:
2364  case AF_INET6:
2366  "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
2367  print_link_socket_actual(from_addr, &gc),
2368  (int)from_addr->dest.addr.sa.sa_family,
2369  print_sockaddr_ex(info->lsa->remote_list->ai_addr,":",PS_SHOW_PORT, &gc));
2370  /* print additional remote addresses */
2371  for (ai = info->lsa->remote_list->ai_next; ai; ai = ai->ai_next)
2372  {
2373  msg(D_LINK_ERRORS,"or from peer address: %s",
2374  print_sockaddr_ex(ai->ai_addr,":",PS_SHOW_PORT, &gc));
2375  }
2376  break;
2377  }
2378  buf->len = 0;
2379  gc_free(&gc);
2380 }
2381 
2382 void
2384 {
2385  dmsg(D_READ_WRITE, "TCP/UDP: No outgoing address to send packet");
2386 }
2387 
2388 in_addr_t
2390 {
2391  const struct link_socket_addr *lsa = info->lsa;
2392 
2393 /*
2394  * This logic supports "redirect-gateway" semantic, which
2395  * makes sense only for PF_INET routes over PF_INET endpoints
2396  *
2397  * Maybe in the future consider PF_INET6 endpoints also ...
2398  * by now just ignore it
2399  *
2400  * For --remote entries with multiple addresses this
2401  * only return the actual endpoint we have sucessfully connected to
2402  */
2403  if (lsa->actual.dest.addr.sa.sa_family != AF_INET)
2404  {
2405  return IPV4_INVALID_ADDR;
2406  }
2407 
2409  {
2410  return ntohl(lsa->actual.dest.addr.in4.sin_addr.s_addr);
2411  }
2412  else if (lsa->current_remote)
2413  {
2414  return ntohl(((struct sockaddr_in *)lsa->current_remote->ai_addr)
2415  ->sin_addr.s_addr);
2416  }
2417  else
2418  {
2419  return 0;
2420  }
2421 }
2422 
2423 const struct in6_addr *
2425 {
2426  const struct link_socket_addr *lsa = info->lsa;
2427 
2428 /* This logic supports "redirect-gateway" semantic,
2429  * for PF_INET6 routes over PF_INET6 endpoints
2430  *
2431  * For --remote entries with multiple addresses this
2432  * only return the actual endpoint we have sucessfully connected to
2433  */
2434  if (lsa->actual.dest.addr.sa.sa_family != AF_INET6)
2435  {
2436  return NULL;
2437  }
2438 
2440  {
2441  return &(lsa->actual.dest.addr.in6.sin6_addr);
2442  }
2443  else if (lsa->current_remote)
2444  {
2445  return &(((struct sockaddr_in6 *)lsa->current_remote->ai_addr)->sin6_addr);
2446  }
2447  else
2448  {
2449  return NULL;
2450  }
2451 }
2452 
2453 /*
2454  * Return a status string describing socket state.
2455  */
2456 const char *
2457 socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
2458 {
2459  struct buffer out = alloc_buf_gc(64, gc);
2460  if (s)
2461  {
2462  if (rwflags & EVENT_READ)
2463  {
2464  buf_printf(&out, "S%s",
2465  (s->rwflags_debug & EVENT_READ) ? "R" : "r");
2466 #ifdef _WIN32
2467  buf_printf(&out, "%s",
2469 #endif
2470  }
2471  if (rwflags & EVENT_WRITE)
2472  {
2473  buf_printf(&out, "S%s",
2474  (s->rwflags_debug & EVENT_WRITE) ? "W" : "w");
2475 #ifdef _WIN32
2476  buf_printf(&out, "%s",
2478 #endif
2479  }
2480  }
2481  else
2482  {
2483  buf_printf(&out, "S?");
2484  }
2485  return BSTR(&out);
2486 }
2487 
2488 /*
2489  * Stream buffer functions, used to packetize a TCP
2490  * stream connection.
2491  */
2492 
2493 static inline void
2495 {
2496  dmsg(D_STREAM_DEBUG, "STREAM: RESET");
2497  sb->residual_fully_formed = false;
2498  sb->buf = sb->buf_init;
2499  buf_reset(&sb->next);
2500  sb->len = -1;
2501 }
2502 
2503 void
2505  struct buffer *buf,
2506  const unsigned int sockflags,
2507  const int proto)
2508 {
2509  sb->buf_init = *buf;
2510  sb->maxlen = sb->buf_init.len;
2511  sb->buf_init.len = 0;
2512  sb->residual = alloc_buf(sb->maxlen);
2513  sb->error = false;
2514 #if PORT_SHARE
2515  sb->port_share_state = ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCP_SERVER))
2516  ? PS_ENABLED
2517  : PS_DISABLED;
2518 #endif
2519  stream_buf_reset(sb);
2520 
2521  dmsg(D_STREAM_DEBUG, "STREAM: INIT maxlen=%d", sb->maxlen);
2522 }
2523 
2524 static inline void
2526 {
2527  /* set up 'next' for next i/o read */
2528  sb->next = sb->buf;
2529  sb->next.offset = sb->buf.offset + sb->buf.len;
2530  sb->next.len = (sb->len >= 0 ? sb->len : sb->maxlen) - sb->buf.len;
2531  dmsg(D_STREAM_DEBUG, "STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%d",
2532  sb->buf.offset, sb->buf.len,
2533  sb->next.offset, sb->next.len,
2534  sb->len, sb->maxlen);
2535  ASSERT(sb->next.len > 0);
2536  ASSERT(buf_safe(&sb->buf, sb->next.len));
2537 }
2538 
2539 static inline void
2540 stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
2541 {
2542  dmsg(D_STREAM_DEBUG, "STREAM: GET FINAL len=%d",
2543  buf_defined(&sb->buf) ? sb->buf.len : -1);
2544  ASSERT(buf_defined(&sb->buf));
2545  *buf = sb->buf;
2546 }
2547 
2548 static inline void
2549 stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
2550 {
2551  dmsg(D_STREAM_DEBUG, "STREAM: GET NEXT len=%d",
2552  buf_defined(&sb->next) ? sb->next.len : -1);
2553  ASSERT(buf_defined(&sb->next));
2554  *buf = sb->next;
2555 }
2556 
2557 bool
2559 {
2561  {
2562  ASSERT(buf_copy(&sock->stream_buf.buf, &sock->stream_buf.residual));
2563  ASSERT(buf_init(&sock->stream_buf.residual, 0));
2565  dmsg(D_STREAM_DEBUG, "STREAM: RESIDUAL FULLY FORMED [%s], len=%d",
2566  sock->stream_buf.residual_fully_formed ? "YES" : "NO",
2567  sock->stream_buf.residual.len);
2568  }
2569 
2570  if (!sock->stream_buf.residual_fully_formed)
2571  {
2573  }
2574  return !sock->stream_buf.residual_fully_formed;
2575 }
2576 
2577 bool
2579  int length_added)
2580 {
2581  dmsg(D_STREAM_DEBUG, "STREAM: ADD length_added=%d", length_added);
2582  if (length_added > 0)
2583  {
2584  sb->buf.len += length_added;
2585  }
2586 
2587  /* if length unknown, see if we can get the length prefix from
2588  * the head of the buffer */
2589  if (sb->len < 0 && sb->buf.len >= (int) sizeof(packet_size_type))
2590  {
2591  packet_size_type net_size;
2592 
2593 #if PORT_SHARE
2594  if (sb->port_share_state == PS_ENABLED)
2595  {
2596  if (!is_openvpn_protocol(&sb->buf))
2597  {
2598  msg(D_STREAM_ERRORS, "Non-OpenVPN client protocol detected");
2599  sb->port_share_state = PS_FOREIGN;
2600  sb->error = true;
2601  return false;
2602  }
2603  else
2604  {
2605  sb->port_share_state = PS_DISABLED;
2606  }
2607  }
2608 #endif
2609 
2610  ASSERT(buf_read(&sb->buf, &net_size, sizeof(net_size)));
2611  sb->len = ntohps(net_size);
2612 
2613  if (sb->len < 1 || sb->len > sb->maxlen)
2614  {
2615  msg(M_WARN, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]", sb->len, sb->maxlen);
2616  stream_buf_reset(sb);
2617  sb->error = true;
2618  return false;
2619  }
2620  }
2621 
2622  /* is our incoming packet fully read? */
2623  if (sb->len > 0 && sb->buf.len >= sb->len)
2624  {
2625  /* save any residual data that's part of the next packet */
2626  ASSERT(buf_init(&sb->residual, 0));
2627  if (sb->buf.len > sb->len)
2628  {
2629  ASSERT(buf_copy_excess(&sb->residual, &sb->buf, sb->len));
2630  }
2631  dmsg(D_STREAM_DEBUG, "STREAM: ADD returned TRUE, buf_len=%d, residual_len=%d",
2632  BLEN(&sb->buf),
2633  BLEN(&sb->residual));
2634  return true;
2635  }
2636  else
2637  {
2638  dmsg(D_STREAM_DEBUG, "STREAM: ADD returned FALSE (have=%d need=%d)", sb->buf.len, sb->len);
2639  stream_buf_set_next(sb);
2640  return false;
2641  }
2642 }
2643 
2644 void
2646 {
2647  free_buf(&sb->residual);
2648 }
2649 
2650 /*
2651  * The listen event is a special event whose sole purpose is
2652  * to tell us that there's a new incoming connection on a
2653  * TCP socket, for use in server mode.
2654  */
2655 event_t
2657 {
2658 #ifdef _WIN32
2660  {
2661  init_net_event_win32(&s->listen_handle, FD_ACCEPT, s->sd, 0);
2662  }
2663  return &s->listen_handle;
2664 #else /* ifdef _WIN32 */
2665  return s->sd;
2666 #endif
2667 }
2668 
2669 /*
2670  * Format IP addresses in ascii
2671  */
2672 
2673 const char *
2674 print_sockaddr_ex(const struct sockaddr *sa,
2675  const char *separator,
2676  const unsigned int flags,
2677  struct gc_arena *gc)
2678 {
2679  struct buffer out = alloc_buf_gc(128, gc);
2680  bool addr_is_defined = false;
2681  char hostaddr[NI_MAXHOST] = "";
2682  char servname[NI_MAXSERV] = "";
2683  int status;
2684 
2685  socklen_t salen = 0;
2686  switch (sa->sa_family)
2687  {
2688  case AF_INET:
2689  if (!(flags & PS_DONT_SHOW_FAMILY))
2690  {
2691  buf_puts(&out, "[AF_INET]");
2692  }
2693  salen = sizeof(struct sockaddr_in);
2694  addr_is_defined = ((struct sockaddr_in *) sa)->sin_addr.s_addr != 0;
2695  break;
2696 
2697  case AF_INET6:
2698  if (!(flags & PS_DONT_SHOW_FAMILY))
2699  {
2700  buf_puts(&out, "[AF_INET6]");
2701  }
2702  salen = sizeof(struct sockaddr_in6);
2703  addr_is_defined = !IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) sa)->sin6_addr);
2704  break;
2705 
2706  case AF_UNSPEC:
2707  if (!(flags & PS_DONT_SHOW_FAMILY))
2708  {
2709  return "[AF_UNSPEC]";
2710  }
2711  else
2712  {
2713  return "";
2714  }
2715 
2716  default:
2717  ASSERT(0);
2718  }
2719 
2720  status = getnameinfo(sa, salen, hostaddr, sizeof(hostaddr),
2721  servname, sizeof(servname), NI_NUMERICHOST | NI_NUMERICSERV);
2722 
2723  if (status!=0)
2724  {
2725  buf_printf(&out,"[nameinfo() err: %s]",gai_strerror(status));
2726  return BSTR(&out);
2727  }
2728 
2729  if (!(flags & PS_DONT_SHOW_ADDR))
2730  {
2731  if (addr_is_defined)
2732  {
2733  buf_puts(&out, hostaddr);
2734  }
2735  else
2736  {
2737  buf_puts(&out, "[undef]");
2738  }
2739  }
2740 
2741  if ((flags & PS_SHOW_PORT) || (flags & PS_SHOW_PORT_IF_DEFINED))
2742  {
2743  if (separator)
2744  {
2745  buf_puts(&out, separator);
2746  }
2747 
2748  buf_puts(&out, servname);
2749  }
2750 
2751  return BSTR(&out);
2752 }
2753 
2754 const char *
2756 {
2758 }
2759 
2760 #ifndef IF_NAMESIZE
2761 #define IF_NAMESIZE 16
2762 #endif
2763 
2764 const char *
2766  const char *separator,
2767  const unsigned int flags,
2768  struct gc_arena *gc)
2769 {
2770  if (act)
2771  {
2772  char ifname[IF_NAMESIZE] = "[undef]";
2773  struct buffer out = alloc_buf_gc(128, gc);
2774  buf_printf(&out, "%s", print_sockaddr_ex(&act->dest.addr.sa, separator, flags, gc));
2775 #if ENABLE_IP_PKTINFO
2776  if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(act))
2777  {
2778  switch (act->dest.addr.sa.sa_family)
2779  {
2780  case AF_INET:
2781  {
2782  struct openvpn_sockaddr sa;
2783  CLEAR(sa);
2784  sa.addr.in4.sin_family = AF_INET;
2785 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2786  sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst;
2787  if_indextoname(act->pi.in4.ipi_ifindex, ifname);
2788 #elif defined(IP_RECVDSTADDR)
2789  sa.addr.in4.sin_addr = act->pi.in4;
2790  ifname[0] = 0;
2791 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2792 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
2793 #endif
2794  buf_printf(&out, " (via %s%%%s)",
2795  print_sockaddr_ex(&sa.addr.sa, separator, 0, gc),
2796  ifname);
2797  }
2798  break;
2799 
2800  case AF_INET6:
2801  {
2802  struct sockaddr_in6 sin6;
2803  char buf[INET6_ADDRSTRLEN] = "[undef]";
2804  CLEAR(sin6);
2805  sin6.sin6_family = AF_INET6;
2806  sin6.sin6_addr = act->pi.in6.ipi6_addr;
2807  if_indextoname(act->pi.in6.ipi6_ifindex, ifname);
2808  if (getnameinfo((struct sockaddr *)&sin6, sizeof(struct sockaddr_in6),
2809  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST) == 0)
2810  {
2811  buf_printf(&out, " (via %s%%%s)", buf, ifname);
2812  }
2813  else
2814  {
2815  buf_printf(&out, " (via [getnameinfo() err]%%%s)", ifname);
2816  }
2817  }
2818  break;
2819  }
2820  }
2821 #endif /* if ENABLE_IP_PKTINFO */
2822  return BSTR(&out);
2823  }
2824  else
2825  {
2826  return "[NULL]";
2827  }
2828 }
2829 
2830 /*
2831  * Convert an in_addr_t in host byte order
2832  * to an ascii dotted quad.
2833  */
2834 const char *
2835 print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
2836 {
2837  struct in_addr ia;
2838  struct buffer out = alloc_buf_gc(64, gc);
2839 
2840  if (addr || !(flags & IA_EMPTY_IF_UNDEF))
2841  {
2842  CLEAR(ia);
2843  ia.s_addr = (flags & IA_NET_ORDER) ? addr : htonl(addr);
2844 
2845  buf_printf(&out, "%s", inet_ntoa(ia));
2846  }
2847  return BSTR(&out);
2848 }
2849 
2850 /*
2851  * Convert an in6_addr in host byte order
2852  * to an ascii representation of an IPv6 address
2853  */
2854 const char *
2855 print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
2856 {
2857  struct buffer out = alloc_buf_gc(64, gc);
2858  char tmp_out_buf[64]; /* inet_ntop wants pointer to buffer */
2859 
2860  if (memcmp(&a6, &in6addr_any, sizeof(a6)) != 0
2861  || !(flags & IA_EMPTY_IF_UNDEF))
2862  {
2863  inet_ntop(AF_INET6, &a6, tmp_out_buf, sizeof(tmp_out_buf)-1);
2864  buf_printf(&out, "%s", tmp_out_buf );
2865  }
2866  return BSTR(&out);
2867 }
2868 
2869 #ifndef UINT8_MAX
2870 #define UINT8_MAX 0xff
2871 #endif
2872 
2873 /* add some offset to an ipv6 address
2874  * (add in steps of 8 bits, taking overflow into next round)
2875  */
2876 struct in6_addr
2877 add_in6_addr( struct in6_addr base, uint32_t add )
2878 {
2879  int i;
2880 
2881  for (i = 15; i>=0 && add > 0; i--)
2882  {
2883  register int carry;
2884  register uint32_t h;
2885 
2886  h = (unsigned char) base.s6_addr[i];
2887  base.s6_addr[i] = (h+add) & UINT8_MAX;
2888 
2889  /* using explicit carry for the 8-bit additions will catch
2890  * 8-bit and(!) 32-bit overruns nicely
2891  */
2892  carry = ((h & 0xff) + (add & 0xff)) >> 8;
2893  add = (add>>8) + carry;
2894  }
2895  return base;
2896 }
2897 
2898 /* set environmental variables for ip/port in *addr */
2899 void
2900 setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
2901 {
2902  char name_buf[256];
2903 
2904  char buf[128];
2905  switch (addr->addr.sa.sa_family)
2906  {
2907  case AF_INET:
2908  if (flags & SA_IP_PORT)
2909  {
2910  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
2911  }
2912  else
2913  {
2914  openvpn_snprintf(name_buf, sizeof(name_buf), "%s", name_prefix);
2915  }
2916 
2917  setenv_str(es, name_buf, inet_ntoa(addr->addr.in4.sin_addr));
2918 
2919  if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port)
2920  {
2921  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
2922  setenv_int(es, name_buf, ntohs(addr->addr.in4.sin_port));
2923  }
2924  break;
2925 
2926  case AF_INET6:
2927  if (IN6_IS_ADDR_V4MAPPED( &addr->addr.in6.sin6_addr ))
2928  {
2929  struct in_addr ia;
2930  memcpy(&ia.s_addr, &addr->addr.in6.sin6_addr.s6_addr[12],
2931  sizeof(ia.s_addr));
2932  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
2933  openvpn_snprintf(buf, sizeof(buf), "%s", inet_ntoa(ia) );
2934  }
2935  else
2936  {
2937  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix);
2938  getnameinfo(&addr->addr.sa, sizeof(struct sockaddr_in6),
2939  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
2940  }
2941  setenv_str(es, name_buf, buf);
2942 
2943  if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port)
2944  {
2945  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
2946  setenv_int(es, name_buf, ntohs(addr->addr.in6.sin6_port));
2947  }
2948  break;
2949  }
2950 }
2951 
2952 void
2953 setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
2954 {
2955  if (addr || !(flags & SA_SET_IF_NONZERO))
2956  {
2957  struct openvpn_sockaddr si;
2958  CLEAR(si);
2959  si.addr.in4.sin_family = AF_INET;
2960  si.addr.in4.sin_addr.s_addr = htonl(addr);
2961  setenv_sockaddr(es, name_prefix, &si, flags);
2962  }
2963 }
2964 
2965 void
2967  const char *name_prefix,
2968  const struct in6_addr *addr,
2969  const unsigned int flags)
2970 {
2971  if (!IN6_IS_ADDR_UNSPECIFIED(addr) || !(flags & SA_SET_IF_NONZERO))
2972  {
2973  struct openvpn_sockaddr si;
2974  CLEAR(si);
2975  si.addr.in6.sin6_family = AF_INET6;
2976  si.addr.in6.sin6_addr = *addr;
2977  setenv_sockaddr(es, name_prefix, &si, flags);
2978  }
2979 }
2980 
2981 void
2983  const char *name_prefix,
2984  const struct link_socket_actual *act,
2985  const unsigned int flags)
2986 {
2987  setenv_sockaddr(es, name_prefix, &act->dest, flags);
2988 }
2989 
2990 /*
2991  * Convert protocol names between index and ascii form.
2992  */
2993 
2994 struct proto_names {
2995  const char *short_form;
2996  const char *display_form;
2998  int proto;
2999 };
3000 
3001 /* Indexed by PROTO_x */
3002 static const struct proto_names proto_names[] = {
3003  {"proto-uninitialized", "proto-NONE", AF_UNSPEC, PROTO_NONE},
3004  /* try IPv4 and IPv6 (client), bind dual-stack (server) */
3005  {"udp", "UDP", AF_UNSPEC, PROTO_UDP},
3006  {"tcp-server", "TCP_SERVER", AF_UNSPEC, PROTO_TCP_SERVER},
3007  {"tcp-client", "TCP_CLIENT", AF_UNSPEC, PROTO_TCP_CLIENT},
3008  {"tcp", "TCP", AF_UNSPEC, PROTO_TCP},
3009  /* force IPv4 */
3010  {"udp4", "UDPv4", AF_INET, PROTO_UDP},
3011  {"tcp4-server","TCPv4_SERVER", AF_INET, PROTO_TCP_SERVER},
3012  {"tcp4-client","TCPv4_CLIENT", AF_INET, PROTO_TCP_CLIENT},
3013  {"tcp4", "TCPv4", AF_INET, PROTO_TCP},
3014  /* force IPv6 */
3015  {"udp6","UDPv6", AF_INET6, PROTO_UDP},
3016  {"tcp6-server","TCPv6_SERVER", AF_INET6, PROTO_TCP_SERVER},
3017  {"tcp6-client","TCPv6_CLIENT", AF_INET6, PROTO_TCP_CLIENT},
3018  {"tcp6","TCPv6", AF_INET6, PROTO_TCP},
3019 };
3020 
3021 bool
3023 {
3024  if (proto < 0 || proto >= PROTO_N)
3025  {
3026  ASSERT(0);
3027  }
3028  return proto != PROTO_NONE;
3029 }
3030 bool
3032 {
3033  return proto_is_udp(proto);
3034 }
3035 
3036 bool
3038 {
3039  if (proto < 0 || proto >= PROTO_N)
3040  {
3041  ASSERT(0);
3042  }
3043  return proto == PROTO_UDP;
3044 }
3045 
3046 bool
3048 {
3049  if (proto < 0 || proto >= PROTO_N)
3050  {
3051  ASSERT(0);
3052  }
3053  return proto == PROTO_TCP_CLIENT || proto == PROTO_TCP_SERVER;
3054 }
3055 
3056 int
3057 ascii2proto(const char *proto_name)
3058 {
3059  int i;
3060  for (i = 0; i < SIZE(proto_names); ++i)
3061  {
3062  if (!strcmp(proto_name, proto_names[i].short_form))
3063  {
3064  return proto_names[i].proto;
3065  }
3066  }
3067  return -1;
3068 }
3069 
3071 ascii2af(const char *proto_name)
3072 {
3073  int i;
3074  for (i = 0; i < SIZE(proto_names); ++i)
3075  {
3076  if (!strcmp(proto_name, proto_names[i].short_form))
3077  {
3078  return proto_names[i].proto_af;
3079  }
3080  }
3081  return 0;
3082 }
3083 
3084 const char *
3086 {
3087  unsigned int i;
3088  for (i = 0; i < SIZE(proto_names); ++i)
3089  {
3090  if (proto_names[i].proto_af == af && proto_names[i].proto == proto)
3091  {
3092  if (display_form)
3093  {
3094  return proto_names[i].display_form;
3095  }
3096  else
3097  {
3098  return proto_names[i].short_form;
3099  }
3100  }
3101  }
3102 
3103  return "[unknown protocol]";
3104 }
3105 
3106 const char *
3108 {
3109  struct buffer out = alloc_buf_gc(256, gc);
3110  int i;
3111 
3112  for (i = 0; i < SIZE(proto_names); ++i)
3113  {
3114  if (i)
3115  {
3116  buf_printf(&out, " ");
3117  }
3118  buf_printf(&out, "[%s]", proto_names[i].short_form);
3119  }
3120  return BSTR(&out);
3121 }
3122 
3123 const char *
3125 {
3126  switch (af)
3127  {
3128  case AF_INET: return "AF_INET";
3129 
3130  case AF_INET6: return "AF_INET6";
3131  }
3132  return "AF_UNSPEC";
3133 }
3134 
3135 /*
3136  * Given a local proto, return local proto
3137  * if !remote, or compatible remote proto
3138  * if remote.
3139  *
3140  * This is used for options compatibility
3141  * checking.
3142  *
3143  * IPv6 and IPv4 protocols are comptabile but OpenVPN
3144  * has always sent UDPv4, TCPv4 over the wire. Keep these
3145  * strings for backward compatbility
3146  */
3147 const char *
3148 proto_remote(int proto, bool remote)
3149 {
3150  ASSERT(proto >= 0 && proto < PROTO_N);
3151  if (proto == PROTO_UDP)
3152  {
3153  return "UDPv4";
3154  }
3155 
3156  if ( (remote && proto == PROTO_TCP_CLIENT)
3157  || (!remote && proto == PROTO_TCP_SERVER))
3158  {
3159  return "TCPv4_SERVER";
3160  }
3161  if ( (remote && proto == PROTO_TCP_SERVER)
3162  || (!remote && proto == PROTO_TCP_CLIENT))
3163  {
3164  return "TCPv4_CLIENT";
3165  }
3166 
3167  ASSERT(0);
3168  return ""; /* Make the compiler happy */
3169 }
3170 
3171 /*
3172  * Bad incoming address lengths that differ from what
3173  * we expect are considered to be fatal errors.
3174  */
3175 void
3176 bad_address_length(int actual, int expected)
3177 {
3178  msg(M_FATAL, "ERROR: received strange incoming packet with an address length of %d -- we only accept address lengths of %d.",
3179  actual,
3180  expected);
3181 }
3182 
3183 /*
3184  * Socket Read Routines
3185  */
3186 
3187 int
3189  struct buffer *buf)
3190 {
3191  int len = 0;
3192 
3193  if (!sock->stream_buf.residual_fully_formed)
3194  {
3195 #ifdef _WIN32
3196  len = socket_finalize(sock->sd, &sock->reads, buf, NULL);
3197 #else
3198  struct buffer frag;
3199  stream_buf_get_next(&sock->stream_buf, &frag);
3200  len = recv(sock->sd, BPTR(&frag), BLEN(&frag), MSG_NOSIGNAL);
3201 #endif
3202 
3203  if (!len)
3204  {
3205  sock->stream_reset = true;
3206  }
3207  if (len <= 0)
3208  {
3209  return buf->len = len;
3210  }
3211  }
3212 
3214  || stream_buf_added(&sock->stream_buf, len)) /* packet complete? */
3215  {
3216  stream_buf_get_final(&sock->stream_buf, buf);
3217  stream_buf_reset(&sock->stream_buf);
3218  return buf->len;
3219  }
3220  else
3221  {
3222  return buf->len = 0; /* no error, but packet is still incomplete */
3223  }
3224 }
3225 
3226 #ifndef _WIN32
3227 
3228 #if ENABLE_IP_PKTINFO
3229 
3230 /* make the buffer large enough to handle ancilliary socket data for
3231  * both IPv4 and IPv6 destination addresses, plus padding (see RFC 2292)
3232  */
3233 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3234 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3235  CMSG_SPACE(sizeof(struct in_pktinfo)) )
3236 #else
3237 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3238  CMSG_SPACE(sizeof(struct in_addr)) )
3239 #endif
3240 
3241 static socklen_t
3242 link_socket_read_udp_posix_recvmsg(struct link_socket *sock,
3243  struct buffer *buf,
3244  struct link_socket_actual *from)
3245 {
3246  struct iovec iov;
3247  uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
3248  struct msghdr mesg;
3249  socklen_t fromlen = sizeof(from->dest.addr);
3250 
3251  iov.iov_base = BPTR(buf);
3252  iov.iov_len = buf_forward_capacity_total(buf);
3253  mesg.msg_iov = &iov;
3254  mesg.msg_iovlen = 1;
3255  mesg.msg_name = &from->dest.addr;
3256  mesg.msg_namelen = fromlen;
3257  mesg.msg_control = pktinfo_buf;
3258  mesg.msg_controllen = sizeof pktinfo_buf;
3259  buf->len = recvmsg(sock->sd, &mesg, 0);
3260  if (buf->len >= 0)
3261  {
3262  struct cmsghdr *cmsg;
3263  fromlen = mesg.msg_namelen;
3264  cmsg = CMSG_FIRSTHDR(&mesg);
3265  if (cmsg != NULL
3266  && CMSG_NXTHDR(&mesg, cmsg) == NULL
3267 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3268  && cmsg->cmsg_level == SOL_IP
3269  && cmsg->cmsg_type == IP_PKTINFO
3270  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_pktinfo)) )
3271 #elif defined(IP_RECVDSTADDR)
3272  && cmsg->cmsg_level == IPPROTO_IP
3273  && cmsg->cmsg_type == IP_RECVDSTADDR
3274  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_addr)) )
3275 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3276 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3277 #endif
3278  {
3279 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3280  struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
3281  from->pi.in4.ipi_ifindex = pkti->ipi_ifindex;
3282  from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst;
3283 #elif defined(IP_RECVDSTADDR)
3284  from->pi.in4 = *(struct in_addr *) CMSG_DATA(cmsg);
3285 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3286 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3287 #endif
3288  }
3289  else if (cmsg != NULL
3290  && CMSG_NXTHDR(&mesg, cmsg) == NULL
3291  && cmsg->cmsg_level == IPPROTO_IPV6
3292  && cmsg->cmsg_type == IPV6_PKTINFO
3293  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in6_pktinfo)) )
3294  {
3295  struct in6_pktinfo *pkti6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
3296  from->pi.in6.ipi6_ifindex = pkti6->ipi6_ifindex;
3297  from->pi.in6.ipi6_addr = pkti6->ipi6_addr;
3298  }
3299  else if (cmsg != NULL)
3300  {
3301  msg(M_WARN, "CMSG received that cannot be parsed (cmsg_level=%d, cmsg_type=%d, cmsg=len=%d)", (int)cmsg->cmsg_level, (int)cmsg->cmsg_type, (int)cmsg->cmsg_len );
3302  }
3303  }
3304 
3305  return fromlen;
3306 }
3307 #endif /* if ENABLE_IP_PKTINFO */
3308 
3309 int
3310 link_socket_read_udp_posix(struct link_socket *sock,
3311  struct buffer *buf,
3312  struct link_socket_actual *from)
3313 {
3314  socklen_t fromlen = sizeof(from->dest.addr);
3315  socklen_t expectedlen = af_addr_size(sock->info.af);
3316  addr_zero_host(&from->dest);
3317 #if ENABLE_IP_PKTINFO
3318  /* Both PROTO_UDPv4 and PROTO_UDPv6 */
3319  if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO)
3320  {
3321  fromlen = link_socket_read_udp_posix_recvmsg(sock, buf, from);
3322  }
3323  else
3324 #endif
3325  buf->len = recvfrom(sock->sd, BPTR(buf), buf_forward_capacity(buf), 0,
3326  &from->dest.addr.sa, &fromlen);
3327  /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3328  if (buf->len >= 0 && expectedlen && fromlen != expectedlen)
3329  {
3330  bad_address_length(fromlen, expectedlen);
3331  }
3332  return buf->len;
3333 }
3334 
3335 #endif /* ifndef _WIN32 */
3336 
3337 /*
3338  * Socket Write Routines
3339  */
3340 
3341 int
3343  struct buffer *buf,
3344  struct link_socket_actual *to)
3345 {
3346  packet_size_type len = BLEN(buf);
3347  dmsg(D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset);
3348  ASSERT(len <= sock->stream_buf.maxlen);
3349  len = htonps(len);
3350  ASSERT(buf_write_prepend(buf, &len, sizeof(len)));
3351 #ifdef _WIN32
3352  return link_socket_write_win32(sock, buf, to);
3353 #else
3354  return link_socket_write_tcp_posix(sock, buf, to);
3355 #endif
3356 }
3357 
3358 #if ENABLE_IP_PKTINFO
3359 
3360 size_t
3361 link_socket_write_udp_posix_sendmsg(struct link_socket *sock,
3362  struct buffer *buf,
3363  struct link_socket_actual *to)
3364 {
3365  struct iovec iov;
3366  struct msghdr mesg;
3367  struct cmsghdr *cmsg;
3368  uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
3369 
3370  iov.iov_base = BPTR(buf);
3371  iov.iov_len = BLEN(buf);
3372  mesg.msg_iov = &iov;
3373  mesg.msg_iovlen = 1;
3374  switch (to->dest.addr.sa.sa_family)
3375  {
3376  case AF_INET:
3377  {
3378  mesg.msg_name = &to->dest.addr.sa;
3379  mesg.msg_namelen = sizeof(struct sockaddr_in);
3380  mesg.msg_control = pktinfo_buf;
3381  mesg.msg_flags = 0;
3382 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3383  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
3384  cmsg = CMSG_FIRSTHDR(&mesg);
3385  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
3386  cmsg->cmsg_level = SOL_IP;
3387  cmsg->cmsg_type = IP_PKTINFO;
3388  {
3389  struct in_pktinfo *pkti;
3390  pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
3391  pkti->ipi_ifindex = to->pi.in4.ipi_ifindex;
3392  pkti->ipi_spec_dst = to->pi.in4.ipi_spec_dst;
3393  pkti->ipi_addr.s_addr = 0;
3394  }
3395 #elif defined(IP_RECVDSTADDR)
3396  ASSERT( CMSG_SPACE(sizeof(struct in_addr)) <= sizeof(pktinfo_buf) );
3397  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
3398  cmsg = CMSG_FIRSTHDR(&mesg);
3399  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
3400  cmsg->cmsg_level = IPPROTO_IP;
3401  cmsg->cmsg_type = IP_RECVDSTADDR;
3402  *(struct in_addr *) CMSG_DATA(cmsg) = to->pi.in4;
3403 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3404 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3405 #endif /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3406  break;
3407  }
3408 
3409  case AF_INET6:
3410  {
3411  struct in6_pktinfo *pkti6;
3412  mesg.msg_name = &to->dest.addr.sa;
3413  mesg.msg_namelen = sizeof(struct sockaddr_in6);
3414 
3415  ASSERT( CMSG_SPACE(sizeof(struct in6_pktinfo)) <= sizeof(pktinfo_buf) );
3416  mesg.msg_control = pktinfo_buf;
3417  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
3418  mesg.msg_flags = 0;
3419  cmsg = CMSG_FIRSTHDR(&mesg);
3420  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
3421  cmsg->cmsg_level = IPPROTO_IPV6;
3422  cmsg->cmsg_type = IPV6_PKTINFO;
3423 
3424  pkti6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
3425  pkti6->ipi6_ifindex = to->pi.in6.ipi6_ifindex;
3426  pkti6->ipi6_addr = to->pi.in6.ipi6_addr;
3427  break;
3428  }
3429 
3430  default: ASSERT(0);
3431  }
3432  return sendmsg(sock->sd, &mesg, 0);
3433 }
3434 
3435 #endif /* if ENABLE_IP_PKTINFO */
3436 
3437 /*
3438  * Win32 overlapped socket I/O functions.
3439  */
3440 
3441 #ifdef _WIN32
3442 
3443 int
3444 socket_recv_queue(struct link_socket *sock, int maxsize)
3445 {
3446  if (sock->reads.iostate == IOSTATE_INITIAL)
3447  {
3448  WSABUF wsabuf[1];
3449  int status;
3450 
3451  /* reset buf to its initial state */
3452  if (proto_is_udp(sock->info.proto))
3453  {
3454  sock->reads.buf = sock->reads.buf_init;
3455  }
3456  else if (proto_is_tcp(sock->info.proto))
3457  {
3458  stream_buf_get_next(&sock->stream_buf, &sock->reads.buf);
3459  }
3460  else
3461  {
3462  ASSERT(0);
3463  }
3464 
3465  /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3466  wsabuf[0].buf = BPTR(&sock->reads.buf);
3467  wsabuf[0].len = maxsize ? maxsize : BLEN(&sock->reads.buf);
3468 
3469  /* check for buffer overflow */
3470  ASSERT(wsabuf[0].len <= BLEN(&sock->reads.buf));
3471 
3472  /* the overlapped read will signal this event on I/O completion */
3473  ASSERT(ResetEvent(sock->reads.overlapped.hEvent));
3474  sock->reads.flags = 0;
3475 
3476  if (proto_is_udp(sock->info.proto))
3477  {
3478  sock->reads.addr_defined = true;
3479  sock->reads.addrlen = sizeof(sock->reads.addr6);
3480  status = WSARecvFrom(
3481  sock->sd,
3482  wsabuf,
3483  1,
3484  &sock->reads.size,
3485  &sock->reads.flags,
3486  (struct sockaddr *) &sock->reads.addr,
3487  &sock->reads.addrlen,
3488  &sock->reads.overlapped,
3489  NULL);
3490  }
3491  else if (proto_is_tcp(sock->info.proto))
3492  {
3493  sock->reads.addr_defined = false;
3494  status = WSARecv(
3495  sock->sd,
3496  wsabuf,
3497  1,
3498  &sock->reads.size,
3499  &sock->reads.flags,
3500  &sock->reads.overlapped,
3501  NULL);
3502  }
3503  else
3504  {
3505  status = 0;
3506  ASSERT(0);
3507  }
3508 
3509  if (!status) /* operation completed immediately? */
3510  {
3511  /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3512  int af_len = af_addr_size(sock->info.af);
3513  if (sock->reads.addr_defined && af_len && sock->reads.addrlen != af_len)
3514  {
3515  bad_address_length(sock->reads.addrlen, af_len);
3516  }
3518 
3519  /* since we got an immediate return, we must signal the event object ourselves */
3520  ASSERT(SetEvent(sock->reads.overlapped.hEvent));
3521  sock->reads.status = 0;
3522 
3523  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive immediate return [%d,%d]",
3524  (int) wsabuf[0].len,
3525  (int) sock->reads.size);
3526  }
3527  else
3528  {
3529  status = WSAGetLastError();
3530  if (status == WSA_IO_PENDING) /* operation queued? */
3531  {
3532  sock->reads.iostate = IOSTATE_QUEUED;
3533  sock->reads.status = status;
3534  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive queued [%d]",
3535  (int) wsabuf[0].len);
3536  }
3537  else /* error occurred */
3538  {
3539  struct gc_arena gc = gc_new();
3540  ASSERT(SetEvent(sock->reads.overlapped.hEvent));
3542  sock->reads.status = status;
3543  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive error [%d]: %s",
3544  (int) wsabuf[0].len,
3545  strerror_win32(status, &gc));
3546  gc_free(&gc);
3547  }
3548  }
3549  }
3550  return sock->reads.iostate;
3551 }
3552 
3553 int
3554 socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
3555 {
3556  if (sock->writes.iostate == IOSTATE_INITIAL)
3557  {
3558  WSABUF wsabuf[1];
3559  int status;
3560 
3561  /* make a private copy of buf */
3562  sock->writes.buf = sock->writes.buf_init;
3563  sock->writes.buf.len = 0;
3564  ASSERT(buf_copy(&sock->writes.buf, buf));
3565 
3566  /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3567  wsabuf[0].buf = BPTR(&sock->writes.buf);
3568  wsabuf[0].len = BLEN(&sock->writes.buf);
3569 
3570  /* the overlapped write will signal this event on I/O completion */
3571  ASSERT(ResetEvent(sock->writes.overlapped.hEvent));
3572  sock->writes.flags = 0;
3573 
3574  if (proto_is_udp(sock->info.proto))
3575  {
3576  /* set destination address for UDP writes */
3577  sock->writes.addr_defined = true;
3578  if (to->dest.addr.sa.sa_family == AF_INET6)
3579  {
3580  sock->writes.addr6 = to->dest.addr.in6;
3581  sock->writes.addrlen = sizeof(sock->writes.addr6);
3582  }
3583  else
3584  {
3585  sock->writes.addr = to->dest.addr.in4;
3586  sock->writes.addrlen = sizeof(sock->writes.addr);
3587  }
3588 
3589  status = WSASendTo(
3590  sock->sd,
3591  wsabuf,
3592  1,
3593  &sock->writes.size,
3594  sock->writes.flags,
3595  (struct sockaddr *) &sock->writes.addr,
3596  sock->writes.addrlen,
3597  &sock->writes.overlapped,
3598  NULL);
3599  }
3600  else if (proto_is_tcp(sock->info.proto))
3601  {
3602  /* destination address for TCP writes was established on connection initiation */
3603  sock->writes.addr_defined = false;
3604 
3605  status = WSASend(
3606  sock->sd,
3607  wsabuf,
3608  1,
3609  &sock->writes.size,
3610  sock->writes.flags,
3611  &sock->writes.overlapped,
3612  NULL);
3613  }
3614  else
3615  {
3616  status = 0;
3617  ASSERT(0);
3618  }
3619 
3620  if (!status) /* operation completed immediately? */
3621  {
3623 
3624  /* since we got an immediate return, we must signal the event object ourselves */
3625  ASSERT(SetEvent(sock->writes.overlapped.hEvent));
3626 
3627  sock->writes.status = 0;
3628 
3629  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send immediate return [%d,%d]",
3630  (int) wsabuf[0].len,
3631  (int) sock->writes.size);
3632  }
3633  else
3634  {
3635  status = WSAGetLastError();
3636  if (status == WSA_IO_PENDING) /* operation queued? */
3637  {
3638  sock->writes.iostate = IOSTATE_QUEUED;
3639  sock->writes.status = status;
3640  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send queued [%d]",
3641  (int) wsabuf[0].len);
3642  }
3643  else /* error occurred */
3644  {
3645  struct gc_arena gc = gc_new();
3646  ASSERT(SetEvent(sock->writes.overlapped.hEvent));
3648  sock->writes.status = status;
3649 
3650  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send error [%d]: %s",
3651  (int) wsabuf[0].len,
3652  strerror_win32(status, &gc));
3653 
3654  gc_free(&gc);
3655  }
3656  }
3657  }
3658  return sock->writes.iostate;
3659 }
3660 
3661 int
3663  struct overlapped_io *io,
3664  struct buffer *buf,
3665  struct link_socket_actual *from)
3666 {
3667  int ret = -1;
3668  BOOL status;
3669 
3670  switch (io->iostate)
3671  {
3672  case IOSTATE_QUEUED:
3673  status = WSAGetOverlappedResult(
3674  s,
3675  &io->overlapped,
3676  &io->size,
3677  FALSE,
3678  &io->flags
3679  );
3680  if (status)
3681  {
3682  /* successful return for a queued operation */
3683  if (buf)
3684  {
3685  *buf = io->buf;
3686  }
3687  ret = io->size;
3688  io->iostate = IOSTATE_INITIAL;
3689  ASSERT(ResetEvent(io->overlapped.hEvent));
3690 
3691  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion success [%d]", ret);
3692  }
3693  else
3694  {
3695  /* error during a queued operation */
3696  ret = -1;
3697  if (WSAGetLastError() != WSA_IO_INCOMPLETE)
3698  {
3699  /* if no error (i.e. just not finished yet), then DON'T execute this code */
3700  io->iostate = IOSTATE_INITIAL;
3701  ASSERT(ResetEvent(io->overlapped.hEvent));
3702  msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Socket Completion error");
3703  }
3704  }
3705  break;
3706 
3708  io->iostate = IOSTATE_INITIAL;
3709  ASSERT(ResetEvent(io->overlapped.hEvent));
3710  if (io->status)
3711  {
3712  /* error return for a non-queued operation */
3713  WSASetLastError(io->status);
3714  ret = -1;
3715  msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Socket Completion non-queued error");
3716  }
3717  else
3718  {
3719  /* successful return for a non-queued operation */
3720  if (buf)
3721  {
3722  *buf = io->buf;
3723  }
3724  ret = io->size;
3725  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion non-queued success [%d]", ret);
3726  }
3727  break;
3728 
3729  case IOSTATE_INITIAL: /* were we called without proper queueing? */
3730  WSASetLastError(WSAEINVAL);
3731  ret = -1;
3732  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion BAD STATE");
3733  break;
3734 
3735  default:
3736  ASSERT(0);
3737  }
3738 
3739  /* return from address if requested */
3740  if (from)
3741  {
3742  if (ret >= 0 && io->addr_defined)
3743  {
3744  /* TODO(jjo): streamline this mess */
3745  /* in this func we dont have relevant info about the PF_ of this
3746  * endpoint, as link_socket_actual will be zero for the 1st received packet
3747  *
3748  * Test for inets PF_ possible sizes
3749  */
3750  switch (io->addrlen)
3751  {
3752  case sizeof(struct sockaddr_in):
3753  case sizeof(struct sockaddr_in6):
3754  /* TODO(jjo): for some reason (?) I'm getting 24,28 for AF_INET6
3755  * under _WIN32*/
3756  case sizeof(struct sockaddr_in6)-4:
3757  break;
3758 
3759  default:
3760  bad_address_length(io->addrlen, af_addr_size(io->addr.sin_family));
3761  }
3762 
3763  switch (io->addr.sin_family)
3764  {
3765  case AF_INET:
3766  from->dest.addr.in4 = io->addr;
3767  break;
3768 
3769  case AF_INET6:
3770  from->dest.addr.in6 = io->addr6;
3771  break;
3772  }
3773  }
3774  else
3775  {
3776  CLEAR(from->dest.addr);
3777  }
3778  }
3779 
3780  if (buf)
3781  {
3782  buf->len = ret;
3783  }
3784  return ret;
3785 }
3786 
3787 #endif /* _WIN32 */
3788 
3789 /*
3790  * Socket event notification
3791  */
3792 
3793 unsigned int
3795  struct event_set *es,
3796  unsigned int rwflags,
3797  void *arg,
3798  unsigned int *persistent)
3799 {
3800  if (s)
3801  {
3802  if ((rwflags & EVENT_READ) && !stream_buf_read_setup(s))
3803  {
3804  ASSERT(!persistent);
3805  rwflags &= ~EVENT_READ;
3806  }
3807 
3808 #ifdef _WIN32
3809  if (rwflags & EVENT_READ)
3810  {
3811  socket_recv_queue(s, 0);
3812  }
3813 #endif
3814 
3815  /* if persistent is defined, call event_ctl only if rwflags has changed since last call */
3816  if (!persistent || *persistent != rwflags)
3817  {
3818  event_ctl(es, socket_event_handle(s), rwflags, arg);
3819  if (persistent)
3820  {
3821  *persistent = rwflags;
3822  }
3823  }
3824 
3825  s->rwflags_debug = rwflags;
3826  }
3827  return rwflags;
3828 }
3829 
3830 void
3832 {
3833  if (sd && socket_defined(*sd))
3834  {
3835  openvpn_close_socket(*sd);
3836  *sd = SOCKET_UNDEFINED;
3837  }
3838 }
3839 
3840 #if UNIX_SOCK_SUPPORT
3841 
3842 /*
3843  * code for unix domain sockets
3844  */
3845 
3846 const char *
3847 sockaddr_unix_name(const struct sockaddr_un *local, const char *null)
3848 {
3849  if (local && local->sun_family == PF_UNIX)
3850  {
3851  return local->sun_path;
3852  }
3853  else
3854  {
3855  return null;
3856  }
3857 }
3858 
3860 create_socket_unix(void)
3861 {
3863 
3864  if ((sd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
3865  {
3866  msg(M_ERR, "Cannot create unix domain socket");
3867  }
3868 
3869  /* set socket file descriptor to not pass across execs, so that
3870  * scripts don't have access to it */
3871  set_cloexec(sd);
3872 
3873  return sd;
3874 }
3875 
3876 void
3877 socket_bind_unix(socket_descriptor_t sd,
3878  struct sockaddr_un *local,
3879  const char *prefix)
3880 {
3881  struct gc_arena gc = gc_new();
3882 
3883 #ifdef HAVE_UMASK
3884  const mode_t orig_umask = umask(0);
3885 #endif
3886 
3887  if (bind(sd, (struct sockaddr *) local, sizeof(struct sockaddr_un)))
3888  {
3889  msg(M_FATAL | M_ERRNO,
3890  "%s: Socket bind[%d] failed on unix domain socket %s",
3891  prefix,
3892  (int)sd,
3893  sockaddr_unix_name(local, "NULL"));
3894  }
3895 
3896 #ifdef HAVE_UMASK
3897  umask(orig_umask);
3898 #endif
3899 
3900  gc_free(&gc);
3901 }
3902 
3904 socket_accept_unix(socket_descriptor_t sd,
3905  struct sockaddr_un *remote)
3906 {
3907  socklen_t remote_len = sizeof(struct sockaddr_un);
3908  socket_descriptor_t ret;
3909 
3910  CLEAR(*remote);
3911  ret = accept(sd, (struct sockaddr *) remote, &remote_len);
3912  if (ret >= 0)
3913  {
3914  /* set socket file descriptor to not pass across execs, so that
3915  * scripts don't have access to it */
3916  set_cloexec(ret);
3917  }
3918  return ret;
3919 }
3920 
3921 int
3922 socket_connect_unix(socket_descriptor_t sd,
3923  struct sockaddr_un *remote)
3924 {
3925  int status = connect(sd, (struct sockaddr *) remote, sizeof(struct sockaddr_un));
3926  if (status)
3927  {
3928  status = openvpn_errno();
3929  }
3930  return status;
3931 }
3932 
3933 void
3934 sockaddr_unix_init(struct sockaddr_un *local, const char *path)
3935 {
3936  local->sun_family = PF_UNIX;
3937  strncpynt(local->sun_path, path, sizeof(local->sun_path));
3938 }
3939 
3940 void
3941 socket_delete_unix(const struct sockaddr_un *local)
3942 {
3943  const char *name = sockaddr_unix_name(local, NULL);
3944 #ifdef HAVE_UNLINK
3945  if (name && strlen(name))
3946  {
3947  unlink(name);
3948  }
3949 #endif
3950 }
3951 
3952 bool
3953 unix_socket_get_peer_uid_gid(const socket_descriptor_t sd, int *uid, int *gid)
3954 {
3955 #ifdef HAVE_GETPEEREID
3956  uid_t u;
3957  gid_t g;
3958  if (getpeereid(sd, &u, &g) == -1)
3959  {
3960  return false;
3961  }
3962  if (uid)
3963  {
3964  *uid = u;
3965  }
3966  if (gid)
3967  {
3968  *gid = g;
3969  }
3970  return true;
3971 #elif defined(SO_PEERCRED)
3972  struct ucred peercred;
3973  socklen_t so_len = sizeof(peercred);
3974  if (getsockopt(sd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1)
3975  {
3976  return false;
3977  }
3978  if (uid)
3979  {
3980  *uid = peercred.uid;
3981  }
3982  if (gid)
3983  {
3984  *gid = peercred.gid;
3985  }
3986  return true;
3987 #else /* ifdef HAVE_GETPEEREID */
3988  return false;
3989 #endif /* ifdef HAVE_GETPEEREID */
3990 }
3991 
3992 #endif /* if UNIX_SOCK_SUPPORT */
int status
Definition: win32.h:202
bool string_class(const char *str, const unsigned int inclusive, const unsigned int exclusive)
Definition: buffer.c:1000
#define OPENVPN_STATE_RESOLVE
Definition: manage.h:505
#define PS_SHOW_PORT_IF_DEFINED
Definition: socket.h:345
#define CC_ALNUM
Definition: buffer.h:877
union openvpn_sockaddr::@6 addr
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:343
const char * socks_proxy_port
Definition: options.h:106
struct buffer buf_init
Definition: win32.h:209
#define MSG_NOSIGNAL
Definition: socket.h:256
static int socket_get_rcvbuf(int sd)
Definition: socket.c:746
bool error
Definition: socket.h:140
#define D_INIT_MEDIUM
Definition: errlevel.h:105
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:319
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:525
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:510
#define D_OSBUF
Definition: errlevel.h:91
void free_buf(struct buffer *buf)
Definition: buffer.c:191
static bool openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Definition: misc.h:70
HANDLE read
Definition: win32.h:72
void gc_addspecial(void *addr, void(free_function)(void *), struct gc_arena *a)
Definition: buffer.c:415
struct link_socket * link_socket_new(void)
Definition: socket.c:1708
void init_net_event_win32(struct rw_handle *event, long network_events, socket_descriptor_t sd, unsigned int flags)
Definition: win32.c:218
struct sockaddr_in6 addr6
Definition: win32.h:206
void setenv_trusted(struct env_set *es, const struct link_socket_info *info)
Definition: socket.c:2280
struct argv argv_new(void)
Definition: argv.c:51
struct cached_dns_entry * dns_cache
Definition: openvpn.h:166
int len
Definition: socket.h:138
#define streq(x, y)
Definition: options.h:613
void establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, const char *host, const char *servname, volatile int *signal_received)
Definition: socks.c:444
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition: error.c:825
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Definition: socket.c:84
#define GETADDR_TRY_ONCE
Definition: socket.h:527
sa_family_t ascii2af(const char *proto_name)
Definition: socket.c:3071
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2855
#define M_INFO
Definition: errlevel.h:55
Contains all state information for one tunnel.
Definition: openvpn.h:508
Packet geometry parameters.
Definition: mtu.h:93
bool proto_is_tcp(int proto)
Definition: socket.c:3047
#define SIZE(x)
Definition: basic.h:30
static bool streqnull(const char *a, const char *b)
Definition: socket.c:116
void overlapped_io_init(struct overlapped_io *o, const struct frame *frame, BOOL event_state, bool tuntap_buffer)
Definition: win32.c:165
#define IPv6_UDP_HEADER_SIZE
Definition: socket.h:583
bool proto_is_udp(int proto)
Definition: socket.c:3037
static int af_addr_size(sa_family_t af)
Definition: socket.h:852
#define SA_IP_PORT
Definition: socket.h:401
void throw_signal_soft(const int signum, const char *signal_text)
Definition: sig.c:111
static socket_descriptor_t socket_listen_accept(socket_descriptor_t sd, struct link_socket_actual *act, const char *remote_dynamic, const struct addrinfo *local, bool do_listen, bool nowait, volatile int *signal_received)
Definition: socket.c:1153
DWORD size
Definition: win32.h:200
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition: socket.c:2755
static void gc_free(struct gc_arena *a)
Definition: buffer.h:990
OVERLAPPED overlapped
Definition: win32.h:199
void link_socket_init_phase1(struct link_socket *sock, const char *local_host, const char *local_port, const char *remote_host, const char *remote_port, struct cached_dns_entry *dns_cache, int proto, sa_family_t af, bool bind_ipv6_only, int mode, const struct link_socket *accept_from, struct http_proxy_info *http_proxy, struct socks_proxy_info *socks_proxy, bool bind_local, bool remote_float, int inetd, struct link_socket_addr *lsa, const char *ipchange_command, const struct plugin_list *plugins, int resolve_retry_seconds, int mtu_discover_type, int rcvbuf, int sndbuf, int mark, struct event_timeout *server_poll_timeout, unsigned int sockflags)
Definition: socket.c:1719
bool proto_is_net(int proto)
Definition: socket.c:3022
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
Definition: plugin.h:205
#define IPv6_TCP_HEADER_SIZE
Definition: socket.h:584
static int link_socket_write_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1093
#define OIA_HOSTNAME
Definition: socket.h:460
static bool buf_safe(const struct buffer *buf, int len)
Definition: buffer.h:515
struct man_connection connection
Definition: manage.h:327
unsigned short sa_family_t
Definition: syshead.h:446
#define ASSERT(x)
Definition: error.h:221
Definition: options.h:88
#define SIGUSR1
Definition: config-msvc.h:116
#define SET_MTU_UPPER_BOUND
Definition: mtu.h:221
#define CC_DIGIT
Definition: buffer.h:881
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
static void stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
Definition: socket.c:2540
struct buffer buf_init
Definition: socket.h:131
struct connection_list * connection_list
Definition: options.h:204
int openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
Definition: socket.c:544
#define LS_MODE_DEFAULT
Definition: socket.h:196
unsigned int sockflags
Definition: options.h:330
#define M_FATAL
Definition: error.h:94
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:223
void set_mtu_discover_type(int sd, int mtu_type, sa_family_t proto_af)
Definition: mtu.c:169
const char * proto2ascii_all(struct gc_arena *gc)
Definition: socket.c:3107
int resolve_retry_seconds
Definition: options.h:272
#define SF_TCP_NODELAY
Definition: socket.h:209
#define CLEAR(x)
Definition: basic.h:33
const int proto_overhead[]
Definition: socket.c:46
#define SF_GETADDRINFO_DGRAM
Definition: socket.h:212
#define OPENVPN_STATE_TCP_CONNECT
Definition: manage.h:506
#define D_READ_WRITE
Definition: errlevel.h:162
#define in_addr_t
Definition: config-msvc.h:104
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
Definition: misc.c:777
static void tcp_connection_established(const struct link_socket_actual *act)
Definition: socket.c:1144
void stream_buf_close(struct stream_buf *sb)
Definition: socket.c:2645
const char * port
Definition: proxy.h:46
const char * local_port
Definition: options.h:92
struct cached_dns_entry * next
Definition: socket.h:81
struct sockaddr_in addr
Definition: win32.h:205
bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
Definition: socket.c:850
void stream_buf_init(struct stream_buf *sb, struct buffer *buf, const unsigned int sockflags, const int proto)
Definition: socket.c:2504
#define SIGTERM
Definition: config-msvc.h:118
#define D_RESOLVE_ERRORS
Definition: errlevel.h:60
static void get_signal(volatile int *sig)
Definition: sig.h:92
#define SIGHUP
Definition: config-msvc.h:114
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: misc.c:564
struct buffer residual
Definition: socket.h:132
const char * display_form
Definition: socket.c:2996
#define IA_NET_ORDER
Definition: socket.h:394
#define GETADDR_MENTION_RESOLVE_RETRY
Definition: socket.h:523
Definition: socket.h:75
#define CC_DOT
Definition: buffer.h:894
static bool link_socket_connection_oriented(const struct link_socket *sock)
Definition: socket.h:606
#define openvpn_errno()
Definition: error.h:74
#define D_LOW
Definition: errlevel.h:97
int ascii2proto(const char *proto_name)
Definition: socket.c:3057
static void frame_add_to_extra_frame(struct frame *frame, const int increment)
Definition: mtu.h:274
#define GETADDR_RANDOMIZE
Definition: socket.h:529
void close_net_event_win32(struct rw_handle *event, socket_descriptor_t sd, unsigned int flags)
Definition: win32.c:272
int proto
Definition: socket.c:2998
const char * proto_remote(int proto, bool remote)
Definition: socket.c:3148
static bool buf_read(struct buffer *src, void *dest, int size)
Definition: buffer.h:774
#define INETD_NOWAIT
Definition: socket.h:193
static event_t socket_event_handle(const struct link_socket *s)
Definition: socket.h:1228
int offset
Offset in bytes of the actual content within the allocated memory.
Definition: buffer.h:64
#define PS_SHOW_PORT
Definition: socket.h:346
static socket_descriptor_t create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
Definition: socket.c:911
static int get_cached_dns_entry(struct cached_dns_entry *dns_cache, const char *hostname, const char *servname, int ai_family, int resolve_flags, struct addrinfo **ai)
Definition: socket.c:137
struct sockaddr_in6 in6
Definition: socket.h:70
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
#define GETADDR_DATAGRAM
Definition: socket.h:531
int inet_pton(int af, const char *src, void *dst)
static void phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2011
void link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.c:2354
#define OIA_IP
Definition: socket.h:461
#define openvpn_close_socket(s)
Definition: socket.h:261
int iostate
Definition: win32.h:198
#define LS_MODE_TCP_ACCEPT_FROM
Definition: socket.h:198
struct context_1 c1
Level 1 context.
Definition: openvpn.h:546
#define htonps(x)
Definition: socket.h:58
static void bind_local(struct link_socket *sock, const sa_family_t ai_family)
Definition: socket.c:966
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size)
#define BPTR(buf)
Definition: buffer.h:124
#define IPV4_INVALID_ADDR
Definition: socket.h:428
#define IPv4_UDP_HEADER_SIZE
Definition: socket.h:581
#define OIA_ERROR
Definition: socket.h:462
#define PS_DONT_SHOW_FAMILY
Definition: socket.h:349
#define ntohps(x)
Definition: socket.h:61
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:277
int socket_recv_queue(struct link_socket *sock, int maxsize)
Definition: socket.c:3444
int socket_finalize(SOCKET s, struct overlapped_io *io, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.c:3662
int ai_family
Definition: socket.h:78
static void socket_connect(socket_descriptor_t *sd, const struct sockaddr *dest, const int connect_timeout, struct signal_info *sig_info)
Definition: socket.c:1435
const char * socks_proxy_server
Definition: options.h:105
#define IA_EMPTY_IF_UNDEF
Definition: socket.h:393
#define LS_MODE_TCP_LISTEN
Definition: socket.h:197
#define GETADDR_UPDATE_MANAGEMENT_STATE
Definition: socket.h:528
#define IPv4_TCP_HEADER_SIZE
Definition: socket.h:582
struct buffer next
Definition: socket.h:137
int proto
Definition: options.h:90
void setenv_link_socket_actual(struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, const unsigned int flags)
Definition: socket.c:2982
bool buf_puts(struct buffer *buf, const char *str)
Definition: buffer.c:250
const char * print_link_socket_actual_ex(const struct link_socket_actual *act, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2765
bool ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
Definition: socket.c:654
static struct gc_arena gc_new(void)
Definition: buffer.h:982
#define IOSTATE_IMMEDIATE_RETURN
Definition: win32.h:197
static void openvpn_fd_set(int fd, fd_set *setp)
Definition: fdmisc.h:40
const char * hostname
Definition: socket.h:76
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:376
int inetd_socket_descriptor
Definition: misc.c:85
static bool addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
Definition: socket.h:705
void link_socket_bad_outgoing_addr(void)
Definition: socket.c:2383
static bool addr_defined_ipi(const struct link_socket_actual *lsa)
Definition: socket.h:657
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1017
static void ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
Definition: socket.c:2286
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2835
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition: forward.c:342
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition: buffer.h:749
struct sockaddr_in in4
Definition: socket.h:69
sa_family_t proto_af
Definition: socket.c:2997
#define M_ERR
Definition: error.h:110
static void stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
Definition: socket.c:2549
unsigned __int32 uint32_t
Definition: config-msvc.h:121
#define IOSTATE_QUEUED
Definition: win32.h:196
static void gc_freeaddrinfo_callback(void *addr)
Definition: buffer.h:204
static int socket_defined(const socket_descriptor_t sd)
Definition: syshead.h:494
struct http_proxy_options * http_proxy_options
Definition: options.h:104
static bool link_socket_actual_defined(const struct link_socket_actual *act)
Definition: socket.h:684
int addrlen
Definition: win32.h:208
#define HAVE_IN_PKTINFO
Definition: config-msvc.h:56
void setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
Definition: socket.c:2900
void overlapped_io_close(struct overlapped_io *o)
Definition: win32.c:184
bool stream_buf_read_setup_dowork(struct link_socket *sock)
Definition: socket.c:2558
static bool defined_net_event_win32(const struct rw_handle *event)
Definition: win32.h:84
static void linksock_print_addr(struct link_socket *sock)
Definition: socket.c:1924
static SERVICE_STATUS status
Definition: automatic.c:47
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:536
#define D_SOCKET_DEBUG
Definition: errlevel.h:136
#define ENABLE_DEBUG
Definition: config-msvc.h:9
static bool socket_set_rcvbuf(int sd, int size)
Definition: socket.c:763
int link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.c:3342
void link_socket_init_phase2(struct link_socket *sock, const struct frame *frame, struct signal_info *sig_info)
Definition: socket.c:2094
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:119
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition: socket.c:1254
const struct in6_addr * link_socket_current_remote_ipv6(const struct link_socket_info *info)
Definition: socket.c:2424
struct buffer buf
Definition: socket.h:136
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:3831
void argv_parse_cmd(struct argv *a, const char *s)
Definition: argv.c:329
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:708
struct buffer buf
Definition: win32.h:210
const char * socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
Definition: socket.c:2457
static void resolve_remote(struct link_socket *sock, int phase, const char **remote_dynamic, volatile int *signal_received)
Definition: socket.c:1581
Interface functions to the internal and external multiplexers.
static void phase2_set_socket_flags(struct link_socket *sock)
Definition: socket.c:1905
const char * remote
Definition: options.h:96
#define GETADDR_HOST_ORDER
Definition: socket.h:522
static void stream_buf_reset(struct stream_buf *sb)
Definition: socket.c:2494
static void phase2_inetd(struct link_socket *sock, const struct frame *frame, const char *remote_dynamic, volatile int *signal_received)
Definition: socket.c:1859
#define dmsg
Definition: error.h:174
const char * server
Definition: proxy.h:45
#define SOCKET_UNDEFINED
Definition: syshead.h:486
char * overlapped_io_state_ascii(const struct overlapped_io *o)
Definition: win32.c:197
#define EVENT_READ
Definition: event.h:36
static void socket_set_mark(int sd, int mark)
Definition: socket.c:826
static bool stream_buf_read_setup(struct link_socket *sock)
Definition: socket.h:1013
unsigned int flags
Definition: options.h:134
volatile int source
Definition: sig.h:46
#define BLEN(buf)
Definition: buffer.h:127
static bool socket_set_flags(int sd, unsigned int sockflags)
Definition: socket.c:837
#define FRAME_HEADROOM_MARKER_READ_STREAM
Definition: mtu.h:132
static void socket_frame_init(const struct frame *frame, struct link_socket *sock)
Definition: socket.c:1498
const char * remote_port
Definition: options.h:94
void alloc_buf_sock_tun(struct buffer *buf, const struct frame *frame, const bool tuntap_buffer, const unsigned int align_mask)
Definition: mtu.c:43
#define SA_SET_IF_NONZERO
Definition: socket.h:402
struct connection_entry * array[CONNECTION_LIST_SIZE]
Definition: options.h:151
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1308
static bool buf_defined(const struct buffer *buf)
Definition: buffer.h:210
const char * ip_remote_hint
Definition: options.h:274
unsigned __int8 uint8_t
Definition: config-msvc.h:123
#define SIG_SOURCE_CONNECTION_FAILED
Definition: sig.h:37
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2674
HANDLE write
Definition: win32.h:73
const char * local
Definition: options.h:95
unsigned int socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition: socket.c:3794
void setenv_in6_addr(struct env_set *es, const char *name_prefix, const struct in6_addr *addr, const unsigned int flags)
Definition: socket.c:2966
void frame_set_mtu_dynamic(struct frame *frame, int mtu, unsigned int flags)
Definition: mtu.c:87
volatile int signal_received
Definition: sig.h:45
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition: buffer.h:1054
uint16_t packet_size_type
Definition: socket.h:55
bool plugin_defined(const struct plugin_list *pl, const int type)
Definition: plugin.c:903
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition: socket.c:879
bool ip_addr_dotted_quad_safe(const char *dotted_quad)
Definition: socket.c:568
void argv_printf_cat(struct argv *a, const char *format,...)
Definition: argv.c:320
struct addrinfo * ai
Definition: socket.h:80
void bad_address_length(int actual, int expected)
Definition: socket.c:3176
#define GETADDR_FATAL
Definition: socket.h:521
void socket_adjust_frame_parameters(struct frame *frame, int proto)
Definition: socket.c:2271
SOCKET socket_descriptor_t
Definition: syshead.h:487
static void socket_set_buffers(int fd, const struct socket_buffer_size *sbs)
Definition: socket.c:776
#define D_STREAM_DEBUG
Definition: errlevel.h:167
#define IF_NAMESIZE
Definition: socket.c:2761
static void phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2055
char server[128]
Definition: socks.h:40
#define msg
Definition: error.h:173
bool addr_defined
Definition: win32.h:203
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
static void socket_do_listen(socket_descriptor_t sd, const struct addrinfo *local, bool do_listen, bool do_set_nonblock)
Definition: socket.c:1046
void set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
Definition: socket.c:1412
DWORD flags
Definition: win32.h:201
void set_nonblock(int fd)
Definition: fdmisc.c:71
bool proto_is_dgram(int proto)
Definition: socket.c:3031
int link_socket_read_tcp(struct link_socket *sock, struct buffer *buf)
Definition: socket.c:3188
void frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
Definition: socket.c:1533
#define GETADDR_CACHE_MASK
Definition: socket.h:533
#define buf_init(buf, offset)
Definition: buffer.h:198
bool residual_fully_formed
Definition: socket.h:134
static bool buf_write_prepend(struct buffer *dest, const void *src, int size)
Definition: buffer.h:675
static bool socket_set_tcp_nodelay(int sd, int state)
Definition: socket.c:806
void set_cloexec(int fd)
Definition: fdmisc.c:81
static unsigned int sf2gaf(const unsigned int getaddr_flags, const unsigned int sockflags)
Definition: socket.c:61
const char * port
Definition: socks.h:41
void do_preresolve(struct context *c)
Definition: socket.c:220
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2667
#define IOSTATE_INITIAL
Definition: win32.h:195
int flags
Definition: socket.h:79
static void phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic, volatile int *signal_received)
Definition: socket.c:1970
static void resolve_bind_local(struct link_socket *sock, const sa_family_t af)
Definition: socket.c:1539
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
#define ENABLE_IP_PKTINFO
Definition: syshead.h:431
bool establish_http_proxy_passthru(struct http_proxy_info *p, socket_descriptor_t sd, const char *host, const char *port, struct event_timeout *server_poll_timeout, struct buffer *lookahead, volatile int *signal_received)
Definition: proxy.c:624
#define GETADDR_MSG_VIRT_OUT
Definition: socket.h:526
static bool dns_addr_safe(const char *addr)
Definition: socket.c:640
Definition: misc.h:49
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1073
void setenv_int(struct env_set *es, const char *name, int value)
Definition: misc.c:548
static void addr_zero_host(struct openvpn_sockaddr *addr)
Definition: socket.h:823
static void create_socket(struct link_socket *sock, struct addrinfo *addr)
Definition: socket.c:986
static int buf_forward_capacity_total(const struct buffer *buf)
Definition: buffer.h:554
static int do_preresolve_host(struct context *c, const char *hostname, const char *servname, const int af, const int flags)
Definition: socket.c:166
#define SOL_IP
Definition: syshead.h:439
static void buf_reset(struct buffer *buf)
Definition: buffer.h:285
#define EVENT_WRITE
Definition: event.h:37
void link_socket_connection_initiated(const struct buffer *buf, struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
Definition: socket.c:2302
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
sa_family_t af
Definition: options.h:91
void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, volatile int *signal_received)
Definition: socks.c:507
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing...
Definition: manage.c:4003
bool bind_local
Definition: options.h:100
#define GETADDR_PASSIVE
Definition: socket.h:530
#define SF_PORT_SHARE
Definition: socket.h:210
#define GETADDR_FATAL_ON_SIGNAL
Definition: socket.h:524
#define D_STREAM_ERRORS
Definition: errlevel.h:63
void argv_reset(struct argv *a)
Definition: argv.c:59
#define BSTR(buf)
Definition: buffer.h:129
void link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf)
Definition: socket.c:863
#define PS_DONT_SHOW_ADDR
Definition: socket.h:348
struct gc_arena gc
Garbage collection arena for allocations done in the scope of this context structure.
Definition: openvpn.h:527
static bool addr_local(const struct sockaddr *addr)
Definition: socket.h:636
#define UINT8_MAX
Definition: socket.c:2870
void link_socket_close(struct link_socket *sock)
Definition: socket.c:2218
#define M_ERRNO
Definition: error.h:99
#define PS_SHOW_PKTINFO
Definition: socket.h:347
Definition: argv.h:35
event_t socket_listen_event_handle(struct link_socket *s)
Definition: socket.c:2656
int socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
Definition: socket.c:3554
static int datagram_overhead(int proto)
Definition: socket.h:589
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition: socket.c:3085
void setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
Definition: socket.c:2953
#define D_WIN32_IO
Definition: errlevel.h:168
bool mac_addr_safe(const char *mac_addr)
Definition: socket.c:671
static void stream_buf_set_next(struct stream_buf *sb)
Definition: socket.c:2525
#define M_NONFATAL
Definition: error.h:95
char * dest
Definition: compat-lz4.h:431
#define CC_DASH
Definition: buffer.h:893
#define SF_USE_IP_PKTINFO
Definition: socket.h:208
struct sockaddr sa
Definition: socket.h:68
bool stream_buf_added(struct stream_buf *sb, int length_added)
Definition: socket.c:2578
static void socket_set_sndbuf(int sd, int size)
Definition: socket.c:735
#define GETADDR_RESOLVE
Definition: socket.h:520
const char * short_form
Definition: socket.c:2995
#define SF_HOST_RANDOMIZE
Definition: socket.h:211
#define RESOLV_RETRY_INFINITE
Definition: socket.h:47
#define IPV6_V6ONLY
Definition: socket.c:1250
struct http_proxy_options options
Definition: proxy.h:70
void argv_printf(struct argv *a, const char *format,...)
Definition: argv.c:310
static bool link_socket_proto_connection_oriented(int proto)
Definition: socket.h:600
#define M_WARN
Definition: error.h:96
bool ipv6_addr_safe(const char *ipv6_text_addr)
Definition: socket.c:618
#define D_LINK_ERRORS
Definition: errlevel.h:57
struct in6_addr add_in6_addr(struct in6_addr base, uint32_t add)
Definition: socket.c:2877
int maxlen
Definition: socket.h:133
const char * servname
Definition: socket.h:77
in_addr_t link_socket_current_remote(const struct link_socket_info *info)
Definition: socket.c:2389
static int socket_get_sndbuf(int sd)
Definition: socket.c:718
#define M_MSG_VIRT_OUT
Definition: error.h:104
const char * addr_family_name(int af)
Definition: socket.c:3124