26 #elif defined(_MSC_VER) 33 #include <systemd/sd-daemon.h> 66 #define CF_LOAD_PERSISTED_PACKET_ID (1<<0) 67 #define CF_INIT_TLS_MULTI (1<<1) 68 #define CF_INIT_TLS_AUTH_STANDALONE (1<<2) 112 const char *dev_type,
115 const char *ifconfig_local,
116 const char *ifconfig_remote,
118 const char *signal_text,
119 const char *script_type,
144 if (!ifconfig_remote)
146 ifconfig_remote =
"";
161 ifconfig_local, ifconfig_remote,
166 msg(
M_FATAL,
"ERROR: up/down plugin call failed");
179 ifconfig_local, ifconfig_remote, context);
212 #ifdef ENABLE_MANAGEMENT 222 if (
streq(p[1],
"NONE"))
226 else if (p[2] && p[3])
228 if (
streq(p[1],
"HTTP"))
233 msg(
M_WARN,
"HTTP proxy support only works for TCP based connections");
242 else if (
streq(p[1],
"SOCKS"))
312 const char *parameters)
315 size_t len = strlen(command) + 1 + strlen(parameters) + 1;
343 if (!strcmp(p[1],
"ACCEPT"))
348 else if (!strcmp(p[1],
"SKIP"))
353 else if (!strcmp(p[1],
"MOD") && p[2] && p[3])
386 int ce_changed =
true;
439 for (i = 0; i < l->
len; ++i)
538 msg(
M_FATAL,
"No usable connection profiles are present");
552 #ifdef ENABLE_MANAGEMENT 571 }
while (!ce_defined);
577 msg(
M_FATAL,
"All connections have been connect-retry-max (%d) times unsuccessful, exiting",
599 #ifdef ENABLE_MANAGEMENT 632 bool did_http =
false;
704 #if defined(ENABLE_PKCS11) 708 pkcs11_initialize(
true, c->
options.pkcs11_pin_cache_period);
711 pkcs11_addProvider(c->
options.pkcs11_providers[i], c->
options.pkcs11_protected_authentication[i],
712 c->
options.pkcs11_private_mode[i], c->
options.pkcs11_cert_private[i]);
724 strcpy(up.
username,
"Please insert your cryptographic token");
731 #ifdef ENABLE_SYSTEMD 736 sd_notifyf(0,
"READY=1\nSTATUS=Pre-connection initialization successful\nMAINPID=%lu",
737 (
unsigned long) getpid());
753 close_port_share(
void)
757 port_share_close(port_share);
763 init_port_share(
struct context *c)
765 if (!port_share && (c->
options.port_share_host && c->
options.port_share_port))
767 port_share = port_share_open(c->
options.port_share_host,
770 c->
options.port_share_journal_dir);
771 if (port_share == NULL)
773 msg(
M_FATAL,
"Fatal error: Port sharing failed");
787 crypto_init_dmalloc();
798 if (!gettimeofday(&tv, NULL))
800 const unsigned int seed = (
unsigned int) tv.tv_sec ^ tv.tv_usec;
811 #ifdef OPENVPN_DEBUG_COMMAND_LINE 814 for (i = 0; i < argc; ++i)
831 packet_id_interactive_test();
845 #ifdef IFCONFIG_POOL_TEST 846 ifconfig_pool_test(0x0A010004, 0x0A0100FF);
850 #ifdef CHARACTER_CLASS_DEBUG 851 character_class_debug();
855 #ifdef EXTRACT_X509_FIELD_TEST 865 #ifdef TEST_GET_DEFAULT_GATEWAY 879 const char *fn = gen_path(
"foo",
888 #ifdef STATUS_PRINTF_TEST 897 msg(
M_WARN,
"STATUS_PRINTF_TEST: %s: write error", tmp_file);
911 const int factor = 1;
912 for (i = 0; i < factor * 8; ++i)
919 printf(
"[%d] %s\n", i,
format_hex(rndbuf,
sizeof(rndbuf), 0, &gc));
927 #ifdef BUFFER_LIST_AGGREGATE_TEST 930 static const char *text[] = {
931 "It was a bright cold day in April, ",
932 "and the clocks were striking ",
935 "his chin nuzzled into his breast in an ",
936 "effort to escape the vile wind, ",
937 "slipped quickly through the glass doors ",
938 "of Victory Mansions, though not quickly ",
939 "enough to prevent a swirl of gritty dust from ",
940 "entering along with him." 944 for (listcap = 0; listcap < 12; ++listcap)
946 for (iter = 0; iter < 512; ++iter)
951 for (i = 0; i <
SIZE(text); ++i)
956 printf(
"[cap=%d i=%d] *************************\n", listcap, iter);
994 mstats_open(
"/dev/shm/mstats.dat");
995 for (i = 0; i < 30; ++i)
997 mmap_stats->n_clients += 1;
998 mmap_stats->link_write_bytes += 8;
999 mmap_stats->link_read_bytes += 16;
1015 #ifdef ENABLE_PKCS11 1023 #if defined(MEASURE_TLS_HANDSHAKE_STATS) 1024 show_tls_performance_stats();
1116 msg(
M_USAGE,
"Using --genkey type with --secret filename is " 1117 "not supported. Use --genkey type filename instead.");
1125 msg(
M_USAGE,
"You must provide a filename to either --genkey " 1126 "or --secret, not both");
1135 msg(
M_WARN,
"WARNING: Using --genkey --secret filename is " 1136 "DEPRECATED. Use --genkey secret filename instead.");
1141 if (nbits_written < 0)
1147 "Randomly generated %d bit key written to %s", nbits_written,
1161 "--genkey tls-crypt-v2-client requires a server key to be set via --tls-crypt-v2 to create a client key");
1189 notnull(options->
dev,
"TUN/TAP device (--dev)");
1197 "options --mktun or --rmtun should only be used together with --dev");
1199 #ifdef ENABLE_FEATURE_TUN_PERSIST 1211 "options --mktun and --rmtun are not available on your operating " 1212 "system. Please check 'man tun' (or 'tap'), whether your system " 1213 "supports using 'ifconfig %s create' / 'destroy' to create/remove " 1214 "persistent tunnel interfaces.", options->
dev );
1229 #ifdef ENABLE_SYSTEMD 1231 if (sd_notify(0,
"READY=0") > 0)
1242 #if defined(__APPLE__) && defined(__clang__) 1243 #pragma clang diagnostic push 1244 #pragma clang diagnostic ignored "-Wdeprecated-declarations" 1248 msg(
M_ERR,
"daemon() failed or unsupported");
1250 #if defined(__APPLE__) && defined(__clang__) 1251 #pragma clang diagnostic pop 1270 static const char why_not[] =
"will be delayed because of --client, --pull, or --up-delay";
1284 msg(
M_INFO,
"NOTE: chroot %s", why_not);
1298 msg(
M_INFO,
"NOTE: UID/GID downgrade %s", why_not);
1302 #ifdef ENABLE_MEMSTATS 1305 mstats_open(c->
options.memstats_fn);
1309 #ifdef ENABLE_SELINUX 1316 if (c->
options.selinux_context)
1320 if (-1 == setcon(c->
options.selinux_context))
1322 msg(
M_ERR,
"setcon to '%s' failed; is /proc accessible?", c->
options.selinux_context);
1331 msg(
M_INFO,
"NOTE: setcon %s", why_not);
1474 #ifdef ENABLE_FEATURE_SHAPER 1514 const char *gw = NULL;
1551 const char *gw = NULL;
1569 char *opt_list[] = {
"::/3",
"2000::/4",
"3000::/4",
"fc00::/7", NULL };
1572 for (i = 0; opt_list[i]; i++)
1600 static const char message[] =
"Initialization Sequence Completed";
1627 msg(
M_INFO,
"%s With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )", message);
1629 #ifdef ENABLE_SYSTEMD 1630 sd_notifyf(0,
"STATUS=Failed to start up: %s With Errors\nERRNO=1", message);
1637 #ifdef ENABLE_SYSTEMD 1638 sd_notifyf(0,
"STATUS=%s", message);
1653 #ifdef ENABLE_MANAGEMENT 1658 struct in6_addr *tun_local6 = NULL;
1661 socklen_t sa_len =
sizeof(local);
1662 const char *detail =
"SUCCESS";
1663 if (flags & ISC_ERRORS)
1670 remote = actual->
dest;
1672 #if ENABLE_IP_PKTINFO 1675 switch (local.
addr.
sa.sa_family)
1678 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) 1679 local.
addr.
in4.sin_addr = actual->pi.in4.ipi_spec_dst;
1681 local.
addr.
in4.sin_addr = actual->pi.in4;
1686 local.
addr.
in6.sin6_addr = actual->pi.in6.ipi6_addr;
1725 if (!options->
route_noexec && ( route_list || route_ipv6_list ) )
1731 #ifdef ENABLE_MANAGEMENT 1742 msg(
M_WARN,
"WARNING: route-up plugin call failed");
1810 #ifndef TARGET_ANDROID 1815 #ifdef TARGET_ANDROID 1875 #ifdef TARGET_ANDROID 1945 #ifndef TARGET_ANDROID 1949 msg(
M_INFO,
"Preserving previous TUN/TAP instance: %s",
2026 static_context = NULL;
2028 #ifdef ENABLE_MANAGEMENT 2150 static_context = NULL;
2175 do_up(
struct context *c,
bool pulled_options,
unsigned int option_types_found)
2208 msg(
M_INFO,
"NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.");
2254 unsigned int flags =
2292 msg(
D_PUSH,
"OPTIONS IMPORT: --verb and/or --mute level changed");
2297 msg(
D_PUSH,
"OPTIONS IMPORT: timers and/or timeouts modified");
2304 msg(
D_PUSH,
"OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp");
2309 msg(
D_PUSH,
"OPTIONS IMPORT: explicit notify parm(s) modified");
2316 msg(
D_PUSH,
"OPTIONS IMPORT: compression parms modified");
2317 comp_uninit(c->
c2.comp_context);
2318 c->
c2.comp_context = comp_init(&c->
options.comp);
2324 msg(
D_PUSH,
"OPTIONS IMPORT: traffic shaper enabled");
2330 msg(
D_PUSH,
"OPTIONS IMPORT: --sndbuf/--rcvbuf options modified");
2336 msg(
D_PUSH,
"OPTIONS IMPORT: --socket-flags option modified");
2342 msg(
D_PUSH,
"OPTIONS IMPORT: --persist options modified");
2346 msg(
D_PUSH,
"OPTIONS IMPORT: --ifconfig/up options modified");
2350 msg(
D_PUSH,
"OPTIONS IMPORT: route options modified");
2354 msg(
D_PUSH,
"OPTIONS IMPORT: route-related options modified");
2358 msg(
D_PUSH,
"OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified");
2362 msg(
D_PUSH,
"OPTIONS IMPORT: environment modified");
2367 msg(
D_PUSH,
"OPTIONS IMPORT: peer-id set");
2374 msg(
D_PUSH,
"OPTIONS IMPORT: adjusting link_mtu to %d",
2379 msg(
M_WARN,
"OPTIONS IMPORT: WARNING: peer-id set, but link-mtu" 2380 " fixed by config - reducing tun-mtu to %d, expect" 2392 struct frame *frame_fragment = NULL;
2393 #ifdef ENABLE_FRAGMENT 2419 #ifdef ENABLE_MANAGEMENT 2454 if (GREMLIN_CONNECTION_FLOOD_LEVEL(c->
options.gremlin))
2585 #ifdef ENABLE_PREDICTION_RESISTANCE 2586 if (c->
options.use_prediction_resistance)
2588 rand_ctx_enable_prediction_resistance();
2638 msg(
M_INFO,
"Re-using pre-shared static key");
2673 msg(
M_FATAL,
"ERROR: tls-auth enabled, but no valid --auth " 2674 "algorithm specified ('%s')", options->
authname);
2682 "Control Channel Authentication",
"tls-auth");
2753 msg(
M_FATAL,
"Error: private key password verification failed");
2769 msg(
M_FATAL,
"Error: private key password verification failed");
2779 options->
keysize,
true, warn);
2815 bool packet_id_long_form;
2847 options->
replay, packet_id_long_form);
2860 if (packet_id_long_form)
2901 else if (options->
pull)
2931 #ifdef ENABLE_X509ALTUSERNAME 2945 #ifdef ENABLE_MANAGEMENT 2965 #ifdef ENABLE_MANAGEMENT 2971 to.comp_options = options->comp;
2974 #ifdef HAVE_EXPORT_KEYING_MATERIAL 2975 if (options->keying_material_exporter_label)
2977 to.
ekm_size = options->keying_material_exporter_length;
2983 to.
ekm_label = options->keying_material_exporter_label;
3056 "Control Channel MTU parms");
3062 "TLS-Auth MTU parms");
3074 "******* WARNING *******: All encryption and authentication features " 3075 "disabled -- All data will be tunnelled as clear text and will not be " 3076 "protected against man-in-the-middle changes. " 3077 "PLEASE DO RECONSIDER THIS CONFIGURATION!");
3104 if (comp_enabled(&c->
options.comp))
3106 comp_add_to_extra_frame(&c->
c2.
frame);
3108 #if !defined(ENABLE_LZ4) 3139 #ifdef ENABLE_FRAGMENT 3179 comp_add_to_extra_buffer(&c->
c2.
frame);
3180 #ifdef ENABLE_FRAGMENT 3196 #ifdef ENABLE_FRAGMENT 3207 #if defined(ENABLE_FRAGMENT) 3214 "WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result");
3218 #ifdef ENABLE_FRAGMENT 3223 "WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu %d (currently it is %d)",
3236 msg(
M_WARN,
"WARNING: --ping should normally be used with --ping-restart or --ping-exit");
3240 #ifdef ENABLE_SELINUX
3241 || o->selinux_context
3247 msg(
M_WARN,
"WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to fail");
3255 msg(
M_WARN,
"WARNING: you are using user/group/chroot/setcon without persist-key -- this may cause restarts to fail");
3261 msg(
M_WARN,
"WARNING: you are using chroot without specifying user and group -- this may cause the chroot jail to be insecure");
3267 msg(
M_WARN,
"WARNING: using --pull/--client and --ifconfig together is probably not what you want");
3272 msg(
M_WARN,
"NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to");
3279 msg(
M_WARN,
"WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want");
3283 msg(
M_WARN,
"WARNING: --ifconfig-pool-persist will not work with --duplicate-cn");
3287 msg(
M_WARN,
"WARNING: --keepalive option is missing from server config");
3294 msg(
M_WARN,
"WARNING: You have disabled Replay Protection (--no-replay) which may make " PACKAGE_NAME " less secure");
3307 msg(
M_WARN,
"WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.");
3311 msg(
M_WARN,
"WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.");
3319 msg(
M_WARN,
"NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
3323 msg(
M_WARN,
"WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
3327 msg(
M_WARN,
"NOTE: starting with " PACKAGE_NAME " 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables");
3393 #ifdef ENABLE_FRAGMENT 3483 #ifdef ENABLE_FRAGMENT 3487 "Fragmentation MTU parms");
3510 msg(
D_SHOW_OCC,
"Expected Remote Options String (VER=%s): '%s'",
3568 " started by inetd/xinetd cannot restart... Exiting.");
3692 #ifdef ENABLE_FRAGMENT 3713 bool need_us_timeout)
3715 unsigned int flags = 0;
3721 if (need_us_timeout)
3838 msg(
M_INFO,
"NOTE: --fast-io is disabled since we are running on Windows");
3842 msg(
M_INFO,
"NOTE: --fast-io is disabled since we are not using UDP");
3846 #ifdef ENABLE_FEATURE_SHAPER 3849 msg(
M_INFO,
"NOTE: --fast-io is disabled since we are using --shaper");
3874 #ifdef ENABLE_PLUGIN 3900 for (i = 0; i < config.
n; ++i)
3902 unsigned int option_types_found = 0;
3909 &option_types_found,
3946 #ifdef ENABLE_MANAGEMENT 3961 msg(msglevel,
"END");
3963 msg(msglevel,
"ERROR: Sorry, this command is currently only implemented on Windows");
3967 #ifdef TARGET_ANDROID 3969 management_callback_network_change(
void *arg,
bool samenetwork)
4011 #ifdef ENABLE_MANAGEMENT 4022 #ifdef TARGET_ANDROID 4023 cb.network_change = management_callback_network_change;
4030 #ifdef ENABLE_MANAGEMENT 4080 msg(
M_WARN,
"Signal received from management interface, exiting");
4108 #ifdef ENABLE_MANAGEMENT 4234 #ifdef ENABLE_PLUGIN 4288 #ifdef ENABLE_FRAGMENT 4298 unsigned int crypto_flags = 0;
4320 if (comp_enabled(&options->comp) && (c->
mode ==
CM_P2P || child))
4322 c->
c2.comp_context = comp_init(&options->comp);
4338 #ifdef ENABLE_FRAGMENT 4382 #ifdef ENABLE_PLUGIN 4411 #ifdef ENABLE_PLUGIN 4469 if (c->
c2.comp_context)
4471 comp_uninit(c->
c2.comp_context);
4472 c->
c2.comp_context = NULL;
4493 #ifdef ENABLE_MANAGEMENT 4501 pf_destroy_context(&c->
c2.pf);
4504 #ifdef ENABLE_PLUGIN 4515 #ifdef ENABLE_FRAGMENT 4577 #ifdef ENABLE_PLUGIN 4656 dest->
c2.comp_context = NULL;
4698 unsigned int pid = 0;
4702 msg(
M_ERR,
"Open error on pid file %s", filename);
4707 fprintf(fp,
"%u\n", pid);
4710 msg(
M_ERR,
"Close error on pid file %s", filename);
struct tuntap_options tuntap_options
const char * ciphername
Data channel cipher from config file.
void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx)
static void init_crypto_pre(struct context *c, const unsigned int flags)
bool argv_printf_cat(struct argv *argres, const char *format,...)
printf() inspired argv concatenation.
void interval_init(struct interval *top, int horizon, int refresh)
void management_close(struct management *man)
int ifconfig_pool_persist_refresh_freq
struct ifconfig_pool_persist * ifconfig_pool_persist_init(const char *filename, int refresh_freq)
static void frame_add_to_extra_buffer(struct frame *frame, const int increment)
struct route_ipv6_option_list * routes_ipv6
void frame_subtract_extra(struct frame *frame, const struct frame *src)
static int route_did_redirect_default_gateway(const struct route_list *rl)
void set_std_files_to_null(bool stdin_only)
#define CO_PACKET_ID_LONG_FORM
Bit-flag indicating whether to use OpenVPN's long packet ID format.
struct http_proxy_info * http_proxy_new(const struct http_proxy_options *o)
static void strncpynt(char *dest, const char *src, size_t maxlen)
const char * socks_proxy_port
#define TM_ACTIVE
Active tls_session.
struct frame frame_fragment_omit
struct env_set * env_set_create(struct gc_arena *gc)
struct event_timeout route_wakeup
static void uninit_proxy_dowork(struct context *c)
static void do_init_route_ipv6_list(const struct options *options, struct route_ipv6_list *route_ipv6_list, const struct link_socket_info *link_socket_info, struct env_set *es, openvpn_net_ctx_t *ctx)
int dev_type_enum(const char *dev, const char *dev_type)
unsigned int management_flags
static void do_close_tun(struct context *c, bool force)
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
void free_key_ctx(struct key_ctx *ctx)
static void do_init_crypto_static(struct context *c, const unsigned int flags)
const char * signal_description(const int signum, const char *sigtext)
struct buffer read_tun_buf
uint8_t hmac_length
HMAC length, in bytes.
struct event_timeout ping_rec_interval
unsigned int crypto_max_overhead(void)
Return the worst-case OpenVPN crypto overhead (in bytes)
void tls_auth_standalone_finalize(struct tls_auth_standalone *tas, const struct frame *frame)
struct options options
Options loaded from command line or configuration file.
void plugin_return_get_column(const struct plugin_return *src, struct plugin_return *dest, const char *colname)
struct event_timeout route_wakeup_expire
bool mute_replay_warnings
void test_crypto(struct crypto_options *co, struct frame *frame)
void tun_standby_init(struct tuntap *tt)
void ssl_clean_user_pass(void)
Cleans the saved user/password unless auth-nocache is in use.
void free_buf(struct buffer *buf)
bool exit_event_initial_state
unsigned int flags
Bit-flags determining behavior of security operation functions.
struct link_socket * link_socket_new(void)
static void do_alloc_route_list(struct context *c)
static bool management_callback_remote_cmd(void *arg, const char **p)
void socks_proxy_close(struct socks_proxy_info *sp)
char * string_alloc(const char *str, struct gc_arena *gc)
#define CE_MAN_QUERY_REMOTE_MOD
void init_verb_mute(struct context *c, unsigned int flags)
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
struct link_socket_addr * lsa
bool tls_crypt_v2_file_inline
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
static bool options_hash_changed_or_zero(const struct sha256_digest *a, const struct sha256_digest *b)
Helper for do_up().
static void init_proxy_dowork(struct context *c)
static void frame_or_align_flags(struct frame *frame, const unsigned int flag_mask)
void prng_init(const char *md_name, const int nonce_secret_len_parm)
Pseudo-random number generator initialisation.
struct packet_id_persist * pid_persist
Persistent packet ID state for keeping state between successive OpenVPN process startups.
struct cached_dns_entry * dns_cache
void add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
unsigned int auth_token_lifetime
const char * tls_cert_profile
int management_log_history_cache
#define STATUS_OUTPUT_WRITE
const char * tls_crypt_v2_verify_script
const char * ifconfig_pool_persist_filename
#define P2P_ERROR_DELAY_MS
void string_clear(char *str)
static void do_inherit_plugins(struct context *c, const struct context *src)
static void do_close_event_set(struct context *c)
static void do_init_crypto_tls_c1(struct context *c)
static void plugin_return_init(struct plugin_return *pr)
bool server_bridge_proxy_dhcp
#define WSO_FORCE_SERVICE
int ping_rec_timeout_action
bool do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
void packet_id_persist_load_obj(const struct packet_id_persist *p, struct packet_id *pid)
void print_default_gateway(const int msglevel, const struct route_gateway_info *rgi, const struct route_ipv6_gateway_info *rgi6)
void notnull(const char *arg, const char *description)
Contains all state information for one tunnel.
#define CIPHER_ENABLED(c)
Packet geometry parameters.
static void do_env_set_destroy(struct context *c)
static void do_init_tls_wrap_key(struct context *c)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
struct env_set * es
Set of environment variables.
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, bool server_key_inline)
Generate a tls-crypt-v2 client key, and write to file.
struct man_persist persist
bool proto_is_udp(int proto)
struct openvpn_plugin_string_list * list[MAX_PLUGINS]
void remap_signal(struct context *c)
static void gc_free(struct gc_arena *a)
struct tls_root_ctx ssl_ctx
static bool management_callback_proxy_cmd(void *arg, const char **p)
static void frame_add_to_extra_frame(struct frame *frame, const unsigned int increment)
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
void close_context(struct context *c, int sig, unsigned int flags)
int script_security(void)
static void do_init_socket_2(struct context *c)
const char * auth_user_pass_verify_script
const char * shared_secret_file
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
static void packet_id_persist_init(struct packet_id_persist *p)
void open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
#define EVENT_METHOD_FAST
#define OPENVPN_PLUGIN_DOWN
void init_management_callback_p2p(struct context *c)
struct tls_auth_standalone * tls_auth_standalone
TLS state structure required for the initial authentication of a client's connection attempt...
#define OPENVPN_PLUGIN_ROUTE_UP
struct buffer_list * buffer_list_new(const int max_size)
Allocate an empty buffer list of capacity max_size.
#define IFCONFIG_BEFORE_TUN_OPEN
bool tls_crypt_v2_file_inline
void close_instance(struct context *c)
void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
void tls_crypt_v2_init_server_key(struct key_ctx *key_ctx, bool encrypt, const char *key_file, bool key_inline)
Initialize a tls-crypt-v2 server key (used to encrypt/decrypt client keys).
const char * client_config_dir_exclusive
void http_proxy_close(struct http_proxy_info *hp)
static void frame_add_to_extra_link(struct frame *frame, const int increment)
void tls_multi_free(struct tls_multi *multi, bool clear)
Cleanup a tls_multi structure and free associated memory allocations.
int keysize
Data channel keysize from config file.
#define SET_MTU_UPPER_BOUND
static void clear_remote_addrlist(struct link_socket_addr *lsa, bool free)
const char * auth_user_pass_file
static void do_signal_on_tls_errors(struct context *c)
struct context_buffers * buffers
struct buffer alloc_buf(size_t size)
int connect_retry_seconds
void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
struct event_timeout wait_for_connect
const char * config_ncp_ciphers
struct link_socket_info * link_socket_info
static void next_connection_entry(struct context *c)
struct connection_list * connection_list
const char * guess_tuntap_dev(const char *dev, const char *dev_type, const char *dev_node, struct gc_arena *gc)
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len ...
struct link_socket_actual actual
struct crypto_options opt
Crypto state.
const char * exit_event_name
void md_ctx_free(md_ctx_t *ctx)
const struct link_socket * accept_from
static void frame_finalize_options(struct context *c, const struct options *o)
const char * tls_crypt_file
void packet_id_persist_close(struct packet_id_persist *p)
static void do_close_tls(struct context *c)
const char * genkey_extra_data
static bool ce_management_query_remote(struct context *c)
void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l, const char *prefix, const char *gateway, const char *metric)
char * x509_username_field[2]
bool buf_printf(struct buffer *buf, const char *format,...)
const char * route_script
int management_state_buffer_size
struct man_def_auth_context * mda_context
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
int resolve_retry_seconds
void setenv_str(struct env_set *es, const char *name, const char *value)
const char * auth_token_secret_file
struct link_socket_addr link_socket_addr
Local and remote addresses on the external network.
struct socks_proxy_info * socks_proxy
static int buf_read_u8(struct buffer *buf)
static void do_init_frame(struct context *c)
void remove_pid_file(void)
struct signal_info * sig
Internal error signaling object.
void socks_adjust_frame_parameters(struct frame *frame, int proto)
const char * route_predown_script
void open_plugins(struct context *c, const bool import_options, int init_point)
void post_init_signal_catch(void)
bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
struct frame frame_initial
#define OPENVPN_PLUGIN_INIT_POST_DAEMON
bool auth_token_generate
Generate auth-tokens on successful user/pass auth,seet via options->auth_token_generate.
static void do_init_traffic_shaper(struct context *c)
void init_query_passwords(const struct context *c)
Query for private key and auth-user-pass username/passwords.
struct link_socket_info info
#define CE_MAN_QUERY_PROXY
struct tuntap * tuntap
Tun/tap virtual network interface.
int renegotiate_seconds_min
bool management_hold(struct management *man, int holdtime)
bool tls_crypt_file_inline
static void do_init_finalize_tls_frame(struct context *c)
static void do_close_plugins(struct context *c)
static int ifconfig_order(void)
struct gc_arena gc
Garbage collection arena for allocations done in the level 2 scope of this context_2 structure...
char * basename(char *filename)
static bool check_debug_level(unsigned int level)
unsigned int crypto_flags
struct key_ctx_bi tls_wrap_key
#define OPENVPN_PLUGIN_FUNC_SUCCESS
struct remote_host_store * rh_store
struct tls_session session[TM_SIZE]
Array of tls_session objects representing control channel sessions with the remote peer...
int explicit_exit_notification
int status_file_update_freq
unsigned int unsuccessful_attempts
void close_management(void)
bool tuntap_owned
Whether the tun/tap interface should be cleaned up when this context is cleaned up.
bool auth_token_call_auth
const char * config_ciphername
bool tls_session_update_crypto_params(struct tls_session *session, struct options *options, struct frame *frame, struct frame *frame_fragment)
Update TLS session crypto parameters (cipher and auth) and derive data channel keys based on the supp...
void(* status)(void *arg, const int version, struct status_output *so)
void status_printf(struct status_output *so, const char *format,...)
static void update_options_ce_post(struct options *options)
void do_ifconfig(struct tuntap *tt, const char *ifname, int tun_mtu, const struct env_set *es, openvpn_net_ctx_t *ctx)
do_ifconfig - configure the tunnel interface
struct tuntap_options options
static struct context * static_context
char username[USER_PASS_LEN]
#define OCC_MTU_LOAD_INTERVAL_SECONDS
struct frame frame_fragment_initial
void packet_id_free(struct packet_id *p)