OpenVPN
socket.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #include "socket.h"
33 #include "fdmisc.h"
34 #include "misc.h"
35 #include "gremlin.h"
36 #include "plugin.h"
37 #include "ps.h"
38 #include "run_command.h"
39 #include "manage.h"
40 #include "misc.h"
41 #include "manage.h"
42 #include "openvpn.h"
43 #include "forward.h"
44 
45 #include "memdbg.h"
46 
47 const int proto_overhead[] = { /* indexed by PROTO_x */
48  0,
49  IPv4_UDP_HEADER_SIZE, /* IPv4 */
52  IPv6_UDP_HEADER_SIZE, /* IPv6 */
56 };
57 
58 /*
59  * Convert sockflags/getaddr_flags into getaddr_flags
60  */
61 static unsigned int
62 sf2gaf(const unsigned int getaddr_flags,
63  const unsigned int sockflags)
64 {
65  if (sockflags & SF_HOST_RANDOMIZE)
66  {
67  return getaddr_flags | GETADDR_RANDOMIZE;
68  }
69  else
70  {
71  return getaddr_flags;
72  }
73 }
74 
75 /*
76  * Functions related to the translation of DNS names to IP addresses.
77  */
78 
79 /*
80  * Translate IP addr or hostname to in_addr_t.
81  * If resolve error, try again for
82  * resolve_retry_seconds seconds.
83  */
85 getaddr(unsigned int flags,
86  const char *hostname,
87  int resolve_retry_seconds,
88  bool *succeeded,
89  volatile int *signal_received)
90 {
91  struct addrinfo *ai;
92  int status;
93  status = openvpn_getaddrinfo(flags & ~GETADDR_HOST_ORDER, hostname, NULL,
94  resolve_retry_seconds, signal_received, AF_INET, &ai);
95  if (status==0)
96  {
97  struct in_addr ia;
98  if (succeeded)
99  {
100  *succeeded = true;
101  }
102  ia = ((struct sockaddr_in *)ai->ai_addr)->sin_addr;
103  freeaddrinfo(ai);
104  return (flags & GETADDR_HOST_ORDER) ? ntohl(ia.s_addr) : ia.s_addr;
105  }
106  else
107  {
108  if (succeeded)
109  {
110  *succeeded = false;
111  }
112  return 0;
113  }
114 }
115 
116 static inline bool
117 streqnull(const char *a, const char *b)
118 {
119  if (a == NULL && b == NULL)
120  {
121  return true;
122  }
123  else if (a == NULL || b == NULL)
124  {
125  return false;
126  }
127  else
128  {
129  return streq(a, b);
130  }
131 }
132 
133 /*
134  * get_cached_dns_entry return 0 on success and -1
135  * otherwise. (like getaddrinfo)
136  */
137 static int
139  const char *hostname,
140  const char *servname,
141  int ai_family,
142  int resolve_flags,
143  struct addrinfo **ai)
144 {
145  struct cached_dns_entry *ph;
146  int flags;
147 
148  /* Only use flags that are relevant for the structure */
149  flags = resolve_flags & GETADDR_CACHE_MASK;
150 
151  for (ph = dns_cache; ph; ph = ph->next)
152  {
153  if (streqnull(ph->hostname, hostname)
154  && streqnull(ph->servname, servname)
155  && ph->ai_family == ai_family
156  && ph->flags == flags)
157  {
158  *ai = ph->ai;
159  return 0;
160  }
161  }
162  return -1;
163 }
164 
165 
166 static int
168  const char *hostname,
169  const char *servname,
170  const int af,
171  const int flags)
172 {
173  struct addrinfo *ai;
174  int status;
175 
177  hostname,
178  servname,
179  af,
180  flags,
181  &ai) == 0)
182  {
183  /* entry already cached, return success */
184  return 0;
185  }
186 
187  status = openvpn_getaddrinfo(flags, hostname, servname,
189  af, &ai);
190  if (status == 0)
191  {
192  struct cached_dns_entry *ph;
193 
194  ALLOC_OBJ_CLEAR_GC(ph, struct cached_dns_entry, &c->gc);
195  ph->ai = ai;
196  ph->hostname = hostname;
197  ph->servname = servname;
198  ph->flags = flags & GETADDR_CACHE_MASK;
199 
200  if (!c->c1.dns_cache)
201  {
202  c->c1.dns_cache = ph;
203  }
204  else
205  {
206  struct cached_dns_entry *prev = c->c1.dns_cache;
207  while (prev->next)
208  {
209  prev = prev->next;
210  }
211  prev->next = ph;
212  }
213 
215 
216  }
217  return status;
218 }
219 
220 void
222 {
223  int i;
224  struct connection_list *l = c->options.connection_list;
225  const unsigned int preresolve_flags = GETADDR_RESOLVE
228  |GETADDR_FATAL;
229 
230 
231  for (i = 0; i < l->len; ++i)
232  {
233  int status;
234  const char *remote;
235  int flags = preresolve_flags;
236 
237  struct connection_entry *ce = c->options.connection_list->array[i];
238 
239  if (proto_is_dgram(ce->proto))
240  {
241  flags |= GETADDR_DATAGRAM;
242  }
243 
245  {
246  flags |= GETADDR_RANDOMIZE;
247  }
248 
249  if (c->options.ip_remote_hint)
250  {
251  remote = c->options.ip_remote_hint;
252  }
253  else
254  {
255  remote = ce->remote;
256  }
257 
258  /* HTTP remote hostname does not need to be resolved */
259  if (!ce->http_proxy_options)
260  {
261  status = do_preresolve_host(c, remote, ce->remote_port, ce->af, flags);
262  if (status != 0)
263  {
264  goto err;
265  }
266  }
267 
268  /* Preresolve proxy */
269  if (ce->http_proxy_options)
270  {
271  status = do_preresolve_host(c,
274  ce->af,
275  preresolve_flags);
276 
277  if (status != 0)
278  {
279  goto err;
280  }
281  }
282 
283  if (ce->socks_proxy_server)
284  {
285  status = do_preresolve_host(c,
286  ce->socks_proxy_server,
287  ce->socks_proxy_port,
288  ce->af,
289  flags);
290  if (status != 0)
291  {
292  goto err;
293  }
294  }
295 
296  if (ce->bind_local)
297  {
298  flags |= GETADDR_PASSIVE;
299  flags &= ~GETADDR_RANDOMIZE;
300  status = do_preresolve_host(c, ce->local, ce->local_port, ce->af, flags);
301  if (status != 0)
302  {
303  goto err;
304  }
305 
306  }
307 
308  }
309  return;
310 
311 err:
312  throw_signal_soft(SIGHUP, "Preresolving failed");
313 }
314 
315 /*
316  * Translate IPv4/IPv6 addr or hostname into struct addrinfo
317  * If resolve error, try again for resolve_retry_seconds seconds.
318  */
319 int
321  const char *hostname,
322  const char *servname,
323  int resolve_retry_seconds,
324  volatile int *signal_received,
325  int ai_family,
326  struct addrinfo **res)
327 {
328  struct addrinfo hints;
329  int status;
330  int sigrec = 0;
331  int msglevel = (flags & GETADDR_FATAL) ? M_FATAL : D_RESOLVE_ERRORS;
332  struct gc_arena gc = gc_new();
333  const char *print_hostname;
334  const char *print_servname;
335 
336  ASSERT(res);
337 
338  ASSERT(hostname || servname);
339  ASSERT(!(flags & GETADDR_HOST_ORDER));
340 
341  if (servname)
342  {
343  print_servname = servname;
344  }
345  else
346  {
347  print_servname = "";
348  }
349 
350  if (flags & GETADDR_MSG_VIRT_OUT)
351  {
352  msglevel |= M_MSG_VIRT_OUT;
353  }
354 
356  && !signal_received)
357  {
358  signal_received = &sigrec;
359  }
360 
361  /* try numeric ipv6 addr first */
362  CLEAR(hints);
363  hints.ai_family = ai_family;
364  hints.ai_flags = AI_NUMERICHOST;
365 
366  if (flags & GETADDR_PASSIVE)
367  {
368  hints.ai_flags |= AI_PASSIVE;
369  }
370 
371  if (flags & GETADDR_DATAGRAM)
372  {
373  hints.ai_socktype = SOCK_DGRAM;
374  }
375  else
376  {
377  hints.ai_socktype = SOCK_STREAM;
378  }
379 
380  status = getaddrinfo(hostname, servname, &hints, res);
381 
382  if (status != 0) /* parse as numeric address failed? */
383  {
384  const int fail_wait_interval = 5; /* seconds */
385  /* Add +4 to cause integer division rounding up (1 + 4) = 5, (0+4)/5=0 */
386  int resolve_retries = (flags & GETADDR_TRY_ONCE) ? 1 :
387  ((resolve_retry_seconds + 4)/ fail_wait_interval);
388  const char *fmt;
389  int level = 0;
390 
391  if (hostname && (flags & GETADDR_RANDOMIZE))
392  {
393  hostname = hostname_randomize(hostname, &gc);
394  }
395 
396  if (hostname)
397  {
398  print_hostname = hostname;
399  }
400  else
401  {
402  print_hostname = "undefined";
403  }
404 
405  fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)";
406  if ((flags & GETADDR_MENTION_RESOLVE_RETRY)
407  && !resolve_retry_seconds)
408  {
409  fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) (I would have retried this name query if you had specified the --resolv-retry option.)";
410  }
411 
412  if (!(flags & GETADDR_RESOLVE) || status == EAI_FAIL)
413  {
414  msg(msglevel, "RESOLVE: Cannot parse IP address: %s:%s (%s)",
415  print_hostname,print_servname, gai_strerror(status));
416  goto done;
417  }
418 
419 #ifdef ENABLE_MANAGEMENT
421  {
422  if (management)
423  {
426  NULL,
427  NULL,
428  NULL,
429  NULL,
430  NULL);
431  }
432  }
433 #endif
434 
435  /*
436  * Resolve hostname
437  */
438  while (true)
439  {
440 #ifndef _WIN32
441  res_init();
442 #endif
443  /* try hostname lookup */
444  hints.ai_flags &= ~AI_NUMERICHOST;
445  dmsg(D_SOCKET_DEBUG, "GETADDRINFO flags=0x%04x ai_family=%d ai_socktype=%d",
446  flags, hints.ai_family, hints.ai_socktype);
447  status = getaddrinfo(hostname, servname, &hints, res);
448 
449  if (signal_received)
450  {
451  get_signal(signal_received);
452  if (*signal_received) /* were we interrupted by a signal? */
453  {
454  if (*signal_received == SIGUSR1) /* ignore SIGUSR1 */
455  {
456  msg(level, "RESOLVE: Ignored SIGUSR1 signal received during DNS resolution attempt");
457  *signal_received = 0;
458  }
459  else
460  {
461  /* turn success into failure (interrupted syscall) */
462  if (0 == status)
463  {
464  ASSERT(res);
465  freeaddrinfo(*res);
466  *res = NULL;
467  status = EAI_AGAIN; /* = temporary failure */
468  errno = EINTR;
469  }
470  goto done;
471  }
472  }
473  }
474 
475  /* success? */
476  if (0 == status)
477  {
478  break;
479  }
480 
481  /* resolve lookup failed, should we
482  * continue or fail? */
483  level = msglevel;
484  if (resolve_retries > 0)
485  {
486  level = D_RESOLVE_ERRORS;
487  }
488 
489  msg(level,
490  fmt,
491  print_hostname,
492  print_servname,
493  gai_strerror(status));
494 
495  if (--resolve_retries <= 0)
496  {
497  goto done;
498  }
499 
500  management_sleep(fail_wait_interval);
501  }
502 
503  ASSERT(res);
504 
505  /* hostname resolve succeeded */
506 
507  /*
508  * Do not choose an IP Addresse by random or change the order *
509  * of IP addresses, doing so will break RFC 3484 address selection *
510  */
511  }
512  else
513  {
514  /* IP address parse succeeded */
515  if (flags & GETADDR_RANDOMIZE)
516  {
517  msg(M_WARN, "WARNING: ignoring --remote-random-hostname because the hostname is an IP address");
518  }
519  }
520 
521 done:
522  if (signal_received && *signal_received)
523  {
524  int level = 0;
525  if (flags & GETADDR_FATAL_ON_SIGNAL)
526  {
527  level = M_FATAL;
528  }
529  else if (flags & GETADDR_WARN_ON_SIGNAL)
530  {
531  level = M_WARN;
532  }
533  msg(level, "RESOLVE: signal received during DNS resolution attempt");
534  }
535 
536  gc_free(&gc);
537  return status;
538 }
539 
540 /*
541  * We do our own inet_aton because the glibc function
542  * isn't very good about error checking.
543  */
544 int
545 openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
546 {
547  unsigned int a, b, c, d;
548 
549  CLEAR(*addr);
550  if (sscanf(dotted_quad, "%u.%u.%u.%u", &a, &b, &c, &d) == 4)
551  {
552  if (a < 256 && b < 256 && c < 256 && d < 256)
553  {
554  addr->s_addr = htonl(a<<24 | b<<16 | c<<8 | d);
555  return OIA_IP; /* good dotted quad */
556  }
557  }
558  if (string_class(dotted_quad, CC_DIGIT|CC_DOT, 0))
559  {
560  return OIA_ERROR; /* probably a badly formatted dotted quad */
561  }
562  else
563  {
564  return OIA_HOSTNAME; /* probably a hostname */
565  }
566 }
567 
568 bool
569 ip_addr_dotted_quad_safe(const char *dotted_quad)
570 {
571  /* verify non-NULL */
572  if (!dotted_quad)
573  {
574  return false;
575  }
576 
577  /* verify length is within limits */
578  if (strlen(dotted_quad) > 15)
579  {
580  return false;
581  }
582 
583  /* verify that all chars are either numeric or '.' and that no numeric
584  * substring is greater than 3 chars */
585  {
586  int nnum = 0;
587  const char *p = dotted_quad;
588  int c;
589 
590  while ((c = *p++))
591  {
592  if (c >= '0' && c <= '9')
593  {
594  ++nnum;
595  if (nnum > 3)
596  {
597  return false;
598  }
599  }
600  else if (c == '.')
601  {
602  nnum = 0;
603  }
604  else
605  {
606  return false;
607  }
608  }
609  }
610 
611  /* verify that string will convert to IP address */
612  {
613  struct in_addr a;
614  return openvpn_inet_aton(dotted_quad, &a) == OIA_IP;
615  }
616 }
617 
618 bool
619 ipv6_addr_safe(const char *ipv6_text_addr)
620 {
621  /* verify non-NULL */
622  if (!ipv6_text_addr)
623  {
624  return false;
625  }
626 
627  /* verify length is within limits */
628  if (strlen(ipv6_text_addr) > INET6_ADDRSTRLEN)
629  {
630  return false;
631  }
632 
633  /* verify that string will convert to IPv6 address */
634  {
635  struct in6_addr a6;
636  return inet_pton( AF_INET6, ipv6_text_addr, &a6 ) == 1;
637  }
638 }
639 
640 static bool
641 dns_addr_safe(const char *addr)
642 {
643  if (addr)
644  {
645  const size_t len = strlen(addr);
646  return len > 0 && len <= 255 && string_class(addr, CC_ALNUM|CC_DASH|CC_DOT, 0);
647  }
648  else
649  {
650  return false;
651  }
652 }
653 
654 bool
655 ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
656 {
657  if (ip_addr_dotted_quad_safe(addr))
658  {
659  return true;
660  }
661  else if (allow_fqdn)
662  {
663  return dns_addr_safe(addr);
664  }
665  else
666  {
667  return false;
668  }
669 }
670 
671 bool
672 mac_addr_safe(const char *mac_addr)
673 {
674  /* verify non-NULL */
675  if (!mac_addr)
676  {
677  return false;
678  }
679 
680  /* verify length is within limits */
681  if (strlen(mac_addr) > 17)
682  {
683  return false;
684  }
685 
686  /* verify that all chars are either alphanumeric or ':' and that no
687  * alphanumeric substring is greater than 2 chars */
688  {
689  int nnum = 0;
690  const char *p = mac_addr;
691  int c;
692 
693  while ((c = *p++))
694  {
695  if ( (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') )
696  {
697  ++nnum;
698  if (nnum > 2)
699  {
700  return false;
701  }
702  }
703  else if (c == ':')
704  {
705  nnum = 0;
706  }
707  else
708  {
709  return false;
710  }
711  }
712  }
713 
714  /* error-checking is left to script invoked in lladdr.c */
715  return true;
716 }
717 
718 static int
720 {
721 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
722  int val;
723  socklen_t len;
724 
725  len = sizeof(val);
726  if (getsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *) &val, &len) == 0
727  && len == sizeof(val))
728  {
729  return val;
730  }
731 #endif
732  return 0;
733 }
734 
735 static void
736 socket_set_sndbuf(int sd, int size)
737 {
738 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
739  if (setsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *) &size, sizeof(size)) != 0)
740  {
741  msg(M_WARN, "NOTE: setsockopt SO_SNDBUF=%d failed", size);
742  }
743 #endif
744 }
745 
746 static int
748 {
749 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
750  int val;
751  socklen_t len;
752 
753  len = sizeof(val);
754  if (getsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *) &val, &len) == 0
755  && len == sizeof(val))
756  {
757  return val;
758  }
759 #endif
760  return 0;
761 }
762 
763 static bool
764 socket_set_rcvbuf(int sd, int size)
765 {
766 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
767  if (setsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *) &size, sizeof(size)) != 0)
768  {
769  msg(M_WARN, "NOTE: setsockopt SO_RCVBUF=%d failed", size);
770  return false;
771  }
772  return true;
773 #endif
774 }
775 
776 static void
777 socket_set_buffers(int fd, const struct socket_buffer_size *sbs)
778 {
779  if (sbs)
780  {
781  const int sndbuf_old = socket_get_sndbuf(fd);
782  const int rcvbuf_old = socket_get_rcvbuf(fd);
783 
784  if (sbs->sndbuf)
785  {
786  socket_set_sndbuf(fd, sbs->sndbuf);
787  }
788 
789  if (sbs->rcvbuf)
790  {
791  socket_set_rcvbuf(fd, sbs->rcvbuf);
792  }
793 
794  msg(D_OSBUF, "Socket Buffers: R=[%d->%d] S=[%d->%d]",
795  rcvbuf_old,
796  socket_get_rcvbuf(fd),
797  sndbuf_old,
798  socket_get_sndbuf(fd));
799  }
800 }
801 
802 /*
803  * Set other socket options
804  */
805 
806 static bool
807 socket_set_tcp_nodelay(int sd, int state)
808 {
809 #if defined(_WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY))
810  if (setsockopt(sd, IPPROTO_TCP, TCP_NODELAY, (void *) &state, sizeof(state)) != 0)
811  {
812  msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed", state);
813  return false;
814  }
815  else
816  {
817  dmsg(D_OSBUF, "Socket flags: TCP_NODELAY=%d succeeded", state);
818  return true;
819  }
820 #else /* if defined(_WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY)) */
821  msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed (No kernel support)", state);
822  return false;
823 #endif
824 }
825 
826 static inline void
827 socket_set_mark(int sd, int mark)
828 {
829 #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
830  if (mark && setsockopt(sd, SOL_SOCKET, SO_MARK, (void *) &mark, sizeof(mark)) != 0)
831  {
832  msg(M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark);
833  }
834 #endif
835 }
836 
837 static bool
838 socket_set_flags(int sd, unsigned int sockflags)
839 {
840  if (sockflags & SF_TCP_NODELAY)
841  {
842  return socket_set_tcp_nodelay(sd, 1);
843  }
844  else
845  {
846  return true;
847  }
848 }
849 
850 bool
851 link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
852 {
853  if (ls && socket_defined(ls->sd))
854  {
855  return socket_set_flags(ls->sd, ls->sockflags = sockflags);
856  }
857  else
858  {
859  return false;
860  }
861 }
862 
863 void
864 link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf)
865 {
866  if (ls && socket_defined(ls->sd))
867  {
868  ls->socket_buffer_sizes.sndbuf = sndbuf;
869  ls->socket_buffer_sizes.rcvbuf = rcvbuf;
871  }
872 }
873 
874 /*
875  * SOCKET INITALIZATION CODE.
876  * Create a TCP/UDP socket
877  */
878 
880 create_socket_tcp(struct addrinfo *addrinfo)
881 {
883 
884  ASSERT(addrinfo);
885  ASSERT(addrinfo->ai_socktype == SOCK_STREAM);
886 
887  if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
888  {
889  msg(M_ERR, "Cannot create TCP socket");
890  }
891 
892 #ifndef _WIN32 /* using SO_REUSEADDR on Windows will cause bind to succeed on port conflicts! */
893  /* set SO_REUSEADDR on socket */
894  {
895  int on = 1;
896  if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR,
897  (void *) &on, sizeof(on)) < 0)
898  {
899  msg(M_ERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP socket");
900  }
901  }
902 #endif
903 
904  /* set socket file descriptor to not pass across execs, so that
905  * scripts don't have access to it */
906  set_cloexec(sd);
907 
908  return sd;
909 }
910 
911 static socket_descriptor_t
912 create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
913 {
915 
916  ASSERT(addrinfo);
917  ASSERT(addrinfo->ai_socktype == SOCK_DGRAM);
918 
919  if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
920  {
921  msg(M_ERR, "UDP: Cannot create UDP/UDP6 socket");
922  }
923 #if ENABLE_IP_PKTINFO
924  else if (flags & SF_USE_IP_PKTINFO)
925  {
926  int pad = 1;
927  if (addrinfo->ai_family == AF_INET)
928  {
929 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
930  if (setsockopt(sd, SOL_IP, IP_PKTINFO,
931  (void *)&pad, sizeof(pad)) < 0)
932  {
933  msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO");
934  }
935 #elif defined(IP_RECVDSTADDR)
936  if (setsockopt(sd, IPPROTO_IP, IP_RECVDSTADDR,
937  (void *)&pad, sizeof(pad)) < 0)
938  {
939  msg(M_ERR, "UDP: failed setsockopt for IP_RECVDSTADDR");
940  }
941 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
942 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
943 #endif
944  }
945  else if (addrinfo->ai_family == AF_INET6)
946  {
947 #ifndef IPV6_RECVPKTINFO /* Some older Darwin platforms require this */
948  if (setsockopt(sd, IPPROTO_IPV6, IPV6_PKTINFO,
949  (void *)&pad, sizeof(pad)) < 0)
950 #else
951  if (setsockopt(sd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
952  (void *)&pad, sizeof(pad)) < 0)
953 #endif
954  { msg(M_ERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");}
955  }
956  }
957 #endif /* if ENABLE_IP_PKTINFO */
958 
959  /* set socket file descriptor to not pass across execs, so that
960  * scripts don't have access to it */
961  set_cloexec(sd);
962 
963  return sd;
964 }
965 
966 static void
967 bind_local(struct link_socket *sock, const sa_family_t ai_family)
968 {
969  /* bind to local address/port */
970  if (sock->bind_local)
971  {
972  if (sock->socks_proxy && sock->info.proto == PROTO_UDP)
973  {
974  socket_bind(sock->ctrl_sd, sock->info.lsa->bind_local,
975  ai_family, "SOCKS", false);
976  }
977  else
978  {
979  socket_bind(sock->sd, sock->info.lsa->bind_local,
980  ai_family,
981  "TCP/UDP", sock->info.bind_ipv6_only);
982  }
983  }
984 }
985 
986 static void
987 create_socket(struct link_socket *sock, struct addrinfo *addr)
988 {
989  if (addr->ai_protocol == IPPROTO_UDP || addr->ai_socktype == SOCK_DGRAM)
990  {
991  sock->sd = create_socket_udp(addr, sock->sockflags);
993 
994  /* Assume that control socket and data socket to the socks proxy
995  * are using the same IP family */
996  if (sock->socks_proxy)
997  {
998  /* Construct a temporary addrinfo to create the socket,
999  * currently resolve two remote addresses is not supported,
1000  * TODO: Rewrite the whole resolve_remote */
1001  struct addrinfo addrinfo_tmp = *addr;
1002  addrinfo_tmp.ai_socktype = SOCK_STREAM;
1003  addrinfo_tmp.ai_protocol = IPPROTO_TCP;
1004  sock->ctrl_sd = create_socket_tcp(&addrinfo_tmp);
1005  }
1006  }
1007  else if (addr->ai_protocol == IPPROTO_TCP || addr->ai_socktype == SOCK_STREAM)
1008  {
1009  sock->sd = create_socket_tcp(addr);
1010  }
1011  else
1012  {
1013  ASSERT(0);
1014  }
1015  /* set socket buffers based on --sndbuf and --rcvbuf options */
1016  socket_set_buffers(sock->sd, &sock->socket_buffer_sizes);
1017 
1018  /* set socket to --mark packets with given value */
1019  socket_set_mark(sock->sd, sock->mark);
1020 
1021  bind_local(sock, addr->ai_family);
1022 }
1023 
1024 #ifdef TARGET_ANDROID
1025 static void
1026 protect_fd_nonlocal(int fd, const struct sockaddr *addr)
1027 {
1028  /* pass socket FD to management interface to pass on to VPNService API
1029  * as "protected socket" (exempt from being routed into tunnel)
1030  */
1031  if (addr_local(addr))
1032  {
1033  msg(D_SOCKET_DEBUG, "Address is local, not protecting socket fd %d", fd);
1034  return;
1035  }
1036 
1037  msg(D_SOCKET_DEBUG, "Protecting socket fd %d", fd);
1038  management->connection.fdtosend = fd;
1039  management_android_control(management, "PROTECTFD", __func__);
1040 }
1041 #endif
1042 
1043 /*
1044  * Functions used for establishing a TCP stream connection.
1045  */
1046 static void
1048  const struct addrinfo *local,
1049  bool do_listen,
1050  bool do_set_nonblock)
1051 {
1052  struct gc_arena gc = gc_new();
1053  if (do_listen)
1054  {
1055  ASSERT(local);
1056  msg(M_INFO, "Listening for incoming TCP connection on %s",
1057  print_sockaddr(local->ai_addr, &gc));
1058  if (listen(sd, 1))
1059  {
1060  msg(M_ERR, "TCP: listen() failed");
1061  }
1062  }
1063 
1064  /* set socket to non-blocking mode */
1065  if (do_set_nonblock)
1066  {
1067  set_nonblock(sd);
1068  }
1069 
1070  gc_free(&gc);
1071 }
1072 
1075  struct link_socket_actual *act,
1076  const bool nowait)
1077 {
1078  /* af_addr_size WILL return 0 in this case if AFs other than AF_INET
1079  * are compiled because act is empty here.
1080  * could use getsockname() to support later remote_len check
1081  */
1082  socklen_t remote_len_af = af_addr_size(act->dest.addr.sa.sa_family);
1083  socklen_t remote_len = sizeof(act->dest.addr);
1085 
1086  CLEAR(*act);
1087 
1088 #ifdef HAVE_GETPEERNAME
1089  if (nowait)
1090  {
1091  new_sd = getpeername(sd, &act->dest.addr.sa, &remote_len);
1092 
1093  if (!socket_defined(new_sd))
1094  {
1095  msg(D_LINK_ERRORS | M_ERRNO, "TCP: getpeername() failed");
1096  }
1097  else
1098  {
1099  new_sd = sd;
1100  }
1101  }
1102 #else /* ifdef HAVE_GETPEERNAME */
1103  if (nowait)
1104  {
1105  msg(M_WARN, "TCP: this OS does not provide the getpeername() function");
1106  }
1107 #endif
1108  else
1109  {
1110  new_sd = accept(sd, &act->dest.addr.sa, &remote_len);
1111  }
1112 
1113 #if 0 /* For debugging only, test the effect of accept() failures */
1114  {
1115  static int foo = 0;
1116  ++foo;
1117  if (foo & 1)
1118  {
1119  new_sd = -1;
1120  }
1121  }
1122 #endif
1123 
1124  if (!socket_defined(new_sd))
1125  {
1126  msg(D_LINK_ERRORS | M_ERRNO, "TCP: accept(%d) failed", (int)sd);
1127  }
1128  /* only valid if we have remote_len_af!=0 */
1129  else if (remote_len_af && remote_len != remote_len_af)
1130  {
1131  msg(D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len);
1132  openvpn_close_socket(new_sd);
1133  new_sd = SOCKET_UNDEFINED;
1134  }
1135  else
1136  {
1137  /* set socket file descriptor to not pass across execs, so that
1138  * scripts don't have access to it */
1139  set_cloexec(sd);
1140  }
1141  return new_sd;
1142 }
1143 
1144 static void
1146 {
1147  struct gc_arena gc = gc_new();
1148  msg(M_INFO, "TCP connection established with %s",
1149  print_link_socket_actual(act, &gc));
1150  gc_free(&gc);
1151 }
1152 
1153 static socket_descriptor_t
1155  struct link_socket_actual *act,
1156  const char *remote_dynamic,
1157  const struct addrinfo *local,
1158  bool do_listen,
1159  bool nowait,
1160  volatile int *signal_received)
1161 {
1162  struct gc_arena gc = gc_new();
1163  /* struct openvpn_sockaddr *remote = &act->dest; */
1164  struct openvpn_sockaddr remote_verify = act->dest;
1166 
1167  CLEAR(*act);
1168  socket_do_listen(sd, local, do_listen, true);
1169 
1170  while (true)
1171  {
1172  int status;
1173  fd_set reads;
1174  struct timeval tv;
1175 
1176  FD_ZERO(&reads);
1177  openvpn_fd_set(sd, &reads);
1178  tv.tv_sec = 0;
1179  tv.tv_usec = 0;
1180 
1181  status = select(sd + 1, &reads, NULL, NULL, &tv);
1182 
1183  get_signal(signal_received);
1184  if (*signal_received)
1185  {
1186  gc_free(&gc);
1187  return sd;
1188  }
1189 
1190  if (status < 0)
1191  {
1192  msg(D_LINK_ERRORS | M_ERRNO, "TCP: select() failed");
1193  }
1194 
1195  if (status <= 0)
1196  {
1197  management_sleep(1);
1198  continue;
1199  }
1200 
1201  new_sd = socket_do_accept(sd, act, nowait);
1202 
1203  if (socket_defined(new_sd))
1204  {
1205  struct addrinfo *ai = NULL;
1206  if (remote_dynamic)
1207  {
1208  openvpn_getaddrinfo(0, remote_dynamic, NULL, 1, NULL,
1209  remote_verify.addr.sa.sa_family, &ai);
1210  }
1211 
1212  if (ai && !addrlist_match(&remote_verify, ai))
1213  {
1214  msg(M_WARN,
1215  "TCP NOTE: Rejected connection attempt from %s due to --remote setting",
1216  print_link_socket_actual(act, &gc));
1217  if (openvpn_close_socket(new_sd))
1218  {
1219  msg(M_ERR, "TCP: close socket failed (new_sd)");
1220  }
1221  freeaddrinfo(ai);
1222  }
1223  else
1224  {
1225  if (ai)
1226  {
1227  freeaddrinfo(ai);
1228  }
1229  break;
1230  }
1231  }
1232  management_sleep(1);
1233  }
1234 
1235  if (!nowait && openvpn_close_socket(sd))
1236  {
1237  msg(M_ERR, "TCP: close socket failed (sd)");
1238  }
1239 
1241 
1242  gc_free(&gc);
1243  return new_sd;
1244 }
1245 
1246 /* older mingw versions and WinXP do not have this define,
1247  * but Vista and up support the functionality - just define it here
1248  */
1249 #ifdef _WIN32
1250 #ifndef IPV6_V6ONLY
1251 #define IPV6_V6ONLY 27
1252 #endif
1253 #endif
1254 void
1256  struct addrinfo *local,
1257  int ai_family,
1258  const char *prefix,
1259  bool ipv6only)
1260 {
1261  struct gc_arena gc = gc_new();
1262 
1263  /* FIXME (schwabe)
1264  * getaddrinfo for the bind address might return multiple AF_INET/AF_INET6
1265  * entries for the requested protocol.
1266  * For example if an address has multiple A records
1267  * What is the correct way to deal with it?
1268  */
1269 
1270  struct addrinfo *cur;
1271 
1272  ASSERT(local);
1273 
1274 
1275  /* find the first addrinfo with correct ai_family */
1276  for (cur = local; cur; cur = cur->ai_next)
1277  {
1278  if (cur->ai_family == ai_family)
1279  {
1280  break;
1281  }
1282  }
1283  if (!cur)
1284  {
1285  msg(M_FATAL, "%s: Socket bind failed: Addr to bind has no %s record",
1286  prefix, addr_family_name(ai_family));
1287  }
1288 
1289  if (ai_family == AF_INET6)
1290  {
1291  int v6only = ipv6only ? 1 : 0; /* setsockopt must have an "int" */
1292 
1293  msg(M_INFO, "setsockopt(IPV6_V6ONLY=%d)", v6only);
1294  if (setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (void *) &v6only, sizeof(v6only)))
1295  {
1296  msg(M_NONFATAL|M_ERRNO, "Setting IPV6_V6ONLY=%d failed", v6only);
1297  }
1298  }
1299  if (bind(sd, cur->ai_addr, cur->ai_addrlen))
1300  {
1301  msg(M_FATAL | M_ERRNO, "%s: Socket bind failed on local address %s",
1302  prefix,
1303  print_sockaddr_ex(local->ai_addr, ":", PS_SHOW_PORT, &gc));
1304  }
1305  gc_free(&gc);
1306 }
1307 
1308 int
1310  const struct sockaddr *remote,
1311  int connect_timeout,
1312  volatile int *signal_received)
1313 {
1314  int status = 0;
1315 
1316 #ifdef TARGET_ANDROID
1317  protect_fd_nonlocal(sd, remote);
1318 #endif
1319 
1320 #ifdef CONNECT_NONBLOCK
1321  set_nonblock(sd);
1322  status = connect(sd, remote, af_addr_size(remote->sa_family));
1323  if (status)
1324  {
1325  status = openvpn_errno();
1326  }
1327  if (
1328 #ifdef _WIN32
1329  status == WSAEWOULDBLOCK
1330 #else
1331  status == EINPROGRESS
1332 #endif
1333  )
1334  {
1335  while (true)
1336  {
1337 #if POLL
1338  struct pollfd fds[1];
1339  fds[0].fd = sd;
1340  fds[0].events = POLLOUT;
1341  status = poll(fds, 1, 0);
1342 #else
1343  fd_set writes;
1344  struct timeval tv;
1345 
1346  FD_ZERO(&writes);
1347  openvpn_fd_set(sd, &writes);
1348  tv.tv_sec = 0;
1349  tv.tv_usec = 0;
1350 
1351  status = select(sd + 1, NULL, &writes, NULL, &tv);
1352 #endif
1353  if (signal_received)
1354  {
1355  get_signal(signal_received);
1356  if (*signal_received)
1357  {
1358  status = 0;
1359  break;
1360  }
1361  }
1362  if (status < 0)
1363  {
1364  status = openvpn_errno();
1365  break;
1366  }
1367  if (status <= 0)
1368  {
1369  if (--connect_timeout < 0)
1370  {
1371 #ifdef _WIN32
1372  status = WSAETIMEDOUT;
1373 #else
1374  status = ETIMEDOUT;
1375 #endif
1376  break;
1377  }
1378  management_sleep(1);
1379  continue;
1380  }
1381 
1382  /* got it */
1383  {
1384  int val = 0;
1385  socklen_t len;
1386 
1387  len = sizeof(val);
1388  if (getsockopt(sd, SOL_SOCKET, SO_ERROR, (void *) &val, &len) == 0
1389  && len == sizeof(val))
1390  {
1391  status = val;
1392  }
1393  else
1394  {
1395  status = openvpn_errno();
1396  }
1397  break;
1398  }
1399  }
1400  }
1401 #else /* ifdef CONNECT_NONBLOCK */
1402  status = connect(sd, remote, af_addr_size(remote->sa_family));
1403  if (status)
1404  {
1405  status = openvpn_errno();
1406  }
1407 #endif /* ifdef CONNECT_NONBLOCK */
1408 
1409  return status;
1410 }
1411 
1412 void
1413 set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
1414 {
1415  CLEAR(*actual);
1416  ASSERT(ai);
1417 
1418  if (ai->ai_family == AF_INET)
1419  {
1420  actual->dest.addr.in4 =
1421  *((struct sockaddr_in *) ai->ai_addr);
1422  }
1423  else if (ai->ai_family == AF_INET6)
1424  {
1425  actual->dest.addr.in6 =
1426  *((struct sockaddr_in6 *) ai->ai_addr);
1427  }
1428  else
1429  {
1430  ASSERT(0);
1431  }
1432 
1433 }
1434 
1435 static void
1437  const struct sockaddr *dest,
1438  const int connect_timeout,
1439  struct signal_info *sig_info)
1440 {
1441  struct gc_arena gc = gc_new();
1442  int status;
1443 
1444 #ifdef CONNECT_NONBLOCK
1445  msg(M_INFO, "Attempting to establish TCP connection with %s [nonblock]",
1446  print_sockaddr(dest, &gc));
1447 #else
1448  msg(M_INFO, "Attempting to establish TCP connection with %s",
1449  print_sockaddr(dest, &gc));
1450 #endif
1451 
1452 #ifdef ENABLE_MANAGEMENT
1453  if (management)
1454  {
1457  NULL,
1458  NULL,
1459  NULL,
1460  NULL,
1461  NULL);
1462  }
1463 #endif
1464 
1465  /* Set the actual address */
1466  status = openvpn_connect(*sd, dest, connect_timeout, &sig_info->signal_received);
1467 
1468  get_signal(&sig_info->signal_received);
1469  if (sig_info->signal_received)
1470  {
1471  goto done;
1472  }
1473 
1474  if (status)
1475  {
1476 
1477  msg(D_LINK_ERRORS, "TCP: connect to %s failed: %s",
1478  print_sockaddr(dest, &gc), strerror(status));
1479 
1480  openvpn_close_socket(*sd);
1481  *sd = SOCKET_UNDEFINED;
1482  sig_info->signal_received = SIGUSR1;
1484  }
1485  else
1486  {
1487  msg(M_INFO, "TCP connection established with %s",
1488  print_sockaddr(dest, &gc));
1489  }
1490 
1491 done:
1492  gc_free(&gc);
1493 }
1494 
1495 /*
1496  * Stream buffer handling prototypes -- stream_buf is a helper class
1497  * to assist in the packetization of stream transport protocols
1498  * such as TCP.
1499  */
1500 
1501 static void
1502 stream_buf_init(struct stream_buf *sb, struct buffer *buf,
1503  const unsigned int sockflags, const int proto);
1504 
1505 static void
1506 stream_buf_close(struct stream_buf *sb);
1507 
1508 static bool
1509 stream_buf_added(struct stream_buf *sb, int length_added);
1510 
1511 /* For stream protocols, allocate a buffer to build up packet.
1512  * Called after frame has been finalized. */
1513 
1514 static void
1515 socket_frame_init(const struct frame *frame, struct link_socket *sock)
1516 {
1517 #ifdef _WIN32
1518  overlapped_io_init(&sock->reads, frame, FALSE, false);
1519  overlapped_io_init(&sock->writes, frame, TRUE, false);
1520  sock->rw_handle.read = sock->reads.overlapped.hEvent;
1521  sock->rw_handle.write = sock->writes.overlapped.hEvent;
1522 #endif
1523 
1525  {
1526 #ifdef _WIN32
1527  stream_buf_init(&sock->stream_buf,
1528  &sock->reads.buf_init,
1529  sock->sockflags,
1530  sock->info.proto);
1531 #else
1533  frame,
1534  false,
1536 
1537  stream_buf_init(&sock->stream_buf,
1538  &sock->stream_buf_data,
1539  sock->sockflags,
1540  sock->info.proto);
1541 #endif
1542  }
1543 }
1544 
1545 /*
1546  * Adjust frame structure based on a Path MTU value given
1547  * to us by the OS.
1548  */
1549 void
1550 frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
1551 {
1553 }
1554 
1555 static void
1557 {
1558  struct gc_arena gc = gc_new();
1559 
1560  /* resolve local address if undefined */
1561  if (!sock->info.lsa->bind_local)
1562  {
1565  int status;
1566 
1567  if (proto_is_dgram(sock->info.proto))
1568  {
1569  flags |= GETADDR_DATAGRAM;
1570  }
1571 
1572  /* will return AF_{INET|INET6}from local_host */
1573  status = get_cached_dns_entry(sock->dns_cache,
1574  sock->local_host,
1575  sock->local_port,
1576  af,
1577  flags,
1578  &sock->info.lsa->bind_local);
1579 
1580  if (status)
1581  {
1582  status = openvpn_getaddrinfo(flags, sock->local_host, sock->local_port, 0,
1583  NULL, af, &sock->info.lsa->bind_local);
1584  }
1585 
1586  if (status !=0)
1587  {
1588  msg(M_FATAL, "getaddrinfo() failed for local \"%s:%s\": %s",
1589  sock->local_host, sock->local_port,
1590  gai_strerror(status));
1591  }
1592  }
1593 
1594  gc_free(&gc);
1595 }
1596 
1597 static void
1599  int phase,
1600  const char **remote_dynamic,
1601  volatile int *signal_received)
1602 {
1603  struct gc_arena gc = gc_new();
1604 
1605  /* resolve remote address if undefined */
1606  if (!sock->info.lsa->remote_list)
1607  {
1608  if (sock->remote_host)
1609  {
1611  int retry = 0;
1612  int status = -1;
1613  struct addrinfo *ai;
1614  if (proto_is_dgram(sock->info.proto))
1615  {
1616  flags |= GETADDR_DATAGRAM;
1617  }
1618 
1620  {
1621  if (phase == 2)
1622  {
1623  flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL);
1624  }
1625  retry = 0;
1626  }
1627  else if (phase == 1)
1628  {
1629  if (sock->resolve_retry_seconds)
1630  {
1631  retry = 0;
1632  }
1633  else
1634  {
1636  retry = 0;
1637  }
1638  }
1639  else if (phase == 2)
1640  {
1641  if (sock->resolve_retry_seconds)
1642  {
1643  flags |= GETADDR_FATAL;
1644  retry = sock->resolve_retry_seconds;
1645  }
1646  else
1647  {
1648  ASSERT(0);
1649  }
1650  }
1651  else
1652  {
1653  ASSERT(0);
1654  }
1655 
1656 
1657  status = get_cached_dns_entry(sock->dns_cache,
1658  sock->remote_host,
1659  sock->remote_port,
1660  sock->info.af,
1661  flags, &ai);
1662  if (status)
1663  {
1664  status = openvpn_getaddrinfo(flags, sock->remote_host, sock->remote_port,
1665  retry, signal_received, sock->info.af, &ai);
1666  }
1667 
1668  if (status == 0)
1669  {
1670  sock->info.lsa->remote_list = ai;
1671  sock->info.lsa->current_remote = ai;
1672 
1673  dmsg(D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d",
1674  flags,
1675  phase,
1676  retry,
1677  signal_received ? *signal_received : -1,
1678  status);
1679  }
1680  if (signal_received)
1681  {
1682  if (*signal_received)
1683  {
1684  goto done;
1685  }
1686  }
1687  if (status!=0)
1688  {
1689  if (signal_received)
1690  {
1691  *signal_received = SIGUSR1;
1692  }
1693  goto done;
1694  }
1695  }
1696  }
1697 
1698  /* should we re-use previous active remote address? */
1700  {
1701  msg(M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
1702  print_link_socket_actual(&sock->info.lsa->actual, &gc));
1703  if (remote_dynamic)
1704  {
1705  *remote_dynamic = NULL;
1706  }
1707  }
1708  else
1709  {
1710  CLEAR(sock->info.lsa->actual);
1711  if (sock->info.lsa->current_remote)
1712  {
1714  sock->info.lsa->current_remote);
1715  }
1716  }
1717 
1718 done:
1719  gc_free(&gc);
1720 }
1721 
1722 
1723 
1724 struct link_socket *
1726 {
1727  struct link_socket *sock;
1728 
1729  ALLOC_OBJ_CLEAR(sock, struct link_socket);
1730  sock->sd = SOCKET_UNDEFINED;
1731  sock->ctrl_sd = SOCKET_UNDEFINED;
1732  return sock;
1733 }
1734 
1735 void
1737  const char *local_host,
1738  const char *local_port,
1739  const char *remote_host,
1740  const char *remote_port,
1741  struct cached_dns_entry *dns_cache,
1742  int proto,
1743  sa_family_t af,
1744  bool bind_ipv6_only,
1745  int mode,
1746  const struct link_socket *accept_from,
1747  struct http_proxy_info *http_proxy,
1748  struct socks_proxy_info *socks_proxy,
1749 #ifdef ENABLE_DEBUG
1750  int gremlin,
1751 #endif
1752  bool bind_local,
1753  bool remote_float,
1754  int inetd,
1755  struct link_socket_addr *lsa,
1756  const char *ipchange_command,
1757  const struct plugin_list *plugins,
1759  int mtu_discover_type,
1760  int rcvbuf,
1761  int sndbuf,
1762  int mark,
1764  unsigned int sockflags)
1765 {
1766  ASSERT(sock);
1767 
1768  sock->local_host = local_host;
1769  sock->local_port = local_port;
1770  sock->remote_host = remote_host;
1771  sock->remote_port = remote_port;
1772  sock->dns_cache = dns_cache;
1773  sock->http_proxy = http_proxy;
1774  sock->socks_proxy = socks_proxy;
1775  sock->bind_local = bind_local;
1776  sock->inetd = inetd;
1779 
1780 #ifdef ENABLE_DEBUG
1781  sock->gremlin = gremlin;
1782 #endif
1783 
1784  sock->socket_buffer_sizes.rcvbuf = rcvbuf;
1785  sock->socket_buffer_sizes.sndbuf = sndbuf;
1786 
1787  sock->sockflags = sockflags;
1788  sock->mark = mark;
1789 
1790  sock->info.proto = proto;
1791  sock->info.af = af;
1792  sock->info.remote_float = remote_float;
1793  sock->info.lsa = lsa;
1794  sock->info.bind_ipv6_only = bind_ipv6_only;
1795  sock->info.ipchange_command = ipchange_command;
1796  sock->info.plugins = plugins;
1798 
1799  sock->mode = mode;
1800  if (mode == LS_MODE_TCP_ACCEPT_FROM)
1801  {
1802  ASSERT(accept_from);
1803  ASSERT(sock->info.proto == PROTO_TCP_SERVER);
1804  ASSERT(!sock->inetd);
1805  sock->sd = accept_from->sd;
1806  /* inherit (possibly guessed) info AF from parent context */
1807  sock->info.af = accept_from->info.af;
1808  }
1809 
1810  /* are we running in HTTP proxy mode? */
1811  if (sock->http_proxy)
1812  {
1813  ASSERT(sock->info.proto == PROTO_TCP_CLIENT);
1814  ASSERT(!sock->inetd);
1815 
1816  /* the proxy server */
1817  sock->remote_host = http_proxy->options.server;
1818  sock->remote_port = http_proxy->options.port;
1819 
1820  /* the OpenVPN server we will use the proxy to connect to */
1821  sock->proxy_dest_host = remote_host;
1822  sock->proxy_dest_port = remote_port;
1823  }
1824  /* or in Socks proxy mode? */
1825  else if (sock->socks_proxy)
1826  {
1827  ASSERT(!sock->inetd);
1828 
1829  /* the proxy server */
1830  sock->remote_host = socks_proxy->server;
1831  sock->remote_port = socks_proxy->port;
1832 
1833  /* the OpenVPN server we will use the proxy to connect to */
1834  sock->proxy_dest_host = remote_host;
1835  sock->proxy_dest_port = remote_port;
1836  }
1837  else
1838  {
1839  sock->remote_host = remote_host;
1840  sock->remote_port = remote_port;
1841  }
1842 
1843  /* bind behavior for TCP server vs. client */
1844  if (sock->info.proto == PROTO_TCP_SERVER)
1845  {
1846  if (sock->mode == LS_MODE_TCP_ACCEPT_FROM)
1847  {
1848  sock->bind_local = false;
1849  }
1850  else
1851  {
1852  sock->bind_local = true;
1853  }
1854  }
1855 
1856  /* were we started by inetd or xinetd? */
1857  if (sock->inetd)
1858  {
1859  ASSERT(sock->info.proto != PROTO_TCP_CLIENT);
1861  sock->sd = inetd_socket_descriptor;
1862  set_cloexec(sock->sd); /* not created by create_socket*() */
1863  }
1864  else if (mode != LS_MODE_TCP_ACCEPT_FROM)
1865  {
1866  if (sock->bind_local)
1867  {
1868  resolve_bind_local(sock, sock->info.af);
1869  }
1870  resolve_remote(sock, 1, NULL, NULL);
1871  }
1872 }
1873 
1874 static
1875 void
1876 phase2_inetd(struct link_socket *sock, const struct frame *frame,
1877  const char *remote_dynamic, volatile int *signal_received)
1878 {
1879  bool remote_changed = false;
1880 
1881  if (sock->info.proto == PROTO_TCP_SERVER)
1882  {
1883  /* AF_INET as default (and fallback) for inetd */
1884  sock->info.lsa->actual.dest.addr.sa.sa_family = AF_INET;
1885 #ifdef HAVE_GETSOCKNAME
1886  {
1887  /* inetd: hint family type for dest = local's */
1888  struct openvpn_sockaddr local_addr;
1889  socklen_t addrlen = sizeof(local_addr);
1890  if (getsockname(sock->sd, &local_addr.addr.sa, &addrlen) == 0)
1891  {
1892  sock->info.lsa->actual.dest.addr.sa.sa_family = local_addr.addr.sa.sa_family;
1893  dmsg(D_SOCKET_DEBUG, "inetd(%s): using sa_family=%d from getsockname(%d)",
1894  proto2ascii(sock->info.proto, sock->info.af, false),
1895  local_addr.addr.sa.sa_family, (int)sock->sd);
1896  }
1897  else
1898  {
1899  msg(M_WARN, "inetd(%s): getsockname(%d) failed, using AF_INET",
1900  proto2ascii(sock->info.proto, sock->info.af, false), (int)sock->sd);
1901  }
1902  }
1903 #else /* ifdef HAVE_GETSOCKNAME */
1904  msg(M_WARN, "inetd(%s): this OS does not provide the getsockname() "
1905  "function, using AF_INET",
1906  proto2ascii(sock->info.proto, false));
1907 #endif /* ifdef HAVE_GETSOCKNAME */
1908  sock->sd =
1909  socket_listen_accept(sock->sd,
1910  &sock->info.lsa->actual,
1911  remote_dynamic,
1912  sock->info.lsa->bind_local,
1913  false,
1914  sock->inetd == INETD_NOWAIT,
1915  signal_received);
1916 
1917  }
1918  ASSERT(!remote_changed);
1919 }
1920 
1921 static void
1923 {
1924  /* set misc socket parameters */
1925  socket_set_flags(sock->sd, sock->sockflags);
1926 
1927  /* set socket to non-blocking mode */
1928  set_nonblock(sock->sd);
1929 
1930  /* set Path MTU discovery options on the socket */
1931  set_mtu_discover_type(sock->sd, sock->mtu_discover_type, sock->info.af);
1932 
1933 #if EXTENDED_SOCKET_ERROR_CAPABILITY
1934  /* if the OS supports it, enable extended error passing on the socket */
1935  set_sock_extended_error_passing(sock->sd);
1936 #endif
1937 }
1938 
1939 
1940 static void
1942 {
1943  struct gc_arena gc = gc_new();
1944  const int msglevel = (sock->mode == LS_MODE_TCP_ACCEPT_FROM) ? D_INIT_MEDIUM : M_INFO;
1945 
1946  /* print local address */
1947  if (sock->inetd)
1948  {
1949  msg(msglevel, "%s link local: [inetd]", proto2ascii(sock->info.proto, sock->info.af, true));
1950  }
1951  else if (sock->bind_local)
1952  {
1953  sa_family_t ai_family = sock->info.lsa->actual.dest.addr.sa.sa_family;
1954  /* Socket is always bound on the first matching address,
1955  * For bound sockets with no remote addr this is the element of
1956  * the list */
1957  struct addrinfo *cur;
1958  for (cur = sock->info.lsa->bind_local; cur; cur = cur->ai_next)
1959  {
1960  if (!ai_family || ai_family == cur->ai_family)
1961  {
1962  break;
1963  }
1964  }
1965  ASSERT(cur);
1966  msg(msglevel, "%s link local (bound): %s",
1967  proto2ascii(sock->info.proto, sock->info.af, true),
1968  print_sockaddr(cur->ai_addr,&gc));
1969  }
1970  else
1971  {
1972  msg(msglevel, "%s link local: (not bound)",
1973  proto2ascii(sock->info.proto, sock->info.af, true));
1974  }
1975 
1976  /* print active remote address */
1977  msg(msglevel, "%s link remote: %s",
1978  proto2ascii(sock->info.proto, sock->info.af, true),
1980  ":",
1982  &gc));
1983  gc_free(&gc);
1984 }
1985 
1986 static void
1987 phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic,
1988  volatile int *signal_received)
1989 {
1990  switch (sock->mode)
1991  {
1992  case LS_MODE_DEFAULT:
1993  sock->sd = socket_listen_accept(sock->sd,
1994  &sock->info.lsa->actual,
1995  remote_dynamic,
1996  sock->info.lsa->bind_local,
1997  true,
1998  false,
1999  signal_received);
2000  break;
2001 
2002  case LS_MODE_TCP_LISTEN:
2003  socket_do_listen(sock->sd,
2004  sock->info.lsa->bind_local,
2005  true,
2006  false);
2007  break;
2008 
2010  sock->sd = socket_do_accept(sock->sd,
2011  &sock->info.lsa->actual,
2012  false);
2013  if (!socket_defined(sock->sd))
2014  {
2015  *signal_received = SIGTERM;
2016  return;
2017  }
2019  break;
2020 
2021  default:
2022  ASSERT(0);
2023  }
2024 }
2025 
2026 
2027 static void
2028 phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
2029 {
2030  bool proxy_retry = false;
2031  do
2032  {
2033  socket_connect(&sock->sd,
2034  sock->info.lsa->current_remote->ai_addr,
2036  sig_info);
2037 
2038  if (sig_info->signal_received)
2039  {
2040  return;
2041  }
2042 
2043  if (sock->http_proxy)
2044  {
2045  proxy_retry = establish_http_proxy_passthru(sock->http_proxy,
2046  sock->sd,
2047  sock->proxy_dest_host,
2048  sock->proxy_dest_port,
2049  sock->server_poll_timeout,
2050  &sock->stream_buf.residual,
2051  &sig_info->signal_received);
2052  }
2053  else if (sock->socks_proxy)
2054  {
2056  sock->sd,
2057  sock->proxy_dest_host,
2058  sock->proxy_dest_port,
2059  &sig_info->signal_received);
2060  }
2061  if (proxy_retry)
2062  {
2063  openvpn_close_socket(sock->sd);
2064  sock->sd = create_socket_tcp(sock->info.lsa->current_remote);
2065  }
2066 
2067  } while (proxy_retry);
2068 
2069 }
2070 
2071 static void
2072 phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
2073 {
2074  socket_connect(&sock->ctrl_sd,
2075  sock->info.lsa->current_remote->ai_addr,
2077  sig_info);
2078 
2079  if (sig_info->signal_received)
2080  {
2081  return;
2082  }
2083 
2085  sock->ctrl_sd,
2086  sock->sd,
2087  &sock->socks_relay.dest,
2088  &sig_info->signal_received);
2089 
2090  if (sig_info->signal_received)
2091  {
2092  return;
2093  }
2094 
2095  sock->remote_host = sock->proxy_dest_host;
2096  sock->remote_port = sock->proxy_dest_port;
2097 
2098  addr_zero_host(&sock->info.lsa->actual.dest);
2099  if (sock->info.lsa->remote_list)
2100  {
2101  freeaddrinfo(sock->info.lsa->remote_list);
2102  sock->info.lsa->current_remote = NULL;
2103  sock->info.lsa->remote_list = NULL;
2104  }
2105 
2106  resolve_remote(sock, 1, NULL, &sig_info->signal_received);
2107 }
2108 
2109 /* finalize socket initialization */
2110 void
2112  const struct frame *frame,
2113  struct signal_info *sig_info)
2114 {
2115  const char *remote_dynamic = NULL;
2116  int sig_save = 0;
2117 
2118  ASSERT(sock);
2119  ASSERT(sig_info);
2120 
2121  if (sig_info->signal_received)
2122  {
2123  sig_save = sig_info->signal_received;
2124  sig_info->signal_received = 0;
2125  }
2126 
2127  /* initialize buffers */
2128  socket_frame_init(frame, sock);
2129 
2130  /*
2131  * Pass a remote name to connect/accept so that
2132  * they can test for dynamic IP address changes
2133  * and throw a SIGUSR1 if appropriate.
2134  */
2135  if (sock->resolve_retry_seconds)
2136  {
2137  remote_dynamic = sock->remote_host;
2138  }
2139 
2140  /* were we started by inetd or xinetd? */
2141  if (sock->inetd)
2142  {
2143  phase2_inetd(sock, frame, remote_dynamic, &sig_info->signal_received);
2144  if (sig_info->signal_received)
2145  {
2146  goto done;
2147  }
2148 
2149  }
2150  else
2151  {
2152  /* Second chance to resolv/create socket */
2153  resolve_remote(sock, 2, &remote_dynamic, &sig_info->signal_received);
2154 
2155  /* If a valid remote has been found, create the socket with its addrinfo */
2156  if (sock->info.lsa->current_remote)
2157  {
2158  create_socket(sock, sock->info.lsa->current_remote);
2159  }
2160 
2161  /* If socket has not already been created create it now */
2162  if (sock->sd == SOCKET_UNDEFINED)
2163  {
2164  /* If we have no --remote and have still not figured out the
2165  * protocol family to use we will use the first of the bind */
2166 
2167  if (sock->bind_local && !sock->remote_host && sock->info.lsa->bind_local)
2168  {
2169  /* Warn if this is because neither v4 or v6 was specified
2170  * and we should not connect a remote */
2171  if (sock->info.af == AF_UNSPEC)
2172  {
2173  msg(M_WARN, "Could not determine IPv4/IPv6 protocol. Using %s",
2174  addr_family_name(sock->info.lsa->bind_local->ai_family));
2175  sock->info.af = sock->info.lsa->bind_local->ai_family;
2176  }
2177 
2178  create_socket(sock, sock->info.lsa->bind_local);
2179  }
2180  }
2181 
2182  /* Socket still undefined, give a warning and abort connection */
2183  if (sock->sd == SOCKET_UNDEFINED)
2184  {
2185  msg(M_WARN, "Could not determine IPv4/IPv6 protocol");
2186  sig_info->signal_received = SIGUSR1;
2187  goto done;
2188  }
2189 
2190  if (sig_info->signal_received)
2191  {
2192  goto done;
2193  }
2194 
2195  if (sock->info.proto == PROTO_TCP_SERVER)
2196  {
2197  phase2_tcp_server(sock, remote_dynamic,
2198  &sig_info->signal_received);
2199  }
2200  else if (sock->info.proto == PROTO_TCP_CLIENT)
2201  {
2202  phase2_tcp_client(sock, sig_info);
2203 
2204  }
2205  else if (sock->info.proto == PROTO_UDP && sock->socks_proxy)
2206  {
2207  phase2_socks_client(sock, sig_info);
2208  }
2209 #ifdef TARGET_ANDROID
2210  if (sock->sd != -1)
2211  {
2212  protect_fd_nonlocal(sock->sd, &sock->info.lsa->actual.dest.addr.sa);
2213  }
2214 #endif
2215  if (sig_info->signal_received)
2216  {
2217  goto done;
2218  }
2219  }
2220 
2222  linksock_print_addr(sock);
2223 
2224 done:
2225  if (sig_save)
2226  {
2227  if (!sig_info->signal_received)
2228  {
2229  sig_info->signal_received = sig_save;
2230  }
2231  }
2232 }
2233 
2234 void
2236 {
2237  if (sock)
2238  {
2239 #ifdef ENABLE_DEBUG
2240  const int gremlin = GREMLIN_CONNECTION_FLOOD_LEVEL(sock->gremlin);
2241 #else
2242  const int gremlin = 0;
2243 #endif
2244 
2245  if (socket_defined(sock->sd))
2246  {
2247 #ifdef _WIN32
2248  close_net_event_win32(&sock->listen_handle, sock->sd, 0);
2249 #endif
2250  if (!gremlin)
2251  {
2252  msg(D_LOW, "TCP/UDP: Closing socket");
2253  if (openvpn_close_socket(sock->sd))
2254  {
2255  msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket failed");
2256  }
2257  }
2258  sock->sd = SOCKET_UNDEFINED;
2259 #ifdef _WIN32
2260  if (!gremlin)
2261  {
2262  overlapped_io_close(&sock->reads);
2263  overlapped_io_close(&sock->writes);
2264  }
2265 #endif
2266  }
2267 
2268  if (socket_defined(sock->ctrl_sd))
2269  {
2270  if (openvpn_close_socket(sock->ctrl_sd))
2271  {
2272  msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket (ctrl_sd) failed");
2273  }
2274  sock->ctrl_sd = SOCKET_UNDEFINED;
2275  }
2276 
2277  stream_buf_close(&sock->stream_buf);
2278  free_buf(&sock->stream_buf_data);
2279  if (!gremlin)
2280  {
2281  free(sock);
2282  }
2283  }
2284 }
2285 
2286 /* for stream protocols, allow for packet length prefix */
2287 void
2289 {
2291  {
2293  }
2294 }
2295 
2296 void
2297 setenv_trusted(struct env_set *es, const struct link_socket_info *info)
2298 {
2299  setenv_link_socket_actual(es, "trusted", &info->lsa->actual, SA_IP_PORT);
2300 }
2301 
2302 static void
2303 ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
2304 {
2305  const char *host = print_sockaddr_ex(&info->lsa->actual.dest.addr.sa, " ", PS_SHOW_PORT, gc);
2306  if (include_cmd)
2307  {
2308  argv_parse_cmd(argv, info->ipchange_command);
2309  argv_printf_cat(argv, "%s", host);
2310  }
2311  else
2312  {
2313  argv_printf(argv, "%s", host);
2314  }
2315 
2316 }
2317 
2318 void
2320  struct link_socket_info *info,
2321  const struct link_socket_actual *act,
2322  const char *common_name,
2323  struct env_set *es)
2324 {
2325  struct gc_arena gc = gc_new();
2326 
2327  info->lsa->actual = *act; /* Note: skip this line for --force-dest */
2328  setenv_trusted(es, info);
2329  info->connection_established = true;
2330 
2331  /* Print connection initiated message, with common name if available */
2332  {
2333  struct buffer out = alloc_buf_gc(256, &gc);
2334  if (common_name)
2335  {
2336  buf_printf(&out, "[%s] ", common_name);
2337  }
2338  buf_printf(&out, "Peer Connection Initiated with %s", print_link_socket_actual(&info->lsa->actual, &gc));
2339  msg(M_INFO, "%s", BSTR(&out));
2340  }
2341 
2342  /* set environmental vars */
2343  setenv_str(es, "common_name", common_name);
2344 
2345  /* Process --ipchange plugin */
2347  {
2348  struct argv argv = argv_new();
2349  ipchange_fmt(false, &argv, info, &gc);
2351  {
2352  msg(M_WARN, "WARNING: ipchange plugin call failed");
2353  }
2354  argv_reset(&argv);
2355  }
2356 
2357  /* Process --ipchange option */
2358  if (info->ipchange_command)
2359  {
2360  struct argv argv = argv_new();
2361  setenv_str(es, "script_type", "ipchange");
2362  ipchange_fmt(true, &argv, info, &gc);
2363  openvpn_run_script(&argv, es, 0, "--ipchange");
2364  argv_reset(&argv);
2365  }
2366 
2367  gc_free(&gc);
2368 }
2369 
2370 void
2372  const struct link_socket_info *info,
2373  const struct link_socket_actual *from_addr)
2374 {
2375  struct gc_arena gc = gc_new();
2376  struct addrinfo *ai;
2377 
2378  switch (from_addr->dest.addr.sa.sa_family)
2379  {
2380  case AF_INET:
2381  case AF_INET6:
2383  "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
2384  print_link_socket_actual(from_addr, &gc),
2385  (int)from_addr->dest.addr.sa.sa_family,
2386  print_sockaddr_ex(info->lsa->remote_list->ai_addr,":",PS_SHOW_PORT, &gc));
2387  /* print additional remote addresses */
2388  for (ai = info->lsa->remote_list->ai_next; ai; ai = ai->ai_next)
2389  {
2390  msg(D_LINK_ERRORS,"or from peer address: %s",
2391  print_sockaddr_ex(ai->ai_addr,":",PS_SHOW_PORT, &gc));
2392  }
2393  break;
2394  }
2395  buf->len = 0;
2396  gc_free(&gc);
2397 }
2398 
2399 void
2401 {
2402  dmsg(D_READ_WRITE, "TCP/UDP: No outgoing address to send packet");
2403 }
2404 
2405 in_addr_t
2407 {
2408  const struct link_socket_addr *lsa = info->lsa;
2409 
2410 /*
2411  * This logic supports "redirect-gateway" semantic, which
2412  * makes sense only for PF_INET routes over PF_INET endpoints
2413  *
2414  * Maybe in the future consider PF_INET6 endpoints also ...
2415  * by now just ignore it
2416  *
2417  * For --remote entries with multiple addresses this
2418  * only return the actual endpoint we have sucessfully connected to
2419  */
2420  if (lsa->actual.dest.addr.sa.sa_family != AF_INET)
2421  {
2422  return IPV4_INVALID_ADDR;
2423  }
2424 
2426  {
2427  return ntohl(lsa->actual.dest.addr.in4.sin_addr.s_addr);
2428  }
2429  else if (lsa->current_remote)
2430  {
2431  return ntohl(((struct sockaddr_in *)lsa->current_remote->ai_addr)
2432  ->sin_addr.s_addr);
2433  }
2434  else
2435  {
2436  return 0;
2437  }
2438 }
2439 
2440 const struct in6_addr *
2442 {
2443  const struct link_socket_addr *lsa = info->lsa;
2444 
2445 /* This logic supports "redirect-gateway" semantic,
2446  * for PF_INET6 routes over PF_INET6 endpoints
2447  *
2448  * For --remote entries with multiple addresses this
2449  * only return the actual endpoint we have sucessfully connected to
2450  */
2451  if (lsa->actual.dest.addr.sa.sa_family != AF_INET6)
2452  {
2453  return NULL;
2454  }
2455 
2457  {
2458  return &(lsa->actual.dest.addr.in6.sin6_addr);
2459  }
2460  else if (lsa->current_remote)
2461  {
2462  return &(((struct sockaddr_in6 *)lsa->current_remote->ai_addr)->sin6_addr);
2463  }
2464  else
2465  {
2466  return NULL;
2467  }
2468 }
2469 
2470 /*
2471  * Return a status string describing socket state.
2472  */
2473 const char *
2474 socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
2475 {
2476  struct buffer out = alloc_buf_gc(64, gc);
2477  if (s)
2478  {
2479  if (rwflags & EVENT_READ)
2480  {
2481  buf_printf(&out, "S%s",
2482  (s->rwflags_debug & EVENT_READ) ? "R" : "r");
2483 #ifdef _WIN32
2484  buf_printf(&out, "%s",
2486 #endif
2487  }
2488  if (rwflags & EVENT_WRITE)
2489  {
2490  buf_printf(&out, "S%s",
2491  (s->rwflags_debug & EVENT_WRITE) ? "W" : "w");
2492 #ifdef _WIN32
2493  buf_printf(&out, "%s",
2495 #endif
2496  }
2497  }
2498  else
2499  {
2500  buf_printf(&out, "S?");
2501  }
2502  return BSTR(&out);
2503 }
2504 
2505 /*
2506  * Stream buffer functions, used to packetize a TCP
2507  * stream connection.
2508  */
2509 
2510 static inline void
2512 {
2513  dmsg(D_STREAM_DEBUG, "STREAM: RESET");
2514  sb->residual_fully_formed = false;
2515  sb->buf = sb->buf_init;
2516  buf_reset(&sb->next);
2517  sb->len = -1;
2518 }
2519 
2520 static void
2522  struct buffer *buf,
2523  const unsigned int sockflags,
2524  const int proto)
2525 {
2526  sb->buf_init = *buf;
2527  sb->maxlen = sb->buf_init.len;
2528  sb->buf_init.len = 0;
2529  sb->residual = alloc_buf(sb->maxlen);
2530  sb->error = false;
2531 #if PORT_SHARE
2532  sb->port_share_state = ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCP_SERVER))
2533  ? PS_ENABLED
2534  : PS_DISABLED;
2535 #endif
2536  stream_buf_reset(sb);
2537 
2538  dmsg(D_STREAM_DEBUG, "STREAM: INIT maxlen=%d", sb->maxlen);
2539 }
2540 
2541 static inline void
2543 {
2544  /* set up 'next' for next i/o read */
2545  sb->next = sb->buf;
2546  sb->next.offset = sb->buf.offset + sb->buf.len;
2547  sb->next.len = (sb->len >= 0 ? sb->len : sb->maxlen) - sb->buf.len;
2548  dmsg(D_STREAM_DEBUG, "STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%d",
2549  sb->buf.offset, sb->buf.len,
2550  sb->next.offset, sb->next.len,
2551  sb->len, sb->maxlen);
2552  ASSERT(sb->next.len > 0);
2553  ASSERT(buf_safe(&sb->buf, sb->next.len));
2554 }
2555 
2556 static inline void
2557 stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
2558 {
2559  dmsg(D_STREAM_DEBUG, "STREAM: GET FINAL len=%d",
2560  buf_defined(&sb->buf) ? sb->buf.len : -1);
2561  ASSERT(buf_defined(&sb->buf));
2562  *buf = sb->buf;
2563 }
2564 
2565 static inline void
2566 stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
2567 {
2568  dmsg(D_STREAM_DEBUG, "STREAM: GET NEXT len=%d",
2569  buf_defined(&sb->next) ? sb->next.len : -1);
2570  ASSERT(buf_defined(&sb->next));
2571  *buf = sb->next;
2572 }
2573 
2574 bool
2576 {
2578  {
2579  ASSERT(buf_copy(&sock->stream_buf.buf, &sock->stream_buf.residual));
2580  ASSERT(buf_init(&sock->stream_buf.residual, 0));
2582  dmsg(D_STREAM_DEBUG, "STREAM: RESIDUAL FULLY FORMED [%s], len=%d",
2583  sock->stream_buf.residual_fully_formed ? "YES" : "NO",
2584  sock->stream_buf.residual.len);
2585  }
2586 
2587  if (!sock->stream_buf.residual_fully_formed)
2588  {
2590  }
2591  return !sock->stream_buf.residual_fully_formed;
2592 }
2593 
2594 static bool
2596  int length_added)
2597 {
2598  dmsg(D_STREAM_DEBUG, "STREAM: ADD length_added=%d", length_added);
2599  if (length_added > 0)
2600  {
2601  sb->buf.len += length_added;
2602  }
2603 
2604  /* if length unknown, see if we can get the length prefix from
2605  * the head of the buffer */
2606  if (sb->len < 0 && sb->buf.len >= (int) sizeof(packet_size_type))
2607  {
2608  packet_size_type net_size;
2609 
2610 #if PORT_SHARE
2611  if (sb->port_share_state == PS_ENABLED)
2612  {
2613  if (!is_openvpn_protocol(&sb->buf))
2614  {
2615  msg(D_STREAM_ERRORS, "Non-OpenVPN client protocol detected");
2616  sb->port_share_state = PS_FOREIGN;
2617  sb->error = true;
2618  return false;
2619  }
2620  else
2621  {
2622  sb->port_share_state = PS_DISABLED;
2623  }
2624  }
2625 #endif
2626 
2627  ASSERT(buf_read(&sb->buf, &net_size, sizeof(net_size)));
2628  sb->len = ntohps(net_size);
2629 
2630  if (sb->len < 1 || sb->len > sb->maxlen)
2631  {
2632  msg(M_WARN, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]", sb->len, sb->maxlen);
2633  stream_buf_reset(sb);
2634  sb->error = true;
2635  return false;
2636  }
2637  }
2638 
2639  /* is our incoming packet fully read? */
2640  if (sb->len > 0 && sb->buf.len >= sb->len)
2641  {
2642  /* save any residual data that's part of the next packet */
2643  ASSERT(buf_init(&sb->residual, 0));
2644  if (sb->buf.len > sb->len)
2645  {
2646  ASSERT(buf_copy_excess(&sb->residual, &sb->buf, sb->len));
2647  }
2648  dmsg(D_STREAM_DEBUG, "STREAM: ADD returned TRUE, buf_len=%d, residual_len=%d",
2649  BLEN(&sb->buf),
2650  BLEN(&sb->residual));
2651  return true;
2652  }
2653  else
2654  {
2655  dmsg(D_STREAM_DEBUG, "STREAM: ADD returned FALSE (have=%d need=%d)", sb->buf.len, sb->len);
2656  stream_buf_set_next(sb);
2657  return false;
2658  }
2659 }
2660 
2661 static void
2663 {
2664  free_buf(&sb->residual);
2665 }
2666 
2667 /*
2668  * The listen event is a special event whose sole purpose is
2669  * to tell us that there's a new incoming connection on a
2670  * TCP socket, for use in server mode.
2671  */
2672 event_t
2674 {
2675 #ifdef _WIN32
2677  {
2678  init_net_event_win32(&s->listen_handle, FD_ACCEPT, s->sd, 0);
2679  }
2680  return &s->listen_handle;
2681 #else /* ifdef _WIN32 */
2682  return s->sd;
2683 #endif
2684 }
2685 
2686 /*
2687  * Format IP addresses in ascii
2688  */
2689 
2690 const char *
2691 print_sockaddr_ex(const struct sockaddr *sa,
2692  const char *separator,
2693  const unsigned int flags,
2694  struct gc_arena *gc)
2695 {
2696  struct buffer out = alloc_buf_gc(128, gc);
2697  bool addr_is_defined = false;
2698  char hostaddr[NI_MAXHOST] = "";
2699  char servname[NI_MAXSERV] = "";
2700  int status;
2701 
2702  socklen_t salen = 0;
2703  switch (sa->sa_family)
2704  {
2705  case AF_INET:
2706  if (!(flags & PS_DONT_SHOW_FAMILY))
2707  {
2708  buf_puts(&out, "[AF_INET]");
2709  }
2710  salen = sizeof(struct sockaddr_in);
2711  addr_is_defined = ((struct sockaddr_in *) sa)->sin_addr.s_addr != 0;
2712  break;
2713 
2714  case AF_INET6:
2715  if (!(flags & PS_DONT_SHOW_FAMILY))
2716  {
2717  buf_puts(&out, "[AF_INET6]");
2718  }
2719  salen = sizeof(struct sockaddr_in6);
2720  addr_is_defined = !IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) sa)->sin6_addr);
2721  break;
2722 
2723  case AF_UNSPEC:
2724  if (!(flags & PS_DONT_SHOW_FAMILY))
2725  {
2726  return "[AF_UNSPEC]";
2727  }
2728  else
2729  {
2730  return "";
2731  }
2732 
2733  default:
2734  ASSERT(0);
2735  }
2736 
2737  status = getnameinfo(sa, salen, hostaddr, sizeof(hostaddr),
2738  servname, sizeof(servname), NI_NUMERICHOST | NI_NUMERICSERV);
2739 
2740  if (status!=0)
2741  {
2742  buf_printf(&out,"[nameinfo() err: %s]",gai_strerror(status));
2743  return BSTR(&out);
2744  }
2745 
2746  if (!(flags & PS_DONT_SHOW_ADDR))
2747  {
2748  if (addr_is_defined)
2749  {
2750  buf_puts(&out, hostaddr);
2751  }
2752  else
2753  {
2754  buf_puts(&out, "[undef]");
2755  }
2756  }
2757 
2758  if ((flags & PS_SHOW_PORT) || (flags & PS_SHOW_PORT_IF_DEFINED))
2759  {
2760  if (separator)
2761  {
2762  buf_puts(&out, separator);
2763  }
2764 
2765  buf_puts(&out, servname);
2766  }
2767 
2768  return BSTR(&out);
2769 }
2770 
2771 const char *
2773 {
2775 }
2776 
2777 #ifndef IF_NAMESIZE
2778 #define IF_NAMESIZE 16
2779 #endif
2780 
2781 const char *
2783  const char *separator,
2784  const unsigned int flags,
2785  struct gc_arena *gc)
2786 {
2787  if (act)
2788  {
2789  char ifname[IF_NAMESIZE] = "[undef]";
2790  struct buffer out = alloc_buf_gc(128, gc);
2791  buf_printf(&out, "%s", print_sockaddr_ex(&act->dest.addr.sa, separator, flags, gc));
2792 #if ENABLE_IP_PKTINFO
2793  if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(act))
2794  {
2795  switch (act->dest.addr.sa.sa_family)
2796  {
2797  case AF_INET:
2798  {
2799  struct openvpn_sockaddr sa;
2800  CLEAR(sa);
2801  sa.addr.in4.sin_family = AF_INET;
2802 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2803  sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst;
2804  if_indextoname(act->pi.in4.ipi_ifindex, ifname);
2805 #elif defined(IP_RECVDSTADDR)
2806  sa.addr.in4.sin_addr = act->pi.in4;
2807  ifname[0] = 0;
2808 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2809 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
2810 #endif
2811  buf_printf(&out, " (via %s%%%s)",
2812  print_sockaddr_ex(&sa.addr.sa, separator, 0, gc),
2813  ifname);
2814  }
2815  break;
2816 
2817  case AF_INET6:
2818  {
2819  struct sockaddr_in6 sin6;
2820  char buf[INET6_ADDRSTRLEN] = "[undef]";
2821  CLEAR(sin6);
2822  sin6.sin6_family = AF_INET6;
2823  sin6.sin6_addr = act->pi.in6.ipi6_addr;
2824  if_indextoname(act->pi.in6.ipi6_ifindex, ifname);
2825  if (getnameinfo((struct sockaddr *)&sin6, sizeof(struct sockaddr_in6),
2826  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST) == 0)
2827  {
2828  buf_printf(&out, " (via %s%%%s)", buf, ifname);
2829  }
2830  else
2831  {
2832  buf_printf(&out, " (via [getnameinfo() err]%%%s)", ifname);
2833  }
2834  }
2835  break;
2836  }
2837  }
2838 #endif /* if ENABLE_IP_PKTINFO */
2839  return BSTR(&out);
2840  }
2841  else
2842  {
2843  return "[NULL]";
2844  }
2845 }
2846 
2847 /*
2848  * Convert an in_addr_t in host byte order
2849  * to an ascii dotted quad.
2850  */
2851 const char *
2852 print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
2853 {
2854  struct in_addr ia;
2855  struct buffer out = alloc_buf_gc(64, gc);
2856 
2857  if (addr || !(flags & IA_EMPTY_IF_UNDEF))
2858  {
2859  CLEAR(ia);
2860  ia.s_addr = (flags & IA_NET_ORDER) ? addr : htonl(addr);
2861 
2862  buf_printf(&out, "%s", inet_ntoa(ia));
2863  }
2864  return BSTR(&out);
2865 }
2866 
2867 /*
2868  * Convert an in6_addr in host byte order
2869  * to an ascii representation of an IPv6 address
2870  */
2871 const char *
2872 print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
2873 {
2874  struct buffer out = alloc_buf_gc(64, gc);
2875  char tmp_out_buf[64]; /* inet_ntop wants pointer to buffer */
2876 
2877  if (memcmp(&a6, &in6addr_any, sizeof(a6)) != 0
2878  || !(flags & IA_EMPTY_IF_UNDEF))
2879  {
2880  inet_ntop(AF_INET6, &a6, tmp_out_buf, sizeof(tmp_out_buf)-1);
2881  buf_printf(&out, "%s", tmp_out_buf );
2882  }
2883  return BSTR(&out);
2884 }
2885 
2886 #ifndef UINT8_MAX
2887 #define UINT8_MAX 0xff
2888 #endif
2889 
2890 /* add some offset to an ipv6 address
2891  * (add in steps of 8 bits, taking overflow into next round)
2892  */
2893 struct in6_addr
2894 add_in6_addr( struct in6_addr base, uint32_t add )
2895 {
2896  int i;
2897 
2898  for (i = 15; i>=0 && add > 0; i--)
2899  {
2900  register int carry;
2901  register uint32_t h;
2902 
2903  h = (unsigned char) base.s6_addr[i];
2904  base.s6_addr[i] = (h+add) & UINT8_MAX;
2905 
2906  /* using explicit carry for the 8-bit additions will catch
2907  * 8-bit and(!) 32-bit overruns nicely
2908  */
2909  carry = ((h & 0xff) + (add & 0xff)) >> 8;
2910  add = (add>>8) + carry;
2911  }
2912  return base;
2913 }
2914 
2915 /* set environmental variables for ip/port in *addr */
2916 void
2917 setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
2918 {
2919  char name_buf[256];
2920 
2921  char buf[128];
2922  switch (addr->addr.sa.sa_family)
2923  {
2924  case AF_INET:
2925  if (flags & SA_IP_PORT)
2926  {
2927  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
2928  }
2929  else
2930  {
2931  openvpn_snprintf(name_buf, sizeof(name_buf), "%s", name_prefix);
2932  }
2933 
2934  setenv_str(es, name_buf, inet_ntoa(addr->addr.in4.sin_addr));
2935 
2936  if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port)
2937  {
2938  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
2939  setenv_int(es, name_buf, ntohs(addr->addr.in4.sin_port));
2940  }
2941  break;
2942 
2943  case AF_INET6:
2944  if (IN6_IS_ADDR_V4MAPPED( &addr->addr.in6.sin6_addr ))
2945  {
2946  struct in_addr ia;
2947  memcpy(&ia.s_addr, &addr->addr.in6.sin6_addr.s6_addr[12],
2948  sizeof(ia.s_addr));
2949  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
2950  openvpn_snprintf(buf, sizeof(buf), "%s", inet_ntoa(ia) );
2951  }
2952  else
2953  {
2954  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix);
2955  getnameinfo(&addr->addr.sa, sizeof(struct sockaddr_in6),
2956  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
2957  }
2958  setenv_str(es, name_buf, buf);
2959 
2960  if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port)
2961  {
2962  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
2963  setenv_int(es, name_buf, ntohs(addr->addr.in6.sin6_port));
2964  }
2965  break;
2966  }
2967 }
2968 
2969 void
2970 setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
2971 {
2972  if (addr || !(flags & SA_SET_IF_NONZERO))
2973  {
2974  struct openvpn_sockaddr si;
2975  CLEAR(si);
2976  si.addr.in4.sin_family = AF_INET;
2977  si.addr.in4.sin_addr.s_addr = htonl(addr);
2978  setenv_sockaddr(es, name_prefix, &si, flags);
2979  }
2980 }
2981 
2982 void
2984  const char *name_prefix,
2985  const struct in6_addr *addr,
2986  const unsigned int flags)
2987 {
2988  if (!IN6_IS_ADDR_UNSPECIFIED(addr) || !(flags & SA_SET_IF_NONZERO))
2989  {
2990  struct openvpn_sockaddr si;
2991  CLEAR(si);
2992  si.addr.in6.sin6_family = AF_INET6;
2993  si.addr.in6.sin6_addr = *addr;
2994  setenv_sockaddr(es, name_prefix, &si, flags);
2995  }
2996 }
2997 
2998 void
3000  const char *name_prefix,
3001  const struct link_socket_actual *act,
3002  const unsigned int flags)
3003 {
3004  setenv_sockaddr(es, name_prefix, &act->dest, flags);
3005 }
3006 
3007 /*
3008  * Convert protocol names between index and ascii form.
3009  */
3010 
3011 struct proto_names {
3012  const char *short_form;
3013  const char *display_form;
3015  int proto;
3016 };
3017 
3018 /* Indexed by PROTO_x */
3019 static const struct proto_names proto_names[] = {
3020  {"proto-uninitialized", "proto-NONE", AF_UNSPEC, PROTO_NONE},
3021  /* try IPv4 and IPv6 (client), bind dual-stack (server) */
3022  {"udp", "UDP", AF_UNSPEC, PROTO_UDP},
3023  {"tcp-server", "TCP_SERVER", AF_UNSPEC, PROTO_TCP_SERVER},
3024  {"tcp-client", "TCP_CLIENT", AF_UNSPEC, PROTO_TCP_CLIENT},
3025  {"tcp", "TCP", AF_UNSPEC, PROTO_TCP},
3026  /* force IPv4 */
3027  {"udp4", "UDPv4", AF_INET, PROTO_UDP},
3028  {"tcp4-server","TCPv4_SERVER", AF_INET, PROTO_TCP_SERVER},
3029  {"tcp4-client","TCPv4_CLIENT", AF_INET, PROTO_TCP_CLIENT},
3030  {"tcp4", "TCPv4", AF_INET, PROTO_TCP},
3031  /* force IPv6 */
3032  {"udp6","UDPv6", AF_INET6, PROTO_UDP},
3033  {"tcp6-server","TCPv6_SERVER", AF_INET6, PROTO_TCP_SERVER},
3034  {"tcp6-client","TCPv6_CLIENT", AF_INET6, PROTO_TCP_CLIENT},
3035  {"tcp6","TCPv6", AF_INET6, PROTO_TCP},
3036 };
3037 
3038 bool
3040 {
3041  if (proto < 0 || proto >= PROTO_N)
3042  {
3043  ASSERT(0);
3044  }
3045  return proto != PROTO_NONE;
3046 }
3047 bool
3049 {
3050  return proto_is_udp(proto);
3051 }
3052 
3053 bool
3055 {
3056  if (proto < 0 || proto >= PROTO_N)
3057  {
3058  ASSERT(0);
3059  }
3060  return proto == PROTO_UDP;
3061 }
3062 
3063 bool
3065 {
3066  if (proto < 0 || proto >= PROTO_N)
3067  {
3068  ASSERT(0);
3069  }
3070  return proto == PROTO_TCP_CLIENT || proto == PROTO_TCP_SERVER;
3071 }
3072 
3073 int
3074 ascii2proto(const char *proto_name)
3075 {
3076  int i;
3077  for (i = 0; i < SIZE(proto_names); ++i)
3078  {
3079  if (!strcmp(proto_name, proto_names[i].short_form))
3080  {
3081  return proto_names[i].proto;
3082  }
3083  }
3084  return -1;
3085 }
3086 
3088 ascii2af(const char *proto_name)
3089 {
3090  int i;
3091  for (i = 0; i < SIZE(proto_names); ++i)
3092  {
3093  if (!strcmp(proto_name, proto_names[i].short_form))
3094  {
3095  return proto_names[i].proto_af;
3096  }
3097  }
3098  return 0;
3099 }
3100 
3101 const char *
3103 {
3104  unsigned int i;
3105  for (i = 0; i < SIZE(proto_names); ++i)
3106  {
3107  if (proto_names[i].proto_af == af && proto_names[i].proto == proto)
3108  {
3109  if (display_form)
3110  {
3111  return proto_names[i].display_form;
3112  }
3113  else
3114  {
3115  return proto_names[i].short_form;
3116  }
3117  }
3118  }
3119 
3120  return "[unknown protocol]";
3121 }
3122 
3123 const char *
3125 {
3126  struct buffer out = alloc_buf_gc(256, gc);
3127  int i;
3128 
3129  for (i = 0; i < SIZE(proto_names); ++i)
3130  {
3131  if (i)
3132  {
3133  buf_printf(&out, " ");
3134  }
3135  buf_printf(&out, "[%s]", proto_names[i].short_form);
3136  }
3137  return BSTR(&out);
3138 }
3139 
3140 const char *
3142 {
3143  switch (af)
3144  {
3145  case AF_INET: return "AF_INET";
3146 
3147  case AF_INET6: return "AF_INET6";
3148  }
3149  return "AF_UNSPEC";
3150 }
3151 
3152 /*
3153  * Given a local proto, return local proto
3154  * if !remote, or compatible remote proto
3155  * if remote.
3156  *
3157  * This is used for options compatibility
3158  * checking.
3159  *
3160  * IPv6 and IPv4 protocols are comptabile but OpenVPN
3161  * has always sent UDPv4, TCPv4 over the wire. Keep these
3162  * strings for backward compatbility
3163  */
3164 const char *
3165 proto_remote(int proto, bool remote)
3166 {
3167  ASSERT(proto >= 0 && proto < PROTO_N);
3168  if (proto == PROTO_UDP)
3169  {
3170  return "UDPv4";
3171  }
3172 
3173  if ( (remote && proto == PROTO_TCP_CLIENT)
3174  || (!remote && proto == PROTO_TCP_SERVER))
3175  {
3176  return "TCPv4_SERVER";
3177  }
3178  if ( (remote && proto == PROTO_TCP_SERVER)
3179  || (!remote && proto == PROTO_TCP_CLIENT))
3180  {
3181  return "TCPv4_CLIENT";
3182  }
3183 
3184  ASSERT(0);
3185  return ""; /* Make the compiler happy */
3186 }
3187 
3188 /*
3189  * Bad incoming address lengths that differ from what
3190  * we expect are considered to be fatal errors.
3191  */
3192 void
3193 bad_address_length(int actual, int expected)
3194 {
3195  msg(M_FATAL, "ERROR: received strange incoming packet with an address length of %d -- we only accept address lengths of %d.",
3196  actual,
3197  expected);
3198 }
3199 
3200 /*
3201  * Socket Read Routines
3202  */
3203 
3204 int
3206  struct buffer *buf)
3207 {
3208  int len = 0;
3209 
3210  if (!sock->stream_buf.residual_fully_formed)
3211  {
3212 #ifdef _WIN32
3213  len = socket_finalize(sock->sd, &sock->reads, buf, NULL);
3214 #else
3215  struct buffer frag;
3216  stream_buf_get_next(&sock->stream_buf, &frag);
3217  len = recv(sock->sd, BPTR(&frag), BLEN(&frag), MSG_NOSIGNAL);
3218 #endif
3219 
3220  if (!len)
3221  {
3222  sock->stream_reset = true;
3223  }
3224  if (len <= 0)
3225  {
3226  return buf->len = len;
3227  }
3228  }
3229 
3231  || stream_buf_added(&sock->stream_buf, len)) /* packet complete? */
3232  {
3233  stream_buf_get_final(&sock->stream_buf, buf);
3234  stream_buf_reset(&sock->stream_buf);
3235  return buf->len;
3236  }
3237  else
3238  {
3239  return buf->len = 0; /* no error, but packet is still incomplete */
3240  }
3241 }
3242 
3243 #ifndef _WIN32
3244 
3245 #if ENABLE_IP_PKTINFO
3246 
3247 /* make the buffer large enough to handle ancilliary socket data for
3248  * both IPv4 and IPv6 destination addresses, plus padding (see RFC 2292)
3249  */
3250 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3251 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3252  CMSG_SPACE(sizeof(struct in_pktinfo)) )
3253 #else
3254 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3255  CMSG_SPACE(sizeof(struct in_addr)) )
3256 #endif
3257 
3258 static socklen_t
3259 link_socket_read_udp_posix_recvmsg(struct link_socket *sock,
3260  struct buffer *buf,
3261  struct link_socket_actual *from)
3262 {
3263  struct iovec iov;
3264  uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
3265  struct msghdr mesg;
3266  socklen_t fromlen = sizeof(from->dest.addr);
3267 
3268  iov.iov_base = BPTR(buf);
3269  iov.iov_len = buf_forward_capacity_total(buf);
3270  mesg.msg_iov = &iov;
3271  mesg.msg_iovlen = 1;
3272  mesg.msg_name = &from->dest.addr;
3273  mesg.msg_namelen = fromlen;
3274  mesg.msg_control = pktinfo_buf;
3275  mesg.msg_controllen = sizeof pktinfo_buf;
3276  buf->len = recvmsg(sock->sd, &mesg, 0);
3277  if (buf->len >= 0)
3278  {
3279  struct cmsghdr *cmsg;
3280  fromlen = mesg.msg_namelen;
3281  cmsg = CMSG_FIRSTHDR(&mesg);
3282  if (cmsg != NULL
3283  && CMSG_NXTHDR(&mesg, cmsg) == NULL
3284 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3285  && cmsg->cmsg_level == SOL_IP
3286  && cmsg->cmsg_type == IP_PKTINFO
3287  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_pktinfo)) )
3288 #elif defined(IP_RECVDSTADDR)
3289  && cmsg->cmsg_level == IPPROTO_IP
3290  && cmsg->cmsg_type == IP_RECVDSTADDR
3291  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_addr)) )
3292 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3293 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3294 #endif
3295  {
3296 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3297  struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
3298  from->pi.in4.ipi_ifindex = pkti->ipi_ifindex;
3299  from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst;
3300 #elif defined(IP_RECVDSTADDR)
3301  from->pi.in4 = *(struct in_addr *) CMSG_DATA(cmsg);
3302 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3303 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3304 #endif
3305  }
3306  else if (cmsg != NULL
3307  && CMSG_NXTHDR(&mesg, cmsg) == NULL
3308  && cmsg->cmsg_level == IPPROTO_IPV6
3309  && cmsg->cmsg_type == IPV6_PKTINFO
3310  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in6_pktinfo)) )
3311  {
3312  struct in6_pktinfo *pkti6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
3313  from->pi.in6.ipi6_ifindex = pkti6->ipi6_ifindex;
3314  from->pi.in6.ipi6_addr = pkti6->ipi6_addr;
3315  }
3316  else if (cmsg != NULL)
3317  {
3318  msg(M_WARN, "CMSG received that cannot be parsed (cmsg_level=%d, cmsg_type=%d, cmsg=len=%d)", (int)cmsg->cmsg_level, (int)cmsg->cmsg_type, (int)cmsg->cmsg_len );
3319  }
3320  }
3321 
3322  return fromlen;
3323 }
3324 #endif /* if ENABLE_IP_PKTINFO */
3325 
3326 int
3327 link_socket_read_udp_posix(struct link_socket *sock,
3328  struct buffer *buf,
3329  struct link_socket_actual *from)
3330 {
3331  socklen_t fromlen = sizeof(from->dest.addr);
3332  socklen_t expectedlen = af_addr_size(sock->info.af);
3333  addr_zero_host(&from->dest);
3334 #if ENABLE_IP_PKTINFO
3335  /* Both PROTO_UDPv4 and PROTO_UDPv6 */
3336  if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO)
3337  {
3338  fromlen = link_socket_read_udp_posix_recvmsg(sock, buf, from);
3339  }
3340  else
3341 #endif
3342  buf->len = recvfrom(sock->sd, BPTR(buf), buf_forward_capacity(buf), 0,
3343  &from->dest.addr.sa, &fromlen);
3344  /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3345  if (buf->len >= 0 && expectedlen && fromlen != expectedlen)
3346  {
3347  bad_address_length(fromlen, expectedlen);
3348  }
3349  return buf->len;
3350 }
3351 
3352 #endif /* ifndef _WIN32 */
3353 
3354 /*
3355  * Socket Write Routines
3356  */
3357 
3358 int
3360  struct buffer *buf,
3361  struct link_socket_actual *to)
3362 {
3363  packet_size_type len = BLEN(buf);
3364  dmsg(D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset);
3365  ASSERT(len <= sock->stream_buf.maxlen);
3366  len = htonps(len);
3367  ASSERT(buf_write_prepend(buf, &len, sizeof(len)));
3368 #ifdef _WIN32
3369  return link_socket_write_win32(sock, buf, to);
3370 #else
3371  return link_socket_write_tcp_posix(sock, buf, to);
3372 #endif
3373 }
3374 
3375 #if ENABLE_IP_PKTINFO
3376 
3377 size_t
3378 link_socket_write_udp_posix_sendmsg(struct link_socket *sock,
3379  struct buffer *buf,
3380  struct link_socket_actual *to)
3381 {
3382  struct iovec iov;
3383  struct msghdr mesg;
3384  struct cmsghdr *cmsg;
3385  uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
3386 
3387  iov.iov_base = BPTR(buf);
3388  iov.iov_len = BLEN(buf);
3389  mesg.msg_iov = &iov;
3390  mesg.msg_iovlen = 1;
3391  switch (to->dest.addr.sa.sa_family)
3392  {
3393  case AF_INET:
3394  {
3395  mesg.msg_name = &to->dest.addr.sa;
3396  mesg.msg_namelen = sizeof(struct sockaddr_in);
3397  mesg.msg_control = pktinfo_buf;
3398  mesg.msg_flags = 0;
3399 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3400  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
3401  cmsg = CMSG_FIRSTHDR(&mesg);
3402  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
3403  cmsg->cmsg_level = SOL_IP;
3404  cmsg->cmsg_type = IP_PKTINFO;
3405  {
3406  struct in_pktinfo *pkti;
3407  pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
3408  pkti->ipi_ifindex = to->pi.in4.ipi_ifindex;
3409  pkti->ipi_spec_dst = to->pi.in4.ipi_spec_dst;
3410  pkti->ipi_addr.s_addr = 0;
3411  }
3412 #elif defined(IP_RECVDSTADDR)
3413  ASSERT( CMSG_SPACE(sizeof(struct in_addr)) <= sizeof(pktinfo_buf) );
3414  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
3415  cmsg = CMSG_FIRSTHDR(&mesg);
3416  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
3417  cmsg->cmsg_level = IPPROTO_IP;
3418  cmsg->cmsg_type = IP_RECVDSTADDR;
3419  *(struct in_addr *) CMSG_DATA(cmsg) = to->pi.in4;
3420 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3421 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3422 #endif /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3423  break;
3424  }
3425 
3426  case AF_INET6:
3427  {
3428  struct in6_pktinfo *pkti6;
3429  mesg.msg_name = &to->dest.addr.sa;
3430  mesg.msg_namelen = sizeof(struct sockaddr_in6);
3431 
3432  ASSERT( CMSG_SPACE(sizeof(struct in6_pktinfo)) <= sizeof(pktinfo_buf) );
3433  mesg.msg_control = pktinfo_buf;
3434  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
3435  mesg.msg_flags = 0;
3436  cmsg = CMSG_FIRSTHDR(&mesg);
3437  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
3438  cmsg->cmsg_level = IPPROTO_IPV6;
3439  cmsg->cmsg_type = IPV6_PKTINFO;
3440 
3441  pkti6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
3442  pkti6->ipi6_ifindex = to->pi.in6.ipi6_ifindex;
3443  pkti6->ipi6_addr = to->pi.in6.ipi6_addr;
3444  break;
3445  }
3446 
3447  default: ASSERT(0);
3448  }
3449  return sendmsg(sock->sd, &mesg, 0);
3450 }
3451 
3452 #endif /* if ENABLE_IP_PKTINFO */
3453 
3454 /*
3455  * Win32 overlapped socket I/O functions.
3456  */
3457 
3458 #ifdef _WIN32
3459 
3460 int
3461 socket_recv_queue(struct link_socket *sock, int maxsize)
3462 {
3463  if (sock->reads.iostate == IOSTATE_INITIAL)
3464  {
3465  WSABUF wsabuf[1];
3466  int status;
3467 
3468  /* reset buf to its initial state */
3469  if (proto_is_udp(sock->info.proto))
3470  {
3471  sock->reads.buf = sock->reads.buf_init;
3472  }
3473  else if (proto_is_tcp(sock->info.proto))
3474  {
3475  stream_buf_get_next(&sock->stream_buf, &sock->reads.buf);
3476  }
3477  else
3478  {
3479  ASSERT(0);
3480  }
3481 
3482  /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3483  wsabuf[0].buf = BPTR(&sock->reads.buf);
3484  wsabuf[0].len = maxsize ? maxsize : BLEN(&sock->reads.buf);
3485 
3486  /* check for buffer overflow */
3487  ASSERT(wsabuf[0].len <= BLEN(&sock->reads.buf));
3488 
3489  /* the overlapped read will signal this event on I/O completion */
3490  ASSERT(ResetEvent(sock->reads.overlapped.hEvent));
3491  sock->reads.flags = 0;
3492 
3493  if (proto_is_udp(sock->info.proto))
3494  {
3495  sock->reads.addr_defined = true;
3496  sock->reads.addrlen = sizeof(sock->reads.addr6);
3497  status = WSARecvFrom(
3498  sock->sd,
3499  wsabuf,
3500  1,
3501  &sock->reads.size,
3502  &sock->reads.flags,
3503  (struct sockaddr *) &sock->reads.addr,
3504  &sock->reads.addrlen,
3505  &sock->reads.overlapped,
3506  NULL);
3507  }
3508  else if (proto_is_tcp(sock->info.proto))
3509  {
3510  sock->reads.addr_defined = false;
3511  status = WSARecv(
3512  sock->sd,
3513  wsabuf,
3514  1,
3515  &sock->reads.size,
3516  &sock->reads.flags,
3517  &sock->reads.overlapped,
3518  NULL);
3519  }
3520  else
3521  {
3522  status = 0;
3523  ASSERT(0);
3524  }
3525 
3526  if (!status) /* operation completed immediately? */
3527  {
3528  /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3529  int af_len = af_addr_size(sock->info.af);
3530  if (sock->reads.addr_defined && af_len && sock->reads.addrlen != af_len)
3531  {
3532  bad_address_length(sock->reads.addrlen, af_len);
3533  }
3535 
3536  /* since we got an immediate return, we must signal the event object ourselves */
3537  ASSERT(SetEvent(sock->reads.overlapped.hEvent));
3538  sock->reads.status = 0;
3539 
3540  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive immediate return [%d,%d]",
3541  (int) wsabuf[0].len,
3542  (int) sock->reads.size);
3543  }
3544  else
3545  {
3546  status = WSAGetLastError();
3547  if (status == WSA_IO_PENDING) /* operation queued? */
3548  {
3549  sock->reads.iostate = IOSTATE_QUEUED;
3550  sock->reads.status = status;
3551  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive queued [%d]",
3552  (int) wsabuf[0].len);
3553  }
3554  else /* error occurred */
3555  {
3556  struct gc_arena gc = gc_new();
3557  ASSERT(SetEvent(sock->reads.overlapped.hEvent));
3559  sock->reads.status = status;
3560  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive error [%d]: %s",
3561  (int) wsabuf[0].len,
3562  strerror_win32(status, &gc));
3563  gc_free(&gc);
3564  }
3565  }
3566  }
3567  return sock->reads.iostate;
3568 }
3569 
3570 int
3571 socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
3572 {
3573  if (sock->writes.iostate == IOSTATE_INITIAL)
3574  {
3575  WSABUF wsabuf[1];
3576  int status;
3577 
3578  /* make a private copy of buf */
3579  sock->writes.buf = sock->writes.buf_init;
3580  sock->writes.buf.len = 0;
3581  ASSERT(buf_copy(&sock->writes.buf, buf));
3582 
3583  /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3584  wsabuf[0].buf = BPTR(&sock->writes.buf);
3585  wsabuf[0].len = BLEN(&sock->writes.buf);
3586 
3587  /* the overlapped write will signal this event on I/O completion */
3588  ASSERT(ResetEvent(sock->writes.overlapped.hEvent));
3589  sock->writes.flags = 0;
3590 
3591  if (proto_is_udp(sock->info.proto))
3592  {
3593  /* set destination address for UDP writes */
3594  sock->writes.addr_defined = true;
3595  if (to->dest.addr.sa.sa_family == AF_INET6)
3596  {
3597  sock->writes.addr6 = to->dest.addr.in6;
3598  sock->writes.addrlen = sizeof(sock->writes.addr6);
3599  }
3600  else
3601  {
3602  sock->writes.addr = to->dest.addr.in4;
3603  sock->writes.addrlen = sizeof(sock->writes.addr);
3604  }
3605 
3606  status = WSASendTo(
3607  sock->sd,
3608  wsabuf,
3609  1,
3610  &sock->writes.size,
3611  sock->writes.flags,
3612  (struct sockaddr *) &sock->writes.addr,
3613  sock->writes.addrlen,
3614  &sock->writes.overlapped,
3615  NULL);
3616  }
3617  else if (proto_is_tcp(sock->info.proto))
3618  {
3619  /* destination address for TCP writes was established on connection initiation */
3620  sock->writes.addr_defined = false;
3621 
3622  status = WSASend(
3623  sock->sd,
3624  wsabuf,
3625  1,
3626  &sock->writes.size,
3627  sock->writes.flags,
3628  &sock->writes.overlapped,
3629  NULL);
3630  }
3631  else
3632  {
3633  status = 0;
3634  ASSERT(0);
3635  }
3636 
3637  if (!status) /* operation completed immediately? */
3638  {
3640 
3641  /* since we got an immediate return, we must signal the event object ourselves */
3642  ASSERT(SetEvent(sock->writes.overlapped.hEvent));
3643 
3644  sock->writes.status = 0;
3645 
3646  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send immediate return [%d,%d]",
3647  (int) wsabuf[0].len,
3648  (int) sock->writes.size);
3649  }
3650  else
3651  {
3652  status = WSAGetLastError();
3653  if (status == WSA_IO_PENDING) /* operation queued? */
3654  {
3655  sock->writes.iostate = IOSTATE_QUEUED;
3656  sock->writes.status = status;
3657  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send queued [%d]",
3658  (int) wsabuf[0].len);
3659  }
3660  else /* error occurred */
3661  {
3662  struct gc_arena gc = gc_new();
3663  ASSERT(SetEvent(sock->writes.overlapped.hEvent));
3665  sock->writes.status = status;
3666 
3667  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send error [%d]: %s",
3668  (int) wsabuf[0].len,
3669  strerror_win32(status, &gc));
3670 
3671  gc_free(&gc);
3672  }
3673  }
3674  }
3675  return sock->writes.iostate;
3676 }
3677 
3678 int
3680  struct overlapped_io *io,
3681  struct buffer *buf,
3682  struct link_socket_actual *from)
3683 {
3684  int ret = -1;
3685  BOOL status;
3686 
3687  switch (io->iostate)
3688  {
3689  case IOSTATE_QUEUED:
3690  status = WSAGetOverlappedResult(
3691  s,
3692  &io->overlapped,
3693  &io->size,
3694  FALSE,
3695  &io->flags
3696  );
3697  if (status)
3698  {
3699  /* successful return for a queued operation */
3700  if (buf)
3701  {
3702  *buf = io->buf;
3703  }
3704  ret = io->size;
3705  io->iostate = IOSTATE_INITIAL;
3706  ASSERT(ResetEvent(io->overlapped.hEvent));
3707 
3708  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion success [%d]", ret);
3709  }
3710  else
3711  {
3712  /* error during a queued operation */
3713  ret = -1;
3714  if (WSAGetLastError() != WSA_IO_INCOMPLETE)
3715  {
3716  /* if no error (i.e. just not finished yet), then DON'T execute this code */
3717  io->iostate = IOSTATE_INITIAL;
3718  ASSERT(ResetEvent(io->overlapped.hEvent));
3719  msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Socket Completion error");
3720  }
3721  }
3722  break;
3723 
3725  io->iostate = IOSTATE_INITIAL;
3726  ASSERT(ResetEvent(io->overlapped.hEvent));
3727  if (io->status)
3728  {
3729  /* error return for a non-queued operation */
3730  WSASetLastError(io->status);
3731  ret = -1;
3732  msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Socket Completion non-queued error");
3733  }
3734  else
3735  {
3736  /* successful return for a non-queued operation */
3737  if (buf)
3738  {
3739  *buf = io->buf;
3740  }
3741  ret = io->size;
3742  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion non-queued success [%d]", ret);
3743  }
3744  break;
3745 
3746  case IOSTATE_INITIAL: /* were we called without proper queueing? */
3747  WSASetLastError(WSAEINVAL);
3748  ret = -1;
3749  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion BAD STATE");
3750  break;
3751 
3752  default:
3753  ASSERT(0);
3754  }
3755 
3756  /* return from address if requested */
3757  if (from)
3758  {
3759  if (ret >= 0 && io->addr_defined)
3760  {
3761  /* TODO(jjo): streamline this mess */
3762  /* in this func we dont have relevant info about the PF_ of this
3763  * endpoint, as link_socket_actual will be zero for the 1st received packet
3764  *
3765  * Test for inets PF_ possible sizes
3766  */
3767  switch (io->addrlen)
3768  {
3769  case sizeof(struct sockaddr_in):
3770  case sizeof(struct sockaddr_in6):
3771  /* TODO(jjo): for some reason (?) I'm getting 24,28 for AF_INET6
3772  * under _WIN32*/
3773  case sizeof(struct sockaddr_in6)-4:
3774  break;
3775 
3776  default:
3777  bad_address_length(io->addrlen, af_addr_size(io->addr.sin_family));
3778  }
3779 
3780  switch (io->addr.sin_family)
3781  {
3782  case AF_INET:
3783  from->dest.addr.in4 = io->addr;
3784  break;
3785 
3786  case AF_INET6:
3787  from->dest.addr.in6 = io->addr6;
3788  break;
3789  }
3790  }
3791  else
3792  {
3793  CLEAR(from->dest.addr);
3794  }
3795  }
3796 
3797  if (buf)
3798  {
3799  buf->len = ret;
3800  }
3801  return ret;
3802 }
3803 
3804 #endif /* _WIN32 */
3805 
3806 /*
3807  * Socket event notification
3808  */
3809 
3810 unsigned int
3812  struct event_set *es,
3813  unsigned int rwflags,
3814  void *arg,
3815  unsigned int *persistent)
3816 {
3817  if (s)
3818  {
3819  if ((rwflags & EVENT_READ) && !stream_buf_read_setup(s))
3820  {
3821  ASSERT(!persistent);
3822  rwflags &= ~EVENT_READ;
3823  }
3824 
3825 #ifdef _WIN32
3826  if (rwflags & EVENT_READ)
3827  {
3828  socket_recv_queue(s, 0);
3829  }
3830 #endif
3831 
3832  /* if persistent is defined, call event_ctl only if rwflags has changed since last call */
3833  if (!persistent || *persistent != rwflags)
3834  {
3835  event_ctl(es, socket_event_handle(s), rwflags, arg);
3836  if (persistent)
3837  {
3838  *persistent = rwflags;
3839  }
3840  }
3841 
3842  s->rwflags_debug = rwflags;
3843  }
3844  return rwflags;
3845 }
3846 
3847 void
3849 {
3850  if (sd && socket_defined(*sd))
3851  {
3852  openvpn_close_socket(*sd);
3853  *sd = SOCKET_UNDEFINED;
3854  }
3855 }
3856 
3857 #if UNIX_SOCK_SUPPORT
3858 
3859 /*
3860  * code for unix domain sockets
3861  */
3862 
3863 const char *
3864 sockaddr_unix_name(const struct sockaddr_un *local, const char *null)
3865 {
3866  if (local && local->sun_family == PF_UNIX)
3867  {
3868  return local->sun_path;
3869  }
3870  else
3871  {
3872  return null;
3873  }
3874 }
3875 
3877 create_socket_unix(void)
3878 {
3880 
3881  if ((sd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
3882  {
3883  msg(M_ERR, "Cannot create unix domain socket");
3884  }
3885 
3886  /* set socket file descriptor to not pass across execs, so that
3887  * scripts don't have access to it */
3888  set_cloexec(sd);
3889 
3890  return sd;
3891 }
3892 
3893 void
3894 socket_bind_unix(socket_descriptor_t sd,
3895  struct sockaddr_un *local,
3896  const char *prefix)
3897 {
3898  struct gc_arena gc = gc_new();
3899 
3900 #ifdef HAVE_UMASK
3901  const mode_t orig_umask = umask(0);
3902 #endif
3903 
3904  if (bind(sd, (struct sockaddr *) local, sizeof(struct sockaddr_un)))
3905  {
3906  msg(M_FATAL | M_ERRNO,
3907  "%s: Socket bind[%d] failed on unix domain socket %s",
3908  prefix,
3909  (int)sd,
3910  sockaddr_unix_name(local, "NULL"));
3911  }
3912 
3913 #ifdef HAVE_UMASK
3914  umask(orig_umask);
3915 #endif
3916 
3917  gc_free(&gc);
3918 }
3919 
3921 socket_accept_unix(socket_descriptor_t sd,
3922  struct sockaddr_un *remote)
3923 {
3924  socklen_t remote_len = sizeof(struct sockaddr_un);
3925  socket_descriptor_t ret;
3926 
3927  CLEAR(*remote);
3928  ret = accept(sd, (struct sockaddr *) remote, &remote_len);
3929  if (ret >= 0)
3930  {
3931  /* set socket file descriptor to not pass across execs, so that
3932  * scripts don't have access to it */
3933  set_cloexec(ret);
3934  }
3935  return ret;
3936 }
3937 
3938 int
3939 socket_connect_unix(socket_descriptor_t sd,
3940  struct sockaddr_un *remote)
3941 {
3942  int status = connect(sd, (struct sockaddr *) remote, sizeof(struct sockaddr_un));
3943  if (status)
3944  {
3945  status = openvpn_errno();
3946  }
3947  return status;
3948 }
3949 
3950 void
3951 sockaddr_unix_init(struct sockaddr_un *local, const char *path)
3952 {
3953  local->sun_family = PF_UNIX;
3954  strncpynt(local->sun_path, path, sizeof(local->sun_path));
3955 }
3956 
3957 void
3958 socket_delete_unix(const struct sockaddr_un *local)
3959 {
3960  const char *name = sockaddr_unix_name(local, NULL);
3961 #ifdef HAVE_UNLINK
3962  if (name && strlen(name))
3963  {
3964  unlink(name);
3965  }
3966 #endif
3967 }
3968 
3969 bool
3970 unix_socket_get_peer_uid_gid(const socket_descriptor_t sd, int *uid, int *gid)
3971 {
3972 #ifdef HAVE_GETPEEREID
3973  uid_t u;
3974  gid_t g;
3975  if (getpeereid(sd, &u, &g) == -1)
3976  {
3977  return false;
3978  }
3979  if (uid)
3980  {
3981  *uid = u;
3982  }
3983  if (gid)
3984  {
3985  *gid = g;
3986  }
3987  return true;
3988 #elif defined(SO_PEERCRED)
3989  struct ucred peercred;
3990  socklen_t so_len = sizeof(peercred);
3991  if (getsockopt(sd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1)
3992  {
3993  return false;
3994  }
3995  if (uid)
3996  {
3997  *uid = peercred.uid;
3998  }
3999  if (gid)
4000  {
4001  *gid = peercred.gid;
4002  }
4003  return true;
4004 #else /* ifdef HAVE_GETPEEREID */
4005  return false;
4006 #endif /* ifdef HAVE_GETPEEREID */
4007 }
4008 
4009 #endif /* if UNIX_SOCK_SUPPORT */
int status
Definition: win32.h:202
bool string_class(const char *str, const unsigned int inclusive, const unsigned int exclusive)
Definition: buffer.c:1037
#define OPENVPN_STATE_RESOLVE
Definition: manage.h:504
#define PS_SHOW_PORT_IF_DEFINED
Definition: socket.h:345
#define CC_ALNUM
Definition: buffer.h:886
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
const char * socks_proxy_port
Definition: options.h:104
struct buffer buf_init
Definition: win32.h:209
#define MSG_NOSIGNAL
Definition: socket.h:256
static int socket_get_rcvbuf(int sd)
Definition: socket.c:747
bool error
Definition: socket.h:140
#define D_INIT_MEDIUM
Definition: errlevel.h:105
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:320
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:525
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:500
#define D_OSBUF
Definition: errlevel.h:91
void free_buf(struct buffer *buf)
Definition: buffer.c:183
HANDLE read
Definition: win32.h:72
void gc_addspecial(void *addr, void(free_function)(void *), struct gc_arena *a)
Definition: buffer.c:452
struct link_socket * link_socket_new(void)
Definition: socket.c:1725
void init_net_event_win32(struct rw_handle *event, long network_events, socket_descriptor_t sd, unsigned int flags)
Definition: win32.c:218
struct sockaddr_in6 addr6
Definition: win32.h:206
void setenv_trusted(struct env_set *es, const struct link_socket_info *info)
Definition: socket.c:2297
struct argv argv_new(void)
Definition: argv.c:52
struct cached_dns_entry * dns_cache
Definition: openvpn.h:160
int len
Definition: socket.h:138
#define streq(x, y)
Definition: options.h:616
void establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, const char *host, const char *servname, volatile int *signal_received)
Definition: socks.c:444
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition: error.c:825
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Definition: socket.c:85
#define GETADDR_TRY_ONCE
Definition: socket.h:527
sa_family_t ascii2af(const char *proto_name)
Definition: socket.c:3088
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2872
#define M_INFO
Definition: errlevel.h:55
Contains all state information for one tunnel.
Definition: openvpn.h:498
Packet geometry parameters.
Definition: mtu.h:93
bool proto_is_tcp(int proto)
Definition: socket.c:3064
#define SIZE(x)
Definition: basic.h:30
static bool streqnull(const char *a, const char *b)
Definition: socket.c:117
void overlapped_io_init(struct overlapped_io *o, const struct frame *frame, BOOL event_state, bool tuntap_buffer)
Definition: win32.c:165
#define IPv6_UDP_HEADER_SIZE
Definition: socket.h:583
bool proto_is_udp(int proto)
Definition: socket.c:3054
static int af_addr_size(sa_family_t af)
Definition: socket.h:852
#define SA_IP_PORT
Definition: socket.h:401
void throw_signal_soft(const int signum, const char *signal_text)
Definition: sig.c:111
static socket_descriptor_t socket_listen_accept(socket_descriptor_t sd, struct link_socket_actual *act, const char *remote_dynamic, const struct addrinfo *local, bool do_listen, bool nowait, volatile int *signal_received)
Definition: socket.c:1154
DWORD size
Definition: win32.h:200
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition: socket.c:2772
static void gc_free(struct gc_arena *a)
Definition: buffer.h:999
OVERLAPPED overlapped
Definition: win32.h:199
void link_socket_init_phase1(struct link_socket *sock, const char *local_host, const char *local_port, const char *remote_host, const char *remote_port, struct cached_dns_entry *dns_cache, int proto, sa_family_t af, bool bind_ipv6_only, int mode, const struct link_socket *accept_from, struct http_proxy_info *http_proxy, struct socks_proxy_info *socks_proxy, bool bind_local, bool remote_float, int inetd, struct link_socket_addr *lsa, const char *ipchange_command, const struct plugin_list *plugins, int resolve_retry_seconds, int mtu_discover_type, int rcvbuf, int sndbuf, int mark, struct event_timeout *server_poll_timeout, unsigned int sockflags)
Definition: socket.c:1736
bool proto_is_net(int proto)
Definition: socket.c:3039
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
Definition: plugin.h:201
#define IPv6_TCP_HEADER_SIZE
Definition: socket.h:584
union openvpn_sockaddr::@8 addr
static int link_socket_write_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1078
#define OIA_HOSTNAME
Definition: socket.h:460
static bool buf_safe(const struct buffer *buf, int len)
Definition: buffer.h:524
struct man_connection connection
Definition: manage.h:326
unsigned short sa_family_t
Definition: syshead.h:446
#define ASSERT(x)
Definition: error.h:221
Definition: options.h:86
#define SIGUSR1
Definition: config-msvc.h:115
#define SET_MTU_UPPER_BOUND
Definition: mtu.h:221
#define CC_DIGIT
Definition: buffer.h:890
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
static void stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
Definition: socket.c:2557
struct buffer buf_init
Definition: socket.h:131
struct connection_list * connection_list
Definition: options.h:209
int openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
Definition: socket.c:545
#define LS_MODE_DEFAULT
Definition: socket.h:196
unsigned int sockflags
Definition: options.h:335
#define M_FATAL
Definition: error.h:94
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:243
void set_mtu_discover_type(int sd, int mtu_type, sa_family_t proto_af)
Definition: mtu.c:169
const char * proto2ascii_all(struct gc_arena *gc)
Definition: socket.c:3124
int resolve_retry_seconds
Definition: options.h:277
#define SF_TCP_NODELAY
Definition: socket.h:209
#define CLEAR(x)
Definition: basic.h:33
const int proto_overhead[]
Definition: socket.c:47
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:285
#define SF_GETADDRINFO_DGRAM
Definition: socket.h:212
#define OPENVPN_STATE_TCP_CONNECT
Definition: manage.h:505
#define D_READ_WRITE
Definition: errlevel.h:162
#define in_addr_t
Definition: config-msvc.h:103
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
Definition: misc.c:104
static void tcp_connection_established(const struct link_socket_actual *act)
Definition: socket.c:1145
const char * port
Definition: proxy.h:46
const char * local_port
Definition: options.h:90
struct cached_dns_entry * next
Definition: socket.h:81
struct sockaddr_in addr
Definition: win32.h:205
bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
Definition: socket.c:851
#define SIGTERM
Definition: config-msvc.h:117
#define D_RESOLVE_ERRORS
Definition: errlevel.h:60
static void get_signal(volatile int *sig)
Definition: sig.h:92
#define SIGHUP
Definition: config-msvc.h:113
struct buffer residual
Definition: socket.h:132
const char * display_form
Definition: socket.c:3013
#define IA_NET_ORDER
Definition: socket.h:394
#define GETADDR_MENTION_RESOLVE_RETRY
Definition: socket.h:523
#define OPENVPN_PLUGIN_FUNC_SUCCESS
Definition: socket.h:75
#define CC_DOT
Definition: buffer.h:903
static bool link_socket_connection_oriented(const struct link_socket *sock)
Definition: socket.h:606
#define openvpn_errno()
Definition: error.h:74
#define D_LOW
Definition: errlevel.h:97
int ascii2proto(const char *proto_name)
Definition: socket.c:3074
static void frame_add_to_extra_frame(struct frame *frame, const int increment)
Definition: mtu.h:274
#define GETADDR_RANDOMIZE
Definition: socket.h:529
void close_net_event_win32(struct rw_handle *event, socket_descriptor_t sd, unsigned int flags)
Definition: win32.c:272
int proto
Definition: socket.c:3015
const char * proto_remote(int proto, bool remote)
Definition: socket.c:3165
static bool buf_read(struct buffer *src, void *dest, int size)
Definition: buffer.h:783
#define INETD_NOWAIT
Definition: socket.h:193
static event_t socket_event_handle(const struct link_socket *s)
Definition: socket.h:1213
int offset
Offset in bytes of the actual content within the allocated memory.
Definition: buffer.h:64
#define PS_SHOW_PORT
Definition: socket.h:346
static socket_descriptor_t create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
Definition: socket.c:912
static int get_cached_dns_entry(struct cached_dns_entry *dns_cache, const char *hostname, const char *servname, int ai_family, int resolve_flags, struct addrinfo **ai)
Definition: socket.c:138
int add(int a, int b)
struct sockaddr_in6 in6
Definition: socket.h:70
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
#define GETADDR_DATAGRAM
Definition: socket.h:531
int inet_pton(int af, const char *src, void *dst)
static void phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2028
void link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.c:2371
#define OIA_IP
Definition: socket.h:461
#define openvpn_close_socket(s)
Definition: socket.h:261
int iostate
Definition: win32.h:198
#define LS_MODE_TCP_ACCEPT_FROM
Definition: socket.h:198
struct context_1 c1
Level 1 context.
Definition: openvpn.h:536
#define htonps(x)
Definition: socket.h:58
static void bind_local(struct link_socket *sock, const sa_family_t ai_family)
Definition: socket.c:967
#define OPENVPN_PLUGIN_IPCHANGE
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size)
#define BPTR(buf)
Definition: buffer.h:124
#define IPV4_INVALID_ADDR
Definition: socket.h:428
#define IPv4_UDP_HEADER_SIZE
Definition: socket.h:581
#define OIA_ERROR
Definition: socket.h:462
#define PS_DONT_SHOW_FAMILY
Definition: socket.h:349
#define ntohps(x)
Definition: socket.h:61
static void stream_buf_close(struct stream_buf *sb)
Definition: socket.c:2662
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:297
int socket_recv_queue(struct link_socket *sock, int maxsize)
Definition: socket.c:3461
int socket_finalize(SOCKET s, struct overlapped_io *io, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.c:3679
int ai_family
Definition: socket.h:78
static void socket_connect(socket_descriptor_t *sd, const struct sockaddr *dest, const int connect_timeout, struct signal_info *sig_info)
Definition: socket.c:1436
const char * socks_proxy_server
Definition: options.h:103
#define IA_EMPTY_IF_UNDEF
Definition: socket.h:393
#define LS_MODE_TCP_LISTEN
Definition: socket.h:197
#define GETADDR_UPDATE_MANAGEMENT_STATE
Definition: socket.h:528
#define IPv4_TCP_HEADER_SIZE
Definition: socket.h:582
struct buffer next
Definition: socket.h:137
int proto
Definition: options.h:88
void setenv_link_socket_actual(struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, const unsigned int flags)
Definition: socket.c:2999
bool buf_puts(struct buffer *buf, const char *str)
Definition: buffer.c:270
const char * print_link_socket_actual_ex(const struct link_socket_actual *act, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2782
bool ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
Definition: socket.c:655
static struct gc_arena gc_new(void)
Definition: buffer.h:991
#define IOSTATE_IMMEDIATE_RETURN
Definition: win32.h:197
static void openvpn_fd_set(int fd, fd_set *setp)
Definition: fdmisc.h:40
const char * hostname
Definition: socket.h:76
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:376
int inetd_socket_descriptor
Definition: misc.c:82
static bool addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
Definition: socket.h:705
void link_socket_bad_outgoing_addr(void)
Definition: socket.c:2400
static bool addr_defined_ipi(const struct link_socket_actual *lsa)
Definition: socket.h:657
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1026
static void ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
Definition: socket.c:2303
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2852
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition: forward.c:338
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition: buffer.h:758
struct sockaddr_in in4
Definition: socket.h:69
sa_family_t proto_af
Definition: socket.c:3014
#define M_ERR
Definition: error.h:110
static void stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
Definition: socket.c:2566
unsigned __int32 uint32_t
Definition: config-msvc.h:120
#define IOSTATE_QUEUED
Definition: win32.h:196
static void gc_freeaddrinfo_callback(void *addr)
Definition: buffer.h:202
static int socket_defined(const socket_descriptor_t sd)
Definition: syshead.h:494
struct http_proxy_options * http_proxy_options
Definition: options.h:102
static bool link_socket_actual_defined(const struct link_socket_actual *act)
Definition: socket.h:684
int addrlen
Definition: win32.h:208
#define HAVE_IN_PKTINFO
Definition: config-msvc.h:55
void setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
Definition: socket.c:2917
void overlapped_io_close(struct overlapped_io *o)
Definition: win32.c:184
bool stream_buf_read_setup_dowork(struct link_socket *sock)
Definition: socket.c:2575
static bool defined_net_event_win32(const struct rw_handle *event)
Definition: win32.h:84
static void linksock_print_addr(struct link_socket *sock)
Definition: socket.c:1941
static SERVICE_STATUS status
Definition: automatic.c:47
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:545
#define D_SOCKET_DEBUG
Definition: errlevel.h:136
#define ENABLE_DEBUG
Definition: config-msvc.h:8
static bool socket_set_rcvbuf(int sd, int size)
Definition: socket.c:764
int link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.c:3359
void link_socket_init_phase2(struct link_socket *sock, const struct frame *frame, struct signal_info *sig_info)
Definition: socket.c:2111
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:119
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition: socket.c:1255
const struct in6_addr * link_socket_current_remote_ipv6(const struct link_socket_info *info)
Definition: socket.c:2441
struct buffer buf
Definition: socket.h:136
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:3848
void argv_parse_cmd(struct argv *a, const char *s)
Definition: argv.c:337
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:717
struct buffer buf
Definition: win32.h:210
const char * socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
Definition: socket.c:2474
static bool stream_buf_added(struct stream_buf *sb, int length_added)
Definition: socket.c:2595
static void resolve_remote(struct link_socket *sock, int phase, const char **remote_dynamic, volatile int *signal_received)
Definition: socket.c:1598
#define HAVE_IPI_SPEC_DST
Definition: config.h:336
Interface functions to the internal and external multiplexers.
static void phase2_set_socket_flags(struct link_socket *sock)
Definition: socket.c:1922
const char * remote
Definition: options.h:94
#define GETADDR_HOST_ORDER
Definition: socket.h:522
static void stream_buf_reset(struct stream_buf *sb)
Definition: socket.c:2511
static void phase2_inetd(struct link_socket *sock, const struct frame *frame, const char *remote_dynamic, volatile int *signal_received)
Definition: socket.c:1876
#define dmsg
Definition: error.h:174
const char * server
Definition: proxy.h:45
#define SOCKET_UNDEFINED
Definition: syshead.h:486
char * overlapped_io_state_ascii(const struct overlapped_io *o)
Definition: win32.c:197
#define EVENT_READ
Definition: event.h:36
static void socket_set_mark(int sd, int mark)
Definition: socket.c:827
static bool stream_buf_read_setup(struct link_socket *sock)
Definition: socket.h:998
volatile int source
Definition: sig.h:46
#define BLEN(buf)
Definition: buffer.h:127
static bool socket_set_flags(int sd, unsigned int sockflags)
Definition: socket.c:838
#define FRAME_HEADROOM_MARKER_READ_STREAM
Definition: mtu.h:132
static void socket_frame_init(const struct frame *frame, struct link_socket *sock)
Definition: socket.c:1515
const char * remote_port
Definition: options.h:92
void alloc_buf_sock_tun(struct buffer *buf, const struct frame *frame, const bool tuntap_buffer, const unsigned int align_mask)
Definition: mtu.c:43
#define SA_SET_IF_NONZERO
Definition: socket.h:402
struct connection_entry * array[CONNECTION_LIST_SIZE]
Definition: options.h:158
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1309
static bool buf_defined(const struct buffer *buf)
Definition: buffer.h:215
const char * ip_remote_hint
Definition: options.h:279
unsigned __int8 uint8_t
Definition: config-msvc.h:122
#define SIG_SOURCE_CONNECTION_FAILED
Definition: sig.h:37
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2691
HANDLE write
Definition: win32.h:73
const char * local
Definition: options.h:93
unsigned int socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition: socket.c:3811
void setenv_in6_addr(struct env_set *es, const char *name_prefix, const struct in6_addr *addr, const unsigned int flags)
Definition: socket.c:2983
void frame_set_mtu_dynamic(struct frame *frame, int mtu, unsigned int flags)
Definition: mtu.c:87
volatile int signal_received
Definition: sig.h:45
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition: buffer.h:1063
uint16_t packet_size_type
Definition: socket.h:55
bool plugin_defined(const struct plugin_list *pl, const int type)
Definition: plugin.c:895
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition: socket.c:880
bool ip_addr_dotted_quad_safe(const char *dotted_quad)
Definition: socket.c:569
void argv_printf_cat(struct argv *a, const char *format,...)
Definition: argv.c:328
struct addrinfo * ai
Definition: socket.h:80
void bad_address_length(int actual, int expected)
Definition: socket.c:3193
#define GETADDR_FATAL
Definition: socket.h:521
void socket_adjust_frame_parameters(struct frame *frame, int proto)
Definition: socket.c:2288
SOCKET socket_descriptor_t
Definition: syshead.h:487
static void socket_set_buffers(int fd, const struct socket_buffer_size *sbs)
Definition: socket.c:777
#define D_STREAM_DEBUG
Definition: errlevel.h:167
#define IF_NAMESIZE
Definition: socket.c:2778
static void phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2072
char server[128]
Definition: socks.h:40
#define msg
Definition: error.h:173
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:269
bool addr_defined
Definition: win32.h:203
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
static void socket_do_listen(socket_descriptor_t sd, const struct addrinfo *local, bool do_listen, bool do_set_nonblock)
Definition: socket.c:1047
void set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
Definition: socket.c:1413
DWORD flags
Definition: win32.h:201
void set_nonblock(int fd)
Definition: fdmisc.c:71
bool proto_is_dgram(int proto)
Definition: socket.c:3048
int link_socket_read_tcp(struct link_socket *sock, struct buffer *buf)
Definition: socket.c:3205
void frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
Definition: socket.c:1550
#define GETADDR_CACHE_MASK
Definition: socket.h:533
#define buf_init(buf, offset)
Definition: buffer.h:196
bool residual_fully_formed
Definition: socket.h:134
static bool buf_write_prepend(struct buffer *dest, const void *src, int size)
Definition: buffer.h:684
static bool socket_set_tcp_nodelay(int sd, int state)
Definition: socket.c:807
void set_cloexec(int fd)
Definition: fdmisc.c:81
static unsigned int sf2gaf(const unsigned int getaddr_flags, const unsigned int sockflags)
Definition: socket.c:62
const char * port
Definition: socks.h:41
void do_preresolve(struct context *c)
Definition: socket.c:221
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2685
#define IOSTATE_INITIAL
Definition: win32.h:195
int flags
Definition: socket.h:79
static void phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic, volatile int *signal_received)
Definition: socket.c:1987
static void resolve_bind_local(struct link_socket *sock, const sa_family_t af)
Definition: socket.c:1556
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
#define ENABLE_IP_PKTINFO
Definition: syshead.h:431
bool establish_http_proxy_passthru(struct http_proxy_info *p, socket_descriptor_t sd, const char *host, const char *port, struct event_timeout *server_poll_timeout, struct buffer *lookahead, volatile int *signal_received)
Definition: proxy.c:634
#define GETADDR_MSG_VIRT_OUT
Definition: socket.h:526
static bool dns_addr_safe(const char *addr)
Definition: socket.c:641
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1074
static void addr_zero_host(struct openvpn_sockaddr *addr)
Definition: socket.h:823
static void create_socket(struct link_socket *sock, struct addrinfo *addr)
Definition: socket.c:987
static int buf_forward_capacity_total(const struct buffer *buf)
Definition: buffer.h:563
static int do_preresolve_host(struct context *c, const char *hostname, const char *servname, const int af, const int flags)
Definition: socket.c:167
#define SOL_IP
Definition: syshead.h:439
#define free
Definition: cmocka.c:1850
static void buf_reset(struct buffer *buf)
Definition: buffer.h:290
#define EVENT_WRITE
Definition: event.h:37
void link_socket_connection_initiated(const struct buffer *buf, struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
Definition: socket.c:2319
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
sa_family_t af
Definition: options.h:89
void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, volatile int *signal_received)
Definition: socks.c:507
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing...
Definition: manage.c:4027
bool bind_local
Definition: options.h:98
#define GETADDR_PASSIVE
Definition: socket.h:530
#define SF_PORT_SHARE
Definition: socket.h:210
#define GETADDR_FATAL_ON_SIGNAL
Definition: socket.h:524
#define D_STREAM_ERRORS
Definition: errlevel.h:63
void argv_reset(struct argv *a)
Definition: argv.c:60
#define BSTR(buf)
Definition: buffer.h:129
void link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf)
Definition: socket.c:864
#define PS_DONT_SHOW_ADDR
Definition: socket.h:348
struct gc_arena gc
Garbage collection arena for allocations done in the scope of this context structure.
Definition: openvpn.h:517
static bool addr_local(const struct sockaddr *addr)
Definition: socket.h:636
#define UINT8_MAX
Definition: socket.c:2887
void link_socket_close(struct link_socket *sock)
Definition: socket.c:2235
#define M_ERRNO
Definition: error.h:99
#define PS_SHOW_PKTINFO
Definition: socket.h:347
Definition: argv.h:35
event_t socket_listen_event_handle(struct link_socket *s)
Definition: socket.c:2673
int socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
Definition: socket.c:3571
static int datagram_overhead(int proto)
Definition: socket.h:589
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition: socket.c:3102
void setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
Definition: socket.c:2970
#define D_WIN32_IO
Definition: errlevel.h:168
bool mac_addr_safe(const char *mac_addr)
Definition: socket.c:672
static void stream_buf_set_next(struct stream_buf *sb)
Definition: socket.c:2542
#define M_NONFATAL
Definition: error.h:95
char * dest
Definition: compat-lz4.h:431
#define CC_DASH
Definition: buffer.h:902
#define SF_USE_IP_PKTINFO
Definition: socket.h:208
struct sockaddr sa
Definition: socket.h:68
static void socket_set_sndbuf(int sd, int size)
Definition: socket.c:736
static void stream_buf_init(struct stream_buf *sb, struct buffer *buf, const unsigned int sockflags, const int proto)
Definition: socket.c:2521
#define GETADDR_RESOLVE
Definition: socket.h:520
static bool openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Definition: run_command.h:53
const char * short_form
Definition: socket.c:3012
#define SF_HOST_RANDOMIZE
Definition: socket.h:211
#define RESOLV_RETRY_INFINITE
Definition: socket.h:47
#define IPV6_V6ONLY
Definition: socket.c:1251
struct http_proxy_options options
Definition: proxy.h:70
void argv_printf(struct argv *a, const char *format,...)
Definition: argv.c:318
static bool link_socket_proto_connection_oriented(int proto)
Definition: socket.h:600
#define M_WARN
Definition: error.h:96
bool ipv6_addr_safe(const char *ipv6_text_addr)
Definition: socket.c:619
#define D_LINK_ERRORS
Definition: errlevel.h:57
struct in6_addr add_in6_addr(struct in6_addr base, uint32_t add)
Definition: socket.c:2894
int maxlen
Definition: socket.h:133
const char * servname
Definition: socket.h:77
in_addr_t link_socket_current_remote(const struct link_socket_info *info)
Definition: socket.c:2406
static int socket_get_sndbuf(int sd)
Definition: socket.c:719
#define M_MSG_VIRT_OUT
Definition: error.h:104
const char * addr_family_name(int af)
Definition: socket.c:3141