OpenVPN
socket.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #include "socket.h"
33 #include "fdmisc.h"
34 #include "misc.h"
35 #include "gremlin.h"
36 #include "plugin.h"
37 #include "ps.h"
38 #include "run_command.h"
39 #include "manage.h"
40 #include "misc.h"
41 #include "manage.h"
42 #include "openvpn.h"
43 #include "forward.h"
44 
45 #include "memdbg.h"
46 
47 const int proto_overhead[] = { /* indexed by PROTO_x */
48  0,
49  IPv4_UDP_HEADER_SIZE, /* IPv4 */
52  IPv6_UDP_HEADER_SIZE, /* IPv6 */
56 };
57 
58 /*
59  * Convert sockflags/getaddr_flags into getaddr_flags
60  */
61 static unsigned int
62 sf2gaf(const unsigned int getaddr_flags,
63  const unsigned int sockflags)
64 {
65  if (sockflags & SF_HOST_RANDOMIZE)
66  {
67  return getaddr_flags | GETADDR_RANDOMIZE;
68  }
69  else
70  {
71  return getaddr_flags;
72  }
73 }
74 
75 /*
76  * Functions related to the translation of DNS names to IP addresses.
77  */
78 static int
79 get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname,
80  void *network, unsigned int *netbits,
81  int resolve_retry_seconds, volatile int *signal_received,
82  int msglevel)
83 {
84  char *endp, *sep, *var_host = NULL;
85  struct addrinfo *ai = NULL;
86  unsigned long bits;
87  uint8_t max_bits;
88  int ret = -1;
89 
90  if (!hostname)
91  {
92  msg(M_NONFATAL, "Can't resolve null hostname!");
93  goto out;
94  }
95 
96  /* assign family specific default values */
97  switch (af)
98  {
99  case AF_INET:
100  bits = 0;
101  max_bits = sizeof(in_addr_t) * 8;
102  break;
103 
104  case AF_INET6:
105  bits = 64;
106  max_bits = sizeof(struct in6_addr) * 8;
107  break;
108 
109  default:
110  msg(M_WARN,
111  "Unsupported AF family passed to getaddrinfo for %s (%d)",
112  hostname, af);
113  goto out;
114  }
115 
116  /* we need to modify the hostname received as input, but we don't want to
117  * touch it directly as it might be a constant string.
118  *
119  * Therefore, we clone the string here and free it at the end of the
120  * function */
121  var_host = strdup(hostname);
122  if (!var_host)
123  {
125  "Can't allocate hostname buffer for getaddrinfo");
126  goto out;
127  }
128 
129  /* check if this hostname has a /bits suffix */
130  sep = strchr(var_host, '/');
131  if (sep)
132  {
133  bits = strtoul(sep + 1, &endp, 10);
134  if ((*endp != '\0') || (bits > max_bits))
135  {
136  msg(msglevel, "IP prefix '%s': invalid '/bits' spec (%s)", hostname,
137  sep + 1);
138  goto out;
139  }
140  *sep = '\0';
141  }
142 
143  ret = openvpn_getaddrinfo(flags & ~GETADDR_HOST_ORDER, var_host, NULL,
144  resolve_retry_seconds, signal_received, af, &ai);
145  if ((ret == 0) && network)
146  {
147  struct in6_addr *ip6;
148  in_addr_t *ip4;
149 
150  switch (af)
151  {
152  case AF_INET:
153  ip4 = network;
154  *ip4 = ((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr;
155 
156  if (flags & GETADDR_HOST_ORDER)
157  {
158  *ip4 = ntohl(*ip4);
159  }
160  break;
161 
162  case AF_INET6:
163  ip6 = network;
164  *ip6 = ((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr;
165  break;
166 
167  default:
168  /* can't get here because 'af' was previously checked */
169  msg(M_WARN,
170  "Unsupported AF family for %s (%d)", var_host, af);
171  goto out;
172  }
173  }
174 
175  if (netbits)
176  {
177  *netbits = bits;
178  }
179 
180  /* restore '/' separator, if any */
181  if (sep)
182  {
183  *sep = '/';
184  }
185 out:
186  freeaddrinfo(ai);
187  free(var_host);
188 
189  return ret;
190 }
191 
192 in_addr_t
193 getaddr(unsigned int flags,
194  const char *hostname,
195  int resolve_retry_seconds,
196  bool *succeeded,
197  volatile int *signal_received)
198 {
199  in_addr_t addr;
200  int status;
201 
202  status = get_addr_generic(AF_INET, flags, hostname, &addr, NULL,
203  resolve_retry_seconds, signal_received,
204  M_WARN);
205  if (status==0)
206  {
207  if (succeeded)
208  {
209  *succeeded = true;
210  }
211  return addr;
212  }
213  else
214  {
215  if (succeeded)
216  {
217  *succeeded = false;
218  }
219  return 0;
220  }
221 }
222 
223 bool
224 get_ipv6_addr(const char *hostname, struct in6_addr *network,
225  unsigned int *netbits, int msglevel)
226 {
227  if (get_addr_generic(AF_INET6, GETADDR_RESOLVE, hostname, network, netbits,
228  0, NULL, msglevel) < 0)
229  {
230  return false;
231  }
232 
233  return true; /* parsing OK, values set */
234 }
235 
236 static inline bool
237 streqnull(const char *a, const char *b)
238 {
239  if (a == NULL && b == NULL)
240  {
241  return true;
242  }
243  else if (a == NULL || b == NULL)
244  {
245  return false;
246  }
247  else
248  {
249  return streq(a, b);
250  }
251 }
252 
253 /*
254  * get_cached_dns_entry return 0 on success and -1
255  * otherwise. (like getaddrinfo)
256  */
257 static int
259  const char *hostname,
260  const char *servname,
261  int ai_family,
262  int resolve_flags,
263  struct addrinfo **ai)
264 {
265  struct cached_dns_entry *ph;
266  int flags;
267 
268  /* Only use flags that are relevant for the structure */
269  flags = resolve_flags & GETADDR_CACHE_MASK;
270 
271  for (ph = dns_cache; ph; ph = ph->next)
272  {
273  if (streqnull(ph->hostname, hostname)
274  && streqnull(ph->servname, servname)
275  && ph->ai_family == ai_family
276  && ph->flags == flags)
277  {
278  *ai = ph->ai;
279  return 0;
280  }
281  }
282  return -1;
283 }
284 
285 
286 static int
288  const char *hostname,
289  const char *servname,
290  const int af,
291  const int flags)
292 {
293  struct addrinfo *ai;
294  int status;
295 
297  hostname,
298  servname,
299  af,
300  flags,
301  &ai) == 0)
302  {
303  /* entry already cached, return success */
304  return 0;
305  }
306 
307  status = openvpn_getaddrinfo(flags, hostname, servname,
309  af, &ai);
310  if (status == 0)
311  {
312  struct cached_dns_entry *ph;
313 
314  ALLOC_OBJ_CLEAR_GC(ph, struct cached_dns_entry, &c->gc);
315  ph->ai = ai;
316  ph->hostname = hostname;
317  ph->servname = servname;
318  ph->flags = flags & GETADDR_CACHE_MASK;
319 
320  if (!c->c1.dns_cache)
321  {
322  c->c1.dns_cache = ph;
323  }
324  else
325  {
326  struct cached_dns_entry *prev = c->c1.dns_cache;
327  while (prev->next)
328  {
329  prev = prev->next;
330  }
331  prev->next = ph;
332  }
333 
335 
336  }
337  return status;
338 }
339 
340 void
342 {
343  int i;
344  struct connection_list *l = c->options.connection_list;
345  const unsigned int preresolve_flags = GETADDR_RESOLVE
348  |GETADDR_FATAL;
349 
350 
351  for (i = 0; i < l->len; ++i)
352  {
353  int status;
354  const char *remote;
355  int flags = preresolve_flags;
356 
357  struct connection_entry *ce = c->options.connection_list->array[i];
358 
359  if (proto_is_dgram(ce->proto))
360  {
361  flags |= GETADDR_DATAGRAM;
362  }
363 
365  {
366  flags |= GETADDR_RANDOMIZE;
367  }
368 
369  if (c->options.ip_remote_hint)
370  {
371  remote = c->options.ip_remote_hint;
372  }
373  else
374  {
375  remote = ce->remote;
376  }
377 
378  /* HTTP remote hostname does not need to be resolved */
379  if (!ce->http_proxy_options)
380  {
381  status = do_preresolve_host(c, remote, ce->remote_port,
382  ce->af, flags);
383  if (status != 0)
384  {
385  goto err;
386  }
387  }
388 
389  /* Preresolve proxy */
390  if (ce->http_proxy_options)
391  {
392  status = do_preresolve_host(c,
395  ce->af,
396  preresolve_flags);
397 
398  if (status != 0)
399  {
400  goto err;
401  }
402  }
403 
404  if (ce->socks_proxy_server)
405  {
406  status = do_preresolve_host(c,
407  ce->socks_proxy_server,
408  ce->socks_proxy_port,
409  ce->af,
410  flags);
411  if (status != 0)
412  {
413  goto err;
414  }
415  }
416 
417  if (ce->bind_local)
418  {
419  flags |= GETADDR_PASSIVE;
420  flags &= ~GETADDR_RANDOMIZE;
421  status = do_preresolve_host(c, ce->local, ce->local_port,
422  ce->af, flags);
423  if (status != 0)
424  {
425  goto err;
426  }
427 
428  }
429 
430  }
431  return;
432 
433 err:
434  throw_signal_soft(SIGHUP, "Preresolving failed");
435 }
436 
437 /*
438  * Translate IPv4/IPv6 addr or hostname into struct addrinfo
439  * If resolve error, try again for resolve_retry_seconds seconds.
440  */
441 int
443  const char *hostname,
444  const char *servname,
445  int resolve_retry_seconds,
446  volatile int *signal_received,
447  int ai_family,
448  struct addrinfo **res)
449 {
450  struct addrinfo hints;
451  int status;
452  int sigrec = 0;
453  int msglevel = (flags & GETADDR_FATAL) ? M_FATAL : D_RESOLVE_ERRORS;
454  struct gc_arena gc = gc_new();
455  const char *print_hostname;
456  const char *print_servname;
457 
458  ASSERT(res);
459 
460  ASSERT(hostname || servname);
461  ASSERT(!(flags & GETADDR_HOST_ORDER));
462 
463  if (servname)
464  {
465  print_servname = servname;
466  }
467  else
468  {
469  print_servname = "";
470  }
471 
472  if (flags & GETADDR_MSG_VIRT_OUT)
473  {
474  msglevel |= M_MSG_VIRT_OUT;
475  }
476 
478  && !signal_received)
479  {
480  signal_received = &sigrec;
481  }
482 
483  /* try numeric ipv6 addr first */
484  CLEAR(hints);
485  hints.ai_family = ai_family;
486  hints.ai_flags = AI_NUMERICHOST;
487 
488  if (flags & GETADDR_PASSIVE)
489  {
490  hints.ai_flags |= AI_PASSIVE;
491  }
492 
493  if (flags & GETADDR_DATAGRAM)
494  {
495  hints.ai_socktype = SOCK_DGRAM;
496  }
497  else
498  {
499  hints.ai_socktype = SOCK_STREAM;
500  }
501 
502  status = getaddrinfo(hostname, servname, &hints, res);
503 
504  if (status != 0) /* parse as numeric address failed? */
505  {
506  const int fail_wait_interval = 5; /* seconds */
507  /* Add +4 to cause integer division rounding up (1 + 4) = 5, (0+4)/5=0 */
508  int resolve_retries = (flags & GETADDR_TRY_ONCE) ? 1 :
509  ((resolve_retry_seconds + 4)/ fail_wait_interval);
510  const char *fmt;
511  int level = 0;
512 
513  if (hostname && (flags & GETADDR_RANDOMIZE))
514  {
515  hostname = hostname_randomize(hostname, &gc);
516  }
517 
518  if (hostname)
519  {
520  print_hostname = hostname;
521  }
522  else
523  {
524  print_hostname = "undefined";
525  }
526 
527  fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)";
528  if ((flags & GETADDR_MENTION_RESOLVE_RETRY)
529  && !resolve_retry_seconds)
530  {
531  fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s) "
532  "(I would have retried this name query if you had "
533  "specified the --resolv-retry option.)";
534  }
535 
536  if (!(flags & GETADDR_RESOLVE) || status == EAI_FAIL)
537  {
538  msg(msglevel, "RESOLVE: Cannot parse IP address: %s:%s (%s)",
539  print_hostname,print_servname, gai_strerror(status));
540  goto done;
541  }
542 
543 #ifdef ENABLE_MANAGEMENT
545  {
546  if (management)
547  {
550  NULL,
551  NULL,
552  NULL,
553  NULL,
554  NULL);
555  }
556  }
557 #endif
558 
559  /*
560  * Resolve hostname
561  */
562  while (true)
563  {
564 #ifndef _WIN32
565  /* force resolv.conf reload */
566  res_init();
567 #endif
568  /* try hostname lookup */
569  hints.ai_flags &= ~AI_NUMERICHOST;
571  "GETADDRINFO flags=0x%04x ai_family=%d ai_socktype=%d",
572  flags, hints.ai_family, hints.ai_socktype);
573  status = getaddrinfo(hostname, servname, &hints, res);
574 
575  if (signal_received)
576  {
577  get_signal(signal_received);
578  if (*signal_received) /* were we interrupted by a signal? */
579  {
580  if (*signal_received == SIGUSR1) /* ignore SIGUSR1 */
581  {
582  msg(level,
583  "RESOLVE: Ignored SIGUSR1 signal received during "
584  "DNS resolution attempt");
585  *signal_received = 0;
586  }
587  else
588  {
589  /* turn success into failure (interrupted syscall) */
590  if (0 == status)
591  {
592  ASSERT(res);
593  freeaddrinfo(*res);
594  *res = NULL;
595  status = EAI_AGAIN; /* = temporary failure */
596  errno = EINTR;
597  }
598  goto done;
599  }
600  }
601  }
602 
603  /* success? */
604  if (0 == status)
605  {
606  break;
607  }
608 
609  /* resolve lookup failed, should we
610  * continue or fail? */
611  level = msglevel;
612  if (resolve_retries > 0)
613  {
614  level = D_RESOLVE_ERRORS;
615  }
616 
617  msg(level,
618  fmt,
619  print_hostname,
620  print_servname,
621  gai_strerror(status));
622 
623  if (--resolve_retries <= 0)
624  {
625  goto done;
626  }
627 
628  management_sleep(fail_wait_interval);
629  }
630 
631  ASSERT(res);
632 
633  /* hostname resolve succeeded */
634 
635  /*
636  * Do not choose an IP Addresse by random or change the order *
637  * of IP addresses, doing so will break RFC 3484 address selection *
638  */
639  }
640  else
641  {
642  /* IP address parse succeeded */
643  if (flags & GETADDR_RANDOMIZE)
644  {
645  msg(M_WARN,
646  "WARNING: ignoring --remote-random-hostname because the "
647  "hostname is an IP address");
648  }
649  }
650 
651 done:
652  if (signal_received && *signal_received)
653  {
654  int level = 0;
655  if (flags & GETADDR_FATAL_ON_SIGNAL)
656  {
657  level = M_FATAL;
658  }
659  else if (flags & GETADDR_WARN_ON_SIGNAL)
660  {
661  level = M_WARN;
662  }
663  msg(level, "RESOLVE: signal received during DNS resolution attempt");
664  }
665 
666  gc_free(&gc);
667  return status;
668 }
669 
670 /*
671  * We do our own inet_aton because the glibc function
672  * isn't very good about error checking.
673  */
674 int
675 openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
676 {
677  unsigned int a, b, c, d;
678 
679  CLEAR(*addr);
680  if (sscanf(dotted_quad, "%u.%u.%u.%u", &a, &b, &c, &d) == 4)
681  {
682  if (a < 256 && b < 256 && c < 256 && d < 256)
683  {
684  addr->s_addr = htonl(a<<24 | b<<16 | c<<8 | d);
685  return OIA_IP; /* good dotted quad */
686  }
687  }
688  if (string_class(dotted_quad, CC_DIGIT|CC_DOT, 0))
689  {
690  return OIA_ERROR; /* probably a badly formatted dotted quad */
691  }
692  else
693  {
694  return OIA_HOSTNAME; /* probably a hostname */
695  }
696 }
697 
698 bool
699 ip_addr_dotted_quad_safe(const char *dotted_quad)
700 {
701  /* verify non-NULL */
702  if (!dotted_quad)
703  {
704  return false;
705  }
706 
707  /* verify length is within limits */
708  if (strlen(dotted_quad) > 15)
709  {
710  return false;
711  }
712 
713  /* verify that all chars are either numeric or '.' and that no numeric
714  * substring is greater than 3 chars */
715  {
716  int nnum = 0;
717  const char *p = dotted_quad;
718  int c;
719 
720  while ((c = *p++))
721  {
722  if (c >= '0' && c <= '9')
723  {
724  ++nnum;
725  if (nnum > 3)
726  {
727  return false;
728  }
729  }
730  else if (c == '.')
731  {
732  nnum = 0;
733  }
734  else
735  {
736  return false;
737  }
738  }
739  }
740 
741  /* verify that string will convert to IP address */
742  {
743  struct in_addr a;
744  return openvpn_inet_aton(dotted_quad, &a) == OIA_IP;
745  }
746 }
747 
748 bool
749 ipv6_addr_safe(const char *ipv6_text_addr)
750 {
751  /* verify non-NULL */
752  if (!ipv6_text_addr)
753  {
754  return false;
755  }
756 
757  /* verify length is within limits */
758  if (strlen(ipv6_text_addr) > INET6_ADDRSTRLEN)
759  {
760  return false;
761  }
762 
763  /* verify that string will convert to IPv6 address */
764  {
765  struct in6_addr a6;
766  return inet_pton( AF_INET6, ipv6_text_addr, &a6 ) == 1;
767  }
768 }
769 
770 static bool
771 dns_addr_safe(const char *addr)
772 {
773  if (addr)
774  {
775  const size_t len = strlen(addr);
776  return len > 0 && len <= 255 && string_class(addr, CC_ALNUM|CC_DASH|CC_DOT, 0);
777  }
778  else
779  {
780  return false;
781  }
782 }
783 
784 bool
785 ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
786 {
787  if (ip_addr_dotted_quad_safe(addr))
788  {
789  return true;
790  }
791  else if (allow_fqdn)
792  {
793  return dns_addr_safe(addr);
794  }
795  else
796  {
797  return false;
798  }
799 }
800 
801 bool
802 mac_addr_safe(const char *mac_addr)
803 {
804  /* verify non-NULL */
805  if (!mac_addr)
806  {
807  return false;
808  }
809 
810  /* verify length is within limits */
811  if (strlen(mac_addr) > 17)
812  {
813  return false;
814  }
815 
816  /* verify that all chars are either alphanumeric or ':' and that no
817  * alphanumeric substring is greater than 2 chars */
818  {
819  int nnum = 0;
820  const char *p = mac_addr;
821  int c;
822 
823  while ((c = *p++))
824  {
825  if ( (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') )
826  {
827  ++nnum;
828  if (nnum > 2)
829  {
830  return false;
831  }
832  }
833  else if (c == ':')
834  {
835  nnum = 0;
836  }
837  else
838  {
839  return false;
840  }
841  }
842  }
843 
844  /* error-checking is left to script invoked in lladdr.c */
845  return true;
846 }
847 
848 static int
850 {
851 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
852  int val;
853  socklen_t len;
854 
855  len = sizeof(val);
856  if (getsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *) &val, &len) == 0
857  && len == sizeof(val))
858  {
859  return val;
860  }
861 #endif
862  return 0;
863 }
864 
865 static void
866 socket_set_sndbuf(int sd, int size)
867 {
868 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
869  if (setsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *) &size, sizeof(size)) != 0)
870  {
871  msg(M_WARN, "NOTE: setsockopt SO_SNDBUF=%d failed", size);
872  }
873 #endif
874 }
875 
876 static int
878 {
879 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
880  int val;
881  socklen_t len;
882 
883  len = sizeof(val);
884  if (getsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *) &val, &len) == 0
885  && len == sizeof(val))
886  {
887  return val;
888  }
889 #endif
890  return 0;
891 }
892 
893 static bool
894 socket_set_rcvbuf(int sd, int size)
895 {
896 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
897  if (setsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *) &size, sizeof(size)) != 0)
898  {
899  msg(M_WARN, "NOTE: setsockopt SO_RCVBUF=%d failed", size);
900  return false;
901  }
902  return true;
903 #endif
904 }
905 
906 static void
907 socket_set_buffers(int fd, const struct socket_buffer_size *sbs)
908 {
909  if (sbs)
910  {
911  const int sndbuf_old = socket_get_sndbuf(fd);
912  const int rcvbuf_old = socket_get_rcvbuf(fd);
913 
914  if (sbs->sndbuf)
915  {
916  socket_set_sndbuf(fd, sbs->sndbuf);
917  }
918 
919  if (sbs->rcvbuf)
920  {
921  socket_set_rcvbuf(fd, sbs->rcvbuf);
922  }
923 
924  msg(D_OSBUF, "Socket Buffers: R=[%d->%d] S=[%d->%d]",
925  rcvbuf_old,
926  socket_get_rcvbuf(fd),
927  sndbuf_old,
928  socket_get_sndbuf(fd));
929  }
930 }
931 
932 /*
933  * Set other socket options
934  */
935 
936 static bool
937 socket_set_tcp_nodelay(int sd, int state)
938 {
939 #if defined(_WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY))
940  if (setsockopt(sd, IPPROTO_TCP, TCP_NODELAY, (void *) &state, sizeof(state)) != 0)
941  {
942  msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed", state);
943  return false;
944  }
945  else
946  {
947  dmsg(D_OSBUF, "Socket flags: TCP_NODELAY=%d succeeded", state);
948  return true;
949  }
950 #else /* if defined(_WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY)) */
951  msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed (No kernel support)", state);
952  return false;
953 #endif
954 }
955 
956 static inline void
957 socket_set_mark(int sd, int mark)
958 {
959 #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
960  if (mark && setsockopt(sd, SOL_SOCKET, SO_MARK, (void *) &mark, sizeof(mark)) != 0)
961  {
962  msg(M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark);
963  }
964 #endif
965 }
966 
967 static bool
968 socket_set_flags(int sd, unsigned int sockflags)
969 {
970  if (sockflags & SF_TCP_NODELAY)
971  {
972  return socket_set_tcp_nodelay(sd, 1);
973  }
974  else
975  {
976  return true;
977  }
978 }
979 
980 bool
981 link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
982 {
983  if (ls && socket_defined(ls->sd))
984  {
985  return socket_set_flags(ls->sd, ls->sockflags = sockflags);
986  }
987  else
988  {
989  return false;
990  }
991 }
992 
993 void
994 link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf)
995 {
996  if (ls && socket_defined(ls->sd))
997  {
998  ls->socket_buffer_sizes.sndbuf = sndbuf;
999  ls->socket_buffer_sizes.rcvbuf = rcvbuf;
1001  }
1002 }
1003 
1004 /*
1005  * SOCKET INITIALIZATION CODE.
1006  * Create a TCP/UDP socket
1007  */
1008 
1010 create_socket_tcp(struct addrinfo *addrinfo)
1011 {
1013 
1014  ASSERT(addrinfo);
1015  ASSERT(addrinfo->ai_socktype == SOCK_STREAM);
1016 
1017  if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
1018  {
1019  msg(M_ERR, "Cannot create TCP socket");
1020  }
1021 
1022 #ifndef _WIN32 /* using SO_REUSEADDR on Windows will cause bind to succeed on port conflicts! */
1023  /* set SO_REUSEADDR on socket */
1024  {
1025  int on = 1;
1026  if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR,
1027  (void *) &on, sizeof(on)) < 0)
1028  {
1029  msg(M_ERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP socket");
1030  }
1031  }
1032 #endif
1033 
1034  /* set socket file descriptor to not pass across execs, so that
1035  * scripts don't have access to it */
1036  set_cloexec(sd);
1037 
1038  return sd;
1039 }
1040 
1041 static socket_descriptor_t
1042 create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
1043 {
1045 
1046  ASSERT(addrinfo);
1047  ASSERT(addrinfo->ai_socktype == SOCK_DGRAM);
1048 
1049  if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
1050  {
1051  msg(M_ERR, "UDP: Cannot create UDP/UDP6 socket");
1052  }
1053 #if ENABLE_IP_PKTINFO
1054  else if (flags & SF_USE_IP_PKTINFO)
1055  {
1056  int pad = 1;
1057  if (addrinfo->ai_family == AF_INET)
1058  {
1059 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
1060  if (setsockopt(sd, SOL_IP, IP_PKTINFO,
1061  (void *)&pad, sizeof(pad)) < 0)
1062  {
1063  msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO");
1064  }
1065 #elif defined(IP_RECVDSTADDR)
1066  if (setsockopt(sd, IPPROTO_IP, IP_RECVDSTADDR,
1067  (void *)&pad, sizeof(pad)) < 0)
1068  {
1069  msg(M_ERR, "UDP: failed setsockopt for IP_RECVDSTADDR");
1070  }
1071 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
1072 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
1073 #endif
1074  }
1075  else if (addrinfo->ai_family == AF_INET6)
1076  {
1077 #ifndef IPV6_RECVPKTINFO /* Some older Darwin platforms require this */
1078  if (setsockopt(sd, IPPROTO_IPV6, IPV6_PKTINFO,
1079  (void *)&pad, sizeof(pad)) < 0)
1080 #else
1081  if (setsockopt(sd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
1082  (void *)&pad, sizeof(pad)) < 0)
1083 #endif
1084  { msg(M_ERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");}
1085  }
1086  }
1087 #endif /* if ENABLE_IP_PKTINFO */
1088 
1089  /* set socket file descriptor to not pass across execs, so that
1090  * scripts don't have access to it */
1091  set_cloexec(sd);
1092 
1093  return sd;
1094 }
1095 
1096 static void
1097 bind_local(struct link_socket *sock, const sa_family_t ai_family)
1098 {
1099  /* bind to local address/port */
1100  if (sock->bind_local)
1101  {
1102  if (sock->socks_proxy && sock->info.proto == PROTO_UDP)
1103  {
1104  socket_bind(sock->ctrl_sd, sock->info.lsa->bind_local,
1105  ai_family, "SOCKS", false);
1106  }
1107  else
1108  {
1109  socket_bind(sock->sd, sock->info.lsa->bind_local,
1110  ai_family,
1111  "TCP/UDP", sock->info.bind_ipv6_only);
1112  }
1113  }
1114 }
1115 
1116 static void
1117 create_socket(struct link_socket *sock, struct addrinfo *addr)
1118 {
1119  if (addr->ai_protocol == IPPROTO_UDP || addr->ai_socktype == SOCK_DGRAM)
1120  {
1121  sock->sd = create_socket_udp(addr, sock->sockflags);
1123 
1124  /* Assume that control socket and data socket to the socks proxy
1125  * are using the same IP family */
1126  if (sock->socks_proxy)
1127  {
1128  /* Construct a temporary addrinfo to create the socket,
1129  * currently resolve two remote addresses is not supported,
1130  * TODO: Rewrite the whole resolve_remote */
1131  struct addrinfo addrinfo_tmp = *addr;
1132  addrinfo_tmp.ai_socktype = SOCK_STREAM;
1133  addrinfo_tmp.ai_protocol = IPPROTO_TCP;
1134  sock->ctrl_sd = create_socket_tcp(&addrinfo_tmp);
1135  }
1136  }
1137  else if (addr->ai_protocol == IPPROTO_TCP || addr->ai_socktype == SOCK_STREAM)
1138  {
1139  sock->sd = create_socket_tcp(addr);
1140  }
1141  else
1142  {
1143  ASSERT(0);
1144  }
1145  /* set socket buffers based on --sndbuf and --rcvbuf options */
1146  socket_set_buffers(sock->sd, &sock->socket_buffer_sizes);
1147 
1148  /* set socket to --mark packets with given value */
1149  socket_set_mark(sock->sd, sock->mark);
1150 
1151 #if defined(TARGET_LINUX)
1152  if (sock->bind_dev)
1153  {
1154  msg(M_INFO, "Using bind-dev %s", sock->bind_dev);
1155  if (setsockopt(sock->sd, SOL_SOCKET, SO_BINDTODEVICE, sock->bind_dev, strlen(sock->bind_dev) + 1) != 0)
1156  {
1157  msg(M_WARN|M_ERRNO, "WARN: setsockopt SO_BINDTODEVICE=%s failed", sock->bind_dev);
1158  }
1159 
1160  }
1161 #endif
1162 
1163  bind_local(sock, addr->ai_family);
1164 }
1165 
1166 #ifdef TARGET_ANDROID
1167 static void
1168 protect_fd_nonlocal(int fd, const struct sockaddr *addr)
1169 {
1170  /* pass socket FD to management interface to pass on to VPNService API
1171  * as "protected socket" (exempt from being routed into tunnel)
1172  */
1173  if (addr_local(addr))
1174  {
1175  msg(D_SOCKET_DEBUG, "Address is local, not protecting socket fd %d", fd);
1176  return;
1177  }
1178 
1179  msg(D_SOCKET_DEBUG, "Protecting socket fd %d", fd);
1180  management->connection.fdtosend = fd;
1181  management_android_control(management, "PROTECTFD", __func__);
1182 }
1183 #endif
1184 
1185 /*
1186  * Functions used for establishing a TCP stream connection.
1187  */
1188 static void
1190  const struct addrinfo *local,
1191  bool do_listen,
1192  bool do_set_nonblock)
1193 {
1194  struct gc_arena gc = gc_new();
1195  if (do_listen)
1196  {
1197  ASSERT(local);
1198  msg(M_INFO, "Listening for incoming TCP connection on %s",
1199  print_sockaddr(local->ai_addr, &gc));
1200  if (listen(sd, 32))
1201  {
1202  msg(M_ERR, "TCP: listen() failed");
1203  }
1204  }
1205 
1206  /* set socket to non-blocking mode */
1207  if (do_set_nonblock)
1208  {
1209  set_nonblock(sd);
1210  }
1211 
1212  gc_free(&gc);
1213 }
1214 
1217  struct link_socket_actual *act,
1218  const bool nowait)
1219 {
1220  /* af_addr_size WILL return 0 in this case if AFs other than AF_INET
1221  * are compiled because act is empty here.
1222  * could use getsockname() to support later remote_len check
1223  */
1224  socklen_t remote_len_af = af_addr_size(act->dest.addr.sa.sa_family);
1225  socklen_t remote_len = sizeof(act->dest.addr);
1227 
1228  CLEAR(*act);
1229 
1230 #ifdef HAVE_GETPEERNAME
1231  if (nowait)
1232  {
1233  new_sd = getpeername(sd, &act->dest.addr.sa, &remote_len);
1234 
1235  if (!socket_defined(new_sd))
1236  {
1237  msg(D_LINK_ERRORS | M_ERRNO, "TCP: getpeername() failed");
1238  }
1239  else
1240  {
1241  new_sd = sd;
1242  }
1243  }
1244 #else /* ifdef HAVE_GETPEERNAME */
1245  if (nowait)
1246  {
1247  msg(M_WARN, "TCP: this OS does not provide the getpeername() function");
1248  }
1249 #endif
1250  else
1251  {
1252  new_sd = accept(sd, &act->dest.addr.sa, &remote_len);
1253  }
1254 
1255 #if 0 /* For debugging only, test the effect of accept() failures */
1256  {
1257  static int foo = 0;
1258  ++foo;
1259  if (foo & 1)
1260  {
1261  new_sd = -1;
1262  }
1263  }
1264 #endif
1265 
1266  if (!socket_defined(new_sd))
1267  {
1268  msg(D_LINK_ERRORS | M_ERRNO, "TCP: accept(%d) failed", (int)sd);
1269  }
1270  /* only valid if we have remote_len_af!=0 */
1271  else if (remote_len_af && remote_len != remote_len_af)
1272  {
1273  msg(D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len);
1274  openvpn_close_socket(new_sd);
1275  new_sd = SOCKET_UNDEFINED;
1276  }
1277  else
1278  {
1279  /* set socket file descriptor to not pass across execs, so that
1280  * scripts don't have access to it */
1281  set_cloexec(sd);
1282  }
1283  return new_sd;
1284 }
1285 
1286 static void
1288 {
1289  struct gc_arena gc = gc_new();
1290  msg(M_INFO, "TCP connection established with %s",
1291  print_link_socket_actual(act, &gc));
1292  gc_free(&gc);
1293 }
1294 
1295 static socket_descriptor_t
1297  struct link_socket_actual *act,
1298  const char *remote_dynamic,
1299  const struct addrinfo *local,
1300  bool do_listen,
1301  bool nowait,
1302  volatile int *signal_received)
1303 {
1304  struct gc_arena gc = gc_new();
1305  /* struct openvpn_sockaddr *remote = &act->dest; */
1306  struct openvpn_sockaddr remote_verify = act->dest;
1308 
1309  CLEAR(*act);
1310  socket_do_listen(sd, local, do_listen, true);
1311 
1312  while (true)
1313  {
1314  int status;
1315  fd_set reads;
1316  struct timeval tv;
1317 
1318  FD_ZERO(&reads);
1319  openvpn_fd_set(sd, &reads);
1320  tv.tv_sec = 0;
1321  tv.tv_usec = 0;
1322 
1323  status = select(sd + 1, &reads, NULL, NULL, &tv);
1324 
1325  get_signal(signal_received);
1326  if (*signal_received)
1327  {
1328  gc_free(&gc);
1329  return sd;
1330  }
1331 
1332  if (status < 0)
1333  {
1334  msg(D_LINK_ERRORS | M_ERRNO, "TCP: select() failed");
1335  }
1336 
1337  if (status <= 0)
1338  {
1339  management_sleep(1);
1340  continue;
1341  }
1342 
1343  new_sd = socket_do_accept(sd, act, nowait);
1344 
1345  if (socket_defined(new_sd))
1346  {
1347  struct addrinfo *ai = NULL;
1348  if (remote_dynamic)
1349  {
1350  openvpn_getaddrinfo(0, remote_dynamic, NULL, 1, NULL,
1351  remote_verify.addr.sa.sa_family, &ai);
1352  }
1353 
1354  if (ai && !addrlist_match(&remote_verify, ai))
1355  {
1356  msg(M_WARN,
1357  "TCP NOTE: Rejected connection attempt from %s due to --remote setting",
1358  print_link_socket_actual(act, &gc));
1359  if (openvpn_close_socket(new_sd))
1360  {
1361  msg(M_ERR, "TCP: close socket failed (new_sd)");
1362  }
1363  freeaddrinfo(ai);
1364  }
1365  else
1366  {
1367  if (ai)
1368  {
1369  freeaddrinfo(ai);
1370  }
1371  break;
1372  }
1373  }
1374  management_sleep(1);
1375  }
1376 
1377  if (!nowait && openvpn_close_socket(sd))
1378  {
1379  msg(M_ERR, "TCP: close socket failed (sd)");
1380  }
1381 
1383 
1384  gc_free(&gc);
1385  return new_sd;
1386 }
1387 
1388 /* older mingw versions and WinXP do not have this define,
1389  * but Vista and up support the functionality - just define it here
1390  */
1391 #ifdef _WIN32
1392 #ifndef IPV6_V6ONLY
1393 #define IPV6_V6ONLY 27
1394 #endif
1395 #endif
1396 void
1398  struct addrinfo *local,
1399  int ai_family,
1400  const char *prefix,
1401  bool ipv6only)
1402 {
1403  struct gc_arena gc = gc_new();
1404 
1405  /* FIXME (schwabe)
1406  * getaddrinfo for the bind address might return multiple AF_INET/AF_INET6
1407  * entries for the requested protocol.
1408  * For example if an address has multiple A records
1409  * What is the correct way to deal with it?
1410  */
1411 
1412  struct addrinfo *cur;
1413 
1414  ASSERT(local);
1415 
1416 
1417  /* find the first addrinfo with correct ai_family */
1418  for (cur = local; cur; cur = cur->ai_next)
1419  {
1420  if (cur->ai_family == ai_family)
1421  {
1422  break;
1423  }
1424  }
1425  if (!cur)
1426  {
1427  msg(M_FATAL, "%s: Socket bind failed: Addr to bind has no %s record",
1428  prefix, addr_family_name(ai_family));
1429  }
1430 
1431  if (ai_family == AF_INET6)
1432  {
1433  int v6only = ipv6only ? 1 : 0; /* setsockopt must have an "int" */
1434 
1435  msg(M_INFO, "setsockopt(IPV6_V6ONLY=%d)", v6only);
1436  if (setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (void *) &v6only, sizeof(v6only)))
1437  {
1438  msg(M_NONFATAL|M_ERRNO, "Setting IPV6_V6ONLY=%d failed", v6only);
1439  }
1440  }
1441  if (bind(sd, cur->ai_addr, cur->ai_addrlen))
1442  {
1443  msg(M_FATAL | M_ERRNO, "%s: Socket bind failed on local address %s",
1444  prefix,
1445  print_sockaddr_ex(local->ai_addr, ":", PS_SHOW_PORT, &gc));
1446  }
1447  gc_free(&gc);
1448 }
1449 
1450 int
1452  const struct sockaddr *remote,
1453  int connect_timeout,
1454  volatile int *signal_received)
1455 {
1456  int status = 0;
1457 
1458 #ifdef TARGET_ANDROID
1459  protect_fd_nonlocal(sd, remote);
1460 #endif
1461 
1462 #ifdef CONNECT_NONBLOCK
1463  set_nonblock(sd);
1464  status = connect(sd, remote, af_addr_size(remote->sa_family));
1465  if (status)
1466  {
1467  status = openvpn_errno();
1468  }
1469  if (
1470 #ifdef _WIN32
1471  status == WSAEWOULDBLOCK
1472 #else
1473  status == EINPROGRESS
1474 #endif
1475  )
1476  {
1477  while (true)
1478  {
1479 #if POLL
1480  struct pollfd fds[1];
1481  fds[0].fd = sd;
1482  fds[0].events = POLLOUT;
1483  status = poll(fds, 1, (connect_timeout > 0) ? 1000 : 0);
1484 #else
1485  fd_set writes;
1486  struct timeval tv;
1487 
1488  FD_ZERO(&writes);
1489  openvpn_fd_set(sd, &writes);
1490  tv.tv_sec = (connect_timeout > 0) ? 1 : 0;
1491  tv.tv_usec = 0;
1492 
1493  status = select(sd + 1, NULL, &writes, NULL, &tv);
1494 #endif
1495  if (signal_received)
1496  {
1497  get_signal(signal_received);
1498  if (*signal_received)
1499  {
1500  status = 0;
1501  break;
1502  }
1503  }
1504  if (status < 0)
1505  {
1506  status = openvpn_errno();
1507  break;
1508  }
1509  if (status <= 0)
1510  {
1511  if (--connect_timeout < 0)
1512  {
1513 #ifdef _WIN32
1514  status = WSAETIMEDOUT;
1515 #else
1516  status = ETIMEDOUT;
1517 #endif
1518  break;
1519  }
1520  management_sleep(0);
1521  continue;
1522  }
1523 
1524  /* got it */
1525  {
1526  int val = 0;
1527  socklen_t len;
1528 
1529  len = sizeof(val);
1530  if (getsockopt(sd, SOL_SOCKET, SO_ERROR, (void *) &val, &len) == 0
1531  && len == sizeof(val))
1532  {
1533  status = val;
1534  }
1535  else
1536  {
1537  status = openvpn_errno();
1538  }
1539  break;
1540  }
1541  }
1542  }
1543 #else /* ifdef CONNECT_NONBLOCK */
1544  status = connect(sd, remote, af_addr_size(remote->sa_family));
1545  if (status)
1546  {
1547  status = openvpn_errno();
1548  }
1549 #endif /* ifdef CONNECT_NONBLOCK */
1550 
1551  return status;
1552 }
1553 
1554 void
1555 set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
1556 {
1557  CLEAR(*actual);
1558  ASSERT(ai);
1559 
1560  if (ai->ai_family == AF_INET)
1561  {
1562  actual->dest.addr.in4 =
1563  *((struct sockaddr_in *) ai->ai_addr);
1564  }
1565  else if (ai->ai_family == AF_INET6)
1566  {
1567  actual->dest.addr.in6 =
1568  *((struct sockaddr_in6 *) ai->ai_addr);
1569  }
1570  else
1571  {
1572  ASSERT(0);
1573  }
1574 
1575 }
1576 
1577 static void
1579  const struct sockaddr *dest,
1580  const int connect_timeout,
1581  struct signal_info *sig_info)
1582 {
1583  struct gc_arena gc = gc_new();
1584  int status;
1585 
1586 #ifdef CONNECT_NONBLOCK
1587  msg(M_INFO, "Attempting to establish TCP connection with %s [nonblock]",
1588  print_sockaddr(dest, &gc));
1589 #else
1590  msg(M_INFO, "Attempting to establish TCP connection with %s",
1591  print_sockaddr(dest, &gc));
1592 #endif
1593 
1594 #ifdef ENABLE_MANAGEMENT
1595  if (management)
1596  {
1599  NULL,
1600  NULL,
1601  NULL,
1602  NULL,
1603  NULL);
1604  }
1605 #endif
1606 
1607  /* Set the actual address */
1608  status = openvpn_connect(*sd, dest, connect_timeout, &sig_info->signal_received);
1609 
1610  get_signal(&sig_info->signal_received);
1611  if (sig_info->signal_received)
1612  {
1613  goto done;
1614  }
1615 
1616  if (status)
1617  {
1618 
1619  msg(D_LINK_ERRORS, "TCP: connect to %s failed: %s",
1620  print_sockaddr(dest, &gc), strerror(status));
1621 
1622  openvpn_close_socket(*sd);
1623  *sd = SOCKET_UNDEFINED;
1624  sig_info->signal_received = SIGUSR1;
1626  }
1627  else
1628  {
1629  msg(M_INFO, "TCP connection established with %s",
1630  print_sockaddr(dest, &gc));
1631  }
1632 
1633 done:
1634  gc_free(&gc);
1635 }
1636 
1637 /*
1638  * Stream buffer handling prototypes -- stream_buf is a helper class
1639  * to assist in the packetization of stream transport protocols
1640  * such as TCP.
1641  */
1642 
1643 static void
1644 stream_buf_init(struct stream_buf *sb, struct buffer *buf,
1645  const unsigned int sockflags, const int proto);
1646 
1647 static void
1648 stream_buf_close(struct stream_buf *sb);
1649 
1650 static bool
1651 stream_buf_added(struct stream_buf *sb, int length_added);
1652 
1653 /* For stream protocols, allocate a buffer to build up packet.
1654  * Called after frame has been finalized. */
1655 
1656 static void
1657 socket_frame_init(const struct frame *frame, struct link_socket *sock)
1658 {
1659 #ifdef _WIN32
1660  overlapped_io_init(&sock->reads, frame, FALSE, false);
1661  overlapped_io_init(&sock->writes, frame, TRUE, false);
1662  sock->rw_handle.read = sock->reads.overlapped.hEvent;
1663  sock->rw_handle.write = sock->writes.overlapped.hEvent;
1664 #endif
1665 
1667  {
1668 #ifdef _WIN32
1669  stream_buf_init(&sock->stream_buf,
1670  &sock->reads.buf_init,
1671  sock->sockflags,
1672  sock->info.proto);
1673 #else
1675  frame,
1676  false,
1678 
1679  stream_buf_init(&sock->stream_buf,
1680  &sock->stream_buf_data,
1681  sock->sockflags,
1682  sock->info.proto);
1683 #endif
1684  }
1685 }
1686 
1687 /*
1688  * Adjust frame structure based on a Path MTU value given
1689  * to us by the OS.
1690  */
1691 void
1692 frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
1693 {
1695 }
1696 
1697 static void
1699 {
1700  struct gc_arena gc = gc_new();
1701 
1702  /* resolve local address if undefined */
1703  if (!sock->info.lsa->bind_local)
1704  {
1707  int status;
1708 
1709  if (proto_is_dgram(sock->info.proto))
1710  {
1711  flags |= GETADDR_DATAGRAM;
1712  }
1713 
1714  /* will return AF_{INET|INET6}from local_host */
1715  status = get_cached_dns_entry(sock->dns_cache,
1716  sock->local_host,
1717  sock->local_port,
1718  af,
1719  flags,
1720  &sock->info.lsa->bind_local);
1721 
1722  if (status)
1723  {
1724  status = openvpn_getaddrinfo(flags, sock->local_host, sock->local_port, 0,
1725  NULL, af, &sock->info.lsa->bind_local);
1726  }
1727 
1728  if (status !=0)
1729  {
1730  msg(M_FATAL, "getaddrinfo() failed for local \"%s:%s\": %s",
1731  sock->local_host, sock->local_port,
1732  gai_strerror(status));
1733  }
1734  }
1735 
1736  gc_free(&gc);
1737 }
1738 
1739 static void
1741  int phase,
1742  const char **remote_dynamic,
1743  volatile int *signal_received)
1744 {
1745  struct gc_arena gc = gc_new();
1746 
1747  /* resolve remote address if undefined */
1748  if (!sock->info.lsa->remote_list)
1749  {
1750  if (sock->remote_host)
1751  {
1753  int retry = 0;
1754  int status = -1;
1755  struct addrinfo *ai;
1756  if (proto_is_dgram(sock->info.proto))
1757  {
1758  flags |= GETADDR_DATAGRAM;
1759  }
1760 
1762  {
1763  if (phase == 2)
1764  {
1765  flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL);
1766  }
1767  retry = 0;
1768  }
1769  else if (phase == 1)
1770  {
1771  if (sock->resolve_retry_seconds)
1772  {
1773  retry = 0;
1774  }
1775  else
1776  {
1778  retry = 0;
1779  }
1780  }
1781  else if (phase == 2)
1782  {
1783  if (sock->resolve_retry_seconds)
1784  {
1785  flags |= GETADDR_FATAL;
1786  retry = sock->resolve_retry_seconds;
1787  }
1788  else
1789  {
1790  ASSERT(0);
1791  }
1792  }
1793  else
1794  {
1795  ASSERT(0);
1796  }
1797 
1798 
1799  status = get_cached_dns_entry(sock->dns_cache,
1800  sock->remote_host,
1801  sock->remote_port,
1802  sock->info.af,
1803  flags, &ai);
1804  if (status)
1805  {
1806  status = openvpn_getaddrinfo(flags, sock->remote_host, sock->remote_port,
1807  retry, signal_received, sock->info.af, &ai);
1808  }
1809 
1810  if (status == 0)
1811  {
1812  sock->info.lsa->remote_list = ai;
1813  sock->info.lsa->current_remote = ai;
1814 
1816  "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d",
1817  flags,
1818  phase,
1819  retry,
1820  signal_received ? *signal_received : -1,
1821  status);
1822  }
1823  if (signal_received)
1824  {
1825  if (*signal_received)
1826  {
1827  goto done;
1828  }
1829  }
1830  if (status!=0)
1831  {
1832  if (signal_received)
1833  {
1834  *signal_received = SIGUSR1;
1835  }
1836  goto done;
1837  }
1838  }
1839  }
1840 
1841  /* should we re-use previous active remote address? */
1843  {
1844  msg(M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
1845  print_link_socket_actual(&sock->info.lsa->actual, &gc));
1846  if (remote_dynamic)
1847  {
1848  *remote_dynamic = NULL;
1849  }
1850  }
1851  else
1852  {
1853  CLEAR(sock->info.lsa->actual);
1854  if (sock->info.lsa->current_remote)
1855  {
1857  sock->info.lsa->current_remote);
1858  }
1859  }
1860 
1861 done:
1862  gc_free(&gc);
1863 }
1864 
1865 
1866 
1867 struct link_socket *
1869 {
1870  struct link_socket *sock;
1871 
1872  ALLOC_OBJ_CLEAR(sock, struct link_socket);
1873  sock->sd = SOCKET_UNDEFINED;
1874  sock->ctrl_sd = SOCKET_UNDEFINED;
1875  return sock;
1876 }
1877 
1878 void
1880  const char *local_host,
1881  const char *local_port,
1882  const char *remote_host,
1883  const char *remote_port,
1884  struct cached_dns_entry *dns_cache,
1885  int proto,
1886  sa_family_t af,
1887  bool bind_ipv6_only,
1888  int mode,
1889  const struct link_socket *accept_from,
1890  struct http_proxy_info *http_proxy,
1891  struct socks_proxy_info *socks_proxy,
1892 #ifdef ENABLE_DEBUG
1893  int gremlin,
1894 #endif
1895  bool bind_local,
1896  bool remote_float,
1897  int inetd,
1898  struct link_socket_addr *lsa,
1899  const char *ipchange_command,
1900  const struct plugin_list *plugins,
1902  int mtu_discover_type,
1903  int rcvbuf,
1904  int sndbuf,
1905  int mark,
1906  const char *bind_dev,
1908  unsigned int sockflags)
1909 {
1910  ASSERT(sock);
1911 
1912  sock->local_host = local_host;
1913  sock->local_port = local_port;
1914  sock->remote_host = remote_host;
1915  sock->remote_port = remote_port;
1916  sock->dns_cache = dns_cache;
1917  sock->http_proxy = http_proxy;
1918  sock->socks_proxy = socks_proxy;
1919  sock->bind_local = bind_local;
1920  sock->inetd = inetd;
1923 
1924 #ifdef ENABLE_DEBUG
1925  sock->gremlin = gremlin;
1926 #endif
1927 
1928  sock->socket_buffer_sizes.rcvbuf = rcvbuf;
1929  sock->socket_buffer_sizes.sndbuf = sndbuf;
1930 
1931  sock->sockflags = sockflags;
1932  sock->mark = mark;
1933  sock->bind_dev = bind_dev;
1934 
1935  sock->info.proto = proto;
1936  sock->info.af = af;
1937  sock->info.remote_float = remote_float;
1938  sock->info.lsa = lsa;
1939  sock->info.bind_ipv6_only = bind_ipv6_only;
1940  sock->info.ipchange_command = ipchange_command;
1941  sock->info.plugins = plugins;
1943 
1944  sock->mode = mode;
1945  if (mode == LS_MODE_TCP_ACCEPT_FROM)
1946  {
1947  ASSERT(accept_from);
1948  ASSERT(sock->info.proto == PROTO_TCP_SERVER);
1949  ASSERT(!sock->inetd);
1950  sock->sd = accept_from->sd;
1951  /* inherit (possibly guessed) info AF from parent context */
1952  sock->info.af = accept_from->info.af;
1953  }
1954 
1955  /* are we running in HTTP proxy mode? */
1956  if (sock->http_proxy)
1957  {
1958  ASSERT(sock->info.proto == PROTO_TCP_CLIENT);
1959  ASSERT(!sock->inetd);
1960 
1961  /* the proxy server */
1962  sock->remote_host = http_proxy->options.server;
1963  sock->remote_port = http_proxy->options.port;
1964 
1965  /* the OpenVPN server we will use the proxy to connect to */
1966  sock->proxy_dest_host = remote_host;
1967  sock->proxy_dest_port = remote_port;
1968  }
1969  /* or in Socks proxy mode? */
1970  else if (sock->socks_proxy)
1971  {
1972  ASSERT(!sock->inetd);
1973 
1974  /* the proxy server */
1975  sock->remote_host = socks_proxy->server;
1976  sock->remote_port = socks_proxy->port;
1977 
1978  /* the OpenVPN server we will use the proxy to connect to */
1979  sock->proxy_dest_host = remote_host;
1980  sock->proxy_dest_port = remote_port;
1981  }
1982  else
1983  {
1984  sock->remote_host = remote_host;
1985  sock->remote_port = remote_port;
1986  }
1987 
1988  /* bind behavior for TCP server vs. client */
1989  if (sock->info.proto == PROTO_TCP_SERVER)
1990  {
1991  if (sock->mode == LS_MODE_TCP_ACCEPT_FROM)
1992  {
1993  sock->bind_local = false;
1994  }
1995  else
1996  {
1997  sock->bind_local = true;
1998  }
1999  }
2000 
2001  /* were we started by inetd or xinetd? */
2002  if (sock->inetd)
2003  {
2004  ASSERT(sock->info.proto != PROTO_TCP_CLIENT);
2006  sock->sd = inetd_socket_descriptor;
2007  set_cloexec(sock->sd); /* not created by create_socket*() */
2008  }
2009  else if (mode != LS_MODE_TCP_ACCEPT_FROM)
2010  {
2011  if (sock->bind_local)
2012  {
2013  resolve_bind_local(sock, sock->info.af);
2014  }
2015  resolve_remote(sock, 1, NULL, NULL);
2016  }
2017 }
2018 
2019 static
2020 void
2021 phase2_inetd(struct link_socket *sock, const struct frame *frame,
2022  const char *remote_dynamic, volatile int *signal_received)
2023 {
2024  bool remote_changed = false;
2025 
2026  if (sock->info.proto == PROTO_TCP_SERVER)
2027  {
2028  /* AF_INET as default (and fallback) for inetd */
2029  sock->info.lsa->actual.dest.addr.sa.sa_family = AF_INET;
2030 #ifdef HAVE_GETSOCKNAME
2031  {
2032  /* inetd: hint family type for dest = local's */
2033  struct openvpn_sockaddr local_addr;
2034  socklen_t addrlen = sizeof(local_addr);
2035  if (getsockname(sock->sd, &local_addr.addr.sa, &addrlen) == 0)
2036  {
2037  sock->info.lsa->actual.dest.addr.sa.sa_family = local_addr.addr.sa.sa_family;
2038  dmsg(D_SOCKET_DEBUG, "inetd(%s): using sa_family=%d from getsockname(%d)",
2039  proto2ascii(sock->info.proto, sock->info.af, false),
2040  local_addr.addr.sa.sa_family, (int)sock->sd);
2041  }
2042  else
2043  {
2044  int saved_errno = errno;
2045  msg(M_WARN|M_ERRNO, "inetd(%s): getsockname(%d) failed, using AF_INET",
2046  proto2ascii(sock->info.proto, sock->info.af, false), (int)sock->sd);
2047  /* if not called with a socket on stdin, --inetd cannot work */
2048  if (saved_errno == ENOTSOCK)
2049  {
2050  msg(M_FATAL, "ERROR: socket required for --inetd operation");
2051  }
2052  }
2053  }
2054 #else /* ifdef HAVE_GETSOCKNAME */
2055  msg(M_WARN, "inetd(%s): this OS does not provide the getsockname() "
2056  "function, using AF_INET",
2057  proto2ascii(sock->info.proto, false));
2058 #endif /* ifdef HAVE_GETSOCKNAME */
2059  sock->sd =
2060  socket_listen_accept(sock->sd,
2061  &sock->info.lsa->actual,
2062  remote_dynamic,
2063  sock->info.lsa->bind_local,
2064  false,
2065  sock->inetd == INETD_NOWAIT,
2066  signal_received);
2067  }
2068  ASSERT(!remote_changed);
2069 }
2070 
2071 static void
2073 {
2074  /* set misc socket parameters */
2075  socket_set_flags(sock->sd, sock->sockflags);
2076 
2077  /* set socket to non-blocking mode */
2078  set_nonblock(sock->sd);
2079 
2080  /* set Path MTU discovery options on the socket */
2081  set_mtu_discover_type(sock->sd, sock->mtu_discover_type, sock->info.af);
2082 
2083 #if EXTENDED_SOCKET_ERROR_CAPABILITY
2084  /* if the OS supports it, enable extended error passing on the socket */
2085  set_sock_extended_error_passing(sock->sd);
2086 #endif
2087 }
2088 
2089 
2090 static void
2092 {
2093  struct gc_arena gc = gc_new();
2094  const int msglevel = (sock->mode == LS_MODE_TCP_ACCEPT_FROM) ? D_INIT_MEDIUM : M_INFO;
2095 
2096  /* print local address */
2097  if (sock->inetd)
2098  {
2099  msg(msglevel, "%s link local: [inetd]", proto2ascii(sock->info.proto, sock->info.af, true));
2100  }
2101  else if (sock->bind_local)
2102  {
2103  sa_family_t ai_family = sock->info.lsa->actual.dest.addr.sa.sa_family;
2104  /* Socket is always bound on the first matching address,
2105  * For bound sockets with no remote addr this is the element of
2106  * the list */
2107  struct addrinfo *cur;
2108  for (cur = sock->info.lsa->bind_local; cur; cur = cur->ai_next)
2109  {
2110  if (!ai_family || ai_family == cur->ai_family)
2111  {
2112  break;
2113  }
2114  }
2115  ASSERT(cur);
2116  msg(msglevel, "%s link local (bound): %s",
2117  proto2ascii(sock->info.proto, sock->info.af, true),
2118  print_sockaddr(cur->ai_addr,&gc));
2119  }
2120  else
2121  {
2122  msg(msglevel, "%s link local: (not bound)",
2123  proto2ascii(sock->info.proto, sock->info.af, true));
2124  }
2125 
2126  /* print active remote address */
2127  msg(msglevel, "%s link remote: %s",
2128  proto2ascii(sock->info.proto, sock->info.af, true),
2130  ":",
2132  &gc));
2133  gc_free(&gc);
2134 }
2135 
2136 static void
2137 phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic,
2138  volatile int *signal_received)
2139 {
2140  switch (sock->mode)
2141  {
2142  case LS_MODE_DEFAULT:
2143  sock->sd = socket_listen_accept(sock->sd,
2144  &sock->info.lsa->actual,
2145  remote_dynamic,
2146  sock->info.lsa->bind_local,
2147  true,
2148  false,
2149  signal_received);
2150  break;
2151 
2152  case LS_MODE_TCP_LISTEN:
2153  socket_do_listen(sock->sd,
2154  sock->info.lsa->bind_local,
2155  true,
2156  false);
2157  break;
2158 
2160  sock->sd = socket_do_accept(sock->sd,
2161  &sock->info.lsa->actual,
2162  false);
2163  if (!socket_defined(sock->sd))
2164  {
2165  *signal_received = SIGTERM;
2166  return;
2167  }
2169  break;
2170 
2171  default:
2172  ASSERT(0);
2173  }
2174 }
2175 
2176 
2177 static void
2178 phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
2179 {
2180  bool proxy_retry = false;
2181  do
2182  {
2183  socket_connect(&sock->sd,
2184  sock->info.lsa->current_remote->ai_addr,
2186  sig_info);
2187 
2188  if (sig_info->signal_received)
2189  {
2190  return;
2191  }
2192 
2193  if (sock->http_proxy)
2194  {
2195  proxy_retry = establish_http_proxy_passthru(sock->http_proxy,
2196  sock->sd,
2197  sock->proxy_dest_host,
2198  sock->proxy_dest_port,
2199  sock->server_poll_timeout,
2200  &sock->stream_buf.residual,
2201  &sig_info->signal_received);
2202  }
2203  else if (sock->socks_proxy)
2204  {
2206  sock->sd,
2207  sock->proxy_dest_host,
2208  sock->proxy_dest_port,
2209  &sig_info->signal_received);
2210  }
2211  if (proxy_retry)
2212  {
2213  openvpn_close_socket(sock->sd);
2214  sock->sd = create_socket_tcp(sock->info.lsa->current_remote);
2215  }
2216 
2217  } while (proxy_retry);
2218 
2219 }
2220 
2221 static void
2222 phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
2223 {
2224  socket_connect(&sock->ctrl_sd,
2225  sock->info.lsa->current_remote->ai_addr,
2227  sig_info);
2228 
2229  if (sig_info->signal_received)
2230  {
2231  return;
2232  }
2233 
2235  sock->ctrl_sd,
2236  sock->sd,
2237  &sock->socks_relay.dest,
2238  &sig_info->signal_received);
2239 
2240  if (sig_info->signal_received)
2241  {
2242  return;
2243  }
2244 
2245  sock->remote_host = sock->proxy_dest_host;
2246  sock->remote_port = sock->proxy_dest_port;
2247 
2248  addr_zero_host(&sock->info.lsa->actual.dest);
2249  if (sock->info.lsa->remote_list)
2250  {
2251  freeaddrinfo(sock->info.lsa->remote_list);
2252  sock->info.lsa->current_remote = NULL;
2253  sock->info.lsa->remote_list = NULL;
2254  }
2255 
2256  resolve_remote(sock, 1, NULL, &sig_info->signal_received);
2257 }
2258 
2259 /* finalize socket initialization */
2260 void
2262  const struct frame *frame,
2263  struct signal_info *sig_info)
2264 {
2265  const char *remote_dynamic = NULL;
2266  int sig_save = 0;
2267 
2268  ASSERT(sock);
2269  ASSERT(sig_info);
2270 
2271  if (sig_info->signal_received)
2272  {
2273  sig_save = sig_info->signal_received;
2274  sig_info->signal_received = 0;
2275  }
2276 
2277  /* initialize buffers */
2278  socket_frame_init(frame, sock);
2279 
2280  /*
2281  * Pass a remote name to connect/accept so that
2282  * they can test for dynamic IP address changes
2283  * and throw a SIGUSR1 if appropriate.
2284  */
2285  if (sock->resolve_retry_seconds)
2286  {
2287  remote_dynamic = sock->remote_host;
2288  }
2289 
2290  /* were we started by inetd or xinetd? */
2291  if (sock->inetd)
2292  {
2293  phase2_inetd(sock, frame, remote_dynamic, &sig_info->signal_received);
2294  if (sig_info->signal_received)
2295  {
2296  goto done;
2297  }
2298 
2299  }
2300  else
2301  {
2302  /* Second chance to resolv/create socket */
2303  resolve_remote(sock, 2, &remote_dynamic, &sig_info->signal_received);
2304 
2305  /* If a valid remote has been found, create the socket with its addrinfo */
2306  if (sock->info.lsa->current_remote)
2307  {
2308  create_socket(sock, sock->info.lsa->current_remote);
2309  }
2310 
2311  /* If socket has not already been created create it now */
2312  if (sock->sd == SOCKET_UNDEFINED)
2313  {
2314  /* If we have no --remote and have still not figured out the
2315  * protocol family to use we will use the first of the bind */
2316 
2317  if (sock->bind_local && !sock->remote_host && sock->info.lsa->bind_local)
2318  {
2319  /* Warn if this is because neither v4 or v6 was specified
2320  * and we should not connect a remote */
2321  if (sock->info.af == AF_UNSPEC)
2322  {
2323  msg(M_WARN, "Could not determine IPv4/IPv6 protocol. Using %s",
2324  addr_family_name(sock->info.lsa->bind_local->ai_family));
2325  sock->info.af = sock->info.lsa->bind_local->ai_family;
2326  }
2327 
2328  create_socket(sock, sock->info.lsa->bind_local);
2329  }
2330  }
2331 
2332  /* Socket still undefined, give a warning and abort connection */
2333  if (sock->sd == SOCKET_UNDEFINED)
2334  {
2335  msg(M_WARN, "Could not determine IPv4/IPv6 protocol");
2336  sig_info->signal_received = SIGUSR1;
2337  goto done;
2338  }
2339 
2340  if (sig_info->signal_received)
2341  {
2342  goto done;
2343  }
2344 
2345  if (sock->info.proto == PROTO_TCP_SERVER)
2346  {
2347  phase2_tcp_server(sock, remote_dynamic,
2348  &sig_info->signal_received);
2349  }
2350  else if (sock->info.proto == PROTO_TCP_CLIENT)
2351  {
2352  phase2_tcp_client(sock, sig_info);
2353 
2354  }
2355  else if (sock->info.proto == PROTO_UDP && sock->socks_proxy)
2356  {
2357  phase2_socks_client(sock, sig_info);
2358  }
2359 #ifdef TARGET_ANDROID
2360  if (sock->sd != -1)
2361  {
2362  protect_fd_nonlocal(sock->sd, &sock->info.lsa->actual.dest.addr.sa);
2363  }
2364 #endif
2365  if (sig_info->signal_received)
2366  {
2367  goto done;
2368  }
2369  }
2370 
2372  linksock_print_addr(sock);
2373 
2374 done:
2375  if (sig_save)
2376  {
2377  if (!sig_info->signal_received)
2378  {
2379  sig_info->signal_received = sig_save;
2380  }
2381  }
2382 }
2383 
2384 void
2386 {
2387  if (sock)
2388  {
2389 #ifdef ENABLE_DEBUG
2390  const int gremlin = GREMLIN_CONNECTION_FLOOD_LEVEL(sock->gremlin);
2391 #else
2392  const int gremlin = 0;
2393 #endif
2394 
2395  if (socket_defined(sock->sd))
2396  {
2397 #ifdef _WIN32
2398  close_net_event_win32(&sock->listen_handle, sock->sd, 0);
2399 #endif
2400  if (!gremlin)
2401  {
2402  msg(D_LOW, "TCP/UDP: Closing socket");
2403  if (openvpn_close_socket(sock->sd))
2404  {
2405  msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket failed");
2406  }
2407  }
2408  sock->sd = SOCKET_UNDEFINED;
2409 #ifdef _WIN32
2410  if (!gremlin)
2411  {
2412  overlapped_io_close(&sock->reads);
2413  overlapped_io_close(&sock->writes);
2414  }
2415 #endif
2416  }
2417 
2418  if (socket_defined(sock->ctrl_sd))
2419  {
2420  if (openvpn_close_socket(sock->ctrl_sd))
2421  {
2422  msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket (ctrl_sd) failed");
2423  }
2424  sock->ctrl_sd = SOCKET_UNDEFINED;
2425  }
2426 
2427  stream_buf_close(&sock->stream_buf);
2428  free_buf(&sock->stream_buf_data);
2429  if (!gremlin)
2430  {
2431  free(sock);
2432  }
2433  }
2434 }
2435 
2436 /* for stream protocols, allow for packet length prefix */
2437 void
2439 {
2441  {
2443  }
2444 }
2445 
2446 void
2447 setenv_trusted(struct env_set *es, const struct link_socket_info *info)
2448 {
2449  setenv_link_socket_actual(es, "trusted", &info->lsa->actual, SA_IP_PORT);
2450 }
2451 
2452 static void
2453 ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
2454 {
2455  const char *host = print_sockaddr_ex(&info->lsa->actual.dest.addr.sa, " ", PS_SHOW_PORT, gc);
2456  if (include_cmd)
2457  {
2458  argv_parse_cmd(argv, info->ipchange_command);
2459  argv_printf_cat(argv, "%s", host);
2460  }
2461  else
2462  {
2463  argv_printf(argv, "%s", host);
2464  }
2465 
2466 }
2467 
2468 void
2470  const struct link_socket_actual *act,
2471  const char *common_name,
2472  struct env_set *es)
2473 {
2474  struct gc_arena gc = gc_new();
2475 
2476  info->lsa->actual = *act; /* Note: skip this line for --force-dest */
2477  setenv_trusted(es, info);
2478  info->connection_established = true;
2479 
2480  /* Print connection initiated message, with common name if available */
2481  {
2482  struct buffer out = alloc_buf_gc(256, &gc);
2483  if (common_name)
2484  {
2485  buf_printf(&out, "[%s] ", common_name);
2486  }
2487  buf_printf(&out, "Peer Connection Initiated with %s", print_link_socket_actual(&info->lsa->actual, &gc));
2488  msg(M_INFO, "%s", BSTR(&out));
2489  }
2490 
2491  /* set environmental vars */
2492  setenv_str(es, "common_name", common_name);
2493 
2494  /* Process --ipchange plugin */
2496  {
2497  struct argv argv = argv_new();
2498  ipchange_fmt(false, &argv, info, &gc);
2500  {
2501  msg(M_WARN, "WARNING: ipchange plugin call failed");
2502  }
2503  argv_free(&argv);
2504  }
2505 
2506  /* Process --ipchange option */
2507  if (info->ipchange_command)
2508  {
2509  struct argv argv = argv_new();
2510  setenv_str(es, "script_type", "ipchange");
2511  ipchange_fmt(true, &argv, info, &gc);
2512  openvpn_run_script(&argv, es, 0, "--ipchange");
2513  argv_free(&argv);
2514  }
2515 
2516  gc_free(&gc);
2517 }
2518 
2519 void
2521  const struct link_socket_info *info,
2522  const struct link_socket_actual *from_addr)
2523 {
2524  struct gc_arena gc = gc_new();
2525  struct addrinfo *ai;
2526 
2527  switch (from_addr->dest.addr.sa.sa_family)
2528  {
2529  case AF_INET:
2530  case AF_INET6:
2532  "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
2533  print_link_socket_actual(from_addr, &gc),
2534  (int)from_addr->dest.addr.sa.sa_family,
2535  print_sockaddr_ex(info->lsa->remote_list->ai_addr,":",PS_SHOW_PORT, &gc));
2536  /* print additional remote addresses */
2537  for (ai = info->lsa->remote_list->ai_next; ai; ai = ai->ai_next)
2538  {
2539  msg(D_LINK_ERRORS,"or from peer address: %s",
2540  print_sockaddr_ex(ai->ai_addr,":",PS_SHOW_PORT, &gc));
2541  }
2542  break;
2543  }
2544  buf->len = 0;
2545  gc_free(&gc);
2546 }
2547 
2548 void
2550 {
2551  dmsg(D_READ_WRITE, "TCP/UDP: No outgoing address to send packet");
2552 }
2553 
2554 in_addr_t
2556 {
2557  const struct link_socket_addr *lsa = info->lsa;
2558 
2559 /*
2560  * This logic supports "redirect-gateway" semantic, which
2561  * makes sense only for PF_INET routes over PF_INET endpoints
2562  *
2563  * Maybe in the future consider PF_INET6 endpoints also ...
2564  * by now just ignore it
2565  *
2566  * For --remote entries with multiple addresses this
2567  * only return the actual endpoint we have successfully connected to
2568  */
2569  if (lsa->actual.dest.addr.sa.sa_family != AF_INET)
2570  {
2571  return IPV4_INVALID_ADDR;
2572  }
2573 
2575  {
2576  return ntohl(lsa->actual.dest.addr.in4.sin_addr.s_addr);
2577  }
2578  else if (lsa->current_remote)
2579  {
2580  return ntohl(((struct sockaddr_in *)lsa->current_remote->ai_addr)
2581  ->sin_addr.s_addr);
2582  }
2583  else
2584  {
2585  return 0;
2586  }
2587 }
2588 
2589 const struct in6_addr *
2591 {
2592  const struct link_socket_addr *lsa = info->lsa;
2593 
2594 /* This logic supports "redirect-gateway" semantic,
2595  * for PF_INET6 routes over PF_INET6 endpoints
2596  *
2597  * For --remote entries with multiple addresses this
2598  * only return the actual endpoint we have successfully connected to
2599  */
2600  if (lsa->actual.dest.addr.sa.sa_family != AF_INET6)
2601  {
2602  return NULL;
2603  }
2604 
2606  {
2607  return &(lsa->actual.dest.addr.in6.sin6_addr);
2608  }
2609  else if (lsa->current_remote)
2610  {
2611  return &(((struct sockaddr_in6 *)lsa->current_remote->ai_addr)->sin6_addr);
2612  }
2613  else
2614  {
2615  return NULL;
2616  }
2617 }
2618 
2619 /*
2620  * Return a status string describing socket state.
2621  */
2622 const char *
2623 socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
2624 {
2625  struct buffer out = alloc_buf_gc(64, gc);
2626  if (s)
2627  {
2628  if (rwflags & EVENT_READ)
2629  {
2630  buf_printf(&out, "S%s",
2631  (s->rwflags_debug & EVENT_READ) ? "R" : "r");
2632 #ifdef _WIN32
2633  buf_printf(&out, "%s",
2635 #endif
2636  }
2637  if (rwflags & EVENT_WRITE)
2638  {
2639  buf_printf(&out, "S%s",
2640  (s->rwflags_debug & EVENT_WRITE) ? "W" : "w");
2641 #ifdef _WIN32
2642  buf_printf(&out, "%s",
2644 #endif
2645  }
2646  }
2647  else
2648  {
2649  buf_printf(&out, "S?");
2650  }
2651  return BSTR(&out);
2652 }
2653 
2654 /*
2655  * Stream buffer functions, used to packetize a TCP
2656  * stream connection.
2657  */
2658 
2659 static inline void
2661 {
2662  dmsg(D_STREAM_DEBUG, "STREAM: RESET");
2663  sb->residual_fully_formed = false;
2664  sb->buf = sb->buf_init;
2665  buf_reset(&sb->next);
2666  sb->len = -1;
2667 }
2668 
2669 static void
2671  struct buffer *buf,
2672  const unsigned int sockflags,
2673  const int proto)
2674 {
2675  sb->buf_init = *buf;
2676  sb->maxlen = sb->buf_init.len;
2677  sb->buf_init.len = 0;
2678  sb->residual = alloc_buf(sb->maxlen);
2679  sb->error = false;
2680 #if PORT_SHARE
2681  sb->port_share_state = ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCP_SERVER))
2682  ? PS_ENABLED
2683  : PS_DISABLED;
2684 #endif
2685  stream_buf_reset(sb);
2686 
2687  dmsg(D_STREAM_DEBUG, "STREAM: INIT maxlen=%d", sb->maxlen);
2688 }
2689 
2690 static inline void
2692 {
2693  /* set up 'next' for next i/o read */
2694  sb->next = sb->buf;
2695  sb->next.offset = sb->buf.offset + sb->buf.len;
2696  sb->next.len = (sb->len >= 0 ? sb->len : sb->maxlen) - sb->buf.len;
2697  dmsg(D_STREAM_DEBUG, "STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%d",
2698  sb->buf.offset, sb->buf.len,
2699  sb->next.offset, sb->next.len,
2700  sb->len, sb->maxlen);
2701  ASSERT(sb->next.len > 0);
2702  ASSERT(buf_safe(&sb->buf, sb->next.len));
2703 }
2704 
2705 static inline void
2706 stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
2707 {
2708  dmsg(D_STREAM_DEBUG, "STREAM: GET FINAL len=%d",
2709  buf_defined(&sb->buf) ? sb->buf.len : -1);
2710  ASSERT(buf_defined(&sb->buf));
2711  *buf = sb->buf;
2712 }
2713 
2714 static inline void
2715 stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
2716 {
2717  dmsg(D_STREAM_DEBUG, "STREAM: GET NEXT len=%d",
2718  buf_defined(&sb->next) ? sb->next.len : -1);
2719  ASSERT(buf_defined(&sb->next));
2720  *buf = sb->next;
2721 }
2722 
2723 bool
2725 {
2727  {
2728  ASSERT(buf_copy(&sock->stream_buf.buf, &sock->stream_buf.residual));
2729  ASSERT(buf_init(&sock->stream_buf.residual, 0));
2731  dmsg(D_STREAM_DEBUG, "STREAM: RESIDUAL FULLY FORMED [%s], len=%d",
2732  sock->stream_buf.residual_fully_formed ? "YES" : "NO",
2733  sock->stream_buf.residual.len);
2734  }
2735 
2736  if (!sock->stream_buf.residual_fully_formed)
2737  {
2739  }
2740  return !sock->stream_buf.residual_fully_formed;
2741 }
2742 
2743 static bool
2745  int length_added)
2746 {
2747  dmsg(D_STREAM_DEBUG, "STREAM: ADD length_added=%d", length_added);
2748  if (length_added > 0)
2749  {
2750  sb->buf.len += length_added;
2751  }
2752 
2753  /* if length unknown, see if we can get the length prefix from
2754  * the head of the buffer */
2755  if (sb->len < 0 && sb->buf.len >= (int) sizeof(packet_size_type))
2756  {
2757  packet_size_type net_size;
2758 
2759 #if PORT_SHARE
2760  if (sb->port_share_state == PS_ENABLED)
2761  {
2762  if (!is_openvpn_protocol(&sb->buf))
2763  {
2764  msg(D_STREAM_ERRORS, "Non-OpenVPN client protocol detected");
2765  sb->port_share_state = PS_FOREIGN;
2766  sb->error = true;
2767  return false;
2768  }
2769  else
2770  {
2771  sb->port_share_state = PS_DISABLED;
2772  }
2773  }
2774 #endif
2775 
2776  ASSERT(buf_read(&sb->buf, &net_size, sizeof(net_size)));
2777  sb->len = ntohps(net_size);
2778 
2779  if (sb->len < 1 || sb->len > sb->maxlen)
2780  {
2781  msg(M_WARN, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]", sb->len, sb->maxlen);
2782  stream_buf_reset(sb);
2783  sb->error = true;
2784  return false;
2785  }
2786  }
2787 
2788  /* is our incoming packet fully read? */
2789  if (sb->len > 0 && sb->buf.len >= sb->len)
2790  {
2791  /* save any residual data that's part of the next packet */
2792  ASSERT(buf_init(&sb->residual, 0));
2793  if (sb->buf.len > sb->len)
2794  {
2795  ASSERT(buf_copy_excess(&sb->residual, &sb->buf, sb->len));
2796  }
2797  dmsg(D_STREAM_DEBUG, "STREAM: ADD returned TRUE, buf_len=%d, residual_len=%d",
2798  BLEN(&sb->buf),
2799  BLEN(&sb->residual));
2800  return true;
2801  }
2802  else
2803  {
2804  dmsg(D_STREAM_DEBUG, "STREAM: ADD returned FALSE (have=%d need=%d)", sb->buf.len, sb->len);
2805  stream_buf_set_next(sb);
2806  return false;
2807  }
2808 }
2809 
2810 static void
2812 {
2813  free_buf(&sb->residual);
2814 }
2815 
2816 /*
2817  * The listen event is a special event whose sole purpose is
2818  * to tell us that there's a new incoming connection on a
2819  * TCP socket, for use in server mode.
2820  */
2821 event_t
2823 {
2824 #ifdef _WIN32
2826  {
2827  init_net_event_win32(&s->listen_handle, FD_ACCEPT, s->sd, 0);
2828  }
2829  return &s->listen_handle;
2830 #else /* ifdef _WIN32 */
2831  return s->sd;
2832 #endif
2833 }
2834 
2835 /*
2836  * Format IP addresses in ascii
2837  */
2838 
2839 const char *
2840 print_sockaddr_ex(const struct sockaddr *sa,
2841  const char *separator,
2842  const unsigned int flags,
2843  struct gc_arena *gc)
2844 {
2845  struct buffer out = alloc_buf_gc(128, gc);
2846  bool addr_is_defined = false;
2847  char hostaddr[NI_MAXHOST] = "";
2848  char servname[NI_MAXSERV] = "";
2849  int status;
2850 
2851  socklen_t salen = 0;
2852  switch (sa->sa_family)
2853  {
2854  case AF_INET:
2855  if (!(flags & PS_DONT_SHOW_FAMILY))
2856  {
2857  buf_puts(&out, "[AF_INET]");
2858  }
2859  salen = sizeof(struct sockaddr_in);
2860  addr_is_defined = ((struct sockaddr_in *) sa)->sin_addr.s_addr != 0;
2861  break;
2862 
2863  case AF_INET6:
2864  if (!(flags & PS_DONT_SHOW_FAMILY))
2865  {
2866  buf_puts(&out, "[AF_INET6]");
2867  }
2868  salen = sizeof(struct sockaddr_in6);
2869  addr_is_defined = !IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) sa)->sin6_addr);
2870  break;
2871 
2872  case AF_UNSPEC:
2873  if (!(flags & PS_DONT_SHOW_FAMILY))
2874  {
2875  return "[AF_UNSPEC]";
2876  }
2877  else
2878  {
2879  return "";
2880  }
2881 
2882  default:
2883  ASSERT(0);
2884  }
2885 
2886  status = getnameinfo(sa, salen, hostaddr, sizeof(hostaddr),
2887  servname, sizeof(servname), NI_NUMERICHOST | NI_NUMERICSERV);
2888 
2889  if (status!=0)
2890  {
2891  buf_printf(&out,"[nameinfo() err: %s]",gai_strerror(status));
2892  return BSTR(&out);
2893  }
2894 
2895  if (!(flags & PS_DONT_SHOW_ADDR))
2896  {
2897  if (addr_is_defined)
2898  {
2899  buf_puts(&out, hostaddr);
2900  }
2901  else
2902  {
2903  buf_puts(&out, "[undef]");
2904  }
2905  }
2906 
2907  if ((flags & PS_SHOW_PORT) || (flags & PS_SHOW_PORT_IF_DEFINED))
2908  {
2909  if (separator)
2910  {
2911  buf_puts(&out, separator);
2912  }
2913 
2914  buf_puts(&out, servname);
2915  }
2916 
2917  return BSTR(&out);
2918 }
2919 
2920 const char *
2922 {
2924 }
2925 
2926 #ifndef IF_NAMESIZE
2927 #define IF_NAMESIZE 16
2928 #endif
2929 
2930 const char *
2932  const char *separator,
2933  const unsigned int flags,
2934  struct gc_arena *gc)
2935 {
2936  if (act)
2937  {
2938  char ifname[IF_NAMESIZE] = "[undef]";
2939  struct buffer out = alloc_buf_gc(128, gc);
2940  buf_printf(&out, "%s", print_sockaddr_ex(&act->dest.addr.sa, separator, flags, gc));
2941 #if ENABLE_IP_PKTINFO
2942  if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(act))
2943  {
2944  switch (act->dest.addr.sa.sa_family)
2945  {
2946  case AF_INET:
2947  {
2948  struct openvpn_sockaddr sa;
2949  CLEAR(sa);
2950  sa.addr.in4.sin_family = AF_INET;
2951 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2952  sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst;
2953  if_indextoname(act->pi.in4.ipi_ifindex, ifname);
2954 #elif defined(IP_RECVDSTADDR)
2955  sa.addr.in4.sin_addr = act->pi.in4;
2956  ifname[0] = 0;
2957 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2958 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
2959 #endif
2960  buf_printf(&out, " (via %s%%%s)",
2961  print_sockaddr_ex(&sa.addr.sa, separator, 0, gc),
2962  ifname);
2963  }
2964  break;
2965 
2966  case AF_INET6:
2967  {
2968  struct sockaddr_in6 sin6;
2969  char buf[INET6_ADDRSTRLEN] = "[undef]";
2970  CLEAR(sin6);
2971  sin6.sin6_family = AF_INET6;
2972  sin6.sin6_addr = act->pi.in6.ipi6_addr;
2973  if_indextoname(act->pi.in6.ipi6_ifindex, ifname);
2974  if (getnameinfo((struct sockaddr *)&sin6, sizeof(struct sockaddr_in6),
2975  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST) == 0)
2976  {
2977  buf_printf(&out, " (via %s%%%s)", buf, ifname);
2978  }
2979  else
2980  {
2981  buf_printf(&out, " (via [getnameinfo() err]%%%s)", ifname);
2982  }
2983  }
2984  break;
2985  }
2986  }
2987 #endif /* if ENABLE_IP_PKTINFO */
2988  return BSTR(&out);
2989  }
2990  else
2991  {
2992  return "[NULL]";
2993  }
2994 }
2995 
2996 /*
2997  * Convert an in_addr_t in host byte order
2998  * to an ascii dotted quad.
2999  */
3000 const char *
3001 print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
3002 {
3003  struct in_addr ia;
3004  struct buffer out = alloc_buf_gc(64, gc);
3005 
3006  if (addr || !(flags & IA_EMPTY_IF_UNDEF))
3007  {
3008  CLEAR(ia);
3009  ia.s_addr = (flags & IA_NET_ORDER) ? addr : htonl(addr);
3010 
3011  buf_printf(&out, "%s", inet_ntoa(ia));
3012  }
3013  return BSTR(&out);
3014 }
3015 
3016 /*
3017  * Convert an in6_addr in host byte order
3018  * to an ascii representation of an IPv6 address
3019  */
3020 const char *
3021 print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
3022 {
3023  struct buffer out = alloc_buf_gc(64, gc);
3024  char tmp_out_buf[64]; /* inet_ntop wants pointer to buffer */
3025 
3026  if (memcmp(&a6, &in6addr_any, sizeof(a6)) != 0
3027  || !(flags & IA_EMPTY_IF_UNDEF))
3028  {
3029  inet_ntop(AF_INET6, &a6, tmp_out_buf, sizeof(tmp_out_buf)-1);
3030  buf_printf(&out, "%s", tmp_out_buf );
3031  }
3032  return BSTR(&out);
3033 }
3034 
3035 #ifndef UINT8_MAX
3036 #define UINT8_MAX 0xff
3037 #endif
3038 
3039 /* add some offset to an ipv6 address
3040  * (add in steps of 8 bits, taking overflow into next round)
3041  */
3042 struct in6_addr
3043 add_in6_addr( struct in6_addr base, uint32_t add )
3044 {
3045  int i;
3046 
3047  for (i = 15; i>=0 && add > 0; i--)
3048  {
3049  register int carry;
3050  register uint32_t h;
3051 
3052  h = (unsigned char) base.s6_addr[i];
3053  base.s6_addr[i] = (h+add) & UINT8_MAX;
3054 
3055  /* using explicit carry for the 8-bit additions will catch
3056  * 8-bit and(!) 32-bit overruns nicely
3057  */
3058  carry = ((h & 0xff) + (add & 0xff)) >> 8;
3059  add = (add>>8) + carry;
3060  }
3061  return base;
3062 }
3063 
3064 /* set environmental variables for ip/port in *addr */
3065 void
3066 setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
3067 {
3068  char name_buf[256];
3069 
3070  char buf[128];
3071  switch (addr->addr.sa.sa_family)
3072  {
3073  case AF_INET:
3074  if (flags & SA_IP_PORT)
3075  {
3076  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
3077  }
3078  else
3079  {
3080  openvpn_snprintf(name_buf, sizeof(name_buf), "%s", name_prefix);
3081  }
3082 
3083  setenv_str(es, name_buf, inet_ntoa(addr->addr.in4.sin_addr));
3084 
3085  if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port)
3086  {
3087  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
3088  setenv_int(es, name_buf, ntohs(addr->addr.in4.sin_port));
3089  }
3090  break;
3091 
3092  case AF_INET6:
3093  if (IN6_IS_ADDR_V4MAPPED( &addr->addr.in6.sin6_addr ))
3094  {
3095  struct in_addr ia;
3096  memcpy(&ia.s_addr, &addr->addr.in6.sin6_addr.s6_addr[12],
3097  sizeof(ia.s_addr));
3098  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
3099  openvpn_snprintf(buf, sizeof(buf), "%s", inet_ntoa(ia) );
3100  }
3101  else
3102  {
3103  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix);
3104  getnameinfo(&addr->addr.sa, sizeof(struct sockaddr_in6),
3105  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
3106  }
3107  setenv_str(es, name_buf, buf);
3108 
3109  if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port)
3110  {
3111  openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
3112  setenv_int(es, name_buf, ntohs(addr->addr.in6.sin6_port));
3113  }
3114  break;
3115  }
3116 }
3117 
3118 void
3119 setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
3120 {
3121  if (addr || !(flags & SA_SET_IF_NONZERO))
3122  {
3123  struct openvpn_sockaddr si;
3124  CLEAR(si);
3125  si.addr.in4.sin_family = AF_INET;
3126  si.addr.in4.sin_addr.s_addr = htonl(addr);
3127  setenv_sockaddr(es, name_prefix, &si, flags);
3128  }
3129 }
3130 
3131 void
3133  const char *name_prefix,
3134  const struct in6_addr *addr,
3135  const unsigned int flags)
3136 {
3137  if (!IN6_IS_ADDR_UNSPECIFIED(addr) || !(flags & SA_SET_IF_NONZERO))
3138  {
3139  struct openvpn_sockaddr si;
3140  CLEAR(si);
3141  si.addr.in6.sin6_family = AF_INET6;
3142  si.addr.in6.sin6_addr = *addr;
3143  setenv_sockaddr(es, name_prefix, &si, flags);
3144  }
3145 }
3146 
3147 void
3149  const char *name_prefix,
3150  const struct link_socket_actual *act,
3151  const unsigned int flags)
3152 {
3153  setenv_sockaddr(es, name_prefix, &act->dest, flags);
3154 }
3155 
3156 /*
3157  * Convert protocol names between index and ascii form.
3158  */
3159 
3160 struct proto_names {
3161  const char *short_form;
3162  const char *display_form;
3164  int proto;
3165 };
3166 
3167 /* Indexed by PROTO_x */
3168 static const struct proto_names proto_names[] = {
3169  {"proto-uninitialized", "proto-NONE", AF_UNSPEC, PROTO_NONE},
3170  /* try IPv4 and IPv6 (client), bind dual-stack (server) */
3171  {"udp", "UDP", AF_UNSPEC, PROTO_UDP},
3172  {"tcp-server", "TCP_SERVER", AF_UNSPEC, PROTO_TCP_SERVER},
3173  {"tcp-client", "TCP_CLIENT", AF_UNSPEC, PROTO_TCP_CLIENT},
3174  {"tcp", "TCP", AF_UNSPEC, PROTO_TCP},
3175  /* force IPv4 */
3176  {"udp4", "UDPv4", AF_INET, PROTO_UDP},
3177  {"tcp4-server", "TCPv4_SERVER", AF_INET, PROTO_TCP_SERVER},
3178  {"tcp4-client", "TCPv4_CLIENT", AF_INET, PROTO_TCP_CLIENT},
3179  {"tcp4", "TCPv4", AF_INET, PROTO_TCP},
3180  /* force IPv6 */
3181  {"udp6", "UDPv6", AF_INET6, PROTO_UDP},
3182  {"tcp6-server", "TCPv6_SERVER", AF_INET6, PROTO_TCP_SERVER},
3183  {"tcp6-client", "TCPv6_CLIENT", AF_INET6, PROTO_TCP_CLIENT},
3184  {"tcp6", "TCPv6", AF_INET6, PROTO_TCP},
3185 };
3186 
3187 bool
3189 {
3190  if (proto < 0 || proto >= PROTO_N)
3191  {
3192  ASSERT(0);
3193  }
3194  return proto != PROTO_NONE;
3195 }
3196 
3197 bool
3199 {
3200  return proto_is_udp(proto);
3201 }
3202 
3203 bool
3205 {
3206  if (proto < 0 || proto >= PROTO_N)
3207  {
3208  ASSERT(0);
3209  }
3210  return proto == PROTO_UDP;
3211 }
3212 
3213 bool
3215 {
3216  if (proto < 0 || proto >= PROTO_N)
3217  {
3218  ASSERT(0);
3219  }
3220  return proto == PROTO_TCP_CLIENT || proto == PROTO_TCP_SERVER;
3221 }
3222 
3223 int
3224 ascii2proto(const char *proto_name)
3225 {
3226  int i;
3227  for (i = 0; i < SIZE(proto_names); ++i)
3228  {
3229  if (!strcmp(proto_name, proto_names[i].short_form))
3230  {
3231  return proto_names[i].proto;
3232  }
3233  }
3234  return -1;
3235 }
3236 
3238 ascii2af(const char *proto_name)
3239 {
3240  int i;
3241  for (i = 0; i < SIZE(proto_names); ++i)
3242  {
3243  if (!strcmp(proto_name, proto_names[i].short_form))
3244  {
3245  return proto_names[i].proto_af;
3246  }
3247  }
3248  return 0;
3249 }
3250 
3251 const char *
3253 {
3254  unsigned int i;
3255  for (i = 0; i < SIZE(proto_names); ++i)
3256  {
3257  if (proto_names[i].proto_af == af && proto_names[i].proto == proto)
3258  {
3259  if (display_form)
3260  {
3261  return proto_names[i].display_form;
3262  }
3263  else
3264  {
3265  return proto_names[i].short_form;
3266  }
3267  }
3268  }
3269 
3270  return "[unknown protocol]";
3271 }
3272 
3273 const char *
3275 {
3276  struct buffer out = alloc_buf_gc(256, gc);
3277  int i;
3278 
3279  for (i = 0; i < SIZE(proto_names); ++i)
3280  {
3281  if (i)
3282  {
3283  buf_printf(&out, " ");
3284  }
3285  buf_printf(&out, "[%s]", proto_names[i].short_form);
3286  }
3287  return BSTR(&out);
3288 }
3289 
3290 const char *
3292 {
3293  switch (af)
3294  {
3295  case AF_INET: return "AF_INET";
3296 
3297  case AF_INET6: return "AF_INET6";
3298  }
3299  return "AF_UNSPEC";
3300 }
3301 
3302 /*
3303  * Given a local proto, return local proto
3304  * if !remote, or compatible remote proto
3305  * if remote.
3306  *
3307  * This is used for options compatibility
3308  * checking.
3309  *
3310  * IPv6 and IPv4 protocols are comptabile but OpenVPN
3311  * has always sent UDPv4, TCPv4 over the wire. Keep these
3312  * strings for backward compatibility
3313  */
3314 const char *
3315 proto_remote(int proto, bool remote)
3316 {
3317  ASSERT(proto >= 0 && proto < PROTO_N);
3318  if (proto == PROTO_UDP)
3319  {
3320  return "UDPv4";
3321  }
3322 
3323  if ( (remote && proto == PROTO_TCP_CLIENT)
3324  || (!remote && proto == PROTO_TCP_SERVER))
3325  {
3326  return "TCPv4_SERVER";
3327  }
3328  if ( (remote && proto == PROTO_TCP_SERVER)
3329  || (!remote && proto == PROTO_TCP_CLIENT))
3330  {
3331  return "TCPv4_CLIENT";
3332  }
3333 
3334  ASSERT(0);
3335  return ""; /* Make the compiler happy */
3336 }
3337 
3338 /*
3339  * Bad incoming address lengths that differ from what
3340  * we expect are considered to be fatal errors.
3341  */
3342 void
3343 bad_address_length(int actual, int expected)
3344 {
3345  msg(M_FATAL, "ERROR: received strange incoming packet with an address length of %d -- we only accept address lengths of %d.",
3346  actual,
3347  expected);
3348 }
3349 
3350 /*
3351  * Socket Read Routines
3352  */
3353 
3354 int
3356  struct buffer *buf)
3357 {
3358  int len = 0;
3359 
3360  if (!sock->stream_buf.residual_fully_formed)
3361  {
3362 #ifdef _WIN32
3363  len = socket_finalize(sock->sd, &sock->reads, buf, NULL);
3364 #else
3365  struct buffer frag;
3366  stream_buf_get_next(&sock->stream_buf, &frag);
3367  len = recv(sock->sd, BPTR(&frag), BLEN(&frag), MSG_NOSIGNAL);
3368 #endif
3369 
3370  if (!len)
3371  {
3372  sock->stream_reset = true;
3373  }
3374  if (len <= 0)
3375  {
3376  return buf->len = len;
3377  }
3378  }
3379 
3381  || stream_buf_added(&sock->stream_buf, len)) /* packet complete? */
3382  {
3383  stream_buf_get_final(&sock->stream_buf, buf);
3384  stream_buf_reset(&sock->stream_buf);
3385  return buf->len;
3386  }
3387  else
3388  {
3389  return buf->len = 0; /* no error, but packet is still incomplete */
3390  }
3391 }
3392 
3393 #ifndef _WIN32
3394 
3395 #if ENABLE_IP_PKTINFO
3396 
3397 /* make the buffer large enough to handle ancillary socket data for
3398  * both IPv4 and IPv6 destination addresses, plus padding (see RFC 2292)
3399  */
3400 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3401 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3402  CMSG_SPACE(sizeof(struct in_pktinfo)) )
3403 #else
3404 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3405  CMSG_SPACE(sizeof(struct in_addr)) )
3406 #endif
3407 
3408 static socklen_t
3409 link_socket_read_udp_posix_recvmsg(struct link_socket *sock,
3410  struct buffer *buf,
3411  struct link_socket_actual *from)
3412 {
3413  struct iovec iov;
3414  uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
3415  struct msghdr mesg;
3416  socklen_t fromlen = sizeof(from->dest.addr);
3417 
3418  iov.iov_base = BPTR(buf);
3419  iov.iov_len = buf_forward_capacity_total(buf);
3420  mesg.msg_iov = &iov;
3421  mesg.msg_iovlen = 1;
3422  mesg.msg_name = &from->dest.addr;
3423  mesg.msg_namelen = fromlen;
3424  mesg.msg_control = pktinfo_buf;
3425  mesg.msg_controllen = sizeof pktinfo_buf;
3426  buf->len = recvmsg(sock->sd, &mesg, 0);
3427  if (buf->len >= 0)
3428  {
3429  struct cmsghdr *cmsg;
3430  fromlen = mesg.msg_namelen;
3431  cmsg = CMSG_FIRSTHDR(&mesg);
3432  if (cmsg != NULL
3433  && CMSG_NXTHDR(&mesg, cmsg) == NULL
3434 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3435  && cmsg->cmsg_level == SOL_IP
3436  && cmsg->cmsg_type == IP_PKTINFO
3437  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_pktinfo)) )
3438 #elif defined(IP_RECVDSTADDR)
3439  && cmsg->cmsg_level == IPPROTO_IP
3440  && cmsg->cmsg_type == IP_RECVDSTADDR
3441  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_addr)) )
3442 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3443 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3444 #endif
3445  {
3446 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3447  struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
3448  from->pi.in4.ipi_ifindex = pkti->ipi_ifindex;
3449  from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst;
3450 #elif defined(IP_RECVDSTADDR)
3451  from->pi.in4 = *(struct in_addr *) CMSG_DATA(cmsg);
3452 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3453 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3454 #endif
3455  }
3456  else if (cmsg != NULL
3457  && CMSG_NXTHDR(&mesg, cmsg) == NULL
3458  && cmsg->cmsg_level == IPPROTO_IPV6
3459  && cmsg->cmsg_type == IPV6_PKTINFO
3460  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in6_pktinfo)) )
3461  {
3462  struct in6_pktinfo *pkti6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
3463  from->pi.in6.ipi6_ifindex = pkti6->ipi6_ifindex;
3464  from->pi.in6.ipi6_addr = pkti6->ipi6_addr;
3465  }
3466  else if (cmsg != NULL)
3467  {
3468  msg(M_WARN, "CMSG received that cannot be parsed (cmsg_level=%d, cmsg_type=%d, cmsg=len=%d)", (int)cmsg->cmsg_level, (int)cmsg->cmsg_type, (int)cmsg->cmsg_len );
3469  }
3470  }
3471 
3472  return fromlen;
3473 }
3474 #endif /* if ENABLE_IP_PKTINFO */
3475 
3476 int
3477 link_socket_read_udp_posix(struct link_socket *sock,
3478  struct buffer *buf,
3479  struct link_socket_actual *from)
3480 {
3481  socklen_t fromlen = sizeof(from->dest.addr);
3482  socklen_t expectedlen = af_addr_size(sock->info.af);
3483  addr_zero_host(&from->dest);
3484 #if ENABLE_IP_PKTINFO
3485  /* Both PROTO_UDPv4 and PROTO_UDPv6 */
3486  if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO)
3487  {
3488  fromlen = link_socket_read_udp_posix_recvmsg(sock, buf, from);
3489  }
3490  else
3491 #endif
3492  buf->len = recvfrom(sock->sd, BPTR(buf), buf_forward_capacity(buf), 0,
3493  &from->dest.addr.sa, &fromlen);
3494  /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3495  if (buf->len >= 0 && expectedlen && fromlen != expectedlen)
3496  {
3497  bad_address_length(fromlen, expectedlen);
3498  }
3499  return buf->len;
3500 }
3501 
3502 #endif /* ifndef _WIN32 */
3503 
3504 /*
3505  * Socket Write Routines
3506  */
3507 
3508 int
3510  struct buffer *buf,
3511  struct link_socket_actual *to)
3512 {
3513  packet_size_type len = BLEN(buf);
3514  dmsg(D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset);
3515  ASSERT(len <= sock->stream_buf.maxlen);
3516  len = htonps(len);
3517  ASSERT(buf_write_prepend(buf, &len, sizeof(len)));
3518 #ifdef _WIN32
3519  return link_socket_write_win32(sock, buf, to);
3520 #else
3521  return link_socket_write_tcp_posix(sock, buf, to);
3522 #endif
3523 }
3524 
3525 #if ENABLE_IP_PKTINFO
3526 
3527 size_t
3528 link_socket_write_udp_posix_sendmsg(struct link_socket *sock,
3529  struct buffer *buf,
3530  struct link_socket_actual *to)
3531 {
3532  struct iovec iov;
3533  struct msghdr mesg;
3534  struct cmsghdr *cmsg;
3535  uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
3536 
3537  iov.iov_base = BPTR(buf);
3538  iov.iov_len = BLEN(buf);
3539  mesg.msg_iov = &iov;
3540  mesg.msg_iovlen = 1;
3541  switch (to->dest.addr.sa.sa_family)
3542  {
3543  case AF_INET:
3544  {
3545  mesg.msg_name = &to->dest.addr.sa;
3546  mesg.msg_namelen = sizeof(struct sockaddr_in);
3547  mesg.msg_control = pktinfo_buf;
3548  mesg.msg_flags = 0;
3549 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3550  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
3551  cmsg = CMSG_FIRSTHDR(&mesg);
3552  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
3553  cmsg->cmsg_level = SOL_IP;
3554  cmsg->cmsg_type = IP_PKTINFO;
3555  {
3556  struct in_pktinfo *pkti;
3557  pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
3558  pkti->ipi_ifindex = to->pi.in4.ipi_ifindex;
3559  pkti->ipi_spec_dst = to->pi.in4.ipi_spec_dst;
3560  pkti->ipi_addr.s_addr = 0;
3561  }
3562 #elif defined(IP_RECVDSTADDR)
3563  ASSERT( CMSG_SPACE(sizeof(struct in_addr)) <= sizeof(pktinfo_buf) );
3564  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
3565  cmsg = CMSG_FIRSTHDR(&mesg);
3566  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
3567  cmsg->cmsg_level = IPPROTO_IP;
3568  cmsg->cmsg_type = IP_RECVDSTADDR;
3569  *(struct in_addr *) CMSG_DATA(cmsg) = to->pi.in4;
3570 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3571 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3572 #endif /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3573  break;
3574  }
3575 
3576  case AF_INET6:
3577  {
3578  struct in6_pktinfo *pkti6;
3579  mesg.msg_name = &to->dest.addr.sa;
3580  mesg.msg_namelen = sizeof(struct sockaddr_in6);
3581 
3582  ASSERT( CMSG_SPACE(sizeof(struct in6_pktinfo)) <= sizeof(pktinfo_buf) );
3583  mesg.msg_control = pktinfo_buf;
3584  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
3585  mesg.msg_flags = 0;
3586  cmsg = CMSG_FIRSTHDR(&mesg);
3587  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
3588  cmsg->cmsg_level = IPPROTO_IPV6;
3589  cmsg->cmsg_type = IPV6_PKTINFO;
3590 
3591  pkti6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
3592  pkti6->ipi6_ifindex = to->pi.in6.ipi6_ifindex;
3593  pkti6->ipi6_addr = to->pi.in6.ipi6_addr;
3594  break;
3595  }
3596 
3597  default: ASSERT(0);
3598  }
3599  return sendmsg(sock->sd, &mesg, 0);
3600 }
3601 
3602 #endif /* if ENABLE_IP_PKTINFO */
3603 
3604 /*
3605  * Win32 overlapped socket I/O functions.
3606  */
3607 
3608 #ifdef _WIN32
3609 
3610 int
3611 socket_recv_queue(struct link_socket *sock, int maxsize)
3612 {
3613  if (sock->reads.iostate == IOSTATE_INITIAL)
3614  {
3615  WSABUF wsabuf[1];
3616  int status;
3617 
3618  /* reset buf to its initial state */
3619  if (proto_is_udp(sock->info.proto))
3620  {
3621  sock->reads.buf = sock->reads.buf_init;
3622  }
3623  else if (proto_is_tcp(sock->info.proto))
3624  {
3625  stream_buf_get_next(&sock->stream_buf, &sock->reads.buf);
3626  }
3627  else
3628  {
3629  ASSERT(0);
3630  }
3631 
3632  /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3633  wsabuf[0].buf = BPTR(&sock->reads.buf);
3634  wsabuf[0].len = maxsize ? maxsize : BLEN(&sock->reads.buf);
3635 
3636  /* check for buffer overflow */
3637  ASSERT(wsabuf[0].len <= BLEN(&sock->reads.buf));
3638 
3639  /* the overlapped read will signal this event on I/O completion */
3640  ASSERT(ResetEvent(sock->reads.overlapped.hEvent));
3641  sock->reads.flags = 0;
3642 
3643  if (proto_is_udp(sock->info.proto))
3644  {
3645  sock->reads.addr_defined = true;
3646  sock->reads.addrlen = sizeof(sock->reads.addr6);
3647  status = WSARecvFrom(
3648  sock->sd,
3649  wsabuf,
3650  1,
3651  &sock->reads.size,
3652  &sock->reads.flags,
3653  (struct sockaddr *) &sock->reads.addr,
3654  &sock->reads.addrlen,
3655  &sock->reads.overlapped,
3656  NULL);
3657  }
3658  else if (proto_is_tcp(sock->info.proto))
3659  {
3660  sock->reads.addr_defined = false;
3661  status = WSARecv(
3662  sock->sd,
3663  wsabuf,
3664  1,
3665  &sock->reads.size,
3666  &sock->reads.flags,
3667  &sock->reads.overlapped,
3668  NULL);
3669  }
3670  else
3671  {
3672  status = 0;
3673  ASSERT(0);
3674  }
3675 
3676  if (!status) /* operation completed immediately? */
3677  {
3678  /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3679  int af_len = af_addr_size(sock->info.af);
3680  if (sock->reads.addr_defined && af_len && sock->reads.addrlen != af_len)
3681  {
3682  bad_address_length(sock->reads.addrlen, af_len);
3683  }
3685 
3686  /* since we got an immediate return, we must signal the event object ourselves */
3687  ASSERT(SetEvent(sock->reads.overlapped.hEvent));
3688  sock->reads.status = 0;
3689 
3690  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive immediate return [%d,%d]",
3691  (int) wsabuf[0].len,
3692  (int) sock->reads.size);
3693  }
3694  else
3695  {
3696  status = WSAGetLastError();
3697  if (status == WSA_IO_PENDING) /* operation queued? */
3698  {
3699  sock->reads.iostate = IOSTATE_QUEUED;
3700  sock->reads.status = status;
3701  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive queued [%d]",
3702  (int) wsabuf[0].len);
3703  }
3704  else /* error occurred */
3705  {
3706  struct gc_arena gc = gc_new();
3707  ASSERT(SetEvent(sock->reads.overlapped.hEvent));
3709  sock->reads.status = status;
3710  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive error [%d]: %s",
3711  (int) wsabuf[0].len,
3712  strerror_win32(status, &gc));
3713  gc_free(&gc);
3714  }
3715  }
3716  }
3717  return sock->reads.iostate;
3718 }
3719 
3720 int
3721 socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
3722 {
3723  if (sock->writes.iostate == IOSTATE_INITIAL)
3724  {
3725  WSABUF wsabuf[1];
3726  int status;
3727 
3728  /* make a private copy of buf */
3729  sock->writes.buf = sock->writes.buf_init;
3730  sock->writes.buf.len = 0;
3731  ASSERT(buf_copy(&sock->writes.buf, buf));
3732 
3733  /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3734  wsabuf[0].buf = BPTR(&sock->writes.buf);
3735  wsabuf[0].len = BLEN(&sock->writes.buf);
3736 
3737  /* the overlapped write will signal this event on I/O completion */
3738  ASSERT(ResetEvent(sock->writes.overlapped.hEvent));
3739  sock->writes.flags = 0;
3740 
3741  if (proto_is_udp(sock->info.proto))
3742  {
3743  /* set destination address for UDP writes */
3744  sock->writes.addr_defined = true;
3745  if (to->dest.addr.sa.sa_family == AF_INET6)
3746  {
3747  sock->writes.addr6 = to->dest.addr.in6;
3748  sock->writes.addrlen = sizeof(sock->writes.addr6);
3749  }
3750  else
3751  {
3752  sock->writes.addr = to->dest.addr.in4;
3753  sock->writes.addrlen = sizeof(sock->writes.addr);
3754  }
3755 
3756  status = WSASendTo(
3757  sock->sd,
3758  wsabuf,
3759  1,
3760  &sock->writes.size,
3761  sock->writes.flags,
3762  (struct sockaddr *) &sock->writes.addr,
3763  sock->writes.addrlen,
3764  &sock->writes.overlapped,
3765  NULL);
3766  }
3767  else if (proto_is_tcp(sock->info.proto))
3768  {
3769  /* destination address for TCP writes was established on connection initiation */
3770  sock->writes.addr_defined = false;
3771 
3772  status = WSASend(
3773  sock->sd,
3774  wsabuf,
3775  1,
3776  &sock->writes.size,
3777  sock->writes.flags,
3778  &sock->writes.overlapped,
3779  NULL);
3780  }
3781  else
3782  {
3783  status = 0;
3784  ASSERT(0);
3785  }
3786 
3787  if (!status) /* operation completed immediately? */
3788  {
3790 
3791  /* since we got an immediate return, we must signal the event object ourselves */
3792  ASSERT(SetEvent(sock->writes.overlapped.hEvent));
3793 
3794  sock->writes.status = 0;
3795 
3796  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send immediate return [%d,%d]",
3797  (int) wsabuf[0].len,
3798  (int) sock->writes.size);
3799  }
3800  else
3801  {
3802  status = WSAGetLastError();
3803  if (status == WSA_IO_PENDING) /* operation queued? */
3804  {
3805  sock->writes.iostate = IOSTATE_QUEUED;
3806  sock->writes.status = status;
3807  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send queued [%d]",
3808  (int) wsabuf[0].len);
3809  }
3810  else /* error occurred */
3811  {
3812  struct gc_arena gc = gc_new();
3813  ASSERT(SetEvent(sock->writes.overlapped.hEvent));
3815  sock->writes.status = status;
3816 
3817  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send error [%d]: %s",
3818  (int) wsabuf[0].len,
3819  strerror_win32(status, &gc));
3820 
3821  gc_free(&gc);
3822  }
3823  }
3824  }
3825  return sock->writes.iostate;
3826 }
3827 
3828 int
3830  struct overlapped_io *io,
3831  struct buffer *buf,
3832  struct link_socket_actual *from)
3833 {
3834  int ret = -1;
3835  BOOL status;
3836 
3837  switch (io->iostate)
3838  {
3839  case IOSTATE_QUEUED:
3840  status = WSAGetOverlappedResult(
3841  s,
3842  &io->overlapped,
3843  &io->size,
3844  FALSE,
3845  &io->flags
3846  );
3847  if (status)
3848  {
3849  /* successful return for a queued operation */
3850  if (buf)
3851  {
3852  *buf = io->buf;
3853  }
3854  ret = io->size;
3855  io->iostate = IOSTATE_INITIAL;
3856  ASSERT(ResetEvent(io->overlapped.hEvent));
3857 
3858  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion success [%d]", ret);
3859  }
3860  else
3861  {
3862  /* error during a queued operation */
3863  ret = -1;
3864  if (WSAGetLastError() != WSA_IO_INCOMPLETE)
3865  {
3866  /* if no error (i.e. just not finished yet), then DON'T execute this code */
3867  io->iostate = IOSTATE_INITIAL;
3868  ASSERT(ResetEvent(io->overlapped.hEvent));
3869  msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Socket Completion error");
3870  }
3871  }
3872  break;
3873 
3875  io->iostate = IOSTATE_INITIAL;
3876  ASSERT(ResetEvent(io->overlapped.hEvent));
3877  if (io->status)
3878  {
3879  /* error return for a non-queued operation */
3880  WSASetLastError(io->status);
3881  ret = -1;
3882  msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Socket Completion non-queued error");
3883  }
3884  else
3885  {
3886  /* successful return for a non-queued operation */
3887  if (buf)
3888  {
3889  *buf = io->buf;
3890  }
3891  ret = io->size;
3892  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion non-queued success [%d]", ret);
3893  }
3894  break;
3895 
3896  case IOSTATE_INITIAL: /* were we called without proper queueing? */
3897  WSASetLastError(WSAEINVAL);
3898  ret = -1;
3899  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Completion BAD STATE");
3900  break;
3901 
3902  default:
3903  ASSERT(0);
3904  }
3905 
3906  /* return from address if requested */
3907  if (from)
3908  {
3909  if (ret >= 0 && io->addr_defined)
3910  {
3911  /* TODO(jjo): streamline this mess */
3912  /* in this func we don't have relevant info about the PF_ of this
3913  * endpoint, as link_socket_actual will be zero for the 1st received packet
3914  *
3915  * Test for inets PF_ possible sizes
3916  */
3917  switch (io->addrlen)
3918  {
3919  case sizeof(struct sockaddr_in):
3920  case sizeof(struct sockaddr_in6):
3921  /* TODO(jjo): for some reason (?) I'm getting 24,28 for AF_INET6
3922  * under _WIN32*/
3923  case sizeof(struct sockaddr_in6)-4:
3924  break;
3925 
3926  default:
3927  bad_address_length(io->addrlen, af_addr_size(io->addr.sin_family));
3928  }
3929 
3930  switch (io->addr.sin_family)
3931  {
3932  case AF_INET:
3933  from->dest.addr.in4 = io->addr;
3934  break;
3935 
3936  case AF_INET6:
3937  from->dest.addr.in6 = io->addr6;
3938  break;
3939  }
3940  }
3941  else
3942  {
3943  CLEAR(from->dest.addr);
3944  }
3945  }
3946 
3947  if (buf)
3948  {
3949  buf->len = ret;
3950  }
3951  return ret;
3952 }
3953 
3954 #endif /* _WIN32 */
3955 
3956 /*
3957  * Socket event notification
3958  */
3959 
3960 unsigned int
3962  struct event_set *es,
3963  unsigned int rwflags,
3964  void *arg,
3965  unsigned int *persistent)
3966 {
3967  if (s)
3968  {
3969  if ((rwflags & EVENT_READ) && !stream_buf_read_setup(s))
3970  {
3971  ASSERT(!persistent);
3972  rwflags &= ~EVENT_READ;
3973  }
3974 
3975 #ifdef _WIN32
3976  if (rwflags & EVENT_READ)
3977  {
3978  socket_recv_queue(s, 0);
3979  }
3980 #endif
3981 
3982  /* if persistent is defined, call event_ctl only if rwflags has changed since last call */
3983  if (!persistent || *persistent != rwflags)
3984  {
3985  event_ctl(es, socket_event_handle(s), rwflags, arg);
3986  if (persistent)
3987  {
3988  *persistent = rwflags;
3989  }
3990  }
3991 
3992  s->rwflags_debug = rwflags;
3993  }
3994  return rwflags;
3995 }
3996 
3997 void
3999 {
4000  if (sd && socket_defined(*sd))
4001  {
4002  openvpn_close_socket(*sd);
4003  *sd = SOCKET_UNDEFINED;
4004  }
4005 }
4006 
4007 #if UNIX_SOCK_SUPPORT
4008 
4009 /*
4010  * code for unix domain sockets
4011  */
4012 
4013 const char *
4014 sockaddr_unix_name(const struct sockaddr_un *local, const char *null)
4015 {
4016  if (local && local->sun_family == PF_UNIX)
4017  {
4018  return local->sun_path;
4019  }
4020  else
4021  {
4022  return null;
4023  }
4024 }
4025 
4027 create_socket_unix(void)
4028 {
4030 
4031  if ((sd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
4032  {
4033  msg(M_ERR, "Cannot create unix domain socket");
4034  }
4035 
4036  /* set socket file descriptor to not pass across execs, so that
4037  * scripts don't have access to it */
4038  set_cloexec(sd);
4039 
4040  return sd;
4041 }
4042 
4043 void
4044 socket_bind_unix(socket_descriptor_t sd,
4045  struct sockaddr_un *local,
4046  const char *prefix)
4047 {
4048  struct gc_arena gc = gc_new();
4049 
4050 #ifdef HAVE_UMASK
4051  const mode_t orig_umask = umask(0);
4052 #endif
4053 
4054  if (bind(sd, (struct sockaddr *) local, sizeof(struct sockaddr_un)))
4055  {
4056  msg(M_FATAL | M_ERRNO,
4057  "%s: Socket bind[%d] failed on unix domain socket %s",
4058  prefix,
4059  (int)sd,
4060  sockaddr_unix_name(local, "NULL"));
4061  }
4062 
4063 #ifdef HAVE_UMASK
4064  umask(orig_umask);
4065 #endif
4066 
4067  gc_free(&gc);
4068 }
4069 
4071 socket_accept_unix(socket_descriptor_t sd,
4072  struct sockaddr_un *remote)
4073 {
4074  socklen_t remote_len = sizeof(struct sockaddr_un);
4075  socket_descriptor_t ret;
4076 
4077  CLEAR(*remote);
4078  ret = accept(sd, (struct sockaddr *) remote, &remote_len);
4079  if (ret >= 0)
4080  {
4081  /* set socket file descriptor to not pass across execs, so that
4082  * scripts don't have access to it */
4083  set_cloexec(ret);
4084  }
4085  return ret;
4086 }
4087 
4088 int
4089 socket_connect_unix(socket_descriptor_t sd,
4090  struct sockaddr_un *remote)
4091 {
4092  int status = connect(sd, (struct sockaddr *) remote, sizeof(struct sockaddr_un));
4093  if (status)
4094  {
4095  status = openvpn_errno();
4096  }
4097  return status;
4098 }
4099 
4100 void
4101 sockaddr_unix_init(struct sockaddr_un *local, const char *path)
4102 {
4103  local->sun_family = PF_UNIX;
4104  strncpynt(local->sun_path, path, sizeof(local->sun_path));
4105 }
4106 
4107 void
4108 socket_delete_unix(const struct sockaddr_un *local)
4109 {
4110  const char *name = sockaddr_unix_name(local, NULL);
4111 #ifdef HAVE_UNLINK
4112  if (name && strlen(name))
4113  {
4114  unlink(name);
4115  }
4116 #endif
4117 }
4118 
4119 bool
4120 unix_socket_get_peer_uid_gid(const socket_descriptor_t sd, int *uid, int *gid)
4121 {
4122 #ifdef HAVE_GETPEEREID
4123  uid_t u;
4124  gid_t g;
4125  if (getpeereid(sd, &u, &g) == -1)
4126  {
4127  return false;
4128  }
4129  if (uid)
4130  {
4131  *uid = u;
4132  }
4133  if (gid)
4134  {
4135  *gid = g;
4136  }
4137  return true;
4138 #elif defined(SO_PEERCRED)
4139  struct ucred peercred;
4140  socklen_t so_len = sizeof(peercred);
4141  if (getsockopt(sd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1)
4142  {
4143  return false;
4144  }
4145  if (uid)
4146  {
4147  *uid = peercred.uid;
4148  }
4149  if (gid)
4150  {
4151  *gid = peercred.gid;
4152  }
4153  return true;
4154 #else /* ifdef HAVE_GETPEEREID */
4155  return false;
4156 #endif /* ifdef HAVE_GETPEEREID */
4157 }
4158 
4159 #endif /* if UNIX_SOCK_SUPPORT */
#define M_NONFATAL
Definition: error.h:95
int status
Definition: win32.h:206
bool string_class(const char *str, const unsigned int inclusive, const unsigned int exclusive)
Definition: buffer.c:1059
bool argv_printf_cat(struct argv *argres, const char *format,...)
printf() inspired argv concatenation.
Definition: argv.c:466
#define OPENVPN_STATE_RESOLVE
Definition: manage.h:493
#define PS_SHOW_PORT_IF_DEFINED
Definition: socket.h:349
#define CC_ALNUM
Definition: buffer.h:910
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
const char * socks_proxy_port
Definition: options.h:104
struct buffer buf_init
Definition: win32.h:213
#define MSG_NOSIGNAL
Definition: socket.h:257
static int socket_get_rcvbuf(int sd)
Definition: socket.c:877
bool error
Definition: socket.h:140
#define D_INIT_MEDIUM
Definition: errlevel.h:106
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:442
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:528
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:505
#define D_OSBUF
Definition: errlevel.h:91
void free_buf(struct buffer *buf)
Definition: buffer.c:185
HANDLE read
Definition: win32.h:76
struct link_socket * link_socket_new(void)
Definition: socket.c:1868
void init_net_event_win32(struct rw_handle *event, long network_events, socket_descriptor_t sd, unsigned int flags)
Definition: win32.c:218
struct sockaddr_in6 addr6
Definition: win32.h:210
void setenv_trusted(struct env_set *es, const struct link_socket_info *info)
Definition: socket.c:2447
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
Definition: argv.c:90
#define openvpn_errno()
Definition: error.h:74
struct cached_dns_entry * dns_cache
Definition: openvpn.h:163
int len
Definition: socket.h:138
#define streq(x, y)
Definition: options.h:656
void establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, const char *host, const char *servname, volatile int *signal_received)
Definition: socks.c:451
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition: socket.c:193
#define GETADDR_TRY_ONCE
Definition: socket.h:530
sa_family_t ascii2af(const char *proto_name)
Definition: socket.c:3238
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:3021
#define M_INFO
Definition: errlevel.h:55
Contains all state information for one tunnel.
Definition: openvpn.h:503
Packet geometry parameters.
Definition: mtu.h:93
bool proto_is_tcp(int proto)
Definition: socket.c:3214
static bool streqnull(const char *a, const char *b)
Definition: socket.c:237
void overlapped_io_init(struct overlapped_io *o, const struct frame *frame, BOOL event_state, bool tuntap_buffer)
Definition: win32.c:165
#define IPv6_UDP_HEADER_SIZE
Definition: socket.h:598
bool proto_is_udp(int proto)
Definition: socket.c:3204
static int af_addr_size(sa_family_t af)
Definition: socket.h:867
#define SA_IP_PORT
Definition: socket.h:405
void throw_signal_soft(const int signum, const char *signal_text)
Definition: sig.c:111
static socket_descriptor_t socket_listen_accept(socket_descriptor_t sd, struct link_socket_actual *act, const char *remote_dynamic, const struct addrinfo *local, bool do_listen, bool nowait, volatile int *signal_received)
Definition: socket.c:1296
DWORD size
Definition: win32.h:204
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition: socket.c:2921
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
OVERLAPPED overlapped
Definition: win32.h:203
bool proto_is_net(int proto)
Definition: socket.c:3188
static void frame_add_to_extra_frame(struct frame *frame, const unsigned int increment)
Definition: mtu.h:274
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
Definition: plugin.h:202
#define M_MSG_VIRT_OUT
Definition: error.h:104
#define dmsg
Definition: error.h:174
#define IPv6_TCP_HEADER_SIZE
Definition: socket.h:599
static int link_socket_write_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1089
#define OIA_HOSTNAME
Definition: socket.h:463
static bool buf_safe(const struct buffer *buf, int len)
Definition: buffer.h:541
struct man_connection connection
Definition: manage.h:320
unsigned short sa_family_t
Definition: syshead.h:448
Definition: options.h:86
#define SIGUSR1
Definition: config-msvc.h:152
#define SET_MTU_UPPER_BOUND
Definition: mtu.h:221
#define CC_DIGIT
Definition: buffer.h:914
struct buffer alloc_buf(size_t size)
Definition: buffer.c:64
static void stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
Definition: socket.c:2706
struct buffer buf_init
Definition: socket.h:131
struct connection_list * connection_list
Definition: options.h:231
int openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
Definition: socket.c:675
#define LS_MODE_DEFAULT
Definition: socket.h:196
unsigned int sockflags
Definition: options.h:356
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:242
void set_mtu_discover_type(int sd, int mtu_type, sa_family_t proto_af)
Definition: mtu.c:169
const char * proto2ascii_all(struct gc_arena *gc)
Definition: socket.c:3274
int resolve_retry_seconds
Definition: options.h:297
#define SF_TCP_NODELAY
Definition: socket.h:209
const int proto_overhead[]
Definition: socket.c:47
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:285
#define SF_GETADDRINFO_DGRAM
Definition: socket.h:212
#define OPENVPN_STATE_TCP_CONNECT
Definition: manage.h:494
#define SIZE(x)
Definition: basic.h:30
#define D_READ_WRITE
Definition: errlevel.h:165
#define in_addr_t
Definition: config-msvc.h:140
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
Definition: misc.c:104
static void tcp_connection_established(const struct link_socket_actual *act)
Definition: socket.c:1287
const char * port
Definition: proxy.h:46
const char * local_port
Definition: options.h:90
struct cached_dns_entry * next
Definition: socket.h:81
struct sockaddr_in addr
Definition: win32.h:209
bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
Definition: socket.c:981
#define SIGTERM
Definition: config-msvc.h:154
#define D_RESOLVE_ERRORS
Definition: errlevel.h:60
static void get_signal(volatile int *sig)
Definition: sig.h:89
#define SIGHUP
Definition: config-msvc.h:150
#define ASSERT(x)
Definition: error.h:221
struct buffer residual
Definition: socket.h:132
const char * display_form
Definition: socket.c:3162
#define IA_NET_ORDER
Definition: socket.h:398
#define GETADDR_MENTION_RESOLVE_RETRY
Definition: socket.h:526
#define OPENVPN_PLUGIN_FUNC_SUCCESS
Definition: socket.h:75
#define CC_DOT
Definition: buffer.h:927
static bool link_socket_connection_oriented(const struct link_socket *sock)
Definition: socket.h:621
#define D_LOW
Definition: errlevel.h:98
int ascii2proto(const char *proto_name)
Definition: socket.c:3224
#define GETADDR_RANDOMIZE
Definition: socket.h:532
void close_net_event_win32(struct rw_handle *event, socket_descriptor_t sd, unsigned int flags)
Definition: win32.c:272
int proto
Definition: socket.c:3164
const char * proto_remote(int proto, bool remote)
Definition: socket.c:3315
static bool buf_read(struct buffer *src, void *dest, int size)
Definition: buffer.h:800
#define INETD_NOWAIT
Definition: socket.h:193
static event_t socket_event_handle(const struct link_socket *s)
Definition: socket.h:1225
int offset
Offset in bytes of the actual content within the allocated memory.
Definition: buffer.h:64
#define PS_SHOW_PORT
Definition: socket.h:350
static socket_descriptor_t create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
Definition: socket.c:1042
static int get_cached_dns_entry(struct cached_dns_entry *dns_cache, const char *hostname, const char *servname, int ai_family, int resolve_flags, struct addrinfo **ai)
Definition: socket.c:258
int add(int a, int b)
struct sockaddr_in6 in6
Definition: socket.h:70
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
#define GETADDR_DATAGRAM
Definition: socket.h:534
int inet_pton(int af, const char *src, void *dst)
static void phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2178
void link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.c:2520
#define OIA_IP
Definition: socket.h:464
#define openvpn_close_socket(s)
Definition: socket.h:262
int iostate
Definition: win32.h:202
#define LS_MODE_TCP_ACCEPT_FROM
Definition: socket.h:198
struct context_1 c1
Level 1 context.
Definition: openvpn.h:543
#define htonps(x)
Definition: socket.h:58
static void bind_local(struct link_socket *sock, const sa_family_t ai_family)
Definition: socket.c:1097
#define OPENVPN_PLUGIN_IPCHANGE
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size)
#define CLEAR(x)
Definition: basic.h:33
#define BPTR(buf)
Definition: buffer.h:124
#define IPV4_INVALID_ADDR
Definition: socket.h:432
#define IPv4_UDP_HEADER_SIZE
Definition: socket.h:596
#define OIA_ERROR
Definition: socket.h:465
#define PS_DONT_SHOW_FAMILY
Definition: socket.h:353
#define ntohps(x)
Definition: socket.h:61
static void stream_buf_close(struct stream_buf *sb)
Definition: socket.c:2811
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:296
int socket_recv_queue(struct link_socket *sock, int maxsize)
Definition: socket.c:3611
int socket_finalize(SOCKET s, struct overlapped_io *io, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.c:3829
int ai_family
Definition: socket.h:78
static void socket_connect(socket_descriptor_t *sd, const struct sockaddr *dest, const int connect_timeout, struct signal_info *sig_info)
Definition: socket.c:1578
const char * socks_proxy_server
Definition: options.h:103
#define IA_EMPTY_IF_UNDEF
Definition: socket.h:397
#define LS_MODE_TCP_LISTEN
Definition: socket.h:197
#define GETADDR_UPDATE_MANAGEMENT_STATE
Definition: socket.h:531
#define IPv4_TCP_HEADER_SIZE
Definition: socket.h:597
struct buffer next
Definition: socket.h:137
int proto
Definition: options.h:88
void setenv_link_socket_actual(struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, const unsigned int flags)
Definition: socket.c:3148
void gc_addspecial(void *addr, void(*free_function)(void *), struct gc_arena *a)
Definition: buffer.c:474
bool buf_puts(struct buffer *buf, const char *str)
Definition: buffer.c:269
const char * print_link_socket_actual_ex(const struct link_socket_actual *act, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2931
bool ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
Definition: socket.c:785
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
#define IOSTATE_IMMEDIATE_RETURN
Definition: win32.h:201
static void openvpn_fd_set(int fd, fd_set *setp)
Definition: fdmisc.h:40
const char * hostname
Definition: socket.h:76
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:380
int inetd_socket_descriptor
Definition: misc.c:82
static bool addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
Definition: socket.h:720
void link_socket_bad_outgoing_addr(void)
Definition: socket.c:2549
static bool addr_defined_ipi(const struct link_socket_actual *lsa)
Definition: socket.h:672
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1050
static void ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
Definition: socket.c:2453
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:3001
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition: forward.c:409
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition: buffer.h:775
struct sockaddr_in in4
Definition: socket.h:69
sa_family_t proto_af
Definition: socket.c:3163
static void stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
Definition: socket.c:2715
unsigned __int32 uint32_t
Definition: config-msvc.h:157
#define IOSTATE_QUEUED
Definition: win32.h:200
static void gc_freeaddrinfo_callback(void *addr)
Definition: buffer.h:202
static int socket_defined(const socket_descriptor_t sd)
Definition: syshead.h:496
struct http_proxy_options * http_proxy_options
Definition: options.h:102
static bool link_socket_actual_defined(const struct link_socket_actual *act)
Definition: socket.h:699
int addrlen
Definition: win32.h:212
#define HAVE_IN_PKTINFO
Definition: config-msvc.h:54
void setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
Definition: socket.c:3066
void overlapped_io_close(struct overlapped_io *o)
Definition: win32.c:184
bool stream_buf_read_setup_dowork(struct link_socket *sock)
Definition: socket.c:2724
static bool defined_net_event_win32(const struct rw_handle *event)
Definition: win32.h:88
static void linksock_print_addr(struct link_socket *sock)
Definition: socket.c:2091
static SERVICE_STATUS status
Definition: automatic.c:43
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:562
#define D_SOCKET_DEBUG
Definition: errlevel.h:138
void link_socket_init_phase1(struct link_socket *sock, const char *local_host, const char *local_port, const char *remote_host, const char *remote_port, struct cached_dns_entry *dns_cache, int proto, sa_family_t af, bool bind_ipv6_only, int mode, const struct link_socket *accept_from, struct http_proxy_info *http_proxy, struct socks_proxy_info *socks_proxy, bool bind_local, bool remote_float, int inetd, struct link_socket_addr *lsa, const char *ipchange_command, const struct plugin_list *plugins, int resolve_retry_seconds, int mtu_discover_type, int rcvbuf, int sndbuf, int mark, const char *bind_dev, struct event_timeout *server_poll_timeout, unsigned int sockflags)
Definition: socket.c:1879
#define ENABLE_DEBUG
Definition: config-msvc.h:7
static bool socket_set_rcvbuf(int sd, int size)
Definition: socket.c:894
int link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.c:3509
void link_socket_init_phase2(struct link_socket *sock, const struct frame *frame, struct signal_info *sig_info)
Definition: socket.c:2261
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:119
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition: socket.c:1397
const struct in6_addr * link_socket_current_remote_ipv6(const struct link_socket_info *info)
Definition: socket.c:2590
struct buffer buf
Definition: socket.h:136
union openvpn_sockaddr::@10 addr
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:3998
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:734
#define M_ERRNO
Definition: error.h:99
#define msg
Definition: error.h:173
struct buffer buf
Definition: win32.h:214
const char * socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
Definition: socket.c:2623
static bool stream_buf_added(struct stream_buf *sb, int length_added)
Definition: socket.c:2744
static void resolve_remote(struct link_socket *sock, int phase, const char **remote_dynamic, volatile int *signal_received)
Definition: socket.c:1740
#define HAVE_IPI_SPEC_DST
Definition: config.h:336
Interface functions to the internal and external multiplexers.
static void phase2_set_socket_flags(struct link_socket *sock)
Definition: socket.c:2072
const char * remote
Definition: options.h:94
#define GETADDR_HOST_ORDER
Definition: socket.h:525
static void stream_buf_reset(struct stream_buf *sb)
Definition: socket.c:2660
static void phase2_inetd(struct link_socket *sock, const struct frame *frame, const char *remote_dynamic, volatile int *signal_received)
Definition: socket.c:2021
const char * server
Definition: proxy.h:45
char * dest
Definition: compat-lz4.h:686
#define SOCKET_UNDEFINED
Definition: syshead.h:488
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition: error.c:820
char * overlapped_io_state_ascii(const struct overlapped_io *o)
Definition: win32.c:197
#define EVENT_READ
Definition: event.h:36
static void socket_set_mark(int sd, int mark)
Definition: socket.c:957
static bool stream_buf_read_setup(struct link_socket *sock)
Definition: socket.h:1011
volatile int source
Definition: sig.h:46
#define BLEN(buf)
Definition: buffer.h:127
static bool socket_set_flags(int sd, unsigned int sockflags)
Definition: socket.c:968
#define FRAME_HEADROOM_MARKER_READ_STREAM
Definition: mtu.h:132
static void socket_frame_init(const struct frame *frame, struct link_socket *sock)
Definition: socket.c:1657
const char * remote_port
Definition: options.h:92
void alloc_buf_sock_tun(struct buffer *buf, const struct frame *frame, const bool tuntap_buffer, const unsigned int align_mask)
Definition: mtu.c:43
#define SA_SET_IF_NONZERO
Definition: socket.h:406
struct connection_entry * array[CONNECTION_LIST_SIZE]
Definition: options.h:163
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1451
static bool buf_defined(const struct buffer *buf)
Definition: buffer.h:215
const char * ip_remote_hint
Definition: options.h:299
unsigned __int8 uint8_t
Definition: config-msvc.h:159
#define SIG_SOURCE_CONNECTION_FAILED
Definition: sig.h:37
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2840
HANDLE write
Definition: win32.h:77
const char * local
Definition: options.h:93
unsigned int socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition: socket.c:3961
void setenv_in6_addr(struct env_set *es, const char *name_prefix, const struct in6_addr *addr, const unsigned int flags)
Definition: socket.c:3132
void frame_set_mtu_dynamic(struct frame *frame, int mtu, unsigned int flags)
Definition: mtu.c:87
volatile int signal_received
Definition: sig.h:45
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition: buffer.h:1087
uint16_t packet_size_type
Definition: socket.h:55
#define M_ERR
Definition: error.h:110
bool plugin_defined(const struct plugin_list *pl, const int type)
Definition: plugin.c:901
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition: socket.c:1010
bool ip_addr_dotted_quad_safe(const char *dotted_quad)
Definition: socket.c:699
struct addrinfo * ai
Definition: socket.h:80
void bad_address_length(int actual, int expected)
Definition: socket.c:3343
#define GETADDR_FATAL
Definition: socket.h:524
void socket_adjust_frame_parameters(struct frame *frame, int proto)
Definition: socket.c:2438
SOCKET socket_descriptor_t
Definition: syshead.h:489
static void socket_set_buffers(int fd, const struct socket_buffer_size *sbs)
Definition: socket.c:907
#define D_STREAM_DEBUG
Definition: errlevel.h:170
#define IF_NAMESIZE
Definition: socket.c:2927
static void phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2222
char server[128]
Definition: socks.h:40
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:269
bool addr_defined
Definition: win32.h:207
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_FATAL
Definition: error.h:94
static void socket_do_listen(socket_descriptor_t sd, const struct addrinfo *local, bool do_listen, bool do_set_nonblock)
Definition: socket.c:1189
void set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
Definition: socket.c:1555
DWORD flags
Definition: win32.h:205
void set_nonblock(int fd)
Definition: fdmisc.c:71
bool proto_is_dgram(int proto)
Definition: socket.c:3198
int link_socket_read_tcp(struct link_socket *sock, struct buffer *buf)
Definition: socket.c:3355
void frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
Definition: socket.c:1692
#define GETADDR_CACHE_MASK
Definition: socket.h:536
#define buf_init(buf, offset)
Definition: buffer.h:196
bool residual_fully_formed
Definition: socket.h:134
static bool buf_write_prepend(struct buffer *dest, const void *src, int size)
Definition: buffer.h:701
static bool socket_set_tcp_nodelay(int sd, int state)
Definition: socket.c:937
void set_cloexec(int fd)
Definition: fdmisc.c:81
static unsigned int sf2gaf(const unsigned int getaddr_flags, const unsigned int sockflags)
Definition: socket.c:62
const char * port
Definition: socks.h:41
void do_preresolve(struct context *c)
Definition: socket.c:341
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2716
#define IOSTATE_INITIAL
Definition: win32.h:199
int flags
Definition: socket.h:79
static void phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic, volatile int *signal_received)
Definition: socket.c:2137
static void resolve_bind_local(struct link_socket *sock, const sa_family_t af)
Definition: socket.c:1698
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
#define ENABLE_IP_PKTINFO
Definition: syshead.h:433
bool establish_http_proxy_passthru(struct http_proxy_info *p, socket_descriptor_t sd, const char *host, const char *port, struct event_timeout *server_poll_timeout, struct buffer *lookahead, volatile int *signal_received)
Definition: proxy.c:631
#define GETADDR_MSG_VIRT_OUT
Definition: socket.h:529
static bool dns_addr_safe(const char *addr)
Definition: socket.c:771
#define M_WARN
Definition: error.h:96
static int get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, void *network, unsigned int *netbits, int resolve_retry_seconds, volatile int *signal_received, int msglevel)
Definition: socket.c:79
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1216
static void addr_zero_host(struct openvpn_sockaddr *addr)
Definition: socket.h:838
static void create_socket(struct link_socket *sock, struct addrinfo *addr)
Definition: socket.c:1117
static int buf_forward_capacity_total(const struct buffer *buf)
Definition: buffer.h:580
static int do_preresolve_host(struct context *c, const char *hostname, const char *servname, const int af, const int flags)
Definition: socket.c:287
#define SOL_IP
Definition: syshead.h:441
#define free
Definition: cmocka.c:1850
static void buf_reset(struct buffer *buf)
Definition: buffer.h:290
#define EVENT_WRITE
Definition: event.h:37
void argv_parse_cmd(struct argv *argres, const char *cmdstr)
Parses a command string, tokenizes it and puts each element into a separate struct argv argument slot...
Definition: argv.c:485
bool get_ipv6_addr(const char *hostname, struct in6_addr *network, unsigned int *netbits, int msglevel)
Translate an IPv6 addr or hostname from string form to in6_addr.
Definition: socket.c:224
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
sa_family_t af
Definition: options.h:89
void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, volatile int *signal_received)
Definition: socks.c:514
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing...
Definition: manage.c:4095
bool bind_local
Definition: options.h:98
#define GETADDR_PASSIVE
Definition: socket.h:533
#define SF_PORT_SHARE
Definition: socket.h:210
#define GETADDR_FATAL_ON_SIGNAL
Definition: socket.h:527
#define D_STREAM_ERRORS
Definition: errlevel.h:63
#define BSTR(buf)
Definition: buffer.h:129
void link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf)
Definition: socket.c:994
void argv_free(struct argv *a)
Frees all memory allocations allocated by the struct argv related functions.
Definition: argv.c:104
#define PS_DONT_SHOW_ADDR
Definition: socket.h:352
struct gc_arena gc
Garbage collection arena for allocations done in the scope of this context structure.
Definition: openvpn.h:522
static bool addr_local(const struct sockaddr *addr)
Definition: socket.h:651
#define UINT8_MAX
Definition: socket.c:3036
void link_socket_close(struct link_socket *sock)
Definition: socket.c:2385
#define PS_SHOW_PKTINFO
Definition: socket.h:351
Definition: argv.h:35
event_t socket_listen_event_handle(struct link_socket *s)
Definition: socket.c:2822
int socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
Definition: socket.c:3721
static int datagram_overhead(int proto)
Definition: socket.h:604
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition: socket.c:3252
void setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
Definition: socket.c:3119
#define D_WIN32_IO
Definition: errlevel.h:171
bool mac_addr_safe(const char *mac_addr)
Definition: socket.c:802
static void stream_buf_set_next(struct stream_buf *sb)
Definition: socket.c:2691
#define CC_DASH
Definition: buffer.h:926
void link_socket_connection_initiated(struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
Definition: socket.c:2469
#define SF_USE_IP_PKTINFO
Definition: socket.h:208
struct sockaddr sa
Definition: socket.h:68
static void socket_set_sndbuf(int sd, int size)
Definition: socket.c:866
static void stream_buf_init(struct stream_buf *sb, struct buffer *buf, const unsigned int sockflags, const int proto)
Definition: socket.c:2670
#define GETADDR_RESOLVE
Definition: socket.h:523
static bool openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Definition: run_command.h:57
const char * short_form
Definition: socket.c:3161
#define SF_HOST_RANDOMIZE
Definition: socket.h:211
#define RESOLV_RETRY_INFINITE
Definition: socket.h:47
#define IPV6_V6ONLY
Definition: socket.c:1393
struct http_proxy_options options
Definition: proxy.h:70
static bool link_socket_proto_connection_oriented(int proto)
Definition: socket.h:615
bool ipv6_addr_safe(const char *ipv6_text_addr)
Definition: socket.c:749
#define D_LINK_ERRORS
Definition: errlevel.h:57
struct in6_addr add_in6_addr(struct in6_addr base, uint32_t add)
Definition: socket.c:3043
int maxlen
Definition: socket.h:133
const char * servname
Definition: socket.h:77
in_addr_t link_socket_current_remote(const struct link_socket_info *info)
Definition: socket.c:2555
static int socket_get_sndbuf(int sd)
Definition: socket.c:849
bool argv_printf(struct argv *argres, const char *format,...)
printf() variant which populates a struct argv.
Definition: argv.c:442
const char * addr_family_name(int af)
Definition: socket.c:3291