OpenVPN
socket.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifndef SOCKET_H
25 #define SOCKET_H
26 
27 #include "buffer.h"
28 #include "common.h"
29 #include "error.h"
30 #include "proto.h"
31 #include "mtu.h"
32 #include "win32.h"
33 #include "event.h"
34 #include "proxy.h"
35 #include "socks.h"
36 #include "misc.h"
37 
38 /*
39  * OpenVPN's default port number as assigned by IANA.
40  */
41 #define OPENVPN_PORT "1194"
42 
43 /*
44  * Number of seconds that "resolv-retry infinite"
45  * represents.
46  */
47 #define RESOLV_RETRY_INFINITE 1000000000
48 
49 /*
50  * packet_size_type is used to communicate packet size
51  * over the wire when stream oriented protocols are
52  * being used
53  */
54 
55 typedef uint16_t packet_size_type;
56 
57 /* convert a packet_size_type from host to network order */
58 #define htonps(x) htons(x)
59 
60 /* convert a packet_size_type from network to host order */
61 #define ntohps(x) ntohs(x)
62 
63 /* OpenVPN sockaddr struct */
65 {
66  /*int dummy;*/ /* add offset to force a bug if sa not explicitly dereferenced */
67  union {
68  struct sockaddr sa;
69  struct sockaddr_in in4;
70  struct sockaddr_in6 in6;
71  } addr;
72 };
73 
74 /* struct to hold preresolved host names */
76  const char *hostname;
77  const char *servname;
78  int ai_family;
79  int flags;
80  struct addrinfo *ai;
82 };
83 
84 /* actual address of remote, based on source address of received packets */
86 {
87  /*int dummy;*/ /* add offset to force a bug if dest not explicitly dereferenced */
88 
89  struct openvpn_sockaddr dest;
90 #if ENABLE_IP_PKTINFO
91  union {
92 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
93  struct in_pktinfo in4;
94 #elif defined(IP_RECVDSTADDR)
95  struct in_addr in4;
96 #endif
97  struct in6_pktinfo in6;
98  } pi;
99 #endif
100 };
101 
102 /* IP addresses which are persistent across SIGUSR1s */
104 {
105  struct addrinfo *bind_local;
106  struct addrinfo *remote_list; /* complete remote list */
107  struct addrinfo *current_remote; /* remote used in the
108  * current connection attempt */
109  struct link_socket_actual actual; /* reply to this address */
110 };
111 
113 {
116  const char *ipchange_command;
117  const struct plugin_list *plugins;
119  int proto; /* Protocol (PROTO_x defined below) */
120  sa_family_t af; /* Address family like AF_INET, AF_INET6 or AF_UNSPEC*/
122  int mtu_changed; /* Set to true when mtu value is changed */
123 };
124 
125 /*
126  * Used to extract packets encapsulated in streams into a buffer,
127  * in this case IP packets embedded in a TCP stream.
128  */
130 {
131  struct buffer buf_init;
132  struct buffer residual;
133  int maxlen;
135 
136  struct buffer buf;
137  struct buffer next;
138  int len; /* -1 if not yet known */
139 
140  bool error; /* if true, fatal TCP error has occurred,
141  * requiring that connection be restarted */
142 #if PORT_SHARE
143 #define PS_DISABLED 0
144 #define PS_ENABLED 1
145 #define PS_FOREIGN 2
146  int port_share_state;
147 #endif
148 };
149 
150 /*
151  * Used to set socket buffer sizes
152  */
154 {
155  int rcvbuf;
156  int sndbuf;
157 };
158 
159 /*
160  * This is the main socket structure used by OpenVPN. The SOCKET_
161  * defines try to abstract away our implementation differences between
162  * using sockets on Posix vs. Win32.
163  */
165 {
166  struct link_socket_info info;
167 
169  socket_descriptor_t ctrl_sd; /* only used for UDP over Socks */
170 
171 #ifdef _WIN32
172  struct overlapped_io reads;
173  struct overlapped_io writes;
175  struct rw_handle listen_handle; /* For listening on TCP socket in server mode */
176 #endif
177 
178  /* used for printing status info only */
179  unsigned int rwflags_debug;
180 
181  /* used for long-term queueing of pre-accepted socket listen */
183 
184  const char *remote_host;
185  const char *remote_port;
186  const char *local_host;
187  const char *local_port;
190 
191 #define LS_MODE_DEFAULT 0
192 #define LS_MODE_TCP_LISTEN 1
193 #define LS_MODE_TCP_ACCEPT_FROM 2
194  int mode;
195 
198 
199  struct socket_buffer_size socket_buffer_sizes;
200 
201  int mtu; /* OS discovered MTU, or 0 if unknown */
202 
203 #define SF_USE_IP_PKTINFO (1<<0)
204 #define SF_TCP_NODELAY (1<<1)
205 #define SF_PORT_SHARE (1<<2)
206 #define SF_HOST_RANDOMIZE (1<<3)
207 #define SF_GETADDRINFO_DGRAM (1<<4)
208  unsigned int sockflags;
209  int mark;
210  const char *bind_dev;
211 
212  /* for stream sockets */
214  struct buffer stream_buf_data;
216 
217  /* HTTP proxy */
219 
220  /* Socks proxy */
222  struct link_socket_actual socks_relay; /* Socks UDP relay address */
223 
224  /* The OpenVPN server we will use the proxy to connect to */
225  const char *proxy_dest_host;
226  const char *proxy_dest_port;
227 
228  /* Pointer to the server-poll to trigger the timeout in function which have
229  * their own loop instead of using the main oop */
231 
232 #if PASSTOS_CAPABILITY
233  /* used to get/set TOS. */
234 #if defined(TARGET_LINUX)
235  uint8_t ptos;
236 #else /* all the BSDs, Solaris, MacOS use plain "int" -> see "man ip" there */
237  int ptos;
238 #endif
239  bool ptos_defined;
240 #endif
241 
242 #ifdef ENABLE_DEBUG
243  int gremlin; /* --gremlin bits */
244 #endif
245 };
246 
247 /*
248  * Some Posix/Win32 differences.
249  */
250 
251 #ifndef MSG_NOSIGNAL
252 #define MSG_NOSIGNAL 0
253 #endif
254 
255 #ifdef _WIN32
256 
257 #define openvpn_close_socket(s) closesocket(s)
258 
259 int socket_recv_queue(struct link_socket *sock, int maxsize);
260 
261 int socket_send_queue(struct link_socket *sock,
262  struct buffer *buf,
263  const struct link_socket_actual *to);
264 
265 int socket_finalize(
266  SOCKET s,
267  struct overlapped_io *io,
268  struct buffer *buf,
269  struct link_socket_actual *from);
270 
271 #else /* ifdef _WIN32 */
272 
273 #define openvpn_close_socket(s) close(s)
274 
275 #endif
276 
277 struct link_socket *link_socket_new(void);
278 
280  struct addrinfo *local,
281  int af_family,
282  const char *prefix,
283  bool ipv6only);
284 
286  const struct sockaddr *remote,
287  int connect_timeout,
288  volatile int *signal_received);
289 
290 
291 
292 /*
293  * Initialize link_socket object.
294  */
295 void link_socket_init_phase1(struct context *c, int mode);
296 
297 void link_socket_init_phase2(struct context *c);
298 
299 void do_preresolve(struct context *c);
300 
301 void socket_adjust_frame_parameters(struct frame *frame, int proto);
302 
303 void frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto);
304 
305 void link_socket_close(struct link_socket *sock);
306 
308 
309 #define PS_SHOW_PORT_IF_DEFINED (1<<0)
310 #define PS_SHOW_PORT (1<<1)
311 #define PS_SHOW_PKTINFO (1<<2)
312 #define PS_DONT_SHOW_ADDR (1<<3)
313 #define PS_DONT_SHOW_FAMILY (1<<4)
314 
315 const char *print_sockaddr_ex(const struct sockaddr *addr,
316  const char *separator,
317  const unsigned int flags,
318  struct gc_arena *gc);
319 
320 static inline
321 const char *
323  const char *separator,
324  const unsigned int flags,
325  struct gc_arena *gc)
326 {
327  return print_sockaddr_ex(&addr->addr.sa, separator, flags, gc);
328 }
329 
330 static inline
331 const char *
333  struct gc_arena *gc)
334 {
335  return print_sockaddr_ex(&addr->addr.sa, ":", PS_SHOW_PORT, gc);
336 }
337 
338 static inline
339 const char *
340 print_sockaddr(const struct sockaddr *addr,
341  struct gc_arena *gc)
342 {
343  return print_sockaddr_ex(addr, ":", PS_SHOW_PORT, gc);
344 }
345 
346 
347 
348 const char *print_link_socket_actual_ex(const struct link_socket_actual *act,
349  const char *separator,
350  const unsigned int flags,
351  struct gc_arena *gc);
352 
353 const char *print_link_socket_actual(const struct link_socket_actual *act,
354  struct gc_arena *gc);
355 
356 
357 #define IA_EMPTY_IF_UNDEF (1<<0)
358 #define IA_NET_ORDER (1<<1)
359 const char *print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc);
360 
361 const char *print_in6_addr(struct in6_addr addr6, unsigned int flags, struct gc_arena *gc);
362 
363 struct in6_addr add_in6_addr( struct in6_addr base, uint32_t add );
364 
365 #define SA_IP_PORT (1<<0)
366 #define SA_SET_IF_NONZERO (1<<1)
367 void setenv_sockaddr(struct env_set *es,
368  const char *name_prefix,
369  const struct openvpn_sockaddr *addr,
370  const unsigned int flags);
371 
372 void setenv_in_addr_t(struct env_set *es,
373  const char *name_prefix,
374  in_addr_t addr,
375  const unsigned int flags);
376 
377 void setenv_in6_addr(struct env_set *es,
378  const char *name_prefix,
379  const struct in6_addr *addr,
380  const unsigned int flags);
381 
382 void setenv_link_socket_actual(struct env_set *es,
383  const char *name_prefix,
384  const struct link_socket_actual *act,
385  const unsigned int flags);
386 
387 void bad_address_length(int actual, int expected);
388 
389 /* IPV4_INVALID_ADDR: returned by link_socket_current_remote()
390  * to ease redirect-gateway logic for ipv4 tunnels on ipv6 endpoints
391  */
392 #define IPV4_INVALID_ADDR 0xffffffff
394 
395 const struct in6_addr *link_socket_current_remote_ipv6
396  (const struct link_socket_info *info);
397 
399  const struct link_socket_actual *addr,
400  const char *common_name,
401  struct env_set *es);
402 
403 void link_socket_bad_incoming_addr(struct buffer *buf,
404  const struct link_socket_info *info,
405  const struct link_socket_actual *from_addr);
406 
407 void set_actual_address(struct link_socket_actual *actual,
408  struct addrinfo *ai);
409 
411 
412 void setenv_trusted(struct env_set *es, const struct link_socket_info *info);
413 
414 bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags);
415 
416 void link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf);
417 
418 /*
419  * Low-level functions
420  */
421 
422 /* return values of openvpn_inet_aton */
423 #define OIA_HOSTNAME 0
424 #define OIA_IP 1
425 #define OIA_ERROR -1
426 int openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr);
427 
428 /* integrity validation on pulled options */
429 bool ip_addr_dotted_quad_safe(const char *dotted_quad);
430 
431 bool ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn);
432 
433 bool mac_addr_safe(const char *mac_addr);
434 
435 bool ipv6_addr_safe(const char *ipv6_text_addr);
436 
437 socket_descriptor_t create_socket_tcp(struct addrinfo *);
438 
440  struct link_socket_actual *act,
441  const bool nowait);
442 
443 #if UNIX_SOCK_SUPPORT
444 
445 socket_descriptor_t create_socket_unix(void);
446 
447 void socket_bind_unix(socket_descriptor_t sd,
448  struct sockaddr_un *local,
449  const char *prefix);
450 
451 socket_descriptor_t socket_accept_unix(socket_descriptor_t sd,
452  struct sockaddr_un *remote);
453 
454 int socket_connect_unix(socket_descriptor_t sd,
455  struct sockaddr_un *remote);
456 
457 void sockaddr_unix_init(struct sockaddr_un *local, const char *path);
458 
459 const char *sockaddr_unix_name(const struct sockaddr_un *local, const char *null);
460 
461 void socket_delete_unix(const struct sockaddr_un *local);
462 
463 bool unix_socket_get_peer_uid_gid(const socket_descriptor_t sd, int *uid, int *gid);
464 
465 #endif /* if UNIX_SOCK_SUPPORT */
466 
467 /*
468  * DNS resolution
469  */
470 
471 #define GETADDR_RESOLVE (1<<0)
472 #define GETADDR_FATAL (1<<1)
473 #define GETADDR_HOST_ORDER (1<<2)
474 #define GETADDR_MENTION_RESOLVE_RETRY (1<<3)
475 #define GETADDR_FATAL_ON_SIGNAL (1<<4)
476 #define GETADDR_WARN_ON_SIGNAL (1<<5)
477 #define GETADDR_MSG_VIRT_OUT (1<<6)
478 #define GETADDR_TRY_ONCE (1<<7)
479 #define GETADDR_UPDATE_MANAGEMENT_STATE (1<<8)
480 #define GETADDR_RANDOMIZE (1<<9)
481 #define GETADDR_PASSIVE (1<<10)
482 #define GETADDR_DATAGRAM (1<<11)
483 
484 #define GETADDR_CACHE_MASK (GETADDR_DATAGRAM|GETADDR_PASSIVE)
485 
492 in_addr_t getaddr(unsigned int flags,
493  const char *hostname,
494  int resolve_retry_seconds,
495  bool *succeeded,
496  volatile int *signal_received);
497 
501 bool get_ipv6_addr(const char *hostname, struct in6_addr *network,
502  unsigned int *netbits, int msglevel);
503 
504 int openvpn_getaddrinfo(unsigned int flags,
505  const char *hostname,
506  const char *servname,
507  int resolve_retry_seconds,
508  volatile int *signal_received,
509  int ai_family,
510  struct addrinfo **res);
511 
512 /*
513  * Transport protocol naming and other details.
514  */
515 
516 /*
517  * Use enum's instead of #define to allow for easier
518  * optional proto support
519  */
520 enum proto_num {
521  PROTO_NONE, /* catch for uninitialized */
527 };
528 
529 static inline bool
530 proto_is_net(int proto)
531 {
532  ASSERT(proto >= 0 && proto < PROTO_N);
533  return proto != PROTO_NONE;
534 }
535 
539 static inline bool
540 proto_is_udp(int proto)
541 {
542  ASSERT(proto >= 0 && proto < PROTO_N);
543  return proto == PROTO_UDP;
544 }
545 
550 static inline bool
551 proto_is_dgram(int proto)
552 {
553  return proto_is_udp(proto);
554 }
555 
559 static inline bool
560 proto_is_tcp(int proto)
561 {
562  ASSERT(proto >= 0 && proto < PROTO_N);
563  return proto == PROTO_TCP_CLIENT || proto == PROTO_TCP_SERVER;
564 }
565 
566 
567 int ascii2proto(const char *proto_name);
568 
569 sa_family_t ascii2af(const char *proto_name);
570 
571 const char *proto2ascii(int proto, sa_family_t af, bool display_form);
572 
573 const char *proto2ascii_all(struct gc_arena *gc);
574 
575 const char *proto_remote(int proto, bool remote);
576 
577 const char *addr_family_name(int af);
578 
579 /*
580  * Overhead added to packets by various protocols.
581  */
582 #define IPv4_UDP_HEADER_SIZE 28
583 #define IPv4_TCP_HEADER_SIZE 40
584 #define IPv6_UDP_HEADER_SIZE 48
585 #define IPv6_TCP_HEADER_SIZE 60
586 
587 extern const int proto_overhead[];
588 
589 static inline int
591 {
592  ASSERT(proto >= 0 && proto < PROTO_N);
593  return proto_overhead [proto];
594 }
595 
596 /*
597  * Misc inline functions
598  */
599 
600 static inline bool
602 {
603  return !proto_is_dgram(proto);
604 }
605 
606 static inline bool
608 {
609  if (sock)
610  {
612  }
613  else
614  {
615  return false;
616  }
617 }
618 
619 static inline bool
621 {
622  if (!addr)
623  {
624  return 0;
625  }
626  switch (addr->addr.sa.sa_family)
627  {
628  case AF_INET: return addr->addr.in4.sin_addr.s_addr != 0;
629 
630  case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&addr->addr.in6.sin6_addr);
631 
632  default: return 0;
633  }
634 }
635 
636 static inline bool
637 addr_local(const struct sockaddr *addr)
638 {
639  if (!addr)
640  {
641  return false;
642  }
643  switch (addr->sa_family)
644  {
645  case AF_INET:
646  return ((const struct sockaddr_in *)addr)->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
647 
648  case AF_INET6:
649  return IN6_IS_ADDR_LOOPBACK(&((const struct sockaddr_in6 *)addr)->sin6_addr);
650 
651  default:
652  return false;
653  }
654 }
655 
656 
657 static inline bool
659 {
660 #if ENABLE_IP_PKTINFO
661  if (!lsa)
662  {
663  return 0;
664  }
665  switch (lsa->dest.addr.sa.sa_family)
666  {
667 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
668  case AF_INET: return lsa->pi.in4.ipi_spec_dst.s_addr != 0;
669 
670 #elif defined(IP_RECVDSTADDR)
671  case AF_INET: return lsa->pi.in4.s_addr != 0;
672 
673 #endif
674  case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&lsa->pi.in6.ipi6_addr);
675 
676  default: return 0;
677  }
678 #else /* if ENABLE_IP_PKTINFO */
679  ASSERT(0);
680 #endif
681  return false;
682 }
683 
684 static inline bool
686 {
687  return act && addr_defined(&act->dest);
688 }
689 
690 static inline bool
691 addr_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
692 {
693  switch (a1->addr.sa.sa_family)
694  {
695  case AF_INET:
696  return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr;
697 
698  case AF_INET6:
699  return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr);
700  }
701  ASSERT(0);
702  return false;
703 }
704 
705 static inline bool
706 addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
707 {
708  const struct addrinfo *curele;
709  for (curele = addrlist; curele; curele = curele->ai_next)
710  {
711  switch (a1->addr.sa.sa_family)
712  {
713  case AF_INET:
714  if (a1->addr.in4.sin_addr.s_addr == ((struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr)
715  {
716  return true;
717  }
718  break;
719 
720  case AF_INET6:
721  if (IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &((struct sockaddr_in6 *) curele->ai_addr)->sin6_addr))
722  {
723  return true;
724  }
725  break;
726 
727  default:
728  ASSERT(0);
729  }
730  }
731  return false;
732 }
733 
734 static inline in_addr_t
736 {
737  /*
738  * "public" addr returned is checked against ifconfig for
739  * possible clash: non sense for now given
740  * that we do ifconfig only IPv4
741  */
742  if (addr->addr.sa.sa_family != AF_INET)
743  {
744  return 0;
745  }
746  return ntohl(addr->addr.in4.sin_addr.s_addr);
747 }
748 
749 
750 static inline bool
751 addrlist_port_match(const struct openvpn_sockaddr *a1, const struct addrinfo *a2)
752 {
753  const struct addrinfo *curele;
754  for (curele = a2; curele; curele = curele->ai_next)
755  {
756  switch (a1->addr.sa.sa_family)
757  {
758  case AF_INET:
759  if (curele->ai_family == AF_INET
760  && a1->addr.in4.sin_addr.s_addr == ((struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr
761  && a1->addr.in4.sin_port == ((struct sockaddr_in *)curele->ai_addr)->sin_port)
762  {
763  return true;
764  }
765  break;
766 
767  case AF_INET6:
768  if (curele->ai_family == AF_INET6
769  && IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &((struct sockaddr_in6 *) curele->ai_addr)->sin6_addr)
770  && a1->addr.in6.sin6_port == ((struct sockaddr_in6 *) curele->ai_addr)->sin6_port)
771  {
772  return true;
773  }
774  break;
775 
776  default:
777  ASSERT(0);
778  }
779  }
780  return false;
781 }
782 
783 
784 
785 static inline bool
786 addr_port_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
787 {
788  switch (a1->addr.sa.sa_family)
789  {
790  case AF_INET:
791  return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr
792  && a1->addr.in4.sin_port == a2->addr.in4.sin_port;
793 
794  case AF_INET6:
795  return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr)
796  && a1->addr.in6.sin6_port == a2->addr.in6.sin6_port;
797  }
798  ASSERT(0);
799  return false;
800 }
801 
802 static inline bool
804  const struct openvpn_sockaddr *a2,
805  const int proto)
806 {
808  ? addr_match(a1, a2)
809  : addr_port_match(a1, a2);
810 }
811 
812 
813 static inline bool
815  struct addrinfo *addr_list,
816  const int proto)
817 {
819  ? addrlist_match(a1, addr_list)
820  : addrlist_port_match(a1, addr_list);
821 }
822 
823 static inline void
825 {
826  switch (addr->addr.sa.sa_family)
827  {
828  case AF_INET:
829  addr->addr.in4.sin_addr.s_addr = 0;
830  break;
831 
832  case AF_INET6:
833  memset(&addr->addr.in6.sin6_addr, 0, sizeof(struct in6_addr));
834  break;
835  }
836 }
837 
838 static inline void
839 addr_copy_sa(struct openvpn_sockaddr *dst, const struct openvpn_sockaddr *src)
840 {
841  dst->addr = src->addr;
842 }
843 
844 static inline bool
845 addr_inet4or6(struct sockaddr *addr)
846 {
847  return addr->sa_family == AF_INET || addr->sa_family == AF_INET6;
848 }
849 
850 int addr_guess_family(sa_family_t af,const char *name);
851 
852 static inline int
854 {
855  switch (af)
856  {
857  case AF_INET: return sizeof(struct sockaddr_in);
858 
859  case AF_INET6: return sizeof(struct sockaddr_in6);
860 
861  default:
862 #if 0
863  /* could be called from socket_do_accept() with empty addr */
864  msg(M_ERR, "Bad address family: %d\n", af);
865  ASSERT(0);
866 #endif
867  return 0;
868  }
869 }
870 
871 static inline bool
873 {
874  return addr_port_match(&a1->dest, &a2->dest);
875 }
876 
877 #if PORT_SHARE
878 
879 static inline bool
880 socket_foreign_protocol_detected(const struct link_socket *sock)
881 {
883  && sock->stream_buf.port_share_state == PS_FOREIGN;
884 }
885 
886 static inline const struct buffer *
887 socket_foreign_protocol_head(const struct link_socket *sock)
888 {
889  return &sock->stream_buf.buf;
890 }
891 
892 static inline int
893 socket_foreign_protocol_sd(const struct link_socket *sock)
894 {
895  return sock->sd;
896 }
897 
898 #endif /* if PORT_SHARE */
899 
900 static inline bool
902 {
904  {
905  if (sock->stream_reset || sock->stream_buf.error)
906  {
907  return true;
908  }
909  else if (status < 0)
910  {
911  const int err = openvpn_errno();
912 #ifdef _WIN32
913  return err == WSAECONNRESET || err == WSAECONNABORTED;
914 #else
915  return err == ECONNRESET;
916 #endif
917  }
918  }
919  return false;
920 }
921 
922 static inline bool
924  const struct link_socket_info *info,
925  const struct link_socket_actual *from_addr)
926 {
927  if (buf->len > 0)
928  {
929  switch (from_addr->dest.addr.sa.sa_family)
930  {
931  case AF_INET6:
932  case AF_INET:
933  if (!link_socket_actual_defined(from_addr))
934  {
935  return false;
936  }
937  if (info->remote_float || (!info->lsa->remote_list))
938  {
939  return true;
940  }
941  if (addrlist_match_proto(&from_addr->dest, info->lsa->remote_list, info->proto))
942  {
943  return true;
944  }
945  }
946  }
947  return false;
948 }
949 
950 static inline void
952  const struct link_socket_info *info,
953  struct link_socket_actual **act)
954 {
955  if (buf->len > 0)
956  {
957  struct link_socket_addr *lsa = info->lsa;
959  {
960  *act = &lsa->actual;
961  }
962  else
963  {
965  buf->len = 0;
966  *act = NULL;
967  }
968  }
969 }
970 
971 static inline void
973  const struct link_socket_actual *act,
974  const char *common_name,
975  struct env_set *es)
976 {
977  struct link_socket_addr *lsa = info->lsa;
978  if (
979  /* new or changed address? */
980  (!info->connection_established
981  || !addr_match_proto(&act->dest, &lsa->actual.dest, info->proto)
982  )
983  &&
984  /* address undef or address == remote or --float */
985  (info->remote_float
986  || (!lsa->remote_list || addrlist_match_proto(&act->dest, lsa->remote_list, info->proto))
987  )
988  )
989  {
990  link_socket_connection_initiated(info, act, common_name, es);
991  }
992 }
993 
994 bool stream_buf_read_setup_dowork(struct link_socket *sock);
995 
996 static inline bool
998 {
1000  {
1001  return stream_buf_read_setup_dowork(sock);
1002  }
1003  else
1004  {
1005  return true;
1006  }
1007 }
1008 
1009 /*
1010  * Socket Read Routines
1011  */
1012 
1013 int link_socket_read_tcp(struct link_socket *sock,
1014  struct buffer *buf);
1015 
1016 #ifdef _WIN32
1017 
1018 static inline int
1020  struct buffer *buf,
1021  struct link_socket_actual *from)
1022 {
1023  return socket_finalize(sock->sd, &sock->reads, buf, from);
1024 }
1025 
1026 #else /* ifdef _WIN32 */
1027 
1028 int link_socket_read_udp_posix(struct link_socket *sock,
1029  struct buffer *buf,
1030  struct link_socket_actual *from);
1031 
1032 #endif
1033 
1034 /* read a TCP or UDP packet from link */
1035 static inline int
1037  struct buffer *buf,
1038  struct link_socket_actual *from)
1039 {
1040  if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
1041  {
1042  int res;
1043 
1044 #ifdef _WIN32
1045  res = link_socket_read_udp_win32(sock, buf, from);
1046 #else
1047  res = link_socket_read_udp_posix(sock, buf, from);
1048 #endif
1049  return res;
1050  }
1051  else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
1052  {
1053  /* from address was returned by accept */
1054  addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest);
1055  return link_socket_read_tcp(sock, buf);
1056  }
1057  else
1058  {
1059  ASSERT(0);
1060  return -1; /* NOTREACHED */
1061  }
1062 }
1063 
1064 /*
1065  * Socket Write routines
1066  */
1067 
1068 int link_socket_write_tcp(struct link_socket *sock,
1069  struct buffer *buf,
1070  struct link_socket_actual *to);
1071 
1072 #ifdef _WIN32
1073 
1074 static inline int
1076  struct buffer *buf,
1077  struct link_socket_actual *to)
1078 {
1079  int err = 0;
1080  int status = 0;
1081  if (overlapped_io_active(&sock->writes))
1082  {
1083  status = socket_finalize(sock->sd, &sock->writes, NULL, NULL);
1084  if (status < 0)
1085  {
1086  err = WSAGetLastError();
1087  }
1088  }
1089  socket_send_queue(sock, buf, to);
1090  if (status < 0)
1091  {
1092  WSASetLastError(err);
1093  return status;
1094  }
1095  else
1096  {
1097  return BLEN(buf);
1098  }
1099 }
1100 
1101 #else /* ifdef _WIN32 */
1102 
1103 size_t link_socket_write_udp_posix_sendmsg(struct link_socket *sock,
1104  struct buffer *buf,
1105  struct link_socket_actual *to);
1106 
1107 
1108 static inline size_t
1109 link_socket_write_udp_posix(struct link_socket *sock,
1110  struct buffer *buf,
1111  struct link_socket_actual *to)
1112 {
1113 #if ENABLE_IP_PKTINFO
1114  if (proto_is_udp(sock->info.proto) && (sock->sockflags & SF_USE_IP_PKTINFO)
1115  && addr_defined_ipi(to))
1116  {
1117  return link_socket_write_udp_posix_sendmsg(sock, buf, to);
1118  }
1119  else
1120 #endif
1121  return sendto(sock->sd, BPTR(buf), BLEN(buf), 0,
1122  (struct sockaddr *) &to->dest.addr.sa,
1123  (socklen_t) af_addr_size(to->dest.addr.sa.sa_family));
1124 }
1125 
1126 static inline size_t
1127 link_socket_write_tcp_posix(struct link_socket *sock,
1128  struct buffer *buf,
1129  struct link_socket_actual *to)
1130 {
1131  return send(sock->sd, BPTR(buf), BLEN(buf), MSG_NOSIGNAL);
1132 }
1133 
1134 #endif /* ifdef _WIN32 */
1135 
1136 static inline size_t
1138  struct buffer *buf,
1139  struct link_socket_actual *to)
1140 {
1141 #ifdef _WIN32
1142  return link_socket_write_win32(sock, buf, to);
1143 #else
1144  return link_socket_write_udp_posix(sock, buf, to);
1145 #endif
1146 }
1147 
1148 /* write a TCP or UDP packet to link */
1149 static inline int
1151  struct buffer *buf,
1152  struct link_socket_actual *to)
1153 {
1154  if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
1155  {
1156  return link_socket_write_udp(sock, buf, to);
1157  }
1158  else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
1159  {
1160  return link_socket_write_tcp(sock, buf, to);
1161  }
1162  else
1163  {
1164  ASSERT(0);
1165  return -1; /* NOTREACHED */
1166  }
1167 }
1168 
1169 #if PASSTOS_CAPABILITY
1170 
1171 /*
1172  * Extract TOS bits. Assumes that ipbuf is a valid IPv4 packet.
1173  */
1174 static inline void
1175 link_socket_extract_tos(struct link_socket *ls, const struct buffer *ipbuf)
1176 {
1177  if (ls && ipbuf)
1178  {
1179  struct openvpn_iphdr *iph = (struct openvpn_iphdr *) BPTR(ipbuf);
1180  ls->ptos = iph->tos;
1181  ls->ptos_defined = true;
1182  }
1183 }
1184 
1185 /*
1186  * Set socket properties to reflect TOS bits which were extracted
1187  * from tunnel packet.
1188  */
1189 static inline void
1190 link_socket_set_tos(struct link_socket *ls)
1191 {
1192  if (ls && ls->ptos_defined)
1193  {
1194  setsockopt(ls->sd, IPPROTO_IP, IP_TOS, (const void *)&ls->ptos, sizeof(ls->ptos));
1195  }
1196 }
1197 
1198 #endif /* if PASSTOS_CAPABILITY */
1199 
1200 /*
1201  * Socket I/O wait functions
1202  */
1203 
1204 static inline bool
1206 {
1207  return s && s->stream_buf.residual_fully_formed;
1208 }
1209 
1210 static inline event_t
1212 {
1213 #ifdef _WIN32
1214  return &s->rw_handle;
1215 #else
1216  return s->sd;
1217 #endif
1218 }
1219 
1221 
1222 unsigned int
1223 socket_set(struct link_socket *s,
1224  struct event_set *es,
1225  unsigned int rwflags,
1226  void *arg,
1227  unsigned int *persistent);
1228 
1229 static inline void
1231  struct event_set *es,
1232  void *arg)
1233 {
1234  if (s && !s->listen_persistent_queued)
1235  {
1237  s->listen_persistent_queued = true;
1238  }
1239 }
1240 
1241 static inline void
1243 {
1244 #ifdef _WIN32
1246 #endif
1247 }
1248 
1249 const char *socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc);
1250 
1251 #endif /* SOCKET_H */
static void link_socket_get_outgoing_addr(struct buffer *buf, const struct link_socket_info *info, struct link_socket_actual **act)
Definition: socket.h:951
void setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
Definition: socket.c:2941
void link_socket_close(struct link_socket *sock)
Definition: socket.c:2259
#define MSG_NOSIGNAL
Definition: socket.h:252
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition: socket.c:3091
void bad_address_length(int actual, int expected)
Definition: socket.c:3182
int link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.c:3348
bool error
Definition: socket.h:140
static bool addr_match_proto(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2, const int proto)
Definition: socket.h:803
#define openvpn_errno()
Definition: error.h:78
int len
Definition: socket.h:138
void frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
Definition: socket.c:1664
static int link_socket_read_udp_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.h:1019
Contains all state information for one tunnel.
Definition: openvpn.h:463
const char * print_link_socket_actual_ex(const struct link_socket_actual *act, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2805
Packet geometry parameters.
Definition: mtu.h:93
static int af_addr_size(sa_family_t af)
Definition: socket.h:853
uint8_t tos
Definition: proto.h:111
const char * print_sockaddr_ex(const struct sockaddr *addr, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2714
static int link_socket_write_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1075
proto_num
Definition: socket.h:520
unsigned short sa_family_t
Definition: syshead.h:402
static int link_socket_read(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.h:1036
static bool proto_is_dgram(int proto)
Return if the protocol is datagram (UDP)
Definition: socket.h:551
static bool proto_is_udp(int proto)
Returns if the protocol being used is UDP.
Definition: socket.h:540
unsigned int socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition: socket.c:3800
static bool overlapped_io_active(struct overlapped_io *o)
Definition: win32.h:225
void setenv_in6_addr(struct env_set *es, const char *name_prefix, const struct in6_addr *addr, const unsigned int flags)
Definition: socket.c:3007
void link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.c:2394
static void addr_copy_sa(struct openvpn_sockaddr *dst, const struct openvpn_sockaddr *src)
Definition: socket.h:839
bool ip_addr_dotted_quad_safe(const char *dotted_quad)
Definition: socket.c:699
#define in_addr_t
Definition: config-msvc.h:103
bool mac_addr_safe(const char *mac_addr)
Definition: socket.c:802
void link_socket_init_phase2(struct context *c)
Definition: socket.c:2146
static in_addr_t addr_host(const struct openvpn_sockaddr *addr)
Definition: socket.h:735
void socket_adjust_frame_parameters(struct frame *frame, int proto)
Definition: socket.c:2312
struct cached_dns_entry * next
Definition: socket.h:81
static const char * print_openvpn_sockaddr(const struct openvpn_sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:332
static bool addr_inet4or6(struct sockaddr *addr)
Definition: socket.h:845
int link_socket_read_tcp(struct link_socket *sock, struct buffer *buf)
Definition: socket.c:3194
const int proto_overhead[]
Definition: socket.c:47
#define ASSERT(x)
Definition: error.h:204
Definition: socket.h:75
static bool link_socket_verify_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.h:923
static bool link_socket_connection_oriented(const struct link_socket *sock)
Definition: socket.h:607
static event_t socket_event_handle(const struct link_socket *s)
Definition: socket.h:1211
#define PS_SHOW_PORT
Definition: socket.h:310
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2876
int add(int a, int b)
struct sockaddr_in6 in6
Definition: socket.h:70
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:442
#define BPTR(buf)
Definition: buffer.h:124
void link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf)
Definition: socket.c:994
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition: socket.h:620
int ai_family
Definition: socket.h:78
static bool proto_is_tcp(int proto)
returns if the proto is a TCP variant (tcp-server, tcp-client or tcp)
Definition: socket.h:560
const char * hostname
Definition: socket.h:76
int socket_finalize(SOCKET s, struct overlapped_io *io, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.c:3668
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition: socket.c:2795
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:340
static bool addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
Definition: socket.h:706
static bool addr_defined_ipi(const struct link_socket_actual *lsa)
Definition: socket.h:658
bool ipv6_addr_safe(const char *ipv6_text_addr)
Definition: socket.c:749
static const char * print_openvpn_sockaddr_ex(const struct openvpn_sockaddr *addr, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.h:322
socket_descriptor_t create_socket_tcp(struct addrinfo *)
Definition: socket.c:1010
struct sockaddr_in in4
Definition: socket.h:69
static bool addr_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
Definition: socket.h:691
const char * addr_family_name(int af)
Definition: socket.c:3130
void link_socket_connection_initiated(struct link_socket_info *info, const struct link_socket_actual *addr, const char *common_name, struct env_set *es)
Definition: socket.c:2343
static bool link_socket_actual_defined(const struct link_socket_actual *act)
Definition: socket.h:685
static int link_socket_write(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1150
void link_socket_init_phase1(struct context *c, int mode)
Definition: socket.c:1851
const char * socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
Definition: socket.c:2497
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1436
static bool addr_port_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
Definition: socket.h:786
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:157
void setenv_link_socket_actual(struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, const unsigned int flags)
Definition: socket.c:3023
struct buffer buf
Definition: socket.h:136
bool ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
Definition: socket.c:785
static size_t link_socket_write_udp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1137
union openvpn_sockaddr::@10 addr
static bool socket_connection_reset(const struct link_socket *sock, int status)
Definition: socket.h:901
static bool proto_is_net(int proto)
Definition: socket.h:530
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition: socket.c:193
const char * print_in6_addr(struct in6_addr addr6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2896
static void link_socket_set_outgoing_addr(struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
Definition: socket.h:972
#define EVENT_READ
Definition: event.h:39
static bool stream_buf_read_setup(struct link_socket *sock)
Definition: socket.h:997
#define BLEN(buf)
Definition: buffer.h:127
bool stream_buf_read_setup_dowork(struct link_socket *sock)
Definition: socket.c:2598
void do_preresolve(struct context *c)
Definition: socket.c:341
#define msg(flags,...)
Definition: error.h:153
int openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
Definition: socket.c:675
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:3837
const char * proto2ascii_all(struct gc_arena *gc)
Definition: socket.c:3113
uint16_t packet_size_type
Definition: socket.h:55
#define M_ERR
Definition: error.h:114
#define IN6_ARE_ADDR_EQUAL(a, b)
Definition: win32.h:48
struct addrinfo * ai
Definition: socket.h:80
bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
Definition: socket.c:981
SOCKET socket_descriptor_t
Definition: syshead.h:445
long reset_net_event_win32(struct rw_handle *event, socket_descriptor_t sd)
Definition: win32.c:258
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
event_t socket_listen_event_handle(struct link_socket *s)
Definition: socket.c:2696
int socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
Definition: socket.c:3560
#define buf_init(buf, offset)
Definition: buffer.h:196
void setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
Definition: socket.c:2994
bool residual_fully_formed
Definition: socket.h:134
sa_family_t ascii2af(const char *proto_name)
Definition: socket.c:3077
int addr_guess_family(sa_family_t af, const char *name)
bool get_ipv6_addr(const char *hostname, struct in6_addr *network, unsigned int *netbits, int msglevel)
Translate an IPv6 addr or hostname from string form to in6_addr.
Definition: socket.c:224
int ascii2proto(const char *proto_name)
Definition: socket.c:3063
static void socket_reset_listen_persistent(struct link_socket *s)
Definition: socket.h:1242
const char * proto_remote(int proto, bool remote)
Definition: socket.c:3154
int flags
Definition: socket.h:79
static void addr_zero_host(struct openvpn_sockaddr *addr)
Definition: socket.h:824
static bool addrlist_match_proto(const struct openvpn_sockaddr *a1, struct addrinfo *addr_list, const int proto)
Definition: socket.h:814
struct in6_addr add_in6_addr(struct in6_addr base, uint32_t add)
Definition: socket.c:2918
static bool socket_read_residual(const struct link_socket *s)
Definition: socket.h:1205
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static bool link_socket_actual_match(const struct link_socket_actual *a1, const struct link_socket_actual *a2)
Definition: socket.h:872
const struct in6_addr * link_socket_current_remote_ipv6(const struct link_socket_info *info)
Definition: socket.c:2464
static bool addr_local(const struct sockaddr *addr)
Definition: socket.h:637
int socket_recv_queue(struct link_socket *sock, int maxsize)
Definition: socket.c:3450
void set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
Definition: socket.c:1532
static int datagram_overhead(int proto)
Definition: socket.h:590
static SERVICE_STATUS status
Definition: interactive.c:56
#define SF_USE_IP_PKTINFO
Definition: socket.h:203
static void socket_set_listen_persistent(struct link_socket *s, struct event_set *es, void *arg)
Definition: socket.h:1230
struct sockaddr sa
Definition: socket.h:68
struct link_socket * link_socket_new(void)
Definition: socket.c:1840
void setenv_trusted(struct env_set *es, const struct link_socket_info *info)
Definition: socket.c:2321
in_addr_t link_socket_current_remote(const struct link_socket_info *info)
Definition: socket.c:2429
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int af_family, const char *prefix, bool ipv6only)
Definition: socket.c:1382
void link_socket_bad_outgoing_addr(void)
Definition: socket.c:2423
static bool link_socket_proto_connection_oriented(int proto)
Definition: socket.h:601
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1216
static bool addrlist_port_match(const struct openvpn_sockaddr *a1, const struct addrinfo *a2)
Definition: socket.h:751
int maxlen
Definition: socket.h:133
const char * servname
Definition: socket.h:77