OpenVPN
socket.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifndef SOCKET_H
25 #define SOCKET_H
26 
27 #include "buffer.h"
28 #include "common.h"
29 #include "error.h"
30 #include "proto.h"
31 #include "mtu.h"
32 #include "win32.h"
33 #include "event.h"
34 #include "proxy.h"
35 #include "socks.h"
36 #include "misc.h"
37 
38 /*
39  * OpenVPN's default port number as assigned by IANA.
40  */
41 #define OPENVPN_PORT "1194"
42 
43 /*
44  * Number of seconds that "resolv-retry infinite"
45  * represents.
46  */
47 #define RESOLV_RETRY_INFINITE 1000000000
48 
49 /*
50  * packet_size_type is used to communicate packet size
51  * over the wire when stream oriented protocols are
52  * being used
53  */
54 
56 
57 /* convert a packet_size_type from host to network order */
58 #define htonps(x) htons(x)
59 
60 /* convert a packet_size_type from network to host order */
61 #define ntohps(x) ntohs(x)
62 
63 /* OpenVPN sockaddr struct */
65 {
66  /*int dummy;*/ /* add offset to force a bug if sa not explicitly dereferenced */
67  union {
68  struct sockaddr sa;
69  struct sockaddr_in in4;
70  struct sockaddr_in6 in6;
71  } addr;
72 };
73 
74 /* struct to hold preresolved host names */
76  const char *hostname;
77  const char *servname;
78  int ai_family;
79  int flags;
80  struct addrinfo *ai;
82 };
83 
84 /* actual address of remote, based on source address of received packets */
86 {
87  /*int dummy;*/ /* add offset to force a bug if dest not explicitly dereferenced */
88 
90 #if ENABLE_IP_PKTINFO
91  union {
92 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
93  struct in_pktinfo in4;
94 #elif defined(IP_RECVDSTADDR)
95  struct in_addr in4;
96 #endif
97  struct in6_pktinfo in6;
98  } pi;
99 #endif
100 };
101 
102 /* IP addresses which are persistant across SIGUSR1s */
104 {
105  struct addrinfo *bind_local;
106  struct addrinfo *remote_list; /* complete remote list */
107  struct addrinfo *current_remote; /* remote used in the
108  * current connection attempt */
109  struct link_socket_actual actual; /* reply to this address */
110 };
111 
113 {
116  const char *ipchange_command;
117  const struct plugin_list *plugins;
119  int proto; /* Protocol (PROTO_x defined below) */
120  sa_family_t af; /* Address family like AF_INET, AF_INET6 or AF_UNSPEC*/
122  int mtu_changed; /* Set to true when mtu value is changed */
123 };
124 
125 /*
126  * Used to extract packets encapsulated in streams into a buffer,
127  * in this case IP packets embedded in a TCP stream.
128  */
130 {
131  struct buffer buf_init;
132  struct buffer residual;
133  int maxlen;
135 
136  struct buffer buf;
137  struct buffer next;
138  int len; /* -1 if not yet known */
139 
140  bool error; /* if true, fatal TCP error has occurred,
141  * requiring that connection be restarted */
142 #if PORT_SHARE
143 #define PS_DISABLED 0
144 #define PS_ENABLED 1
145 #define PS_FOREIGN 2
146  int port_share_state;
147 #endif
148 };
149 
150 /*
151  * Used to set socket buffer sizes
152  */
154 {
155  int rcvbuf;
156  int sndbuf;
157 };
158 
159 /*
160  * This is the main socket structure used by OpenVPN. The SOCKET_
161  * defines try to abstract away our implementation differences between
162  * using sockets on Posix vs. Win32.
163  */
165 {
166  struct link_socket_info info;
167 
169  socket_descriptor_t ctrl_sd; /* only used for UDP over Socks */
170 
171 #ifdef _WIN32
172  struct overlapped_io reads;
173  struct overlapped_io writes;
175  struct rw_handle listen_handle; /* For listening on TCP socket in server mode */
176 #endif
177 
178  /* used for printing status info only */
179  unsigned int rwflags_debug;
180 
181  /* used for long-term queueing of pre-accepted socket listen */
183 
184  const char *remote_host;
185  const char *remote_port;
186  const char *local_host;
187  const char *local_port;
190 
191 #define INETD_NONE 0
192 #define INETD_WAIT 1
193 #define INETD_NOWAIT 2
194  int inetd;
195 
196 #define LS_MODE_DEFAULT 0
197 #define LS_MODE_TCP_LISTEN 1
198 #define LS_MODE_TCP_ACCEPT_FROM 2
199  int mode;
200 
203 
204  struct socket_buffer_size socket_buffer_sizes;
205 
206  int mtu; /* OS discovered MTU, or 0 if unknown */
207 
208 #define SF_USE_IP_PKTINFO (1<<0)
209 #define SF_TCP_NODELAY (1<<1)
210 #define SF_PORT_SHARE (1<<2)
211 #define SF_HOST_RANDOMIZE (1<<3)
212 #define SF_GETADDRINFO_DGRAM (1<<4)
213  unsigned int sockflags;
214  int mark;
215 
216  /* for stream sockets */
218  struct buffer stream_buf_data;
220 
221  /* HTTP proxy */
223 
224  /* Socks proxy */
226  struct link_socket_actual socks_relay; /* Socks UDP relay address */
227 
228  /* The OpenVPN server we will use the proxy to connect to */
229  const char *proxy_dest_host;
230  const char *proxy_dest_port;
231 
232  /* Pointer to the server-poll to trigger the timeout in function which have
233  * their own loop instead of using the main oop */
235 
236 #if PASSTOS_CAPABILITY
237  /* used to get/set TOS. */
238 #if defined(TARGET_LINUX)
239  uint8_t ptos;
240 #else /* all the BSDs, Solaris, MacOS use plain "int" -> see "man ip" there */
241  int ptos;
242 #endif
243  bool ptos_defined;
244 #endif
245 
246 #ifdef ENABLE_DEBUG
247  int gremlin; /* --gremlin bits */
248 #endif
249 };
250 
251 /*
252  * Some Posix/Win32 differences.
253  */
254 
255 #ifndef MSG_NOSIGNAL
256 #define MSG_NOSIGNAL 0
257 #endif
258 
259 #ifdef _WIN32
260 
261 #define openvpn_close_socket(s) closesocket(s)
262 
263 int socket_recv_queue(struct link_socket *sock, int maxsize);
264 
265 int socket_send_queue(struct link_socket *sock,
266  struct buffer *buf,
267  const struct link_socket_actual *to);
268 
269 int socket_finalize(
270  SOCKET s,
271  struct overlapped_io *io,
272  struct buffer *buf,
273  struct link_socket_actual *from);
274 
275 #else /* ifdef _WIN32 */
276 
277 #define openvpn_close_socket(s) close(s)
278 
279 #endif
280 
281 struct link_socket *link_socket_new(void);
282 
284  struct addrinfo *local,
285  int af_family,
286  const char *prefix,
287  bool ipv6only);
288 
290  const struct sockaddr *remote,
291  int connect_timeout,
292  volatile int *signal_received);
293 
294 
295 
296 /*
297  * Initialize link_socket object.
298  */
299 
300 void
302  const char *local_host,
303  const char *local_port,
304  const char *remote_host,
305  const char *remote_port,
306  struct cached_dns_entry *dns_cache,
307  int proto,
308  sa_family_t af,
309  bool bind_ipv6_only,
310  int mode,
311  const struct link_socket *accept_from,
312  struct http_proxy_info *http_proxy,
314 #ifdef ENABLE_DEBUG
315  int gremlin,
316 #endif
317  bool bind_local,
318  bool remote_float,
319  int inetd,
320  struct link_socket_addr *lsa,
321  const char *ipchange_command,
322  const struct plugin_list *plugins,
324  int mtu_discover_type,
325  int rcvbuf,
326  int sndbuf,
327  int mark,
329  unsigned int sockflags);
330 
331 void link_socket_init_phase2(struct link_socket *sock,
332  const struct frame *frame,
333  struct signal_info *sig_info);
334 
335 void do_preresolve(struct context *c);
336 
337 void socket_adjust_frame_parameters(struct frame *frame, int proto);
338 
339 void frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto);
340 
341 void link_socket_close(struct link_socket *sock);
342 
344 
345 #define PS_SHOW_PORT_IF_DEFINED (1<<0)
346 #define PS_SHOW_PORT (1<<1)
347 #define PS_SHOW_PKTINFO (1<<2)
348 #define PS_DONT_SHOW_ADDR (1<<3)
349 #define PS_DONT_SHOW_FAMILY (1<<4)
350 
351 const char *print_sockaddr_ex(const struct sockaddr *addr,
352  const char *separator,
353  const unsigned int flags,
354  struct gc_arena *gc);
355 
356 static inline
357 const char *
359  const char *separator,
360  const unsigned int flags,
361  struct gc_arena *gc)
362 {
363  return print_sockaddr_ex(&addr->addr.sa, separator, flags, gc);
364 }
365 
366 static inline
367 const char *
369  struct gc_arena *gc)
370 {
371  return print_sockaddr_ex(&addr->addr.sa, ":", PS_SHOW_PORT, gc);
372 }
373 
374 static inline
375 const char *
376 print_sockaddr(const struct sockaddr *addr,
377  struct gc_arena *gc)
378 {
379  return print_sockaddr_ex(addr, ":", PS_SHOW_PORT, gc);
380 }
381 
382 
383 
384 const char *print_link_socket_actual_ex(const struct link_socket_actual *act,
385  const char *separator,
386  const unsigned int flags,
387  struct gc_arena *gc);
388 
389 const char *print_link_socket_actual(const struct link_socket_actual *act,
390  struct gc_arena *gc);
391 
392 
393 #define IA_EMPTY_IF_UNDEF (1<<0)
394 #define IA_NET_ORDER (1<<1)
395 const char *print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc);
396 
397 const char *print_in6_addr(struct in6_addr addr6, unsigned int flags, struct gc_arena *gc);
398 
399 struct in6_addr add_in6_addr( struct in6_addr base, uint32_t add );
400 
401 #define SA_IP_PORT (1<<0)
402 #define SA_SET_IF_NONZERO (1<<1)
403 void setenv_sockaddr(struct env_set *es,
404  const char *name_prefix,
405  const struct openvpn_sockaddr *addr,
406  const unsigned int flags);
407 
408 void setenv_in_addr_t(struct env_set *es,
409  const char *name_prefix,
410  in_addr_t addr,
411  const unsigned int flags);
412 
413 void setenv_in6_addr(struct env_set *es,
414  const char *name_prefix,
415  const struct in6_addr *addr,
416  const unsigned int flags);
417 
418 void setenv_link_socket_actual(struct env_set *es,
419  const char *name_prefix,
420  const struct link_socket_actual *act,
421  const unsigned int flags);
422 
423 void bad_address_length(int actual, int expected);
424 
425 /* IPV4_INVALID_ADDR: returned by link_socket_current_remote()
426  * to ease redirect-gateway logic for ipv4 tunnels on ipv6 endpoints
427  */
428 #define IPV4_INVALID_ADDR 0xffffffff
430 
431 const struct in6_addr *link_socket_current_remote_ipv6
432  (const struct link_socket_info *info);
433 
434 void link_socket_connection_initiated(const struct buffer *buf,
435  struct link_socket_info *info,
436  const struct link_socket_actual *addr,
437  const char *common_name,
438  struct env_set *es);
439 
440 void link_socket_bad_incoming_addr(struct buffer *buf,
441  const struct link_socket_info *info,
442  const struct link_socket_actual *from_addr);
443 
444 void set_actual_address(struct link_socket_actual *actual,
445  struct addrinfo *ai);
446 
448 
449 void setenv_trusted(struct env_set *es, const struct link_socket_info *info);
450 
451 bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags);
452 
453 void link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf);
454 
455 /*
456  * Low-level functions
457  */
458 
459 /* return values of openvpn_inet_aton */
460 #define OIA_HOSTNAME 0
461 #define OIA_IP 1
462 #define OIA_ERROR -1
463 int openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr);
464 
465 /* integrity validation on pulled options */
466 bool ip_addr_dotted_quad_safe(const char *dotted_quad);
467 
468 bool ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn);
469 
470 bool mac_addr_safe(const char *mac_addr);
471 
472 bool ipv6_addr_safe(const char *ipv6_text_addr);
473 
474 socket_descriptor_t create_socket_tcp(struct addrinfo *);
475 
477  struct link_socket_actual *act,
478  const bool nowait);
479 
480 /*
481  * proto related
482  */
483 bool proto_is_net(int proto);
484 
485 bool proto_is_dgram(int proto);
486 
487 bool proto_is_udp(int proto);
488 
489 bool proto_is_tcp(int proto);
490 
491 
492 #if UNIX_SOCK_SUPPORT
493 
494 socket_descriptor_t create_socket_unix(void);
495 
496 void socket_bind_unix(socket_descriptor_t sd,
497  struct sockaddr_un *local,
498  const char *prefix);
499 
500 socket_descriptor_t socket_accept_unix(socket_descriptor_t sd,
501  struct sockaddr_un *remote);
502 
503 int socket_connect_unix(socket_descriptor_t sd,
504  struct sockaddr_un *remote);
505 
506 void sockaddr_unix_init(struct sockaddr_un *local, const char *path);
507 
508 const char *sockaddr_unix_name(const struct sockaddr_un *local, const char *null);
509 
510 void socket_delete_unix(const struct sockaddr_un *local);
511 
512 bool unix_socket_get_peer_uid_gid(const socket_descriptor_t sd, int *uid, int *gid);
513 
514 #endif /* if UNIX_SOCK_SUPPORT */
515 
516 /*
517  * DNS resolution
518  */
519 
520 #define GETADDR_RESOLVE (1<<0)
521 #define GETADDR_FATAL (1<<1)
522 #define GETADDR_HOST_ORDER (1<<2)
523 #define GETADDR_MENTION_RESOLVE_RETRY (1<<3)
524 #define GETADDR_FATAL_ON_SIGNAL (1<<4)
525 #define GETADDR_WARN_ON_SIGNAL (1<<5)
526 #define GETADDR_MSG_VIRT_OUT (1<<6)
527 #define GETADDR_TRY_ONCE (1<<7)
528 #define GETADDR_UPDATE_MANAGEMENT_STATE (1<<8)
529 #define GETADDR_RANDOMIZE (1<<9)
530 #define GETADDR_PASSIVE (1<<10)
531 #define GETADDR_DATAGRAM (1<<11)
532 
533 #define GETADDR_CACHE_MASK (GETADDR_DATAGRAM|GETADDR_PASSIVE)
534 
535 in_addr_t getaddr(unsigned int flags,
536  const char *hostname,
537  int resolve_retry_seconds,
538  bool *succeeded,
539  volatile int *signal_received);
540 
541 int openvpn_getaddrinfo(unsigned int flags,
542  const char *hostname,
543  const char *servname,
544  int resolve_retry_seconds,
545  volatile int *signal_received,
546  int ai_family,
547  struct addrinfo **res);
548 
549 /*
550  * Transport protocol naming and other details.
551  */
552 
553 /*
554  * Use enum's instead of #define to allow for easier
555  * optional proto support
556  */
557 enum proto_num {
558  PROTO_NONE, /* catch for uninitialized */
564 };
565 
566 int ascii2proto(const char *proto_name);
567 
568 sa_family_t ascii2af(const char *proto_name);
569 
570 const char *proto2ascii(int proto, sa_family_t af, bool display_form);
571 
572 const char *proto2ascii_all(struct gc_arena *gc);
573 
574 const char *proto_remote(int proto, bool remote);
575 
576 const char *addr_family_name(int af);
577 
578 /*
579  * Overhead added to packets by various protocols.
580  */
581 #define IPv4_UDP_HEADER_SIZE 28
582 #define IPv4_TCP_HEADER_SIZE 40
583 #define IPv6_UDP_HEADER_SIZE 48
584 #define IPv6_TCP_HEADER_SIZE 60
585 
586 extern const int proto_overhead[];
587 
588 static inline int
590 {
591  ASSERT(proto >= 0 && proto < PROTO_N);
592  return proto_overhead [proto];
593 }
594 
595 /*
596  * Misc inline functions
597  */
598 
599 static inline bool
601 {
602  return !proto_is_dgram(proto);
603 }
604 
605 static inline bool
607 {
608  if (sock)
609  {
611  }
612  else
613  {
614  return false;
615  }
616 }
617 
618 static inline bool
620 {
621  if (!addr)
622  {
623  return 0;
624  }
625  switch (addr->addr.sa.sa_family)
626  {
627  case AF_INET: return addr->addr.in4.sin_addr.s_addr != 0;
628 
629  case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&addr->addr.in6.sin6_addr);
630 
631  default: return 0;
632  }
633 }
634 
635 static inline bool
636 addr_local(const struct sockaddr *addr)
637 {
638  if (!addr)
639  {
640  return false;
641  }
642  switch (addr->sa_family)
643  {
644  case AF_INET:
645  return ((const struct sockaddr_in *)addr)->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
646 
647  case AF_INET6:
648  return IN6_IS_ADDR_LOOPBACK(&((const struct sockaddr_in6 *)addr)->sin6_addr);
649 
650  default:
651  return false;
652  }
653 }
654 
655 
656 static inline bool
658 {
659 #if ENABLE_IP_PKTINFO
660  if (!lsa)
661  {
662  return 0;
663  }
664  switch (lsa->dest.addr.sa.sa_family)
665  {
666 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
667  case AF_INET: return lsa->pi.in4.ipi_spec_dst.s_addr != 0;
668 
669 #elif defined(IP_RECVDSTADDR)
670  case AF_INET: return lsa->pi.in4.s_addr != 0;
671 
672 #endif
673  case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&lsa->pi.in6.ipi6_addr);
674 
675  default: return 0;
676  }
677 #else /* if ENABLE_IP_PKTINFO */
678  ASSERT(0);
679 #endif
680  return false;
681 }
682 
683 static inline bool
685 {
686  return act && addr_defined(&act->dest);
687 }
688 
689 static inline bool
690 addr_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
691 {
692  switch (a1->addr.sa.sa_family)
693  {
694  case AF_INET:
695  return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr;
696 
697  case AF_INET6:
698  return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr);
699  }
700  ASSERT(0);
701  return false;
702 }
703 
704 static inline bool
705 addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
706 {
707  const struct addrinfo *curele;
708  for (curele = addrlist; curele; curele = curele->ai_next)
709  {
710  switch (a1->addr.sa.sa_family)
711  {
712  case AF_INET:
713  if (a1->addr.in4.sin_addr.s_addr == ((struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr)
714  {
715  return true;
716  }
717  break;
718 
719  case AF_INET6:
720  if (IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &((struct sockaddr_in6 *) curele->ai_addr)->sin6_addr))
721  {
722  return true;
723  }
724  break;
725 
726  default:
727  ASSERT(0);
728  }
729  }
730  return false;
731 }
732 
733 static inline in_addr_t
735 {
736  /*
737  * "public" addr returned is checked against ifconfig for
738  * possible clash: non sense for now given
739  * that we do ifconfig only IPv4
740  */
741  if (addr->addr.sa.sa_family != AF_INET)
742  {
743  return 0;
744  }
745  return ntohl(addr->addr.in4.sin_addr.s_addr);
746 }
747 
748 
749 static inline bool
750 addrlist_port_match(const struct openvpn_sockaddr *a1, const struct addrinfo *a2)
751 {
752  const struct addrinfo *curele;
753  for (curele = a2; curele; curele = curele->ai_next)
754  {
755  switch (a1->addr.sa.sa_family)
756  {
757  case AF_INET:
758  if (curele->ai_family == AF_INET
759  && a1->addr.in4.sin_addr.s_addr == ((struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr
760  && a1->addr.in4.sin_port == ((struct sockaddr_in *)curele->ai_addr)->sin_port)
761  {
762  return true;
763  }
764  break;
765 
766  case AF_INET6:
767  if (curele->ai_family == AF_INET6
768  && IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &((struct sockaddr_in6 *) curele->ai_addr)->sin6_addr)
769  && a1->addr.in6.sin6_port == ((struct sockaddr_in6 *) curele->ai_addr)->sin6_port)
770  {
771  return true;
772  }
773  break;
774 
775  default:
776  ASSERT(0);
777  }
778  }
779  return false;
780 }
781 
782 
783 
784 static inline bool
785 addr_port_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
786 {
787  switch (a1->addr.sa.sa_family)
788  {
789  case AF_INET:
790  return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr
791  && a1->addr.in4.sin_port == a2->addr.in4.sin_port;
792 
793  case AF_INET6:
794  return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr)
795  && a1->addr.in6.sin6_port == a2->addr.in6.sin6_port;
796  }
797  ASSERT(0);
798  return false;
799 }
800 
801 static inline bool
803  const struct openvpn_sockaddr *a2,
804  const int proto)
805 {
807  ? addr_match(a1, a2)
808  : addr_port_match(a1, a2);
809 }
810 
811 
812 static inline bool
814  struct addrinfo *addr_list,
815  const int proto)
816 {
818  ? addrlist_match(a1, addr_list)
819  : addrlist_port_match(a1, addr_list);
820 }
821 
822 static inline void
824 {
825  switch (addr->addr.sa.sa_family)
826  {
827  case AF_INET:
828  addr->addr.in4.sin_addr.s_addr = 0;
829  break;
830 
831  case AF_INET6:
832  memset(&addr->addr.in6.sin6_addr, 0, sizeof(struct in6_addr));
833  break;
834  }
835 }
836 
837 static inline void
839 {
840  dst->addr = src->addr;
841 }
842 
843 static inline bool
844 addr_inet4or6(struct sockaddr *addr)
845 {
846  return addr->sa_family == AF_INET || addr->sa_family == AF_INET6;
847 }
848 
849 int addr_guess_family(sa_family_t af,const char *name);
850 
851 static inline int
853 {
854  switch (af)
855  {
856  case AF_INET: return sizeof(struct sockaddr_in);
857 
858  case AF_INET6: return sizeof(struct sockaddr_in6);
859 
860  default:
861 #if 0
862  /* could be called from socket_do_accept() with empty addr */
863  msg(M_ERR, "Bad address family: %d\n", af);
864  ASSERT(0);
865 #endif
866  return 0;
867  }
868 }
869 
870 static inline bool
872 {
873  return addr_port_match(&a1->dest, &a2->dest);
874 }
875 
876 #if PORT_SHARE
877 
878 static inline bool
879 socket_foreign_protocol_detected(const struct link_socket *sock)
880 {
882  && sock->stream_buf.port_share_state == PS_FOREIGN;
883 }
884 
885 static inline const struct buffer *
886 socket_foreign_protocol_head(const struct link_socket *sock)
887 {
888  return &sock->stream_buf.buf;
889 }
890 
891 static inline int
892 socket_foreign_protocol_sd(const struct link_socket *sock)
893 {
894  return sock->sd;
895 }
896 
897 #endif /* if PORT_SHARE */
898 
899 static inline bool
901 {
903  {
904  if (sock->stream_reset || sock->stream_buf.error)
905  {
906  return true;
907  }
908  else if (status < 0)
909  {
910  const int err = openvpn_errno();
911 #ifdef _WIN32
912  return err == WSAECONNRESET || err == WSAECONNABORTED;
913 #else
914  return err == ECONNRESET;
915 #endif
916  }
917  }
918  return false;
919 }
920 
921 static inline bool
923  const struct link_socket_info *info,
924  const struct link_socket_actual *from_addr)
925 {
926  if (buf->len > 0)
927  {
928  switch (from_addr->dest.addr.sa.sa_family)
929  {
930  case AF_INET6:
931  case AF_INET:
932  if (!link_socket_actual_defined(from_addr))
933  {
934  return false;
935  }
936  if (info->remote_float || (!info->lsa->remote_list))
937  {
938  return true;
939  }
940  if (addrlist_match_proto(&from_addr->dest, info->lsa->remote_list, info->proto))
941  {
942  return true;
943  }
944  }
945  }
946  return false;
947 }
948 
949 static inline void
951  const struct link_socket_info *info,
952  struct link_socket_actual **act)
953 {
954  if (buf->len > 0)
955  {
956  struct link_socket_addr *lsa = info->lsa;
958  {
959  *act = &lsa->actual;
960  }
961  else
962  {
964  buf->len = 0;
965  *act = NULL;
966  }
967  }
968 }
969 
970 static inline void
972  struct link_socket_info *info,
973  const struct link_socket_actual *act,
974  const char *common_name,
975  struct env_set *es)
976 {
977  if (!buf || buf->len > 0)
978  {
979  struct link_socket_addr *lsa = info->lsa;
980  if (
981  /* new or changed address? */
982  (!info->connection_established
983  || !addr_match_proto(&act->dest, &lsa->actual.dest, info->proto)
984  )
985  &&
986  /* address undef or address == remote or --float */
987  (info->remote_float
988  || (!lsa->remote_list || addrlist_match_proto(&act->dest, lsa->remote_list, info->proto))
989  )
990  )
991  {
992  link_socket_connection_initiated(buf, info, act, common_name, es);
993  }
994  }
995 }
996 
997 static inline bool
999 {
1000  bool stream_buf_read_setup_dowork(struct link_socket *sock);
1001 
1003  {
1004  return stream_buf_read_setup_dowork(sock);
1005  }
1006  else
1007  {
1008  return true;
1009  }
1010 }
1011 
1012 /*
1013  * Socket Read Routines
1014  */
1015 
1016 int link_socket_read_tcp(struct link_socket *sock,
1017  struct buffer *buf);
1018 
1019 #ifdef _WIN32
1020 
1021 static inline int
1023  struct buffer *buf,
1024  struct link_socket_actual *from)
1025 {
1026  return socket_finalize(sock->sd, &sock->reads, buf, from);
1027 }
1028 
1029 #else /* ifdef _WIN32 */
1030 
1031 int link_socket_read_udp_posix(struct link_socket *sock,
1032  struct buffer *buf,
1033  struct link_socket_actual *from);
1034 
1035 #endif
1036 
1037 /* read a TCP or UDP packet from link */
1038 static inline int
1040  struct buffer *buf,
1041  struct link_socket_actual *from)
1042 {
1043  if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
1044  {
1045  int res;
1046 
1047 #ifdef _WIN32
1048  res = link_socket_read_udp_win32(sock, buf, from);
1049 #else
1050  res = link_socket_read_udp_posix(sock, buf, from);
1051 #endif
1052  return res;
1053  }
1054  else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
1055  {
1056  /* from address was returned by accept */
1057  addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest);
1058  return link_socket_read_tcp(sock, buf);
1059  }
1060  else
1061  {
1062  ASSERT(0);
1063  return -1; /* NOTREACHED */
1064  }
1065 }
1066 
1067 /*
1068  * Socket Write routines
1069  */
1070 
1071 int link_socket_write_tcp(struct link_socket *sock,
1072  struct buffer *buf,
1073  struct link_socket_actual *to);
1074 
1075 #ifdef _WIN32
1076 
1077 static inline int
1079  struct buffer *buf,
1080  struct link_socket_actual *to)
1081 {
1082  int err = 0;
1083  int status = 0;
1084  if (overlapped_io_active(&sock->writes))
1085  {
1086  status = socket_finalize(sock->sd, &sock->writes, NULL, NULL);
1087  if (status < 0)
1088  {
1089  err = WSAGetLastError();
1090  }
1091  }
1092  socket_send_queue(sock, buf, to);
1093  if (status < 0)
1094  {
1095  WSASetLastError(err);
1096  return status;
1097  }
1098  else
1099  {
1100  return BLEN(buf);
1101  }
1102 }
1103 
1104 #else /* ifdef _WIN32 */
1105 
1106 static inline size_t
1107 link_socket_write_udp_posix(struct link_socket *sock,
1108  struct buffer *buf,
1109  struct link_socket_actual *to)
1110 {
1111 #if ENABLE_IP_PKTINFO
1112  size_t link_socket_write_udp_posix_sendmsg(struct link_socket *sock,
1113  struct buffer *buf,
1114  struct link_socket_actual *to);
1115 
1116  if (proto_is_udp(sock->info.proto) && (sock->sockflags & SF_USE_IP_PKTINFO)
1117  && addr_defined_ipi(to))
1118  {
1119  return link_socket_write_udp_posix_sendmsg(sock, buf, to);
1120  }
1121  else
1122 #endif
1123  return sendto(sock->sd, BPTR(buf), BLEN(buf), 0,
1124  (struct sockaddr *) &to->dest.addr.sa,
1125  (socklen_t) af_addr_size(to->dest.addr.sa.sa_family));
1126 }
1127 
1128 static inline size_t
1129 link_socket_write_tcp_posix(struct link_socket *sock,
1130  struct buffer *buf,
1131  struct link_socket_actual *to)
1132 {
1133  return send(sock->sd, BPTR(buf), BLEN(buf), MSG_NOSIGNAL);
1134 }
1135 
1136 #endif /* ifdef _WIN32 */
1137 
1138 static inline size_t
1140  struct buffer *buf,
1141  struct link_socket_actual *to)
1142 {
1143 #ifdef _WIN32
1144  return link_socket_write_win32(sock, buf, to);
1145 #else
1146  return link_socket_write_udp_posix(sock, buf, to);
1147 #endif
1148 }
1149 
1150 /* write a TCP or UDP packet to link */
1151 static inline int
1153  struct buffer *buf,
1154  struct link_socket_actual *to)
1155 {
1156  if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
1157  {
1158  return link_socket_write_udp(sock, buf, to);
1159  }
1160  else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
1161  {
1162  return link_socket_write_tcp(sock, buf, to);
1163  }
1164  else
1165  {
1166  ASSERT(0);
1167  return -1; /* NOTREACHED */
1168  }
1169 }
1170 
1171 #if PASSTOS_CAPABILITY
1172 
1173 /*
1174  * Extract TOS bits. Assumes that ipbuf is a valid IPv4 packet.
1175  */
1176 static inline void
1177 link_socket_extract_tos(struct link_socket *ls, const struct buffer *ipbuf)
1178 {
1179  if (ls && ipbuf)
1180  {
1181  struct openvpn_iphdr *iph = (struct openvpn_iphdr *) BPTR(ipbuf);
1182  ls->ptos = iph->tos;
1183  ls->ptos_defined = true;
1184  }
1185 }
1186 
1187 /*
1188  * Set socket properties to reflect TOS bits which were extracted
1189  * from tunnel packet.
1190  */
1191 static inline void
1192 link_socket_set_tos(struct link_socket *ls)
1193 {
1194  if (ls && ls->ptos_defined)
1195  {
1196  setsockopt(ls->sd, IPPROTO_IP, IP_TOS, (const void *)&ls->ptos, sizeof(ls->ptos));
1197  }
1198 }
1199 
1200 #endif /* if PASSTOS_CAPABILITY */
1201 
1202 /*
1203  * Socket I/O wait functions
1204  */
1205 
1206 static inline bool
1208 {
1209  return s && s->stream_buf.residual_fully_formed;
1210 }
1211 
1212 static inline event_t
1214 {
1215 #ifdef _WIN32
1216  return &s->rw_handle;
1217 #else
1218  return s->sd;
1219 #endif
1220 }
1221 
1223 
1224 unsigned int
1225 socket_set(struct link_socket *s,
1226  struct event_set *es,
1227  unsigned int rwflags,
1228  void *arg,
1229  unsigned int *persistent);
1230 
1231 static inline void
1233  struct event_set *es,
1234  void *arg)
1235 {
1236  if (s && !s->listen_persistent_queued)
1237  {
1239  s->listen_persistent_queued = true;
1240  }
1241 }
1242 
1243 static inline void
1245 {
1246 #ifdef _WIN32
1248 #endif
1249 }
1250 
1251 const char *socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc);
1252 
1253 #endif /* SOCKET_H */
static void link_socket_get_outgoing_addr(struct buffer *buf, const struct link_socket_info *info, struct link_socket_actual **act)
Definition: socket.h:950
void setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
Definition: socket.c:2917
void link_socket_close(struct link_socket *sock)
Definition: socket.c:2235
#define MSG_NOSIGNAL
Definition: socket.h:256
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition: socket.c:3102
void bad_address_length(int actual, int expected)
Definition: socket.c:3193
int link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.c:3359
void link_socket_init_phase2(struct link_socket *sock, const struct frame *frame, struct signal_info *sig_info)
Definition: socket.c:2111
bool error
Definition: socket.h:140
static bool addr_match_proto(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2, const int proto)
Definition: socket.h:802
int len
Definition: socket.h:138
void frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
Definition: socket.c:1550
static int link_socket_read_udp_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.h:1022
Contains all state information for one tunnel.
Definition: openvpn.h:498
const char * print_link_socket_actual_ex(const struct link_socket_actual *act, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2782
Packet geometry parameters.
Definition: mtu.h:93
static void link_socket_set_outgoing_addr(const struct buffer *buf, struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
Definition: socket.h:971
static int af_addr_size(sa_family_t af)
Definition: socket.h:852
uint8_t tos
Definition: proto.h:89
const char * print_sockaddr_ex(const struct sockaddr *addr, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2691
union openvpn_sockaddr::@8 addr
static int link_socket_write_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1078
proto_num
Definition: socket.h:557
unsigned short sa_family_t
Definition: syshead.h:446
#define ASSERT(x)
Definition: error.h:221
static int link_socket_read(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.h:1039
unsigned int socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition: socket.c:3811
static bool overlapped_io_active(struct overlapped_io *o)
Definition: win32.h:221
void setenv_in6_addr(struct env_set *es, const char *name_prefix, const struct in6_addr *addr, const unsigned int flags)
Definition: socket.c:2983
void link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.c:2371
static void addr_copy_sa(struct openvpn_sockaddr *dst, const struct openvpn_sockaddr *src)
Definition: socket.h:838
bool ip_addr_dotted_quad_safe(const char *dotted_quad)
Definition: socket.c:569
#define in_addr_t
Definition: config-msvc.h:103
bool mac_addr_safe(const char *mac_addr)
Definition: socket.c:672
static in_addr_t addr_host(const struct openvpn_sockaddr *addr)
Definition: socket.h:734
void socket_adjust_frame_parameters(struct frame *frame, int proto)
Definition: socket.c:2288
struct cached_dns_entry * next
Definition: socket.h:81
static const char * print_openvpn_sockaddr(const struct openvpn_sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:368
static bool addr_inet4or6(struct sockaddr *addr)
Definition: socket.h:844
int link_socket_read_tcp(struct link_socket *sock, struct buffer *buf)
Definition: socket.c:3205
const int proto_overhead[]
Definition: socket.c:47
Definition: socket.h:75
static bool link_socket_verify_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.h:922
static bool link_socket_connection_oriented(const struct link_socket *sock)
Definition: socket.h:606
#define openvpn_errno()
Definition: error.h:74
static event_t socket_event_handle(const struct link_socket *s)
Definition: socket.h:1213
#define PS_SHOW_PORT
Definition: socket.h:346
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2852
int add(int a, int b)
struct sockaddr_in6 in6
Definition: socket.h:70
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
static void bind_local(struct link_socket *sock, const sa_family_t ai_family)
Definition: socket.c:967
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:320
#define BPTR(buf)
Definition: buffer.h:124
void link_socket_update_buffer_sizes(struct link_socket *ls, int rcvbuf, int sndbuf)
Definition: socket.c:864
static bool addr_defined(const struct openvpn_sockaddr *addr)
Definition: socket.h:619
int ai_family
Definition: socket.h:78
const char * hostname
Definition: socket.h:76
int socket_finalize(SOCKET s, struct overlapped_io *io, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.c:3679
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition: socket.c:2772
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:376
static bool addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
Definition: socket.h:705
static bool addr_defined_ipi(const struct link_socket_actual *lsa)
Definition: socket.h:657
bool proto_is_dgram(int proto)
Definition: socket.c:3048
void link_socket_connection_initiated(const struct buffer *buf, struct link_socket_info *info, const struct link_socket_actual *addr, const char *common_name, struct env_set *es)
Definition: socket.c:2319
bool ipv6_addr_safe(const char *ipv6_text_addr)
Definition: socket.c:619
static const char * print_openvpn_sockaddr_ex(const struct openvpn_sockaddr *addr, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.h:358
socket_descriptor_t create_socket_tcp(struct addrinfo *)
Definition: socket.c:880
struct sockaddr_in in4
Definition: socket.h:69
static bool addr_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
Definition: socket.h:690
#define M_ERR
Definition: error.h:110
unsigned __int32 uint32_t
Definition: config-msvc.h:120
const char * addr_family_name(int af)
Definition: socket.c:3141
static bool link_socket_actual_defined(const struct link_socket_actual *act)
Definition: socket.h:684
bool stream_buf_read_setup_dowork(struct link_socket *sock)
Definition: socket.c:2575
static int link_socket_write(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1152
const char * socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
Definition: socket.c:2474
static SERVICE_STATUS status
Definition: automatic.c:47
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1309
#define ENABLE_DEBUG
Definition: config-msvc.h:8
static bool addr_port_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
Definition: socket.h:785
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:119
void setenv_link_socket_actual(struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, const unsigned int flags)
Definition: socket.c:2999
struct buffer buf
Definition: socket.h:136
bool ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
Definition: socket.c:655
static size_t link_socket_write_udp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1139
static bool socket_connection_reset(const struct link_socket *sock, int status)
Definition: socket.h:900
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Definition: socket.c:85
const char * print_in6_addr(struct in6_addr addr6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2872
bool proto_is_tcp(int proto)
Definition: socket.c:3064
bool proto_is_udp(int proto)
Definition: socket.c:3054
bool proto_is_net(int proto)
Definition: socket.c:3039
#define EVENT_READ
Definition: event.h:36
static bool stream_buf_read_setup(struct link_socket *sock)
Definition: socket.h:998
#define BLEN(buf)
Definition: buffer.h:127
void do_preresolve(struct context *c)
Definition: socket.c:221
int openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
Definition: socket.c:545
unsigned __int8 uint8_t
Definition: config-msvc.h:122
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:3848
const char * proto2ascii_all(struct gc_arena *gc)
Definition: socket.c:3124
uint16_t packet_size_type
Definition: socket.h:55
#define IN6_ARE_ADDR_EQUAL(a, b)
Definition: win32.h:44
struct addrinfo * ai
Definition: socket.h:80
bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
Definition: socket.c:851
SOCKET socket_descriptor_t
Definition: syshead.h:487
long reset_net_event_win32(struct rw_handle *event, socket_descriptor_t sd)
Definition: win32.c:257
#define msg
Definition: error.h:173
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
event_t socket_listen_event_handle(struct link_socket *s)
Definition: socket.c:2673
int socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
Definition: socket.c:3571
#define buf_init(buf, offset)
Definition: buffer.h:196
void setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
Definition: socket.c:2970
bool residual_fully_formed
Definition: socket.h:134
sa_family_t ascii2af(const char *proto_name)
Definition: socket.c:3088
int addr_guess_family(sa_family_t af, const char *name)
int ascii2proto(const char *proto_name)
Definition: socket.c:3074
static void socket_reset_listen_persistent(struct link_socket *s)
Definition: socket.h:1244
const char * proto_remote(int proto, bool remote)
Definition: socket.c:3165
int flags
Definition: socket.h:79
void link_socket_init_phase1(struct link_socket *sock, const char *local_host, const char *local_port, const char *remote_host, const char *remote_port, struct cached_dns_entry *dns_cache, int proto, sa_family_t af, bool bind_ipv6_only, int mode, const struct link_socket *accept_from, struct http_proxy_info *http_proxy, struct socks_proxy_info *socks_proxy, bool bind_local, bool remote_float, int inetd, struct link_socket_addr *lsa, const char *ipchange_command, const struct plugin_list *plugins, int resolve_retry_seconds, int mtu_discover_type, int rcvbuf, int sndbuf, int mark, struct event_timeout *server_poll_timeout, unsigned int sockflags)
Definition: socket.c:1736
static void addr_zero_host(struct openvpn_sockaddr *addr)
Definition: socket.h:823
static bool addrlist_match_proto(const struct openvpn_sockaddr *a1, struct addrinfo *addr_list, const int proto)
Definition: socket.h:813
unsigned __int16 uint16_t
Definition: config-msvc.h:121
struct in6_addr add_in6_addr(struct in6_addr base, uint32_t add)
Definition: socket.c:2894
static bool socket_read_residual(const struct link_socket *s)
Definition: socket.h:1207
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static bool link_socket_actual_match(const struct link_socket_actual *a1, const struct link_socket_actual *a2)
Definition: socket.h:871
char * dst
Definition: compat-lz4.h:455
const struct in6_addr * link_socket_current_remote_ipv6(const struct link_socket_info *info)
Definition: socket.c:2441
static bool addr_local(const struct sockaddr *addr)
Definition: socket.h:636
int socket_recv_queue(struct link_socket *sock, int maxsize)
Definition: socket.c:3461
void set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
Definition: socket.c:1413
static int datagram_overhead(int proto)
Definition: socket.h:589
char * dest
Definition: compat-lz4.h:431
#define SF_USE_IP_PKTINFO
Definition: socket.h:208
static void socket_set_listen_persistent(struct link_socket *s, struct event_set *es, void *arg)
Definition: socket.h:1232
struct sockaddr sa
Definition: socket.h:68
struct link_socket * link_socket_new(void)
Definition: socket.c:1725
void setenv_trusted(struct env_set *es, const struct link_socket_info *info)
Definition: socket.c:2297
in_addr_t link_socket_current_remote(const struct link_socket_info *info)
Definition: socket.c:2406
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int af_family, const char *prefix, bool ipv6only)
Definition: socket.c:1255
void link_socket_bad_outgoing_addr(void)
Definition: socket.c:2400
static bool link_socket_proto_connection_oriented(int proto)
Definition: socket.h:600
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1074
static bool addrlist_port_match(const struct openvpn_sockaddr *a1, const struct addrinfo *a2)
Definition: socket.h:750
int maxlen
Definition: socket.h:133
const char * servname
Definition: socket.h:77