OpenVPN
dns.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2022-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include "dns.h"
30#include "socket_util.h"
31#include "options.h"
32#include "run_command.h"
33#include "domain_helper.h"
34
35#ifdef _WIN32
36#include "win32.h"
37#include "openvpn-msg.h"
38#endif
39
47static bool
48dns_server_port_parse(in_port_t *port, char *port_str)
49{
50 char *endptr;
51 errno = 0;
52 unsigned long tmp = strtoul(port_str, &endptr, 10);
53 if (errno || *endptr != '\0' || tmp == 0 || tmp > UINT16_MAX)
54 {
55 return false;
56 }
57 *port = (in_port_t)tmp;
58 return true;
59}
60
61bool
62dns_server_addr_parse(struct dns_server *server, const char *addr)
63{
64 if (!addr)
65 {
66 return false;
67 }
68
69 char addrcopy[INET6_ADDRSTRLEN] = { 0 };
70 size_t copylen = 0;
71 in_port_t port = 0;
72 sa_family_t af;
73
74 char *first_colon = strchr(addr, ':');
75 char *last_colon = strrchr(addr, ':');
76
77 if (!first_colon || first_colon == last_colon)
78 {
79 /* IPv4 address with optional port, e.g. 1.2.3.4 or 1.2.3.4:853 */
80 if (last_colon)
81 {
82 if (last_colon == addr || !dns_server_port_parse(&port, last_colon + 1))
83 {
84 return false;
85 }
86 copylen = first_colon - addr;
87 }
88 af = AF_INET;
89 }
90 else
91 {
92 /* IPv6 address with optional port, e.g. ab::cd or [ab::cd]:853 */
93 if (addr[0] == '[')
94 {
95 addr += 1;
96 char *bracket = last_colon - 1;
97 if (*bracket != ']' || bracket == addr || !dns_server_port_parse(&port, last_colon + 1))
98 {
99 return false;
100 }
101 copylen = bracket - addr;
102 }
103 af = AF_INET6;
104 }
105
106 /* Copy the address part into a temporary buffer and use that */
107 if (copylen)
108 {
109 if (copylen >= sizeof(addrcopy))
110 {
111 return false;
112 }
113 strncpy(addrcopy, addr, copylen);
114 addr = addrcopy;
115 }
116
117 struct addrinfo *ai = NULL;
118 if (openvpn_getaddrinfo(0, addr, NULL, 0, NULL, af, &ai) != 0)
119 {
120 return false;
121 }
122
123 if (server->addr_count >= SIZE(server->addr))
124 {
125 return false;
126 }
127
128 if (ai->ai_family == AF_INET)
129 {
130 struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr;
131 server->addr[server->addr_count].in.a4.s_addr = sin->sin_addr.s_addr;
132 }
133 else
134 {
135 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ai->ai_addr;
136 server->addr[server->addr_count].in.a6 = sin6->sin6_addr;
137 }
138
139 server->addr[server->addr_count].family = af;
140 server->addr[server->addr_count].port = port;
141 server->addr_count += 1;
142
143 freeaddrinfo(ai);
144 return true;
145}
146
147bool
148dns_domain_list_append(struct dns_domain **entry, char **domains, struct gc_arena *gc)
149{
150 /* Fast forward to the end of the list */
151 while (*entry)
152 {
153 entry = &((*entry)->next);
154 }
155
156 /* Append all domains to the end of the list */
157 while (*domains)
158 {
159 char *domain = *domains++;
160 if (!validate_domain(domain))
161 {
162 return false;
163 }
164
165 ALLOC_OBJ_CLEAR_GC(*entry, struct dns_domain, gc);
166 struct dns_domain *new = *entry;
167 new->name = domain;
168 entry = &new->next;
169 }
170
171 return true;
172}
173
174bool
175dns_server_priority_parse(long *priority, const char *str, bool pulled)
176{
177 char *endptr;
178 const long min = pulled ? 0 : INT8_MIN;
179 const long max = INT8_MAX;
180 long prio = strtol(str, &endptr, 10);
181 if (*endptr != '\0' || prio < min || prio > max)
182 {
183 return false;
184 }
185 *priority = prio;
186 return true;
187}
188
189struct dns_server *
190dns_server_get(struct dns_server **entry, long priority, struct gc_arena *gc)
191{
192 struct dns_server *obj = *entry;
193 while (true)
194 {
195 if (!obj || obj->priority > priority)
196 {
197 ALLOC_OBJ_CLEAR_GC(*entry, struct dns_server, gc);
198 (*entry)->next = obj;
199 (*entry)->priority = priority;
200 return *entry;
201 }
202 else if (obj->priority == priority)
203 {
204 return obj;
205 }
206 entry = &obj->next;
207 obj = *entry;
208 }
209}
210
211bool
212dns_options_verify(msglvl_t msglevel, const struct dns_options *o)
213{
214 const struct dns_server *server = o->servers ? o->servers : o->servers_prepull;
215 while (server)
216 {
217 if (server->addr_count == 0)
218 {
219 msg(msglevel, "ERROR: dns server %ld does not have an address assigned",
220 server->priority);
221 return false;
222 }
223 server = server->next;
224 }
225 return true;
226}
227
228static struct dns_domain *
229clone_dns_domains(const struct dns_domain *domain, struct gc_arena *gc)
230{
231 struct dns_domain *new_list = NULL;
232 struct dns_domain **new_entry = &new_list;
233
234 while (domain)
235 {
236 ALLOC_OBJ_CLEAR_GC(*new_entry, struct dns_domain, gc);
237 struct dns_domain *new_domain = *new_entry;
238 *new_domain = *domain;
239 new_entry = &new_domain->next;
240 domain = domain->next;
241 }
242
243 return new_list;
244}
245
246static struct dns_server *
247clone_dns_servers(const struct dns_server *server, struct gc_arena *gc)
248{
249 struct dns_server *new_list = NULL;
250 struct dns_server **new_entry = &new_list;
251
252 while (server)
253 {
254 ALLOC_OBJ_CLEAR_GC(*new_entry, struct dns_server, gc);
255 struct dns_server *new_server = *new_entry;
256 *new_server = *server;
257 new_server->domains = clone_dns_domains(server->domains, gc);
258 new_entry = &new_server->next;
259 server = server->next;
260 }
261
262 return new_list;
263}
264
265struct dns_options
266clone_dns_options(const struct dns_options *o, struct gc_arena *gc)
267{
268 struct dns_options clone;
269
270 memset(&clone, 0, sizeof(clone));
271 clone.search_domains = clone_dns_domains(o->search_domains, gc);
272 clone.servers = clone_dns_servers(o->servers, gc);
273 clone.servers_prepull = clone_dns_servers(o->servers_prepull, gc);
274 clone.updown = o->updown;
275 clone.updown_flags = o->updown_flags;
276 clone.from_dhcp = o->from_dhcp;
277
278 return clone;
279}
280
281void
282dns_options_preprocess_pull(struct dns_options *o)
283{
284 o->servers_prepull = o->servers;
285 o->servers = NULL;
286}
287
288void
289dns_options_postprocess_pull(struct dns_options *o)
290{
291 struct dns_server **entry = &o->servers;
292 struct dns_server *server = *entry;
293 struct dns_server *server_pp = o->servers_prepull;
294
295 while (server && server_pp)
296 {
297 if (server->priority > server_pp->priority)
298 {
299 /* Merge static server in front of pulled one */
300 struct dns_server *next_pp = server_pp->next;
301 server_pp->next = server;
302 *entry = server_pp;
303 server = *entry;
304 server_pp = next_pp;
305 }
306 else if (server->priority == server_pp->priority)
307 {
308 /* Pulled server overrides static one */
309 server_pp = server_pp->next;
310 }
311 entry = &server->next;
312 server = *entry;
313 }
314
315 /* Append remaining local servers */
316 if (server_pp)
317 {
318 *entry = server_pp;
319 }
320
321 o->servers_prepull = NULL;
322}
323
324static const char *
325dnssec_value(const enum dns_security dnssec)
326{
327 switch (dnssec)
328 {
329 case DNS_SECURITY_YES:
330 return "yes";
331
332 case DNS_SECURITY_OPTIONAL:
333 return "optional";
334
335 case DNS_SECURITY_NO:
336 return "no";
337
338 default:
339 return "unset";
340 }
341}
342
343static const char *
344transport_value(const enum dns_server_transport transport)
345{
346 switch (transport)
347 {
348 case DNS_TRANSPORT_HTTPS:
349 return "DoH";
350
351 case DNS_TRANSPORT_TLS:
352 return "DoT";
353
354 case DNS_TRANSPORT_PLAIN:
355 return "plain";
356
357 default:
358 return "unset";
359 }
360}
361
362#ifdef _WIN32
363
364static void
365make_domain_list(const char *what, const struct dns_domain *src, bool nrpt_domains, char *dst,
366 size_t dst_size)
367{
368 /* NRPT domains need two \0 at the end for REG_MULTI_SZ
369 * and a leading '.' added in front of the domain name */
370 size_t term_size = nrpt_domains ? 2 : 1;
371 size_t leading_dot = nrpt_domains ? 1 : 0;
372 size_t offset = 0;
373
374 memset(dst, 0, dst_size);
375
376 while (src)
377 {
378 size_t len = strlen(src->name);
379 if (offset + leading_dot + len + term_size > dst_size)
380 {
381 msg(M_WARN, "WARNING: %s truncated", what);
382 if (offset)
383 {
384 /* Remove trailing comma */
385 *(dst + offset - 1) = '\0';
386 }
387 break;
388 }
389
390 if (leading_dot)
391 {
392 *(dst + offset++) = '.';
393 }
394 strncpy(dst + offset, src->name, len);
395 offset += len;
396
397 src = src->next;
398 if (src)
399 {
400 *(dst + offset++) = ',';
401 }
402 }
403}
404
405static void
406run_up_down_service(bool add, const struct options *o, const struct tuntap *tt)
407{
408 const struct dns_server *server = o->dns_options.servers;
409 const struct dns_domain *search_domains = o->dns_options.search_domains;
410
411 while (true)
412 {
413 if (!server)
414 {
415 if (add)
416 {
417 msg(M_WARN, "WARNING: setting DNS failed, no compatible server profile");
418 }
419 return;
420 }
421
422 bool only_standard_server_ports = true;
423 for (size_t i = 0; i < NRPT_ADDR_NUM; ++i)
424 {
425 if (server->addr[i].port && server->addr[i].port != 53)
426 {
427 only_standard_server_ports = false;
428 break;
429 }
430 }
431 if ((server->transport == DNS_TRANSPORT_UNSET || server->transport == DNS_TRANSPORT_PLAIN)
432 && only_standard_server_ports)
433 {
434 break; /* found compatible server */
435 }
436
437 server = server->next;
438 }
439
440 ack_message_t ack;
441 nrpt_dns_cfg_message_t nrpt = {
442 .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t),
443 0 },
444 .iface = { .index = tt->adapter_index, .name = "" },
445 .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec,
446 };
447 strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name));
448
449 for (size_t i = 0; i < NRPT_ADDR_NUM; ++i)
450 {
451 if (server->addr[i].family == AF_UNSPEC)
452 {
453 /* No more addresses */
454 break;
455 }
456
457 if (inet_ntop(server->addr[i].family, &server->addr[i].in, nrpt.addresses[i],
458 NRPT_ADDR_SIZE)
459 == NULL)
460 {
461 msg(M_WARN, "WARNING: could not convert dns server address");
462 }
463 }
464
465 make_domain_list("dns server resolve domains", server->domains, true, nrpt.resolve_domains,
466 sizeof(nrpt.resolve_domains));
467
468 make_domain_list("dns search domains", search_domains, false, nrpt.search_domains,
469 sizeof(nrpt.search_domains));
470
471 msg(D_LOW, "%s NRPT DNS%s%s on '%s' (if_index = %d) using service",
472 (add ? "Setting" : "Deleting"), nrpt.resolve_domains[0] != 0 ? ", resolve domains" : "",
473 nrpt.search_domains[0] != 0 ? ", search domains" : "", nrpt.iface.name, nrpt.iface.index);
474
475 send_msg_iservice(o->msg_channel, &nrpt, sizeof(nrpt), &ack, "DNS");
476}
477
478#else /* ifdef _WIN32 */
479
480static void
481setenv_dns_option(struct env_set *es, const char *format, int i, int j, const char *value)
482{
483 char name[64];
484 bool name_ok = false;
485
486 if (j < 0)
487 {
488 name_ok = snprintf(name, sizeof(name), format, i);
489 }
490 else
491 {
492 name_ok = snprintf(name, sizeof(name), format, i, j);
493 }
494
495 if (!name_ok)
496 {
497 msg(M_WARN, "WARNING: dns option setenv name buffer overflow");
498 }
499
500 setenv_str(es, name, value);
501}
502
503static void
504setenv_dns_options(const struct dns_options *o, struct env_set *es)
505{
506 struct gc_arena gc = gc_new();
507 const struct dns_server *s;
508 const struct dns_domain *d;
509 int i, j;
510
511 for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next)
512 {
513 setenv_dns_option(es, "dns_search_domain_%d", i, -1, d->name);
514 }
515
516 for (i = 1, s = o->servers; s != NULL; i++, s = s->next)
517 {
518 for (j = 0; j < s->addr_count; ++j)
519 {
520 if (s->addr[j].family == AF_INET)
521 {
522 setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1,
523 print_in_addr_t(s->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc));
524 }
525 else
526 {
527 setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1,
528 print_in6_addr(s->addr[j].in.a6, 0, &gc));
529 }
530 if (s->addr[j].port)
531 {
532 setenv_dns_option(es, "dns_server_%d_port_%d", i, j + 1,
533 print_in_port_t(s->addr[j].port, &gc));
534 }
535 }
536
537 if (s->domains)
538 {
539 for (j = 1, d = s->domains; d != NULL; j++, d = d->next)
540 {
541 setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j, d->name);
542 }
543 }
544
545 if (s->dnssec)
546 {
547 setenv_dns_option(es, "dns_server_%d_dnssec", i, -1, dnssec_value(s->dnssec));
548 }
549
550 if (s->transport)
551 {
552 setenv_dns_option(es, "dns_server_%d_transport", i, -1, transport_value(s->transport));
553 }
554 if (s->sni)
555 {
556 setenv_dns_option(es, "dns_server_%d_sni", i, -1, s->sni);
557 }
558 }
559
560 gc_free(&gc);
561}
562
563static void
564updown_env_set(bool up, const struct dns_options *o, const struct tuntap *tt, struct env_set *es)
565{
566 setenv_str(es, "dev", tt->actual_name);
567 setenv_str(es, "script_type", up ? "dns-up" : "dns-down");
568 setenv_dns_options(o, es);
569}
570
571static int
572do_run_up_down_command(bool up, const char *vars_file, const struct dns_options *o,
573 const struct tuntap *tt)
574{
575 struct gc_arena gc = gc_new();
576 struct argv argv = argv_new();
577 struct env_set *es = env_set_create(&gc);
578
579 if (vars_file)
580 {
581 setenv_str(es, "dns_vars_file", vars_file);
582 }
583 else
584 {
585 updown_env_set(up, o, tt, es);
586 }
587
588 argv_printf(&argv, "%s", o->updown);
589 argv_msg(M_INFO, &argv);
590 int res;
591 if (dns_updown_user_set(o))
592 {
593 res = openvpn_run_script(&argv, es, S_EXITCODE, "dns updown");
594 }
595 else
596 {
597 res = openvpn_execve_check(&argv, es, S_EXITCODE, "WARNING: Failed running dns updown");
598 }
599 argv_free(&argv);
600 gc_free(&gc);
601 return res;
602}
603
604static bool
605run_updown_runner(bool up, struct options *o, const struct tuntap *tt,
606 struct dns_updown_runner_info *updown_runner)
607{
608 int dns_pipe_fd[2];
609 int ack_pipe_fd[2];
610 if (pipe(dns_pipe_fd) != 0 || pipe(ack_pipe_fd) != 0)
611 {
612 msg(M_ERR | M_ERRNO, "run_dns_up_down: unable to create pipes");
613 return false;
614 }
615 updown_runner->pid = fork();
616 if (updown_runner->pid == -1)
617 {
618 msg(M_ERR | M_ERRNO, "run_dns_up_down: unable to fork");
619 close(dns_pipe_fd[0]);
620 close(dns_pipe_fd[1]);
621 close(ack_pipe_fd[0]);
622 close(ack_pipe_fd[1]);
623 return false;
624 }
625 else if (updown_runner->pid > 0)
626 {
627 /* Parent process */
628 close(dns_pipe_fd[0]);
629 close(ack_pipe_fd[1]);
630 updown_runner->fds[0] = ack_pipe_fd[0];
631 updown_runner->fds[1] = dns_pipe_fd[1];
632 }
633 else
634 {
635 /* Script runner process, close unused FDs */
636 for (int fd = 3; fd < 100; ++fd)
637 {
638 if (fd != dns_pipe_fd[0] && fd != ack_pipe_fd[1])
639 {
640 close(fd);
641 }
642 }
643
644 /* Ignore signals */
645 signal(SIGINT, SIG_IGN);
646 signal(SIGHUP, SIG_IGN);
647 signal(SIGTERM, SIG_IGN);
648 signal(SIGUSR1, SIG_IGN);
649 signal(SIGUSR2, SIG_IGN);
650 signal(SIGPIPE, SIG_IGN);
651
652 while (1)
653 {
654 char path[PATH_MAX];
655
656 /* Block here until parent sends a path */
657 ssize_t rlen = read(dns_pipe_fd[0], &path, sizeof(path));
658 if (rlen < 1)
659 {
660 if (rlen == -1 && errno == EINTR)
661 {
662 continue;
663 }
664 close(dns_pipe_fd[0]);
665 close(ack_pipe_fd[1]);
666 exit(0);
667 }
668
669 path[sizeof(path) - 1] = '\0';
670 int res = do_run_up_down_command(up, path, &o->dns_options, tt);
671 platform_unlink(path);
672
673 /* Unblock parent process */
674 while (1)
675 {
676 ssize_t wlen = write(ack_pipe_fd[1], &res, sizeof(res));
677 if ((wlen == -1 && errno != EINTR) || wlen < (ssize_t)sizeof(res))
678 {
679 /* Not much we can do about errors but exit */
680 close(dns_pipe_fd[0]);
681 close(ack_pipe_fd[1]);
682 exit(0);
683 }
684 else if (wlen == sizeof(res))
685 {
686 break;
687 }
688 }
689
690 up = !up; /* do the opposite next time */
691 }
692 }
693
694 return true;
695}
696
697static void
698run_up_down_command(bool up, struct options *o, const struct tuntap *tt,
699 struct dns_updown_runner_info *updown_runner)
700{
701 struct dns_options *dns = &o->dns_options;
702 if (!dns->updown || (o->up_script && !dns_updown_user_set(dns) && !dns_updown_forced(dns)))
703 {
704 return;
705 }
706
707 int status = -1;
708
709 if (!updown_runner->required)
710 {
711 /* Run dns updown directly */
712 status = do_run_up_down_command(up, NULL, dns, tt);
713 }
714 else
715 {
716 if (updown_runner->pid < 1)
717 {
718 /* Need to set up privilege preserving child first */
719 if (!run_updown_runner(up, o, tt, updown_runner))
720 {
721 return;
722 }
723 }
724
725 struct gc_arena gc = gc_new();
726 const char *dvf = platform_create_temp_file(o->tmp_dir, "dvf", &gc);
727 if (!dvf)
728 {
729 msg(M_ERR, "could not create dns vars file");
730 goto out_free;
731 }
732
733 struct env_set *es = env_set_create(&gc);
734 updown_env_set(up, &o->dns_options, tt, es);
735 env_set_write_file(dvf, es);
736
737 int wfd = updown_runner->fds[1];
738 ssize_t dvf_size = strlen(dvf) + 1;
739 while (1)
740 {
741 ssize_t len = write(wfd, dvf, dvf_size);
742 if (len < dvf_size)
743 {
744 if (len == -1 && errno == EINTR)
745 {
746 continue;
747 }
748 msg(M_ERR | M_ERRNO, "could not send dns vars filename");
749 }
750 break;
751 }
752
753 int rfd = updown_runner->fds[0];
754 while (1)
755 {
756 ssize_t len = read(rfd, &status, sizeof(status));
757 if (len < (ssize_t)sizeof(status))
758 {
759 if (len == -1 && errno == EINTR)
760 {
761 continue;
762 }
763 msg(M_ERR | M_ERRNO, "could not receive dns updown status");
764 }
765 break;
766 }
767
768out_free:
769 gc_free(&gc);
770 }
771
772 msg(M_INFO, "dns %s command exited with status %d", up ? "up" : "down", status);
773}
774
775#endif /* _WIN32 */
776
777void
778show_dns_options(const struct dns_options *o)
779{
780 struct gc_arena gc = gc_new();
781
782 int i = 1;
783 struct dns_server *server = o->servers_prepull ? o->servers_prepull : o->servers;
784 while (server)
785 {
786 msg(D_SHOW_PARMS, " DNS server #%d:", i++);
787
788 for (int j = 0; j < server->addr_count; ++j)
789 {
790 const char *addr;
791 const char *fmt_port;
792 if (server->addr[j].family == AF_INET)
793 {
794 addr = print_in_addr_t(server->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc);
795 fmt_port = " address = %s:%s";
796 }
797 else
798 {
799 addr = print_in6_addr(server->addr[j].in.a6, 0, &gc);
800 fmt_port = " address = [%s]:%s";
801 }
802
803 if (server->addr[j].port)
804 {
805 const char *port = print_in_port_t(server->addr[j].port, &gc);
806 msg(D_SHOW_PARMS, fmt_port, addr, port);
807 }
808 else
809 {
810 msg(D_SHOW_PARMS, " address = %s", addr);
811 }
812 }
813
814 if (server->dnssec)
815 {
816 msg(D_SHOW_PARMS, " dnssec = %s", dnssec_value(server->dnssec));
817 }
818
819 if (server->transport)
820 {
821 msg(D_SHOW_PARMS, " transport = %s", transport_value(server->transport));
822 }
823 if (server->sni)
824 {
825 msg(D_SHOW_PARMS, " sni = %s", server->sni);
826 }
827
828 struct dns_domain *domain = server->domains;
829 if (domain)
830 {
831 msg(D_SHOW_PARMS, " resolve domains:");
832 while (domain)
833 {
834 msg(D_SHOW_PARMS, " %s", domain->name);
835 domain = domain->next;
836 }
837 }
838
839 server = server->next;
840 }
841
842 struct dns_domain *search_domain = o->search_domains;
843 if (search_domain)
844 {
845 msg(D_SHOW_PARMS, " DNS search domains:");
846 while (search_domain)
847 {
848 msg(D_SHOW_PARMS, " %s", search_domain->name);
849 search_domain = search_domain->next;
850 }
851 }
852
853 gc_free(&gc);
854}
855
856void
857run_dns_up_down(bool up, struct options *o, const struct tuntap *tt,
858 struct dns_updown_runner_info *duri)
859{
860 if (!o->dns_options.servers)
861 {
862 return;
863 }
864#ifdef _WIN32
865 /* Don't use iservice in DHCP mode */
866 struct tuntap_options *tto = &o->tuntap_options;
867 if (tto->ip_win32_type == IPW32_SET_DHCP_MASQ || tto->ip_win32_type == IPW32_SET_ADAPTIVE)
868 {
869 return;
870 }
871#endif
872
873 /* Warn about adding servers of unsupported AF */
874 const struct dns_server *s = o->dns_options.servers;
875 while (up && s)
876 {
877 size_t bad_count = 0;
878 for (size_t i = 0; i < s->addr_count; ++i)
879 {
880 if ((s->addr[i].family == AF_INET6 && !tt->did_ifconfig_ipv6_setup)
881 || (s->addr[i].family == AF_INET && !tt->did_ifconfig_setup))
882 {
883 ++bad_count;
884 }
885 }
886 if (bad_count == s->addr_count)
887 {
888 msg(M_WARN,
889 "DNS server %ld only has address(es) from a family "
890 "the tunnel is not configured for - it will not be reachable",
891 s->priority);
892 }
893 else if (bad_count)
894 {
895 msg(M_WARN,
896 "DNS server %ld has address(es) from a family "
897 "the tunnel is not configured for",
898 s->priority);
899 }
900 s = s->next;
901 }
902
903#ifdef _WIN32
904 run_up_down_service(up, o, tt);
905#else
906 run_up_down_command(up, o, tt, duri);
907#endif /* ifdef _WIN32 */
908}
argv_msg
void argv_msg(const msglvl_t msglevel, const struct argv *a)
Write the arguments stored in a struct argv via the msg() command.
Definition argv.c:242
argv_free
void argv_free(struct argv *a)
Frees all memory allocations allocated by the struct argv related functions.
Definition argv.c:101
argv_printf
bool argv_printf(struct argv *argres, const char *format,...)
printf() variant which populates a struct argv.
Definition argv.c:438
argv_new
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
Definition argv.c:87
ALLOC_OBJ_CLEAR_GC
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition buffer.h:1079
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:361
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1007
dns_options_verify
bool dns_options_verify(msglvl_t msglevel, const struct dns_options *o)
Checks validity of DNS options.
Definition dns.c:212
dnssec_value
static const char * dnssec_value(const enum dns_security dnssec)
Definition dns.c:325
run_dns_up_down
void run_dns_up_down(bool up, struct options *o, const struct tuntap *tt, struct dns_updown_runner_info *duri)
Invokes the action associated with bringing DNS up or down.
Definition dns.c:857
dns_options_postprocess_pull
void dns_options_postprocess_pull(struct dns_options *o)
Merges pulled DNS servers with static ones into an ordered list.
Definition dns.c:289
dns_server_addr_parse
bool dns_server_addr_parse(struct dns_server *server, const char *addr)
Parses a string IPv4 or IPv6 address and optional colon separated port, into a in_addr or in6_addr re...
Definition dns.c:62
dns_domain_list_append
bool dns_domain_list_append(struct dns_domain **entry, char **domains, struct gc_arena *gc)
Appends safe DNS domain parameters to a linked list.
Definition dns.c:148
dns_server_get
struct dns_server * dns_server_get(struct dns_server **entry, long priority, struct gc_arena *gc)
Find or create DNS server with priority in a linked list.
Definition dns.c:190
run_up_down_service
static void run_up_down_service(bool add, const struct options *o, const struct tuntap *tt)
Definition dns.c:406
make_domain_list
static void make_domain_list(const char *what, const struct dns_domain *src, bool nrpt_domains, char *dst, size_t dst_size)
Definition dns.c:365
clone_dns_servers
static struct dns_server * clone_dns_servers(const struct dns_server *server, struct gc_arena *gc)
Definition dns.c:247
clone_dns_domains
static struct dns_domain * clone_dns_domains(const struct dns_domain *domain, struct gc_arena *gc)
Definition dns.c:229
transport_value
static const char * transport_value(const enum dns_server_transport transport)
Definition dns.c:344
dns_server_priority_parse
bool dns_server_priority_parse(long *priority, const char *str, bool pulled)
Parses a string DNS server priority and validates it.
Definition dns.c:175
clone_dns_options
struct dns_options clone_dns_options(const struct dns_options *o, struct gc_arena *gc)
Makes a deep copy of the passed DNS options.
Definition dns.c:266
show_dns_options
void show_dns_options(const struct dns_options *o)
Prints configured DNS options.
Definition dns.c:778
dns_server_port_parse
static bool dns_server_port_parse(in_port_t *port, char *port_str)
Parses a string as port and stores it.
Definition dns.c:48
dns_options_preprocess_pull
void dns_options_preprocess_pull(struct dns_options *o)
Saves and resets the server options, so that pulled ones don't mix in.
Definition dns.c:282
dns_updown_user_set
static bool dns_updown_user_set(const struct dns_options *o)
Returns whether dns-updown is user defined.
Definition dns.h:218
dns_security
dns_security
Definition dns.h:31
DNS_SECURITY_NO
@ DNS_SECURITY_NO
Definition dns.h:33
DNS_SECURITY_YES
@ DNS_SECURITY_YES
Definition dns.h:34
DNS_SECURITY_OPTIONAL
@ DNS_SECURITY_OPTIONAL
Definition dns.h:35
dns_updown_forced
static bool dns_updown_forced(const struct dns_options *o)
Returns whether dns-updown is forced to run.
Definition dns.h:229
dns_server_transport
dns_server_transport
Definition dns.h:39
DNS_TRANSPORT_PLAIN
@ DNS_TRANSPORT_PLAIN
Definition dns.h:41
DNS_TRANSPORT_UNSET
@ DNS_TRANSPORT_UNSET
Definition dns.h:40
DNS_TRANSPORT_TLS
@ DNS_TRANSPORT_TLS
Definition dns.h:43
DNS_TRANSPORT_HTTPS
@ DNS_TRANSPORT_HTTPS
Definition dns.h:42
domain_helper.h
validate_domain
static bool validate_domain(const char *domain)
Definition domain_helper.h:34
env_set_write_file
void env_set_write_file(const char *path, const struct env_set *es)
Write a struct env_set to a file.
Definition env_set.c:238
setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition env_set.c:307
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
D_SHOW_PARMS
#define D_SHOW_PARMS
Definition errlevel.h:95
D_LOW
#define D_LOW
Definition errlevel.h:96
M_INFO
#define M_INFO
Definition errlevel.h:54
status
static SERVICE_STATUS status
Definition interactive.c:51
write
@ write
Definition interactive.c:212
read
@ read
Definition interactive.c:211
nrpt_dnssec
@ nrpt_dnssec
Definition openvpn-msg.h:112
msg_add_nrpt_cfg
@ msg_add_nrpt_cfg
Definition openvpn-msg.h:38
msg_del_nrpt_cfg
@ msg_del_nrpt_cfg
Definition openvpn-msg.h:39
NRPT_ADDR_SIZE
#define NRPT_ADDR_SIZE
Definition openvpn-msg.h:116
NRPT_ADDR_NUM
#define NRPT_ADDR_NUM
Definition openvpn-msg.h:115
SIZE
#define SIZE(x)
Definition basic.h:29
M_ERR
#define M_ERR
Definition error.h:106
msg
#define msg(flags,...)
Definition error.h:152
msglvl_t
unsigned int msglvl_t
Definition error.h:77
M_WARN
#define M_WARN
Definition error.h:92
M_ERRNO
#define M_ERRNO
Definition error.h:95
platform_create_temp_file
const char * platform_create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
Create a temporary file in directory, returns the filename of the created file.
Definition platform.c:544
platform_unlink
bool platform_unlink(const char *filename)
Definition platform.c:491
openvpn_execve_check
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition run_command.c:233
run_command.h
S_EXITCODE
#define S_EXITCODE
Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise.
Definition run_command.h:53
openvpn_run_script
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition run_command.h:89
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537
print_in_port_t
const char * print_in_port_t(in_port_t port, struct gc_arena *gc)
Definition socket_util.c:231
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:216
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:196
socket_util.h
IA_NET_ORDER
#define IA_NET_ORDER
Definition socket_util.h:90
ack_message_t
Definition openvpn-msg.h:157
argv
Definition argv.h:35
dns_domain
Definition dns.h:54
dns_domain::next
struct dns_domain * next
Definition dns.h:55
dns_domain::name
const char * name
Definition dns.h:56
dns_options
Definition dns.h:113
dns_options::servers
struct dns_server * servers
Definition dns.h:117
dns_options::updown
const char * updown
Definition dns.h:119
dns_options::from_dhcp
struct dhcp_options from_dhcp
Definition dns.h:114
dns_options::servers_prepull
struct dns_server * servers_prepull
Definition dns.h:116
dns_options::updown_flags
enum dns_updown_flags updown_flags
Definition dns.h:120
dns_options::search_domains
struct dns_domain * search_domains
Definition dns.h:115
dns_server_addr::a4
struct in_addr a4
Definition dns.h:63
dns_server_addr::in
union dns_server_addr::@0 in
dns_server_addr::family
sa_family_t family
Definition dns.h:66
dns_server_addr::a6
struct in6_addr a6
Definition dns.h:64
dns_server_addr::port
in_port_t port
Definition dns.h:67
dns_server
Definition dns.h:71
dns_server::addr
struct dns_server_addr addr[8]
Definition dns.h:75
dns_server::dnssec
enum dns_security dnssec
Definition dns.h:77
dns_server::next
struct dns_server * next
Definition dns.h:72
dns_server::priority
long priority
Definition dns.h:73
dns_server::addr_count
size_t addr_count
Definition dns.h:74
dns_server::domains
struct dns_domain * domains
Definition dns.h:76
dns_server::transport
enum dns_server_transport transport
Definition dns.h:78
dns_server::sni
const char * sni
Definition dns.h:79
dns_updown_runner_info
Definition dns.h:83
dns_updown_runner_info::required
bool required
Definition dns.h:84
dns_updown_runner_info::fds
int fds[2]
Definition dns.h:85
env_set
Definition env_set.h:43
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
interface_t::name
char name[256]
Definition openvpn-msg.h:70
interface_t::index
int index
Definition openvpn-msg.h:69
nrpt_dns_cfg_message_t
Definition openvpn-msg.h:119
nrpt_dns_cfg_message_t::search_domains
char search_domains[512]
Definition openvpn-msg.h:124
nrpt_dns_cfg_message_t::resolve_domains
char resolve_domains[512]
Definition openvpn-msg.h:123
nrpt_dns_cfg_message_t::iface
interface_t iface
Definition openvpn-msg.h:121
nrpt_dns_cfg_message_t::header
message_header_t header
Definition openvpn-msg.h:120
nrpt_dns_cfg_message_t::addresses
nrpt_address_t addresses[NRPT_ADDR_NUM]
Definition openvpn-msg.h:122
options::tmp_dir
const char * tmp_dir
Definition options.h:469
options::up_script
const char * up_script
Definition options.h:385
options::msg_channel
HANDLE msg_channel
Definition options.h:695
options::tuntap_options
struct tuntap_options tuntap_options
Definition options.h:371
options::dns_options
struct dns_options dns_options
Definition options.h:314
tuntap_options
Definition tun.h:75
tuntap_options::ip_win32_type
int ip_win32_type
Definition tun.h:85
tuntap
Definition tun.h:183
tuntap::adapter_index
DWORD adapter_index
Definition tun.h:234
tuntap::did_ifconfig_ipv6_setup
bool did_ifconfig_ipv6_setup
if the internal variables related to ifconfig-ipv6 of this struct have been set up.
Definition tun.h:201
tuntap::did_ifconfig_setup
bool did_ifconfig_setup
if the internal variables related to ifconfig of this struct have been set up.
Definition tun.h:197
tuntap::actual_name
char * actual_name
Definition tun.h:207
sa_family_t
unsigned short sa_family_t
Definition syshead.h:396
es
struct env_set * es
Definition test_pkcs11.c:138
res
char ** res
Definition test_push_update_msg.c:119
i
int i
Definition test_push_update_msg.c:120
gc
struct gc_arena gc
Definition test_ssl.c:131
IPW32_SET_ADAPTIVE
#define IPW32_SET_ADAPTIVE
Definition tun.h:83
IPW32_SET_DHCP_MASQ
#define IPW32_SET_DHCP_MASQ
Definition tun.h:82
send_msg_iservice
bool send_msg_iservice(HANDLE pipe, const void *data, size_t size, ack_message_t *ack, const char *context)
Definition win32.c:1427
Generated by doxygen 1.9.8