26 #elif defined(_MSC_VER) 33 #include <systemd/sd-daemon.h> 66 #define CF_LOAD_PERSISTED_PACKET_ID (1<<0) 67 #define CF_INIT_TLS_MULTI (1<<1) 68 #define CF_INIT_TLS_AUTH_STANDALONE (1<<2) 112 const char *dev_type,
115 const char *ifconfig_local,
116 const char *ifconfig_remote,
118 const char *signal_text,
119 const char *script_type,
144 if (!ifconfig_remote)
146 ifconfig_remote =
"";
161 ifconfig_local, ifconfig_remote,
166 msg(
M_FATAL,
"ERROR: up/down plugin call failed");
179 ifconfig_local, ifconfig_remote, context);
212 #ifdef ENABLE_MANAGEMENT 222 if (
streq(p[1],
"NONE"))
226 else if (p[2] && p[3])
228 if (
streq(p[1],
"HTTP"))
233 msg(
M_WARN,
"HTTP proxy support only works for TCP based connections");
242 else if (
streq(p[1],
"SOCKS"))
312 const char *parameters)
315 size_t len = strlen(command) + 1 + strlen(parameters) + 1;
343 if (!strcmp(p[1],
"ACCEPT"))
348 else if (!strcmp(p[1],
"SKIP"))
353 else if (!strcmp(p[1],
"MOD") && p[2] && p[3])
386 int ce_changed =
true;
439 for (i = 0; i < l->
len; ++i)
538 msg(
M_FATAL,
"No usable connection profiles are present");
552 #ifdef ENABLE_MANAGEMENT 571 }
while (!ce_defined);
577 msg(
M_FATAL,
"All connections have been connect-retry-max (%d) times unsuccessful, exiting",
599 #ifdef ENABLE_MANAGEMENT 632 bool did_http =
false;
704 #if defined(ENABLE_PKCS11) 708 pkcs11_initialize(
true, c->
options.pkcs11_pin_cache_period);
711 pkcs11_addProvider(c->
options.pkcs11_providers[i], c->
options.pkcs11_protected_authentication[i],
712 c->
options.pkcs11_private_mode[i], c->
options.pkcs11_cert_private[i]);
724 strcpy(up.
username,
"Please insert your cryptographic token");
731 #ifdef ENABLE_SYSTEMD 736 sd_notifyf(0,
"READY=1\nSTATUS=Pre-connection initialization successful\nMAINPID=%lu",
737 (
unsigned long) getpid());
753 close_port_share(
void)
757 port_share_close(port_share);
763 init_port_share(
struct context *c)
765 if (!port_share && (c->
options.port_share_host && c->
options.port_share_port))
767 port_share = port_share_open(c->
options.port_share_host,
770 c->
options.port_share_journal_dir);
771 if (port_share == NULL)
773 msg(
M_FATAL,
"Fatal error: Port sharing failed");
787 crypto_init_dmalloc();
798 if (!gettimeofday(&tv, NULL))
800 const unsigned int seed = (
unsigned int) tv.tv_sec ^ tv.tv_usec;
811 #ifdef OPENVPN_DEBUG_COMMAND_LINE 814 for (i = 0; i < argc; ++i)
831 packet_id_interactive_test();
845 #ifdef IFCONFIG_POOL_TEST 846 ifconfig_pool_test(0x0A010004, 0x0A0100FF);
850 #ifdef CHARACTER_CLASS_DEBUG 851 character_class_debug();
855 #ifdef EXTRACT_X509_FIELD_TEST 865 #ifdef TEST_GET_DEFAULT_GATEWAY 879 const char *fn = gen_path(
"foo",
888 #ifdef STATUS_PRINTF_TEST 897 msg(
M_WARN,
"STATUS_PRINTF_TEST: %s: write error", tmp_file);
911 const int factor = 1;
912 for (i = 0; i < factor * 8; ++i)
919 printf(
"[%d] %s\n", i,
format_hex(rndbuf,
sizeof(rndbuf), 0, &gc));
927 #ifdef BUFFER_LIST_AGGREGATE_TEST 930 static const char *text[] = {
931 "It was a bright cold day in April, ",
932 "and the clocks were striking ",
935 "his chin nuzzled into his breast in an ",
936 "effort to escape the vile wind, ",
937 "slipped quickly through the glass doors ",
938 "of Victory Mansions, though not quickly ",
939 "enough to prevent a swirl of gritty dust from ",
940 "entering along with him." 944 for (listcap = 0; listcap < 12; ++listcap)
946 for (iter = 0; iter < 512; ++iter)
951 for (i = 0; i <
SIZE(text); ++i)
956 printf(
"[cap=%d i=%d] *************************\n", listcap, iter);
994 mstats_open(
"/dev/shm/mstats.dat");
995 for (i = 0; i < 30; ++i)
997 mmap_stats->n_clients += 1;
998 mmap_stats->link_write_bytes += 8;
999 mmap_stats->link_read_bytes += 16;
1015 #ifdef ENABLE_PKCS11 1023 #if defined(MEASURE_TLS_HANDSHAKE_STATS) 1024 show_tls_performance_stats();
1116 msg(
M_USAGE,
"Using --genkey type with --secret filename is " 1117 "not supported. Use --genkey type filename instead.");
1125 msg(
M_USAGE,
"You must provide a filename to either --genkey " 1126 "or --secret, not both");
1135 msg(
M_WARN,
"WARNING: Using --genkey --secret filename is " 1136 "DEPRECATED. Use --genkey secret filename instead.");
1141 if (nbits_written < 0)
1147 "Randomly generated %d bit key written to %s", nbits_written,
1161 "--genkey tls-crypt-v2-client requires a server key to be set via --tls-crypt-v2 to create a client key");
1189 notnull(options->
dev,
"TUN/TAP device (--dev)");
1197 "options --mktun or --rmtun should only be used together with --dev");
1199 #ifdef ENABLE_FEATURE_TUN_PERSIST 1211 "options --mktun and --rmtun are not available on your operating " 1212 "system. Please check 'man tun' (or 'tap'), whether your system " 1213 "supports using 'ifconfig %s create' / 'destroy' to create/remove " 1214 "persistent tunnel interfaces.", options->
dev );
1229 #ifdef ENABLE_SYSTEMD 1231 if (sd_notify(0,
"READY=0") > 0)
1241 #if defined(__APPLE__) && defined(__clang__) 1242 #pragma clang diagnostic push 1243 #pragma clang diagnostic ignored "-Wdeprecated-declarations" 1247 msg(
M_ERR,
"daemon() failed or unsupported");
1249 #if defined(__APPLE__) && defined(__clang__) 1250 #pragma clang diagnostic pop 1269 static const char why_not[] =
"will be delayed because of --client, --pull, or --up-delay";
1283 msg(
M_INFO,
"NOTE: chroot %s", why_not);
1297 msg(
M_INFO,
"NOTE: UID/GID downgrade %s", why_not);
1301 #ifdef ENABLE_MEMSTATS 1304 mstats_open(c->
options.memstats_fn);
1308 #ifdef ENABLE_SELINUX 1315 if (c->
options.selinux_context)
1319 if (-1 == setcon(c->
options.selinux_context))
1321 msg(
M_ERR,
"setcon to '%s' failed; is /proc accessible?", c->
options.selinux_context);
1330 msg(
M_INFO,
"NOTE: setcon %s", why_not);
1473 #ifdef ENABLE_FEATURE_SHAPER 1513 const char *gw = NULL;
1550 const char *gw = NULL;
1568 char *opt_list[] = {
"::/3",
"2000::/4",
"3000::/4",
"fc00::/7", NULL };
1571 for (i = 0; opt_list[i]; i++)
1599 static const char message[] =
"Initialization Sequence Completed";
1626 msg(
M_INFO,
"%s With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )", message);
1628 #ifdef ENABLE_SYSTEMD 1629 sd_notifyf(0,
"STATUS=Failed to start up: %s With Errors\nERRNO=1", message);
1636 #ifdef ENABLE_SYSTEMD 1637 sd_notifyf(0,
"STATUS=%s", message);
1652 #ifdef ENABLE_MANAGEMENT 1657 struct in6_addr *tun_local6 = NULL;
1660 socklen_t sa_len =
sizeof(local);
1661 const char *detail =
"SUCCESS";
1662 if (flags & ISC_ERRORS)
1669 remote = actual->
dest;
1671 #if ENABLE_IP_PKTINFO 1674 switch (local.
addr.
sa.sa_family)
1677 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) 1678 local.
addr.
in4.sin_addr = actual->pi.in4.ipi_spec_dst;
1680 local.
addr.
in4.sin_addr = actual->pi.in4;
1685 local.
addr.
in6.sin6_addr = actual->pi.in6.ipi6_addr;
1724 if (!options->
route_noexec && ( route_list || route_ipv6_list ) )
1730 #ifdef ENABLE_MANAGEMENT 1741 msg(
M_WARN,
"WARNING: route-up plugin call failed");
1809 #ifndef TARGET_ANDROID 1814 #ifdef TARGET_ANDROID 1874 #ifdef TARGET_ANDROID 1944 #ifndef TARGET_ANDROID 1948 msg(
M_INFO,
"Preserving previous TUN/TAP instance: %s",
2025 static_context = NULL;
2027 #ifdef ENABLE_MANAGEMENT 2149 static_context = NULL;
2174 do_up(
struct context *c,
bool pulled_options,
unsigned int option_types_found)
2207 msg(
M_INFO,
"NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.");
2253 unsigned int flags =
2291 msg(
D_PUSH,
"OPTIONS IMPORT: --verb and/or --mute level changed");
2296 msg(
D_PUSH,
"OPTIONS IMPORT: timers and/or timeouts modified");
2303 msg(
D_PUSH,
"OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp");
2308 msg(
D_PUSH,
"OPTIONS IMPORT: explicit notify parm(s) modified");
2315 msg(
D_PUSH,
"OPTIONS IMPORT: compression parms modified");
2316 comp_uninit(c->
c2.comp_context);
2317 c->
c2.comp_context = comp_init(&c->
options.comp);
2323 msg(
D_PUSH,
"OPTIONS IMPORT: traffic shaper enabled");
2329 msg(
D_PUSH,
"OPTIONS IMPORT: --sndbuf/--rcvbuf options modified");
2335 msg(
D_PUSH,
"OPTIONS IMPORT: --socket-flags option modified");
2341 msg(
D_PUSH,
"OPTIONS IMPORT: --persist options modified");
2345 msg(
D_PUSH,
"OPTIONS IMPORT: --ifconfig/up options modified");
2349 msg(
D_PUSH,
"OPTIONS IMPORT: route options modified");
2353 msg(
D_PUSH,
"OPTIONS IMPORT: route-related options modified");
2357 msg(
D_PUSH,
"OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified");
2361 msg(
D_PUSH,
"OPTIONS IMPORT: environment modified");
2366 msg(
D_PUSH,
"OPTIONS IMPORT: peer-id set");
2373 msg(
D_PUSH,
"OPTIONS IMPORT: adjusting link_mtu to %d",
2378 msg(
M_WARN,
"OPTIONS IMPORT: WARNING: peer-id set, but link-mtu" 2379 " fixed by config - reducing tun-mtu to %d, expect" 2391 struct frame *frame_fragment = NULL;
2392 #ifdef ENABLE_FRAGMENT 2418 #ifdef ENABLE_MANAGEMENT 2453 if (GREMLIN_CONNECTION_FLOOD_LEVEL(c->
options.gremlin))
2584 #ifdef ENABLE_PREDICTION_RESISTANCE 2585 if (c->
options.use_prediction_resistance)
2587 rand_ctx_enable_prediction_resistance();
2637 msg(
M_INFO,
"Re-using pre-shared static key");
2672 msg(
M_FATAL,
"ERROR: tls-auth enabled, but no valid --auth " 2673 "algorithm specified ('%s')", options->
authname);
2681 "Control Channel Authentication",
"tls-auth");
2752 msg(
M_FATAL,
"Error: private key password verification failed");
2768 msg(
M_FATAL,
"Error: private key password verification failed");
2778 options->
keysize,
true, warn);
2814 bool packet_id_long_form;
2846 options->
replay, packet_id_long_form);
2859 if (packet_id_long_form)
2900 else if (options->
pull)
2930 #ifdef ENABLE_X509ALTUSERNAME 2944 #ifdef ENABLE_MANAGEMENT 2964 #ifdef ENABLE_MANAGEMENT 2970 to.comp_options = options->comp;
2973 #ifdef HAVE_EXPORT_KEYING_MATERIAL 2974 if (options->keying_material_exporter_label)
2976 to.
ekm_size = options->keying_material_exporter_length;
2982 to.
ekm_label = options->keying_material_exporter_label;
3055 "Control Channel MTU parms");
3061 "TLS-Auth MTU parms");
3073 "******* WARNING *******: All encryption and authentication features " 3074 "disabled -- All data will be tunnelled as clear text and will not be " 3075 "protected against man-in-the-middle changes. " 3076 "PLEASE DO RECONSIDER THIS CONFIGURATION!");
3103 if (comp_enabled(&c->
options.comp))
3105 comp_add_to_extra_frame(&c->
c2.
frame);
3107 #if !defined(ENABLE_LZ4) 3138 #ifdef ENABLE_FRAGMENT 3178 comp_add_to_extra_buffer(&c->
c2.
frame);
3179 #ifdef ENABLE_FRAGMENT 3195 #ifdef ENABLE_FRAGMENT 3206 #if defined(ENABLE_FRAGMENT) 3213 "WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result");
3217 #ifdef ENABLE_FRAGMENT 3222 "WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu %d (currently it is %d)",
3235 msg(
M_WARN,
"WARNING: --ping should normally be used with --ping-restart or --ping-exit");
3239 #ifdef ENABLE_SELINUX
3240 || o->selinux_context
3246 msg(
M_WARN,
"WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to fail");
3254 msg(
M_WARN,
"WARNING: you are using user/group/chroot/setcon without persist-key -- this may cause restarts to fail");
3260 msg(
M_WARN,
"WARNING: you are using chroot without specifying user and group -- this may cause the chroot jail to be insecure");
3266 msg(
M_WARN,
"WARNING: using --pull/--client and --ifconfig together is probably not what you want");
3271 msg(
M_WARN,
"NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to");
3278 msg(
M_WARN,
"WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want");
3282 msg(
M_WARN,
"WARNING: --ifconfig-pool-persist will not work with --duplicate-cn");
3286 msg(
M_WARN,
"WARNING: --keepalive option is missing from server config");
3293 msg(
M_WARN,
"WARNING: You have disabled Replay Protection (--no-replay) which may make " PACKAGE_NAME " less secure");
3306 msg(
M_WARN,
"WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.");
3310 msg(
M_WARN,
"WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.");
3318 msg(
M_WARN,
"NOTE: the current --script-security setting may allow this configuration to call user-defined scripts");
3322 msg(
M_WARN,
"WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables");
3326 msg(
M_WARN,
"NOTE: starting with " PACKAGE_NAME " 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables");
3392 #ifdef ENABLE_FRAGMENT 3481 #ifdef ENABLE_FRAGMENT 3485 "Fragmentation MTU parms");
3508 msg(
D_SHOW_OCC,
"Expected Remote Options String (VER=%s): '%s'",
3673 #ifdef ENABLE_FRAGMENT 3694 bool need_us_timeout)
3696 unsigned int flags = 0;
3702 if (need_us_timeout)
3819 msg(
M_INFO,
"NOTE: --fast-io is disabled since we are running on Windows");
3823 msg(
M_INFO,
"NOTE: --fast-io is disabled since we are not using UDP");
3827 #ifdef ENABLE_FEATURE_SHAPER 3830 msg(
M_INFO,
"NOTE: --fast-io is disabled since we are using --shaper");
3855 #ifdef ENABLE_PLUGIN 3881 for (i = 0; i < config.
n; ++i)
3883 unsigned int option_types_found = 0;
3890 &option_types_found,
3927 #ifdef ENABLE_MANAGEMENT 3942 msg(msglevel,
"END");
3944 msg(msglevel,
"ERROR: Sorry, this command is currently only implemented on Windows");
3948 #ifdef TARGET_ANDROID 3950 management_callback_network_change(
void *arg,
bool samenetwork)
3992 #ifdef ENABLE_MANAGEMENT 4003 #ifdef TARGET_ANDROID 4004 cb.network_change = management_callback_network_change;
4011 #ifdef ENABLE_MANAGEMENT 4061 msg(
M_WARN,
"Signal received from management interface, exiting");
4089 #ifdef ENABLE_MANAGEMENT 4215 #ifdef ENABLE_PLUGIN 4269 #ifdef ENABLE_FRAGMENT 4279 unsigned int crypto_flags = 0;
4301 if (comp_enabled(&options->comp) && (c->
mode ==
CM_P2P || child))
4303 c->
c2.comp_context = comp_init(&options->comp);
4319 #ifdef ENABLE_FRAGMENT 4363 #ifdef ENABLE_PLUGIN 4392 #ifdef ENABLE_PLUGIN 4447 if (c->
c2.comp_context)
4449 comp_uninit(c->
c2.comp_context);
4450 c->
c2.comp_context = NULL;
4471 #ifdef ENABLE_MANAGEMENT 4479 pf_destroy_context(&c->
c2.pf);
4482 #ifdef ENABLE_PLUGIN 4493 #ifdef ENABLE_FRAGMENT 4555 #ifdef ENABLE_PLUGIN 4634 dest->
c2.comp_context = NULL;
4676 unsigned int pid = 0;
4680 msg(
M_ERR,
"Open error on pid file %s", filename);
4685 fprintf(fp,
"%u\n", pid);
4688 msg(
M_ERR,
"Close error on pid file %s", filename);
struct tuntap_options tuntap_options
const char * ciphername
Data channel cipher from config file.
void warn_on_use_of_common_subnets(openvpn_net_ctx_t *ctx)
static void init_crypto_pre(struct context *c, const unsigned int flags)
bool argv_printf_cat(struct argv *argres, const char *format,...)
printf() inspired argv concatenation.
void interval_init(struct interval *top, int horizon, int refresh)
void management_close(struct management *man)
int ifconfig_pool_persist_refresh_freq
struct ifconfig_pool_persist * ifconfig_pool_persist_init(const char *filename, int refresh_freq)
static void frame_add_to_extra_buffer(struct frame *frame, const int increment)
struct route_ipv6_option_list * routes_ipv6
void frame_subtract_extra(struct frame *frame, const struct frame *src)
static int route_did_redirect_default_gateway(const struct route_list *rl)
void set_std_files_to_null(bool stdin_only)
#define CO_PACKET_ID_LONG_FORM
Bit-flag indicating whether to use OpenVPN's long packet ID format.
struct http_proxy_info * http_proxy_new(const struct http_proxy_options *o)
static void strncpynt(char *dest, const char *src, size_t maxlen)
const char * socks_proxy_port
#define TM_ACTIVE
Active tls_session.
struct frame frame_fragment_omit
struct env_set * env_set_create(struct gc_arena *gc)
struct event_timeout route_wakeup
static void uninit_proxy_dowork(struct context *c)
static void do_init_route_ipv6_list(const struct options *options, struct route_ipv6_list *route_ipv6_list, const struct link_socket_info *link_socket_info, struct env_set *es, openvpn_net_ctx_t *ctx)
int dev_type_enum(const char *dev, const char *dev_type)
unsigned int management_flags
static void do_close_tun(struct context *c, bool force)
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
void free_key_ctx(struct key_ctx *ctx)
static void do_init_crypto_static(struct context *c, const unsigned int flags)
const char * signal_description(const int signum, const char *sigtext)
struct buffer read_tun_buf
uint8_t hmac_length
HMAC length, in bytes.
struct event_timeout ping_rec_interval
unsigned int crypto_max_overhead(void)
Return the worst-case OpenVPN crypto overhead (in bytes)
void tls_auth_standalone_finalize(struct tls_auth_standalone *tas, const struct frame *frame)
struct options options
Options loaded from command line or configuration file.
void plugin_return_get_column(const struct plugin_return *src, struct plugin_return *dest, const char *colname)
struct event_timeout route_wakeup_expire
bool mute_replay_warnings
void test_crypto(struct crypto_options *co, struct frame *frame)
void tun_standby_init(struct tuntap *tt)
void ssl_clean_user_pass(void)
Cleans the saved user/password unless auth-nocache is in use.
void free_buf(struct buffer *buf)
bool exit_event_initial_state
unsigned int flags
Bit-flags determining behavior of security operation functions.
struct link_socket * link_socket_new(void)
static void do_alloc_route_list(struct context *c)
static bool management_callback_remote_cmd(void *arg, const char **p)
void socks_proxy_close(struct socks_proxy_info *sp)
char * string_alloc(const char *str, struct gc_arena *gc)
#define CE_MAN_QUERY_REMOTE_MOD
void init_verb_mute(struct context *c, unsigned int flags)
char * options_string(const struct options *o, const struct frame *frame, struct tuntap *tt, openvpn_net_ctx_t *ctx, bool remote, struct gc_arena *gc)
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
struct link_socket_addr * lsa
bool tls_crypt_v2_file_inline
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
static bool options_hash_changed_or_zero(const struct sha256_digest *a, const struct sha256_digest *b)
Helper for do_up().
static void init_proxy_dowork(struct context *c)
static void frame_or_align_flags(struct frame *frame, const unsigned int flag_mask)
void prng_init(const char *md_name, const int nonce_secret_len_parm)
Pseudo-random number generator initialisation.
struct packet_id_persist * pid_persist
Persistent packet ID state for keeping state between successive OpenVPN process startups.
struct cached_dns_entry * dns_cache
void add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
unsigned int auth_token_lifetime
const char * tls_cert_profile
int management_log_history_cache
#define STATUS_OUTPUT_WRITE
const char * tls_crypt_v2_verify_script
const char * ifconfig_pool_persist_filename
#define P2P_ERROR_DELAY_MS
void string_clear(char *str)
static void do_inherit_plugins(struct context *c, const struct context *src)
static void do_close_event_set(struct context *c)
static void do_init_crypto_tls_c1(struct context *c)
static void plugin_return_init(struct plugin_return *pr)
bool server_bridge_proxy_dhcp
#define WSO_FORCE_SERVICE
int ping_rec_timeout_action
bool do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
void packet_id_persist_load_obj(const struct packet_id_persist *p, struct packet_id *pid)
void print_default_gateway(const int msglevel, const struct route_gateway_info *rgi, const struct route_ipv6_gateway_info *rgi6)
void notnull(const char *arg, const char *description)
Contains all state information for one tunnel.
#define CIPHER_ENABLED(c)
Packet geometry parameters.
static void do_env_set_destroy(struct context *c)
static void do_init_tls_wrap_key(struct context *c)
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
struct env_set * es
Set of environment variables.
void tls_crypt_v2_write_client_key_file(const char *filename, const char *b64_metadata, const char *server_key_file, bool server_key_inline)
Generate a tls-crypt-v2 client key, and write to file.
struct man_persist persist
bool proto_is_udp(int proto)
struct openvpn_plugin_string_list * list[MAX_PLUGINS]
void remap_signal(struct context *c)
void link_socket_init_phase1(struct link_socket *sock, const char *local_host, const char *local_port, const char *remote_host, const char *remote_port, struct cached_dns_entry *dns_cache, int proto, sa_family_t af, bool bind_ipv6_only, int mode, const struct link_socket *accept_from, struct http_proxy_info *http_proxy, struct socks_proxy_info *socks_proxy, bool bind_local, bool remote_float, struct link_socket_addr *lsa, const char *ipchange_command, const struct plugin_list *plugins, int resolve_retry_seconds, int mtu_discover_type, int rcvbuf, int sndbuf, int mark, const char *bind_dev, struct event_timeout *server_poll_timeout, unsigned int sockflags)
static void gc_free(struct gc_arena *a)
struct tls_root_ctx ssl_ctx
static bool management_callback_proxy_cmd(void *arg, const char **p)
static void frame_add_to_extra_frame(struct frame *frame, const unsigned int increment)
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
void close_context(struct context *c, int sig, unsigned int flags)
int script_security(void)
static void do_init_socket_2(struct context *c)
const char * auth_user_pass_verify_script
const char * shared_secret_file
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
static void packet_id_persist_init(struct packet_id_persist *p)
void open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
#define EVENT_METHOD_FAST
#define OPENVPN_PLUGIN_DOWN
void init_management_callback_p2p(struct context *c)
struct tls_auth_standalone * tls_auth_standalone
TLS state structure required for the initial authentication of a client's connection attempt...
#define OPENVPN_PLUGIN_ROUTE_UP
struct buffer_list * buffer_list_new(const int max_size)
Allocate an empty buffer list of capacity max_size.
#define IFCONFIG_BEFORE_TUN_OPEN
bool tls_crypt_v2_file_inline
void close_instance(struct context *c)
void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
void tls_crypt_v2_init_server_key(struct key_ctx *key_ctx, bool encrypt, const char *key_file, bool key_inline)
Initialize a tls-crypt-v2 server key (used to encrypt/decrypt client keys).
const char * client_config_dir_exclusive
void http_proxy_close(struct http_proxy_info *hp)
static void frame_add_to_extra_link(struct frame *frame, const int increment)
void tls_multi_free(struct tls_multi *multi, bool clear)
Cleanup a tls_multi structure and free associated memory allocations.
int keysize
Data channel keysize from config file.
#define SET_MTU_UPPER_BOUND
static void clear_remote_addrlist(struct link_socket_addr *lsa, bool free)
const char * auth_user_pass_file
static void do_signal_on_tls_errors(struct context *c)
struct context_buffers * buffers
struct buffer alloc_buf(size_t size)
int connect_retry_seconds
void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
void buffer_list_free(struct buffer_list *ol)
Frees a buffer list and all the buffers in it.
struct event_timeout wait_for_connect
const char * config_ncp_ciphers
struct link_socket_info * link_socket_info
static void next_connection_entry(struct context *c)
struct connection_list * connection_list
const char * guess_tuntap_dev(const char *dev, const char *dev_type, const char *dev_node, struct gc_arena *gc)
void buffer_list_aggregate(struct buffer_list *bl, const size_t max)
Aggregates as many buffers as possible from bl in a new buffer of maximum length max_len ...
struct link_socket_actual actual
struct crypto_options opt
Crypto state.
const char * exit_event_name
void md_ctx_free(md_ctx_t *ctx)
const struct link_socket * accept_from
static void frame_finalize_options(struct context *c, const struct options *o)
const char * tls_crypt_file
void packet_id_persist_close(struct packet_id_persist *p)
static void do_close_tls(struct context *c)
const char * genkey_extra_data
static bool ce_management_query_remote(struct context *c)
void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l, const char *prefix, const char *gateway, const char *metric)
char * x509_username_field[2]
bool buf_printf(struct buffer *buf, const char *format,...)
const char * route_script
int management_state_buffer_size
struct man_def_auth_context * mda_context
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
int resolve_retry_seconds
void setenv_str(struct env_set *es, const char *name, const char *value)
const char * auth_token_secret_file
struct link_socket_addr link_socket_addr
Local and remote addresses on the external network.
struct socks_proxy_info * socks_proxy
static int buf_read_u8(struct buffer *buf)
static void do_init_frame(struct context *c)
void remove_pid_file(void)
struct signal_info * sig
Internal error signaling object.
void socks_adjust_frame_parameters(struct frame *frame, int proto)
const char * route_predown_script
void open_plugins(struct context *c, const bool import_options, int init_point)
void post_init_signal_catch(void)
bool link_socket_update_flags(struct link_socket *ls, unsigned int sockflags)
struct frame frame_initial
#define OPENVPN_PLUGIN_INIT_POST_DAEMON
bool auth_token_generate
Generate auth-tokens on successful user/pass auth,seet via options->auth_token_generate.
static void do_init_traffic_shaper(struct context *c)
void init_query_passwords(const struct context *c)
Query for private key and auth-user-pass username/passwords.
struct link_socket_info info
#define CE_MAN_QUERY_PROXY
struct tuntap * tuntap
Tun/tap virtual network interface.
int renegotiate_seconds_min
bool management_hold(struct management *man, int holdtime)
bool tls_crypt_file_inline
static void do_init_finalize_tls_frame(struct context *c)
static void do_close_plugins(struct context *c)
static int ifconfig_order(void)
struct gc_arena gc
Garbage collection arena for allocations done in the level 2 scope of this context_2 structure...
char * basename(char *filename)
static bool check_debug_level(unsigned int level)
unsigned int crypto_flags
struct key_ctx_bi tls_wrap_key
#define OPENVPN_PLUGIN_FUNC_SUCCESS
struct remote_host_store * rh_store
struct tls_session session[TM_SIZE]
Array of tls_session objects representing control channel sessions with the remote peer...
int explicit_exit_notification
int status_file_update_freq
unsigned int unsuccessful_attempts
void close_management(void)
bool tuntap_owned
Whether the tun/tap interface should be cleaned up when this context is cleaned up.
bool auth_token_call_auth
const char * config_ciphername
bool tls_session_update_crypto_params(struct tls_session *session, struct options *options, struct frame *frame, struct frame *frame_fragment)
Update TLS session crypto parameters (cipher and auth) and derive data channel keys based on the supp...
void(* status)(void *arg, const int version, struct status_output *so)
void status_printf(struct status_output *so, const char *format,...)
static void update_options_ce_post(struct options *options)
void do_ifconfig(struct tuntap *tt, const char *ifname, int tun_mtu, const struct env_set *es, openvpn_net_ctx_t *ctx)
do_ifconfig - configure the tunnel interface
struct tuntap_options options
static struct context * static_context
char username[USER_PASS_LEN]
#define OCC_MTU_LOAD_INTERVAL_SECONDS
struct frame frame_fragment_initial
void packet_id_free(struct packet_id *p)
#define CE_MAN_QUERY_REMOTE_SKIP
struct socks_proxy_info * socks_proxy_new(const char *server, const char *port, const char *authfile)
struct event_timeout ping_send_interval
void argv_msg(const int msglev, const struct argv *a)
Write the arguments stored in a struct argv via the msg() command.