OpenVPN
socket.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "syshead.h"
29 
30 #include "socket.h"
31 #include "fdmisc.h"
32 #include "misc.h"
33 #include "gremlin.h"
34 #include "plugin.h"
35 #include "ps.h"
36 #include "run_command.h"
37 #include "manage.h"
38 #include "misc.h"
39 #include "manage.h"
40 #include "openvpn.h"
41 #include "forward.h"
42 
43 #include "memdbg.h"
44 
45 bool
46 sockets_read_residual(const struct context *c)
47 {
48  int i;
49 
50  for (i = 0; i < c->c1.link_sockets_num; i++)
51  {
52  if (c->c2.link_sockets[i]->stream_buf.residual_fully_formed)
53  {
54  return true;
55  }
56  }
57  return false;
58 }
59 
60 /*
61  * Convert sockflags/getaddr_flags into getaddr_flags
62  */
63 static unsigned int
64 sf2gaf(const unsigned int getaddr_flags,
65  const unsigned int sockflags)
66 {
67  if (sockflags & SF_HOST_RANDOMIZE)
68  {
69  return getaddr_flags | GETADDR_RANDOMIZE;
70  }
71  else
72  {
73  return getaddr_flags;
74  }
75 }
76 
77 /*
78  * Functions related to the translation of DNS names to IP addresses.
79  */
80 static int
81 get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname,
82  void *network, unsigned int *netbits,
83  int resolve_retry_seconds, struct signal_info *sig_info,
84  int msglevel)
85 {
86  char *endp, *sep, *var_host = NULL;
87  struct addrinfo *ai = NULL;
88  unsigned long bits;
89  uint8_t max_bits;
90  int ret = -1;
91 
92  if (!hostname)
93  {
94  msg(M_NONFATAL, "Can't resolve null hostname!");
95  goto out;
96  }
97 
98  /* assign family specific default values */
99  switch (af)
100  {
101  case AF_INET:
102  bits = 0;
103  max_bits = sizeof(in_addr_t) * 8;
104  break;
105 
106  case AF_INET6:
107  bits = 64;
108  max_bits = sizeof(struct in6_addr) * 8;
109  break;
110 
111  default:
112  msg(M_WARN,
113  "Unsupported AF family passed to getaddrinfo for %s (%d)",
114  hostname, af);
115  goto out;
116  }
117 
118  /* we need to modify the hostname received as input, but we don't want to
119  * touch it directly as it might be a constant string.
120  *
121  * Therefore, we clone the string here and free it at the end of the
122  * function */
123  var_host = strdup(hostname);
124  if (!var_host)
125  {
126  msg(M_NONFATAL | M_ERRNO,
127  "Can't allocate hostname buffer for getaddrinfo");
128  goto out;
129  }
130 
131  /* check if this hostname has a /bits suffix */
132  sep = strchr(var_host, '/');
133  if (sep)
134  {
135  bits = strtoul(sep + 1, &endp, 10);
136  if ((*endp != '\0') || (bits > max_bits))
137  {
138  msg(msglevel, "IP prefix '%s': invalid '/bits' spec (%s)", hostname,
139  sep + 1);
140  goto out;
141  }
142  *sep = '\0';
143  }
144 
145  ret = openvpn_getaddrinfo(flags & ~GETADDR_HOST_ORDER, var_host, NULL,
146  resolve_retry_seconds, sig_info, af, &ai);
147  if ((ret == 0) && network)
148  {
149  struct in6_addr *ip6;
150  in_addr_t *ip4;
151 
152  switch (af)
153  {
154  case AF_INET:
155  ip4 = network;
156  *ip4 = ((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr;
157 
158  if (flags & GETADDR_HOST_ORDER)
159  {
160  *ip4 = ntohl(*ip4);
161  }
162  break;
163 
164  case AF_INET6:
165  ip6 = network;
166  *ip6 = ((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr;
167  break;
168 
169  default:
170  /* can't get here because 'af' was previously checked */
171  msg(M_WARN,
172  "Unsupported AF family for %s (%d)", var_host, af);
173  goto out;
174  }
175  }
176 
177  if (netbits)
178  {
179  *netbits = bits;
180  }
181 
182  /* restore '/' separator, if any */
183  if (sep)
184  {
185  *sep = '/';
186  }
187 out:
188  freeaddrinfo(ai);
189  free(var_host);
190 
191  return ret;
192 }
193 
194 in_addr_t
195 getaddr(unsigned int flags,
196  const char *hostname,
197  int resolve_retry_seconds,
198  bool *succeeded,
199  struct signal_info *sig_info)
200 {
201  in_addr_t addr;
202  int status;
203 
204  status = get_addr_generic(AF_INET, flags, hostname, &addr, NULL,
205  resolve_retry_seconds, sig_info,
206  M_WARN);
207  if (status==0)
208  {
209  if (succeeded)
210  {
211  *succeeded = true;
212  }
213  return addr;
214  }
215  else
216  {
217  if (succeeded)
218  {
219  *succeeded = false;
220  }
221  return 0;
222  }
223 }
224 
225 bool
226 get_ipv6_addr(const char *hostname, struct in6_addr *network,
227  unsigned int *netbits, int msglevel)
228 {
229  if (get_addr_generic(AF_INET6, GETADDR_RESOLVE, hostname, network, netbits,
230  0, NULL, msglevel) < 0)
231  {
232  return false;
233  }
234 
235  return true; /* parsing OK, values set */
236 }
237 
238 static inline bool
239 streqnull(const char *a, const char *b)
240 {
241  if (a == NULL && b == NULL)
242  {
243  return true;
244  }
245  else if (a == NULL || b == NULL)
246  {
247  return false;
248  }
249  else
250  {
251  return streq(a, b);
252  }
253 }
254 
255 /*
256  * get_cached_dns_entry return 0 on success and -1
257  * otherwise. (like getaddrinfo)
258  */
259 static int
260 get_cached_dns_entry(struct cached_dns_entry *dns_cache,
261  const char *hostname,
262  const char *servname,
263  int ai_family,
264  int resolve_flags,
265  struct addrinfo **ai)
266 {
267  struct cached_dns_entry *ph;
268  int flags;
269 
270  /* Only use flags that are relevant for the structure */
271  flags = resolve_flags & GETADDR_CACHE_MASK;
272 
273  for (ph = dns_cache; ph; ph = ph->next)
274  {
275  if (streqnull(ph->hostname, hostname)
276  && streqnull(ph->servname, servname)
277  && ph->ai_family == ai_family
278  && ph->flags == flags)
279  {
280  *ai = ph->ai;
281  return 0;
282  }
283  }
284  return -1;
285 }
286 
287 
288 static int
289 do_preresolve_host(struct context *c,
290  const char *hostname,
291  const char *servname,
292  const int af,
293  const int flags)
294 {
295  struct addrinfo *ai;
296  int status;
297 
298  if (get_cached_dns_entry(c->c1.dns_cache,
299  hostname,
300  servname,
301  af,
302  flags,
303  &ai) == 0)
304  {
305  /* entry already cached, return success */
306  return 0;
307  }
308 
309  status = openvpn_getaddrinfo(flags, hostname, servname,
310  c->options.resolve_retry_seconds, NULL,
311  af, &ai);
312  if (status == 0)
313  {
314  struct cached_dns_entry *ph;
315 
316  ALLOC_OBJ_CLEAR_GC(ph, struct cached_dns_entry, &c->gc);
317  ph->ai = ai;
318  ph->hostname = hostname;
319  ph->servname = servname;
320  ph->flags = flags & GETADDR_CACHE_MASK;
321 
322  if (!c->c1.dns_cache)
323  {
324  c->c1.dns_cache = ph;
325  }
326  else
327  {
328  struct cached_dns_entry *prev = c->c1.dns_cache;
329  while (prev->next)
330  {
331  prev = prev->next;
332  }
333  prev->next = ph;
334  }
335 
336  gc_addspecial(ai, &gc_freeaddrinfo_callback, &c->gc);
337 
338  }
339  return status;
340 }
341 
342 void
343 do_preresolve(struct context *c)
344 {
345  struct connection_list *l = c->options.connection_list;
346  const unsigned int preresolve_flags = GETADDR_RESOLVE
347  |GETADDR_UPDATE_MANAGEMENT_STATE
348  |GETADDR_MENTION_RESOLVE_RETRY
349  |GETADDR_FATAL;
350 
351 
352  for (int i = 0; i < l->len; ++i)
353  {
354  int status;
355  const char *remote;
356  int flags = preresolve_flags;
357 
358  struct connection_entry *ce = l->array[i];
359 
360  if (proto_is_dgram(ce->proto))
361  {
362  flags |= GETADDR_DATAGRAM;
363  }
364 
365  if (c->options.sockflags & SF_HOST_RANDOMIZE)
366  {
367  flags |= GETADDR_RANDOMIZE;
368  }
369 
370  if (c->options.ip_remote_hint)
371  {
372  remote = c->options.ip_remote_hint;
373  }
374  else
375  {
376  remote = ce->remote;
377  }
378 
379  /* HTTP remote hostname does not need to be resolved */
380  if (!ce->http_proxy_options)
381  {
382  status = do_preresolve_host(c, remote, ce->remote_port,
383  ce->af, flags);
384  if (status != 0)
385  {
386  goto err;
387  }
388  }
389 
390  /* Preresolve proxy */
391  if (ce->http_proxy_options)
392  {
393  status = do_preresolve_host(c,
394  ce->http_proxy_options->server,
395  ce->http_proxy_options->port,
396  ce->af,
397  preresolve_flags);
398 
399  if (status != 0)
400  {
401  goto err;
402  }
403  }
404 
405  if (ce->socks_proxy_server)
406  {
407  status = do_preresolve_host(c,
408  ce->socks_proxy_server,
409  ce->socks_proxy_port,
410  ce->af,
411  flags);
412  if (status != 0)
413  {
414  goto err;
415  }
416  }
417 
418  if (ce->bind_local)
419  {
420  flags |= GETADDR_PASSIVE;
421  flags &= ~GETADDR_RANDOMIZE;
422 
423  for (int j = 0; j < ce->local_list->len; j++)
424  {
425  struct local_entry *le = ce->local_list->array[j];
426 
427  if (!le->local)
428  {
429  continue;
430  }
431 
432  status = do_preresolve_host(c, le->local, le->port, ce->af, flags);
433  if (status != 0)
434  {
435  goto err;
436  }
437 
438  }
439  }
440 
441  }
442  return;
443 
444 err:
445  throw_signal_soft(SIGHUP, "Preresolving failed");
446 }
447 
452 static const char *
453 getaddrinfo_addr_family_name(int af)
454 {
455  switch (af)
456  {
457  case AF_INET: return "[AF_INET]";
458 
459  case AF_INET6: return "[AF_INET6]";
460  }
461  return "";
462 }
463 
464 /*
465  * Translate IPv4/IPv6 addr or hostname into struct addrinfo
466  * If resolve error, try again for resolve_retry_seconds seconds.
467  */
468 int
469 openvpn_getaddrinfo(unsigned int flags,
470  const char *hostname,
471  const char *servname,
472  int resolve_retry_seconds,
473  struct signal_info *sig_info,
474  int ai_family,
475  struct addrinfo **res)
476 {
477  struct addrinfo hints;
478  int status;
479  struct signal_info sigrec = {0};
480  int msglevel = (flags & GETADDR_FATAL) ? M_FATAL : D_RESOLVE_ERRORS;
481  struct gc_arena gc = gc_new();
482  const char *print_hostname;
483  const char *print_servname;
484 
485  ASSERT(res);
486 
487  ASSERT(hostname || servname);
488  ASSERT(!(flags & GETADDR_HOST_ORDER));
489 
490  if (servname)
491  {
492  print_servname = servname;
493  }
494  else
495  {
496  print_servname = "";
497  }
498 
499  if (flags & GETADDR_MSG_VIRT_OUT)
500  {
501  msglevel |= M_MSG_VIRT_OUT;
502  }
503 
504  if ((flags & (GETADDR_FATAL_ON_SIGNAL|GETADDR_WARN_ON_SIGNAL))
505  && !sig_info)
506  {
507  sig_info = &sigrec;
508  }
509 
510  /* try numeric ip addr first */
511  CLEAR(hints);
512  hints.ai_flags = AI_NUMERICHOST;
513 
514  if (flags & GETADDR_PASSIVE)
515  {
516  hints.ai_flags |= AI_PASSIVE;
517  }
518 
519  if (flags & GETADDR_DATAGRAM)
520  {
521  hints.ai_socktype = SOCK_DGRAM;
522  }
523  else
524  {
525  hints.ai_socktype = SOCK_STREAM;
526  }
527 
528  /* if hostname is not set, we want to bind to 'ANY', with
529  * the correct address family - v4-only or v6/v6-dual-stack */
530  if (!hostname)
531  {
532  hints.ai_family = ai_family;
533  }
534 
535  status = getaddrinfo(hostname, servname, &hints, res);
536 
537  if (status != 0) /* parse as numeric address failed? */
538  {
539  const int fail_wait_interval = 5; /* seconds */
540  /* Add +4 to cause integer division rounding up (1 + 4) = 5, (0+4)/5=0 */
541  int resolve_retries = (flags & GETADDR_TRY_ONCE) ? 1 :
542  ((resolve_retry_seconds + 4)/ fail_wait_interval);
543  const char *fmt;
544  int level = 0;
545 
546  /* this is not a numeric IP, therefore force resolution using the
547  * provided ai_family */
548  hints.ai_family = ai_family;
549 
550  if (hostname && (flags & GETADDR_RANDOMIZE))
551  {
552  hostname = hostname_randomize(hostname, &gc);
553  }
554 
555  if (hostname)
556  {
557  print_hostname = hostname;
558  }
559  else
560  {
561  print_hostname = "undefined";
562  }
563 
564  fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)";
565  if ((flags & GETADDR_MENTION_RESOLVE_RETRY)
566  && !resolve_retry_seconds)
567  {
568  fmt = "RESOLVE: Cannot resolve host address: %s:%s%s (%s)"
569  "(I would have retried this name query if you had "
570  "specified the --resolv-retry option.)";
571  }
572 
573  if (!(flags & GETADDR_RESOLVE) || status == EAI_FAIL)
574  {
575  msg(msglevel, "RESOLVE: Cannot parse IP address: %s:%s (%s)",
576  print_hostname, print_servname, gai_strerror(status));
577  goto done;
578  }
579 
580 #ifdef ENABLE_MANAGEMENT
581  if (flags & GETADDR_UPDATE_MANAGEMENT_STATE)
582  {
583  if (management)
584  {
585  management_set_state(management,
586  OPENVPN_STATE_RESOLVE,
587  NULL,
588  NULL,
589  NULL,
590  NULL,
591  NULL);
592  }
593  }
594 #endif
595 
596  /*
597  * Resolve hostname
598  */
599  while (true)
600  {
601 #ifndef _WIN32
602  /* force resolv.conf reload */
603  res_init();
604 #endif
605  /* try hostname lookup */
606  hints.ai_flags &= ~AI_NUMERICHOST;
607  dmsg(D_SOCKET_DEBUG,
608  "GETADDRINFO flags=0x%04x ai_family=%d ai_socktype=%d",
609  flags, hints.ai_family, hints.ai_socktype);
610  status = getaddrinfo(hostname, servname, &hints, res);
611 
612  if (sig_info)
613  {
614  get_signal(&sig_info->signal_received);
615  if (sig_info->signal_received) /* were we interrupted by a signal? */
616  {
617  /* why are we overwriting SIGUSR1 ? */
618  if (signal_reset(sig_info, SIGUSR1) == SIGUSR1) /* ignore SIGUSR1 */
619  {
620  msg(level,
621  "RESOLVE: Ignored SIGUSR1 signal received during "
622  "DNS resolution attempt");
623  }
624  else
625  {
626  /* turn success into failure (interrupted syscall) */
627  if (0 == status)
628  {
629  ASSERT(res);
630  freeaddrinfo(*res);
631  *res = NULL;
632  status = EAI_AGAIN; /* = temporary failure */
633  errno = EINTR;
634  }
635  goto done;
636  }
637  }
638  }
639 
640  /* success? */
641  if (0 == status)
642  {
643  break;
644  }
645 
646  /* resolve lookup failed, should we
647  * continue or fail? */
648  level = msglevel;
649  if (resolve_retries > 0)
650  {
651  level = D_RESOLVE_ERRORS;
652  }
653 
654  msg(level,
655  fmt,
656  print_hostname,
657  print_servname,
658  getaddrinfo_addr_family_name(ai_family),
659  gai_strerror(status));
660 
661  if (--resolve_retries <= 0)
662  {
663  goto done;
664  }
665 
666  management_sleep(fail_wait_interval);
667  }
668 
669  ASSERT(res);
670 
671  /* hostname resolve succeeded */
672 
673  /*
674  * Do not choose an IP Addresse by random or change the order *
675  * of IP addresses, doing so will break RFC 3484 address selection *
676  */
677  }
678  else
679  {
680  /* IP address parse succeeded */
681  if (flags & GETADDR_RANDOMIZE)
682  {
683  msg(M_WARN,
684  "WARNING: ignoring --remote-random-hostname because the "
685  "hostname is an IP address");
686  }
687  }
688 
689 done:
690  if (sig_info && sig_info->signal_received)
691  {
692  int level = 0;
693  if (flags & GETADDR_FATAL_ON_SIGNAL)
694  {
695  level = M_FATAL;
696  }
697  else if (flags & GETADDR_WARN_ON_SIGNAL)
698  {
699  level = M_WARN;
700  }
701  msg(level, "RESOLVE: signal received during DNS resolution attempt");
702  }
703 
704  gc_free(&gc);
705  return status;
706 }
707 
708 /*
709  * We do our own inet_aton because the glibc function
710  * isn't very good about error checking.
711  */
712 int
713 openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
714 {
715  unsigned int a, b, c, d;
716 
717  CLEAR(*addr);
718  if (sscanf(dotted_quad, "%u.%u.%u.%u", &a, &b, &c, &d) == 4)
719  {
720  if (a < 256 && b < 256 && c < 256 && d < 256)
721  {
722  addr->s_addr = htonl(a<<24 | b<<16 | c<<8 | d);
723  return OIA_IP; /* good dotted quad */
724  }
725  }
726  if (string_class(dotted_quad, CC_DIGIT|CC_DOT, 0))
727  {
728  return OIA_ERROR; /* probably a badly formatted dotted quad */
729  }
730  else
731  {
732  return OIA_HOSTNAME; /* probably a hostname */
733  }
734 }
735 
736 bool
737 ip_addr_dotted_quad_safe(const char *dotted_quad)
738 {
739  /* verify non-NULL */
740  if (!dotted_quad)
741  {
742  return false;
743  }
744 
745  /* verify length is within limits */
746  if (strlen(dotted_quad) > 15)
747  {
748  return false;
749  }
750 
751  /* verify that all chars are either numeric or '.' and that no numeric
752  * substring is greater than 3 chars */
753  {
754  int nnum = 0;
755  const char *p = dotted_quad;
756  int c;
757 
758  while ((c = *p++))
759  {
760  if (c >= '0' && c <= '9')
761  {
762  ++nnum;
763  if (nnum > 3)
764  {
765  return false;
766  }
767  }
768  else if (c == '.')
769  {
770  nnum = 0;
771  }
772  else
773  {
774  return false;
775  }
776  }
777  }
778 
779  /* verify that string will convert to IP address */
780  {
781  struct in_addr a;
782  return openvpn_inet_aton(dotted_quad, &a) == OIA_IP;
783  }
784 }
785 
786 bool
787 ipv6_addr_safe(const char *ipv6_text_addr)
788 {
789  /* verify non-NULL */
790  if (!ipv6_text_addr)
791  {
792  return false;
793  }
794 
795  /* verify length is within limits */
796  if (strlen(ipv6_text_addr) > INET6_ADDRSTRLEN)
797  {
798  return false;
799  }
800 
801  /* verify that string will convert to IPv6 address */
802  {
803  struct in6_addr a6;
804  return inet_pton( AF_INET6, ipv6_text_addr, &a6 ) == 1;
805  }
806 }
807 
808 static bool
809 dns_addr_safe(const char *addr)
810 {
811  if (addr)
812  {
813  const size_t len = strlen(addr);
814  return len > 0 && len <= 255 && string_class(addr, CC_ALNUM|CC_DASH|CC_DOT, 0);
815  }
816  else
817  {
818  return false;
819  }
820 }
821 
822 bool
823 ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
824 {
825  if (ip_addr_dotted_quad_safe(addr))
826  {
827  return true;
828  }
829  else if (allow_fqdn)
830  {
831  return dns_addr_safe(addr);
832  }
833  else
834  {
835  return false;
836  }
837 }
838 
839 bool
840 mac_addr_safe(const char *mac_addr)
841 {
842  /* verify non-NULL */
843  if (!mac_addr)
844  {
845  return false;
846  }
847 
848  /* verify length is within limits */
849  if (strlen(mac_addr) > 17)
850  {
851  return false;
852  }
853 
854  /* verify that all chars are either alphanumeric or ':' and that no
855  * alphanumeric substring is greater than 2 chars */
856  {
857  int nnum = 0;
858  const char *p = mac_addr;
859  int c;
860 
861  while ((c = *p++))
862  {
863  if ( (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') )
864  {
865  ++nnum;
866  if (nnum > 2)
867  {
868  return false;
869  }
870  }
871  else if (c == ':')
872  {
873  nnum = 0;
874  }
875  else
876  {
877  return false;
878  }
879  }
880  }
881 
882  /* error-checking is left to script invoked in lladdr.c */
883  return true;
884 }
885 
886 static int
887 socket_get_sndbuf(socket_descriptor_t sd)
888 {
889 #if defined(SOL_SOCKET) && defined(SO_SNDBUF)
890  int val;
891  socklen_t len;
892 
893  len = sizeof(val);
894  if (getsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *) &val, &len) == 0
895  && len == sizeof(val))
896  {
897  return val;
898  }
899 #endif
900  return 0;
901 }
902 
903 static void
904 socket_set_sndbuf(socket_descriptor_t sd, int size)
905 {
906 #if defined(SOL_SOCKET) && defined(SO_SNDBUF)
907  if (setsockopt(sd, SOL_SOCKET, SO_SNDBUF, (void *) &size, sizeof(size)) != 0)
908  {
909  msg(M_WARN, "NOTE: setsockopt SO_SNDBUF=%d failed", size);
910  }
911 #endif
912 }
913 
914 static int
915 socket_get_rcvbuf(socket_descriptor_t sd)
916 {
917 #if defined(SOL_SOCKET) && defined(SO_RCVBUF)
918  int val;
919  socklen_t len;
920 
921  len = sizeof(val);
922  if (getsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *) &val, &len) == 0
923  && len == sizeof(val))
924  {
925  return val;
926  }
927 #endif
928  return 0;
929 }
930 
931 static bool
932 socket_set_rcvbuf(socket_descriptor_t sd, int size)
933 {
934 #if defined(SOL_SOCKET) && defined(SO_RCVBUF)
935  if (setsockopt(sd, SOL_SOCKET, SO_RCVBUF, (void *) &size, sizeof(size)) != 0)
936  {
937  msg(M_WARN, "NOTE: setsockopt SO_RCVBUF=%d failed", size);
938  return false;
939  }
940  return true;
941 #endif
942 }
943 
944 void
945 socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size *sbs,
946  bool reduce_size)
947 {
948  if (sbs)
949  {
950  const int sndbuf_old = socket_get_sndbuf(fd);
951  const int rcvbuf_old = socket_get_rcvbuf(fd);
952 
953  if (sbs->sndbuf
954  && (reduce_size || sndbuf_old < sbs->sndbuf))
955  {
956  socket_set_sndbuf(fd, sbs->sndbuf);
957  }
958 
959  if (sbs->rcvbuf
960  && (reduce_size || rcvbuf_old < sbs->rcvbuf))
961  {
962  socket_set_rcvbuf(fd, sbs->rcvbuf);
963  }
964 
965  msg(D_OSBUF, "Socket Buffers: R=[%d->%d] S=[%d->%d]",
966  rcvbuf_old,
967  socket_get_rcvbuf(fd),
968  sndbuf_old,
969  socket_get_sndbuf(fd));
970  }
971 }
972 
973 /*
974  * Set other socket options
975  */
976 
977 static bool
978 socket_set_tcp_nodelay(socket_descriptor_t sd, int state)
979 {
980 #if defined(_WIN32) || (defined(IPPROTO_TCP) && defined(TCP_NODELAY))
981  if (setsockopt(sd, IPPROTO_TCP, TCP_NODELAY, (void *) &state, sizeof(state)) != 0)
982  {
983  msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed", state);
984  return false;
985  }
986  else
987  {
988  dmsg(D_OSBUF, "Socket flags: TCP_NODELAY=%d succeeded", state);
989  return true;
990  }
991 #else /* if defined(_WIN32) || (defined(IPPROTO_TCP) && defined(TCP_NODELAY)) */
992  msg(M_WARN, "NOTE: setsockopt TCP_NODELAY=%d failed (No kernel support)", state);
993  return false;
994 #endif
995 }
996 
997 static inline void
998 socket_set_mark(socket_descriptor_t sd, int mark)
999 {
1000 #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
1001  if (mark && setsockopt(sd, SOL_SOCKET, SO_MARK, (void *) &mark, sizeof(mark)) != 0)
1002  {
1003  msg(M_WARN, "NOTE: setsockopt SO_MARK=%d failed", mark);
1004  }
1005 #endif
1006 }
1007 
1008 static bool
1009 socket_set_flags(socket_descriptor_t sd, unsigned int sockflags)
1010 {
1011  /* SF_TCP_NODELAY doesn't make sense for dco-win */
1012  if ((sockflags & SF_TCP_NODELAY) && (!(sockflags & SF_DCO_WIN)))
1013  {
1014  return socket_set_tcp_nodelay(sd, 1);
1015  }
1016  else
1017  {
1018  return true;
1019  }
1020 }
1021 
1022 bool
1023 link_socket_update_flags(struct link_socket *sock, unsigned int sockflags)
1024 {
1025  if (sock && socket_defined(sock->sd))
1026  {
1027  sock->sockflags |= sockflags;
1028  return socket_set_flags(sock->sd, sock->sockflags);
1029  }
1030  else
1031  {
1032  return false;
1033  }
1034 }
1035 
1036 void
1037 link_socket_update_buffer_sizes(struct link_socket *sock, int rcvbuf, int sndbuf)
1038 {
1039  if (sock && socket_defined(sock->sd))
1040  {
1041  sock->socket_buffer_sizes.sndbuf = sndbuf;
1042  sock->socket_buffer_sizes.rcvbuf = rcvbuf;
1043  socket_set_buffers(sock->sd, &sock->socket_buffer_sizes, true);
1044  }
1045 }
1046 
1047 /*
1048  * SOCKET INITIALIZATION CODE.
1049  * Create a TCP/UDP socket
1050  */
1051 
1052 socket_descriptor_t
1053 create_socket_tcp(struct addrinfo *addrinfo)
1054 {
1055  socket_descriptor_t sd;
1056 
1057  ASSERT(addrinfo);
1058  ASSERT(addrinfo->ai_socktype == SOCK_STREAM);
1059 
1060  if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
1061  {
1062  msg(M_ERR, "Cannot create TCP socket");
1063  }
1064 
1065 #ifndef _WIN32 /* using SO_REUSEADDR on Windows will cause bind to succeed on port conflicts! */
1066  /* set SO_REUSEADDR on socket */
1067  {
1068  int on = 1;
1069  if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR,
1070  (void *) &on, sizeof(on)) < 0)
1071  {
1072  msg(M_ERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP socket");
1073  }
1074  }
1075 #endif
1076 
1077  /* set socket file descriptor to not pass across execs, so that
1078  * scripts don't have access to it */
1079  set_cloexec(sd);
1080 
1081  return sd;
1082 }
1083 
1084 static socket_descriptor_t
1085 create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
1086 {
1087  socket_descriptor_t sd;
1088 
1089  ASSERT(addrinfo);
1090  ASSERT(addrinfo->ai_socktype == SOCK_DGRAM);
1091 
1092  if ((sd = socket(addrinfo->ai_family, addrinfo->ai_socktype, addrinfo->ai_protocol)) < 0)
1093  {
1094  msg(M_ERR, "UDP: Cannot create UDP/UDP6 socket");
1095  }
1096 #if ENABLE_IP_PKTINFO
1097  else if (flags & SF_USE_IP_PKTINFO)
1098  {
1099  int pad = 1;
1100  if (addrinfo->ai_family == AF_INET)
1101  {
1102 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
1103  if (setsockopt(sd, SOL_IP, IP_PKTINFO,
1104  (void *)&pad, sizeof(pad)) < 0)
1105  {
1106  msg(M_ERR, "UDP: failed setsockopt for IP_PKTINFO");
1107  }
1108 #elif defined(IP_RECVDSTADDR)
1109  if (setsockopt(sd, IPPROTO_IP, IP_RECVDSTADDR,
1110  (void *)&pad, sizeof(pad)) < 0)
1111  {
1112  msg(M_ERR, "UDP: failed setsockopt for IP_RECVDSTADDR");
1113  }
1114 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
1115 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
1116 #endif
1117  }
1118  else if (addrinfo->ai_family == AF_INET6)
1119  {
1120 #ifndef IPV6_RECVPKTINFO /* Some older Darwin platforms require this */
1121  if (setsockopt(sd, IPPROTO_IPV6, IPV6_PKTINFO,
1122  (void *)&pad, sizeof(pad)) < 0)
1123 #else
1124  if (setsockopt(sd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
1125  (void *)&pad, sizeof(pad)) < 0)
1126 #endif
1127  { msg(M_ERR, "UDP: failed setsockopt for IPV6_RECVPKTINFO");}
1128  }
1129  }
1130 #endif /* if ENABLE_IP_PKTINFO */
1131 
1132  /* set socket file descriptor to not pass across execs, so that
1133  * scripts don't have access to it */
1134  set_cloexec(sd);
1135 
1136  return sd;
1137 }
1138 
1139 static void
1140 bind_local(struct link_socket *sock, const sa_family_t ai_family)
1141 {
1142  /* bind to local address/port */
1143  if (sock->bind_local)
1144  {
1145  if (sock->socks_proxy && sock->info.proto == PROTO_UDP)
1146  {
1147  socket_bind(sock->ctrl_sd, sock->info.lsa->bind_local,
1148  ai_family, "SOCKS", false);
1149  }
1150  else
1151  {
1152  socket_bind(sock->sd, sock->info.lsa->bind_local,
1153  ai_family,
1154  "TCP/UDP", sock->info.bind_ipv6_only);
1155  }
1156  }
1157 }
1158 
1159 static void
1160 create_socket(struct link_socket *sock, struct addrinfo *addr)
1161 {
1162  if (addr->ai_protocol == IPPROTO_UDP || addr->ai_socktype == SOCK_DGRAM)
1163  {
1164  sock->sd = create_socket_udp(addr, sock->sockflags);
1165  sock->sockflags |= SF_GETADDRINFO_DGRAM;
1166 
1167  /* Assume that control socket and data socket to the socks proxy
1168  * are using the same IP family */
1169  if (sock->socks_proxy)
1170  {
1171  /* Construct a temporary addrinfo to create the socket,
1172  * currently resolve two remote addresses is not supported,
1173  * TODO: Rewrite the whole resolve_remote */
1174  struct addrinfo addrinfo_tmp = *addr;
1175  addrinfo_tmp.ai_socktype = SOCK_STREAM;
1176  addrinfo_tmp.ai_protocol = IPPROTO_TCP;
1177  sock->ctrl_sd = create_socket_tcp(&addrinfo_tmp);
1178  }
1179  }
1180  else if (addr->ai_protocol == IPPROTO_TCP || addr->ai_socktype == SOCK_STREAM)
1181  {
1182  sock->sd = create_socket_tcp(addr);
1183  }
1184  else
1185  {
1186  ASSERT(0);
1187  }
1188  /* Set af field of sock->info, so it always reflects the address family
1189  * of the created socket */
1190  sock->info.af = addr->ai_family;
1191 
1192  /* set socket buffers based on --sndbuf and --rcvbuf options */
1193  socket_set_buffers(sock->sd, &sock->socket_buffer_sizes, true);
1194 
1195  /* set socket to --mark packets with given value */
1196  socket_set_mark(sock->sd, sock->mark);
1197 
1198 #if defined(TARGET_LINUX)
1199  if (sock->bind_dev)
1200  {
1201  msg(M_INFO, "Using bind-dev %s", sock->bind_dev);
1202  if (setsockopt(sock->sd, SOL_SOCKET, SO_BINDTODEVICE, sock->bind_dev, strlen(sock->bind_dev) + 1) != 0)
1203  {
1204  msg(M_WARN|M_ERRNO, "WARN: setsockopt SO_BINDTODEVICE=%s failed", sock->bind_dev);
1205  }
1206 
1207  }
1208 #endif
1209 
1210  bind_local(sock, addr->ai_family);
1211 }
1212 
1213 #ifdef TARGET_ANDROID
1214 static void
1215 protect_fd_nonlocal(int fd, const struct sockaddr *addr)
1216 {
1217  if (!management)
1218  {
1219  msg(M_FATAL, "Required management interface not available.");
1220  }
1221 
1222  /* pass socket FD to management interface to pass on to VPNService API
1223  * as "protected socket" (exempt from being routed into tunnel)
1224  */
1225  if (addr_local(addr))
1226  {
1227  msg(D_SOCKET_DEBUG, "Address is local, not protecting socket fd %d", fd);
1228  return;
1229  }
1230 
1231  msg(D_SOCKET_DEBUG, "Protecting socket fd %d", fd);
1232  management->connection.fdtosend = fd;
1233  management_android_control(management, "PROTECTFD", __func__);
1234 }
1235 #endif
1236 
1237 /*
1238  * Functions used for establishing a TCP stream connection.
1239  */
1240 static void
1241 socket_do_listen(socket_descriptor_t sd,
1242  const struct addrinfo *local,
1243  bool do_listen,
1244  bool do_set_nonblock)
1245 {
1246  struct gc_arena gc = gc_new();
1247  if (do_listen)
1248  {
1249  ASSERT(local);
1250  msg(M_INFO, "Listening for incoming TCP connection on %s",
1251  print_sockaddr(local->ai_addr, &gc));
1252  if (listen(sd, 32))
1253  {
1254  msg(M_ERR, "TCP: listen() failed");
1255  }
1256  }
1257 
1258  /* set socket to non-blocking mode */
1259  if (do_set_nonblock)
1260  {
1261  set_nonblock(sd);
1262  }
1263 
1264  gc_free(&gc);
1265 }
1266 
1267 socket_descriptor_t
1268 socket_do_accept(socket_descriptor_t sd,
1269  struct link_socket_actual *act,
1270  const bool nowait)
1271 {
1272  /* af_addr_size WILL return 0 in this case if AFs other than AF_INET
1273  * are compiled because act is empty here.
1274  * could use getsockname() to support later remote_len check
1275  */
1276  socklen_t remote_len_af = af_addr_size(act->dest.addr.sa.sa_family);
1277  socklen_t remote_len = sizeof(act->dest.addr);
1278  socket_descriptor_t new_sd = SOCKET_UNDEFINED;
1279 
1280  CLEAR(*act);
1281 
1282  if (nowait)
1283  {
1284  new_sd = getpeername(sd, &act->dest.addr.sa, &remote_len);
1285 
1286  if (!socket_defined(new_sd))
1287  {
1288  msg(D_LINK_ERRORS | M_ERRNO, "TCP: getpeername() failed");
1289  }
1290  else
1291  {
1292  new_sd = sd;
1293  }
1294  }
1295  else
1296  {
1297  new_sd = accept(sd, &act->dest.addr.sa, &remote_len);
1298  }
1299 
1300 #if 0 /* For debugging only, test the effect of accept() failures */
1301  {
1302  static int foo = 0;
1303  ++foo;
1304  if (foo & 1)
1305  {
1306  new_sd = -1;
1307  }
1308  }
1309 #endif
1310 
1311  if (!socket_defined(new_sd))
1312  {
1313  msg(D_LINK_ERRORS | M_ERRNO, "TCP: accept(%d) failed", (int)sd);
1314  }
1315  /* only valid if we have remote_len_af!=0 */
1316  else if (remote_len_af && remote_len != remote_len_af)
1317  {
1318  msg(D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len);
1319  openvpn_close_socket(new_sd);
1320  new_sd = SOCKET_UNDEFINED;
1321  }
1322  else
1323  {
1324  /* set socket file descriptor to not pass across execs, so that
1325  * scripts don't have access to it */
1326  set_cloexec(sd);
1327  }
1328  return new_sd;
1329 }
1330 
1331 static void
1332 tcp_connection_established(const struct link_socket_actual *act)
1333 {
1334  struct gc_arena gc = gc_new();
1335  msg(M_INFO, "TCP connection established with %s",
1336  print_link_socket_actual(act, &gc));
1337  gc_free(&gc);
1338 }
1339 
1340 static socket_descriptor_t
1341 socket_listen_accept(socket_descriptor_t sd,
1342  struct link_socket_actual *act,
1343  const char *remote_dynamic,
1344  const struct addrinfo *local,
1345  bool do_listen,
1346  bool nowait,
1347  volatile int *signal_received)
1348 {
1349  struct gc_arena gc = gc_new();
1350  /* struct openvpn_sockaddr *remote = &act->dest; */
1351  struct openvpn_sockaddr remote_verify = act->dest;
1352  socket_descriptor_t new_sd = SOCKET_UNDEFINED;
1353 
1354  CLEAR(*act);
1355  socket_do_listen(sd, local, do_listen, true);
1356 
1357  while (true)
1358  {
1359  int status;
1360  fd_set reads;
1361  struct timeval tv;
1362 
1363  FD_ZERO(&reads);
1364  openvpn_fd_set(sd, &reads);
1365  tv.tv_sec = 0;
1366  tv.tv_usec = 0;
1367 
1368  status = select(sd + 1, &reads, NULL, NULL, &tv);
1369 
1370  get_signal(signal_received);
1371  if (*signal_received)
1372  {
1373  gc_free(&gc);
1374  return sd;
1375  }
1376 
1377  if (status < 0)
1378  {
1379  msg(D_LINK_ERRORS | M_ERRNO, "TCP: select() failed");
1380  }
1381 
1382  if (status <= 0)
1383  {
1384  management_sleep(1);
1385  continue;
1386  }
1387 
1388  new_sd = socket_do_accept(sd, act, nowait);
1389 
1390  if (socket_defined(new_sd))
1391  {
1392  struct addrinfo *ai = NULL;
1393  if (remote_dynamic)
1394  {
1395  openvpn_getaddrinfo(0, remote_dynamic, NULL, 1, NULL,
1396  remote_verify.addr.sa.sa_family, &ai);
1397  }
1398 
1399  if (ai && !addrlist_match(&remote_verify, ai))
1400  {
1401  msg(M_WARN,
1402  "TCP NOTE: Rejected connection attempt from %s due to --remote setting",
1403  print_link_socket_actual(act, &gc));
1404  if (openvpn_close_socket(new_sd))
1405  {
1406  msg(M_ERR, "TCP: close socket failed (new_sd)");
1407  }
1408  freeaddrinfo(ai);
1409  }
1410  else
1411  {
1412  if (ai)
1413  {
1414  freeaddrinfo(ai);
1415  }
1416  break;
1417  }
1418  }
1419  management_sleep(1);
1420  }
1421 
1422  if (!nowait && openvpn_close_socket(sd))
1423  {
1424  msg(M_ERR, "TCP: close socket failed (sd)");
1425  }
1426 
1427  tcp_connection_established(act);
1428 
1429  gc_free(&gc);
1430  return new_sd;
1431 }
1432 
1433 void
1434 socket_bind(socket_descriptor_t sd,
1435  struct addrinfo *local,
1436  int ai_family,
1437  const char *prefix,
1438  bool ipv6only)
1439 {
1440  struct gc_arena gc = gc_new();
1441 
1442  /* FIXME (schwabe)
1443  * getaddrinfo for the bind address might return multiple AF_INET/AF_INET6
1444  * entries for the requested protocol.
1445  * For example if an address has multiple A records
1446  * What is the correct way to deal with it?
1447  */
1448 
1449  struct addrinfo *cur;
1450 
1451  ASSERT(local);
1452 
1453 
1454  /* find the first addrinfo with correct ai_family */
1455  for (cur = local; cur; cur = cur->ai_next)
1456  {
1457  if (cur->ai_family == ai_family)
1458  {
1459  break;
1460  }
1461  }
1462  if (!cur)
1463  {
1464  msg(M_FATAL, "%s: Socket bind failed: Addr to bind has no %s record",
1465  prefix, addr_family_name(ai_family));
1466  }
1467 
1468  if (ai_family == AF_INET6)
1469  {
1470  int v6only = ipv6only ? 1 : 0; /* setsockopt must have an "int" */
1471 
1472  msg(M_INFO, "setsockopt(IPV6_V6ONLY=%d)", v6only);
1473  if (setsockopt(sd, IPPROTO_IPV6, IPV6_V6ONLY, (void *) &v6only, sizeof(v6only)))
1474  {
1475  msg(M_NONFATAL|M_ERRNO, "Setting IPV6_V6ONLY=%d failed", v6only);
1476  }
1477  }
1478  if (bind(sd, cur->ai_addr, cur->ai_addrlen))
1479  {
1480  msg(M_FATAL | M_ERRNO, "%s: Socket bind failed on local address %s",
1481  prefix,
1482  print_sockaddr_ex(local->ai_addr, ":", PS_SHOW_PORT, &gc));
1483  }
1484  gc_free(&gc);
1485 }
1486 
1487 int
1488 openvpn_connect(socket_descriptor_t sd,
1489  const struct sockaddr *remote,
1490  int connect_timeout,
1491  volatile int *signal_received)
1492 {
1493  int status = 0;
1494 
1495 #ifdef TARGET_ANDROID
1496  protect_fd_nonlocal(sd, remote);
1497 #endif
1498  set_nonblock(sd);
1499  status = connect(sd, remote, af_addr_size(remote->sa_family));
1500  if (status)
1501  {
1502  status = openvpn_errno();
1503  }
1504  if (
1505 #ifdef _WIN32
1506  status == WSAEWOULDBLOCK
1507 #else
1508  status == EINPROGRESS
1509 #endif
1510  )
1511  {
1512  while (true)
1513  {
1514 #if POLL
1515  struct pollfd fds[1];
1516  fds[0].fd = sd;
1517  fds[0].events = POLLOUT;
1518  status = poll(fds, 1, (connect_timeout > 0) ? 1000 : 0);
1519 #else
1520  fd_set writes;
1521  struct timeval tv;
1522 
1523  FD_ZERO(&writes);
1524  openvpn_fd_set(sd, &writes);
1525  tv.tv_sec = (connect_timeout > 0) ? 1 : 0;
1526  tv.tv_usec = 0;
1527 
1528  status = select(sd + 1, NULL, &writes, NULL, &tv);
1529 #endif
1530  if (signal_received)
1531  {
1532  get_signal(signal_received);
1533  if (*signal_received)
1534  {
1535  status = 0;
1536  break;
1537  }
1538  }
1539  if (status < 0)
1540  {
1541  status = openvpn_errno();
1542  break;
1543  }
1544  if (status <= 0)
1545  {
1546  if (--connect_timeout < 0)
1547  {
1548 #ifdef _WIN32
1549  status = WSAETIMEDOUT;
1550 #else
1551  status = ETIMEDOUT;
1552 #endif
1553  break;
1554  }
1555  management_sleep(0);
1556  continue;
1557  }
1558 
1559  /* got it */
1560  {
1561  int val = 0;
1562  socklen_t len;
1563 
1564  len = sizeof(val);
1565  if (getsockopt(sd, SOL_SOCKET, SO_ERROR, (void *) &val, &len) == 0
1566  && len == sizeof(val))
1567  {
1568  status = val;
1569  }
1570  else
1571  {
1572  status = openvpn_errno();
1573  }
1574  break;
1575  }
1576  }
1577  }
1578 
1579  return status;
1580 }
1581 
1582 void
1583 set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
1584 {
1585  CLEAR(*actual);
1586  ASSERT(ai);
1587 
1588  if (ai->ai_family == AF_INET)
1589  {
1590  actual->dest.addr.in4 =
1591  *((struct sockaddr_in *) ai->ai_addr);
1592  }
1593  else if (ai->ai_family == AF_INET6)
1594  {
1595  actual->dest.addr.in6 =
1596  *((struct sockaddr_in6 *) ai->ai_addr);
1597  }
1598  else
1599  {
1600  ASSERT(0);
1601  }
1602 
1603 }
1604 
1605 static void
1606 socket_connect(socket_descriptor_t *sd,
1607  const struct sockaddr *dest,
1608  const int connect_timeout,
1609  struct signal_info *sig_info)
1610 {
1611  struct gc_arena gc = gc_new();
1612  int status;
1613 
1614  msg(M_INFO, "Attempting to establish TCP connection with %s",
1615  print_sockaddr(dest, &gc));
1616 
1617 #ifdef ENABLE_MANAGEMENT
1618  if (management)
1619  {
1620  management_set_state(management,
1621  OPENVPN_STATE_TCP_CONNECT,
1622  NULL,
1623  NULL,
1624  NULL,
1625  NULL,
1626  NULL);
1627  }
1628 #endif
1629 
1630  /* Set the actual address */
1631  status = openvpn_connect(*sd, dest, connect_timeout, &sig_info->signal_received);
1632 
1633  get_signal(&sig_info->signal_received);
1634  if (sig_info->signal_received)
1635  {
1636  goto done;
1637  }
1638 
1639  if (status)
1640  {
1641 
1642  msg(D_LINK_ERRORS, "TCP: connect to %s failed: %s",
1643  print_sockaddr(dest, &gc), strerror(status));
1644 
1645  openvpn_close_socket(*sd);
1646  *sd = SOCKET_UNDEFINED;
1647  register_signal(sig_info, SIGUSR1, "connection-failed");
1648  }
1649  else
1650  {
1651  msg(M_INFO, "TCP connection established with %s",
1652  print_sockaddr(dest, &gc));
1653  }
1654 
1655 done:
1656  gc_free(&gc);
1657 }
1658 
1659 /*
1660  * Stream buffer handling prototypes -- stream_buf is a helper class
1661  * to assist in the packetization of stream transport protocols
1662  * such as TCP.
1663  */
1664 
1665 static void
1666 stream_buf_init(struct stream_buf *sb, struct buffer *buf,
1667  const unsigned int sockflags, const int proto);
1668 
1669 static void
1670 stream_buf_close(struct stream_buf *sb);
1671 
1672 static bool
1673 stream_buf_added(struct stream_buf *sb, int length_added);
1674 
1675 /* For stream protocols, allocate a buffer to build up packet.
1676  * Called after frame has been finalized. */
1677 
1678 static void
1679 socket_frame_init(const struct frame *frame, struct link_socket *sock)
1680 {
1681 #ifdef _WIN32
1682  overlapped_io_init(&sock->reads, frame, FALSE);
1683  overlapped_io_init(&sock->writes, frame, TRUE);
1684  sock->rw_handle.read = sock->reads.overlapped.hEvent;
1685  sock->rw_handle.write = sock->writes.overlapped.hEvent;
1686 #endif
1687 
1688  if (link_socket_connection_oriented(sock))
1689  {
1690 #ifdef _WIN32
1691  stream_buf_init(&sock->stream_buf,
1692  &sock->reads.buf_init,
1693  sock->sockflags,
1694  sock->info.proto);
1695 #else
1696  alloc_buf_sock_tun(&sock->stream_buf_data, frame);
1697 
1698  stream_buf_init(&sock->stream_buf,
1699  &sock->stream_buf_data,
1700  sock->sockflags,
1701  sock->info.proto);
1702 #endif
1703  }
1704 }
1705 
1706 static void
1707 resolve_bind_local(struct link_socket *sock, const sa_family_t af)
1708 {
1709  struct gc_arena gc = gc_new();
1710 
1711  /* resolve local address if undefined */
1712  if (!sock->info.lsa->bind_local)
1713  {
1714  int flags = GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL
1715  |GETADDR_FATAL | GETADDR_PASSIVE;
1716  int status;
1717 
1718  if (proto_is_dgram(sock->info.proto))
1719  {
1720  flags |= GETADDR_DATAGRAM;
1721  }
1722 
1723  /* will return AF_{INET|INET6}from local_host */
1724  status = get_cached_dns_entry(sock->dns_cache,
1725  sock->local_host,
1726  sock->local_port,
1727  af,
1728  flags,
1729  &sock->info.lsa->bind_local);
1730 
1731  if (status)
1732  {
1733  status = openvpn_getaddrinfo(flags, sock->local_host, sock->local_port, 0,
1734  NULL, af, &sock->info.lsa->bind_local);
1735  }
1736 
1737  if (status !=0)
1738  {
1739  msg(M_FATAL, "getaddrinfo() failed for local \"%s:%s\": %s",
1740  sock->local_host, sock->local_port,
1741  gai_strerror(status));
1742  }
1743 
1744  /* the resolved 'local entry' might have a different family than what
1745  * was globally configured */
1746  sock->info.af = sock->info.lsa->bind_local->ai_family;
1747  }
1748 
1749  gc_free(&gc);
1750 }
1751 
1752 static void
1753 resolve_remote(struct link_socket *sock,
1754  int phase,
1755  const char **remote_dynamic,
1756  struct signal_info *sig_info)
1757 {
1758  volatile int *signal_received = sig_info ? &sig_info->signal_received : NULL;
1759  struct gc_arena gc = gc_new();
1760 
1761  /* resolve remote address if undefined */
1762  if (!sock->info.lsa->remote_list)
1763  {
1764  if (sock->remote_host)
1765  {
1766  unsigned int flags = sf2gaf(GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE, sock->sockflags);
1767  int retry = 0;
1768  int status = -1;
1769  struct addrinfo *ai;
1770  if (proto_is_dgram(sock->info.proto))
1771  {
1772  flags |= GETADDR_DATAGRAM;
1773  }
1774 
1775  if (sock->resolve_retry_seconds == RESOLV_RETRY_INFINITE)
1776  {
1777  if (phase == 2)
1778  {
1779  flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL);
1780  }
1781  retry = 0;
1782  }
1783  else if (phase == 1)
1784  {
1785  if (sock->resolve_retry_seconds)
1786  {
1787  retry = 0;
1788  }
1789  else
1790  {
1791  flags |= (GETADDR_FATAL | GETADDR_MENTION_RESOLVE_RETRY);
1792  retry = 0;
1793  }
1794  }
1795  else if (phase == 2)
1796  {
1797  if (sock->resolve_retry_seconds)
1798  {
1799  flags |= GETADDR_FATAL;
1800  retry = sock->resolve_retry_seconds;
1801  }
1802  else
1803  {
1804  ASSERT(0);
1805  }
1806  }
1807  else
1808  {
1809  ASSERT(0);
1810  }
1811 
1812 
1813  status = get_cached_dns_entry(sock->dns_cache,
1814  sock->remote_host,
1815  sock->remote_port,
1816  sock->info.af,
1817  flags, &ai);
1818  if (status)
1819  {
1820  status = openvpn_getaddrinfo(flags, sock->remote_host, sock->remote_port,
1821  retry, sig_info, sock->info.af, &ai);
1822  }
1823 
1824  if (status == 0)
1825  {
1826  sock->info.lsa->remote_list = ai;
1827  sock->info.lsa->current_remote = ai;
1828 
1829  dmsg(D_SOCKET_DEBUG,
1830  "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d",
1831  flags,
1832  phase,
1833  retry,
1834  signal_received ? *signal_received : -1,
1835  status);
1836  }
1837  if (signal_received && *signal_received)
1838  {
1839  goto done;
1840  }
1841  if (status!=0)
1842  {
1843  if (signal_received)
1844  {
1845  /* potential overwrite of signal */
1846  register_signal(sig_info, SIGUSR1, "socks-resolve-failure");
1847  }
1848  goto done;
1849  }
1850  }
1851  }
1852 
1853  /* should we re-use previous active remote address? */
1854  if (link_socket_actual_defined(&sock->info.lsa->actual))
1855  {
1856  msg(M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
1857  print_link_socket_actual(&sock->info.lsa->actual, &gc));
1858  if (remote_dynamic)
1859  {
1860  *remote_dynamic = NULL;
1861  }
1862  }
1863  else
1864  {
1865  CLEAR(sock->info.lsa->actual);
1866  if (sock->info.lsa->current_remote)
1867  {
1868  set_actual_address(&sock->info.lsa->actual,
1869  sock->info.lsa->current_remote);
1870  }
1871  }
1872 
1873 done:
1874  gc_free(&gc);
1875 }
1876 
1877 
1878 
1879 struct link_socket *
1880 link_socket_new(void)
1881 {
1882  struct link_socket *sock;
1883 
1884  ALLOC_OBJ_CLEAR(sock, struct link_socket);
1885  sock->sd = SOCKET_UNDEFINED;
1886  sock->ctrl_sd = SOCKET_UNDEFINED;
1887  sock->ev_arg.type = EVENT_ARG_LINK_SOCKET;
1888  sock->ev_arg.u.sock = sock;
1889 
1890  return sock;
1891 }
1892 
1893 void
1894 link_socket_init_phase1(struct context *c, int sock_index, int mode)
1895 {
1896  struct link_socket *sock = c->c2.link_sockets[sock_index];
1897  struct options *o = &c->options;
1898  ASSERT(sock);
1899 
1900  const char *host = o->ce.local_list->array[sock_index]->local;
1901  const char *port = o->ce.local_list->array[sock_index]->port;
1902  int proto = o->ce.local_list->array[sock_index]->proto;
1903  const char *remote_host = o->ce.remote;
1904  const char *remote_port = o->ce.remote_port;
1905 
1906  if (c->mode == CM_CHILD_TCP || c->mode == CM_CHILD_UDP)
1907  {
1908  struct link_socket *tmp_sock = NULL;
1909  if (c->mode == CM_CHILD_TCP)
1910  {
1911  tmp_sock = (struct link_socket *)c->c2.accept_from;
1912  }
1913  else if (c->mode == CM_CHILD_UDP)
1914  {
1915  tmp_sock = c->c2.link_sockets[0];
1916  }
1917 
1918  host = tmp_sock->local_host;
1919  port = tmp_sock->local_port;
1920  proto = tmp_sock->info.proto;
1921  }
1922 
1923  sock->local_host = host;
1924  sock->local_port = port;
1925  sock->remote_host = remote_host;
1926  sock->remote_port = remote_port;
1927  sock->dns_cache = c->c1.dns_cache;
1928  sock->http_proxy = c->c1.http_proxy;
1929  sock->socks_proxy = c->c1.socks_proxy;
1930  sock->bind_local = o->ce.bind_local;
1931  sock->resolve_retry_seconds = o->resolve_retry_seconds;
1932  sock->mtu_discover_type = o->ce.mtu_discover_type;
1933 
1934 #ifdef ENABLE_DEBUG
1935  sock->gremlin = o->gremlin;
1936 #endif
1937 
1938  sock->socket_buffer_sizes.rcvbuf = o->rcvbuf;
1939  sock->socket_buffer_sizes.sndbuf = o->sndbuf;
1940 
1941  sock->sockflags = o->sockflags;
1942 
1943 #if PORT_SHARE
1944  if (o->port_share_host && o->port_share_port)
1945  {
1946  sock->sockflags |= SF_PORT_SHARE;
1947  }
1948 #endif
1949 
1950  sock->mark = o->mark;
1951  sock->bind_dev = o->bind_dev;
1952  sock->info.proto = proto;
1953  sock->info.af = o->ce.af;
1954  sock->info.remote_float = o->ce.remote_float;
1955  sock->info.lsa = &c->c1.link_socket_addrs[sock_index];
1956  sock->info.bind_ipv6_only = o->ce.bind_ipv6_only;
1957  sock->info.ipchange_command = o->ipchange;
1958  sock->info.plugins = c->plugins;
1959  sock->server_poll_timeout = &c->c2.server_poll_interval;
1960 
1961  sock->mode = mode;
1962  if (mode == LS_MODE_TCP_ACCEPT_FROM)
1963  {
1964  ASSERT(c->c2.accept_from);
1965  ASSERT(sock->info.proto == PROTO_TCP_SERVER);
1966  sock->sd = c->c2.accept_from->sd;
1967  /* inherit (possibly guessed) info AF from parent context */
1968  sock->info.af = c->c2.accept_from->info.af;
1969  }
1970 
1971  /* are we running in HTTP proxy mode? */
1972  if (sock->http_proxy)
1973  {
1974  ASSERT(sock->info.proto == PROTO_TCP_CLIENT);
1975 
1976  /* the proxy server */
1977  sock->remote_host = c->c1.http_proxy->options.server;
1978  sock->remote_port = c->c1.http_proxy->options.port;
1979 
1980  /* the OpenVPN server we will use the proxy to connect to */
1981  sock->proxy_dest_host = remote_host;
1982  sock->proxy_dest_port = remote_port;
1983  }
1984  /* or in Socks proxy mode? */
1985  else if (sock->socks_proxy)
1986  {
1987  /* the proxy server */
1988  sock->remote_host = c->c1.socks_proxy->server;
1989  sock->remote_port = c->c1.socks_proxy->port;
1990 
1991  /* the OpenVPN server we will use the proxy to connect to */
1992  sock->proxy_dest_host = remote_host;
1993  sock->proxy_dest_port = remote_port;
1994  }
1995  else
1996  {
1997  sock->remote_host = remote_host;
1998  sock->remote_port = remote_port;
1999  }
2000 
2001  /* bind behavior for TCP server vs. client */
2002  if (sock->info.proto == PROTO_TCP_SERVER)
2003  {
2004  if (sock->mode == LS_MODE_TCP_ACCEPT_FROM)
2005  {
2006  sock->bind_local = false;
2007  }
2008  else
2009  {
2010  sock->bind_local = true;
2011  }
2012  }
2013 
2014  if (mode != LS_MODE_TCP_ACCEPT_FROM)
2015  {
2016  if (sock->bind_local)
2017  {
2018  resolve_bind_local(sock, sock->info.af);
2019  }
2020  resolve_remote(sock, 1, NULL, NULL);
2021  }
2022 }
2023 
2024 static void
2025 phase2_set_socket_flags(struct link_socket *sock)
2026 {
2027  /* set misc socket parameters */
2028  socket_set_flags(sock->sd, sock->sockflags);
2029 
2030  /* set socket to non-blocking mode */
2031  set_nonblock(sock->sd);
2032 
2033  /* set Path MTU discovery options on the socket */
2034  set_mtu_discover_type(sock->sd, sock->mtu_discover_type, sock->info.af);
2035 
2036 #if EXTENDED_SOCKET_ERROR_CAPABILITY
2037  /* if the OS supports it, enable extended error passing on the socket */
2038  set_sock_extended_error_passing(sock->sd, sock->info.af);
2039 #endif
2040 }
2041 
2042 
2043 static void
2044 linksock_print_addr(struct link_socket *sock)
2045 {
2046  struct gc_arena gc = gc_new();
2047  const int msglevel = (sock->mode == LS_MODE_TCP_ACCEPT_FROM) ? D_INIT_MEDIUM : M_INFO;
2048 
2049  /* print local address */
2050  if (sock->bind_local)
2051  {
2052  sa_family_t ai_family = sock->info.lsa->actual.dest.addr.sa.sa_family;
2053  /* Socket is always bound on the first matching address,
2054  * For bound sockets with no remote addr this is the element of
2055  * the list */
2056  struct addrinfo *cur;
2057  for (cur = sock->info.lsa->bind_local; cur; cur = cur->ai_next)
2058  {
2059  if (!ai_family || ai_family == cur->ai_family)
2060  {
2061  break;
2062  }
2063  }
2064  ASSERT(cur);
2065  msg(msglevel, "%s link local (bound): %s",
2066  proto2ascii(sock->info.proto, sock->info.af, true),
2067  print_sockaddr(cur->ai_addr, &gc));
2068  }
2069  else
2070  {
2071  msg(msglevel, "%s link local: (not bound)",
2072  proto2ascii(sock->info.proto, sock->info.af, true));
2073  }
2074 
2075  /* print active remote address */
2076  msg(msglevel, "%s link remote: %s",
2077  proto2ascii(sock->info.proto, sock->info.af, true),
2078  print_link_socket_actual_ex(&sock->info.lsa->actual,
2079  ":",
2080  PS_SHOW_PORT_IF_DEFINED,
2081  &gc));
2082  gc_free(&gc);
2083 }
2084 
2085 static void
2086 phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic,
2087  struct signal_info *sig_info)
2088 {
2089  ASSERT(sig_info);
2090  volatile int *signal_received = &sig_info->signal_received;
2091  switch (sock->mode)
2092  {
2093  case LS_MODE_DEFAULT:
2094  sock->sd = socket_listen_accept(sock->sd,
2095  &sock->info.lsa->actual,
2096  remote_dynamic,
2097  sock->info.lsa->bind_local,
2098  true,
2099  false,
2100  signal_received);
2101  break;
2102 
2103  case LS_MODE_TCP_LISTEN:
2104  socket_do_listen(sock->sd,
2105  sock->info.lsa->bind_local,
2106  true,
2107  false);
2108  break;
2109 
2110  case LS_MODE_TCP_ACCEPT_FROM:
2111  sock->sd = socket_do_accept(sock->sd,
2112  &sock->info.lsa->actual,
2113  false);
2114  if (!socket_defined(sock->sd))
2115  {
2116  register_signal(sig_info, SIGTERM, "socket-undefined");
2117  return;
2118  }
2119  tcp_connection_established(&sock->info.lsa->actual);
2120  break;
2121 
2122  default:
2123  ASSERT(0);
2124  }
2125 }
2126 
2127 
2128 static void
2129 phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
2130 {
2131  bool proxy_retry = false;
2132  do
2133  {
2134  socket_connect(&sock->sd,
2135  sock->info.lsa->current_remote->ai_addr,
2136  get_server_poll_remaining_time(sock->server_poll_timeout),
2137  sig_info);
2138 
2139  if (sig_info->signal_received)
2140  {
2141  return;
2142  }
2143 
2144  if (sock->http_proxy)
2145  {
2146  proxy_retry = establish_http_proxy_passthru(sock->http_proxy,
2147  sock->sd,
2148  sock->proxy_dest_host,
2149  sock->proxy_dest_port,
2150  sock->server_poll_timeout,
2151  &sock->stream_buf.residual,
2152  sig_info);
2153  }
2154  else if (sock->socks_proxy)
2155  {
2156  establish_socks_proxy_passthru(sock->socks_proxy,
2157  sock->sd,
2158  sock->proxy_dest_host,
2159  sock->proxy_dest_port,
2160  sock->server_poll_timeout,
2161  sig_info);
2162  }
2163  if (proxy_retry)
2164  {
2165  openvpn_close_socket(sock->sd);
2166  sock->sd = create_socket_tcp(sock->info.lsa->current_remote);
2167  }
2168 
2169  } while (proxy_retry);
2170 
2171 }
2172 
2173 static void
2174 phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
2175 {
2176  socket_connect(&sock->ctrl_sd,
2177  sock->info.lsa->current_remote->ai_addr,
2178  get_server_poll_remaining_time(sock->server_poll_timeout),
2179  sig_info);
2180 
2181  if (sig_info->signal_received)
2182  {
2183  return;
2184  }
2185 
2186  establish_socks_proxy_udpassoc(sock->socks_proxy,
2187  sock->ctrl_sd,
2188  &sock->socks_relay.dest,
2189  sock->server_poll_timeout,
2190  sig_info);
2191 
2192  if (sig_info->signal_received)
2193  {
2194  return;
2195  }
2196 
2197  sock->remote_host = sock->proxy_dest_host;
2198  sock->remote_port = sock->proxy_dest_port;
2199 
2200  addr_zero_host(&sock->info.lsa->actual.dest);
2201  if (sock->info.lsa->remote_list)
2202  {
2203  freeaddrinfo(sock->info.lsa->remote_list);
2204  sock->info.lsa->current_remote = NULL;
2205  sock->info.lsa->remote_list = NULL;
2206  }
2207 
2208  resolve_remote(sock, 1, NULL, sig_info);
2209 }
2210 
2211 #if defined(_WIN32)
2212 static void
2213 create_socket_dco_win(struct context *c, struct link_socket *sock,
2214  struct signal_info *sig_info)
2215 {
2216  /* in P2P mode we must have remote resolved at this point */
2217  struct addrinfo *remoteaddr = sock->info.lsa->current_remote;
2218  if ((c->options.mode == MODE_POINT_TO_POINT) && (!remoteaddr))
2219  {
2220  return;
2221  }
2222 
2223  if (!c->c1.tuntap)
2224  {
2225  struct tuntap *tt;
2226  ALLOC_OBJ_CLEAR(tt, struct tuntap);
2227 
2228  tt->backend_driver = DRIVER_DCO;
2229 
2230  const char *device_guid = NULL; /* not used */
2231  tun_open_device(tt, c->options.dev_node, &device_guid, &c->gc);
2232 
2233  /* Ensure we can "safely" cast the handle to a socket */
2234  static_assert(sizeof(sock->sd) == sizeof(tt->hand), "HANDLE and SOCKET size differs");
2235 
2236  c->c1.tuntap = tt;
2237  }
2238 
2239  if (c->options.mode == MODE_SERVER)
2240  {
2241  dco_mp_start_vpn(c->c1.tuntap->hand, sock);
2242  }
2243  else
2244  {
2245  dco_p2p_new_peer(c->c1.tuntap->hand, sock, sig_info);
2246  }
2247  sock->sockflags |= SF_DCO_WIN;
2248 
2249  if (sig_info->signal_received)
2250  {
2251  return;
2252  }
2253 
2254  sock->sd = (SOCKET)c->c1.tuntap->hand;
2255  linksock_print_addr(sock);
2256 }
2257 #endif /* if defined(_WIN32) */
2258 
2259 /* finalize socket initialization */
2260 void
2261 link_socket_init_phase2(struct context *c,
2262  struct link_socket *sock)
2263 {
2264  const struct frame *frame = &c->c2.frame;
2265  struct signal_info *sig_info = c->sig;
2266 
2267  const char *remote_dynamic = NULL;
2268  struct signal_info sig_save = {0};
2269 
2270  ASSERT(sock);
2271  ASSERT(sig_info);
2272 
2273  if (sig_info->signal_received)
2274  {
2275  sig_save = *sig_info;
2276  sig_save.signal_received = signal_reset(sig_info, 0);
2277  }
2278 
2279  /* initialize buffers */
2280  socket_frame_init(frame, sock);
2281 
2282  /*
2283  * Pass a remote name to connect/accept so that
2284  * they can test for dynamic IP address changes
2285  * and throw a SIGUSR1 if appropriate.
2286  */
2287  if (sock->resolve_retry_seconds)
2288  {
2289  remote_dynamic = sock->remote_host;
2290  }
2291 
2292  /* Second chance to resolv/create socket */
2293  resolve_remote(sock, 2, &remote_dynamic, sig_info);
2294 
2295  /* If a valid remote has been found, create the socket with its addrinfo */
2296 #if defined(_WIN32)
2297  if (dco_enabled(&c->options))
2298  {
2299  create_socket_dco_win(c, sock, sig_info);
2300  goto done;
2301  }
2302 #endif
2303  if (sock->info.lsa->current_remote)
2304  {
2305  create_socket(sock, sock->info.lsa->current_remote);
2306  }
2307 
2308  /* If socket has not already been created create it now */
2309  if (sock->sd == SOCKET_UNDEFINED)
2310  {
2311  /* If we have no --remote and have still not figured out the
2312  * protocol family to use we will use the first of the bind */
2313 
2314  if (sock->bind_local && !sock->remote_host && sock->info.lsa->bind_local)
2315  {
2316  /* Warn if this is because neither v4 or v6 was specified
2317  * and we should not connect a remote */
2318  if (sock->info.af == AF_UNSPEC)
2319  {
2320  msg(M_WARN, "Could not determine IPv4/IPv6 protocol. Using %s",
2321  addr_family_name(sock->info.lsa->bind_local->ai_family));
2322  sock->info.af = sock->info.lsa->bind_local->ai_family;
2323  }
2324  create_socket(sock, sock->info.lsa->bind_local);
2325  }
2326  }
2327 
2328  /* Socket still undefined, give a warning and abort connection */
2329  if (sock->sd == SOCKET_UNDEFINED)
2330  {
2331  msg(M_WARN, "Could not determine IPv4/IPv6 protocol");
2332  register_signal(sig_info, SIGUSR1, "Could not determine IPv4/IPv6 protocol");
2333  goto done;
2334  }
2335 
2336  if (sig_info->signal_received)
2337  {
2338  goto done;
2339  }
2340 
2341  if (sock->info.proto == PROTO_TCP_SERVER)
2342  {
2343  phase2_tcp_server(sock, remote_dynamic, sig_info);
2344  }
2345  else if (sock->info.proto == PROTO_TCP_CLIENT)
2346  {
2347  phase2_tcp_client(sock, sig_info);
2348 
2349  }
2350  else if (sock->info.proto == PROTO_UDP && sock->socks_proxy)
2351  {
2352  phase2_socks_client(sock, sig_info);
2353  }
2354 #ifdef TARGET_ANDROID
2355  if (sock->sd != -1)
2356  {
2357  protect_fd_nonlocal(sock->sd, &sock->info.lsa->actual.dest.addr.sa);
2358  }
2359 #endif
2360  if (sig_info->signal_received)
2361  {
2362  goto done;
2363  }
2364 
2365  phase2_set_socket_flags(sock);
2366  linksock_print_addr(sock);
2367 
2368 done:
2369  if (sig_save.signal_received)
2370  {
2371  /* Always restore the saved signal -- register/throw_signal will handle priority */
2372  if (sig_save.source == SIG_SOURCE_HARD && sig_info == &siginfo_static)
2373  {
2374  throw_signal(sig_save.signal_received);
2375  }
2376  else
2377  {
2378  register_signal(sig_info, sig_save.signal_received, sig_save.signal_text);
2379  }
2380  }
2381 }
2382 
2383 void
2384 link_socket_close(struct link_socket *sock)
2385 {
2386  if (sock)
2387  {
2388 #ifdef ENABLE_DEBUG
2389  const int gremlin = GREMLIN_CONNECTION_FLOOD_LEVEL(sock->gremlin);
2390 #else
2391  const int gremlin = 0;
2392 #endif
2393 
2394  if (socket_defined(sock->sd))
2395  {
2396 #ifdef _WIN32
2397  close_net_event_win32(&sock->listen_handle, sock->sd, 0);
2398 #endif
2399  if (!gremlin)
2400  {
2401  msg(D_LOW, "TCP/UDP: Closing socket");
2402  if (openvpn_close_socket(sock->sd))
2403  {
2404  msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket failed");
2405  }
2406  }
2407  sock->sd = SOCKET_UNDEFINED;
2408 #ifdef _WIN32
2409  if (!gremlin)
2410  {
2411  overlapped_io_close(&sock->reads);
2412  overlapped_io_close(&sock->writes);
2413  }
2414 #endif
2415  }
2416 
2417  if (socket_defined(sock->ctrl_sd))
2418  {
2419  if (openvpn_close_socket(sock->ctrl_sd))
2420  {
2421  msg(M_WARN | M_ERRNO, "TCP/UDP: Close Socket (ctrl_sd) failed");
2422  }
2423  sock->ctrl_sd = SOCKET_UNDEFINED;
2424  }
2425 
2426  stream_buf_close(&sock->stream_buf);
2427  free_buf(&sock->stream_buf_data);
2428  if (!gremlin)
2429  {
2430  free(sock);
2431  }
2432  }
2433 }
2434 
2435 void
2436 setenv_trusted(struct env_set *es, const struct link_socket_info *info)
2437 {
2438  setenv_link_socket_actual(es, "trusted", &info->lsa->actual, SA_IP_PORT);
2439 }
2440 
2441 static void
2442 ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
2443 {
2444  const char *host = print_sockaddr_ex(&info->lsa->actual.dest.addr.sa, " ", PS_SHOW_PORT, gc);
2445  if (include_cmd)
2446  {
2447  argv_parse_cmd(argv, info->ipchange_command);
2448  argv_printf_cat(argv, "%s", host);
2449  }
2450  else
2451  {
2452  argv_printf(argv, "%s", host);
2453  }
2454 
2455 }
2456 
2457 void
2458 link_socket_connection_initiated(struct link_socket_info *info,
2459  const struct link_socket_actual *act,
2460  const char *common_name,
2461  struct env_set *es)
2462 {
2463  struct gc_arena gc = gc_new();
2464 
2465  info->lsa->actual = *act; /* Note: skip this line for --force-dest */
2466  setenv_trusted(es, info);
2467  info->connection_established = true;
2468 
2469  /* Print connection initiated message, with common name if available */
2470  {
2471  struct buffer out = alloc_buf_gc(256, &gc);
2472  if (common_name)
2473  {
2474  buf_printf(&out, "[%s] ", common_name);
2475  }
2476  buf_printf(&out, "Peer Connection Initiated with %s", print_link_socket_actual(&info->lsa->actual, &gc));
2477  msg(M_INFO, "%s", BSTR(&out));
2478  }
2479 
2480  /* set environmental vars */
2481  setenv_str(es, "common_name", common_name);
2482 
2483  /* Process --ipchange plugin */
2484  if (plugin_defined(info->plugins, OPENVPN_PLUGIN_IPCHANGE))
2485  {
2486  struct argv argv = argv_new();
2487  ipchange_fmt(false, &argv, info, &gc);
2488  if (plugin_call(info->plugins, OPENVPN_PLUGIN_IPCHANGE, &argv, NULL, es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
2489  {
2490  msg(M_WARN, "WARNING: ipchange plugin call failed");
2491  }
2492  argv_free(&argv);
2493  }
2494 
2495  /* Process --ipchange option */
2496  if (info->ipchange_command)
2497  {
2498  struct argv argv = argv_new();
2499  setenv_str(es, "script_type", "ipchange");
2500  ipchange_fmt(true, &argv, info, &gc);
2501  openvpn_run_script(&argv, es, 0, "--ipchange");
2502  argv_free(&argv);
2503  }
2504 
2505  gc_free(&gc);
2506 }
2507 
2508 void
2509 link_socket_bad_incoming_addr(struct buffer *buf,
2510  const struct link_socket_info *info,
2511  const struct link_socket_actual *from_addr)
2512 {
2513  struct gc_arena gc = gc_new();
2514  struct addrinfo *ai;
2515 
2516  switch (from_addr->dest.addr.sa.sa_family)
2517  {
2518  case AF_INET:
2519  case AF_INET6:
2520  msg(D_LINK_ERRORS,
2521  "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
2522  print_link_socket_actual(from_addr, &gc),
2523  (int)from_addr->dest.addr.sa.sa_family,
2524  print_sockaddr_ex(info->lsa->remote_list->ai_addr, ":", PS_SHOW_PORT, &gc));
2525  /* print additional remote addresses */
2526  for (ai = info->lsa->remote_list->ai_next; ai; ai = ai->ai_next)
2527  {
2528  msg(D_LINK_ERRORS, "or from peer address: %s",
2529  print_sockaddr_ex(ai->ai_addr, ":", PS_SHOW_PORT, &gc));
2530  }
2531  break;
2532  }
2533  buf->len = 0;
2534  gc_free(&gc);
2535 }
2536 
2537 void
2538 link_socket_bad_outgoing_addr(void)
2539 {
2540  dmsg(D_READ_WRITE, "TCP/UDP: No outgoing address to send packet");
2541 }
2542 
2543 in_addr_t
2544 link_socket_current_remote(const struct link_socket_info *info)
2545 {
2546  const struct link_socket_addr *lsa = info->lsa;
2547 
2548 /*
2549  * This logic supports "redirect-gateway" semantic, which
2550  * makes sense only for PF_INET routes over PF_INET endpoints
2551  *
2552  * Maybe in the future consider PF_INET6 endpoints also ...
2553  * by now just ignore it
2554  *
2555  * For --remote entries with multiple addresses this
2556  * only return the actual endpoint we have successfully connected to
2557  */
2558  if (lsa->actual.dest.addr.sa.sa_family != AF_INET)
2559  {
2560  return IPV4_INVALID_ADDR;
2561  }
2562 
2563  if (link_socket_actual_defined(&lsa->actual))
2564  {
2565  return ntohl(lsa->actual.dest.addr.in4.sin_addr.s_addr);
2566  }
2567  else if (lsa->current_remote)
2568  {
2569  return ntohl(((struct sockaddr_in *)lsa->current_remote->ai_addr)
2570  ->sin_addr.s_addr);
2571  }
2572  else
2573  {
2574  return 0;
2575  }
2576 }
2577 
2578 const struct in6_addr *
2579 link_socket_current_remote_ipv6(const struct link_socket_info *info)
2580 {
2581  const struct link_socket_addr *lsa = info->lsa;
2582 
2583 /* This logic supports "redirect-gateway" semantic,
2584  * for PF_INET6 routes over PF_INET6 endpoints
2585  *
2586  * For --remote entries with multiple addresses this
2587  * only return the actual endpoint we have successfully connected to
2588  */
2589  if (lsa->actual.dest.addr.sa.sa_family != AF_INET6)
2590  {
2591  return NULL;
2592  }
2593 
2594  if (link_socket_actual_defined(&lsa->actual))
2595  {
2596  return &(lsa->actual.dest.addr.in6.sin6_addr);
2597  }
2598  else if (lsa->current_remote)
2599  {
2600  return &(((struct sockaddr_in6 *)lsa->current_remote->ai_addr)->sin6_addr);
2601  }
2602  else
2603  {
2604  return NULL;
2605  }
2606 }
2607 
2608 /*
2609  * Return a status string describing socket state.
2610  */
2611 const char *
2612 socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
2613 {
2614  struct buffer out = alloc_buf_gc(64, gc);
2615  if (s)
2616  {
2617  if (rwflags & EVENT_READ)
2618  {
2619  buf_printf(&out, "S%s",
2620  (s->rwflags_debug & EVENT_READ) ? "R" : "r");
2621 #ifdef _WIN32
2622  buf_printf(&out, "%s",
2623  overlapped_io_state_ascii(&s->reads));
2624 #endif
2625  }
2626  if (rwflags & EVENT_WRITE)
2627  {
2628  buf_printf(&out, "S%s",
2629  (s->rwflags_debug & EVENT_WRITE) ? "W" : "w");
2630 #ifdef _WIN32
2631  buf_printf(&out, "%s",
2632  overlapped_io_state_ascii(&s->writes));
2633 #endif
2634  }
2635  }
2636  else
2637  {
2638  buf_printf(&out, "S?");
2639  }
2640  return BSTR(&out);
2641 }
2642 
2643 /*
2644  * Stream buffer functions, used to packetize a TCP
2645  * stream connection.
2646  */
2647 
2648 static inline void
2649 stream_buf_reset(struct stream_buf *sb)
2650 {
2651  dmsg(D_STREAM_DEBUG, "STREAM: RESET");
2652  sb->residual_fully_formed = false;
2653  sb->buf = sb->buf_init;
2654  buf_reset(&sb->next);
2655  sb->len = -1;
2656 }
2657 
2658 static void
2659 stream_buf_init(struct stream_buf *sb,
2660  struct buffer *buf,
2661  const unsigned int sockflags,
2662  const int proto)
2663 {
2664  sb->buf_init = *buf;
2665  sb->maxlen = sb->buf_init.len;
2666  sb->buf_init.len = 0;
2667  sb->residual = alloc_buf(sb->maxlen);
2668  sb->error = false;
2669 #if PORT_SHARE
2670  sb->port_share_state = ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCP_SERVER))
2671  ? PS_ENABLED
2672  : PS_DISABLED;
2673 #endif
2674  stream_buf_reset(sb);
2675 
2676  dmsg(D_STREAM_DEBUG, "STREAM: INIT maxlen=%d", sb->maxlen);
2677 }
2678 
2679 static inline void
2680 stream_buf_set_next(struct stream_buf *sb)
2681 {
2682  /* set up 'next' for next i/o read */
2683  sb->next = sb->buf;
2684  sb->next.offset = sb->buf.offset + sb->buf.len;
2685  sb->next.len = (sb->len >= 0 ? sb->len : sb->maxlen) - sb->buf.len;
2686  dmsg(D_STREAM_DEBUG, "STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%d",
2687  sb->buf.offset, sb->buf.len,
2688  sb->next.offset, sb->next.len,
2689  sb->len, sb->maxlen);
2690  ASSERT(sb->next.len > 0);
2691  ASSERT(buf_safe(&sb->buf, sb->next.len));
2692 }
2693 
2694 static inline void
2695 stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
2696 {
2697  dmsg(D_STREAM_DEBUG, "STREAM: GET FINAL len=%d",
2698  buf_defined(&sb->buf) ? sb->buf.len : -1);
2699  ASSERT(buf_defined(&sb->buf));
2700  *buf = sb->buf;
2701 }
2702 
2703 static inline void
2704 stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
2705 {
2706  dmsg(D_STREAM_DEBUG, "STREAM: GET NEXT len=%d",
2707  buf_defined(&sb->next) ? sb->next.len : -1);
2708  ASSERT(buf_defined(&sb->next));
2709  *buf = sb->next;
2710 }
2711 
2712 bool
2713 stream_buf_read_setup_dowork(struct link_socket *sock)
2714 {
2715  if (sock->stream_buf.residual.len && !sock->stream_buf.residual_fully_formed)
2716  {
2717  ASSERT(buf_copy(&sock->stream_buf.buf, &sock->stream_buf.residual));
2718  ASSERT(buf_init(&sock->stream_buf.residual, 0));
2719  sock->stream_buf.residual_fully_formed = stream_buf_added(&sock->stream_buf, 0);
2720  dmsg(D_STREAM_DEBUG, "STREAM: RESIDUAL FULLY FORMED [%s], len=%d",
2721  sock->stream_buf.residual_fully_formed ? "YES" : "NO",
2722  sock->stream_buf.residual.len);
2723  }
2724 
2725  if (!sock->stream_buf.residual_fully_formed)
2726  {
2727  stream_buf_set_next(&sock->stream_buf);
2728  }
2729  return !sock->stream_buf.residual_fully_formed;
2730 }
2731 
2732 static bool
2733 stream_buf_added(struct stream_buf *sb,
2734  int length_added)
2735 {
2736  dmsg(D_STREAM_DEBUG, "STREAM: ADD length_added=%d", length_added);
2737  if (length_added > 0)
2738  {
2739  sb->buf.len += length_added;
2740  }
2741 
2742  /* if length unknown, see if we can get the length prefix from
2743  * the head of the buffer */
2744  if (sb->len < 0 && sb->buf.len >= (int) sizeof(packet_size_type))
2745  {
2746  packet_size_type net_size;
2747 
2748 #if PORT_SHARE
2749  if (sb->port_share_state == PS_ENABLED)
2750  {
2751  if (!is_openvpn_protocol(&sb->buf))
2752  {
2753  msg(D_STREAM_ERRORS, "Non-OpenVPN client protocol detected");
2754  sb->port_share_state = PS_FOREIGN;
2755  sb->error = true;
2756  return false;
2757  }
2758  else
2759  {
2760  sb->port_share_state = PS_DISABLED;
2761  }
2762  }
2763 #endif
2764 
2765  ASSERT(buf_read(&sb->buf, &net_size, sizeof(net_size)));
2766  sb->len = ntohps(net_size);
2767 
2768  if (sb->len < 1 || sb->len > sb->maxlen)
2769  {
2770  msg(M_WARN, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]", sb->len, sb->maxlen);
2771  stream_buf_reset(sb);
2772  sb->error = true;
2773  return false;
2774  }
2775  }
2776 
2777  /* is our incoming packet fully read? */
2778  if (sb->len > 0 && sb->buf.len >= sb->len)
2779  {
2780  /* save any residual data that's part of the next packet */
2781  ASSERT(buf_init(&sb->residual, 0));
2782  if (sb->buf.len > sb->len)
2783  {
2784  ASSERT(buf_copy_excess(&sb->residual, &sb->buf, sb->len));
2785  }
2786  dmsg(D_STREAM_DEBUG, "STREAM: ADD returned TRUE, buf_len=%d, residual_len=%d",
2787  BLEN(&sb->buf),
2788  BLEN(&sb->residual));
2789  return true;
2790  }
2791  else
2792  {
2793  dmsg(D_STREAM_DEBUG, "STREAM: ADD returned FALSE (have=%d need=%d)", sb->buf.len, sb->len);
2794  stream_buf_set_next(sb);
2795  return false;
2796  }
2797 }
2798 
2799 static void
2800 stream_buf_close(struct stream_buf *sb)
2801 {
2802  free_buf(&sb->residual);
2803 }
2804 
2805 /*
2806  * The listen event is a special event whose sole purpose is
2807  * to tell us that there's a new incoming connection on a
2808  * TCP socket, for use in server mode.
2809  */
2810 event_t
2811 socket_listen_event_handle(struct link_socket *s)
2812 {
2813 #ifdef _WIN32
2814  if (!defined_net_event_win32(&s->listen_handle))
2815  {
2816  init_net_event_win32(&s->listen_handle, FD_ACCEPT, s->sd, 0);
2817  }
2818  return &s->listen_handle;
2819 #else /* ifdef _WIN32 */
2820  return s->sd;
2821 #endif
2822 }
2823 
2824 /*
2825  * Format IP addresses in ascii
2826  */
2827 
2828 const char *
2829 print_sockaddr_ex(const struct sockaddr *sa,
2830  const char *separator,
2831  const unsigned int flags,
2832  struct gc_arena *gc)
2833 {
2834  struct buffer out = alloc_buf_gc(128, gc);
2835  bool addr_is_defined = false;
2836  char hostaddr[NI_MAXHOST] = "";
2837  char servname[NI_MAXSERV] = "";
2838  int status;
2839 
2840  socklen_t salen = 0;
2841  switch (sa->sa_family)
2842  {
2843  case AF_INET:
2844  if (!(flags & PS_DONT_SHOW_FAMILY))
2845  {
2846  buf_puts(&out, "[AF_INET]");
2847  }
2848  salen = sizeof(struct sockaddr_in);
2849  addr_is_defined = ((struct sockaddr_in *) sa)->sin_addr.s_addr != 0;
2850  break;
2851 
2852  case AF_INET6:
2853  if (!(flags & PS_DONT_SHOW_FAMILY))
2854  {
2855  buf_puts(&out, "[AF_INET6]");
2856  }
2857  salen = sizeof(struct sockaddr_in6);
2858  addr_is_defined = !IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) sa)->sin6_addr);
2859  break;
2860 
2861  case AF_UNSPEC:
2862  if (!(flags & PS_DONT_SHOW_FAMILY))
2863  {
2864  return "[AF_UNSPEC]";
2865  }
2866  else
2867  {
2868  return "";
2869  }
2870 
2871  default:
2872  ASSERT(0);
2873  }
2874 
2875  status = getnameinfo(sa, salen, hostaddr, sizeof(hostaddr),
2876  servname, sizeof(servname), NI_NUMERICHOST | NI_NUMERICSERV);
2877 
2878  if (status!=0)
2879  {
2880  buf_printf(&out, "[nameinfo() err: %s]", gai_strerror(status));
2881  return BSTR(&out);
2882  }
2883 
2884  if (!(flags & PS_DONT_SHOW_ADDR))
2885  {
2886  if (addr_is_defined)
2887  {
2888  buf_puts(&out, hostaddr);
2889  }
2890  else
2891  {
2892  buf_puts(&out, "[undef]");
2893  }
2894  }
2895 
2896  if ((flags & PS_SHOW_PORT) || (flags & PS_SHOW_PORT_IF_DEFINED))
2897  {
2898  if (separator)
2899  {
2900  buf_puts(&out, separator);
2901  }
2902 
2903  buf_puts(&out, servname);
2904  }
2905 
2906  return BSTR(&out);
2907 }
2908 
2909 const char *
2910 print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
2911 {
2912  return print_link_socket_actual_ex(act, ":", PS_SHOW_PORT|PS_SHOW_PKTINFO, gc);
2913 }
2914 
2915 #ifndef IF_NAMESIZE
2916 #define IF_NAMESIZE 16
2917 #endif
2918 
2919 const char *
2920 print_link_socket_actual_ex(const struct link_socket_actual *act,
2921  const char *separator,
2922  const unsigned int flags,
2923  struct gc_arena *gc)
2924 {
2925  if (act)
2926  {
2927  struct buffer out = alloc_buf_gc(128, gc);
2928  buf_printf(&out, "%s", print_sockaddr_ex(&act->dest.addr.sa, separator, flags, gc));
2929 #if ENABLE_IP_PKTINFO
2930  char ifname[IF_NAMESIZE] = "[undef]";
2931 
2932  if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(act))
2933  {
2934  switch (act->dest.addr.sa.sa_family)
2935  {
2936  case AF_INET:
2937  {
2938  struct openvpn_sockaddr sa;
2939  CLEAR(sa);
2940  sa.addr.in4.sin_family = AF_INET;
2941 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2942  sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst;
2943  if_indextoname(act->pi.in4.ipi_ifindex, ifname);
2944 #elif defined(IP_RECVDSTADDR)
2945  sa.addr.in4.sin_addr = act->pi.in4;
2946  ifname[0] = 0;
2947 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2948 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
2949 #endif
2950  buf_printf(&out, " (via %s%%%s)",
2951  print_sockaddr_ex(&sa.addr.sa, separator, 0, gc),
2952  ifname);
2953  }
2954  break;
2955 
2956  case AF_INET6:
2957  {
2958  struct sockaddr_in6 sin6;
2959  char buf[INET6_ADDRSTRLEN] = "[undef]";
2960  CLEAR(sin6);
2961  sin6.sin6_family = AF_INET6;
2962  sin6.sin6_addr = act->pi.in6.ipi6_addr;
2963  if_indextoname(act->pi.in6.ipi6_ifindex, ifname);
2964  if (getnameinfo((struct sockaddr *)&sin6, sizeof(struct sockaddr_in6),
2965  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST) == 0)
2966  {
2967  buf_printf(&out, " (via %s%%%s)", buf, ifname);
2968  }
2969  else
2970  {
2971  buf_printf(&out, " (via [getnameinfo() err]%%%s)", ifname);
2972  }
2973  }
2974  break;
2975  }
2976  }
2977 #endif /* if ENABLE_IP_PKTINFO */
2978  return BSTR(&out);
2979  }
2980  else
2981  {
2982  return "[NULL]";
2983  }
2984 }
2985 
2986 /*
2987  * Convert an in_addr_t in host byte order
2988  * to an ascii dotted quad.
2989  */
2990 const char *
2991 print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
2992 {
2993  struct in_addr ia;
2994  char *out = gc_malloc(INET_ADDRSTRLEN, true, gc);
2995 
2996  if (addr || !(flags & IA_EMPTY_IF_UNDEF))
2997  {
2998  CLEAR(ia);
2999  ia.s_addr = (flags & IA_NET_ORDER) ? addr : htonl(addr);
3000 
3001  inet_ntop(AF_INET, &ia, out, INET_ADDRSTRLEN);
3002  }
3003  return out;
3004 }
3005 
3006 /*
3007  * Convert an in6_addr in host byte order
3008  * to an ascii representation of an IPv6 address
3009  */
3010 const char *
3011 print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
3012 {
3013  char *out = gc_malloc(INET6_ADDRSTRLEN, true, gc);
3014 
3015  if (memcmp(&a6, &in6addr_any, sizeof(a6)) != 0
3016  || !(flags & IA_EMPTY_IF_UNDEF))
3017  {
3018  inet_ntop(AF_INET6, &a6, out, INET6_ADDRSTRLEN);
3019  }
3020  return out;
3021 }
3022 
3023 /*
3024  * Convert an in_port_t in host byte order to a string
3025  */
3026 const char *
3027 print_in_port_t(in_port_t port, struct gc_arena *gc)
3028 {
3029  struct buffer buffer = alloc_buf_gc(8, gc);
3030  buf_printf(&buffer, "%hu", port);
3031  return BSTR(&buffer);
3032 }
3033 
3034 #ifndef UINT8_MAX
3035 #define UINT8_MAX 0xff
3036 #endif
3037 
3038 /* add some offset to an ipv6 address
3039  * (add in steps of 8 bits, taking overflow into next round)
3040  */
3041 struct in6_addr
3042 add_in6_addr( struct in6_addr base, uint32_t add )
3043 {
3044  int i;
3045 
3046  for (i = 15; i>=0 && add > 0; i--)
3047  {
3048  register int carry;
3049  register uint32_t h;
3050 
3051  h = (unsigned char) base.s6_addr[i];
3052  base.s6_addr[i] = (h+add) & UINT8_MAX;
3053 
3054  /* using explicit carry for the 8-bit additions will catch
3055  * 8-bit and(!) 32-bit overruns nicely
3056  */
3057  carry = ((h & 0xff) + (add & 0xff)) >> 8;
3058  add = (add>>8) + carry;
3059  }
3060  return base;
3061 }
3062 
3063 /* set environmental variables for ip/port in *addr */
3064 void
3065 setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
3066 {
3067  char name_buf[256];
3068 
3069  char buf[INET6_ADDRSTRLEN];
3070  switch (addr->addr.sa.sa_family)
3071  {
3072  case AF_INET:
3073  if (flags & SA_IP_PORT)
3074  {
3075  snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
3076  }
3077  else
3078  {
3079  snprintf(name_buf, sizeof(name_buf), "%s", name_prefix);
3080  }
3081 
3082  inet_ntop(AF_INET, &addr->addr.in4.sin_addr, buf, sizeof(buf));
3083  setenv_str(es, name_buf, buf);
3084 
3085  if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port)
3086  {
3087  snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
3088  setenv_int(es, name_buf, ntohs(addr->addr.in4.sin_port));
3089  }
3090  break;
3091 
3092  case AF_INET6:
3093  if (IN6_IS_ADDR_V4MAPPED( &addr->addr.in6.sin6_addr ))
3094  {
3095  struct in_addr ia;
3096  memcpy(&ia.s_addr, &addr->addr.in6.sin6_addr.s6_addr[12],
3097  sizeof(ia.s_addr));
3098  snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
3099  inet_ntop(AF_INET, &ia, buf, sizeof(buf));
3100  }
3101  else
3102  {
3103  snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix);
3104  inet_ntop(AF_INET6, &addr->addr.in6.sin6_addr, buf, sizeof(buf));
3105  }
3106  setenv_str(es, name_buf, buf);
3107 
3108  if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port)
3109  {
3110  snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
3111  setenv_int(es, name_buf, ntohs(addr->addr.in6.sin6_port));
3112  }
3113  break;
3114  }
3115 }
3116 
3117 void
3118 setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
3119 {
3120  if (addr || !(flags & SA_SET_IF_NONZERO))
3121  {
3122  struct openvpn_sockaddr si;
3123  CLEAR(si);
3124  si.addr.in4.sin_family = AF_INET;
3125  si.addr.in4.sin_addr.s_addr = htonl(addr);
3126  setenv_sockaddr(es, name_prefix, &si, flags);
3127  }
3128 }
3129 
3130 void
3131 setenv_in6_addr(struct env_set *es,
3132  const char *name_prefix,
3133  const struct in6_addr *addr,
3134  const unsigned int flags)
3135 {
3136  if (!IN6_IS_ADDR_UNSPECIFIED(addr) || !(flags & SA_SET_IF_NONZERO))
3137  {
3138  struct openvpn_sockaddr si;
3139  CLEAR(si);
3140  si.addr.in6.sin6_family = AF_INET6;
3141  si.addr.in6.sin6_addr = *addr;
3142  setenv_sockaddr(es, name_prefix, &si, flags);
3143  }
3144 }
3145 
3146 void
3147 setenv_link_socket_actual(struct env_set *es,
3148  const char *name_prefix,
3149  const struct link_socket_actual *act,
3150  const unsigned int flags)
3151 {
3152  setenv_sockaddr(es, name_prefix, &act->dest, flags);
3153 }
3154 
3155 /*
3156  * Convert protocol names between index and ascii form.
3157  */
3158 
3159 struct proto_names {
3160  const char *short_form;
3161  const char *display_form;
3162  sa_family_t proto_af;
3163  int proto;
3164 };
3165 
3166 /* Indexed by PROTO_x */
3167 static const struct proto_names proto_names[] = {
3168  {"proto-uninitialized", "proto-NONE", AF_UNSPEC, PROTO_NONE},
3169  /* try IPv4 and IPv6 (client), bind dual-stack (server) */
3170  {"udp", "UDP", AF_UNSPEC, PROTO_UDP},
3171  {"tcp-server", "TCP_SERVER", AF_UNSPEC, PROTO_TCP_SERVER},
3172  {"tcp-client", "TCP_CLIENT", AF_UNSPEC, PROTO_TCP_CLIENT},
3173  {"tcp", "TCP", AF_UNSPEC, PROTO_TCP},
3174  /* force IPv4 */
3175  {"udp4", "UDPv4", AF_INET, PROTO_UDP},
3176  {"tcp4-server", "TCPv4_SERVER", AF_INET, PROTO_TCP_SERVER},
3177  {"tcp4-client", "TCPv4_CLIENT", AF_INET, PROTO_TCP_CLIENT},
3178  {"tcp4", "TCPv4", AF_INET, PROTO_TCP},
3179  /* force IPv6 */
3180  {"udp6", "UDPv6", AF_INET6, PROTO_UDP},
3181  {"tcp6-server", "TCPv6_SERVER", AF_INET6, PROTO_TCP_SERVER},
3182  {"tcp6-client", "TCPv6_CLIENT", AF_INET6, PROTO_TCP_CLIENT},
3183  {"tcp6", "TCPv6", AF_INET6, PROTO_TCP},
3184 };
3185 
3186 int
3187 ascii2proto(const char *proto_name)
3188 {
3189  for (size_t i = 0; i < SIZE(proto_names); ++i)
3190  {
3191  if (!strcmp(proto_name, proto_names[i].short_form))
3192  {
3193  return proto_names[i].proto;
3194  }
3195  }
3196  return -1;
3197 }
3198 
3199 sa_family_t
3200 ascii2af(const char *proto_name)
3201 {
3202  for (size_t i = 0; i < SIZE(proto_names); ++i)
3203  {
3204  if (!strcmp(proto_name, proto_names[i].short_form))
3205  {
3206  return proto_names[i].proto_af;
3207  }
3208  }
3209  return 0;
3210 }
3211 
3212 const char *
3213 proto2ascii(int proto, sa_family_t af, bool display_form)
3214 {
3215  for (size_t i = 0; i < SIZE(proto_names); ++i)
3216  {
3217  if (proto_names[i].proto_af == af && proto_names[i].proto == proto)
3218  {
3219  if (display_form)
3220  {
3221  return proto_names[i].display_form;
3222  }
3223  else
3224  {
3225  return proto_names[i].short_form;
3226  }
3227  }
3228  }
3229 
3230  return "[unknown protocol]";
3231 }
3232 
3233 const char *
3234 proto2ascii_all(struct gc_arena *gc)
3235 {
3236  struct buffer out = alloc_buf_gc(256, gc);
3237 
3238  for (size_t i = 0; i < SIZE(proto_names); ++i)
3239  {
3240  if (i)
3241  {
3242  buf_printf(&out, " ");
3243  }
3244  buf_printf(&out, "[%s]", proto_names[i].short_form);
3245  }
3246  return BSTR(&out);
3247 }
3248 
3249 const char *
3250 addr_family_name(int af)
3251 {
3252  switch (af)
3253  {
3254  case AF_INET: return "AF_INET";
3255 
3256  case AF_INET6: return "AF_INET6";
3257  }
3258  return "AF_UNSPEC";
3259 }
3260 
3261 /*
3262  * Given a local proto, return local proto
3263  * if !remote, or compatible remote proto
3264  * if remote.
3265  *
3266  * This is used for options compatibility
3267  * checking.
3268  *
3269  * IPv6 and IPv4 protocols are comptabile but OpenVPN
3270  * has always sent UDPv4, TCPv4 over the wire. Keep these
3271  * strings for backward compatibility
3272  */
3273 const char *
3274 proto_remote(int proto, bool remote)
3275 {
3276  ASSERT(proto >= 0 && proto < PROTO_N);
3277  if (proto == PROTO_UDP)
3278  {
3279  return "UDPv4";
3280  }
3281 
3282  if ( (remote && proto == PROTO_TCP_CLIENT)
3283  || (!remote && proto == PROTO_TCP_SERVER))
3284  {
3285  return "TCPv4_SERVER";
3286  }
3287  if ( (remote && proto == PROTO_TCP_SERVER)
3288  || (!remote && proto == PROTO_TCP_CLIENT))
3289  {
3290  return "TCPv4_CLIENT";
3291  }
3292 
3293  ASSERT(0);
3294  return ""; /* Make the compiler happy */
3295 }
3296 
3297 /*
3298  * Bad incoming address lengths that differ from what
3299  * we expect are considered to be fatal errors.
3300  */
3301 void
3302 bad_address_length(int actual, int expected)
3303 {
3304  msg(M_FATAL, "ERROR: received strange incoming packet with an address length of %d -- we only accept address lengths of %d.",
3305  actual,
3306  expected);
3307 }
3308 
3309 /*
3310  * Socket Read Routines
3311  */
3312 
3313 int
3314 link_socket_read_tcp(struct link_socket *sock,
3315  struct buffer *buf)
3316 {
3317  int len = 0;
3318 
3319  if (!sock->stream_buf.residual_fully_formed)
3320  {
3321  /* with Linux-DCO, we sometimes try to access a socket that is
3322  * already installed in the kernel and has no valid file descriptor
3323  * anymore. This is a bug.
3324  * Handle by resetting client instance instead of crashing.
3325  */
3326  if (sock->sd == SOCKET_UNDEFINED)
3327  {
3328  msg(M_INFO, "BUG: link_socket_read_tcp(): sock->sd==-1, reset client instance" );
3329  sock->stream_reset = true; /* reset client instance */
3330  return buf->len = 0; /* nothing to read */
3331  }
3332 
3333 #ifdef _WIN32
3334  sockethandle_t sh = { .s = sock->sd };
3335  len = sockethandle_finalize(sh, &sock->reads, buf, NULL);
3336 #else
3337  struct buffer frag;
3338  stream_buf_get_next(&sock->stream_buf, &frag);
3339  len = recv(sock->sd, BPTR(&frag), BLEN(&frag), MSG_NOSIGNAL);
3340 #endif
3341 
3342  if (!len)
3343  {
3344  sock->stream_reset = true;
3345  }
3346  if (len <= 0)
3347  {
3348  return buf->len = len;
3349  }
3350  }
3351 
3352  if (sock->stream_buf.residual_fully_formed
3353  || stream_buf_added(&sock->stream_buf, len)) /* packet complete? */
3354  {
3355  stream_buf_get_final(&sock->stream_buf, buf);
3356  stream_buf_reset(&sock->stream_buf);
3357  return buf->len;
3358  }
3359  else
3360  {
3361  return buf->len = 0; /* no error, but packet is still incomplete */
3362  }
3363 }
3364 
3365 #ifndef _WIN32
3366 
3367 #if ENABLE_IP_PKTINFO
3368 
3369 /* make the buffer large enough to handle ancillary socket data for
3370  * both IPv4 and IPv6 destination addresses, plus padding (see RFC 2292)
3371  */
3372 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3373 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3374  CMSG_SPACE(sizeof(struct in_pktinfo)) )
3375 #else
3376 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3377  CMSG_SPACE(sizeof(struct in_addr)) )
3378 #endif
3379 
3380 static socklen_t
3381 link_socket_read_udp_posix_recvmsg(struct link_socket *sock,
3382  struct buffer *buf,
3383  struct link_socket_actual *from)
3384 {
3385  struct iovec iov;
3386  uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
3387  struct msghdr mesg = {0};
3388  socklen_t fromlen = sizeof(from->dest.addr);
3389 
3390  ASSERT(sock->sd >= 0); /* can't happen */
3391 
3392  iov.iov_base = BPTR(buf);
3393  iov.iov_len = buf_forward_capacity_total(buf);
3394  mesg.msg_iov = &iov;
3395  mesg.msg_iovlen = 1;
3396  mesg.msg_name = &from->dest.addr;
3397  mesg.msg_namelen = fromlen;
3398  mesg.msg_control = pktinfo_buf;
3399  mesg.msg_controllen = sizeof pktinfo_buf;
3400  buf->len = recvmsg(sock->sd, &mesg, 0);
3401  if (buf->len >= 0)
3402  {
3403  struct cmsghdr *cmsg;
3404  fromlen = mesg.msg_namelen;
3405  cmsg = CMSG_FIRSTHDR(&mesg);
3406  if (cmsg != NULL
3407  && CMSG_NXTHDR(&mesg, cmsg) == NULL
3408 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3409  && cmsg->cmsg_level == SOL_IP
3410  && cmsg->cmsg_type == IP_PKTINFO
3411  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_pktinfo)) )
3412 #elif defined(IP_RECVDSTADDR)
3413  && cmsg->cmsg_level == IPPROTO_IP
3414  && cmsg->cmsg_type == IP_RECVDSTADDR
3415  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in_addr)) )
3416 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3417 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3418 #endif
3419  {
3420 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3421  struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
3422  from->pi.in4.ipi_ifindex = pkti->ipi_ifindex;
3423  from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst;
3424 #elif defined(IP_RECVDSTADDR)
3425  from->pi.in4 = *(struct in_addr *) CMSG_DATA(cmsg);
3426 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3427 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3428 #endif
3429  }
3430  else if (cmsg != NULL
3431  && CMSG_NXTHDR(&mesg, cmsg) == NULL
3432  && cmsg->cmsg_level == IPPROTO_IPV6
3433  && cmsg->cmsg_type == IPV6_PKTINFO
3434  && cmsg->cmsg_len >= CMSG_LEN(sizeof(struct in6_pktinfo)) )
3435  {
3436  struct in6_pktinfo *pkti6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
3437  from->pi.in6.ipi6_ifindex = pkti6->ipi6_ifindex;
3438  from->pi.in6.ipi6_addr = pkti6->ipi6_addr;
3439  }
3440  else if (cmsg != NULL)
3441  {
3442  msg(M_WARN, "CMSG received that cannot be parsed (cmsg_level=%d, cmsg_type=%d, cmsg=len=%d)", (int)cmsg->cmsg_level, (int)cmsg->cmsg_type, (int)cmsg->cmsg_len );
3443  }
3444  }
3445 
3446  return fromlen;
3447 }
3448 #endif /* if ENABLE_IP_PKTINFO */
3449 
3450 int
3451 link_socket_read_udp_posix(struct link_socket *sock,
3452  struct buffer *buf,
3453  struct link_socket_actual *from)
3454 {
3455  socklen_t fromlen = sizeof(from->dest.addr);
3456  socklen_t expectedlen = af_addr_size(sock->info.af);
3457  addr_zero_host(&from->dest);
3458 
3459  ASSERT(sock->sd >= 0); /* can't happen */
3460 
3461 #if ENABLE_IP_PKTINFO
3462  /* Both PROTO_UDPv4 and PROTO_UDPv6 */
3463  if (sock->info.proto == PROTO_UDP && sock->sockflags & SF_USE_IP_PKTINFO)
3464  {
3465  fromlen = link_socket_read_udp_posix_recvmsg(sock, buf, from);
3466  }
3467  else
3468 #endif
3469  {
3470  buf->len = recvfrom(sock->sd, BPTR(buf), buf_forward_capacity(buf), 0,
3471  &from->dest.addr.sa, &fromlen);
3472  }
3473  /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3474  if (buf->len >= 0 && expectedlen && fromlen != expectedlen)
3475  {
3476  bad_address_length(fromlen, expectedlen);
3477  }
3478  return buf->len;
3479 }
3480 
3481 #endif /* ifndef _WIN32 */
3482 
3483 /*
3484  * Socket Write Routines
3485  */
3486 
3487 ssize_t
3488 link_socket_write_tcp(struct link_socket *sock,
3489  struct buffer *buf,
3490  struct link_socket_actual *to)
3491 {
3492  packet_size_type len = BLEN(buf);
3493  dmsg(D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset);
3494  ASSERT(len <= sock->stream_buf.maxlen);
3495  len = htonps(len);
3496  ASSERT(buf_write_prepend(buf, &len, sizeof(len)));
3497 #ifdef _WIN32
3498  return link_socket_write_win32(sock, buf, to);
3499 #else
3500  return link_socket_write_tcp_posix(sock, buf);
3501 #endif
3502 }
3503 
3504 #if ENABLE_IP_PKTINFO
3505 
3506 ssize_t
3507 link_socket_write_udp_posix_sendmsg(struct link_socket *sock,
3508  struct buffer *buf,
3509  struct link_socket_actual *to)
3510 {
3511  struct iovec iov;
3512  struct msghdr mesg;
3513  struct cmsghdr *cmsg;
3514  uint8_t pktinfo_buf[PKTINFO_BUF_SIZE];
3515 
3516  iov.iov_base = BPTR(buf);
3517  iov.iov_len = BLEN(buf);
3518  mesg.msg_iov = &iov;
3519  mesg.msg_iovlen = 1;
3520  switch (to->dest.addr.sa.sa_family)
3521  {
3522  case AF_INET:
3523  {
3524  mesg.msg_name = &to->dest.addr.sa;
3525  mesg.msg_namelen = sizeof(struct sockaddr_in);
3526  mesg.msg_control = pktinfo_buf;
3527  mesg.msg_flags = 0;
3528 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3529  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
3530  cmsg = CMSG_FIRSTHDR(&mesg);
3531  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
3532  cmsg->cmsg_level = SOL_IP;
3533  cmsg->cmsg_type = IP_PKTINFO;
3534  {
3535  struct in_pktinfo *pkti;
3536  pkti = (struct in_pktinfo *) CMSG_DATA(cmsg);
3537  pkti->ipi_ifindex = to->pi.in4.ipi_ifindex;
3538  pkti->ipi_spec_dst = to->pi.in4.ipi_spec_dst;
3539  pkti->ipi_addr.s_addr = 0;
3540  }
3541 #elif defined(IP_RECVDSTADDR)
3542  ASSERT( CMSG_SPACE(sizeof(struct in_addr)) <= sizeof(pktinfo_buf) );
3543  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
3544  cmsg = CMSG_FIRSTHDR(&mesg);
3545  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
3546  cmsg->cmsg_level = IPPROTO_IP;
3547  cmsg->cmsg_type = IP_RECVDSTADDR;
3548  *(struct in_addr *) CMSG_DATA(cmsg) = to->pi.in4;
3549 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3550 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3551 #endif /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3552  break;
3553  }
3554 
3555  case AF_INET6:
3556  {
3557  struct in6_pktinfo *pkti6;
3558  mesg.msg_name = &to->dest.addr.sa;
3559  mesg.msg_namelen = sizeof(struct sockaddr_in6);
3560 
3561  ASSERT( CMSG_SPACE(sizeof(struct in6_pktinfo)) <= sizeof(pktinfo_buf) );
3562  mesg.msg_control = pktinfo_buf;
3563  mesg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
3564  mesg.msg_flags = 0;
3565  cmsg = CMSG_FIRSTHDR(&mesg);
3566  cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
3567  cmsg->cmsg_level = IPPROTO_IPV6;
3568  cmsg->cmsg_type = IPV6_PKTINFO;
3569 
3570  pkti6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
3571  pkti6->ipi6_ifindex = to->pi.in6.ipi6_ifindex;
3572  pkti6->ipi6_addr = to->pi.in6.ipi6_addr;
3573  break;
3574  }
3575 
3576  default: ASSERT(0);
3577  }
3578  return sendmsg(sock->sd, &mesg, 0);
3579 }
3580 
3581 #endif /* if ENABLE_IP_PKTINFO */
3582 
3583 /*
3584  * Win32 overlapped socket I/O functions.
3585  */
3586 
3587 #ifdef _WIN32
3588 
3589 static int
3590 socket_get_last_error(const struct link_socket *sock)
3591 {
3592  if (socket_is_dco_win(sock))
3593  {
3594  return GetLastError();
3595  }
3596 
3597  return WSAGetLastError();
3598 }
3599 
3600 int
3601 socket_recv_queue(struct link_socket *sock, int maxsize)
3602 {
3603  if (sock->reads.iostate == IOSTATE_INITIAL)
3604  {
3605  WSABUF wsabuf[1];
3606  int status;
3607 
3608  /* reset buf to its initial state */
3609  if (proto_is_udp(sock->info.proto))
3610  {
3611  sock->reads.buf = sock->reads.buf_init;
3612  }
3613  else if (proto_is_tcp(sock->info.proto))
3614  {
3615  stream_buf_get_next(&sock->stream_buf, &sock->reads.buf);
3616  }
3617  else
3618  {
3619  ASSERT(0);
3620  }
3621 
3622  /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3623  wsabuf[0].buf = BSTR(&sock->reads.buf);
3624  wsabuf[0].len = maxsize ? maxsize : BLEN(&sock->reads.buf);
3625 
3626  /* check for buffer overflow */
3627  ASSERT(wsabuf[0].len <= BLEN(&sock->reads.buf));
3628 
3629  /* the overlapped read will signal this event on I/O completion */
3630  ASSERT(ResetEvent(sock->reads.overlapped.hEvent));
3631  sock->reads.flags = 0;
3632 
3633  if (socket_is_dco_win(sock))
3634  {
3635  status = ReadFile((HANDLE)sock->sd, wsabuf[0].buf, wsabuf[0].len,
3636  &sock->reads.size, &sock->reads.overlapped);
3637  /* Readfile status is inverted from WSARecv */
3638  status = !status;
3639  }
3640  else if (proto_is_udp(sock->info.proto))
3641  {
3642  sock->reads.addr_defined = true;
3643  sock->reads.addrlen = sizeof(sock->reads.addr6);
3644  status = WSARecvFrom(
3645  sock->sd,
3646  wsabuf,
3647  1,
3648  &sock->reads.size,
3649  &sock->reads.flags,
3650  (struct sockaddr *) &sock->reads.addr,
3651  &sock->reads.addrlen,
3652  &sock->reads.overlapped,
3653  NULL);
3654  }
3655  else if (proto_is_tcp(sock->info.proto))
3656  {
3657  sock->reads.addr_defined = false;
3658  status = WSARecv(
3659  sock->sd,
3660  wsabuf,
3661  1,
3662  &sock->reads.size,
3663  &sock->reads.flags,
3664  &sock->reads.overlapped,
3665  NULL);
3666  }
3667  else
3668  {
3669  status = 0;
3670  ASSERT(0);
3671  }
3672 
3673  if (!status) /* operation completed immediately? */
3674  {
3675  /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3676  int af_len = af_addr_size(sock->info.af);
3677  if (sock->reads.addr_defined && af_len && sock->reads.addrlen != af_len)
3678  {
3679  bad_address_length(sock->reads.addrlen, af_len);
3680  }
3681  sock->reads.iostate = IOSTATE_IMMEDIATE_RETURN;
3682 
3683  /* since we got an immediate return, we must signal the event object ourselves */
3684  ASSERT(SetEvent(sock->reads.overlapped.hEvent));
3685  sock->reads.status = 0;
3686 
3687  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive immediate return [%d,%d]",
3688  (int) wsabuf[0].len,
3689  (int) sock->reads.size);
3690  }
3691  else
3692  {
3693  status = socket_get_last_error(sock);
3694  if (status == WSA_IO_PENDING) /* operation queued? */
3695  {
3696  sock->reads.iostate = IOSTATE_QUEUED;
3697  sock->reads.status = status;
3698  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive queued [%d]",
3699  (int) wsabuf[0].len);
3700  }
3701  else /* error occurred */
3702  {
3703  struct gc_arena gc = gc_new();
3704  ASSERT(SetEvent(sock->reads.overlapped.hEvent));
3705  sock->reads.iostate = IOSTATE_IMMEDIATE_RETURN;
3706  sock->reads.status = status;
3707  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Receive error [%d]: %s",
3708  (int) wsabuf[0].len,
3709  strerror_win32(status, &gc));
3710  gc_free(&gc);
3711  }
3712  }
3713  }
3714  return sock->reads.iostate;
3715 }
3716 
3717 int
3718 socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
3719 {
3720  if (sock->writes.iostate == IOSTATE_INITIAL)
3721  {
3722  WSABUF wsabuf[1];
3723  int status;
3724 
3725  /* make a private copy of buf */
3726  sock->writes.buf = sock->writes.buf_init;
3727  sock->writes.buf.len = 0;
3728  ASSERT(buf_copy(&sock->writes.buf, buf));
3729 
3730  /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3731  wsabuf[0].buf = BSTR(&sock->writes.buf);
3732  wsabuf[0].len = BLEN(&sock->writes.buf);
3733 
3734  /* the overlapped write will signal this event on I/O completion */
3735  ASSERT(ResetEvent(sock->writes.overlapped.hEvent));
3736  sock->writes.flags = 0;
3737 
3738  if (socket_is_dco_win(sock))
3739  {
3740  status = WriteFile((HANDLE)sock->sd, wsabuf[0].buf, wsabuf[0].len,
3741  &sock->writes.size, &sock->writes.overlapped);
3742 
3743  /* WriteFile status is inverted from WSASendTo */
3744  status = !status;
3745 
3746  }
3747  else if (proto_is_udp(sock->info.proto))
3748  {
3749  /* set destination address for UDP writes */
3750  sock->writes.addr_defined = true;
3751  if (to->dest.addr.sa.sa_family == AF_INET6)
3752  {
3753  sock->writes.addr6 = to->dest.addr.in6;
3754  sock->writes.addrlen = sizeof(sock->writes.addr6);
3755  }
3756  else
3757  {
3758  sock->writes.addr = to->dest.addr.in4;
3759  sock->writes.addrlen = sizeof(sock->writes.addr);
3760  }
3761 
3762  status = WSASendTo(
3763  sock->sd,
3764  wsabuf,
3765  1,
3766  &sock->writes.size,
3767  sock->writes.flags,
3768  (struct sockaddr *) &sock->writes.addr,
3769  sock->writes.addrlen,
3770  &sock->writes.overlapped,
3771  NULL);
3772  }
3773  else if (proto_is_tcp(sock->info.proto))
3774  {
3775  /* destination address for TCP writes was established on connection initiation */
3776  sock->writes.addr_defined = false;
3777 
3778  status = WSASend(
3779  sock->sd,
3780  wsabuf,
3781  1,
3782  &sock->writes.size,
3783  sock->writes.flags,
3784  &sock->writes.overlapped,
3785  NULL);
3786  }
3787  else
3788  {
3789  status = 0;
3790  ASSERT(0);
3791  }
3792 
3793  if (!status) /* operation completed immediately? */
3794  {
3795  sock->writes.iostate = IOSTATE_IMMEDIATE_RETURN;
3796 
3797  /* since we got an immediate return, we must signal the event object ourselves */
3798  ASSERT(SetEvent(sock->writes.overlapped.hEvent));
3799 
3800  sock->writes.status = 0;
3801 
3802  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send immediate return [%d,%d]",
3803  (int) wsabuf[0].len,
3804  (int) sock->writes.size);
3805  }
3806  else
3807  {
3808  status = socket_get_last_error(sock);
3809  /* both status code have the identical value */
3810  if (status == WSA_IO_PENDING || status == ERROR_IO_PENDING) /* operation queued? */
3811  {
3812  sock->writes.iostate = IOSTATE_QUEUED;
3813  sock->writes.status = status;
3814  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send queued [%d]",
3815  (int) wsabuf[0].len);
3816  }
3817  else /* error occurred */
3818  {
3819  struct gc_arena gc = gc_new();
3820  ASSERT(SetEvent(sock->writes.overlapped.hEvent));
3821  sock->writes.iostate = IOSTATE_IMMEDIATE_RETURN;
3822  sock->writes.status = status;
3823 
3824  dmsg(D_WIN32_IO, "WIN32 I/O: Socket Send error [%d]: %s",
3825  (int) wsabuf[0].len,
3826  strerror_win32(status, &gc));
3827 
3828  gc_free(&gc);
3829  }
3830  }
3831  }
3832  return sock->writes.iostate;
3833 }
3834 
3835 void
3836 read_sockaddr_from_overlapped(struct overlapped_io *io, struct sockaddr *dst, int overlapped_ret)
3837 {
3838  if (overlapped_ret >= 0 && io->addr_defined)
3839  {
3840  /* TODO(jjo): streamline this mess */
3841  /* in this func we don't have relevant info about the PF_ of this
3842  * endpoint, as link_socket_actual will be zero for the 1st received packet
3843  *
3844  * Test for inets PF_ possible sizes
3845  */
3846  switch (io->addrlen)
3847  {
3848  case sizeof(struct sockaddr_in):
3849  case sizeof(struct sockaddr_in6):
3850  /* TODO(jjo): for some reason (?) I'm getting 24,28 for AF_INET6
3851  * under _WIN32*/
3852  case sizeof(struct sockaddr_in6) - 4:
3853  break;
3854 
3855  default:
3856  bad_address_length(io->addrlen, af_addr_size(io->addr.sin_family));
3857  }
3858 
3859  switch (io->addr.sin_family)
3860  {
3861  case AF_INET:
3862  memcpy(dst, &io->addr, sizeof(struct sockaddr_in));
3863  break;
3864 
3865  case AF_INET6:
3866  memcpy(dst, &io->addr6, sizeof(struct sockaddr_in6));
3867  break;
3868  }
3869  }
3870  else
3871  {
3872  CLEAR(*dst);
3873  }
3874 }
3875 
3885 static int
3886 read_sockaddr_from_packet(struct buffer *buf, struct sockaddr *dst)
3887 {
3888  int sa_len = 0;
3889 
3890  const struct sockaddr *sa = (const struct sockaddr *)BPTR(buf);
3891  switch (sa->sa_family)
3892  {
3893  case AF_INET:
3894  sa_len = sizeof(struct sockaddr_in);
3895  if (buf_len(buf) < sa_len)
3896  {
3897  msg(M_FATAL, "ERROR: received incoming packet with too short length of %d -- must be at least %d.", buf_len(buf), sa_len);
3898  }
3899  memcpy(dst, sa, sa_len);
3900  buf_advance(buf, sa_len);
3901  break;
3902 
3903  case AF_INET6:
3904  sa_len = sizeof(struct sockaddr_in6);
3905  if (buf_len(buf) < sa_len)
3906  {
3907  msg(M_FATAL, "ERROR: received incoming packet with too short length of %d -- must be at least %d.", buf_len(buf), sa_len);
3908  }
3909  memcpy(dst, sa, sa_len);
3910  buf_advance(buf, sa_len);
3911  break;
3912 
3913  default:
3914  msg(M_FATAL, "ERROR: received incoming packet with invalid address family %d.", sa->sa_family);
3915  }
3916 
3917  return sa_len;
3918 }
3919 
3920 /* Returns the number of bytes successfully read */
3921 int
3922 sockethandle_finalize(sockethandle_t sh,
3923  struct overlapped_io *io,
3924  struct buffer *buf,
3925  struct link_socket_actual *from)
3926 {
3927  int ret = -1;
3928  BOOL status;
3929 
3930  switch (io->iostate)
3931  {
3932  case IOSTATE_QUEUED:
3933  status = SocketHandleGetOverlappedResult(sh, io);
3934  if (status)
3935  {
3936  /* successful return for a queued operation */
3937  if (buf)
3938  {
3939  *buf = io->buf;
3940  }
3941  ret = io->size;
3942  io->iostate = IOSTATE_INITIAL;
3943  ASSERT(ResetEvent(io->overlapped.hEvent));
3944 
3945  dmsg(D_WIN32_IO, "WIN32 I/O: Completion success [%d]", ret);
3946  }
3947  else
3948  {
3949  /* error during a queued operation */
3950  ret = -1;
3951  if (SocketHandleGetLastError(sh) != ERROR_IO_INCOMPLETE)
3952  {
3953  /* if no error (i.e. just not finished yet), then DON'T execute this code */
3954  io->iostate = IOSTATE_INITIAL;
3955  ASSERT(ResetEvent(io->overlapped.hEvent));
3956  msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Completion error");
3957  }
3958  }
3959  break;
3960 
3961  case IOSTATE_IMMEDIATE_RETURN:
3962  io->iostate = IOSTATE_INITIAL;
3963  ASSERT(ResetEvent(io->overlapped.hEvent));
3964  if (io->status)
3965  {
3966  /* error return for a non-queued operation */
3967  SocketHandleSetLastError(sh, io->status);
3968  ret = -1;
3969  msg(D_WIN32_IO | M_ERRNO, "WIN32 I/O: Completion non-queued error");
3970  }
3971  else
3972  {
3973  /* successful return for a non-queued operation */
3974  if (buf)
3975  {
3976  *buf = io->buf;
3977  }
3978  ret = io->size;
3979  dmsg(D_WIN32_IO, "WIN32 I/O: Completion non-queued success [%d]", ret);
3980  }
3981  break;
3982 
3983  case IOSTATE_INITIAL: /* were we called without proper queueing? */
3984  SocketHandleSetInvalError(sh);
3985  ret = -1;
3986  dmsg(D_WIN32_IO, "WIN32 I/O: Completion BAD STATE");
3987  break;
3988 
3989  default:
3990  ASSERT(0);
3991  }
3992 
3993  if (from && ret > 0 && sh.is_handle && sh.prepend_sa)
3994  {
3995  ret -= read_sockaddr_from_packet(buf, &from->dest.addr.sa);
3996  }
3997 
3998  if (!sh.is_handle && from)
3999  {
4000  read_sockaddr_from_overlapped(io, &from->dest.addr.sa, ret);
4001  }
4002 
4003  if (buf)
4004  {
4005  buf->len = ret;
4006  }
4007  return ret;
4008 }
4009 
4010 #endif /* _WIN32 */
4011 
4012 /*
4013  * Socket event notification
4014  */
4015 
4016 unsigned int
4017 socket_set(struct link_socket *s,
4018  struct event_set *es,
4019  unsigned int rwflags,
4020  void *arg,
4021  unsigned int *persistent)
4022 {
4023  if (s)
4024  {
4025  if ((rwflags & EVENT_READ) && !stream_buf_read_setup(s))
4026  {
4027  ASSERT(!persistent);
4028  rwflags &= ~EVENT_READ;
4029  }
4030 
4031 #ifdef _WIN32
4032  if (rwflags & EVENT_READ)
4033  {
4034  socket_recv_queue(s, 0);
4035  }
4036 #endif
4037 
4038  /* if persistent is defined, call event_ctl only if rwflags has changed since last call */
4039  if (!persistent || *persistent != rwflags)
4040  {
4041  event_ctl(es, socket_event_handle(s), rwflags, arg);
4042  if (persistent)
4043  {
4044  *persistent = rwflags;
4045  }
4046  }
4047 
4048  s->rwflags_debug = rwflags;
4049  }
4050  return rwflags;
4051 }
4052 
4053 void
4054 sd_close(socket_descriptor_t *sd)
4055 {
4056  if (sd && socket_defined(*sd))
4057  {
4058  openvpn_close_socket(*sd);
4059  *sd = SOCKET_UNDEFINED;
4060  }
4061 }
4062 
4063 #if UNIX_SOCK_SUPPORT
4064 
4065 /*
4066  * code for unix domain sockets
4067  */
4068 
4069 const char *
4070 sockaddr_unix_name(const struct sockaddr_un *local, const char *null)
4071 {
4072  if (local && local->sun_family == PF_UNIX)
4073  {
4074  return local->sun_path;
4075  }
4076  else
4077  {
4078  return null;
4079  }
4080 }
4081 
4082 socket_descriptor_t
4083 create_socket_unix(void)
4084 {
4085  socket_descriptor_t sd;
4086 
4087  if ((sd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
4088  {
4089  msg(M_ERR, "Cannot create unix domain socket");
4090  }
4091 
4092  /* set socket file descriptor to not pass across execs, so that
4093  * scripts don't have access to it */
4094  set_cloexec(sd);
4095 
4096  return sd;
4097 }
4098 
4099 void
4100 socket_bind_unix(socket_descriptor_t sd,
4101  struct sockaddr_un *local,
4102  const char *prefix)
4103 {
4104  struct gc_arena gc = gc_new();
4105  const mode_t orig_umask = umask(0);
4106 
4107  if (bind(sd, (struct sockaddr *) local, sizeof(struct sockaddr_un)))
4108  {
4109  msg(M_FATAL | M_ERRNO,
4110  "%s: Socket bind[%d] failed on unix domain socket %s",
4111  prefix,
4112  (int)sd,
4113  sockaddr_unix_name(local, "NULL"));
4114  }
4115 
4116  umask(orig_umask);
4117  gc_free(&gc);
4118 }
4119 
4120 socket_descriptor_t
4121 socket_accept_unix(socket_descriptor_t sd,
4122  struct sockaddr_un *remote)
4123 {
4124  socklen_t remote_len = sizeof(struct sockaddr_un);
4125  socket_descriptor_t ret;
4126 
4127  CLEAR(*remote);
4128  ret = accept(sd, (struct sockaddr *) remote, &remote_len);
4129  if (ret >= 0)
4130  {
4131  /* set socket file descriptor to not pass across execs, so that
4132  * scripts don't have access to it */
4133  set_cloexec(ret);
4134  }
4135  return ret;
4136 }
4137 
4138 int
4139 socket_connect_unix(socket_descriptor_t sd,
4140  struct sockaddr_un *remote)
4141 {
4142  int status = connect(sd, (struct sockaddr *) remote, sizeof(struct sockaddr_un));
4143  if (status)
4144  {
4145  status = openvpn_errno();
4146  }
4147  return status;
4148 }
4149 
4150 void
4151 sockaddr_unix_init(struct sockaddr_un *local, const char *path)
4152 {
4153  local->sun_family = PF_UNIX;
4154  strncpynt(local->sun_path, path, sizeof(local->sun_path));
4155 }
4156 
4157 void
4158 socket_delete_unix(const struct sockaddr_un *local)
4159 {
4160  const char *name = sockaddr_unix_name(local, NULL);
4161  if (name && strlen(name))
4162  {
4163  unlink(name);
4164  }
4165 }
4166 
4167 bool
4168 unix_socket_get_peer_uid_gid(const socket_descriptor_t sd, int *uid, int *gid)
4169 {
4170 #ifdef HAVE_GETPEEREID
4171  uid_t u;
4172  gid_t g;
4173  if (getpeereid(sd, &u, &g) == -1)
4174  {
4175  return false;
4176  }
4177  if (uid)
4178  {
4179  *uid = u;
4180  }
4181  if (gid)
4182  {
4183  *gid = g;
4184  }
4185  return true;
4186 #elif defined(SO_PEERCRED)
4187  struct ucred peercred;
4188  socklen_t so_len = sizeof(peercred);
4189  if (getsockopt(sd, SOL_SOCKET, SO_PEERCRED, &peercred, &so_len) == -1)
4190  {
4191  return false;
4192  }
4193  if (uid)
4194  {
4195  *uid = peercred.uid;
4196  }
4197  if (gid)
4198  {
4199  *gid = peercred.gid;
4200  }
4201  return true;
4202 #else /* ifdef HAVE_GETPEEREID */
4203  return false;
4204 #endif /* ifdef HAVE_GETPEEREID */
4205 }
4206 
4207 #endif /* if UNIX_SOCK_SUPPORT */
overlapped_io_state_ascii
char * overlapped_io_state_ascii(const struct overlapped_io *o)
Definition: win32.c:202
proto_names::proto
int proto
Definition: socket.c:3163
setenv_trusted
void setenv_trusted(struct env_set *es, const struct link_socket_info *info)
Definition: socket.c:2436
buf_safe
static bool buf_safe(const struct buffer *buf, size_t len)
Definition: buffer.h:520
GETADDR_FATAL_ON_SIGNAL
#define GETADDR_FATAL_ON_SIGNAL
Definition: socket.h:521
local_list::len
int len
Definition: options.h:191
socket_frame_init
static void socket_frame_init(const struct frame *frame, struct link_socket *sock)
Definition: socket.c:1679
PS_SHOW_PKTINFO
#define PS_SHOW_PKTINFO
Definition: socket.h:365
link_socket
Definition: socket.h:177
management_set_state
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2749
cached_dns_entry::flags
int flags
Definition: socket.h:80
resolve_remote
static void resolve_remote(struct link_socket *sock, int phase, const char **remote_dynamic, struct signal_info *sig_info)
Definition: socket.c:1753
link_socket::remote_host
const char * remote_host
Definition: socket.h:202
local_entry::port
const char * port
Definition: options.h:100
signal_info::signal_received
volatile int signal_received
Definition: sig.h:43
context_1::link_sockets_num
int link_sockets_num
Definition: openvpn.h:157
GETADDR_WARN_ON_SIGNAL
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:522
connection_entry::mtu_discover_type
int mtu_discover_type
Definition: options.h:137
stream_buf_get_next
static void stream_buf_get_next(struct stream_buf *sb, struct buffer *buf)
Definition: socket.c:2704
rw_handle::read
HANDLE read
Definition: win32.h:80
D_WIN32_IO
#define D_WIN32_IO
Definition: errlevel.h:173
socket_is_dco_win
static bool socket_is_dco_win(const struct link_socket *s)
Returns true if we are on Windows and this link is running on DCO-WIN.
Definition: socket.h:1027
M_INFO
#define M_INFO
Definition: errlevel.h:55
buf_read
static bool buf_read(struct buffer *src, void *dest, int size)
Definition: buffer.h:778
overlapped_io::buf
struct buffer buf
Definition: win32.h:218
cached_dns_entry::hostname
const char * hostname
Definition: socket.h:77
link_socket::reads
struct overlapped_io reads
Definition: socket.h:190
context_2::accept_from
const struct link_socket * accept_from
Definition: openvpn.h:242
stream_buf::residual
struct buffer residual
Definition: socket.h:133
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1025
gc_addspecial
void gc_addspecial(void *addr, void(*free_function)(void *), struct gc_arena *a)
Definition: buffer.c:438
run_command.h
M_ERRNO
#define M_ERRNO
Definition: error.h:94
forward.h
GETADDR_RANDOMIZE
#define GETADDR_RANDOMIZE
Definition: socket.h:526
print_sockaddr
static const char * print_sockaddr(const struct sockaddr *addr, struct gc_arena *gc)
Definition: socket.h:384
signal_info::signal_text
const char * signal_text
Definition: sig.h:45
gremlin.h
link_socket_init_phase2
void link_socket_init_phase2(struct context *c, struct link_socket *sock)
Definition: socket.c:2261
ipv6_addr_safe
bool ipv6_addr_safe(const char *ipv6_text_addr)
Definition: socket.c:787
strerror_win32
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition: error.c:812
buf_forward_capacity_total
static int buf_forward_capacity_total(const struct buffer *buf)
Definition: buffer.h:559
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
proto2ascii_all
const char * proto2ascii_all(struct gc_arena *gc)
Definition: socket.c:3234
link_socket::ev_arg
struct event_arg ev_arg
this struct will store a pointer to either mi or link_socket, depending on the event type,...
Definition: socket.h:181
connection_entry::socks_proxy_server
const char * socks_proxy_server
Definition: options.h:121
buf_reset
static void buf_reset(struct buffer *buf)
Definition: buffer.h:303
D_LINK_ERRORS
#define D_LINK_ERRORS
Definition: errlevel.h:57
M_FATAL
#define M_FATAL
Definition: error.h:89
socket_get_rcvbuf
static int socket_get_rcvbuf(socket_descriptor_t sd)
Definition: socket.c:915
SA_IP_PORT
#define SA_IP_PORT
Definition: socket.h:411
sd_close
void sd_close(socket_descriptor_t *sd)
Definition: socket.c:4054
PS_DONT_SHOW_ADDR
#define PS_DONT_SHOW_ADDR
Definition: socket.h:366
overlapped_io::addr_defined
bool addr_defined
Definition: win32.h:211
options::ipchange
const char * ipchange
Definition: options.h:315
context_1::tuntap
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition: openvpn.h:171
argv
Definition: argv.h:35
streq
#define streq(x, y)
Definition: options.h:726
proto2ascii
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition: socket.c:3213
M_NONFATAL
#define M_NONFATAL
Definition: error.h:90
manage.h
connection_entry::remote_port
const char * remote_port
Definition: options.h:111
management_sleep
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing.
Definition: manage.c:4117
buf_copy_excess
static bool buf_copy_excess(struct buffer *dest, struct buffer *src, int len)
Definition: buffer.h:753
buf_init
#define buf_init(buf, offset)
Definition: buffer.h:209
context
Contains all state information for one tunnel.
Definition: openvpn.h:473
es
struct env_set * es
Definition: test_pkcs11.c:141
stream_buf::buf_init
struct buffer buf_init
Definition: socket.h:132
socket_recv_queue
int socket_recv_queue(struct link_socket *sock, int maxsize)
Definition: socket.c:3601
sf2gaf
static unsigned int sf2gaf(const unsigned int getaddr_flags, const unsigned int sockflags)
Definition: socket.c:64
static_assert
#define static_assert(expr, diagnostic)
Definition: error.h:212
event_arg::sock
struct link_socket * sock
Definition: event.h:146
BSTR
#define BSTR(buf)
Definition: buffer.h:129
link_socket_info::lsa
struct link_socket_addr * lsa
Definition: socket.h:115
read_sockaddr_from_overlapped
void read_sockaddr_from_overlapped(struct overlapped_io *io, struct sockaddr *dst, int overlapped_ret)
Definition: socket.c:3836
overlapped_io::addrlen
int addrlen
Definition: win32.h:216
proto_remote
const char * proto_remote(int proto, bool remote)
Definition: socket.c:3274
link_socket_addr::bind_local
struct addrinfo * bind_local
Definition: socket.h:106
CM_CHILD_UDP
#define CM_CHILD_UDP
Definition: openvpn.h:485
context::plugins
struct plugin_list * plugins
List of plug-ins.
Definition: openvpn.h:502
PS_DONT_SHOW_FAMILY
#define PS_DONT_SHOW_FAMILY
Definition: socket.h:367
argv_printf_cat
bool argv_printf_cat(struct argv *argres, const char *format,...)
printf() inspired argv concatenation.
Definition: argv.c:464
ip_addr_dotted_quad_safe
bool ip_addr_dotted_quad_safe(const char *dotted_quad)
Definition: socket.c:737
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
openvpn_run_script
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition: run_command.h:87
overlapped_io::addr
struct sockaddr_in addr
Definition: win32.h:213
argv_free
void argv_free(struct argv *a)
Frees all memory allocations allocated by the struct argv related functions.
Definition: argv.c:102
setenv_sockaddr
void setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const unsigned int flags)
Definition: socket.c:3065
proto_names::proto_af
sa_family_t proto_af
Definition: socket.c:3162
link_socket::mark
int mark
Definition: socket.h:229
openvpn.h
CC_DASH
#define CC_DASH
dash
Definition: buffer.h:902
options::mode
int mode
Definition: options.h:260
bind_local
static void bind_local(struct link_socket *sock, const sa_family_t ai_family)
Definition: socket.c:1140
htonps
#define htonps(x)
Definition: socket.h:59
link_socket_info::remote_float
bool remote_float
Definition: socket.h:119
dmsg
#define dmsg(flags,...)
Definition: error.h:148
event_arg::u
union event_arg::@1 u
options::ce
struct connection_entry ce
Definition: options.h:288
phase2_tcp_client
static void phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2129
http_proxy_info::options
struct http_proxy_options options
Definition: proxy.h:67
link_socket_addr::current_remote
struct addrinfo * current_remote
Definition: socket.h:108
link_socket::bind_dev
const char * bind_dev
Definition: socket.h:230
addr_family_name
const char * addr_family_name(int af)
Definition: socket.c:3250
socket_set_rcvbuf
static bool socket_set_rcvbuf(socket_descriptor_t sd, int size)
Definition: socket.c:932
ip_or_dns_addr_safe
bool ip_or_dns_addr_safe(const char *addr, const bool allow_fqdn)
Definition: socket.c:823
fdmisc.h
establish_socks_proxy_passthru
void establish_socks_proxy_passthru(struct socks_proxy_info *p, socket_descriptor_t sd, const char *host, const char *servname, struct event_timeout *server_poll_timeout, struct signal_info *sig_info)
Definition: socks.c:455
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:712
link_socket::local_port
const char * local_port
Definition: socket.h:205
socks_proxy_info::port
const char * port
Definition: socks.h:41
openvpn_sockaddr
Definition: socket.h:65
SA_SET_IF_NONZERO
#define SA_SET_IF_NONZERO
Definition: socket.h:412
stream_buf_close
static void stream_buf_close(struct stream_buf *sb)
Definition: socket.c:2800
D_LOW
#define D_LOW
Definition: errlevel.h:97
HAVE_IN_PKTINFO
#define HAVE_IN_PKTINFO
Definition: config.h:219
SF_TCP_NODELAY
#define SF_TCP_NODELAY
Definition: socket.h:222
argv_parse_cmd
void argv_parse_cmd(struct argv *argres, const char *cmdstr)
Parses a command string, tokenizes it and puts each element into a separate struct argv argument slot...
Definition: argv.c:483
EVENT_READ
#define EVENT_READ
Definition: event.h:39
proto_is_dgram
static bool proto_is_dgram(int proto)
Return if the protocol is datagram (UDP)
Definition: socket.h:597
plugin.h
IA_NET_ORDER
#define IA_NET_ORDER
Definition: socket.h:402
SIG_SOURCE_HARD
#define SIG_SOURCE_HARD
Definition: sig.h:31
GETADDR_MENTION_RESOLVE_RETRY
#define GETADDR_MENTION_RESOLVE_RETRY
Definition: socket.h:520
PROTO_N
@ PROTO_N
Definition: socket.h:572
link_socket::ctrl_sd
socket_descriptor_t ctrl_sd
Definition: socket.h:187
connection_entry::local_list
struct local_list * local_list
Definition: options.h:106
openvpn_inet_aton
int openvpn_inet_aton(const char *dotted_quad, struct in_addr *addr)
Definition: socket.c:713
SF_GETADDRINFO_DGRAM
#define SF_GETADDRINFO_DGRAM
Definition: socket.h:225
stream_buf_get_final
static void stream_buf_get_final(struct stream_buf *sb, struct buffer *buf)
Definition: socket.c:2695
context::mode
int mode
Role of this context within the OpenVPN process.
Definition: openvpn.h:487
overlapped_io::flags
DWORD flags
Definition: win32.h:209
MODE_SERVER
#define MODE_SERVER
Definition: options.h:259
link_socket_write_tcp
ssize_t link_socket_write_tcp(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.c:3488
frame
Packet geometry parameters.
Definition: mtu.h:98
IOSTATE_IMMEDIATE_RETURN
#define IOSTATE_IMMEDIATE_RETURN
Definition: win32.h:205
link_socket_connection_oriented
static bool link_socket_connection_oriented(const struct link_socket *sock)
Definition: socket.h:648
socket_connect
static void socket_connect(socket_descriptor_t *sd, const struct sockaddr *dest, const int connect_timeout, struct signal_info *sig_info)
Definition: socket.c:1606
PROTO_TCP_SERVER
@ PROTO_TCP_SERVER
Definition: socket.h:570
link_socket::resolve_retry_seconds
int resolve_retry_seconds
Definition: socket.h:214
setenv_int
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:267
resolve_bind_local
static void resolve_bind_local(struct link_socket *sock, const sa_family_t af)
Definition: socket.c:1707
connection_entry::bind_local
bool bind_local
Definition: options.h:116
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition: socket.c:469
CC_ALNUM
#define CC_ALNUM
alphanumeric isalnum()
Definition: buffer.h:886
addr_zero_host
static void addr_zero_host(struct openvpn_sockaddr *addr)
Definition: socket.h:849
link_socket::listen_handle
struct rw_handle listen_handle
Definition: socket.h:193
throw_signal_soft
void throw_signal_soft(const int signum, const char *signal_text)
Throw a soft global signal.
Definition: sig.c:206
openvpn_sockaddr::in6
struct sockaddr_in6 in6
Definition: socket.h:71
connection_entry
Definition: options.h:104
OIA_IP
#define OIA_IP
Definition: socket.h:470
create_socket_udp
static socket_descriptor_t create_socket_udp(struct addrinfo *addrinfo, const unsigned int flags)
Definition: socket.c:1085
tuntap::backend_driver
enum tun_driver_type backend_driver
The backend driver that used for this tun/tap device.
Definition: tun.h:191
plugin_call
static int plugin_call(const struct plugin_list *pl, const int type, const struct argv *av, struct plugin_return *pr, struct env_set *es)
Definition: plugin.h:202
sa_family_t
unsigned short sa_family_t
Definition: syshead.h:395
link_socket::sd
socket_descriptor_t sd
Definition: socket.h:186
link_socket::rwflags_debug
unsigned int rwflags_debug
Definition: socket.h:197
stream_buf_read_setup_dowork
bool stream_buf_read_setup_dowork(struct link_socket *sock)
Definition: socket.c:2713
link_socket::proxy_dest_host
const char * proxy_dest_host
Definition: socket.h:245
cached_dns_entry::servname
const char * servname
Definition: socket.h:78
establish_http_proxy_passthru
bool establish_http_proxy_passthru(struct http_proxy_info *p, socket_descriptor_t sd, const char *host, const char *port, struct event_timeout *server_poll_timeout, struct buffer *lookahead, struct signal_info *sig_info)
Definition: proxy.c:644
set_actual_address
void set_actual_address(struct link_socket_actual *actual, struct addrinfo *ai)
Definition: socket.c:1583
link_socket::mode
int mode
Definition: socket.h:212
get_server_poll_remaining_time
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition: forward.c:509
CLEAR
#define CLEAR(x)
Definition: basic.h:33
link_socket_write_win32
static int link_socket_write_win32(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1107
event_ctl
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:181
connection_list::len
int len
Definition: options.h:198
context::c2
struct context_2 c2
Level 2 context.
Definition: openvpn.h:514
HAVE_IPI_SPEC_DST
#define HAVE_IPI_SPEC_DST
Definition: config.h:231
overlapped_io::overlapped
OVERLAPPED overlapped
Definition: win32.h:207
getaddr
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, struct signal_info *sig_info)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition: socket.c:195
link_socket::mtu_discover_type
int mtu_discover_type
Definition: socket.h:215
connection_entry::socks_proxy_port
const char * socks_proxy_port
Definition: options.h:122
LS_MODE_DEFAULT
#define LS_MODE_DEFAULT
Definition: socket.h:209
PS_SHOW_PORT
#define PS_SHOW_PORT
Definition: socket.h:364
tuntap::hand
HANDLE hand
Definition: tun.h:216
get_addr_generic
static int get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname, void *network, unsigned int *netbits, int resolve_retry_seconds, struct signal_info *sig_info, int msglevel)
Definition: socket.c:81
link_socket_actual_defined
static bool link_socket_actual_defined(const struct link_socket_actual *act)
Definition: socket.h:726
ASSERT
#define ASSERT(x)
Definition: error.h:195
local_list::array
struct local_entry * array[CONNECTION_LIST_SIZE]
Definition: options.h:192
D_STREAM_ERRORS
#define D_STREAM_ERRORS
Definition: errlevel.h:63
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:3011
proto_names
Definition: socket.c:3159
overlapped_io_close
void overlapped_io_close(struct overlapped_io *o)
Definition: win32.c:189
options::ip_remote_hint
const char * ip_remote_hint
Definition: options.h:367
PROTO_TCP_CLIENT
@ PROTO_TCP_CLIENT
Definition: socket.h:571
defined_net_event_win32
static bool defined_net_event_win32(const struct rw_handle *event)
Definition: win32.h:92
mac_addr_safe
bool mac_addr_safe(const char *mac_addr)
Definition: socket.c:840
buf_advance
static bool buf_advance(struct buffer *buf, int size)
Definition: buffer.h:618
local_entry
Definition: options.h:97
link_socket_actual
Definition: socket.h:86
CM_CHILD_TCP
#define CM_CHILD_TCP
Definition: openvpn.h:486
connection_list
Definition: options.h:195
context::gc
struct gc_arena gc
Garbage collection arena for allocations done in the scope of this context structure.
Definition: openvpn.h:492
print_link_socket_actual_ex
const char * print_link_socket_actual_ex(const struct link_socket_actual *act, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2920
link_socket_bad_outgoing_addr
void link_socket_bad_outgoing_addr(void)
Definition: socket.c:2538
openvpn_sockaddr::sa
struct sockaddr sa
Definition: socket.h:69
BLEN
#define BLEN(buf)
Definition: buffer.h:127
context_1::socks_proxy
struct socks_proxy_info * socks_proxy
Definition: openvpn.h:192
init_net_event_win32
void init_net_event_win32(struct rw_handle *event, long network_events, socket_descriptor_t sd, unsigned int flags)
Definition: win32.c:223
overlapped_io::addr6
struct sockaddr_in6 addr6
Definition: win32.h:214
socket_buffer_size
Definition: socket.h:154
RESOLV_RETRY_INFINITE
#define RESOLV_RETRY_INFINITE
Definition: socket.h:48
OPENVPN_PLUGIN_IPCHANGE
#define OPENVPN_PLUGIN_IPCHANGE
Definition: openvpn-plugin.h:120
buf_write_prepend
static bool buf_write_prepend(struct buffer *dest, const void *src, int size)
Definition: buffer.h:680
OIA_HOSTNAME
#define OIA_HOSTNAME
Definition: socket.h:469
link_socket_info::bind_ipv6_only
bool bind_ipv6_only
Definition: socket.h:122
socket_event_handle
static event_t socket_event_handle(const struct link_socket *sock)
Definition: socket.h:1259
ascii2proto
int ascii2proto(const char *proto_name)
Definition: socket.c:3187
openvpn_sockaddr::in4
struct sockaddr_in in4
Definition: socket.h:70
addrlist_match
static bool addrlist_match(const struct openvpn_sockaddr *a1, const struct addrinfo *addrlist)
Definition: socket.h:747
stream_buf::maxlen
int maxlen
Definition: socket.h:134
OPENVPN_STATE_TCP_CONNECT
#define OPENVPN_STATE_TCP_CONNECT
Definition: manage.h:482
misc.h
link_socket::local_host
const char * local_host
Definition: socket.h:204
stream_buf_added
static bool stream_buf_added(struct stream_buf *sb, int length_added)
Definition: socket.c:2733
M_WARN
#define M_WARN
Definition: error.h:91
get_cached_dns_entry
static int get_cached_dns_entry(struct cached_dns_entry *dns_cache, const char *hostname, const char *servname, int ai_family, int resolve_flags, struct addrinfo **ai)
Definition: socket.c:260
sockets_read_residual
bool sockets_read_residual(const struct context *c)
Definition: socket.c:46
socket_set_flags
static bool socket_set_flags(socket_descriptor_t sd, unsigned int sockflags)
Definition: socket.c:1009
ntohps
#define ntohps(x)
Definition: socket.h:62
socket_buffer_size::rcvbuf
int rcvbuf
Definition: socket.h:156
link_socket_connection_initiated
void link_socket_connection_initiated(struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
Definition: socket.c:2458
ALLOC_OBJ_CLEAR_GC
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition: buffer.h:1097
SocketHandleGetLastError
static int SocketHandleGetLastError(sockethandle_t sh)
Definition: socket.h:308
phase2_tcp_server
static void phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic, struct signal_info *sig_info)
Definition: socket.c:2086
LS_MODE_TCP_ACCEPT_FROM
#define LS_MODE_TCP_ACCEPT_FROM
Definition: socket.h:211
context::options
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:475
do_preresolve_host
static int do_preresolve_host(struct context *c, const char *hostname, const char *servname, const int af, const int flags)
Definition: socket.c:289
linksock_print_addr
static void linksock_print_addr(struct link_socket *sock)
Definition: socket.c:2044
openvpn_fd_set
static void openvpn_fd_set(socket_descriptor_t fd, fd_set *setp)
Definition: fdmisc.h:40
overlapped_io::status
int status
Definition: win32.h:210
http_proxy_options::port
const char * port
Definition: proxy.h:46
options
Definition: options.h:249
GETADDR_UPDATE_MANAGEMENT_STATE
#define GETADDR_UPDATE_MANAGEMENT_STATE
Definition: socket.h:525
ipchange_fmt
static void ipchange_fmt(const bool include_cmd, struct argv *argv, const struct link_socket_info *info, struct gc_arena *gc)
Definition: socket.c:2442
GETADDR_RESOLVE
#define GETADDR_RESOLVE
Definition: socket.h:517
link_socket::server_poll_timeout
struct event_timeout * server_poll_timeout
Definition: socket.h:250
throw_signal
void throw_signal(const int signum)
Throw a hard signal.
Definition: sig.c:177
M_ERR
#define M_ERR
Definition: error.h:105
stream_buf::residual_fully_formed
bool residual_fully_formed
Definition: socket.h:135
stream_buf::error
bool error
Definition: socket.h:141
signal_info::source
volatile int source
Definition: sig.h:44
link_socket::sockflags
unsigned int sockflags
Definition: socket.h:228
cached_dns_entry::next
struct cached_dns_entry * next
Definition: socket.h:82
link_socket_current_remote_ipv6
const struct in6_addr * link_socket_current_remote_ipv6(const struct link_socket_info *info)
Definition: socket.c:2579
set_nonblock
void set_nonblock(socket_descriptor_t fd)
Definition: fdmisc.c:69
CC_DIGIT
#define CC_DIGIT
digit isdigit()
Definition: buffer.h:890
SIZE
#define SIZE(x)
Definition: basic.h:30
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
proto_is_udp
static bool proto_is_udp(int proto)
Returns if the protocol being used is UDP.
Definition: socket.h:586
streqnull
static bool streqnull(const char *a, const char *b)
Definition: socket.c:239
addr_defined_ipi
static bool addr_defined_ipi(const struct link_socket_actual *lsa)
Definition: socket.h:699
http_proxy_options::server
const char * server
Definition: proxy.h:45
LS_MODE_TCP_LISTEN
#define LS_MODE_TCP_LISTEN
Definition: socket.h:210
GETADDR_DATAGRAM
#define GETADDR_DATAGRAM
Definition: socket.h:528
print_sockaddr_ex
const char * print_sockaddr_ex(const struct sockaddr *sa, const char *separator, const unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2829
socket_defined
static int socket_defined(const socket_descriptor_t sd)
Definition: syshead.h:447
socket_set_sndbuf
static void socket_set_sndbuf(socket_descriptor_t sd, int size)
Definition: socket.c:904
link_socket::info
struct link_socket_info info
Definition: socket.h:179
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2991
link_socket_addr::actual
struct link_socket_actual actual
Definition: socket.h:110
overlapped_io::iostate
int iostate
Definition: win32.h:206
ps.h
link_socket_info
Definition: socket.h:113
PROTO_NONE
@ PROTO_NONE
Definition: socket.h:567
sockethandle_t::prepend_sa
bool prepend_sa
Definition: socket.h:291
link_socket_info::proto
int proto
Definition: socket.h:120
link_socket::socket_buffer_sizes
struct socket_buffer_size socket_buffer_sizes
Definition: socket.h:217
options::sndbuf
int sndbuf
Definition: options.h:415
socket_get_last_error
static int socket_get_last_error(const struct link_socket *sock)
Definition: socket.c:3590
sockethandle_finalize
int sockethandle_finalize(sockethandle_t sh, struct overlapped_io *io, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.c:3922
signal_reset
int signal_reset(struct signal_info *si, int signum)
Clear the signal if its current value equals signum.
Definition: sig.c:266
context_2::frame
struct frame frame
Definition: openvpn.h:248
link_socket_bad_incoming_addr
void link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.c:2509
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
D_STREAM_DEBUG
#define D_STREAM_DEBUG
Definition: errlevel.h:172
D_OSBUF
#define D_OSBUF
Definition: errlevel.h:91
stream_buf::next
struct buffer next
Definition: socket.h:138
connection_list::array
struct connection_entry ** array
Definition: options.h:200
proto_names::short_form
const char * short_form
Definition: socket.c:3160
CC_DOT
#define CC_DOT
dot
Definition: buffer.h:903
SF_PORT_SHARE
#define SF_PORT_SHARE
Definition: socket.h:223
socket_buffer_size::sndbuf
int sndbuf
Definition: socket.h:157
context_2::link_sockets
struct link_socket ** link_sockets
Definition: openvpn.h:237
context_1::http_proxy
struct http_proxy_info * http_proxy
Definition: openvpn.h:188
link_socket::http_proxy
struct http_proxy_info * http_proxy
Definition: socket.h:238
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
link_socket::writes
struct overlapped_io writes
Definition: socket.h:191
alloc_buf_sock_tun
void alloc_buf_sock_tun(struct buffer *buf, const struct frame *frame)
Definition: mtu.c:42
link_socket_addr
Definition: socket.h:104
GETADDR_MSG_VIRT_OUT
#define GETADDR_MSG_VIRT_OUT
Definition: socket.h:523
close_net_event_win32
void close_net_event_win32(struct rw_handle *event, socket_descriptor_t sd, unsigned int flags)
Definition: win32.c:277
context::sig
struct signal_info * sig
Internal error signaling object.
Definition: openvpn.h:500
cached_dns_entry
Definition: socket.h:76
string_class
bool string_class(const char *str, const unsigned int inclusive, const unsigned int exclusive)
Definition: buffer.c:1022
setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:283
MODE_POINT_TO_POINT
#define MODE_POINT_TO_POINT
Definition: options.h:258
D_READ_WRITE
#define D_READ_WRITE
Definition: errlevel.h:167
SocketHandleSetInvalError
static void SocketHandleSetInvalError(sockethandle_t sh)
Definition: socket.h:320
ENABLE_IP_PKTINFO
#define ENABLE_IP_PKTINFO
Definition: syshead.h:380
options::resolve_retry_seconds
int resolve_retry_seconds
Definition: options.h:365
SOCKET_UNDEFINED
#define SOCKET_UNDEFINED
Definition: syshead.h:437
buffer::offset
int offset
Offset in bytes of the actual content within the allocated memory.
Definition: buffer.h:64
stream_buf
Definition: socket.h:130
stream_buf_set_next
static void stream_buf_set_next(struct stream_buf *sb)
Definition: socket.c:2680
D_SOCKET_DEBUG
#define D_SOCKET_DEBUG
Definition: errlevel.h:140
connection_entry::http_proxy_options
struct http_proxy_options * http_proxy_options
Definition: options.h:120
print_in_port_t
const char * print_in_port_t(in_port_t port, struct gc_arena *gc)
Definition: socket.c:3027
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:361
env_set
Definition: env_set.h:42
socket_listen_event_handle
event_t socket_listen_event_handle(struct link_socket *s)
Definition: socket.c:2811
setenv_in6_addr
void setenv_in6_addr(struct env_set *es, const char *name_prefix, const struct in6_addr *addr, const unsigned int flags)
Definition: socket.c:3131
link_socket_update_buffer_sizes
void link_socket_update_buffer_sizes(struct link_socket *sock, int rcvbuf, int sndbuf)
Definition: socket.c:1037
stream_buf_init
static void stream_buf_init(struct stream_buf *sb, struct buffer *buf, const unsigned int sockflags, const int proto)
Definition: socket.c:2659
sockethandle_t
Definition: socket.h:285
argv_new
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
Definition: argv.c:88
tcp_connection_established
static void tcp_connection_established(const struct link_socket_actual *act)
Definition: socket.c:1332
link_socket::proxy_dest_port
const char * proxy_dest_port
Definition: socket.h:246
buf_puts
bool buf_puts(struct buffer *buf, const char *str)
Definition: buffer.c:267
link_socket::socks_relay
struct link_socket_actual socks_relay
Definition: socket.h:242
argv_printf
bool argv_printf(struct argv *argres, const char *format,...)
printf() variant which populates a struct argv.
Definition: argv.c:440
dco_enabled
static bool dco_enabled(const struct options *o)
Returns whether the current configuration has dco enabled.
Definition: options.h:930
free_buf
void free_buf(struct buffer *buf)
Definition: buffer.c:183
connection_entry::flags
unsigned int flags
Definition: options.h:159
socket_descriptor_t
SOCKET socket_descriptor_t
Definition: syshead.h:439
get_ipv6_addr
bool get_ipv6_addr(const char *hostname, struct in6_addr *network, unsigned int *netbits, int msglevel)
Translate an IPv6 addr or hostname from string form to in6_addr.
Definition: socket.c:226
bad_address_length
void bad_address_length(int actual, int expected)
Definition: socket.c:3302
set_cloexec
void set_cloexec(socket_descriptor_t fd)
Definition: fdmisc.c:79
link_socket::stream_reset
bool stream_reset
Definition: socket.h:235
event_set
Definition: event.h:130
options::rcvbuf
int rcvbuf
Definition: options.h:414
buf_len
static int buf_len(const struct buffer *buf)
Definition: buffer.h:253
GETADDR_HOST_ORDER
#define GETADDR_HOST_ORDER
Definition: socket.h:519
link_socket::bind_local
bool bind_local
Definition: socket.h:207
context_1::link_socket_addrs
struct link_socket_addr * link_socket_addrs
Local and remote addresses on the external network.
Definition: openvpn.h:158
link_socket_info::connection_established
bool connection_established
Definition: socket.h:116
overlapped_io::buf_init
struct buffer buf_init
Definition: win32.h:217
SF_DCO_WIN
#define SF_DCO_WIN
Definition: socket.h:226
D_RESOLVE_ERRORS
#define D_RESOLVE_ERRORS
Definition: errlevel.h:60
link_socket::rw_handle
struct rw_handle rw_handle
Definition: socket.h:192
ascii2af
sa_family_t ascii2af(const char *proto_name)
Definition: socket.c:3200
GETADDR_TRY_ONCE
#define GETADDR_TRY_ONCE
Definition: socket.h:524
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:336
socket_set_buffers
void socket_set_buffers(socket_descriptor_t fd, const struct socket_buffer_size *sbs, bool reduce_size)
Sets the receive and send buffer sizes of a socket descriptor.
Definition: socket.c:945
socket_set
unsigned int socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition: socket.c:4017
connection_entry::remote_float
bool remote_float
Definition: options.h:113
connection_entry::remote
const char * remote
Definition: options.h:112
packet_size_type
uint16_t packet_size_type
Definition: socket.h:56
signal_info
Definition: sig.h:41
set_mtu_discover_type
void set_mtu_discover_type(socket_descriptor_t sd, int mtu_type, sa_family_t proto_af)
Definition: mtu.c:225
dco_p2p_new_peer
void dco_p2p_new_peer(HANDLE handle, struct link_socket *sock, struct signal_info *sig_info)
Definition: dco_win.c:324
link_socket_update_flags
bool link_socket_update_flags(struct link_socket *sock, unsigned int sockflags)
Definition: socket.c:1023
SocketHandleSetLastError
static void SocketHandleSetLastError(sockethandle_t sh, DWORD err)
Definition: socket.h:314
overlapped_io_init
void overlapped_io_init(struct overlapped_io *o, const struct frame *frame, BOOL event_state)
Definition: win32.c:171
stream_buf_read_setup
static bool stream_buf_read_setup(struct link_socket *sock)
Definition: socket.h:1009
status
static SERVICE_STATUS status
Definition: interactive.c:53
proto_names::display_form
const char * display_form
Definition: socket.c:3161
dco_mp_start_vpn
void dco_mp_start_vpn(HANDLE handle, struct link_socket *sock)
Initializes and binds the kernel UDP transport socket for multipeer mode.
Definition: dco_win.c:280
create_socket
static void create_socket(struct link_socket *sock, struct addrinfo *addr)
Definition: socket.c:1160
print_link_socket_actual
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition: socket.c:2910
management
Definition: manage.h:335
rw_handle::write
HANDLE write
Definition: win32.h:81
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1033
gc_freeaddrinfo_callback
static void gc_freeaddrinfo_callback(void *addr)
Definition: buffer.h:215
cached_dns_entry::ai
struct addrinfo * ai
Definition: socket.h:81
socket_send_queue
int socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
Definition: socket.c:3718
cached_dns_entry::ai_family
int ai_family
Definition: socket.h:79
options::connection_list
struct connection_list * connection_list
Definition: options.h:289
IF_NAMESIZE
#define IF_NAMESIZE
Definition: socket.c:2916
tuntap
Definition: tun.h:180
local_entry::local
const char * local
Definition: options.h:99
rw_handle
Definition: win32.h:79
read_sockaddr_from_packet
static int read_sockaddr_from_packet(struct buffer *buf, struct sockaddr *dst)
Extracts a sockaddr from a packet payload.
Definition: socket.c:3886
socket.h
options::mark
int mark
Definition: options.h:418
link_socket_read_tcp
int link_socket_read_tcp(struct link_socket *sock, struct buffer *buf)
Definition: socket.c:3314
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1060
link_socket_new
struct link_socket * link_socket_new(void)
Definition: socket.c:1880
GETADDR_CACHE_MASK
#define GETADDR_CACHE_MASK
Definition: socket.h:530
OPENVPN_STATE_RESOLVE
#define OPENVPN_STATE_RESOLVE
Definition: manage.h:481
M_MSG_VIRT_OUT
#define M_MSG_VIRT_OUT
Definition: error.h:99
DRIVER_DCO
@ DRIVER_DCO
Definition: tun.h:55
options::sockflags
unsigned int sockflags
Definition: options.h:422
proto_is_tcp
static bool proto_is_tcp(int proto)
returns if the proto is a TCP variant (tcp-server, tcp-client or tcp)
Definition: socket.h:606
SOL_IP
#define SOL_IP
Definition: syshead.h:388
phase2_set_socket_flags
static void phase2_set_socket_flags(struct link_socket *sock)
Definition: socket.c:2025
socket_do_accept
socket_descriptor_t socket_do_accept(socket_descriptor_t sd, struct link_socket_actual *act, const bool nowait)
Definition: socket.c:1268
openvpn_close_socket
#define openvpn_close_socket(s)
Definition: socket.h:277
OPENVPN_PLUGIN_FUNC_SUCCESS
#define OPENVPN_PLUGIN_FUNC_SUCCESS
Definition: openvpn-plugin.h:148
config.h
do_preresolve
void do_preresolve(struct context *c)
Definition: socket.c:343
stream_buf::len
int len
Definition: socket.h:139
stream_buf::buf
struct buffer buf
Definition: socket.h:137
socket_set_tcp_nodelay
static bool socket_set_tcp_nodelay(socket_descriptor_t sd, int state)
Definition: socket.c:978
connection_entry::bind_ipv6_only
bool bind_ipv6_only
Definition: options.h:115
link_socket::stream_buf_data
struct buffer stream_buf_data
Definition: socket.h:234
SocketHandleGetOverlappedResult
static BOOL SocketHandleGetOverlappedResult(sockethandle_t sh, struct overlapped_io *io)
Definition: socket.h:300
socket_do_listen
static void socket_do_listen(socket_descriptor_t sd, const struct addrinfo *local, bool do_listen, bool do_set_nonblock)
Definition: socket.c:1241
openvpn_connect
int openvpn_connect(socket_descriptor_t sd, const struct sockaddr *remote, int connect_timeout, volatile int *signal_received)
Definition: socket.c:1488
EVENT_WRITE
#define EVENT_WRITE
Definition: event.h:40
connection_entry::proto
int proto
Definition: options.h:107
UINT8_MAX
#define UINT8_MAX
Definition: socket.c:3035
EVENT_ARG_LINK_SOCKET
@ EVENT_ARG_LINK_SOCKET
Definition: event.h:137
getaddrinfo_addr_family_name
static const char * getaddrinfo_addr_family_name(int af)
Small helper function for openvpn_getaddrinfo to print the address family when resolving fails.
Definition: socket.c:453
IA_EMPTY_IF_UNDEF
#define IA_EMPTY_IF_UNDEF
Definition: socket.h:401
link_socket_current_remote
in_addr_t link_socket_current_remote(const struct link_socket_info *info)
Definition: socket.c:2544
context_2::server_poll_interval
struct event_timeout server_poll_interval
Definition: openvpn.h:408
get_signal
static void get_signal(volatile int *sig)
Copy the global signal_received (if non-zero) to the passed-in argument sig.
Definition: sig.h:110
MSG_NOSIGNAL
#define MSG_NOSIGNAL
Definition: socket.h:272
link_socket::stream_buf
struct stream_buf stream_buf
Definition: socket.h:233
openvpn_errno
#define openvpn_errno()
Definition: error.h:72
plugin_defined
bool plugin_defined(const struct plugin_list *pl, const int type)
Definition: plugin.c:932
socket_set_mark
static void socket_set_mark(socket_descriptor_t sd, int mark)
Definition: socket.c:998
setenv_link_socket_actual
void setenv_link_socket_actual(struct env_set *es, const char *name_prefix, const struct link_socket_actual *act, const unsigned int flags)
Definition: socket.c:3147
SF_HOST_RANDOMIZE
#define SF_HOST_RANDOMIZE
Definition: socket.h:224
buf_forward_capacity
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:541
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition: socket.h:90
SF_USE_IP_PKTINFO
#define SF_USE_IP_PKTINFO
Definition: socket.h:221
create_socket_tcp
socket_descriptor_t create_socket_tcp(struct addrinfo *addrinfo)
Definition: socket.c:1053
link_socket_info::ipchange_command
const char * ipchange_command
Definition: socket.h:117
register_signal
void register_signal(struct signal_info *si, int signum, const char *signal_text)
Register a soft signal in the signal_info struct si respecting priority.
Definition: sig.c:231
connection_entry::af
sa_family_t af
Definition: options.h:108
addr_local
static bool addr_local(const struct sockaddr *addr)
Definition: socket.h:678
socket_bind
void socket_bind(socket_descriptor_t sd, struct addrinfo *local, int ai_family, const char *prefix, bool ipv6only)
Definition: socket.c:1434
event_arg::type
event_arg_t type
Definition: event.h:143
alloc_buf
struct buffer alloc_buf(size_t size)
Definition: buffer.c:62
af_addr_size
static int af_addr_size(sa_family_t af)
Definition: socket.h:864
add_in6_addr
struct in6_addr add_in6_addr(struct in6_addr base, uint32_t add)
Definition: socket.c:3042
phase2_socks_client
static void phase2_socks_client(struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2174
PS_SHOW_PORT_IF_DEFINED
#define PS_SHOW_PORT_IF_DEFINED
Definition: socket.h:363
IPV4_INVALID_ADDR
#define IPV4_INVALID_ADDR
Definition: socket.h:438
memdbg.h
link_socket_init_phase1
void link_socket_init_phase1(struct context *c, int sock_index, int mode)
Definition: socket.c:1894
link_socket_info::plugins
const struct plugin_list * plugins
Definition: socket.h:118
options::bind_dev
char * bind_dev
Definition: options.h:419
GETADDR_PASSIVE
#define GETADDR_PASSIVE
Definition: socket.h:527
tun_open_device
void tun_open_device(struct tuntap *tt, const char *dev_node, const char **device_guid, struct gc_arena *gc)
Definition: tun.c:6587
IOSTATE_INITIAL
#define IOSTATE_INITIAL
Definition: win32.h:203
options::dev_node
const char * dev_node
Definition: options.h:318
OIA_ERROR
#define OIA_ERROR
Definition: socket.h:471
msg
#define msg(flags,...)
Definition: error.h:144
link_socket::remote_port
const char * remote_port
Definition: socket.h:203
siginfo_static
struct signal_info siginfo_static
Definition: sig.c:45
context_1::dns_cache
struct cached_dns_entry * dns_cache
Definition: openvpn.h:166
sockethandle_t::s
SOCKET s
Definition: socket.h:287
socket_stat
const char * socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
Definition: socket.c:2612
stream_buf_reset
static void stream_buf_reset(struct stream_buf *sb)
Definition: socket.c:2649
establish_socks_proxy_udpassoc
void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, struct openvpn_sockaddr *relay_addr, struct event_timeout *server_poll_timeout, struct signal_info *sig_info)
Definition: socks.c:517
link_socket::socks_proxy
struct socks_proxy_info * socks_proxy
Definition: socket.h:241
buf_defined
static bool buf_defined(const struct buffer *buf)
Definition: buffer.h:228
link_socket_close
void link_socket_close(struct link_socket *sock)
Definition: socket.c:2384
dns_addr_safe
static bool dns_addr_safe(const char *addr)
Definition: socket.c:809
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:240
sockethandle_t::is_handle
bool is_handle
Definition: socket.h:290
overlapped_io::size
DWORD size
Definition: win32.h:208
overlapped_io
Definition: win32.h:202
link_socket_info::af
sa_family_t af
Definition: socket.h:121
socket_listen_accept
static socket_descriptor_t socket_listen_accept(socket_descriptor_t sd, struct link_socket_actual *act, const char *remote_dynamic, const struct addrinfo *local, bool do_listen, bool nowait, volatile int *signal_received)
Definition: socket.c:1341
setenv_in_addr_t
void setenv_in_addr_t(struct env_set *es, const char *name_prefix, in_addr_t addr, const unsigned int flags)
Definition: socket.c:3118
link_socket::dns_cache
struct cached_dns_entry * dns_cache
Definition: socket.h:206
socket_get_sndbuf
static int socket_get_sndbuf(socket_descriptor_t sd)
Definition: socket.c:887
hostname_randomize
const char * hostname_randomize(const char *hostname, struct gc_arena *gc)
Definition: misc.c:82
link_socket_addr::remote_list
struct addrinfo * remote_list
Definition: socket.h:107
IOSTATE_QUEUED
#define IOSTATE_QUEUED
Definition: win32.h:204
openvpn_sockaddr::addr
union openvpn_sockaddr::@20 addr
PROTO_UDP
@ PROTO_UDP
Definition: socket.h:568
GETADDR_FATAL
#define GETADDR_FATAL
Definition: socket.h:518
PROTO_TCP
@ PROTO_TCP
Definition: socket.h:569
context::c1
struct context_1 c1
Level 1 context.
Definition: openvpn.h:513
socks_proxy_info::server
char server[128]
Definition: socks.h:40
create_socket_dco_win
static void create_socket_dco_win(struct context *c, struct link_socket *sock, struct signal_info *sig_info)
Definition: socket.c:2213
D_INIT_MEDIUM
#define D_INIT_MEDIUM
Definition: errlevel.h:104
management::connection
struct man_connection connection
Definition: manage.h:339
gc
struct gc_arena gc
Definition: test_ssl.c:155
local_entry::proto
int proto
Definition: options.h:101
Generated by   doxygen 1.8.17