2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
38 #include "run_command.h"
47 const int proto_overhead
[] = { /* indexed by PROTO_x */
49 IPv4_UDP_HEADER_SIZE
, /* IPv4 */
52 IPv6_UDP_HEADER_SIZE
, /* IPv6 */
59 * Convert sockflags/getaddr_flags into getaddr_flags
62 sf2gaf(const unsigned int getaddr_flags
,
63 const unsigned int sockflags
)
65 if (sockflags
& SF_HOST_RANDOMIZE
)
67 return getaddr_flags
| GETADDR_RANDOMIZE
;
76 * Functions related to the translation of DNS names to IP addresses.
79 get_addr_generic(sa_family_t af
, unsigned int flags
, const char *hostname
,
80 void *network
, unsigned int *netbits
,
81 int resolve_retry_seconds
, volatile int *signal_received
,
84 char *endp
, *sep
, *var_host
= NULL
;
85 struct addrinfo
*ai
= NULL
;
92 msg(M_NONFATAL
, "Can't resolve null hostname!");
96 /* assign family specific default values */
101 max_bits
= sizeof(in_addr_t
) * 8;
106 max_bits
= sizeof(struct in6_addr
) * 8;
111 "Unsupported AF family passed to getaddrinfo for %s (%d)",
116 /* we need to modify the hostname received as input, but we don't want to
117 * touch it directly as it might be a constant string.
119 * Therefore, we clone the string here and free it at the end of the
121 var_host
= strdup(hostname
);
124 msg(M_NONFATAL
| M_ERRNO
,
125 "Can't allocate hostname buffer for getaddrinfo");
129 /* check if this hostname has a /bits suffix */
130 sep
= strchr(var_host
, '/');
133 bits
= strtoul(sep
+ 1, &endp
, 10);
134 if ((*endp
!= '\0') || (bits
> max_bits
))
136 msg(msglevel
, "IP prefix '%s': invalid '/bits' spec (%s)", hostname
,
143 ret
= openvpn_getaddrinfo(flags
& ~GETADDR_HOST_ORDER
, var_host
, NULL
,
144 resolve_retry_seconds
, signal_received
, af
, &ai
);
145 if ((ret
== 0) && network
)
147 struct in6_addr
*ip6
;
154 *ip4
= ((struct sockaddr_in
*)ai
->ai_addr
)->sin_addr
.s_addr
;
156 if (flags
& GETADDR_HOST_ORDER
)
164 *ip6
= ((struct sockaddr_in6
*)ai
->ai_addr
)->sin6_addr
;
168 /* can't get here because 'af' was previously checked */
170 "Unsupported AF family for %s (%d)", var_host
, af
);
180 /* restore '/' separator, if any */
193 getaddr(unsigned int flags
,
194 const char *hostname
,
195 int resolve_retry_seconds
,
197 volatile int *signal_received
)
202 status
= get_addr_generic(AF_INET
, flags
, hostname
, &addr
, NULL
,
203 resolve_retry_seconds
, signal_received
,
224 get_ipv6_addr(const char *hostname
, struct in6_addr
*network
,
225 unsigned int *netbits
, int msglevel
)
227 if (get_addr_generic(AF_INET6
, GETADDR_RESOLVE
, hostname
, network
, netbits
,
228 0, NULL
, msglevel
) < 0)
233 return true; /* parsing OK, values set */
237 streqnull(const char *a
, const char *b
)
239 if (a
== NULL
&& b
== NULL
)
243 else if (a
== NULL
|| b
== NULL
)
254 * get_cached_dns_entry return 0 on success and -1
255 * otherwise. (like getaddrinfo)
258 get_cached_dns_entry(struct cached_dns_entry
*dns_cache
,
259 const char *hostname
,
260 const char *servname
,
263 struct addrinfo
**ai
)
265 struct cached_dns_entry
*ph
;
268 /* Only use flags that are relevant for the structure */
269 flags
= resolve_flags
& GETADDR_CACHE_MASK
;
271 for (ph
= dns_cache
; ph
; ph
= ph
->next
)
273 if (streqnull(ph
->hostname
, hostname
)
274 && streqnull(ph
->servname
, servname
)
275 && ph
->ai_family
== ai_family
276 && ph
->flags
== flags
)
287 do_preresolve_host(struct context
*c
,
288 const char *hostname
,
289 const char *servname
,
296 if (get_cached_dns_entry(c
->c1
.dns_cache
,
303 /* entry already cached, return success */
307 status
= openvpn_getaddrinfo(flags
, hostname
, servname
,
308 c
->options
.resolve_retry_seconds
, NULL
,
312 struct cached_dns_entry
*ph
;
314 ALLOC_OBJ_CLEAR_GC(ph
, struct cached_dns_entry
, &c
->gc
);
316 ph
->hostname
= hostname
;
317 ph
->servname
= servname
;
318 ph
->flags
= flags
& GETADDR_CACHE_MASK
;
320 if (!c
->c1
.dns_cache
)
322 c
->c1
.dns_cache
= ph
;
326 struct cached_dns_entry
*prev
= c
->c1
.dns_cache
;
334 gc_addspecial(ai
, &gc_freeaddrinfo_callback
, &c
->gc
);
341 do_preresolve(struct context
*c
)
344 struct connection_list
*l
= c
->options
.connection_list
;
345 const unsigned int preresolve_flags
= GETADDR_RESOLVE
346 |GETADDR_UPDATE_MANAGEMENT_STATE
347 |GETADDR_MENTION_RESOLVE_RETRY
351 for (i
= 0; i
< l
->len
; ++i
)
355 int flags
= preresolve_flags
;
357 struct connection_entry
*ce
= c
->options
.connection_list
->array
[i
];
359 if (proto_is_dgram(ce
->proto
))
361 flags
|= GETADDR_DATAGRAM
;
364 if (c
->options
.sockflags
& SF_HOST_RANDOMIZE
)
366 flags
|= GETADDR_RANDOMIZE
;
369 if (c
->options
.ip_remote_hint
)
371 remote
= c
->options
.ip_remote_hint
;
378 /* HTTP remote hostname does not need to be resolved */
379 if (!ce
->http_proxy_options
)
381 status
= do_preresolve_host(c
, remote
, ce
->remote_port
, ce
->af
, flags
);
388 /* Preresolve proxy */
389 if (ce
->http_proxy_options
)
391 status
= do_preresolve_host(c
,
392 ce
->http_proxy_options
->server
,
393 ce
->http_proxy_options
->port
,
403 if (ce
->socks_proxy_server
)
405 status
= do_preresolve_host(c
,
406 ce
->socks_proxy_server
,
407 ce
->socks_proxy_port
,
418 flags
|= GETADDR_PASSIVE
;
419 flags
&= ~GETADDR_RANDOMIZE
;
420 status
= do_preresolve_host(c
, ce
->local
, ce
->local_port
, ce
->af
, flags
);
432 throw_signal_soft(SIGHUP
, "Preresolving failed");
436 * Translate IPv4/IPv6 addr or hostname into struct addrinfo
437 * If resolve error, try again for resolve_retry_seconds seconds.
440 openvpn_getaddrinfo(unsigned int flags
,
441 const char *hostname
,
442 const char *servname
,
443 int resolve_retry_seconds
,
444 volatile int *signal_received
,
446 struct addrinfo
**res
)
448 struct addrinfo hints
;
451 int msglevel
= (flags
& GETADDR_FATAL
) ? M_FATAL
: D_RESOLVE_ERRORS
;
452 struct gc_arena gc
= gc_new();
453 const char *print_hostname
;
454 const char *print_servname
;
458 ASSERT(hostname
|| servname
);
459 ASSERT(!(flags
& GETADDR_HOST_ORDER
));
463 print_servname
= servname
;
470 if (flags
& GETADDR_MSG_VIRT_OUT
)
472 msglevel
|= M_MSG_VIRT_OUT
;
475 if ((flags
& (GETADDR_FATAL_ON_SIGNAL
|GETADDR_WARN_ON_SIGNAL
))
478 signal_received
= &sigrec
;
481 /* try numeric ipv6 addr first */
483 hints
.ai_family
= ai_family
;
484 hints
.ai_flags
= AI_NUMERICHOST
;
486 if (flags
& GETADDR_PASSIVE
)
488 hints
.ai_flags
|= AI_PASSIVE
;
491 if (flags
& GETADDR_DATAGRAM
)
493 hints
.ai_socktype
= SOCK_DGRAM
;
497 hints
.ai_socktype
= SOCK_STREAM
;
500 status
= getaddrinfo(hostname
, servname
, &hints
, res
);
502 if (status
!= 0) /* parse as numeric address failed? */
504 const int fail_wait_interval
= 5; /* seconds */
505 /* Add +4 to cause integer division rounding up (1 + 4) = 5, (0+4)/5=0 */
506 int resolve_retries
= (flags
& GETADDR_TRY_ONCE
) ? 1 :
507 ((resolve_retry_seconds
+ 4)/ fail_wait_interval
);
511 if (hostname
&& (flags
& GETADDR_RANDOMIZE
))
513 hostname
= hostname_randomize(hostname
, &gc
);
518 print_hostname
= hostname
;
522 print_hostname
= "undefined";
525 fmt
= "RESOLVE: Cannot resolve host address: %s:%s (%s)";
526 if ((flags
& GETADDR_MENTION_RESOLVE_RETRY
)
527 && !resolve_retry_seconds
)
529 fmt
= "RESOLVE: Cannot resolve host address: %s:%s (%s) (I would have retried this name query if you had specified the --resolv-retry option.)";
532 if (!(flags
& GETADDR_RESOLVE
) || status
== EAI_FAIL
)
534 msg(msglevel
, "RESOLVE: Cannot parse IP address: %s:%s (%s)",
535 print_hostname
,print_servname
, gai_strerror(status
));
539 #ifdef ENABLE_MANAGEMENT
540 if (flags
& GETADDR_UPDATE_MANAGEMENT_STATE
)
544 management_set_state(management
,
545 OPENVPN_STATE_RESOLVE
,
563 /* try hostname lookup */
564 hints
.ai_flags
&= ~AI_NUMERICHOST
;
565 dmsg(D_SOCKET_DEBUG
, "GETADDRINFO flags=0x%04x ai_family=%d ai_socktype=%d",
566 flags
, hints
.ai_family
, hints
.ai_socktype
);
567 status
= getaddrinfo(hostname
, servname
, &hints
, res
);
571 get_signal(signal_received
);
572 if (*signal_received
) /* were we interrupted by a signal? */
574 if (*signal_received
== SIGUSR1
) /* ignore SIGUSR1 */
576 msg(level
, "RESOLVE: Ignored SIGUSR1 signal received during DNS resolution attempt");
577 *signal_received
= 0;
581 /* turn success into failure (interrupted syscall) */
587 status
= EAI_AGAIN
; /* = temporary failure */
601 /* resolve lookup failed, should we
602 * continue or fail? */
604 if (resolve_retries
> 0)
606 level
= D_RESOLVE_ERRORS
;
613 gai_strerror(status
));
615 if (--resolve_retries
<= 0)
620 management_sleep(fail_wait_interval
);
625 /* hostname resolve succeeded */
628 * Do not choose an IP Addresse by random or change the order *
629 * of IP addresses, doing so will break RFC 3484 address selection *
634 /* IP address parse succeeded */
635 if (flags
& GETADDR_RANDOMIZE
)
637 msg(M_WARN
, "WARNING: ignoring --remote-random-hostname because the hostname is an IP address");
642 if (signal_received
&& *signal_received
)
645 if (flags
& GETADDR_FATAL_ON_SIGNAL
)
649 else if (flags
& GETADDR_WARN_ON_SIGNAL
)
653 msg(level
, "RESOLVE: signal received during DNS resolution attempt");
661 * We do our own inet_aton because the glibc function
662 * isn't very good about error checking.
665 openvpn_inet_aton(const char *dotted_quad
, struct in_addr
*addr
)
667 unsigned int a
, b
, c
, d
;
670 if (sscanf(dotted_quad
, "%u.%u.%u.%u", &a
, &b
, &c
, &d
) == 4)
672 if (a
< 256 && b
< 256 && c
< 256 && d
< 256)
674 addr
->s_addr
= htonl(a
<<24 | b
<<16 | c
<<8 | d
);
675 return OIA_IP
; /* good dotted quad */
678 if (string_class(dotted_quad
, CC_DIGIT
|CC_DOT
, 0))
680 return OIA_ERROR
; /* probably a badly formatted dotted quad */
684 return OIA_HOSTNAME
; /* probably a hostname */
689 ip_addr_dotted_quad_safe(const char *dotted_quad
)
691 /* verify non-NULL */
697 /* verify length is within limits */
698 if (strlen(dotted_quad
) > 15)
703 /* verify that all chars are either numeric or '.' and that no numeric
704 * substring is greater than 3 chars */
707 const char *p
= dotted_quad
;
712 if (c
>= '0' && c
<= '9')
731 /* verify that string will convert to IP address */
734 return openvpn_inet_aton(dotted_quad
, &a
) == OIA_IP
;
739 ipv6_addr_safe(const char *ipv6_text_addr
)
741 /* verify non-NULL */
747 /* verify length is within limits */
748 if (strlen(ipv6_text_addr
) > INET6_ADDRSTRLEN
)
753 /* verify that string will convert to IPv6 address */
756 return inet_pton( AF_INET6
, ipv6_text_addr
, &a6
) == 1;
761 dns_addr_safe(const char *addr
)
765 const size_t len
= strlen(addr
);
766 return len
> 0 && len
<= 255 && string_class(addr
, CC_ALNUM
|CC_DASH
|CC_DOT
, 0);
775 ip_or_dns_addr_safe(const char *addr
, const bool allow_fqdn
)
777 if (ip_addr_dotted_quad_safe(addr
))
783 return dns_addr_safe(addr
);
792 mac_addr_safe(const char *mac_addr
)
794 /* verify non-NULL */
800 /* verify length is within limits */
801 if (strlen(mac_addr
) > 17)
806 /* verify that all chars are either alphanumeric or ':' and that no
807 * alphanumeric substring is greater than 2 chars */
810 const char *p
= mac_addr
;
815 if ( (c
>= '0' && c
<= '9') || (c
>= 'a' && c
<= 'f') || (c
>= 'A' && c
<= 'F') )
834 /* error-checking is left to script invoked in lladdr.c */
839 socket_get_sndbuf(int sd
)
841 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
846 if (getsockopt(sd
, SOL_SOCKET
, SO_SNDBUF
, (void *) &val
, &len
) == 0
847 && len
== sizeof(val
))
856 socket_set_sndbuf(int sd
, int size
)
858 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
859 if (setsockopt(sd
, SOL_SOCKET
, SO_SNDBUF
, (void *) &size
, sizeof(size
)) != 0)
861 msg(M_WARN
, "NOTE: setsockopt SO_SNDBUF=%d failed", size
);
867 socket_get_rcvbuf(int sd
)
869 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
874 if (getsockopt(sd
, SOL_SOCKET
, SO_RCVBUF
, (void *) &val
, &len
) == 0
875 && len
== sizeof(val
))
884 socket_set_rcvbuf(int sd
, int size
)
886 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
887 if (setsockopt(sd
, SOL_SOCKET
, SO_RCVBUF
, (void *) &size
, sizeof(size
)) != 0)
889 msg(M_WARN
, "NOTE: setsockopt SO_RCVBUF=%d failed", size
);
897 socket_set_buffers(int fd
, const struct socket_buffer_size
*sbs
)
901 const int sndbuf_old
= socket_get_sndbuf(fd
);
902 const int rcvbuf_old
= socket_get_rcvbuf(fd
);
906 socket_set_sndbuf(fd
, sbs
->sndbuf
);
911 socket_set_rcvbuf(fd
, sbs
->rcvbuf
);
914 msg(D_OSBUF
, "Socket Buffers: R=[%d->%d] S=[%d->%d]",
916 socket_get_rcvbuf(fd
),
918 socket_get_sndbuf(fd
));
923 * Set other socket options
927 socket_set_tcp_nodelay(int sd
, int state
)
929 #if defined(_WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY))
930 if (setsockopt(sd
, IPPROTO_TCP
, TCP_NODELAY
, (void *) &state
, sizeof(state
)) != 0)
932 msg(M_WARN
, "NOTE: setsockopt TCP_NODELAY=%d failed", state
);
937 dmsg(D_OSBUF
, "Socket flags: TCP_NODELAY=%d succeeded", state
);
940 #else /* if defined(_WIN32) || (defined(HAVE_SETSOCKOPT) && defined(IPPROTO_TCP) && defined(TCP_NODELAY)) */
941 msg(M_WARN
, "NOTE: setsockopt TCP_NODELAY=%d failed (No kernel support)", state
);
947 socket_set_mark(int sd
, int mark
)
949 #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
950 if (mark
&& setsockopt(sd
, SOL_SOCKET
, SO_MARK
, (void *) &mark
, sizeof(mark
)) != 0)
952 msg(M_WARN
, "NOTE: setsockopt SO_MARK=%d failed", mark
);
958 socket_set_flags(int sd
, unsigned int sockflags
)
960 if (sockflags
& SF_TCP_NODELAY
)
962 return socket_set_tcp_nodelay(sd
, 1);
971 link_socket_update_flags(struct link_socket
*ls
, unsigned int sockflags
)
973 if (ls
&& socket_defined(ls
->sd
))
975 return socket_set_flags(ls
->sd
, ls
->sockflags
= sockflags
);
984 link_socket_update_buffer_sizes(struct link_socket
*ls
, int rcvbuf
, int sndbuf
)
986 if (ls
&& socket_defined(ls
->sd
))
988 ls
->socket_buffer_sizes
.sndbuf
= sndbuf
;
989 ls
->socket_buffer_sizes
.rcvbuf
= rcvbuf
;
990 socket_set_buffers(ls
->sd
, &ls
->socket_buffer_sizes
);
995 * SOCKET INITALIZATION CODE.
996 * Create a TCP/UDP socket
1000 create_socket_tcp(struct addrinfo
*addrinfo
)
1002 socket_descriptor_t sd
;
1005 ASSERT(addrinfo
->ai_socktype
== SOCK_STREAM
);
1007 if ((sd
= socket(addrinfo
->ai_family
, addrinfo
->ai_socktype
, addrinfo
->ai_protocol
)) < 0)
1009 msg(M_ERR
, "Cannot create TCP socket");
1012 #ifndef _WIN32 /* using SO_REUSEADDR on Windows will cause bind to succeed on port conflicts! */
1013 /* set SO_REUSEADDR on socket */
1016 if (setsockopt(sd
, SOL_SOCKET
, SO_REUSEADDR
,
1017 (void *) &on
, sizeof(on
)) < 0)
1019 msg(M_ERR
, "TCP: Cannot setsockopt SO_REUSEADDR on TCP socket");
1024 /* set socket file descriptor to not pass across execs, so that
1025 * scripts don't have access to it */
1031 static socket_descriptor_t
1032 create_socket_udp(struct addrinfo
*addrinfo
, const unsigned int flags
)
1034 socket_descriptor_t sd
;
1037 ASSERT(addrinfo
->ai_socktype
== SOCK_DGRAM
);
1039 if ((sd
= socket(addrinfo
->ai_family
, addrinfo
->ai_socktype
, addrinfo
->ai_protocol
)) < 0)
1041 msg(M_ERR
, "UDP: Cannot create UDP/UDP6 socket");
1043 #if ENABLE_IP_PKTINFO
1044 else if (flags
& SF_USE_IP_PKTINFO
)
1047 if (addrinfo
->ai_family
== AF_INET
)
1049 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
1050 if (setsockopt(sd
, SOL_IP
, IP_PKTINFO
,
1051 (void *)&pad
, sizeof(pad
)) < 0)
1053 msg(M_ERR
, "UDP: failed setsockopt for IP_PKTINFO");
1055 #elif defined(IP_RECVDSTADDR)
1056 if (setsockopt(sd
, IPPROTO_IP
, IP_RECVDSTADDR
,
1057 (void *)&pad
, sizeof(pad
)) < 0)
1059 msg(M_ERR
, "UDP: failed setsockopt for IP_RECVDSTADDR");
1061 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
1062 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
1065 else if (addrinfo
->ai_family
== AF_INET6
)
1067 #ifndef IPV6_RECVPKTINFO /* Some older Darwin platforms require this */
1068 if (setsockopt(sd
, IPPROTO_IPV6
, IPV6_PKTINFO
,
1069 (void *)&pad
, sizeof(pad
)) < 0)
1071 if (setsockopt(sd
, IPPROTO_IPV6
, IPV6_RECVPKTINFO
,
1072 (void *)&pad
, sizeof(pad
)) < 0)
1074 { msg(M_ERR
, "UDP: failed setsockopt for IPV6_RECVPKTINFO");}
1077 #endif /* if ENABLE_IP_PKTINFO */
1079 /* set socket file descriptor to not pass across execs, so that
1080 * scripts don't have access to it */
1087 bind_local(struct link_socket
*sock
, const sa_family_t ai_family
)
1089 /* bind to local address/port */
1090 if (sock
->bind_local
)
1092 if (sock
->socks_proxy
&& sock
->info
.proto
== PROTO_UDP
)
1094 socket_bind(sock
->ctrl_sd
, sock
->info
.lsa
->bind_local
,
1095 ai_family
, "SOCKS", false);
1099 socket_bind(sock
->sd
, sock
->info
.lsa
->bind_local
,
1101 "TCP/UDP", sock
->info
.bind_ipv6_only
);
1107 create_socket(struct link_socket
*sock
, struct addrinfo
*addr
)
1109 if (addr
->ai_protocol
== IPPROTO_UDP
|| addr
->ai_socktype
== SOCK_DGRAM
)
1111 sock
->sd
= create_socket_udp(addr
, sock
->sockflags
);
1112 sock
->sockflags
|= SF_GETADDRINFO_DGRAM
;
1114 /* Assume that control socket and data socket to the socks proxy
1115 * are using the same IP family */
1116 if (sock
->socks_proxy
)
1118 /* Construct a temporary addrinfo to create the socket,
1119 * currently resolve two remote addresses is not supported,
1120 * TODO: Rewrite the whole resolve_remote */
1121 struct addrinfo addrinfo_tmp
= *addr
;
1122 addrinfo_tmp
.ai_socktype
= SOCK_STREAM
;
1123 addrinfo_tmp
.ai_protocol
= IPPROTO_TCP
;
1124 sock
->ctrl_sd
= create_socket_tcp(&addrinfo_tmp
);
1127 else if (addr
->ai_protocol
== IPPROTO_TCP
|| addr
->ai_socktype
== SOCK_STREAM
)
1129 sock
->sd
= create_socket_tcp(addr
);
1135 /* set socket buffers based on --sndbuf and --rcvbuf options */
1136 socket_set_buffers(sock
->sd
, &sock
->socket_buffer_sizes
);
1138 /* set socket to --mark packets with given value */
1139 socket_set_mark(sock
->sd
, sock
->mark
);
1141 bind_local(sock
, addr
->ai_family
);
1144 #ifdef TARGET_ANDROID
1146 protect_fd_nonlocal(int fd
, const struct sockaddr
*addr
)
1148 /* pass socket FD to management interface to pass on to VPNService API
1149 * as "protected socket" (exempt from being routed into tunnel)
1151 if (addr_local(addr
))
1153 msg(D_SOCKET_DEBUG
, "Address is local, not protecting socket fd %d", fd
);
1157 msg(D_SOCKET_DEBUG
, "Protecting socket fd %d", fd
);
1158 management
->connection
.fdtosend
= fd
;
1159 management_android_control(management
, "PROTECTFD", __func__
);
1164 * Functions used for establishing a TCP stream connection.
1167 socket_do_listen(socket_descriptor_t sd
,
1168 const struct addrinfo
*local
,
1170 bool do_set_nonblock
)
1172 struct gc_arena gc
= gc_new();
1176 msg(M_INFO
, "Listening for incoming TCP connection on %s",
1177 print_sockaddr(local
->ai_addr
, &gc
));
1180 msg(M_ERR
, "TCP: listen() failed");
1184 /* set socket to non-blocking mode */
1185 if (do_set_nonblock
)
1194 socket_do_accept(socket_descriptor_t sd
,
1195 struct link_socket_actual
*act
,
1198 /* af_addr_size WILL return 0 in this case if AFs other than AF_INET
1199 * are compiled because act is empty here.
1200 * could use getsockname() to support later remote_len check
1202 socklen_t remote_len_af
= af_addr_size(act
->dest
.addr
.sa
.sa_family
);
1203 socklen_t remote_len
= sizeof(act
->dest
.addr
);
1204 socket_descriptor_t new_sd
= SOCKET_UNDEFINED
;
1208 #ifdef HAVE_GETPEERNAME
1211 new_sd
= getpeername(sd
, &act
->dest
.addr
.sa
, &remote_len
);
1213 if (!socket_defined(new_sd
))
1215 msg(D_LINK_ERRORS
| M_ERRNO
, "TCP: getpeername() failed");
1222 #else /* ifdef HAVE_GETPEERNAME */
1225 msg(M_WARN
, "TCP: this OS does not provide the getpeername() function");
1230 new_sd
= accept(sd
, &act
->dest
.addr
.sa
, &remote_len
);
1233 #if 0 /* For debugging only, test the effect of accept() failures */
1244 if (!socket_defined(new_sd
))
1246 msg(D_LINK_ERRORS
| M_ERRNO
, "TCP: accept(%d) failed", (int)sd
);
1248 /* only valid if we have remote_len_af!=0 */
1249 else if (remote_len_af
&& remote_len
!= remote_len_af
)
1251 msg(D_LINK_ERRORS
, "TCP: Received strange incoming connection with unknown address length=%d", remote_len
);
1252 openvpn_close_socket(new_sd
);
1253 new_sd
= SOCKET_UNDEFINED
;
1257 /* set socket file descriptor to not pass across execs, so that
1258 * scripts don't have access to it */
1265 tcp_connection_established(const struct link_socket_actual
*act
)
1267 struct gc_arena gc
= gc_new();
1268 msg(M_INFO
, "TCP connection established with %s",
1269 print_link_socket_actual(act
, &gc
));
1273 static socket_descriptor_t
1274 socket_listen_accept(socket_descriptor_t sd
,
1275 struct link_socket_actual
*act
,
1276 const char *remote_dynamic
,
1277 const struct addrinfo
*local
,
1280 volatile int *signal_received
)
1282 struct gc_arena gc
= gc_new();
1283 /* struct openvpn_sockaddr *remote = &act->dest; */
1284 struct openvpn_sockaddr remote_verify
= act
->dest
;
1285 socket_descriptor_t new_sd
= SOCKET_UNDEFINED
;
1288 socket_do_listen(sd
, local
, do_listen
, true);
1297 openvpn_fd_set(sd
, &reads
);
1301 status
= select(sd
+ 1, &reads
, NULL
, NULL
, &tv
);
1303 get_signal(signal_received
);
1304 if (*signal_received
)
1312 msg(D_LINK_ERRORS
| M_ERRNO
, "TCP: select() failed");
1317 management_sleep(1);
1321 new_sd
= socket_do_accept(sd
, act
, nowait
);
1323 if (socket_defined(new_sd
))
1325 struct addrinfo
*ai
= NULL
;
1328 openvpn_getaddrinfo(0, remote_dynamic
, NULL
, 1, NULL
,
1329 remote_verify
.addr
.sa
.sa_family
, &ai
);
1332 if (ai
&& !addrlist_match(&remote_verify
, ai
))
1335 "TCP NOTE: Rejected connection attempt from %s due to --remote setting",
1336 print_link_socket_actual(act
, &gc
));
1337 if (openvpn_close_socket(new_sd
))
1339 msg(M_ERR
, "TCP: close socket failed (new_sd)");
1352 management_sleep(1);
1355 if (!nowait
&& openvpn_close_socket(sd
))
1357 msg(M_ERR
, "TCP: close socket failed (sd)");
1360 tcp_connection_established(act
);
1366 /* older mingw versions and WinXP do not have this define,
1367 * but Vista and up support the functionality - just define it here
1371 #define IPV6_V6ONLY 27
1375 socket_bind(socket_descriptor_t sd
,
1376 struct addrinfo
*local
,
1381 struct gc_arena gc
= gc_new();
1384 * getaddrinfo for the bind address might return multiple AF_INET/AF_INET6
1385 * entries for the requested protocol.
1386 * For example if an address has multiple A records
1387 * What is the correct way to deal with it?
1390 struct addrinfo
*cur
;
1395 /* find the first addrinfo with correct ai_family */
1396 for (cur
= local
; cur
; cur
= cur
->ai_next
)
1398 if (cur
->ai_family
== ai_family
)
1405 msg(M_FATAL
, "%s: Socket bind failed: Addr to bind has no %s record",
1406 prefix
, addr_family_name(ai_family
));
1409 if (ai_family
== AF_INET6
)
1411 int v6only
= ipv6only
? 1 : 0; /* setsockopt must have an "int" */
1413 msg(M_INFO
, "setsockopt(IPV6_V6ONLY=%d)", v6only
);
1414 if (setsockopt(sd
, IPPROTO_IPV6
, IPV6_V6ONLY
, (void *) &v6only
, sizeof(v6only
)))
1416 msg(M_NONFATAL
|M_ERRNO
, "Setting IPV6_V6ONLY=%d failed", v6only
);
1419 if (bind(sd
, cur
->ai_addr
, cur
->ai_addrlen
))
1421 msg(M_FATAL
| M_ERRNO
, "%s: Socket bind failed on local address %s",
1423 print_sockaddr_ex(local
->ai_addr
, ":", PS_SHOW_PORT
, &gc
));
1429 openvpn_connect(socket_descriptor_t sd
,
1430 const struct sockaddr
*remote
,
1431 int connect_timeout
,
1432 volatile int *signal_received
)
1436 #ifdef TARGET_ANDROID
1437 protect_fd_nonlocal(sd
, remote
);
1440 #ifdef CONNECT_NONBLOCK
1442 status
= connect(sd
, remote
, af_addr_size(remote
->sa_family
));
1445 status
= openvpn_errno();
1449 status
== WSAEWOULDBLOCK
1451 status
== EINPROGRESS
1458 struct pollfd fds
[1];
1460 fds
[0].events
= POLLOUT
;
1461 status
= poll(fds
, 1, 0);
1467 openvpn_fd_set(sd
, &writes
);
1471 status
= select(sd
+ 1, NULL
, &writes
, NULL
, &tv
);
1473 if (signal_received
)
1475 get_signal(signal_received
);
1476 if (*signal_received
)
1484 status
= openvpn_errno();
1489 if (--connect_timeout
< 0)
1492 status
= WSAETIMEDOUT
;
1498 management_sleep(1);
1508 if (getsockopt(sd
, SOL_SOCKET
, SO_ERROR
, (void *) &val
, &len
) == 0
1509 && len
== sizeof(val
))
1515 status
= openvpn_errno();
1521 #else /* ifdef CONNECT_NONBLOCK */
1522 status
= connect(sd
, remote
, af_addr_size(remote
->sa_family
));
1525 status
= openvpn_errno();
1527 #endif /* ifdef CONNECT_NONBLOCK */
1533 set_actual_address(struct link_socket_actual
*actual
, struct addrinfo
*ai
)
1538 if (ai
->ai_family
== AF_INET
)
1540 actual
->dest
.addr
.in4
=
1541 *((struct sockaddr_in
*) ai
->ai_addr
);
1543 else if (ai
->ai_family
== AF_INET6
)
1545 actual
->dest
.addr
.in6
=
1546 *((struct sockaddr_in6
*) ai
->ai_addr
);
1556 socket_connect(socket_descriptor_t
*sd
,
1557 const struct sockaddr
*dest
,
1558 const int connect_timeout
,
1559 struct signal_info
*sig_info
)
1561 struct gc_arena gc
= gc_new();
1564 #ifdef CONNECT_NONBLOCK
1565 msg(M_INFO
, "Attempting to establish TCP connection with %s [nonblock]",
1566 print_sockaddr(dest
, &gc
));
1568 msg(M_INFO
, "Attempting to establish TCP connection with %s",
1569 print_sockaddr(dest
, &gc
));
1572 #ifdef ENABLE_MANAGEMENT
1575 management_set_state(management
,
1576 OPENVPN_STATE_TCP_CONNECT
,
1585 /* Set the actual address */
1586 status
= openvpn_connect(*sd
, dest
, connect_timeout
, &sig_info
->signal_received
);
1588 get_signal(&sig_info
->signal_received
);
1589 if (sig_info
->signal_received
)
1597 msg(D_LINK_ERRORS
, "TCP: connect to %s failed: %s",
1598 print_sockaddr(dest
, &gc
), strerror(status
));
1600 openvpn_close_socket(*sd
);
1601 *sd
= SOCKET_UNDEFINED
;
1602 sig_info
->signal_received
= SIGUSR1
;
1603 sig_info
->source
= SIG_SOURCE_CONNECTION_FAILED
;
1607 msg(M_INFO
, "TCP connection established with %s",
1608 print_sockaddr(dest
, &gc
));
1616 * Stream buffer handling prototypes -- stream_buf is a helper class
1617 * to assist in the packetization of stream transport protocols
1622 stream_buf_init(struct stream_buf
*sb
, struct buffer
*buf
,
1623 const unsigned int sockflags
, const int proto
);
1626 stream_buf_close(struct stream_buf
*sb
);
1629 stream_buf_added(struct stream_buf
*sb
, int length_added
);
1631 /* For stream protocols, allocate a buffer to build up packet.
1632 * Called after frame has been finalized. */
1635 socket_frame_init(const struct frame
*frame
, struct link_socket
*sock
)
1638 overlapped_io_init(&sock
->reads
, frame
, FALSE
, false);
1639 overlapped_io_init(&sock
->writes
, frame
, TRUE
, false);
1640 sock
->rw_handle
.read
= sock
->reads
.overlapped
.hEvent
;
1641 sock
->rw_handle
.write
= sock
->writes
.overlapped
.hEvent
;
1644 if (link_socket_connection_oriented(sock
))
1647 stream_buf_init(&sock
->stream_buf
,
1648 &sock
->reads
.buf_init
,
1652 alloc_buf_sock_tun(&sock
->stream_buf_data
,
1655 FRAME_HEADROOM_MARKER_READ_STREAM
);
1657 stream_buf_init(&sock
->stream_buf
,
1658 &sock
->stream_buf_data
,
1666 * Adjust frame structure based on a Path MTU value given
1670 frame_adjust_path_mtu(struct frame
*frame
, int pmtu
, int proto
)
1672 frame_set_mtu_dynamic(frame
, pmtu
- datagram_overhead(proto
), SET_MTU_UPPER_BOUND
);
1676 resolve_bind_local(struct link_socket
*sock
, const sa_family_t af
)
1678 struct gc_arena gc
= gc_new();
1680 /* resolve local address if undefined */
1681 if (!sock
->info
.lsa
->bind_local
)
1683 int flags
= GETADDR_RESOLVE
| GETADDR_WARN_ON_SIGNAL
1684 |GETADDR_FATAL
| GETADDR_PASSIVE
;
1687 if (proto_is_dgram(sock
->info
.proto
))
1689 flags
|= GETADDR_DATAGRAM
;
1692 /* will return AF_{INET|INET6}from local_host */
1693 status
= get_cached_dns_entry(sock
->dns_cache
,
1698 &sock
->info
.lsa
->bind_local
);
1702 status
= openvpn_getaddrinfo(flags
, sock
->local_host
, sock
->local_port
, 0,
1703 NULL
, af
, &sock
->info
.lsa
->bind_local
);
1708 msg(M_FATAL
, "getaddrinfo() failed for local \"%s:%s\": %s",
1709 sock
->local_host
, sock
->local_port
,
1710 gai_strerror(status
));
1718 resolve_remote(struct link_socket
*sock
,
1720 const char **remote_dynamic
,
1721 volatile int *signal_received
)
1723 struct gc_arena gc
= gc_new();
1725 /* resolve remote address if undefined */
1726 if (!sock
->info
.lsa
->remote_list
)
1728 if (sock
->remote_host
)
1730 unsigned int flags
= sf2gaf(GETADDR_RESOLVE
|GETADDR_UPDATE_MANAGEMENT_STATE
, sock
->sockflags
);
1733 struct addrinfo
*ai
;
1734 if (proto_is_dgram(sock
->info
.proto
))
1736 flags
|= GETADDR_DATAGRAM
;
1739 if (sock
->resolve_retry_seconds
== RESOLV_RETRY_INFINITE
)
1743 flags
|= (GETADDR_TRY_ONCE
| GETADDR_FATAL
);
1747 else if (phase
== 1)
1749 if (sock
->resolve_retry_seconds
)
1755 flags
|= (GETADDR_FATAL
| GETADDR_MENTION_RESOLVE_RETRY
);
1759 else if (phase
== 2)
1761 if (sock
->resolve_retry_seconds
)
1763 flags
|= GETADDR_FATAL
;
1764 retry
= sock
->resolve_retry_seconds
;
1777 status
= get_cached_dns_entry(sock
->dns_cache
,
1784 status
= openvpn_getaddrinfo(flags
, sock
->remote_host
, sock
->remote_port
,
1785 retry
, signal_received
, sock
->info
.af
, &ai
);
1790 sock
->info
.lsa
->remote_list
= ai
;
1791 sock
->info
.lsa
->current_remote
= ai
;
1793 dmsg(D_SOCKET_DEBUG
, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d",
1797 signal_received
? *signal_received
: -1,
1800 if (signal_received
)
1802 if (*signal_received
)
1809 if (signal_received
)
1811 *signal_received
= SIGUSR1
;
1818 /* should we re-use previous active remote address? */
1819 if (link_socket_actual_defined(&sock
->info
.lsa
->actual
))
1821 msg(M_INFO
, "TCP/UDP: Preserving recently used remote address: %s",
1822 print_link_socket_actual(&sock
->info
.lsa
->actual
, &gc
));
1825 *remote_dynamic
= NULL
;
1830 CLEAR(sock
->info
.lsa
->actual
);
1831 if (sock
->info
.lsa
->current_remote
)
1833 set_actual_address(&sock
->info
.lsa
->actual
,
1834 sock
->info
.lsa
->current_remote
);
1844 struct link_socket
*
1845 link_socket_new(void)
1847 struct link_socket
*sock
;
1849 ALLOC_OBJ_CLEAR(sock
, struct link_socket
);
1850 sock
->sd
= SOCKET_UNDEFINED
;
1851 sock
->ctrl_sd
= SOCKET_UNDEFINED
;
1856 link_socket_init_phase1(struct link_socket
*sock
,
1857 const char *local_host
,
1858 const char *local_port
,
1859 const char *remote_host
,
1860 const char *remote_port
,
1861 struct cached_dns_entry
*dns_cache
,
1864 bool bind_ipv6_only
,
1866 const struct link_socket
*accept_from
,
1867 struct http_proxy_info
*http_proxy
,
1868 struct socks_proxy_info
*socks_proxy
,
1875 struct link_socket_addr
*lsa
,
1876 const char *ipchange_command
,
1877 const struct plugin_list
*plugins
,
1878 int resolve_retry_seconds
,
1879 int mtu_discover_type
,
1883 struct event_timeout
*server_poll_timeout
,
1884 unsigned int sockflags
)
1888 sock
->local_host
= local_host
;
1889 sock
->local_port
= local_port
;
1890 sock
->remote_host
= remote_host
;
1891 sock
->remote_port
= remote_port
;
1892 sock
->dns_cache
= dns_cache
;
1893 sock
->http_proxy
= http_proxy
;
1894 sock
->socks_proxy
= socks_proxy
;
1895 sock
->bind_local
= bind_local
;
1896 sock
->inetd
= inetd
;
1897 sock
->resolve_retry_seconds
= resolve_retry_seconds
;
1898 sock
->mtu_discover_type
= mtu_discover_type
;
1901 sock
->gremlin
= gremlin
;
1904 sock
->socket_buffer_sizes
.rcvbuf
= rcvbuf
;
1905 sock
->socket_buffer_sizes
.sndbuf
= sndbuf
;
1907 sock
->sockflags
= sockflags
;
1910 sock
->info
.proto
= proto
;
1912 sock
->info
.remote_float
= remote_float
;
1913 sock
->info
.lsa
= lsa
;
1914 sock
->info
.bind_ipv6_only
= bind_ipv6_only
;
1915 sock
->info
.ipchange_command
= ipchange_command
;
1916 sock
->info
.plugins
= plugins
;
1917 sock
->server_poll_timeout
= server_poll_timeout
;
1920 if (mode
== LS_MODE_TCP_ACCEPT_FROM
)
1922 ASSERT(accept_from
);
1923 ASSERT(sock
->info
.proto
== PROTO_TCP_SERVER
);
1924 ASSERT(!sock
->inetd
);
1925 sock
->sd
= accept_from
->sd
;
1926 /* inherit (possibly guessed) info AF from parent context */
1927 sock
->info
.af
= accept_from
->info
.af
;
1930 /* are we running in HTTP proxy mode? */
1931 if (sock
->http_proxy
)
1933 ASSERT(sock
->info
.proto
== PROTO_TCP_CLIENT
);
1934 ASSERT(!sock
->inetd
);
1936 /* the proxy server */
1937 sock
->remote_host
= http_proxy
->options
.server
;
1938 sock
->remote_port
= http_proxy
->options
.port
;
1940 /* the OpenVPN server we will use the proxy to connect to */
1941 sock
->proxy_dest_host
= remote_host
;
1942 sock
->proxy_dest_port
= remote_port
;
1944 /* or in Socks proxy mode? */
1945 else if (sock
->socks_proxy
)
1947 ASSERT(!sock
->inetd
);
1949 /* the proxy server */
1950 sock
->remote_host
= socks_proxy
->server
;
1951 sock
->remote_port
= socks_proxy
->port
;
1953 /* the OpenVPN server we will use the proxy to connect to */
1954 sock
->proxy_dest_host
= remote_host
;
1955 sock
->proxy_dest_port
= remote_port
;
1959 sock
->remote_host
= remote_host
;
1960 sock
->remote_port
= remote_port
;
1963 /* bind behavior for TCP server vs. client */
1964 if (sock
->info
.proto
== PROTO_TCP_SERVER
)
1966 if (sock
->mode
== LS_MODE_TCP_ACCEPT_FROM
)
1968 sock
->bind_local
= false;
1972 sock
->bind_local
= true;
1976 /* were we started by inetd or xinetd? */
1979 ASSERT(sock
->info
.proto
!= PROTO_TCP_CLIENT
);
1980 ASSERT(socket_defined(inetd_socket_descriptor
));
1981 sock
->sd
= inetd_socket_descriptor
;
1982 set_cloexec(sock
->sd
); /* not created by create_socket*() */
1984 else if (mode
!= LS_MODE_TCP_ACCEPT_FROM
)
1986 if (sock
->bind_local
)
1988 resolve_bind_local(sock
, sock
->info
.af
);
1990 resolve_remote(sock
, 1, NULL
, NULL
);
1996 phase2_inetd(struct link_socket
*sock
, const struct frame
*frame
,
1997 const char *remote_dynamic
, volatile int *signal_received
)
1999 bool remote_changed
= false;
2001 if (sock
->info
.proto
== PROTO_TCP_SERVER
)
2003 /* AF_INET as default (and fallback) for inetd */
2004 sock
->info
.lsa
->actual
.dest
.addr
.sa
.sa_family
= AF_INET
;
2005 #ifdef HAVE_GETSOCKNAME
2007 /* inetd: hint family type for dest = local's */
2008 struct openvpn_sockaddr local_addr
;
2009 socklen_t addrlen
= sizeof(local_addr
);
2010 if (getsockname(sock
->sd
, &local_addr
.addr
.sa
, &addrlen
) == 0)
2012 sock
->info
.lsa
->actual
.dest
.addr
.sa
.sa_family
= local_addr
.addr
.sa
.sa_family
;
2013 dmsg(D_SOCKET_DEBUG
, "inetd(%s): using sa_family=%d from getsockname(%d)",
2014 proto2ascii(sock
->info
.proto
, sock
->info
.af
, false),
2015 local_addr
.addr
.sa
.sa_family
, (int)sock
->sd
);
2019 msg(M_WARN
, "inetd(%s): getsockname(%d) failed, using AF_INET",
2020 proto2ascii(sock
->info
.proto
, sock
->info
.af
, false), (int)sock
->sd
);
2023 #else /* ifdef HAVE_GETSOCKNAME */
2024 msg(M_WARN
, "inetd(%s): this OS does not provide the getsockname() "
2025 "function, using AF_INET",
2026 proto2ascii(sock
->info
.proto
, false));
2027 #endif /* ifdef HAVE_GETSOCKNAME */
2029 socket_listen_accept(sock
->sd
,
2030 &sock
->info
.lsa
->actual
,
2032 sock
->info
.lsa
->bind_local
,
2034 sock
->inetd
== INETD_NOWAIT
,
2038 ASSERT(!remote_changed
);
2042 phase2_set_socket_flags(struct link_socket
*sock
)
2044 /* set misc socket parameters */
2045 socket_set_flags(sock
->sd
, sock
->sockflags
);
2047 /* set socket to non-blocking mode */
2048 set_nonblock(sock
->sd
);
2050 /* set Path MTU discovery options on the socket */
2051 set_mtu_discover_type(sock
->sd
, sock
->mtu_discover_type
, sock
->info
.af
);
2053 #if EXTENDED_SOCKET_ERROR_CAPABILITY
2054 /* if the OS supports it, enable extended error passing on the socket */
2055 set_sock_extended_error_passing(sock
->sd
);
2061 linksock_print_addr(struct link_socket
*sock
)
2063 struct gc_arena gc
= gc_new();
2064 const int msglevel
= (sock
->mode
== LS_MODE_TCP_ACCEPT_FROM
) ? D_INIT_MEDIUM
: M_INFO
;
2066 /* print local address */
2069 msg(msglevel
, "%s link local: [inetd]", proto2ascii(sock
->info
.proto
, sock
->info
.af
, true));
2071 else if (sock
->bind_local
)
2073 sa_family_t ai_family
= sock
->info
.lsa
->actual
.dest
.addr
.sa
.sa_family
;
2074 /* Socket is always bound on the first matching address,
2075 * For bound sockets with no remote addr this is the element of
2077 struct addrinfo
*cur
;
2078 for (cur
= sock
->info
.lsa
->bind_local
; cur
; cur
= cur
->ai_next
)
2080 if (!ai_family
|| ai_family
== cur
->ai_family
)
2086 msg(msglevel
, "%s link local (bound): %s",
2087 proto2ascii(sock
->info
.proto
, sock
->info
.af
, true),
2088 print_sockaddr(cur
->ai_addr
,&gc
));
2092 msg(msglevel
, "%s link local: (not bound)",
2093 proto2ascii(sock
->info
.proto
, sock
->info
.af
, true));
2096 /* print active remote address */
2097 msg(msglevel
, "%s link remote: %s",
2098 proto2ascii(sock
->info
.proto
, sock
->info
.af
, true),
2099 print_link_socket_actual_ex(&sock
->info
.lsa
->actual
,
2101 PS_SHOW_PORT_IF_DEFINED
,
2107 phase2_tcp_server(struct link_socket
*sock
, const char *remote_dynamic
,
2108 volatile int *signal_received
)
2112 case LS_MODE_DEFAULT
:
2113 sock
->sd
= socket_listen_accept(sock
->sd
,
2114 &sock
->info
.lsa
->actual
,
2116 sock
->info
.lsa
->bind_local
,
2122 case LS_MODE_TCP_LISTEN
:
2123 socket_do_listen(sock
->sd
,
2124 sock
->info
.lsa
->bind_local
,
2129 case LS_MODE_TCP_ACCEPT_FROM
:
2130 sock
->sd
= socket_do_accept(sock
->sd
,
2131 &sock
->info
.lsa
->actual
,
2133 if (!socket_defined(sock
->sd
))
2135 *signal_received
= SIGTERM
;
2138 tcp_connection_established(&sock
->info
.lsa
->actual
);
2148 phase2_tcp_client(struct link_socket
*sock
, struct signal_info
*sig_info
)
2150 bool proxy_retry
= false;
2153 socket_connect(&sock
->sd
,
2154 sock
->info
.lsa
->current_remote
->ai_addr
,
2155 get_server_poll_remaining_time(sock
->server_poll_timeout
),
2158 if (sig_info
->signal_received
)
2163 if (sock
->http_proxy
)
2165 proxy_retry
= establish_http_proxy_passthru(sock
->http_proxy
,
2167 sock
->proxy_dest_host
,
2168 sock
->proxy_dest_port
,
2169 sock
->server_poll_timeout
,
2170 &sock
->stream_buf
.residual
,
2171 &sig_info
->signal_received
);
2173 else if (sock
->socks_proxy
)
2175 establish_socks_proxy_passthru(sock
->socks_proxy
,
2177 sock
->proxy_dest_host
,
2178 sock
->proxy_dest_port
,
2179 &sig_info
->signal_received
);
2183 openvpn_close_socket(sock
->sd
);
2184 sock
->sd
= create_socket_tcp(sock
->info
.lsa
->current_remote
);
2187 } while (proxy_retry
);
2192 phase2_socks_client(struct link_socket
*sock
, struct signal_info
*sig_info
)
2194 socket_connect(&sock
->ctrl_sd
,
2195 sock
->info
.lsa
->current_remote
->ai_addr
,
2196 get_server_poll_remaining_time(sock
->server_poll_timeout
),
2199 if (sig_info
->signal_received
)
2204 establish_socks_proxy_udpassoc(sock
->socks_proxy
,
2207 &sock
->socks_relay
.dest
,
2208 &sig_info
->signal_received
);
2210 if (sig_info
->signal_received
)
2215 sock
->remote_host
= sock
->proxy_dest_host
;
2216 sock
->remote_port
= sock
->proxy_dest_port
;
2218 addr_zero_host(&sock
->info
.lsa
->actual
.dest
);
2219 if (sock
->info
.lsa
->remote_list
)
2221 freeaddrinfo(sock
->info
.lsa
->remote_list
);
2222 sock
->info
.lsa
->current_remote
= NULL
;
2223 sock
->info
.lsa
->remote_list
= NULL
;
2226 resolve_remote(sock
, 1, NULL
, &sig_info
->signal_received
);
2229 /* finalize socket initialization */
2231 link_socket_init_phase2(struct link_socket
*sock
,
2232 const struct frame
*frame
,
2233 struct signal_info
*sig_info
)
2235 const char *remote_dynamic
= NULL
;
2241 if (sig_info
->signal_received
)
2243 sig_save
= sig_info
->signal_received
;
2244 sig_info
->signal_received
= 0;
2247 /* initialize buffers */
2248 socket_frame_init(frame
, sock
);
2251 * Pass a remote name to connect/accept so that
2252 * they can test for dynamic IP address changes
2253 * and throw a SIGUSR1 if appropriate.
2255 if (sock
->resolve_retry_seconds
)
2257 remote_dynamic
= sock
->remote_host
;
2260 /* were we started by inetd or xinetd? */
2263 phase2_inetd(sock
, frame
, remote_dynamic
, &sig_info
->signal_received
);
2264 if (sig_info
->signal_received
)
2272 /* Second chance to resolv/create socket */
2273 resolve_remote(sock
, 2, &remote_dynamic
, &sig_info
->signal_received
);
2275 /* If a valid remote has been found, create the socket with its addrinfo */
2276 if (sock
->info
.lsa
->current_remote
)
2278 create_socket(sock
, sock
->info
.lsa
->current_remote
);
2281 /* If socket has not already been created create it now */
2282 if (sock
->sd
== SOCKET_UNDEFINED
)
2284 /* If we have no --remote and have still not figured out the
2285 * protocol family to use we will use the first of the bind */
2287 if (sock
->bind_local
&& !sock
->remote_host
&& sock
->info
.lsa
->bind_local
)
2289 /* Warn if this is because neither v4 or v6 was specified
2290 * and we should not connect a remote */
2291 if (sock
->info
.af
== AF_UNSPEC
)
2293 msg(M_WARN
, "Could not determine IPv4/IPv6 protocol. Using %s",
2294 addr_family_name(sock
->info
.lsa
->bind_local
->ai_family
));
2295 sock
->info
.af
= sock
->info
.lsa
->bind_local
->ai_family
;
2298 create_socket(sock
, sock
->info
.lsa
->bind_local
);
2302 /* Socket still undefined, give a warning and abort connection */
2303 if (sock
->sd
== SOCKET_UNDEFINED
)
2305 msg(M_WARN
, "Could not determine IPv4/IPv6 protocol");
2306 sig_info
->signal_received
= SIGUSR1
;
2310 if (sig_info
->signal_received
)
2315 if (sock
->info
.proto
== PROTO_TCP_SERVER
)
2317 phase2_tcp_server(sock
, remote_dynamic
,
2318 &sig_info
->signal_received
);
2320 else if (sock
->info
.proto
== PROTO_TCP_CLIENT
)
2322 phase2_tcp_client(sock
, sig_info
);
2325 else if (sock
->info
.proto
== PROTO_UDP
&& sock
->socks_proxy
)
2327 phase2_socks_client(sock
, sig_info
);
2329 #ifdef TARGET_ANDROID
2332 protect_fd_nonlocal(sock
->sd
, &sock
->info
.lsa
->actual
.dest
.addr
.sa
);
2335 if (sig_info
->signal_received
)
2341 phase2_set_socket_flags(sock
);
2342 linksock_print_addr(sock
);
2347 if (!sig_info
->signal_received
)
2349 sig_info
->signal_received
= sig_save
;
2355 link_socket_close(struct link_socket
*sock
)
2360 const int gremlin
= GREMLIN_CONNECTION_FLOOD_LEVEL(sock
->gremlin
);
2362 const int gremlin
= 0;
2365 if (socket_defined(sock
->sd
))
2368 close_net_event_win32(&sock
->listen_handle
, sock
->sd
, 0);
2372 msg(D_LOW
, "TCP/UDP: Closing socket");
2373 if (openvpn_close_socket(sock
->sd
))
2375 msg(M_WARN
| M_ERRNO
, "TCP/UDP: Close Socket failed");
2378 sock
->sd
= SOCKET_UNDEFINED
;
2382 overlapped_io_close(&sock
->reads
);
2383 overlapped_io_close(&sock
->writes
);
2388 if (socket_defined(sock
->ctrl_sd
))
2390 if (openvpn_close_socket(sock
->ctrl_sd
))
2392 msg(M_WARN
| M_ERRNO
, "TCP/UDP: Close Socket (ctrl_sd) failed");
2394 sock
->ctrl_sd
= SOCKET_UNDEFINED
;
2397 stream_buf_close(&sock
->stream_buf
);
2398 free_buf(&sock
->stream_buf_data
);
2406 /* for stream protocols, allow for packet length prefix */
2408 socket_adjust_frame_parameters(struct frame
*frame
, int proto
)
2410 if (link_socket_proto_connection_oriented(proto
))
2412 frame_add_to_extra_frame(frame
, sizeof(packet_size_type
));
2417 setenv_trusted(struct env_set
*es
, const struct link_socket_info
*info
)
2419 setenv_link_socket_actual(es
, "trusted", &info
->lsa
->actual
, SA_IP_PORT
);
2423 ipchange_fmt(const bool include_cmd
, struct argv
*argv
, const struct link_socket_info
*info
, struct gc_arena
*gc
)
2425 const char *host
= print_sockaddr_ex(&info
->lsa
->actual
.dest
.addr
.sa
, " ", PS_SHOW_PORT
, gc
);
2428 argv_parse_cmd(argv
, info
->ipchange_command
);
2429 argv_printf_cat(argv
, "%s", host
);
2433 argv_printf(argv
, "%s", host
);
2439 link_socket_connection_initiated(const struct buffer
*buf
,
2440 struct link_socket_info
*info
,
2441 const struct link_socket_actual
*act
,
2442 const char *common_name
,
2445 struct gc_arena gc
= gc_new();
2447 info
->lsa
->actual
= *act
; /* Note: skip this line for --force-dest */
2448 setenv_trusted(es
, info
);
2449 info
->connection_established
= true;
2451 /* Print connection initiated message, with common name if available */
2453 struct buffer out
= alloc_buf_gc(256, &gc
);
2456 buf_printf(&out
, "[%s] ", common_name
);
2458 buf_printf(&out
, "Peer Connection Initiated with %s", print_link_socket_actual(&info
->lsa
->actual
, &gc
));
2459 msg(M_INFO
, "%s", BSTR(&out
));
2462 /* set environmental vars */
2463 setenv_str(es
, "common_name", common_name
);
2465 /* Process --ipchange plugin */
2466 if (plugin_defined(info
->plugins
, OPENVPN_PLUGIN_IPCHANGE
))
2468 struct argv argv
= argv_new();
2469 ipchange_fmt(false, &argv
, info
, &gc
);
2470 if (plugin_call(info
->plugins
, OPENVPN_PLUGIN_IPCHANGE
, &argv
, NULL
, es
) != OPENVPN_PLUGIN_FUNC_SUCCESS
)
2472 msg(M_WARN
, "WARNING: ipchange plugin call failed");
2477 /* Process --ipchange option */
2478 if (info
->ipchange_command
)
2480 struct argv argv
= argv_new();
2481 setenv_str(es
, "script_type", "ipchange");
2482 ipchange_fmt(true, &argv
, info
, &gc
);
2483 openvpn_run_script(&argv
, es
, 0, "--ipchange");
2491 link_socket_bad_incoming_addr(struct buffer
*buf
,
2492 const struct link_socket_info
*info
,
2493 const struct link_socket_actual
*from_addr
)
2495 struct gc_arena gc
= gc_new();
2496 struct addrinfo
*ai
;
2498 switch (from_addr
->dest
.addr
.sa
.sa_family
)
2503 "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
2504 print_link_socket_actual(from_addr
, &gc
),
2505 (int)from_addr
->dest
.addr
.sa
.sa_family
,
2506 print_sockaddr_ex(info
->lsa
->remote_list
->ai_addr
,":",PS_SHOW_PORT
, &gc
));
2507 /* print additional remote addresses */
2508 for (ai
= info
->lsa
->remote_list
->ai_next
; ai
; ai
= ai
->ai_next
)
2510 msg(D_LINK_ERRORS
,"or from peer address: %s",
2511 print_sockaddr_ex(ai
->ai_addr
,":",PS_SHOW_PORT
, &gc
));
2520 link_socket_bad_outgoing_addr(void)
2522 dmsg(D_READ_WRITE
, "TCP/UDP: No outgoing address to send packet");
2526 link_socket_current_remote(const struct link_socket_info
*info
)
2528 const struct link_socket_addr
*lsa
= info
->lsa
;
2531 * This logic supports "redirect-gateway" semantic, which
2532 * makes sense only for PF_INET routes over PF_INET endpoints
2534 * Maybe in the future consider PF_INET6 endpoints also ...
2535 * by now just ignore it
2537 * For --remote entries with multiple addresses this
2538 * only return the actual endpoint we have sucessfully connected to
2540 if (lsa
->actual
.dest
.addr
.sa
.sa_family
!= AF_INET
)
2542 return IPV4_INVALID_ADDR
;
2545 if (link_socket_actual_defined(&lsa
->actual
))
2547 return ntohl(lsa
->actual
.dest
.addr
.in4
.sin_addr
.s_addr
);
2549 else if (lsa
->current_remote
)
2551 return ntohl(((struct sockaddr_in
*)lsa
->current_remote
->ai_addr
)
2560 const struct in6_addr
*
2561 link_socket_current_remote_ipv6(const struct link_socket_info
*info
)
2563 const struct link_socket_addr
*lsa
= info
->lsa
;
2565 /* This logic supports "redirect-gateway" semantic,
2566 * for PF_INET6 routes over PF_INET6 endpoints
2568 * For --remote entries with multiple addresses this
2569 * only return the actual endpoint we have sucessfully connected to
2571 if (lsa
->actual
.dest
.addr
.sa
.sa_family
!= AF_INET6
)
2576 if (link_socket_actual_defined(&lsa
->actual
))
2578 return &(lsa
->actual
.dest
.addr
.in6
.sin6_addr
);
2580 else if (lsa
->current_remote
)
2582 return &(((struct sockaddr_in6
*)lsa
->current_remote
->ai_addr
)->sin6_addr
);
2591 * Return a status string describing socket state.
2594 socket_stat(const struct link_socket
*s
, unsigned int rwflags
, struct gc_arena
*gc
)
2596 struct buffer out
= alloc_buf_gc(64, gc
);
2599 if (rwflags
& EVENT_READ
)
2601 buf_printf(&out
, "S%s",
2602 (s
->rwflags_debug
& EVENT_READ
) ? "R" : "r");
2604 buf_printf(&out
, "%s",
2605 overlapped_io_state_ascii(&s
->reads
));
2608 if (rwflags
& EVENT_WRITE
)
2610 buf_printf(&out
, "S%s",
2611 (s
->rwflags_debug
& EVENT_WRITE
) ? "W" : "w");
2613 buf_printf(&out
, "%s",
2614 overlapped_io_state_ascii(&s
->writes
));
2620 buf_printf(&out
, "S?");
2626 * Stream buffer functions, used to packetize a TCP
2627 * stream connection.
2631 stream_buf_reset(struct stream_buf
*sb
)
2633 dmsg(D_STREAM_DEBUG
, "STREAM: RESET");
2634 sb
->residual_fully_formed
= false;
2635 sb
->buf
= sb
->buf_init
;
2636 buf_reset(&sb
->next
);
2641 stream_buf_init(struct stream_buf
*sb
,
2643 const unsigned int sockflags
,
2646 sb
->buf_init
= *buf
;
2647 sb
->maxlen
= sb
->buf_init
.len
;
2648 sb
->buf_init
.len
= 0;
2649 sb
->residual
= alloc_buf(sb
->maxlen
);
2652 sb
->port_share_state
= ((sockflags
& SF_PORT_SHARE
) && (proto
== PROTO_TCP_SERVER
))
2656 stream_buf_reset(sb
);
2658 dmsg(D_STREAM_DEBUG
, "STREAM: INIT maxlen=%d", sb
->maxlen
);
2662 stream_buf_set_next(struct stream_buf
*sb
)
2664 /* set up 'next' for next i/o read */
2666 sb
->next
.offset
= sb
->buf
.offset
+ sb
->buf
.len
;
2667 sb
->next
.len
= (sb
->len
>= 0 ? sb
->len
: sb
->maxlen
) - sb
->buf
.len
;
2668 dmsg(D_STREAM_DEBUG
, "STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%d",
2669 sb
->buf
.offset
, sb
->buf
.len
,
2670 sb
->next
.offset
, sb
->next
.len
,
2671 sb
->len
, sb
->maxlen
);
2672 ASSERT(sb
->next
.len
> 0);
2673 ASSERT(buf_safe(&sb
->buf
, sb
->next
.len
));
2677 stream_buf_get_final(struct stream_buf
*sb
, struct buffer
*buf
)
2679 dmsg(D_STREAM_DEBUG
, "STREAM: GET FINAL len=%d",
2680 buf_defined(&sb
->buf
) ? sb
->buf
.len
: -1);
2681 ASSERT(buf_defined(&sb
->buf
));
2686 stream_buf_get_next(struct stream_buf
*sb
, struct buffer
*buf
)
2688 dmsg(D_STREAM_DEBUG
, "STREAM: GET NEXT len=%d",
2689 buf_defined(&sb
->next
) ? sb
->next
.len
: -1);
2690 ASSERT(buf_defined(&sb
->next
));
2695 stream_buf_read_setup_dowork(struct link_socket
*sock
)
2697 if (sock
->stream_buf
.residual
.len
&& !sock
->stream_buf
.residual_fully_formed
)
2699 ASSERT(buf_copy(&sock
->stream_buf
.buf
, &sock
->stream_buf
.residual
));
2700 ASSERT(buf_init(&sock
->stream_buf
.residual
, 0));
2701 sock
->stream_buf
.residual_fully_formed
= stream_buf_added(&sock
->stream_buf
, 0);
2702 dmsg(D_STREAM_DEBUG
, "STREAM: RESIDUAL FULLY FORMED [%s], len=%d",
2703 sock
->stream_buf
.residual_fully_formed
? "YES" : "NO",
2704 sock
->stream_buf
.residual
.len
);
2707 if (!sock
->stream_buf
.residual_fully_formed
)
2709 stream_buf_set_next(&sock
->stream_buf
);
2711 return !sock
->stream_buf
.residual_fully_formed
;
2715 stream_buf_added(struct stream_buf
*sb
,
2718 dmsg(D_STREAM_DEBUG
, "STREAM: ADD length_added=%d", length_added
);
2719 if (length_added
> 0)
2721 sb
->buf
.len
+= length_added
;
2724 /* if length unknown, see if we can get the length prefix from
2725 * the head of the buffer */
2726 if (sb
->len
< 0 && sb
->buf
.len
>= (int) sizeof(packet_size_type
))
2728 packet_size_type net_size
;
2731 if (sb
->port_share_state
== PS_ENABLED
)
2733 if (!is_openvpn_protocol(&sb
->buf
))
2735 msg(D_STREAM_ERRORS
, "Non-OpenVPN client protocol detected");
2736 sb
->port_share_state
= PS_FOREIGN
;
2742 sb
->port_share_state
= PS_DISABLED
;
2747 ASSERT(buf_read(&sb
->buf
, &net_size
, sizeof(net_size
)));
2748 sb
->len
= ntohps(net_size
);
2750 if (sb
->len
< 1 || sb
->len
> sb
->maxlen
)
2752 msg(M_WARN
, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]", sb
->len
, sb
->maxlen
);
2753 stream_buf_reset(sb
);
2759 /* is our incoming packet fully read? */
2760 if (sb
->len
> 0 && sb
->buf
.len
>= sb
->len
)
2762 /* save any residual data that's part of the next packet */
2763 ASSERT(buf_init(&sb
->residual
, 0));
2764 if (sb
->buf
.len
> sb
->len
)
2766 ASSERT(buf_copy_excess(&sb
->residual
, &sb
->buf
, sb
->len
));
2768 dmsg(D_STREAM_DEBUG
, "STREAM: ADD returned TRUE, buf_len=%d, residual_len=%d",
2770 BLEN(&sb
->residual
));
2775 dmsg(D_STREAM_DEBUG
, "STREAM: ADD returned FALSE (have=%d need=%d)", sb
->buf
.len
, sb
->len
);
2776 stream_buf_set_next(sb
);
2782 stream_buf_close(struct stream_buf
*sb
)
2784 free_buf(&sb
->residual
);
2788 * The listen event is a special event whose sole purpose is
2789 * to tell us that there's a new incoming connection on a
2790 * TCP socket, for use in server mode.
2793 socket_listen_event_handle(struct link_socket
*s
)
2796 if (!defined_net_event_win32(&s
->listen_handle
))
2798 init_net_event_win32(&s
->listen_handle
, FD_ACCEPT
, s
->sd
, 0);
2800 return &s
->listen_handle
;
2801 #else /* ifdef _WIN32 */
2807 * Format IP addresses in ascii
2811 print_sockaddr_ex(const struct sockaddr
*sa
,
2812 const char *separator
,
2813 const unsigned int flags
,
2814 struct gc_arena
*gc
)
2816 struct buffer out
= alloc_buf_gc(128, gc
);
2817 bool addr_is_defined
= false;
2818 char hostaddr
[NI_MAXHOST
] = "";
2819 char servname
[NI_MAXSERV
] = "";
2822 socklen_t salen
= 0;
2823 switch (sa
->sa_family
)
2826 if (!(flags
& PS_DONT_SHOW_FAMILY
))
2828 buf_puts(&out
, "[AF_INET]");
2830 salen
= sizeof(struct sockaddr_in
);
2831 addr_is_defined
= ((struct sockaddr_in
*) sa
)->sin_addr
.s_addr
!= 0;
2835 if (!(flags
& PS_DONT_SHOW_FAMILY
))
2837 buf_puts(&out
, "[AF_INET6]");
2839 salen
= sizeof(struct sockaddr_in6
);
2840 addr_is_defined
= !IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6
*) sa
)->sin6_addr
);
2844 if (!(flags
& PS_DONT_SHOW_FAMILY
))
2846 return "[AF_UNSPEC]";
2857 status
= getnameinfo(sa
, salen
, hostaddr
, sizeof(hostaddr
),
2858 servname
, sizeof(servname
), NI_NUMERICHOST
| NI_NUMERICSERV
);
2862 buf_printf(&out
,"[nameinfo() err: %s]",gai_strerror(status
));
2866 if (!(flags
& PS_DONT_SHOW_ADDR
))
2868 if (addr_is_defined
)
2870 buf_puts(&out
, hostaddr
);
2874 buf_puts(&out
, "[undef]");
2878 if ((flags
& PS_SHOW_PORT
) || (flags
& PS_SHOW_PORT_IF_DEFINED
))
2882 buf_puts(&out
, separator
);
2885 buf_puts(&out
, servname
);
2892 print_link_socket_actual(const struct link_socket_actual
*act
, struct gc_arena
*gc
)
2894 return print_link_socket_actual_ex(act
, ":", PS_SHOW_PORT
|PS_SHOW_PKTINFO
, gc
);
2898 #define IF_NAMESIZE 16
2902 print_link_socket_actual_ex(const struct link_socket_actual
*act
,
2903 const char *separator
,
2904 const unsigned int flags
,
2905 struct gc_arena
*gc
)
2909 char ifname
[IF_NAMESIZE
] = "[undef]";
2910 struct buffer out
= alloc_buf_gc(128, gc
);
2911 buf_printf(&out
, "%s", print_sockaddr_ex(&act
->dest
.addr
.sa
, separator
, flags
, gc
));
2912 #if ENABLE_IP_PKTINFO
2913 if ((flags
& PS_SHOW_PKTINFO
) && addr_defined_ipi(act
))
2915 switch (act
->dest
.addr
.sa
.sa_family
)
2919 struct openvpn_sockaddr sa
;
2921 sa
.addr
.in4
.sin_family
= AF_INET
;
2922 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
2923 sa
.addr
.in4
.sin_addr
= act
->pi
.in4
.ipi_spec_dst
;
2924 if_indextoname(act
->pi
.in4
.ipi_ifindex
, ifname
);
2925 #elif defined(IP_RECVDSTADDR)
2926 sa
.addr
.in4
.sin_addr
= act
->pi
.in4
;
2928 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
2929 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
2931 buf_printf(&out
, " (via %s%%%s)",
2932 print_sockaddr_ex(&sa
.addr
.sa
, separator
, 0, gc
),
2939 struct sockaddr_in6 sin6
;
2940 char buf
[INET6_ADDRSTRLEN
] = "[undef]";
2942 sin6
.sin6_family
= AF_INET6
;
2943 sin6
.sin6_addr
= act
->pi
.in6
.ipi6_addr
;
2944 if_indextoname(act
->pi
.in6
.ipi6_ifindex
, ifname
);
2945 if (getnameinfo((struct sockaddr
*)&sin6
, sizeof(struct sockaddr_in6
),
2946 buf
, sizeof(buf
), NULL
, 0, NI_NUMERICHOST
) == 0)
2948 buf_printf(&out
, " (via %s%%%s)", buf
, ifname
);
2952 buf_printf(&out
, " (via [getnameinfo() err]%%%s)", ifname
);
2958 #endif /* if ENABLE_IP_PKTINFO */
2968 * Convert an in_addr_t in host byte order
2969 * to an ascii dotted quad.
2972 print_in_addr_t(in_addr_t addr
, unsigned int flags
, struct gc_arena
*gc
)
2975 struct buffer out
= alloc_buf_gc(64, gc
);
2977 if (addr
|| !(flags
& IA_EMPTY_IF_UNDEF
))
2980 ia
.s_addr
= (flags
& IA_NET_ORDER
) ? addr
: htonl(addr
);
2982 buf_printf(&out
, "%s", inet_ntoa(ia
));
2988 * Convert an in6_addr in host byte order
2989 * to an ascii representation of an IPv6 address
2992 print_in6_addr(struct in6_addr a6
, unsigned int flags
, struct gc_arena
*gc
)
2994 struct buffer out
= alloc_buf_gc(64, gc
);
2995 char tmp_out_buf
[64]; /* inet_ntop wants pointer to buffer */
2997 if (memcmp(&a6
, &in6addr_any
, sizeof(a6
)) != 0
2998 || !(flags
& IA_EMPTY_IF_UNDEF
))
3000 inet_ntop(AF_INET6
, &a6
, tmp_out_buf
, sizeof(tmp_out_buf
)-1);
3001 buf_printf(&out
, "%s", tmp_out_buf
);
3007 #define UINT8_MAX 0xff
3010 /* add some offset to an ipv6 address
3011 * (add in steps of 8 bits, taking overflow into next round)
3014 add_in6_addr( struct in6_addr base
, uint32_t add
)
3018 for (i
= 15; i
>=0 && add
> 0; i
--)
3021 register uint32_t h
;
3023 h
= (unsigned char) base
.s6_addr
[i
];
3024 base
.s6_addr
[i
] = (h
+add
) & UINT8_MAX
;
3026 /* using explicit carry for the 8-bit additions will catch
3027 * 8-bit and(!) 32-bit overruns nicely
3029 carry
= ((h
& 0xff) + (add
& 0xff)) >> 8;
3030 add
= (add
>>8) + carry
;
3035 /* set environmental variables for ip/port in *addr */
3037 setenv_sockaddr(struct env_set
*es
, const char *name_prefix
, const struct openvpn_sockaddr
*addr
, const unsigned int flags
)
3042 switch (addr
->addr
.sa
.sa_family
)
3045 if (flags
& SA_IP_PORT
)
3047 openvpn_snprintf(name_buf
, sizeof(name_buf
), "%s_ip", name_prefix
);
3051 openvpn_snprintf(name_buf
, sizeof(name_buf
), "%s", name_prefix
);
3054 setenv_str(es
, name_buf
, inet_ntoa(addr
->addr
.in4
.sin_addr
));
3056 if ((flags
& SA_IP_PORT
) && addr
->addr
.in4
.sin_port
)
3058 openvpn_snprintf(name_buf
, sizeof(name_buf
), "%s_port", name_prefix
);
3059 setenv_int(es
, name_buf
, ntohs(addr
->addr
.in4
.sin_port
));
3064 if (IN6_IS_ADDR_V4MAPPED( &addr
->addr
.in6
.sin6_addr
))
3067 memcpy(&ia
.s_addr
, &addr
->addr
.in6
.sin6_addr
.s6_addr
[12],
3069 openvpn_snprintf(name_buf
, sizeof(name_buf
), "%s_ip", name_prefix
);
3070 openvpn_snprintf(buf
, sizeof(buf
), "%s", inet_ntoa(ia
) );
3074 openvpn_snprintf(name_buf
, sizeof(name_buf
), "%s_ip6", name_prefix
);
3075 getnameinfo(&addr
->addr
.sa
, sizeof(struct sockaddr_in6
),
3076 buf
, sizeof(buf
), NULL
, 0, NI_NUMERICHOST
);
3078 setenv_str(es
, name_buf
, buf
);
3080 if ((flags
& SA_IP_PORT
) && addr
->addr
.in6
.sin6_port
)
3082 openvpn_snprintf(name_buf
, sizeof(name_buf
), "%s_port", name_prefix
);
3083 setenv_int(es
, name_buf
, ntohs(addr
->addr
.in6
.sin6_port
));
3090 setenv_in_addr_t(struct env_set
*es
, const char *name_prefix
, in_addr_t addr
, const unsigned int flags
)
3092 if (addr
|| !(flags
& SA_SET_IF_NONZERO
))
3094 struct openvpn_sockaddr si
;
3096 si
.addr
.in4
.sin_family
= AF_INET
;
3097 si
.addr
.in4
.sin_addr
.s_addr
= htonl(addr
);
3098 setenv_sockaddr(es
, name_prefix
, &si
, flags
);
3103 setenv_in6_addr(struct env_set
*es
,
3104 const char *name_prefix
,
3105 const struct in6_addr
*addr
,
3106 const unsigned int flags
)
3108 if (!IN6_IS_ADDR_UNSPECIFIED(addr
) || !(flags
& SA_SET_IF_NONZERO
))
3110 struct openvpn_sockaddr si
;
3112 si
.addr
.in6
.sin6_family
= AF_INET6
;
3113 si
.addr
.in6
.sin6_addr
= *addr
;
3114 setenv_sockaddr(es
, name_prefix
, &si
, flags
);
3119 setenv_link_socket_actual(struct env_set
*es
,
3120 const char *name_prefix
,
3121 const struct link_socket_actual
*act
,
3122 const unsigned int flags
)
3124 setenv_sockaddr(es
, name_prefix
, &act
->dest
, flags
);
3128 * Convert protocol names between index and ascii form.
3131 struct proto_names
{
3132 const char *short_form
;
3133 const char *display_form
;
3134 sa_family_t proto_af
;
3138 /* Indexed by PROTO_x */
3139 static const struct proto_names proto_names
[] = {
3140 {"proto-uninitialized", "proto-NONE", AF_UNSPEC
, PROTO_NONE
},
3141 /* try IPv4 and IPv6 (client), bind dual-stack (server) */
3142 {"udp", "UDP", AF_UNSPEC
, PROTO_UDP
},
3143 {"tcp-server", "TCP_SERVER", AF_UNSPEC
, PROTO_TCP_SERVER
},
3144 {"tcp-client", "TCP_CLIENT", AF_UNSPEC
, PROTO_TCP_CLIENT
},
3145 {"tcp", "TCP", AF_UNSPEC
, PROTO_TCP
},
3147 {"udp4", "UDPv4", AF_INET
, PROTO_UDP
},
3148 {"tcp4-server","TCPv4_SERVER", AF_INET
, PROTO_TCP_SERVER
},
3149 {"tcp4-client","TCPv4_CLIENT", AF_INET
, PROTO_TCP_CLIENT
},
3150 {"tcp4", "TCPv4", AF_INET
, PROTO_TCP
},
3152 {"udp6","UDPv6", AF_INET6
, PROTO_UDP
},
3153 {"tcp6-server","TCPv6_SERVER", AF_INET6
, PROTO_TCP_SERVER
},
3154 {"tcp6-client","TCPv6_CLIENT", AF_INET6
, PROTO_TCP_CLIENT
},
3155 {"tcp6","TCPv6", AF_INET6
, PROTO_TCP
},
3159 proto_is_net(int proto
)
3161 if (proto
< 0 || proto
>= PROTO_N
)
3165 return proto
!= PROTO_NONE
;
3168 proto_is_dgram(int proto
)
3170 return proto_is_udp(proto
);
3174 proto_is_udp(int proto
)
3176 if (proto
< 0 || proto
>= PROTO_N
)
3180 return proto
== PROTO_UDP
;
3184 proto_is_tcp(int proto
)
3186 if (proto
< 0 || proto
>= PROTO_N
)
3190 return proto
== PROTO_TCP_CLIENT
|| proto
== PROTO_TCP_SERVER
;
3194 ascii2proto(const char *proto_name
)
3197 for (i
= 0; i
< SIZE(proto_names
); ++i
)
3199 if (!strcmp(proto_name
, proto_names
[i
].short_form
))
3201 return proto_names
[i
].proto
;
3208 ascii2af(const char *proto_name
)
3211 for (i
= 0; i
< SIZE(proto_names
); ++i
)
3213 if (!strcmp(proto_name
, proto_names
[i
].short_form
))
3215 return proto_names
[i
].proto_af
;
3222 proto2ascii(int proto
, sa_family_t af
, bool display_form
)
3225 for (i
= 0; i
< SIZE(proto_names
); ++i
)
3227 if (proto_names
[i
].proto_af
== af
&& proto_names
[i
].proto
== proto
)
3231 return proto_names
[i
].display_form
;
3235 return proto_names
[i
].short_form
;
3240 return "[unknown protocol]";
3244 proto2ascii_all(struct gc_arena
*gc
)
3246 struct buffer out
= alloc_buf_gc(256, gc
);
3249 for (i
= 0; i
< SIZE(proto_names
); ++i
)
3253 buf_printf(&out
, " ");
3255 buf_printf(&out
, "[%s]", proto_names
[i
].short_form
);
3261 addr_family_name(int af
)
3265 case AF_INET
: return "AF_INET";
3267 case AF_INET6
: return "AF_INET6";
3273 * Given a local proto, return local proto
3274 * if !remote, or compatible remote proto
3277 * This is used for options compatibility
3280 * IPv6 and IPv4 protocols are comptabile but OpenVPN
3281 * has always sent UDPv4, TCPv4 over the wire. Keep these
3282 * strings for backward compatbility
3285 proto_remote(int proto
, bool remote
)
3287 ASSERT(proto
>= 0 && proto
< PROTO_N
);
3288 if (proto
== PROTO_UDP
)
3293 if ( (remote
&& proto
== PROTO_TCP_CLIENT
)
3294 || (!remote
&& proto
== PROTO_TCP_SERVER
))
3296 return "TCPv4_SERVER";
3298 if ( (remote
&& proto
== PROTO_TCP_SERVER
)
3299 || (!remote
&& proto
== PROTO_TCP_CLIENT
))
3301 return "TCPv4_CLIENT";
3305 return ""; /* Make the compiler happy */
3309 * Bad incoming address lengths that differ from what
3310 * we expect are considered to be fatal errors.
3313 bad_address_length(int actual
, int expected
)
3315 msg(M_FATAL
, "ERROR: received strange incoming packet with an address length of %d -- we only accept address lengths of %d.",
3321 * Socket Read Routines
3325 link_socket_read_tcp(struct link_socket
*sock
,
3330 if (!sock
->stream_buf
.residual_fully_formed
)
3333 len
= socket_finalize(sock
->sd
, &sock
->reads
, buf
, NULL
);
3336 stream_buf_get_next(&sock
->stream_buf
, &frag
);
3337 len
= recv(sock
->sd
, BPTR(&frag
), BLEN(&frag
), MSG_NOSIGNAL
);
3342 sock
->stream_reset
= true;
3346 return buf
->len
= len
;
3350 if (sock
->stream_buf
.residual_fully_formed
3351 || stream_buf_added(&sock
->stream_buf
, len
)) /* packet complete? */
3353 stream_buf_get_final(&sock
->stream_buf
, buf
);
3354 stream_buf_reset(&sock
->stream_buf
);
3359 return buf
->len
= 0; /* no error, but packet is still incomplete */
3365 #if ENABLE_IP_PKTINFO
3367 /* make the buffer large enough to handle ancilliary socket data for
3368 * both IPv4 and IPv6 destination addresses, plus padding (see RFC 2292)
3370 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3371 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3372 CMSG_SPACE(sizeof(struct in_pktinfo)) )
3374 #define PKTINFO_BUF_SIZE max_int( CMSG_SPACE(sizeof(struct in6_pktinfo)), \
3375 CMSG_SPACE(sizeof(struct in_addr)) )
3379 link_socket_read_udp_posix_recvmsg(struct link_socket
*sock
,
3381 struct link_socket_actual
*from
)
3384 uint8_t pktinfo_buf
[PKTINFO_BUF_SIZE
];
3386 socklen_t fromlen
= sizeof(from
->dest
.addr
);
3388 iov
.iov_base
= BPTR(buf
);
3389 iov
.iov_len
= buf_forward_capacity_total(buf
);
3390 mesg
.msg_iov
= &iov
;
3391 mesg
.msg_iovlen
= 1;
3392 mesg
.msg_name
= &from
->dest
.addr
;
3393 mesg
.msg_namelen
= fromlen
;
3394 mesg
.msg_control
= pktinfo_buf
;
3395 mesg
.msg_controllen
= sizeof pktinfo_buf
;
3396 buf
->len
= recvmsg(sock
->sd
, &mesg
, 0);
3399 struct cmsghdr
*cmsg
;
3400 fromlen
= mesg
.msg_namelen
;
3401 cmsg
= CMSG_FIRSTHDR(&mesg
);
3403 && CMSG_NXTHDR(&mesg
, cmsg
) == NULL
3404 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3405 && cmsg
->cmsg_level
== SOL_IP
3406 && cmsg
->cmsg_type
== IP_PKTINFO
3407 && cmsg
->cmsg_len
>= CMSG_LEN(sizeof(struct in_pktinfo
)) )
3408 #elif defined(IP_RECVDSTADDR)
3409 && cmsg
->cmsg_level
== IPPROTO_IP
3410 && cmsg
->cmsg_type
== IP_RECVDSTADDR
3411 && cmsg
->cmsg_len
>= CMSG_LEN(sizeof(struct in_addr
)) )
3412 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3413 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3416 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3417 struct in_pktinfo
*pkti
= (struct in_pktinfo
*) CMSG_DATA(cmsg
);
3418 from
->pi
.in4
.ipi_ifindex
= pkti
->ipi_ifindex
;
3419 from
->pi
.in4
.ipi_spec_dst
= pkti
->ipi_spec_dst
;
3420 #elif defined(IP_RECVDSTADDR)
3421 from
->pi
.in4
= *(struct in_addr
*) CMSG_DATA(cmsg
);
3422 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3423 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3426 else if (cmsg
!= NULL
3427 && CMSG_NXTHDR(&mesg
, cmsg
) == NULL
3428 && cmsg
->cmsg_level
== IPPROTO_IPV6
3429 && cmsg
->cmsg_type
== IPV6_PKTINFO
3430 && cmsg
->cmsg_len
>= CMSG_LEN(sizeof(struct in6_pktinfo
)) )
3432 struct in6_pktinfo
*pkti6
= (struct in6_pktinfo
*) CMSG_DATA(cmsg
);
3433 from
->pi
.in6
.ipi6_ifindex
= pkti6
->ipi6_ifindex
;
3434 from
->pi
.in6
.ipi6_addr
= pkti6
->ipi6_addr
;
3436 else if (cmsg
!= NULL
)
3438 msg(M_WARN
, "CMSG received that cannot be parsed (cmsg_level=%d, cmsg_type=%d, cmsg=len=%d)", (int)cmsg
->cmsg_level
, (int)cmsg
->cmsg_type
, (int)cmsg
->cmsg_len
);
3444 #endif /* if ENABLE_IP_PKTINFO */
3447 link_socket_read_udp_posix(struct link_socket
*sock
,
3449 struct link_socket_actual
*from
)
3451 socklen_t fromlen
= sizeof(from
->dest
.addr
);
3452 socklen_t expectedlen
= af_addr_size(sock
->info
.af
);
3453 addr_zero_host(&from
->dest
);
3454 #if ENABLE_IP_PKTINFO
3455 /* Both PROTO_UDPv4 and PROTO_UDPv6 */
3456 if (sock
->info
.proto
== PROTO_UDP
&& sock
->sockflags
& SF_USE_IP_PKTINFO
)
3458 fromlen
= link_socket_read_udp_posix_recvmsg(sock
, buf
, from
);
3462 buf
->len
= recvfrom(sock
->sd
, BPTR(buf
), buf_forward_capacity(buf
), 0,
3463 &from
->dest
.addr
.sa
, &fromlen
);
3464 /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3465 if (buf
->len
>= 0 && expectedlen
&& fromlen
!= expectedlen
)
3467 bad_address_length(fromlen
, expectedlen
);
3472 #endif /* ifndef _WIN32 */
3475 * Socket Write Routines
3479 link_socket_write_tcp(struct link_socket
*sock
,
3481 struct link_socket_actual
*to
)
3483 packet_size_type len
= BLEN(buf
);
3484 dmsg(D_STREAM_DEBUG
, "STREAM: WRITE %d offset=%d", (int)len
, buf
->offset
);
3485 ASSERT(len
<= sock
->stream_buf
.maxlen
);
3487 ASSERT(buf_write_prepend(buf
, &len
, sizeof(len
)));
3489 return link_socket_write_win32(sock
, buf
, to
);
3491 return link_socket_write_tcp_posix(sock
, buf
, to
);
3495 #if ENABLE_IP_PKTINFO
3498 link_socket_write_udp_posix_sendmsg(struct link_socket
*sock
,
3500 struct link_socket_actual
*to
)
3504 struct cmsghdr
*cmsg
;
3505 uint8_t pktinfo_buf
[PKTINFO_BUF_SIZE
];
3507 iov
.iov_base
= BPTR(buf
);
3508 iov
.iov_len
= BLEN(buf
);
3509 mesg
.msg_iov
= &iov
;
3510 mesg
.msg_iovlen
= 1;
3511 switch (to
->dest
.addr
.sa
.sa_family
)
3515 mesg
.msg_name
= &to
->dest
.addr
.sa
;
3516 mesg
.msg_namelen
= sizeof(struct sockaddr_in
);
3517 mesg
.msg_control
= pktinfo_buf
;
3519 #if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
3520 mesg
.msg_controllen
= CMSG_SPACE(sizeof(struct in_pktinfo
));
3521 cmsg
= CMSG_FIRSTHDR(&mesg
);
3522 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct in_pktinfo
));
3523 cmsg
->cmsg_level
= SOL_IP
;
3524 cmsg
->cmsg_type
= IP_PKTINFO
;
3526 struct in_pktinfo
*pkti
;
3527 pkti
= (struct in_pktinfo
*) CMSG_DATA(cmsg
);
3528 pkti
->ipi_ifindex
= to
->pi
.in4
.ipi_ifindex
;
3529 pkti
->ipi_spec_dst
= to
->pi
.in4
.ipi_spec_dst
;
3530 pkti
->ipi_addr
.s_addr
= 0;
3532 #elif defined(IP_RECVDSTADDR)
3533 ASSERT( CMSG_SPACE(sizeof(struct in_addr
)) <= sizeof(pktinfo_buf
) );
3534 mesg
.msg_controllen
= CMSG_SPACE(sizeof(struct in_addr
));
3535 cmsg
= CMSG_FIRSTHDR(&mesg
);
3536 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct in_addr
));
3537 cmsg
->cmsg_level
= IPPROTO_IP
;
3538 cmsg
->cmsg_type
= IP_RECVDSTADDR
;
3539 *(struct in_addr
*) CMSG_DATA(cmsg
) = to
->pi
.in4
;
3540 #else /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3541 #error ENABLE_IP_PKTINFO is set without IP_PKTINFO xor IP_RECVDSTADDR (fix syshead.h)
3542 #endif /* if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST) */
3548 struct in6_pktinfo
*pkti6
;
3549 mesg
.msg_name
= &to
->dest
.addr
.sa
;
3550 mesg
.msg_namelen
= sizeof(struct sockaddr_in6
);
3552 ASSERT( CMSG_SPACE(sizeof(struct in6_pktinfo
)) <= sizeof(pktinfo_buf
) );
3553 mesg
.msg_control
= pktinfo_buf
;
3554 mesg
.msg_controllen
= CMSG_SPACE(sizeof(struct in6_pktinfo
));
3556 cmsg
= CMSG_FIRSTHDR(&mesg
);
3557 cmsg
->cmsg_len
= CMSG_LEN(sizeof(struct in6_pktinfo
));
3558 cmsg
->cmsg_level
= IPPROTO_IPV6
;
3559 cmsg
->cmsg_type
= IPV6_PKTINFO
;
3561 pkti6
= (struct in6_pktinfo
*) CMSG_DATA(cmsg
);
3562 pkti6
->ipi6_ifindex
= to
->pi
.in6
.ipi6_ifindex
;
3563 pkti6
->ipi6_addr
= to
->pi
.in6
.ipi6_addr
;
3569 return sendmsg(sock
->sd
, &mesg
, 0);
3572 #endif /* if ENABLE_IP_PKTINFO */
3575 * Win32 overlapped socket I/O functions.
3581 socket_recv_queue(struct link_socket
*sock
, int maxsize
)
3583 if (sock
->reads
.iostate
== IOSTATE_INITIAL
)
3588 /* reset buf to its initial state */
3589 if (proto_is_udp(sock
->info
.proto
))
3591 sock
->reads
.buf
= sock
->reads
.buf_init
;
3593 else if (proto_is_tcp(sock
->info
.proto
))
3595 stream_buf_get_next(&sock
->stream_buf
, &sock
->reads
.buf
);
3602 /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3603 wsabuf
[0].buf
= BPTR(&sock
->reads
.buf
);
3604 wsabuf
[0].len
= maxsize
? maxsize
: BLEN(&sock
->reads
.buf
);
3606 /* check for buffer overflow */
3607 ASSERT(wsabuf
[0].len
<= BLEN(&sock
->reads
.buf
));
3609 /* the overlapped read will signal this event on I/O completion */
3610 ASSERT(ResetEvent(sock
->reads
.overlapped
.hEvent
));
3611 sock
->reads
.flags
= 0;
3613 if (proto_is_udp(sock
->info
.proto
))
3615 sock
->reads
.addr_defined
= true;
3616 sock
->reads
.addrlen
= sizeof(sock
->reads
.addr6
);
3617 status
= WSARecvFrom(
3623 (struct sockaddr
*) &sock
->reads
.addr
,
3624 &sock
->reads
.addrlen
,
3625 &sock
->reads
.overlapped
,
3628 else if (proto_is_tcp(sock
->info
.proto
))
3630 sock
->reads
.addr_defined
= false;
3637 &sock
->reads
.overlapped
,
3646 if (!status
) /* operation completed immediately? */
3648 /* FIXME: won't do anything when sock->info.af == AF_UNSPEC */
3649 int af_len
= af_addr_size(sock
->info
.af
);
3650 if (sock
->reads
.addr_defined
&& af_len
&& sock
->reads
.addrlen
!= af_len
)
3652 bad_address_length(sock
->reads
.addrlen
, af_len
);
3654 sock
->reads
.iostate
= IOSTATE_IMMEDIATE_RETURN
;
3656 /* since we got an immediate return, we must signal the event object ourselves */
3657 ASSERT(SetEvent(sock
->reads
.overlapped
.hEvent
));
3658 sock
->reads
.status
= 0;
3660 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Receive immediate return [%d,%d]",
3661 (int) wsabuf
[0].len
,
3662 (int) sock
->reads
.size
);
3666 status
= WSAGetLastError();
3667 if (status
== WSA_IO_PENDING
) /* operation queued? */
3669 sock
->reads
.iostate
= IOSTATE_QUEUED
;
3670 sock
->reads
.status
= status
;
3671 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Receive queued [%d]",
3672 (int) wsabuf
[0].len
);
3674 else /* error occurred */
3676 struct gc_arena gc
= gc_new();
3677 ASSERT(SetEvent(sock
->reads
.overlapped
.hEvent
));
3678 sock
->reads
.iostate
= IOSTATE_IMMEDIATE_RETURN
;
3679 sock
->reads
.status
= status
;
3680 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Receive error [%d]: %s",
3681 (int) wsabuf
[0].len
,
3682 strerror_win32(status
, &gc
));
3687 return sock
->reads
.iostate
;
3691 socket_send_queue(struct link_socket
*sock
, struct buffer
*buf
, const struct link_socket_actual
*to
)
3693 if (sock
->writes
.iostate
== IOSTATE_INITIAL
)
3698 /* make a private copy of buf */
3699 sock
->writes
.buf
= sock
->writes
.buf_init
;
3700 sock
->writes
.buf
.len
= 0;
3701 ASSERT(buf_copy(&sock
->writes
.buf
, buf
));
3703 /* Win32 docs say it's okay to allocate the wsabuf on the stack */
3704 wsabuf
[0].buf
= BPTR(&sock
->writes
.buf
);
3705 wsabuf
[0].len
= BLEN(&sock
->writes
.buf
);
3707 /* the overlapped write will signal this event on I/O completion */
3708 ASSERT(ResetEvent(sock
->writes
.overlapped
.hEvent
));
3709 sock
->writes
.flags
= 0;
3711 if (proto_is_udp(sock
->info
.proto
))
3713 /* set destination address for UDP writes */
3714 sock
->writes
.addr_defined
= true;
3715 if (to
->dest
.addr
.sa
.sa_family
== AF_INET6
)
3717 sock
->writes
.addr6
= to
->dest
.addr
.in6
;
3718 sock
->writes
.addrlen
= sizeof(sock
->writes
.addr6
);
3722 sock
->writes
.addr
= to
->dest
.addr
.in4
;
3723 sock
->writes
.addrlen
= sizeof(sock
->writes
.addr
);
3732 (struct sockaddr
*) &sock
->writes
.addr
,
3733 sock
->writes
.addrlen
,
3734 &sock
->writes
.overlapped
,
3737 else if (proto_is_tcp(sock
->info
.proto
))
3739 /* destination address for TCP writes was established on connection initiation */
3740 sock
->writes
.addr_defined
= false;
3748 &sock
->writes
.overlapped
,
3757 if (!status
) /* operation completed immediately? */
3759 sock
->writes
.iostate
= IOSTATE_IMMEDIATE_RETURN
;
3761 /* since we got an immediate return, we must signal the event object ourselves */
3762 ASSERT(SetEvent(sock
->writes
.overlapped
.hEvent
));
3764 sock
->writes
.status
= 0;
3766 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Send immediate return [%d,%d]",
3767 (int) wsabuf
[0].len
,
3768 (int) sock
->writes
.size
);
3772 status
= WSAGetLastError();
3773 if (status
== WSA_IO_PENDING
) /* operation queued? */
3775 sock
->writes
.iostate
= IOSTATE_QUEUED
;
3776 sock
->writes
.status
= status
;
3777 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Send queued [%d]",
3778 (int) wsabuf
[0].len
);
3780 else /* error occurred */
3782 struct gc_arena gc
= gc_new();
3783 ASSERT(SetEvent(sock
->writes
.overlapped
.hEvent
));
3784 sock
->writes
.iostate
= IOSTATE_IMMEDIATE_RETURN
;
3785 sock
->writes
.status
= status
;
3787 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Send error [%d]: %s",
3788 (int) wsabuf
[0].len
,
3789 strerror_win32(status
, &gc
));
3795 return sock
->writes
.iostate
;
3799 socket_finalize(SOCKET s
,
3800 struct overlapped_io
*io
,
3802 struct link_socket_actual
*from
)
3807 switch (io
->iostate
)
3809 case IOSTATE_QUEUED
:
3810 status
= WSAGetOverlappedResult(
3819 /* successful return for a queued operation */
3825 io
->iostate
= IOSTATE_INITIAL
;
3826 ASSERT(ResetEvent(io
->overlapped
.hEvent
));
3828 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Completion success [%d]", ret
);
3832 /* error during a queued operation */
3834 if (WSAGetLastError() != WSA_IO_INCOMPLETE
)
3836 /* if no error (i.e. just not finished yet), then DON'T execute this code */
3837 io
->iostate
= IOSTATE_INITIAL
;
3838 ASSERT(ResetEvent(io
->overlapped
.hEvent
));
3839 msg(D_WIN32_IO
| M_ERRNO
, "WIN32 I/O: Socket Completion error");
3844 case IOSTATE_IMMEDIATE_RETURN
:
3845 io
->iostate
= IOSTATE_INITIAL
;
3846 ASSERT(ResetEvent(io
->overlapped
.hEvent
));
3849 /* error return for a non-queued operation */
3850 WSASetLastError(io
->status
);
3852 msg(D_WIN32_IO
| M_ERRNO
, "WIN32 I/O: Socket Completion non-queued error");
3856 /* successful return for a non-queued operation */
3862 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Completion non-queued success [%d]", ret
);
3866 case IOSTATE_INITIAL
: /* were we called without proper queueing? */
3867 WSASetLastError(WSAEINVAL
);
3869 dmsg(D_WIN32_IO
, "WIN32 I/O: Socket Completion BAD STATE");
3876 /* return from address if requested */
3879 if (ret
>= 0 && io
->addr_defined
)
3881 /* TODO(jjo): streamline this mess */
3882 /* in this func we dont have relevant info about the PF_ of this
3883 * endpoint, as link_socket_actual will be zero for the 1st received packet
3885 * Test for inets PF_ possible sizes
3887 switch (io
->addrlen
)
3889 case sizeof(struct sockaddr_in
):
3890 case sizeof(struct sockaddr_in6
):
3891 /* TODO(jjo): for some reason (?) I'm getting 24,28 for AF_INET6
3893 case sizeof(struct sockaddr_in6
)-4:
3897 bad_address_length(io
->addrlen
, af_addr_size(io
->addr
.sin_family
));
3900 switch (io
->addr
.sin_family
)
3903 from
->dest
.addr
.in4
= io
->addr
;
3907 from
->dest
.addr
.in6
= io
->addr6
;
3913 CLEAR(from
->dest
.addr
);
3927 * Socket event notification
3931 socket_set(struct link_socket
*s
,
3932 struct event_set
*es
,
3933 unsigned int rwflags
,
3935 unsigned int *persistent
)
3939 if ((rwflags
& EVENT_READ
) && !stream_buf_read_setup(s
))
3941 ASSERT(!persistent
);
3942 rwflags
&= ~EVENT_READ
;
3946 if (rwflags
& EVENT_READ
)
3948 socket_recv_queue(s
, 0);
3952 /* if persistent is defined, call event_ctl only if rwflags has changed since last call */
3953 if (!persistent
|| *persistent
!= rwflags
)
3955 event_ctl(es
, socket_event_handle(s
), rwflags
, arg
);
3958 *persistent
= rwflags
;
3962 s
->rwflags_debug
= rwflags
;
3968 sd_close(socket_descriptor_t
*sd
)
3970 if (sd
&& socket_defined(*sd
))
3972 openvpn_close_socket(*sd
);
3973 *sd
= SOCKET_UNDEFINED
;
3977 #if UNIX_SOCK_SUPPORT
3980 * code for unix domain sockets
3984 sockaddr_unix_name(const struct sockaddr_un
*local
, const char *null
)
3986 if (local
&& local
->sun_family
== PF_UNIX
)
3988 return local
->sun_path
;
3997 create_socket_unix(void)
3999 socket_descriptor_t sd
;
4001 if ((sd
= socket(PF_UNIX
, SOCK_STREAM
, 0)) < 0)
4003 msg(M_ERR
, "Cannot create unix domain socket");
4006 /* set socket file descriptor to not pass across execs, so that
4007 * scripts don't have access to it */
4014 socket_bind_unix(socket_descriptor_t sd
,
4015 struct sockaddr_un
*local
,
4018 struct gc_arena gc
= gc_new();
4021 const mode_t orig_umask
= umask(0);
4024 if (bind(sd
, (struct sockaddr
*) local
, sizeof(struct sockaddr_un
)))
4026 msg(M_FATAL
| M_ERRNO
,
4027 "%s: Socket bind[%d] failed on unix domain socket %s",
4030 sockaddr_unix_name(local
, "NULL"));
4041 socket_accept_unix(socket_descriptor_t sd
,
4042 struct sockaddr_un
*remote
)
4044 socklen_t remote_len
= sizeof(struct sockaddr_un
);
4045 socket_descriptor_t ret
;
4048 ret
= accept(sd
, (struct sockaddr
*) remote
, &remote_len
);
4051 /* set socket file descriptor to not pass across execs, so that
4052 * scripts don't have access to it */
4059 socket_connect_unix(socket_descriptor_t sd
,
4060 struct sockaddr_un
*remote
)
4062 int status
= connect(sd
, (struct sockaddr
*) remote
, sizeof(struct sockaddr_un
));
4065 status
= openvpn_errno();
4071 sockaddr_unix_init(struct sockaddr_un
*local
, const char *path
)
4073 local
->sun_family
= PF_UNIX
;
4074 strncpynt(local
->sun_path
, path
, sizeof(local
->sun_path
));
4078 socket_delete_unix(const struct sockaddr_un
*local
)
4080 const char *name
= sockaddr_unix_name(local
, NULL
);
4082 if (name
&& strlen(name
))
4090 unix_socket_get_peer_uid_gid(const socket_descriptor_t sd
, int *uid
, int *gid
)
4092 #ifdef HAVE_GETPEEREID
4095 if (getpeereid(sd
, &u
, &g
) == -1)
4108 #elif defined(SO_PEERCRED)
4109 struct ucred peercred
;
4110 socklen_t so_len
= sizeof(peercred
);
4111 if (getsockopt(sd
, SOL_SOCKET
, SO_PEERCRED
, &peercred
, &so_len
) == -1)
4117 *uid
= peercred
.uid
;
4121 *gid
= peercred
.gid
;
4124 #else /* ifdef HAVE_GETPEEREID */
4126 #endif /* ifdef HAVE_GETPEEREID */
4129 #endif /* if UNIX_SOCK_SUPPORT */