Attachment #123242: openvpn-2.0-udp6.patch for bug #183457

# $Id: CHANGES.IPv6,v 1.1.10.14 2005/06/22 16:01:10 jjo Exp $ #

* v0.3.12

  . merged payload conntrack fixes (EXPERIMENTAL code, disabled by default),

    almost no ipv6 related code changes.

* v0.3.11

  . woaooHOO: fixed udp6 MULTI (TLS server) !

* v0.3.10

  . stupid typo .... GRR

* v0.3.9

  . some MH code reorg., allow compilation with ./configure --disable-multihome

* v0.3.8

  . udp6 --multihome (MH) support fixed, tested OK! on GNU/Linux

* v0.3.7

  . udp6 MH support: compiles, not tested.

* v0.3.6

  . tested UDPv4 MH on GNU/Linux: works ok

  . fix incorrect addr printing in print_link_sockaddr() 

* v0.3.5

  . internals: kill print_link_sockaddr_ex(), just use print_propiate flags

   (just ~10lines change at all !)

* v0.3.4

  . make tcp4-client work against tcp6-server

* v0.3.3

  . freebsd: compute true addrlen for sendto() with af_addr_size()

* v0.3.2

  . minor changes to socket.[ch] (MH merge)

* v0.3.1

  . syshead.h MH changes were missing ; now it actually compiles MH support

* v0.3.0

  - tcp6-client, tcp6-server

  - MH patch included by default from now on

* v0.2.4-MH-0.0.6

  - account for !AF_INET in addr_host() 

  - removed S_IN, S_IN6 and S_UN casts; migrate last functions to openvpn_sockaddr: print*sockaddr*

  - more openvpn_sockaddr migration (polishing), almost ready

  - 3rd MH integration round

* v0.2.4

  - fix --route usage for udp6 (redirect-default-gateway semantics)

* v0.2.3

  - udp6 "correct" support for freebsd and openbsd

    cc and tested OK: freebsd-5.3,openbsd-3.6 against GNU/Linux

* v0.2.2

  - IPv6 (--proto udp6), unix-socket support selectable at configure-time 

    (all 4 combinations tested)

    ./configure --disable-ipv6        (enabled by default)

    ./configure --enable-unix-sockets (disabled by default)

    (internal) USE_PF_INET6, USE_PF_UNIX from autoconf

  - Change PROTO_x from #define to enum, to allow easier/cleaner support for

    optional protocols

  - Added IPV6_xxxx_HEADER_SIZE

* v0.2.1

  First public release, see README.IPv6

# vim: sw=2 

* Added IPv6 support (--udp6) and PF_UNIX (--unix-dgram)

  See README.IPv6 and CHANGES.IPv6 for details (Juanjo Ciarlante)

am__tar = @am__tar@

am__untar = @am__untar@

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/payload.Po@am__quote@

# $Id: README.IPv6,v 1.1.10.5 2005/06/22 15:57:51 jjo Exp $ #

This README covers UDP/IPv6 v0.3.x ( --udp6 and --tcp6-xxxxxx  ) support for openvpn-2.0.

Also, with address family "generalization" changes came local AF_UNIX socket

support.

Available under GPLv2 from 

  http://www.irrigacion.gov.ar/juanjo/openvpn/

See "Examples" section below for usage.

* Working:

  - tcp6->tcp6; tested on GNU/Linux

  - upd6->upd6; tested on GNU/Linux, FreeBSD-5.3 and OpenBSD-3.6.

  - upd4->upd6 (ipv6 bound); shows correctly mapped address (requires --float for now)

  - unix-dgram->unix-dgram [AF_UNIX]

    useful for implementing local proxies that can take full advantage

    of POSIX filesystem permissions ( more powerfull access mechanisms

    than inet, even for localhost)

  - multihome [MH] for IPv4 and IPv6; compiles and works OK GNU/Linux

    ipv4 MH support taken and adapted from James' original MH patch 

* Experimental code (correctly #ifdef'd out):

  - payload conntrack: intended for filtering TCP retransmissions over reliable links

    1st tests indicate aprox ~20% speedups (very coarsly tested)

* Setup:

  ./configure --disable-ipv6        (enabled by default)

  ./configure --enable-unix-sockets (disabled by default)

  ./configure --enable-payload-conntrack (experimental code, not for production usage)

  :

* Usage:

  For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example

  from man page ...

  On may:

    openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 --ifconfig 10.4.0.1 10.4.0.2

    --verb 5 --secret key

  On june:

    openvpn --proto udp6 --remote <may_IPv6_addr>  --dev tun1 --ifconfig 10.4.0.2 10.4.0.1

    --verb 5 --secret key

  Same for --proto tcp6-client, tcp6-server.

* Examples: some succesfully tested command lines 

  BTW did you know that openvpn can succesfully negotiate to self

  with --remote localhost ? VERY useful for fast testing.

  - IPv6 "normal" usage (+succesfully tested tunnel traffic) 

    server# openvpn --proto udp6 ...

      :

      Thu Sep 23 22:15:48 2004 Peer Connection Initiated with [AF_INET6]fe80::205:5dff:fef1:1ceb%wlan0wds1:5000

      :

    client# openvpn --proto udp6 --remote fe80::240:5ff:feae:c851 ...

      :

      Thu Sep 23 22:13:19 2004 Peer Connection Initiated with [AF_INET6]fe80::240:5ff:feae:c851%wlan0wds0:5000

      :

  - IPv6 server, IPv4 client (more detailed)

    server# openvpn --proto udp6 ...

      :

      Thu Sep 23 22:28:36 2004 UDPv6 link local (bound): [AF_INET6][undef]:5000

      Thu Sep 23 22:28:36 2004 UDPv6 link remote: [AF_INET6][undef]

      Thu Sep 23 22:28:50 2004 Peer Connection Initiated with [AF_INET6]::ffff:10.55.14.253:5000

      Thu Sep 23 22:28:51 2004 Initialization Sequence Completed

      Thu Sep 23 22:28:56 2004 WARNING: Actual Remote Options ('... proto UDPv4 ... ') \

                               are inconsistent with Expected Remote Options ('... proto UDPv6 ...')

    client# openvpn  --remote 10.55.14.254 ...  ### same default as now: --udp

      :

      Thu Sep 23 22:26:11 2004 UDPv4 link local (bound): [AF_INET][undef]:5000

      Thu Sep 23 22:26:11 2004 UDPv4 link remote: [AF_INET]10.55.14.254:5000

      Thu Sep 23 22:26:21 2004 Peer Connection Initiated with [AF_INET]10.55.14.254:5000

      Thu Sep 23 22:26:21 2004 WARNING: Actual Remote Options ('... proto UDPv6 ...') \

                               are inconsistent with Expected Remote Options ('... proto UDPv4 ...')

      Thu Sep 23 22:26:22 2004 Initialization Sequence Completed

  - IPv6 loopback

    alone# openvpn --proto udp6 --remote ::1 ...

      :

      Wed Sep 22 13:03:07 2004 Peer Connection Initiated with [AF_INET6]::1:5000

      :

  - AF_UNIX toself

    alone# openvpn --proto unix-dgram --local /tmp/o.s --remote /tmp/o.s --dev tun  ...

      :

      Thu Sep 23 16:37:27 2004 Peer Connection Initiated with [AF_UNIX]/tmp/o.s

      :

  - AF_UNIX between to diff instances

    peer1# openvpn --proto unix-dgram --local /tmp/o1.s --remote /tmp/o2.s

    peer2# openvpn --proto unix-dgram --local /tmp/o2.s --remote /tmp/o1.s

      :

      Wed Sep 22 12:49:03 2004 Peer Connection Initiated with [AF_UNIX]/tmp/o1.s

      :

* Main code changes summary:

  - socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo, 

    (here I omitted #ifdef USE_PF_xxxx, see socket.h )

    struct openvpn_sockaddr {

    	union {

    		struct sockaddr sa;

    		struct sockaddr_in in;

    		struct sockaddr_in6 in6;

    		struct sockaddr_un un;

    	} addr;

    	union {

    		struct in_pktinfo in;

    		struct in6_pktinfo in6;

    	} pi;	/* Multihome support for UDP */

    };

    struct link_socket_addr

    {

            struct openvpn_sockaddr local;

            struct openvpn_sockaddr remote;

            struct openvpn_sockaddr actual;

    };

    PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc

    (also local.pi.in and local.pi.in6)

  - several function prototypes moved from sockaddr_in to openvpn_sockaddr 

  - several new sockaddr functions needed to "generalize" AF_xxxx operations:

    addr_copy(), addr_zero(), ...etc

    proto_is_udp(), proto_is_dgram(), proto_is_net()

* TODO: (!: fundamental, w: wanted, n: nah ... not critical, ?: need more thought)

  [!]-  Implement comparison for mapped addesses: server in dual stack listening

        IPv6 must permit incoming streams from allowed IPv4 peer (ie without --float).

  [!]-  IPv6 with actual host resolution, currently only numerical (AI_NUMERICHOST)

  [n]-  call socket() lately, after getaddrinfo() to decide IPv4 or IPv6 host 

        (hence socket()) instead of needing -p {udp|udp6}

        NOT ACTUALLY a big trouble, given that you _do_ setup both sides

        (keys, certs, etc), using udp or udp6 is actually _another_ setup bit.

  [?]-  integrate both IPv4 and IPv6 addr resolution with getaddrinfo instead of

        venerable gethostbyname&friends, problem: horizontal portability (across

        platforms) and vertical portab. (across versions)

  DONE:

     -  ./configure [ --disable-ipv6 ] [ --enable-unix-sockets ] 

        map to USE_PF_INET6 and USE_PF_UNIX

     -  merge MH patch

     -  -p tcp6-client, -p tcp6-server

     -  MH IPv6 support 

--

JuanJo Ciarlante   jjo|at|mendoza.gov.ar

:                                                                  :

.                                         Linux IP Aliasing author .

.   Modular algo (AES et all) support for FreeSWAN/OpenSWAN author .

:...       plus  other scattered free software bits in the wild ...:

  am__include=`sed -n 's/^am__include = //p' < "$mf"`

  test -z "am__include" && continue

  am__quote=`sed -n 's/^am__quote = //p' < "$mf"`

# Check how to create a tarball.                            -*- Autoconf -*-

# Copyright (C) 2004  Free Software Foundation, Inc.

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; either version 2, or (at your option)

# any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA

# 02111-1307, USA.

# serial 1

# _AM_PROG_TAR(FORMAT)

# --------------------

# Check how to create a tarball in format FORMAT.

# FORMAT should be one of `v7', `ustar', or `pax'.

#

# Substitute a variable $(am__tar) that is a command

# writing to stdout a FORMAT-tarball containing the directory

# $tardir.

#     tardir=directory && $(am__tar) > result.tar

#

# Substitute a variable $(am__untar) that extract such

# a tarball read from stdin.

#     $(am__untar) < result.tar

AC_DEFUN([_AM_PROG_TAR],

[# Always define AMTAR for backward compatibility.

AM_MISSING_PROG([AMTAR], [tar])

m4_if([$1], [v7],

     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],

     [m4_case([$1], [ustar],, [pax],,

              [m4_fatal([Unknown tar format])])

AC_MSG_CHECKING([how to create a $1 tar archive])

# Loop over all known methods to create a tar archive until one works.

_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'

_am_tools=${am_cv_prog_tar_$1-$_am_tools}

# Do not fold the above two line into one, because Tru64 sh and

# Solaris sh will not grok spaces in the rhs of `-'.

for _am_tool in $_am_tools

do

  case $_am_tool in

  gnutar)

    for _am_tar in tar gnutar gtar;

    do

      AM_RUN_LOG([$_am_tar --version]) && break

    done

    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'

    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'

    am__untar="$_am_tar -xf -"

    ;;

  plaintar)

    # Must skip GNU tar: if it does not support --format= it doesn't create

    # ustar tarball either.

    (tar --version) >/dev/null 2>&1 && continue

    am__tar='tar chf - "$$tardir"'

    am__tar_='tar chf - "$tardir"'

    am__untar='tar xf -'

    ;;

  pax)

    am__tar='pax -L -x $1 -w "$$tardir"'

    am__tar_='pax -L -x $1 -w "$tardir"'

    am__untar='pax -r'

    ;;

  cpio)

    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'

    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'

    am__untar='cpio -i -H $1 -d'

    ;;

  none)

    am__tar=false

    am__tar_=false

    am__untar=false

    ;;

  esac

  # If the value was cached, stop now.  We just wanted to have am__tar

  # and am__untar set.

  test -n "${am_cv_prog_tar_$1}" && break

  # tar/untar a dummy directory, and stop if the command works

  rm -rf conftest.dir

  mkdir conftest.dir

  echo GrepMe > conftest.dir/file

  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])

  rm -rf conftest.dir

  if test -s conftest.tar; then

    AM_RUN_LOG([$am__untar <conftest.tar])

    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break

  fi

done

rm -rf conftest.dir

AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])

AC_MSG_RESULT([$am_cv_prog_tar_$1])])

AC_SUBST([am__tar])

AC_SUBST([am__untar])

]) # _AM_PROG_TAR

void buf_puts(struct buffer *buf, const char *str)

{

  uint8_t *ptr = BEND (buf);

  int cap = buf_forward_capacity (buf);

  if (cap > 0)

    {

      strncpynt ((char *)ptr,str, cap);

      *(buf->data + buf->capacity - 1) = 0; /* windows vsnprintf needs this */

      buf->len += (int) strlen ((char *)ptr);

    }

}

 * append str to a buffer with overflow check

 */

void buf_puts(struct buffer *buf, const char *str);

/*

/* Enable multi-homed UDP server capability */

#undef ENABLE_MULTIHOME

/* struct in_pktinfo needed for IP_PKTINFO support */

#undef HAVE_IN_PKTINFO

/* Define to 1 if you have the `recvmsg' function. */

#undef HAVE_RECVMSG

/* Define to 1 if you have the `sendmsg' function. */

#undef HAVE_SENDMSG

/* Enable payload conntrack */

#undef USE_PAYLOAD_CONNTRACK

/* struct sockaddr_in6 is needed for IPv6 peer support */

#undef USE_PF_INET6

/* Compile support for PF_UNIX sockets */

#undef USE_PF_UNIX

  --disable-multihome     Disable multi-homed UDP server support (--multihome)

  --disable-ipv6          Disable UDP/IPv6 support

  --enable-unix-sockets   Enable PF_UNIX sockets links

  --enable-payload-conntrack   Enable payload conntrack for eg. TCP retrans. dd for reliable links

# Check whether --enable-multihome or --disable-multihome was given.

if test "${enable_multihome+set}" = set; then

  enableval="$enable_multihome"

  MULTIHOME="$enableval"

else

  MULTIHOME="yes"

fi;

# Check whether --enable-ipv6 or --disable-ipv6 was given.

if test "${enable_ipv6+set}" = set; then

  enableval="$enable_ipv6"

  PF_INET6="$enableval"

else

  PF_INET6="yes"

fi;

# Check whether --enable-unix-sockets or --disable-unix-sockets was given.

if test "${enable_unix_sockets+set}" = set; then

  enableval="$enable_unix_sockets"

  PF_UNIX="$enableval"

else

  PF_UNIX="no"

fi;

# Check whether --enable-payload-conntrack or --disable-payload-conntrack was given.

if test "${enable_payload_conntrack+set}" = set; then

  enableval="$enable_payload_conntrack"

  PAYLOAD_CONNTRACK="$enableval"

else

  PAYLOAD_CONNTRACK="no"

fi;

# Always define AMTAR for backward compatibility.

AMTAR=${AMTAR-"${am_missing_run}tar"}

am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'

    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5

echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5

echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

echo "$as_me:$LINENO: checking for struct in_pktinfo" >&5

echo $ECHO_N "checking for struct in_pktinfo... $ECHO_C" >&6

if test "${ac_cv_type_struct_in_pktinfo+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

else

  cat >conftest.$ac_ext <<_ACEOF

/* confdefs.h.  */

_ACEOF

cat confdefs.h >>conftest.$ac_ext

cat >>conftest.$ac_ext <<_ACEOF

/* end confdefs.h.  */

#include "syshead.h"

int

main ()

{

if ((struct in_pktinfo *) 0)

  return 0;

if (sizeof (struct in_pktinfo))

  return 0;

  ;

  return 0;

}

_ACEOF

rm -f conftest.$ac_objext

if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5

  (eval $ac_compile) 2>conftest.er1

  ac_status=$?

  grep -v '^ *+' conftest.er1 >conftest.err

  rm -f conftest.er1

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; } &&

	 { ac_try='test -s conftest.$ac_objext'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; }; then

  ac_cv_type_struct_in_pktinfo=yes

else

  echo "$as_me: failed program was:" >&5

sed 's/^/| /' conftest.$ac_ext >&5

ac_cv_type_struct_in_pktinfo=no

fi

rm -f conftest.err conftest.$ac_objext conftest.$ac_ext

fi

echo "$as_me:$LINENO: result: $ac_cv_type_struct_in_pktinfo" >&5

echo "${ECHO_T}$ac_cv_type_struct_in_pktinfo" >&6

if test $ac_cv_type_struct_in_pktinfo = yes; then

cat >>confdefs.h <<\_ACEOF

#define HAVE_IN_PKTINFO 1

_ACEOF

fi

    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5

echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5

echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

    { echo "$as_me:$LINENO: WARNING: valgrind/memcheck.h: present but cannot be compiled" >&5

echo "$as_me: WARNING: valgrind/memcheck.h: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: valgrind/memcheck.h:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: valgrind/memcheck.h:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: valgrind/memcheck.h: see the Autoconf documentation" >&5

echo "$as_me: WARNING: valgrind/memcheck.h: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: valgrind/memcheck.h:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: valgrind/memcheck.h:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: valgrind/memcheck.h: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: valgrind/memcheck.h: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: valgrind/memcheck.h: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: valgrind/memcheck.h: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

    { echo "$as_me:$LINENO: WARNING: dmalloc.h: present but cannot be compiled" >&5

echo "$as_me: WARNING: dmalloc.h: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: dmalloc.h:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: dmalloc.h:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: dmalloc.h: see the Autoconf documentation" >&5

echo "$as_me: WARNING: dmalloc.h: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: dmalloc.h:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: dmalloc.h:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: dmalloc.h: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: dmalloc.h: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: dmalloc.h: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: dmalloc.h: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

    { echo "$as_me:$LINENO: WARNING: dlfcn.h: present but cannot be compiled" >&5

echo "$as_me: WARNING: dlfcn.h: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: dlfcn.h:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: dlfcn.h:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: dlfcn.h: see the Autoconf documentation" >&5

echo "$as_me: WARNING: dlfcn.h: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: dlfcn.h:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: dlfcn.h:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: dlfcn.h: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: dlfcn.h: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: dlfcn.h: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: dlfcn.h: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

    { echo "$as_me:$LINENO: WARNING: lzo1x.h: present but cannot be compiled" >&5

echo "$as_me: WARNING: lzo1x.h: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: lzo1x.h:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: lzo1x.h:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: lzo1x.h: see the Autoconf documentation" >&5

echo "$as_me: WARNING: lzo1x.h: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: lzo1x.h:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: lzo1x.h:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: lzo1x.h: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: lzo1x.h: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: lzo1x.h: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: lzo1x.h: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

    { echo "$as_me:$LINENO: WARNING: openssl/evp.h: present but cannot be compiled" >&5

echo "$as_me: WARNING: openssl/evp.h: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/evp.h:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: openssl/evp.h:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/evp.h: see the Autoconf documentation" >&5

echo "$as_me: WARNING: openssl/evp.h: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/evp.h:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: openssl/evp.h:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/evp.h: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: openssl/evp.h: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/evp.h: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: openssl/evp.h: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5

echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5

echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

    { echo "$as_me:$LINENO: WARNING: openssl/ssl.h: present but cannot be compiled" >&5

echo "$as_me: WARNING: openssl/ssl.h: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/ssl.h:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: openssl/ssl.h:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/ssl.h: see the Autoconf documentation" >&5

echo "$as_me: WARNING: openssl/ssl.h: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/ssl.h:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: openssl/ssl.h:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/ssl.h: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: openssl/ssl.h: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: openssl/ssl.h: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: openssl/ssl.h: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

if test "$PF_UNIX" = "yes"; then

   { echo "$as_me:$LINENO: checking for sys/un.h header file for PF_UNIX..." >&5

echo "$as_me: checking for sys/un.h header file for PF_UNIX..." >&6;}

   if test "${ac_cv_header_sys_un_h+set}" = set; then

  echo "$as_me:$LINENO: checking for sys/un.h" >&5

echo $ECHO_N "checking for sys/un.h... $ECHO_C" >&6

if test "${ac_cv_header_sys_un_h+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

fi

echo "$as_me:$LINENO: result: $ac_cv_header_sys_un_h" >&5

echo "${ECHO_T}$ac_cv_header_sys_un_h" >&6

else

  # Is the header compilable?

echo "$as_me:$LINENO: checking sys/un.h usability" >&5

echo $ECHO_N "checking sys/un.h usability... $ECHO_C" >&6

cat >conftest.$ac_ext <<_ACEOF

/* confdefs.h.  */

_ACEOF

cat confdefs.h >>conftest.$ac_ext

cat >>conftest.$ac_ext <<_ACEOF

/* end confdefs.h.  */

$ac_includes_default

#include <sys/un.h>

_ACEOF

rm -f conftest.$ac_objext

if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5

  (eval $ac_compile) 2>conftest.er1

  ac_status=$?

  grep -v '^ *+' conftest.er1 >conftest.err

  rm -f conftest.er1

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; } &&

	 { ac_try='test -s conftest.$ac_objext'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; }; then

  ac_header_compiler=yes

else

  echo "$as_me: failed program was:" >&5

sed 's/^/| /' conftest.$ac_ext >&5

ac_header_compiler=no

fi

rm -f conftest.err conftest.$ac_objext conftest.$ac_ext

echo "$as_me:$LINENO: result: $ac_header_compiler" >&5

echo "${ECHO_T}$ac_header_compiler" >&6

# Is the header present?

echo "$as_me:$LINENO: checking sys/un.h presence" >&5

echo $ECHO_N "checking sys/un.h presence... $ECHO_C" >&6

cat >conftest.$ac_ext <<_ACEOF

/* confdefs.h.  */

_ACEOF

cat confdefs.h >>conftest.$ac_ext

cat >>conftest.$ac_ext <<_ACEOF

/* end confdefs.h.  */

#include <sys/un.h>

_ACEOF

if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5

  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1

  ac_status=$?

  grep -v '^ *+' conftest.er1 >conftest.err

  rm -f conftest.er1

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } >/dev/null; then

  if test -s conftest.err; then

    ac_cpp_err=$ac_c_preproc_warn_flag

    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag

  else

    ac_cpp_err=

  fi

else

  ac_cpp_err=yes

fi

if test -z "$ac_cpp_err"; then

  ac_header_preproc=yes

else

  echo "$as_me: failed program was:" >&5

sed 's/^/| /' conftest.$ac_ext >&5

  ac_header_preproc=no

fi

rm -f conftest.err conftest.$ac_ext

echo "$as_me:$LINENO: result: $ac_header_preproc" >&5

echo "${ECHO_T}$ac_header_preproc" >&6

# So?  What about this header?

case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in

  yes:no: )

    { echo "$as_me:$LINENO: WARNING: sys/un.h: accepted by the compiler, rejected by the preprocessor!" >&5

echo "$as_me: WARNING: sys/un.h: accepted by the compiler, rejected by the preprocessor!" >&2;}

    { echo "$as_me:$LINENO: WARNING: sys/un.h: proceeding with the compiler's result" >&5

echo "$as_me: WARNING: sys/un.h: proceeding with the compiler's result" >&2;}

    ac_header_preproc=yes

    ;;

  no:yes:* )

    { echo "$as_me:$LINENO: WARNING: sys/un.h: present but cannot be compiled" >&5

echo "$as_me: WARNING: sys/un.h: present but cannot be compiled" >&2;}

    { echo "$as_me:$LINENO: WARNING: sys/un.h:     check for missing prerequisite headers?" >&5

echo "$as_me: WARNING: sys/un.h:     check for missing prerequisite headers?" >&2;}

    { echo "$as_me:$LINENO: WARNING: sys/un.h: see the Autoconf documentation" >&5

echo "$as_me: WARNING: sys/un.h: see the Autoconf documentation" >&2;}

    { echo "$as_me:$LINENO: WARNING: sys/un.h:     section \"Present But Cannot Be Compiled\"" >&5

echo "$as_me: WARNING: sys/un.h:     section \"Present But Cannot Be Compiled\"" >&2;}

    { echo "$as_me:$LINENO: WARNING: sys/un.h: proceeding with the preprocessor's result" >&5

echo "$as_me: WARNING: sys/un.h: proceeding with the preprocessor's result" >&2;}

    { echo "$as_me:$LINENO: WARNING: sys/un.h: in the future, the compiler will take precedence" >&5

echo "$as_me: WARNING: sys/un.h: in the future, the compiler will take precedence" >&2;}

    (

      cat <<\_ASBOX

## -------------------------------------------------- ##

## Report this to openvpn-users@lists.sourceforge.net ##

## -------------------------------------------------- ##

_ASBOX

    ) |

      sed "s/^/$as_me: WARNING:     /" >&2

    ;;

esac

echo "$as_me:$LINENO: checking for sys/un.h" >&5

echo $ECHO_N "checking for sys/un.h... $ECHO_C" >&6

if test "${ac_cv_header_sys_un_h+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

else

  ac_cv_header_sys_un_h=$ac_header_preproc

fi

echo "$as_me:$LINENO: result: $ac_cv_header_sys_un_h" >&5

echo "${ECHO_T}$ac_cv_header_sys_un_h" >&6

fi

if test $ac_cv_header_sys_un_h = yes; then

cat >>confdefs.h <<\_ACEOF

#define USE_PF_UNIX 1

_ACEOF

else

  { { echo "$as_me:$LINENO: error: sys/un.h header not found." >&5

echo "$as_me: error: sys/un.h header not found." >&2;}

   { (exit 1); exit 1; }; }

fi

fi

if test "$PF_INET6" = "yes"; then

  { echo "$as_me:$LINENO: checking for struct sockaddr_in6 for IPv6 support..." >&5

echo "$as_me: checking for struct sockaddr_in6 for IPv6 support..." >&6;}

  echo "$as_me:$LINENO: checking for struct sockaddr_in6" >&5

echo $ECHO_N "checking for struct sockaddr_in6... $ECHO_C" >&6

if test "${ac_cv_type_struct_sockaddr_in6+set}" = set; then

  echo $ECHO_N "(cached) $ECHO_C" >&6

else

  cat >conftest.$ac_ext <<_ACEOF

/* confdefs.h.  */

_ACEOF

cat confdefs.h >>conftest.$ac_ext

cat >>conftest.$ac_ext <<_ACEOF

/* end confdefs.h.  */

#include "syshead.h"

int

main ()

{

if ((struct sockaddr_in6 *) 0)

  return 0;

if (sizeof (struct sockaddr_in6))

  return 0;

  ;

  return 0;

}

_ACEOF

rm -f conftest.$ac_objext

if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5

  (eval $ac_compile) 2>conftest.er1

  ac_status=$?

  grep -v '^ *+' conftest.er1 >conftest.err

  rm -f conftest.er1

  cat conftest.err >&5

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); } &&

	 { ac_try='test -z "$ac_c_werror_flag"

			 || test ! -s conftest.err'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; } &&

	 { ac_try='test -s conftest.$ac_objext'

  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5

  (eval $ac_try) 2>&5

  ac_status=$?

  echo "$as_me:$LINENO: \$? = $ac_status" >&5

  (exit $ac_status); }; }; then

  ac_cv_type_struct_sockaddr_in6=yes

else

  echo "$as_me: failed program was:" >&5

sed 's/^/| /' conftest.$ac_ext >&5

ac_cv_type_struct_sockaddr_in6=no

fi

rm -f conftest.err conftest.$ac_objext conftest.$ac_ext

fi

echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_in6" >&5

echo "${ECHO_T}$ac_cv_type_struct_sockaddr_in6" >&6

if test $ac_cv_type_struct_sockaddr_in6 = yes; then

cat >>confdefs.h <<\_ACEOF

#define USE_PF_INET6 1

_ACEOF

fi

fi

if test "$PAYLOAD_CONNTRACK" = "yes"; then

cat >>confdefs.h <<\_ACEOF

#define USE_PAYLOAD_CONNTRACK 1

_ACEOF

fi

if test "$MULTIHOME" = "yes"; then

cat >>confdefs.h <<\_ACEOF

#define ENABLE_MULTIHOME 1

_ACEOF

fi

s,@AMTAR@,$AMTAR,;t t

s,@am__tar@,$am__tar,;t t

s,@am__untar@,$am__untar,;t t

  am__include=`sed -n 's/^am__include = //p' < "$mf"`

  test -z "am__include" && continue

  am__quote=`sed -n 's/^am__quote = //p' < "$mf"`

AC_ARG_ENABLE(multihome,

   [  --disable-multihome     Disable multi-homed UDP server support (--multihome)],

   [MULTIHOME="$enableval"],

   [MULTIHOME="yes"]

)

AC_ARG_ENABLE(ipv6,

   [  --disable-ipv6          Disable UDP/IPv6 support],

   [PF_INET6="$enableval"],

   [PF_INET6="yes"]

)

AC_ARG_ENABLE(unix-sockets,

   [  --enable-unix-sockets   Enable PF_UNIX sockets links],

   [PF_UNIX="$enableval"],

   [PF_UNIX="no"]

)

AC_ARG_ENABLE(payload-conntrack,

   [  --enable-payload-conntrack   Enable payload conntrack for eg. TCP retrans. dd for reliable links],

   [PAYLOAD_CONNTRACK="$enableval"],

   [PAYLOAD_CONNTRACK="no"]

)

AC_CHECK_TYPE(

	[struct in_pktinfo],

	[AC_DEFINE(HAVE_IN_PKTINFO, 1, [struct in_pktinfo needed for IP_PKTINFO support])],

	[],

	[#include "syshead.h"])

if test "$PF_UNIX" = "yes"; then

   AC_CHECKING([for sys/un.h header file for PF_UNIX])

   AC_CHECK_HEADER(sys/un.h, 

	[AC_DEFINE(USE_PF_UNIX, 1, [Compile support for PF_UNIX sockets])],

        [AC_MSG_ERROR([sys/un.h header not found.])]

   )

fi

if test "$PF_INET6" = "yes"; then

  AC_CHECKING([for struct sockaddr_in6 for IPv6 support])

  AC_CHECK_TYPE(

      [struct sockaddr_in6],

      [AC_DEFINE(USE_PF_INET6, 1, [struct sockaddr_in6 is needed for IPv6 peer support])],

      [],

      [#include "syshead.h"])

fi

dnl enable payload-conntrack optimizations

if test "$PAYLOAD_CONNTRACK" = "yes"; then

   AC_DEFINE(USE_PAYLOAD_CONNTRACK, 1, [Enable payload conntrack])

fi

dnl compile --multihome option

if test "$MULTIHOME" = "yes"; then

   AC_DEFINE(ENABLE_MULTIHOME, 1, [Enable multi-homed UDP server capability])

fi

#ifdef USE_PAYLOAD_CONNTRACK

#define D_PAYLOAD_CONNTRACK  LOGLEV(9, 70, M_DEBUG)  /* show payload conntrack debug info */

#endif

#include "payload-inline.h"

#if USE_PAYLOAD_CONNTRACK

  check_payload_gc(c);

#endif

#if USE_PAYLOAD_CONNTRACK

      if (c->c2.payload_context)

      {

	      if (payload_tcp_retrans_drop(c, &c->c2.buf))

	      {

		      buf_reset (&c->c2.to_link);

		      goto out;

	      }

      }

#endif

out:

#ifdef USE_PF_INET6

    case PROTO_UDPv6:

#endif

#ifdef USE_PF_INET6

    case PROTO_TCPv6_SERVER:

#endif

#ifdef USE_PF_INET6

    case PROTO_TCPv6_CLIENT:

#endif

#ifdef USE_PF_UNIX

    case PROTO_UNIX_DGRAM:

      sec = 2;

      break;

#endif