Lines 236-244
Link Here
|
236 |
|
236 |
|
237 |
static void |
237 |
static void |
238 |
update_remote (const char* host, |
238 |
update_remote (const char* host, |
239 |
struct sockaddr_in *addr, |
239 |
struct openvpn_sockaddr *addr, |
240 |
bool *changed) |
240 |
bool *changed) |
241 |
{ |
241 |
{ |
|
|
242 |
if (addr->addr.sa.sa_family == AF_INET) { |
242 |
if (host && addr) |
243 |
if (host && addr) |
243 |
{ |
244 |
{ |
244 |
const in_addr_t new_addr = getaddr ( |
245 |
const in_addr_t new_addr = getaddr ( |
Lines 247-258
Link Here
|
247 |
1, |
248 |
1, |
248 |
NULL, |
249 |
NULL, |
249 |
NULL); |
250 |
NULL); |
250 |
if (new_addr && addr->sin_addr.s_addr != new_addr) |
251 |
if (new_addr && addr->addr.in.sin_addr.s_addr != new_addr) |
251 |
{ |
252 |
{ |
252 |
addr->sin_addr.s_addr = new_addr; |
253 |
addr->addr.in.sin_addr.s_addr = new_addr; |
253 |
*changed = true; |
254 |
*changed = true; |
254 |
} |
255 |
} |
255 |
} |
256 |
} |
|
|
257 |
} |
256 |
} |
258 |
} |
257 |
|
259 |
|
258 |
static int |
260 |
static int |
Lines 439-460
Link Here
|
439 |
} |
441 |
} |
440 |
|
442 |
|
441 |
static socket_descriptor_t |
443 |
static socket_descriptor_t |
442 |
create_socket_udp (void) |
444 |
create_socket_udp (const unsigned int flags) |
443 |
{ |
445 |
{ |
444 |
socket_descriptor_t sd; |
446 |
socket_descriptor_t sd; |
445 |
|
447 |
|
446 |
if ((sd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) |
448 |
if ((sd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) |
447 |
msg (M_SOCKERR, "UDP: Cannot create UDP socket"); |
449 |
msg (M_SOCKERR, "UDP: Cannot create UDP socket"); |
|
|
450 |
#if ENABLE_IP_PKTINFO |
451 |
else if (flags & SF_USE_IP_PKTINFO) |
452 |
{ |
453 |
int pad = 1; |
454 |
setsockopt (sd, SOL_IP, IP_PKTINFO, (void*)&pad, sizeof(pad)); |
455 |
} |
456 |
#endif |
457 |
return sd; |
458 |
} |
459 |
|
460 |
#ifdef USE_PF_INET6 |
461 |
static socket_descriptor_t |
462 |
create_socket_udp6 (const unsigned int flags) |
463 |
{ |
464 |
socket_descriptor_t sd; |
465 |
|
466 |
if ((sd = socket (PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0) |
467 |
msg (M_SOCKERR, "UDP: Cannot create UDP6 socket"); |
468 |
#if ENABLE_IP_PKTINFO |
469 |
else if (flags & SF_USE_IP_PKTINFO) |
470 |
{ |
471 |
int pad = 1; |
472 |
setsockopt (sd, IPPROTO_IPV6, IPV6_PKTINFO, (void*)&pad, sizeof(pad)); |
473 |
} |
474 |
#endif |
448 |
return sd; |
475 |
return sd; |
449 |
} |
476 |
} |
450 |
|
477 |
|
|
|
478 |
static socket_descriptor_t |
479 |
create_socket_tcp6 (void) |
480 |
{ |
481 |
socket_descriptor_t sd; |
482 |
|
483 |
if ((sd = socket (PF_INET6, SOCK_STREAM, IPPROTO_TCP)) < 0) |
484 |
msg (M_SOCKERR, "Cannot create TCP6 socket"); |
485 |
|
486 |
/* set SO_REUSEADDR on socket */ |
487 |
{ |
488 |
int on = 1; |
489 |
if (setsockopt (sd, SOL_SOCKET, SO_REUSEADDR, |
490 |
(void *) &on, sizeof (on)) < 0) |
491 |
msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket"); |
492 |
} |
493 |
|
494 |
return sd; |
495 |
} |
496 |
|
497 |
#endif |
498 |
#ifdef USE_PF_UNIX |
499 |
static socket_descriptor_t |
500 |
create_socket_unix_dgram (void) |
501 |
{ |
502 |
socket_descriptor_t sd; |
503 |
|
504 |
if ((sd = socket (PF_UNIX, SOCK_DGRAM, 0)) < 0) |
505 |
msg (M_SOCKERR, "PF_UNIX: Cannot create datagram socket"); |
506 |
return sd; |
507 |
} |
508 |
#endif |
509 |
|
451 |
static void |
510 |
static void |
452 |
create_socket (struct link_socket *sock) |
511 |
create_socket (struct link_socket *sock) |
453 |
{ |
512 |
{ |
454 |
/* create socket */ |
513 |
/* create socket */ |
455 |
if (sock->info.proto == PROTO_UDPv4) |
514 |
if (sock->info.proto == PROTO_UDPv4) |
456 |
{ |
515 |
{ |
457 |
sock->sd = create_socket_udp (); |
516 |
sock->sd = create_socket_udp (sock->socket_flags); |
458 |
|
517 |
|
459 |
#ifdef ENABLE_SOCKS |
518 |
#ifdef ENABLE_SOCKS |
460 |
if (sock->socks_proxy) |
519 |
if (sock->socks_proxy) |
Lines 466-471
Link Here
|
466 |
{ |
525 |
{ |
467 |
sock->sd = create_socket_tcp (); |
526 |
sock->sd = create_socket_tcp (); |
468 |
} |
527 |
} |
|
|
528 |
#ifdef USE_PF_INET6 |
529 |
else if (sock->info.proto == PROTO_TCPv6_SERVER |
530 |
|| sock->info.proto == PROTO_TCPv6_CLIENT) |
531 |
{ |
532 |
sock->sd = create_socket_tcp6 (); |
533 |
} |
534 |
else if (sock->info.proto == PROTO_UDPv6) |
535 |
{ |
536 |
sock->sd = create_socket_udp6 (sock->socket_flags); |
537 |
} |
538 |
#endif |
539 |
#ifdef USE_PF_UNIX |
540 |
else if (sock->info.proto == PROTO_UNIX_DGRAM) |
541 |
{ |
542 |
sock->sd = create_socket_unix_dgram(); |
543 |
} |
544 |
#endif |
469 |
else |
545 |
else |
470 |
{ |
546 |
{ |
471 |
ASSERT (0); |
547 |
ASSERT (0); |
Lines 478-484
Link Here
|
478 |
|
554 |
|
479 |
static void |
555 |
static void |
480 |
socket_do_listen (socket_descriptor_t sd, |
556 |
socket_do_listen (socket_descriptor_t sd, |
481 |
const struct sockaddr_in *local, |
557 |
const struct openvpn_sockaddr *local, |
482 |
bool do_listen, |
558 |
bool do_listen, |
483 |
bool do_set_nonblock) |
559 |
bool do_set_nonblock) |
484 |
{ |
560 |
{ |
Lines 486-492
Link Here
|
486 |
if (do_listen) |
562 |
if (do_listen) |
487 |
{ |
563 |
{ |
488 |
msg (M_INFO, "Listening for incoming TCP connection on %s", |
564 |
msg (M_INFO, "Listening for incoming TCP connection on %s", |
489 |
print_sockaddr (local, &gc)); |
565 |
print_link_sockaddr (local, &gc)); |
490 |
if (listen (sd, 1)) |
566 |
if (listen (sd, 1)) |
491 |
msg (M_SOCKERR, "TCP: listen() failed"); |
567 |
msg (M_SOCKERR, "TCP: listen() failed"); |
492 |
} |
568 |
} |
Lines 500-515
Link Here
|
500 |
|
576 |
|
501 |
socket_descriptor_t |
577 |
socket_descriptor_t |
502 |
socket_do_accept (socket_descriptor_t sd, |
578 |
socket_do_accept (socket_descriptor_t sd, |
503 |
struct sockaddr_in *remote, |
579 |
struct openvpn_sockaddr *act, |
504 |
const bool nowait) |
580 |
const bool nowait) |
505 |
{ |
581 |
{ |
506 |
socklen_t remote_len = sizeof (*remote); |
582 |
/* af_addr_size WILL return 0 in this case if AFs other than AF_INET |
|
|
583 |
* are compiled because act is empty here. |
584 |
* could use getsockname() to support later remote_len check |
585 |
*/ |
586 |
socklen_t remote_len_af = af_addr_size(act->addr.sa.sa_family); |
587 |
socklen_t remote_len = sizeof(act->addr); |
507 |
socket_descriptor_t new_sd = SOCKET_UNDEFINED; |
588 |
socket_descriptor_t new_sd = SOCKET_UNDEFINED; |
508 |
|
589 |
|
|
|
590 |
CLEAR (*act); |
591 |
|
509 |
#ifdef HAVE_GETPEERNAME |
592 |
#ifdef HAVE_GETPEERNAME |
510 |
if (nowait) |
593 |
if (nowait) |
511 |
{ |
594 |
{ |
512 |
new_sd = getpeername (sd, (struct sockaddr *) remote, &remote_len); |
595 |
new_sd = getpeername (sd, &act->addr.sa, &remote_len); |
513 |
|
596 |
|
514 |
if (!socket_defined (new_sd)) |
597 |
if (!socket_defined (new_sd)) |
515 |
msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed"); |
598 |
msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed"); |
Lines 522-528
Link Here
|
522 |
#endif |
605 |
#endif |
523 |
else |
606 |
else |
524 |
{ |
607 |
{ |
525 |
new_sd = accept (sd, (struct sockaddr *) remote, &remote_len); |
608 |
new_sd = accept (sd, &act->addr.sa, &remote_len); |
526 |
} |
609 |
} |
527 |
|
610 |
|
528 |
#if 0 /* For debugging only, test the effect of accept() failures */ |
611 |
#if 0 /* For debugging only, test the effect of accept() failures */ |
Lines 538-544
Link Here
|
538 |
{ |
621 |
{ |
539 |
msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd); |
622 |
msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd); |
540 |
} |
623 |
} |
541 |
else if (remote_len != sizeof (*remote)) |
624 |
else if (remote_len_af && remote_len != remote_len_af) /* only check if we have remote_len_af!=0 */ |
542 |
{ |
625 |
{ |
543 |
msg (D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len); |
626 |
msg (D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len); |
544 |
openvpn_close_socket (new_sd); |
627 |
openvpn_close_socket (new_sd); |
Lines 548-574
Link Here
|
548 |
} |
631 |
} |
549 |
|
632 |
|
550 |
static void |
633 |
static void |
551 |
tcp_connection_established (const struct sockaddr_in *remote) |
634 |
tcp_connection_established (const struct openvpn_sockaddr *remote) |
552 |
{ |
635 |
{ |
553 |
struct gc_arena gc = gc_new (); |
636 |
struct gc_arena gc = gc_new (); |
554 |
msg (M_INFO, "TCP connection established with %s", |
637 |
msg (M_INFO, "TCP connection established with %s", |
555 |
print_sockaddr (remote, &gc)); |
638 |
print_link_sockaddr (remote, &gc)); |
556 |
gc_free (&gc); |
639 |
gc_free (&gc); |
557 |
} |
640 |
} |
558 |
|
641 |
|
559 |
static int |
642 |
static int |
560 |
socket_listen_accept (socket_descriptor_t sd, |
643 |
socket_listen_accept (socket_descriptor_t sd, |
561 |
struct sockaddr_in *remote, |
644 |
struct openvpn_sockaddr *act, |
562 |
const char *remote_dynamic, |
645 |
const char *remote_dynamic, |
563 |
bool *remote_changed, |
646 |
bool *remote_changed, |
564 |
const struct sockaddr_in *local, |
647 |
const struct openvpn_sockaddr *local, |
565 |
bool do_listen, |
648 |
bool do_listen, |
566 |
bool nowait, |
649 |
bool nowait, |
567 |
volatile int *signal_received) |
650 |
volatile int *signal_received) |
568 |
{ |
651 |
{ |
569 |
struct gc_arena gc = gc_new (); |
652 |
struct gc_arena gc = gc_new (); |
570 |
struct sockaddr_in remote_verify = *remote; |
653 |
struct openvpn_sockaddr remote_verify; |
571 |
int new_sd = SOCKET_UNDEFINED; |
654 |
int new_sd = SOCKET_UNDEFINED; |
|
|
655 |
addr_copy_sa(&remote_verify, act); |
656 |
CLEAR (*act); |
572 |
|
657 |
|
573 |
socket_do_listen (sd, local, do_listen, true); |
658 |
socket_do_listen (sd, local, do_listen, true); |
574 |
|
659 |
|
Lines 601-617
Link Here
|
601 |
continue; |
686 |
continue; |
602 |
} |
687 |
} |
603 |
|
688 |
|
604 |
new_sd = socket_do_accept (sd, remote, nowait); |
689 |
new_sd = socket_do_accept (sd, act, nowait); |
605 |
|
690 |
|
606 |
if (socket_defined (new_sd)) |
691 |
if (socket_defined (new_sd)) |
607 |
{ |
692 |
{ |
608 |
update_remote (remote_dynamic, &remote_verify, remote_changed); |
693 |
update_remote (remote_dynamic, &remote_verify, remote_changed); |
609 |
if (addr_defined (&remote_verify) |
694 |
if (addr_defined (&remote_verify) |
610 |
&& !addr_match (&remote_verify, remote)) |
695 |
&& !addr_match (&remote_verify, act)) |
611 |
{ |
696 |
{ |
612 |
msg (M_WARN, |
697 |
msg (M_WARN, |
613 |
"TCP NOTE: Rejected connection attempt from %s due to --remote setting", |
698 |
"TCP NOTE: Rejected connection attempt from %s due to --remote setting", |
614 |
print_sockaddr (remote, &gc)); |
699 |
print_link_sockaddr (act, &gc)); |
615 |
if (openvpn_close_socket (new_sd)) |
700 |
if (openvpn_close_socket (new_sd)) |
616 |
msg (M_SOCKERR, "TCP: close socket failed (new_sd)"); |
701 |
msg (M_SOCKERR, "TCP: close socket failed (new_sd)"); |
617 |
} |
702 |
} |
Lines 624-630
Link Here
|
624 |
if (!nowait && openvpn_close_socket (sd)) |
709 |
if (!nowait && openvpn_close_socket (sd)) |
625 |
msg (M_SOCKERR, "TCP: close socket failed (sd)"); |
710 |
msg (M_SOCKERR, "TCP: close socket failed (sd)"); |
626 |
|
711 |
|
627 |
tcp_connection_established (remote); |
712 |
tcp_connection_established (act); |
628 |
|
713 |
|
629 |
gc_free (&gc); |
714 |
gc_free (&gc); |
630 |
return new_sd; |
715 |
return new_sd; |
Lines 632-638
Link Here
|
632 |
|
717 |
|
633 |
static void |
718 |
static void |
634 |
socket_connect (socket_descriptor_t *sd, |
719 |
socket_connect (socket_descriptor_t *sd, |
635 |
struct sockaddr_in *remote, |
720 |
struct openvpn_sockaddr *remote, |
636 |
struct remote_list *remote_list, |
721 |
struct remote_list *remote_list, |
637 |
const char *remote_dynamic, |
722 |
const char *remote_dynamic, |
638 |
bool *remote_changed, |
723 |
bool *remote_changed, |
Lines 642-652
Link Here
|
642 |
struct gc_arena gc = gc_new (); |
727 |
struct gc_arena gc = gc_new (); |
643 |
|
728 |
|
644 |
msg (M_INFO, "Attempting to establish TCP connection with %s", |
729 |
msg (M_INFO, "Attempting to establish TCP connection with %s", |
645 |
print_sockaddr (remote, &gc)); |
730 |
print_link_sockaddr (remote, &gc)); |
646 |
while (true) |
731 |
while (true) |
647 |
{ |
732 |
{ |
648 |
const int status = connect (*sd, (struct sockaddr *) remote, |
733 |
const int status = connect (*sd, &remote->addr.sa, |
649 |
sizeof (*remote)); |
734 |
af_addr_size(remote->addr.sa.sa_family)); |
650 |
|
735 |
|
651 |
get_signal (signal_received); |
736 |
get_signal (signal_received); |
652 |
if (*signal_received) |
737 |
if (*signal_received) |
Lines 657-682
Link Here
|
657 |
|
742 |
|
658 |
msg (D_LINK_ERRORS | M_ERRNO_SOCK, |
743 |
msg (D_LINK_ERRORS | M_ERRNO_SOCK, |
659 |
"TCP: connect to %s failed, will try again in %d seconds", |
744 |
"TCP: connect to %s failed, will try again in %d seconds", |
660 |
print_sockaddr (remote, &gc), |
745 |
print_link_sockaddr (remote, &gc), |
661 |
connect_retry_seconds); |
746 |
connect_retry_seconds); |
662 |
|
747 |
|
663 |
openvpn_close_socket (*sd); |
748 |
openvpn_close_socket (*sd); |
664 |
openvpn_sleep (connect_retry_seconds); |
749 |
openvpn_sleep (connect_retry_seconds); |
665 |
|
750 |
|
|
|
751 |
switch(remote->addr.sa.sa_family) { |
752 |
case AF_INET: |
666 |
if (remote_list) |
753 |
if (remote_list) |
667 |
{ |
754 |
{ |
668 |
remote_list_next (remote_list); |
755 |
remote_list_next (remote_list); |
669 |
remote_dynamic = remote_list_host (remote_list); |
756 |
remote_dynamic = remote_list_host (remote_list); |
670 |
remote->sin_port = htons (remote_list_port (remote_list)); |
757 |
remote->addr.in.sin_port = htons (remote_list_port (remote_list)); |
671 |
*remote_changed = true; |
758 |
*remote_changed = true; |
672 |
} |
759 |
} |
673 |
|
760 |
|
674 |
*sd = create_socket_tcp (); |
761 |
*sd = create_socket_tcp (); |
675 |
update_remote (remote_dynamic, remote, remote_changed); |
762 |
update_remote (remote_dynamic, remote, remote_changed); |
|
|
763 |
break; |
764 |
default: |
765 |
msg(M_FATAL, "Only TCP is supported for connection oriented, sa_family=%d", |
766 |
remote->addr.sa.sa_family); |
767 |
} |
676 |
} |
768 |
} |
677 |
|
769 |
|
678 |
msg (M_INFO, "TCP connection established with %s", |
770 |
msg (M_INFO, "TCP connection established with %s", |
679 |
print_sockaddr (remote, &gc)); |
771 |
print_link_sockaddr (remote, &gc)); |
680 |
|
772 |
|
681 |
done: |
773 |
done: |
682 |
gc_free (&gc); |
774 |
gc_free (&gc); |
Lines 723-748
Link Here
|
723 |
resolve_bind_local (struct link_socket *sock) |
815 |
resolve_bind_local (struct link_socket *sock) |
724 |
{ |
816 |
{ |
725 |
struct gc_arena gc = gc_new (); |
817 |
struct gc_arena gc = gc_new (); |
|
|
818 |
int addrlen; |
726 |
|
819 |
|
727 |
/* resolve local address if undefined */ |
820 |
/* resolve local address if undefined */ |
728 |
if (!addr_defined (&sock->info.lsa->local)) |
821 |
if (!addr_defined (&sock->info.lsa->local)) |
729 |
{ |
822 |
{ |
730 |
sock->info.lsa->local.sin_family = AF_INET; |
823 |
switch(addr_guess_family(sock->info.proto, sock->local_host)) { /* may return AF_{INET|INET6|UNIX} guessed from local_host */ |
731 |
sock->info.lsa->local.sin_addr.s_addr = |
824 |
case AF_INET: |
|
|
825 |
sock->info.lsa->local.addr.in.sin_family = AF_INET; |
826 |
sock->info.lsa->local.addr.in.sin_addr.s_addr = |
732 |
(sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL, |
827 |
(sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL, |
733 |
sock->local_host, |
828 |
sock->local_host, |
734 |
0, |
829 |
0, |
735 |
NULL, |
830 |
NULL, |
736 |
NULL) |
831 |
NULL) |
737 |
: htonl (INADDR_ANY)); |
832 |
: htonl (INADDR_ANY)); |
738 |
sock->info.lsa->local.sin_port = htons (sock->local_port); |
833 |
sock->info.lsa->local.addr.in.sin_port = htons (sock->local_port); |
|
|
834 |
addrlen=sizeof(struct sockaddr_in); |
835 |
break; |
836 |
#ifdef USE_PF_INET6 |
837 |
case AF_INET6: |
838 |
{ |
839 |
struct addrinfo hints , *ai; |
840 |
int err; |
841 |
memset(&hints, 0, sizeof hints); |
842 |
hints.ai_flags=AI_NUMERICHOST|AI_PASSIVE; |
843 |
hints.ai_family=AF_INET6; |
844 |
/* if no local_host provided, ask for IN6ADDR_ANY ... */ |
845 |
if ((err=getaddrinfo(sock->local_host? sock->local_host : "::", |
846 |
NULL, &hints, &ai))==0) { |
847 |
sock->info.lsa->local.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr)); |
848 |
freeaddrinfo(ai); |
849 |
} else { |
850 |
msg (M_FATAL, "getaddrinfo() failed for local \"%s\": %s", |
851 |
sock->local_host, |
852 |
gai_strerror(err)); |
853 |
} |
854 |
sock->info.lsa->local.addr.in6.sin6_port = htons (sock->local_port); |
855 |
addrlen=sizeof(struct sockaddr_in6); |
856 |
break; |
857 |
} |
858 |
#endif |
859 |
#ifdef USE_PF_UNIX |
860 |
case AF_UNIX: |
861 |
sock->info.lsa->local.addr.un.sun_family = AF_UNIX; |
862 |
strncpynt(sock->info.lsa->local.addr.un.sun_path, sock->local_host, sizeof(sock->info.lsa->local.addr.un.sun_path)); |
863 |
addrlen=(offsetof (struct sockaddr_un, sun_path) + strlen (sock->info.lsa->local.addr.un.sun_path) + 1); |
864 |
|
865 |
break; |
866 |
#endif |
867 |
} |
739 |
} |
868 |
} |
740 |
|
869 |
|
741 |
/* bind to local address/port */ |
870 |
/* bind to local address/port */ |
742 |
if (sock->bind_local) |
871 |
if (sock->bind_local) |
743 |
{ |
872 |
{ |
744 |
if (bind (sock->sd, (struct sockaddr *) &sock->info.lsa->local, |
873 |
if (bind (sock->sd, &sock->info.lsa->local.addr.sa, addrlen)) |
745 |
sizeof (sock->info.lsa->local))) |
|
|
746 |
{ |
874 |
{ |
747 |
const int errnum = openvpn_errno_socket (); |
875 |
const int errnum = openvpn_errno_socket (); |
748 |
msg (M_FATAL, "TCP/UDP: Socket bind failed on local address %s: %s", |
876 |
msg (M_FATAL, "TCP/UDP: Socket bind failed on local address %s: %s", |
Lines 766-773
Link Here
|
766 |
/* resolve remote address if undefined */ |
894 |
/* resolve remote address if undefined */ |
767 |
if (!addr_defined (&sock->info.lsa->remote)) |
895 |
if (!addr_defined (&sock->info.lsa->remote)) |
768 |
{ |
896 |
{ |
769 |
sock->info.lsa->remote.sin_family = AF_INET; |
897 |
switch(addr_guess_family(sock->info.proto, sock->remote_host)) |
770 |
sock->info.lsa->remote.sin_addr.s_addr = 0; |
898 |
{ |
|
|
899 |
case AF_INET: |
900 |
sock->info.lsa->remote.addr.in.sin_family = AF_INET; |
901 |
sock->info.lsa->remote.addr.in.sin_addr.s_addr = 0; |
771 |
|
902 |
|
772 |
if (sock->remote_host) |
903 |
if (sock->remote_host) |
773 |
{ |
904 |
{ |
Lines 812-818
Link Here
|
812 |
ASSERT (0); |
943 |
ASSERT (0); |
813 |
} |
944 |
} |
814 |
|
945 |
|
815 |
sock->info.lsa->remote.sin_addr.s_addr = getaddr ( |
946 |
sock->info.lsa->remote.addr.in.sin_addr.s_addr = getaddr ( |
816 |
flags, |
947 |
flags, |
817 |
sock->remote_host, |
948 |
sock->remote_host, |
818 |
retry, |
949 |
retry, |
Lines 839-852
Link Here
|
839 |
} |
970 |
} |
840 |
} |
971 |
} |
841 |
|
972 |
|
842 |
sock->info.lsa->remote.sin_port = htons (sock->remote_port); |
973 |
sock->info.lsa->remote.addr.in.sin_port = htons (sock->remote_port); |
|
|
974 |
break; |
975 |
#ifdef USE_PF_INET6 |
976 |
case AF_INET6: |
977 |
{ |
978 |
struct addrinfo hints , *ai; |
979 |
int err; |
980 |
memset(&hints, 0, sizeof hints); |
981 |
hints.ai_flags=AI_NUMERICHOST; |
982 |
hints.ai_family=AF_INET6; |
983 |
if ((err=getaddrinfo(sock->remote_host? sock->remote_host : "::" , NULL, &hints, &ai))==0) { |
984 |
sock->info.lsa->remote.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr)); |
985 |
freeaddrinfo(ai); |
986 |
} else { |
987 |
msg (M_FATAL, "getaddrinfo() failed for remote \"%s\": %s", |
988 |
sock->remote_host, |
989 |
gai_strerror(err)); |
990 |
} |
991 |
sock->info.lsa->remote.addr.in6.sin6_port = htons (sock->remote_port); |
992 |
break; |
993 |
} |
994 |
#endif |
995 |
#ifdef USE_PF_UNIX |
996 |
case AF_UNIX: |
997 |
sock->info.lsa->remote.addr.un.sun_family = AF_UNIX; |
998 |
if (sock->remote_host) |
999 |
strncpynt (sock->info.lsa->remote.addr.un.sun_path, sock->remote_host, |
1000 |
sizeof (sock->info.lsa->remote.addr.un.sun_path)); |
1001 |
else |
1002 |
sock->info.lsa->remote.addr.un.sun_path[0] = 0; |
1003 |
break; |
1004 |
#endif |
1005 |
} |
843 |
} |
1006 |
} |
844 |
|
1007 |
|
845 |
/* should we re-use previous active remote address? */ |
1008 |
/* should we re-use previous active remote address? */ |
846 |
if (addr_defined (&sock->info.lsa->actual)) |
1009 |
if (link_addr_defined (&sock->info.lsa->actual)) |
847 |
{ |
1010 |
{ |
848 |
msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s", |
1011 |
msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s", |
849 |
print_sockaddr (&sock->info.lsa->actual, &gc)); |
1012 |
print_link_sockaddr (&sock->info.lsa->actual, &gc)); |
850 |
if (remote_dynamic) |
1013 |
if (remote_dynamic) |
851 |
*remote_dynamic = NULL; |
1014 |
*remote_dynamic = NULL; |
852 |
} |
1015 |
} |
Lines 902-908
Link Here
|
902 |
int connect_retry_seconds, |
1065 |
int connect_retry_seconds, |
903 |
int mtu_discover_type, |
1066 |
int mtu_discover_type, |
904 |
int rcvbuf, |
1067 |
int rcvbuf, |
905 |
int sndbuf) |
1068 |
int sndbuf, |
|
|
1069 |
const unsigned int socket_flags) |
906 |
{ |
1070 |
{ |
907 |
const char *remote_host; |
1071 |
const char *remote_host; |
908 |
int remote_port; |
1072 |
int remote_port; |
Lines 938-943
Link Here
|
938 |
sock->socket_buffer_sizes.rcvbuf = rcvbuf; |
1102 |
sock->socket_buffer_sizes.rcvbuf = rcvbuf; |
939 |
sock->socket_buffer_sizes.sndbuf = sndbuf; |
1103 |
sock->socket_buffer_sizes.sndbuf = sndbuf; |
940 |
|
1104 |
|
|
|
1105 |
sock->socket_flags = socket_flags; |
1106 |
|
941 |
sock->info.proto = proto; |
1107 |
sock->info.proto = proto; |
942 |
sock->info.remote_float = remote_float; |
1108 |
sock->info.remote_float = remote_float; |
943 |
sock->info.lsa = lsa; |
1109 |
sock->info.lsa = lsa; |
Lines 1084-1090
Link Here
|
1084 |
goto done; |
1250 |
goto done; |
1085 |
|
1251 |
|
1086 |
/* TCP client/server */ |
1252 |
/* TCP client/server */ |
1087 |
if (sock->info.proto == PROTO_TCPv4_SERVER) |
1253 |
if (sock->info.proto == PROTO_TCPv4_SERVER || sock->info.proto == PROTO_TCPv6_SERVER) |
1088 |
{ |
1254 |
{ |
1089 |
switch (sock->mode) |
1255 |
switch (sock->mode) |
1090 |
{ |
1256 |
{ |
Lines 1119-1125
Link Here
|
1119 |
ASSERT (0); |
1285 |
ASSERT (0); |
1120 |
} |
1286 |
} |
1121 |
} |
1287 |
} |
1122 |
else if (sock->info.proto == PROTO_TCPv4_CLIENT) |
1288 |
else if (sock->info.proto == PROTO_TCPv4_CLIENT || sock->info.proto == PROTO_TCPv6_CLIENT) |
1123 |
{ |
1289 |
{ |
1124 |
socket_connect (&sock->sd, |
1290 |
socket_connect (&sock->sd, |
1125 |
&sock->info.lsa->actual, |
1291 |
&sock->info.lsa->actual, |
Lines 1181-1188
Link Here
|
1181 |
sock->remote_host = sock->proxy_dest_host; |
1347 |
sock->remote_host = sock->proxy_dest_host; |
1182 |
sock->remote_port = sock->proxy_dest_port; |
1348 |
sock->remote_port = sock->proxy_dest_port; |
1183 |
sock->did_resolve_remote = false; |
1349 |
sock->did_resolve_remote = false; |
1184 |
sock->info.lsa->actual.sin_addr.s_addr = 0; |
1350 |
addr_zero_host(&sock->info.lsa->actual); |
1185 |
sock->info.lsa->remote.sin_addr.s_addr = 0; |
1351 |
addr_zero_host(&sock->info.lsa->remote); |
1186 |
|
1352 |
|
1187 |
resolve_remote (sock, 1, NULL, signal_received); |
1353 |
resolve_remote (sock, 1, NULL, signal_received); |
1188 |
|
1354 |
|
Lines 1197-1203
Link Here
|
1197 |
if (remote_changed) |
1363 |
if (remote_changed) |
1198 |
{ |
1364 |
{ |
1199 |
msg (M_INFO, "TCP/UDP: Dynamic remote address changed during TCP connection establishment"); |
1365 |
msg (M_INFO, "TCP/UDP: Dynamic remote address changed during TCP connection establishment"); |
1200 |
sock->info.lsa->remote.sin_addr.s_addr = sock->info.lsa->actual.sin_addr.s_addr; |
1366 |
addr_copy_host(&sock->info.lsa->remote, &sock->info.lsa->actual); |
1201 |
} |
1367 |
} |
1202 |
} |
1368 |
} |
1203 |
|
1369 |
|
Lines 1221-1227
Link Here
|
1221 |
|
1387 |
|
1222 |
#if EXTENDED_SOCKET_ERROR_CAPABILITY |
1388 |
#if EXTENDED_SOCKET_ERROR_CAPABILITY |
1223 |
/* if the OS supports it, enable extended error passing on the socket */ |
1389 |
/* if the OS supports it, enable extended error passing on the socket */ |
1224 |
set_sock_extended_error_passing (sock->sd); |
1390 |
if (addr_inet4or6(&sock->info.lsa->local.addr.sa)) |
|
|
1391 |
set_sock_extended_error_passing (sock->sd); |
1225 |
#endif |
1392 |
#endif |
1226 |
|
1393 |
|
1227 |
/* print local address */ |
1394 |
/* print local address */ |
Lines 1231-1242
Link Here
|
1231 |
msg (M_INFO, "%s link local%s: %s", |
1398 |
msg (M_INFO, "%s link local%s: %s", |
1232 |
proto2ascii (sock->info.proto, true), |
1399 |
proto2ascii (sock->info.proto, true), |
1233 |
(sock->bind_local ? " (bound)" : ""), |
1400 |
(sock->bind_local ? " (bound)" : ""), |
1234 |
print_sockaddr_ex (&sock->info.lsa->local, sock->bind_local, ":", &gc)); |
1401 |
print_sockaddr_ex (&sock->info.lsa->local, ":", sock->bind_local ? PS_SHOW_PORT: 0, &gc)); |
1235 |
|
1402 |
|
1236 |
/* print active remote address */ |
1403 |
/* print active remote address */ |
1237 |
msg (M_INFO, "%s link remote: %s", |
1404 |
msg (M_INFO, "%s link remote: %s", |
1238 |
proto2ascii (sock->info.proto, true), |
1405 |
proto2ascii (sock->info.proto, true), |
1239 |
print_sockaddr_ex (&sock->info.lsa->actual, addr_defined (&sock->info.lsa->actual), ":", &gc)); |
1406 |
print_sockaddr_ex (&sock->info.lsa->actual, ":", PS_SHOW_PORT_IF_DEFINED|PS_SHOW_PKTINFO, &gc)); |
1240 |
|
1407 |
|
1241 |
done: |
1408 |
done: |
1242 |
if (sig_save && signal_received) |
1409 |
if (sig_save && signal_received) |
Lines 1312-1324
Link Here
|
1312 |
void |
1479 |
void |
1313 |
link_socket_connection_initiated (const struct buffer *buf, |
1480 |
link_socket_connection_initiated (const struct buffer *buf, |
1314 |
struct link_socket_info *info, |
1481 |
struct link_socket_info *info, |
1315 |
const struct sockaddr_in *addr, |
1482 |
const struct openvpn_sockaddr *act, |
1316 |
const char *common_name, |
1483 |
const char *common_name, |
1317 |
struct env_set *es) |
1484 |
struct env_set *es) |
1318 |
{ |
1485 |
{ |
1319 |
struct gc_arena gc = gc_new (); |
1486 |
struct gc_arena gc = gc_new (); |
1320 |
|
1487 |
|
1321 |
info->lsa->actual = *addr; /* Note: skip this line for --force-dest */ |
1488 |
/* acquire script mutex */ |
|
|
1489 |
//mutex_lock_static (L_SCRIPT); |
1490 |
|
1491 |
//addr_copy(&info->lsa->actual.addr.sa, addr); /* Note: skip this line for --force-dest */ |
1492 |
info->lsa->actual = *act; /* Note: skip this line for --force-dest */ |
1322 |
setenv_trusted (es, info); |
1493 |
setenv_trusted (es, info); |
1323 |
info->connection_established = true; |
1494 |
info->connection_established = true; |
1324 |
|
1495 |
|
Lines 1327-1333
Link Here
|
1327 |
struct buffer out = alloc_buf_gc (256, &gc); |
1498 |
struct buffer out = alloc_buf_gc (256, &gc); |
1328 |
if (common_name) |
1499 |
if (common_name) |
1329 |
buf_printf (&out, "[%s] ", common_name); |
1500 |
buf_printf (&out, "[%s] ", common_name); |
1330 |
buf_printf (&out, "Peer Connection Initiated with %s", print_sockaddr (&info->lsa->actual, &gc)); |
1501 |
buf_printf (&out, "Peer Connection Initiated with %s", print_link_sockaddr (&info->lsa->actual, &gc)); |
1331 |
msg (M_INFO, "%s", BSTR (&out)); |
1502 |
msg (M_INFO, "%s", BSTR (&out)); |
1332 |
} |
1503 |
} |
1333 |
|
1504 |
|
Lines 1337-1343
Link Here
|
1337 |
/* Process --ipchange plugin */ |
1508 |
/* Process --ipchange plugin */ |
1338 |
if (plugin_defined (info->plugins, OPENVPN_PLUGIN_IPCHANGE)) |
1509 |
if (plugin_defined (info->plugins, OPENVPN_PLUGIN_IPCHANGE)) |
1339 |
{ |
1510 |
{ |
1340 |
const char *addr_ascii = print_sockaddr_ex (&info->lsa->actual, true, " ", &gc); |
1511 |
const char *addr_ascii = print_sockaddr_ex (&info->lsa->actual, " ", PS_SHOW_PORT, &gc); |
1341 |
if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, addr_ascii, es)) |
1512 |
if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, addr_ascii, es)) |
1342 |
msg (M_WARN, "WARNING: ipchange plugin call failed"); |
1513 |
msg (M_WARN, "WARNING: ipchange plugin call failed"); |
1343 |
} |
1514 |
} |
Lines 1349-1355
Link Here
|
1349 |
setenv_str (es, "script_type", "ipchange"); |
1520 |
setenv_str (es, "script_type", "ipchange"); |
1350 |
buf_printf (&out, "%s %s", |
1521 |
buf_printf (&out, "%s %s", |
1351 |
info->ipchange_command, |
1522 |
info->ipchange_command, |
1352 |
print_sockaddr_ex (&info->lsa->actual, true, " ", &gc)); |
1523 |
print_sockaddr_ex (&info->lsa->actual, " ", PS_SHOW_PORT, &gc)); |
1353 |
system_check (BSTR (&out), es, S_SCRIPT, "ip-change command failed"); |
1524 |
system_check (BSTR (&out), es, S_SCRIPT, "ip-change command failed"); |
1354 |
} |
1525 |
} |
1355 |
|
1526 |
|
Lines 1359-1375
Link Here
|
1359 |
void |
1530 |
void |
1360 |
link_socket_bad_incoming_addr (struct buffer *buf, |
1531 |
link_socket_bad_incoming_addr (struct buffer *buf, |
1361 |
const struct link_socket_info *info, |
1532 |
const struct link_socket_info *info, |
1362 |
const struct sockaddr_in *from_addr) |
1533 |
const struct openvpn_sockaddr *from_addr) |
1363 |
{ |
1534 |
{ |
1364 |
struct gc_arena gc = gc_new (); |
1535 |
struct gc_arena gc = gc_new (); |
1365 |
|
1536 |
|
|
|
1537 |
switch(from_addr->addr.sa.sa_family) { |
1538 |
case AF_INET: |
1366 |
msg (D_LINK_ERRORS, |
1539 |
msg (D_LINK_ERRORS, |
1367 |
"TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)", |
1540 |
"TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)", |
|
|
1541 |
print_link_sockaddr (from_addr, &gc), |
1542 |
(int)from_addr->addr.sa.sa_family, |
1543 |
print_sockaddr (&info->lsa->remote, &gc)); |
1544 |
break; |
1545 |
#ifdef USE_PF_INET6 |
1546 |
case AF_INET6: |
1547 |
msg (D_LINK_ERRORS, |
1548 |
"TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)", |
1549 |
print_link_sockaddr (from_addr, &gc), |
1550 |
(int)from_addr->addr.sa.sa_family, |
1551 |
print_sockaddr (&info->lsa->remote, &gc)); |
1552 |
break; |
1553 |
#endif |
1554 |
#ifdef USE_PF_UNIX |
1555 |
case AF_UNIX: |
1556 |
msg (D_LINK_ERRORS, |
1557 |
"AF_UNIX: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source by removing --remote or adding --float)", |
1368 |
print_sockaddr (from_addr, &gc), |
1558 |
print_sockaddr (from_addr, &gc), |
1369 |
(int)from_addr->sin_family, |
1559 |
(int)from_addr->addr.sa.sa_family, |
1370 |
print_sockaddr (&info->lsa->remote, &gc)); |
1560 |
print_sockaddr (&info->lsa->remote, &gc)); |
|
|
1561 |
break; |
1562 |
#endif |
1563 |
} |
1371 |
buf->len = 0; |
1564 |
buf->len = 0; |
1372 |
|
|
|
1373 |
gc_free (&gc); |
1565 |
gc_free (&gc); |
1374 |
} |
1566 |
} |
1375 |
|
1567 |
|
Lines 1384-1393
Link Here
|
1384 |
{ |
1576 |
{ |
1385 |
const struct link_socket_addr *lsa = info->lsa; |
1577 |
const struct link_socket_addr *lsa = info->lsa; |
1386 |
|
1578 |
|
|
|
1579 |
/* |
1580 |
* This logic supports "redirect-gateway" semantic, which |
1581 |
* makes sense only for PF_INET routes over PF_INET endpoints |
1582 |
* |
1583 |
* Maybe in the future consider PF_INET6 endpoints also ... |
1584 |
* by now just ignore it |
1585 |
* |
1586 |
*/ |
1587 |
#if defined ( USE_PF_INET6 ) || defined ( USE_PF_UNIX ) |
1588 |
if(lsa->actual.addr.sa.sa_family != AF_INET) |
1589 |
return 0; |
1590 |
#else |
1591 |
ASSERT(lsa->actual.addr.sa.sa_family == AF_INET); |
1592 |
#endif |
1387 |
if (addr_defined (&lsa->actual)) |
1593 |
if (addr_defined (&lsa->actual)) |
1388 |
return ntohl (lsa->actual.sin_addr.s_addr); |
1594 |
return ntohl (lsa->actual.addr.in.sin_addr.s_addr); |
1389 |
else if (addr_defined (&lsa->remote)) |
1595 |
else if (addr_defined (&lsa->remote)) |
1390 |
return ntohl (lsa->remote.sin_addr.s_addr); |
1596 |
return ntohl (lsa->remote.addr.in.sin_addr.s_addr); |
1391 |
else |
1597 |
else |
1392 |
return 0; |
1598 |
return 0; |
1393 |
} |
1599 |
} |
Lines 1580-1607
Link Here
|
1580 |
*/ |
1786 |
*/ |
1581 |
|
1787 |
|
1582 |
const char * |
1788 |
const char * |
1583 |
print_sockaddr (const struct sockaddr_in *addr, struct gc_arena *gc) |
1789 |
print_sockaddr (const struct openvpn_sockaddr *addr, struct gc_arena *gc) |
1584 |
{ |
1790 |
{ |
1585 |
return print_sockaddr_ex(addr, true, ":", gc); |
1791 |
return print_sockaddr_ex(addr, ":", PS_SHOW_PORT, gc); |
1586 |
} |
1792 |
} |
1587 |
|
1793 |
|
1588 |
const char * |
1794 |
const char * |
1589 |
print_sockaddr_ex (const struct sockaddr_in *addr, bool do_port, const char* separator, struct gc_arena *gc) |
1795 |
print_sockaddr_ex (const struct openvpn_sockaddr *addr, const char* separator, int flags, struct gc_arena *gc) |
1590 |
{ |
1796 |
{ |
1591 |
struct buffer out = alloc_buf_gc (64, gc); |
1797 |
struct buffer out; |
1592 |
const int port = ntohs (addr->sin_port); |
1798 |
bool addr_is_defined; |
1593 |
|
1799 |
|
|
|
1800 |
if (!addr) { |
1801 |
return "[NULL]"; |
1802 |
} |
1803 |
addr_is_defined = addr_defined (addr); |
1804 |
switch(addr->addr.sa.sa_family) { |
1805 |
case AF_INET: { |
1806 |
const int port= ntohs (addr->addr.in.sin_port); |
1807 |
out = alloc_buf_gc (128, gc); |
1808 |
buf_puts (&out, "[AF_INET]"); |
1594 |
mutex_lock_static (L_INET_NTOA); |
1809 |
mutex_lock_static (L_INET_NTOA); |
1595 |
buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->sin_addr) : "[undef]")); |
1810 |
buf_puts (&out, (addr_is_defined ? inet_ntoa (addr->addr.in.sin_addr) : "[undef]")); |
1596 |
mutex_unlock_static (L_INET_NTOA); |
1811 |
mutex_unlock_static (L_INET_NTOA); |
1597 |
|
1812 |
|
1598 |
if (do_port && port) |
1813 |
if (((flags & PS_SHOW_PORT) || (addr_is_defined && (flags & PS_SHOW_PORT_IF_DEFINED))) |
|
|
1814 |
&& port) |
1599 |
{ |
1815 |
{ |
1600 |
if (separator) |
1816 |
if (separator) |
1601 |
buf_printf (&out, "%s", separator); |
1817 |
buf_printf (&out, "%s", separator); |
1602 |
|
1818 |
|
1603 |
buf_printf (&out, "%d", port); |
1819 |
buf_printf (&out, "%d", port); |
1604 |
} |
1820 |
} |
|
|
1821 |
#if ENABLE_IP_PKTINFO |
1822 |
if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(addr)) |
1823 |
{ |
1824 |
buf_printf (&out, " (via %s)", inet_ntoa (addr->pi.in.ipi_spec_dst)); |
1825 |
} |
1826 |
#endif |
1827 |
} |
1828 |
break; |
1829 |
#ifdef USE_PF_INET6 |
1830 |
case AF_INET6: { |
1831 |
const int port= ntohs (addr->addr.in6.sin6_port); |
1832 |
char buf[INET6_ADDRSTRLEN] = "[undef]"; |
1833 |
out = alloc_buf_gc (128, gc); |
1834 |
buf_puts (&out, "[AF_INET6]"); |
1835 |
if (addr_is_defined) |
1836 |
{ |
1837 |
getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6), |
1838 |
buf, sizeof (buf), NULL, 0, NI_NUMERICHOST); |
1839 |
buf_puts (&out, buf); |
1840 |
} |
1841 |
if (((flags & PS_SHOW_PORT) || (addr_is_defined && (flags & PS_SHOW_PORT_IF_DEFINED))) |
1842 |
&& port) |
1843 |
{ |
1844 |
if (separator) |
1845 |
buf_puts (&out, separator); |
1846 |
|
1847 |
buf_printf (&out, "%d", port); |
1848 |
} |
1849 |
#if ENABLE_IP_PKTINFO |
1850 |
if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(addr)) |
1851 |
{ |
1852 |
struct sockaddr_in6 sin6; |
1853 |
memset(&sin6, 0, sizeof sin6); |
1854 |
sin6.sin6_family = AF_INET6; |
1855 |
sin6.sin6_addr = addr->pi.in6.ipi6_addr; |
1856 |
{ |
1857 |
if (getnameinfo((struct sockaddr *)&sin6, sizeof (struct sockaddr_in6), |
1858 |
buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) == 0) |
1859 |
buf_printf (&out, " (via %s)", buf); |
1860 |
else |
1861 |
buf_printf (&out, " (via [getnameinfo() err])"); |
1862 |
} |
1863 |
} |
1864 |
#endif |
1865 |
} |
1866 |
break; |
1867 |
#endif |
1868 |
#ifdef USE_PF_UNIX |
1869 |
case AF_UNIX: { |
1870 |
out = alloc_buf_gc (sizeof (addr->addr.un.sun_path)+9 /* "[AF_UNIX]" */+1, gc); |
1871 |
buf_puts (&out, "[AF_UNIX]"); |
1872 |
buf_puts (&out, addr->addr.un.sun_path); |
1873 |
} |
1874 |
break; |
1875 |
#endif |
1876 |
default: |
1877 |
return "[NO address family defined]"; |
1878 |
} |
1605 |
return BSTR (&out); |
1879 |
return BSTR (&out); |
1606 |
} |
1880 |
} |
1607 |
|
1881 |
|
Lines 1627-1652
Link Here
|
1627 |
return BSTR (&out); |
1901 |
return BSTR (&out); |
1628 |
} |
1902 |
} |
1629 |
|
1903 |
|
|
|
1904 |
const char * |
1905 |
print_link_sockaddr (const struct openvpn_sockaddr *act, struct gc_arena *gc) |
1906 |
{ |
1907 |
return print_sockaddr_ex (act, ":", PS_SHOW_PORT|PS_SHOW_PKTINFO, gc); |
1908 |
} |
1909 |
|
1630 |
/* set environmental variables for ip/port in *addr */ |
1910 |
/* set environmental variables for ip/port in *addr */ |
1631 |
void |
1911 |
void |
1632 |
setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct sockaddr_in *addr, const bool flags) |
1912 |
setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const bool flags) |
1633 |
{ |
1913 |
{ |
1634 |
char name_buf[256]; |
1914 |
char name_buf[256]; |
|
|
1915 |
char buf[128]; |
1635 |
|
1916 |
|
|
|
1917 |
switch(addr->addr.sa.sa_family) { |
1918 |
case AF_INET: |
1636 |
if (flags & SA_IP_PORT) |
1919 |
if (flags & SA_IP_PORT) |
1637 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip", name_prefix); |
1920 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip", name_prefix); |
1638 |
else |
1921 |
else |
1639 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix); |
1922 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix); |
1640 |
|
|
|
1641 |
mutex_lock_static (L_INET_NTOA); |
1923 |
mutex_lock_static (L_INET_NTOA); |
1642 |
setenv_str (es, name_buf, inet_ntoa (addr->sin_addr)); |
1924 |
setenv_str (es, name_buf, inet_ntoa (addr->addr.in.sin_addr)); |
1643 |
mutex_unlock_static (L_INET_NTOA); |
1925 |
mutex_unlock_static (L_INET_NTOA); |
1644 |
|
1926 |
|
1645 |
if ((flags & SA_IP_PORT) && addr->sin_port) |
1927 |
if ((flags & SA_IP_PORT) && (addr->addr.in.sin_port)) |
1646 |
{ |
1928 |
{ |
1647 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix); |
1929 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix); |
1648 |
setenv_int (es, name_buf, ntohs (addr->sin_port)); |
1930 |
setenv_int (es, name_buf, ntohs (addr->addr.in.sin_port)); |
1649 |
} |
1931 |
} |
|
|
1932 |
break; |
1933 |
#ifdef USE_PF_INET6 |
1934 |
case AF_INET6: |
1935 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix); |
1936 |
getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6), |
1937 |
buf, sizeof(buf), NULL, 0, NI_NUMERICHOST); |
1938 |
setenv_str (es, name_buf, buf); |
1939 |
|
1940 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix); |
1941 |
setenv_int (es, name_buf, ntohs (addr->addr.in6.sin6_port)); |
1942 |
break; |
1943 |
#endif |
1944 |
#ifdef USE_PF_UNIX |
1945 |
case AF_UNIX: |
1946 |
openvpn_snprintf (name_buf, sizeof (name_buf), "%s_path", name_prefix); |
1947 |
setenv_str (es, name_buf, addr->addr.un.sun_path); |
1948 |
break; |
1949 |
#endif |
1950 |
} |
1650 |
} |
1951 |
} |
1651 |
|
1952 |
|
1652 |
void |
1953 |
void |
Lines 1654-1666
Link Here
|
1654 |
{ |
1955 |
{ |
1655 |
if (addr || !(flags & SA_SET_IF_NONZERO)) |
1956 |
if (addr || !(flags & SA_SET_IF_NONZERO)) |
1656 |
{ |
1957 |
{ |
1657 |
struct sockaddr_in si; |
1958 |
struct openvpn_sockaddr osa; |
1658 |
CLEAR (si); |
1959 |
CLEAR (osa); |
1659 |
si.sin_addr.s_addr = htonl (addr); |
1960 |
osa.addr.in.sin_family = AF_INET; |
1660 |
setenv_sockaddr (es, name_prefix, &si, flags); |
1961 |
osa.addr.in.sin_addr.s_addr = htonl (addr); |
|
|
1962 |
setenv_sockaddr (es, name_prefix, &osa, flags); |
1661 |
} |
1963 |
} |
1662 |
} |
1964 |
} |
1663 |
|
1965 |
|
|
|
1966 |
|
1664 |
/* |
1967 |
/* |
1665 |
* Convert protocol names between index and ascii form. |
1968 |
* Convert protocol names between index and ascii form. |
1666 |
*/ |
1969 |
*/ |
Lines 1668-1683
Link Here
|
1668 |
struct proto_names { |
1971 |
struct proto_names { |
1669 |
const char *short_form; |
1972 |
const char *short_form; |
1670 |
const char *display_form; |
1973 |
const char *display_form; |
|
|
1974 |
bool is_dgram; |
1975 |
bool is_net; |
1976 |
sa_family_t proto_af; |
1671 |
}; |
1977 |
}; |
1672 |
|
1978 |
|
1673 |
/* Indexed by PROTO_x */ |
1979 |
/* Indexed by PROTO_x */ |
1674 |
static const struct proto_names proto_names[] = { |
1980 |
static const struct proto_names proto_names[PROTO_N] = { |
1675 |
{"udp", "UDPv4"}, |
1981 |
{"proto-uninitialized", "proto-NONE",0,0, AF_UNSPEC}, |
1676 |
{"tcp-server", "TCPv4_SERVER"}, |
1982 |
{"udp", "UDPv4",1,1, AF_INET}, |
1677 |
{"tcp-client", "TCPv4_CLIENT"}, |
1983 |
{"tcp-server", "TCPv4_SERVER",0,1, AF_INET}, |
1678 |
{"tcp", "TCPv4"} |
1984 |
{"tcp-client", "TCPv4_CLIENT",0,1, AF_INET}, |
|
|
1985 |
{"tcp", "TCPv4",0,1, AF_INET}, |
1986 |
#ifdef USE_PF_INET6 |
1987 |
{"udp6" ,"UDPv6",1,1, AF_INET6}, |
1988 |
{"tcp6-server","TCPv6_SERVER",0,1, AF_INET6}, |
1989 |
{"tcp6-client","TCPv6_CLIENT",0,1, AF_INET6}, |
1990 |
{"tcp6" ,"TCPv6",0,1, AF_INET6}, |
1991 |
#endif |
1992 |
#ifdef USE_PF_UNIX |
1993 |
{"unix-dgram" ,"UNIX_DGRAM",1,0, AF_UNIX }, |
1994 |
{"unix-stream","UNIX_STREAM",1,0, AF_UNIX } |
1995 |
#endif |
1679 |
}; |
1996 |
}; |
1680 |
|
1997 |
|
|
|
1998 |
bool |
1999 |
proto_is_net(int proto) |
2000 |
{ |
2001 |
if (proto < 0 || proto >= PROTO_N) |
2002 |
ASSERT(0); |
2003 |
return proto_names[proto].is_net; |
2004 |
} |
2005 |
bool |
2006 |
proto_is_dgram(int proto) |
2007 |
{ |
2008 |
if (proto < 0 || proto >= PROTO_N) |
2009 |
ASSERT(0); |
2010 |
return proto_names[proto].is_dgram; |
2011 |
} |
2012 |
bool |
2013 |
proto_is_udp(int proto) |
2014 |
{ |
2015 |
if (proto < 0 || proto >= PROTO_N) |
2016 |
ASSERT(0); |
2017 |
return proto_names[proto].is_dgram&&proto_names[proto].is_net; |
2018 |
} |
2019 |
bool |
2020 |
proto_is_tcp(int proto) |
2021 |
{ |
2022 |
if (proto < 0 || proto >= PROTO_N) |
2023 |
ASSERT(0); |
2024 |
return (!proto_names[proto].is_dgram)&&proto_names[proto].is_net; |
2025 |
} |
2026 |
|
2027 |
sa_family_t |
2028 |
proto_sa_family(int proto) |
2029 |
{ |
2030 |
if (proto < 0 || proto >= PROTO_N) |
2031 |
ASSERT(0); |
2032 |
return proto_names[proto].proto_af; |
2033 |
} |
2034 |
|
1681 |
int |
2035 |
int |
1682 |
ascii2proto (const char* proto_name) |
2036 |
ascii2proto (const char* proto_name) |
1683 |
{ |
2037 |
{ |
Lines 1708-1714
Link Here
|
1708 |
int i; |
2062 |
int i; |
1709 |
|
2063 |
|
1710 |
ASSERT (PROTO_N == SIZE (proto_names)); |
2064 |
ASSERT (PROTO_N == SIZE (proto_names)); |
1711 |
for (i = 0; i < PROTO_N; ++i) |
2065 |
for (i = 1; i < PROTO_N; ++i) /* skip first slot */ |
1712 |
{ |
2066 |
{ |
1713 |
if (i) |
2067 |
if (i) |
1714 |
buf_printf(&out, " "); |
2068 |
buf_printf(&out, " "); |
Lines 1717-1722
Link Here
|
1717 |
return BSTR (&out); |
2071 |
return BSTR (&out); |
1718 |
} |
2072 |
} |
1719 |
|
2073 |
|
|
|
2074 |
|
2075 |
int |
2076 |
addr_guess_family(int proto, const char *name) |
2077 |
{ |
2078 |
sa_family_t ret; |
2079 |
if (proto) { |
2080 |
return proto_sa_family(proto); /* already stamped */ |
2081 |
} |
2082 |
#ifdef USE_PF_UNIX |
2083 |
else if (name && name[0] == '/') { |
2084 |
return AF_UNIX; |
2085 |
} |
2086 |
#endif |
2087 |
#ifdef USE_PF_INET6 |
2088 |
else { |
2089 |
struct addrinfo hints , *ai; |
2090 |
int err; |
2091 |
memset(&hints, 0, sizeof hints); |
2092 |
hints.ai_flags=AI_NUMERICHOST; |
2093 |
if ((err=getaddrinfo(name, NULL, &hints, &ai))==0) { |
2094 |
ret=ai->ai_family; |
2095 |
freeaddrinfo(ai); |
2096 |
return ret; |
2097 |
} |
2098 |
} |
2099 |
#endif |
2100 |
return AF_INET; /* default */ |
2101 |
} |
2102 |
const char * |
2103 |
addr_family_name (int af) |
2104 |
{ |
2105 |
switch (af) { |
2106 |
case AF_INET: return "AF_INET"; |
2107 |
case AF_INET6: return "AF_INET6"; |
2108 |
#ifdef USE_PF_UNIX |
2109 |
case AF_UNIX: return "AF_UNIX"; |
2110 |
#endif |
2111 |
} |
2112 |
return "AF_UNSPEC"; |
2113 |
} |
2114 |
|
1720 |
/* |
2115 |
/* |
1721 |
* Given a local proto, return local proto |
2116 |
* Given a local proto, return local proto |
1722 |
* if !remote, or compatible remote proto |
2117 |
* if !remote, or compatible remote proto |
Lines 1790-1813
Link Here
|
1790 |
|
2185 |
|
1791 |
#ifndef WIN32 |
2186 |
#ifndef WIN32 |
1792 |
|
2187 |
|
|
|
2188 |
#if ENABLE_IP_PKTINFO |
2189 |
|
2190 |
struct openvpn_in_pktinfo |
2191 |
{ |
2192 |
struct cmsghdr cmsghdr; |
2193 |
struct in_pktinfo pi; |
2194 |
}; |
2195 |
#ifdef USE_PF_INET6 |
2196 |
struct openvpn_in6_pktinfo |
2197 |
{ |
2198 |
struct cmsghdr cmsghdr; |
2199 |
struct in6_pktinfo pi6; |
2200 |
}; |
2201 |
#endif |
2202 |
|
2203 |
union openvpn_pktinfo { |
2204 |
struct openvpn_in_pktinfo cmsgpi; |
2205 |
#ifdef USE_PF_INET6 |
2206 |
struct openvpn_in6_pktinfo cmsgpi6; |
2207 |
#endif |
2208 |
}; |
2209 |
|
2210 |
/* UDPv4 and UDPv6 */ |
2211 |
static socklen_t |
2212 |
link_socket_read_udp_posix_recvmsg (struct link_socket *sock, |
2213 |
struct buffer *buf, |
2214 |
int maxsize, |
2215 |
struct openvpn_sockaddr *from) |
2216 |
{ |
2217 |
struct iovec iov; |
2218 |
union openvpn_pktinfo opi; |
2219 |
struct msghdr mesg; |
2220 |
socklen_t fromlen = sizeof (from->addr); |
2221 |
|
2222 |
iov.iov_base = BPTR (buf); |
2223 |
iov.iov_len = maxsize; |
2224 |
mesg.msg_iov = &iov; |
2225 |
mesg.msg_iovlen = 1; |
2226 |
mesg.msg_name = &from->addr; |
2227 |
mesg.msg_namelen = fromlen; |
2228 |
mesg.msg_control = &opi; |
2229 |
mesg.msg_controllen = sizeof (opi); |
2230 |
buf->len = recvmsg (sock->sd, &mesg, 0); |
2231 |
if (buf->len >= 0) |
2232 |
{ |
2233 |
struct cmsghdr *cmsg; |
2234 |
fromlen = mesg.msg_namelen; |
2235 |
cmsg = CMSG_FIRSTHDR (&mesg); |
2236 |
if (cmsg != NULL |
2237 |
&& CMSG_NXTHDR (&mesg, cmsg) == NULL |
2238 |
&& cmsg->cmsg_level == SOL_IP |
2239 |
&& cmsg->cmsg_type == IP_PKTINFO |
2240 |
&& cmsg->cmsg_len >= sizeof (struct openvpn_in_pktinfo)) |
2241 |
{ |
2242 |
struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA (cmsg); |
2243 |
from->pi.in.ipi_ifindex = pkti->ipi_ifindex; |
2244 |
from->pi.in.ipi_spec_dst = pkti->ipi_spec_dst; |
2245 |
} |
2246 |
#ifdef USE_PF_INET6 |
2247 |
else if (cmsg != NULL |
2248 |
&& CMSG_NXTHDR (&mesg, cmsg) == NULL |
2249 |
&& cmsg->cmsg_level == IPPROTO_IPV6 |
2250 |
&& cmsg->cmsg_type == IPV6_PKTINFO |
2251 |
&& cmsg->cmsg_len >= sizeof (struct openvpn_in6_pktinfo)) |
2252 |
{ |
2253 |
struct in6_pktinfo *pkti6 = (struct in6_pktinfo *) CMSG_DATA (cmsg); |
2254 |
from->pi.in6.ipi6_ifindex = pkti6->ipi6_ifindex; |
2255 |
from->pi.in6.ipi6_addr = pkti6->ipi6_addr; |
2256 |
} |
2257 |
#endif |
2258 |
} |
2259 |
return fromlen; |
2260 |
} |
2261 |
#endif |
2262 |
|
2263 |
/* UDPv4 and UDPv6 */ |
1793 |
int |
2264 |
int |
1794 |
link_socket_read_udp_posix (struct link_socket *sock, |
2265 |
link_socket_read_udp_posix (struct link_socket *sock, |
1795 |
struct buffer *buf, |
2266 |
struct buffer *buf, |
1796 |
int maxsize, |
2267 |
int maxsize, |
1797 |
struct sockaddr_in *from) |
2268 |
struct openvpn_sockaddr *from) |
|
|
2269 |
{ |
2270 |
socklen_t fromlen = sizeof (from->addr); |
2271 |
socklen_t expectedlen = af_addr_size(proto_sa_family(sock->info.proto)); |
2272 |
CLEAR (*from); |
2273 |
ASSERT (buf_safe (buf, maxsize)); |
2274 |
#if ENABLE_IP_PKTINFO |
2275 |
/* if (sock->info.proto == PROTO_UDPv4 && sock->socket_flags & SF_USE_IP_PKTINFO) */ |
2276 |
/* Both PROTO_UDPv4 and PROTO_UDPv6 */ |
2277 |
if (proto_is_udp(sock->info.proto) && sock->socket_flags & SF_USE_IP_PKTINFO) |
2278 |
fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from); |
2279 |
else |
2280 |
#endif |
2281 |
buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0, |
2282 |
&from->addr.sa, &fromlen); |
2283 |
if (buf->len >= 0 && expectedlen && fromlen != expectedlen) |
2284 |
bad_address_length (fromlen, expectedlen); |
2285 |
return buf->len; |
2286 |
} |
2287 |
|
2288 |
#endif |
2289 |
|
2290 |
#ifdef USE_PF_UNIX |
2291 |
|
2292 |
int |
2293 |
link_socket_read_unix_dgram (struct link_socket *sock, |
2294 |
struct buffer *buf, |
2295 |
int maxsize, |
2296 |
struct sockaddr_un *from) |
1798 |
{ |
2297 |
{ |
1799 |
socklen_t fromlen = sizeof (*from); |
2298 |
socklen_t fromlen = sizeof (*from); |
1800 |
CLEAR (*from); |
2299 |
CLEAR (*from); |
1801 |
ASSERT (buf_safe (buf, maxsize)); |
2300 |
ASSERT (buf_safe (buf, maxsize)); |
|
|
2301 |
/* PF_UNIX DGRAM */ |
1802 |
buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0, |
2302 |
buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0, |
1803 |
(struct sockaddr *) from, &fromlen); |
2303 |
(struct sockaddr *) from, &fromlen); |
1804 |
if (fromlen != sizeof (*from)) |
2304 |
if (fromlen > sizeof (*from)) |
1805 |
bad_address_length (fromlen, sizeof (*from)); |
2305 |
bad_address_length (fromlen, sizeof (*from)); /* jjo: XXX: actually excessive_addr_len() */ |
1806 |
return buf->len; |
2306 |
return buf->len; |
1807 |
} |
2307 |
} |
1808 |
|
2308 |
|
1809 |
#endif |
2309 |
#endif |
1810 |
|
|
|
1811 |
/* |
2310 |
/* |
1812 |
* Socket Write Routines |
2311 |
* Socket Write Routines |
1813 |
*/ |
2312 |
*/ |
Lines 1815-1821
Link Here
|
1815 |
int |
2314 |
int |
1816 |
link_socket_write_tcp (struct link_socket *sock, |
2315 |
link_socket_write_tcp (struct link_socket *sock, |
1817 |
struct buffer *buf, |
2316 |
struct buffer *buf, |
1818 |
struct sockaddr_in *to) |
2317 |
struct openvpn_sockaddr *to) |
1819 |
{ |
2318 |
{ |
1820 |
packet_size_type len = BLEN (buf); |
2319 |
packet_size_type len = BLEN (buf); |
1821 |
dmsg (D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset); |
2320 |
dmsg (D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset); |
Lines 1829-1834
Link Here
|
1829 |
#endif |
2328 |
#endif |
1830 |
} |
2329 |
} |
1831 |
|
2330 |
|
|
|
2331 |
#if ENABLE_IP_PKTINFO |
2332 |
|
2333 |
int |
2334 |
link_socket_write_udp_posix_sendmsg (struct link_socket *sock, |
2335 |
struct buffer *buf, |
2336 |
struct openvpn_sockaddr *to) |
2337 |
{ |
2338 |
struct iovec iov; |
2339 |
struct msghdr mesg; |
2340 |
struct cmsghdr *cmsg; |
2341 |
|
2342 |
/* ASSERT(sock->info.lsa->remote.addr.in.sin_family == AF_INET); */ |
2343 |
iov.iov_base = BPTR (buf); |
2344 |
iov.iov_len = BLEN (buf); |
2345 |
mesg.msg_iov = &iov; |
2346 |
mesg.msg_iovlen = 1; |
2347 |
switch (sock->info.lsa->remote.addr.sa.sa_family) { |
2348 |
case AF_INET: { |
2349 |
struct openvpn_in_pktinfo opi; |
2350 |
struct in_pktinfo *pkti; |
2351 |
mesg.msg_name = &to->addr.sa; |
2352 |
mesg.msg_namelen = sizeof (struct sockaddr_in); |
2353 |
mesg.msg_control = &opi; |
2354 |
mesg.msg_controllen = sizeof (opi); |
2355 |
mesg.msg_flags = 0; |
2356 |
cmsg = CMSG_FIRSTHDR (&mesg); |
2357 |
cmsg->cmsg_len = sizeof (opi); |
2358 |
cmsg->cmsg_level = SOL_IP; |
2359 |
cmsg->cmsg_type = IP_PKTINFO; |
2360 |
pkti = (struct in_pktinfo *) CMSG_DATA (cmsg); |
2361 |
pkti->ipi_ifindex = to->pi.in.ipi_ifindex; |
2362 |
pkti->ipi_spec_dst = to->pi.in.ipi_spec_dst; |
2363 |
pkti->ipi_addr.s_addr = 0; |
2364 |
break; |
2365 |
} |
2366 |
#ifdef USE_PF_INET6 |
2367 |
case AF_INET6: { |
2368 |
struct openvpn_in6_pktinfo opi6; |
2369 |
struct in6_pktinfo *pkti6; |
2370 |
mesg.msg_name = &to->addr.sa; |
2371 |
mesg.msg_namelen = sizeof (struct sockaddr_in6); |
2372 |
mesg.msg_control = &opi6; |
2373 |
mesg.msg_controllen = sizeof (opi6); |
2374 |
mesg.msg_flags = 0; |
2375 |
cmsg = CMSG_FIRSTHDR (&mesg); |
2376 |
cmsg->cmsg_len = sizeof (opi6); |
2377 |
cmsg->cmsg_level = IPPROTO_IPV6; |
2378 |
cmsg->cmsg_type = IPV6_PKTINFO; |
2379 |
pkti6 = (struct in6_pktinfo *) CMSG_DATA (cmsg); |
2380 |
pkti6->ipi6_ifindex = to->pi.in6.ipi6_ifindex; |
2381 |
pkti6->ipi6_addr = to->pi.in6.ipi6_addr; |
2382 |
break; |
2383 |
} |
2384 |
#endif |
2385 |
default: ASSERT(0); |
2386 |
} |
2387 |
return sendmsg (sock->sd, &mesg, 0); |
2388 |
} |
2389 |
|
2390 |
#endif |
2391 |
|
2392 |
|
1832 |
/* |
2393 |
/* |
1833 |
* Win32 overlapped socket I/O functions. |
2394 |
* Win32 overlapped socket I/O functions. |
1834 |
*/ |
2395 |
*/ |