Attachment #123249 for bug #183457




#!/bin/bash

typeset -i test_num=0 # increments w/each test_define
typeset test_msg	# prefix: "test nr#"  for msgs
typeset test_name	# test name given	
typeset test_sanename	# test name with all whitespace (and alike) replaced by '_'

TEST_CLEANUP=":"

say () {
	echo "$@" >&3
}
err () {
	echo "$@" >&4
}
debug () {
	echo "$@" >&4
}
test_define() {
	test_name="$*"
	test_sanename="$(echo -n $test_name| tr -c '[A-Za-z0-9._]' _ )"
	test_num=test_num+1
	test_msg="test $test_num"
	test_bg_cleanup 
}
test_expect_success () {
	local msg="$1" 
	test $# -ge 2 || { err "usage error: test_expect_failure msg cmd args ..."; return 1; }
	say -n "$test_msg: -- $msg (expecting success) "
	shift
	(eval "$@" 4>&1) && { say -e "\n$test_msg: OK %%% $test_sanename" ;  return 0 ; }
	say -e "\n$test_msg: FAILED %%% $test_sanename" 
	return 1
}

test_expect_failure () {
	local msg="$1" 
	test $# -ge 2 || { err "usage error: test_expect_failure msg cmd args ...";  return 1;}
	say -n "$test_msg: -- $msg (expecting failure) "
	shift
	(eval "$@") && { say -e "\n$test_msg: FAILED %%% $test_sanename" >&3 ;  return 0 ; }
	say -e "\n$test_msg: OK %%% $test_sanename"
	return 1
}

test_bg_egrep() {
	local nsecs="$1"
	local txt="$2"
	local ret
	shift 2
	test_expect_success "$test_name" \
		"set -m ; $@ &> $t/out-$test_sanename &
		s=1;
		for i in \$(seq 1 $nsecs);do 
			say -n '.'
			kill -0 %1 || { egrep failed $t/out-$test_sanename >&4; break; }
			o=\$(egrep \"$txt\" $t/out-$test_sanename ) && { debug \$o; s=0; break; }
			sleep 1;
		done;
		kill %1
		wait
		exit \$s
		" 2>/dev/null 4>$t/err
	ret=$?
	test $ret -eq 0 && return 0
	say "$test_msg: see: $t/out-$test_sanename*" 
	return $ret
}
# run command in *current* shell ignoring stderr, evals args passed
quiet2() {
	#backup fd=2
	exec 250>&2
	exec 2>/dev/null
	eval "$@"
	#close auxfd
	exec 2>&250
	exec 250>&-
}
test_bg_prev(){ local out=$t/out-$test_sanename-prev; $@ >& $out & }
test_bg_cleanup() { quiet2 "$TEST_CLEANUP;${@:-:};kill % 2>/dev/null;wait" ;}
test_set_cleanup () { TEST_CLEANUP="${*:-:}" ;}

t=/tmp
exec 3>&1
exec 4>&2

#=========

ln -sf $PWD/openvpn $t/openvpn-test
export OPENVPN=$t/openvpn-test

test_set_cleanup "killall $OPENVPN"

trap 'test_bg_cleanup;exit' 0 2 15

test_define "UDP6 loopback"
test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp6-0-loopback-self.sh

test_define "UDP6 loopback byname"
test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp6-0-loopback-byname.sh

test_define "TCP6 loopback"
test_bg_prev ../jjo-tests/run-tcp6-0-loopback-server.sh
test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp6-0-loopback-client.sh

test_define "TCP6 loopback byname"
test_bg_prev ../jjo-tests/run-tcp6-0-loopback-server-byname.sh
test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp6-0-loopback-client-byname.sh

test_define "UDP4 loopback"
test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp4-0-loopback-self.sh

test_define "TCP4 loopback"
test_bg_prev ../jjo-tests/run-tcp4-0-loopback-server.sh 
test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp4-0-loopback-client.sh

Line 0 Link Here

(-)a/jjo-tests/qemu-ifup-2.jjo.sh (+12 lines)
	1	#!/bin/sh -x
	2	#sudo sh -c "/sbin/ifconfig $1 hw ether 00:00:00:00:00:01; /sbin/ifconfig $1 192.168.254.1"
	3	export PATH=/sbin:/usr/sbin:$PATH
	4	NUM=2
	5	DEV=qemutun$NUM
	6	sudo sh -x <<EOF
	7	ip li set $1 name $DEV
	8	ip li set $DEV address 00:00:00:00:00:01
	9	ip li set $DEV up
	10	ip ad add 192.168.254.1 dev $DEV
	11	ip ro add 192.168.254.$NUM dev $DEV
	12	EOF

Line 0 Link Here

(-)a/jjo-tests/qemu-ifup-3.jjo.sh (+12 lines)
	1	#!/bin/sh -x
	2	#sudo sh -c "/sbin/ifconfig $1 hw ether 00:00:00:00:00:01; /sbin/ifconfig $1 192.168.254.1"
	3	export PATH=/sbin:/usr/sbin:$PATH
	4	NUM=3
	5	DEV=qemutun$NUM
	6	sudo sh -x <<EOF
	7	ip li set $1 name $DEV
	8	ip li set $DEV address 00:00:00:00:00:01
	9	ip li set $DEV up
	10	ip ad add 192.168.254.1 dev $DEV
	11	ip ro add 192.168.254.$NUM dev $DEV
	12	EOF

Line 0 Link Here

(-)a/jjo-tests/run-afunix-0-loop.sh (+4 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	rm -fv /tmp/o.s
	4	${OPENVPN} --proto unix-dgram --local /tmp/o.s --remote /tmp/o.s --dev tun --ifconfig 1.1.1.1 1.1.1.2 --secret ../openvpn.key $*

Line 0 Link Here

(-)a/jjo-tests/run-afunix-1-o1.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --proto unix-dgram --local /tmp/o1.s --remote /tmp/o2.s --dev tun --ifconfig 1.1.1.1 1.1.1.2 --secret ../openvpn.key $*

Line 0 Link Here

(-)a/jjo-tests/run-afunix-1-o2.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --proto unix-dgram --local /tmp/o2.s --remote /tmp/o1.s --dev tun --ifconfig 1.1.1.2 1.1.1.1 --secret ../openvpn.key $*

Line 0 Link Here

(-)a/jjo-tests/run-oxg-1.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --dev tun --proto udp --remote localhost --lport 5020 --rport 1194 --secret ../openvpn.key --ifconfig 1.1.1.1 1.1.1.2 "$@"

Line 0 Link Here

(-)a/jjo-tests/run-oxg-2.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --dev tun --proto udp --remote localhost --lport 5020 --rport 1194 --secret ../openvpn.key --ifconfig 1.1.1.2 1.1.1.1 "$@"

Line 0 Link Here

(-)a/jjo-tests/run-tcp4-0-loopback-client.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --dev null --proto tcp-client --remote localhost --rport 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-tcp4-0-loopback-server.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --dev null --proto tcp-server --remote localhost --lport 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-tcp6-0-loopback-client-byname.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --dev null --proto tcp6-client --remote ip6-localhost --rport 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-tcp6-0-loopback-client.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --dev null --proto tcp6-client --remote ::1 --rport 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-tcp6-0-loopback-server-byname.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --dev null --proto tcp6-server --local ip6-localhost --lport 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-tcp6-0-loopback-server.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${OPENVPN} --dev null --proto tcp6-server --local :: --lport 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-udp4-0-loopback-self.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${GDB} ${OPENVPN} --dev null --proto udp --remote localhost --port 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-udp4-1-qemu-guest.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${GDB} ${OPENVPN} --dev tun --proto udp --remote 10.0.2.2 --port 5011 --secret ../openvpn.key --ifconfig 1.1.1.253 1.1.1.1

Line 0 Link Here

(-)a/jjo-tests/run-udp4-1-qemu-host.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${GDB} ${OPENVPN} --dev tun --proto udp --float --port 5011 --secret ../openvpn.key --ifconfig 1.1.1.1 1.1.1.253

Line 0 Link Here

(-)a/jjo-tests/run-udp4-2-MH.sh (+4 lines)
	1	#!/bin/sh -x
	2	#pass --local ADDR --remote ADDR
	3	: ${OPENVPN:=./openvpn}
	4	${GDB} ${OPENVPN} --dev tun --proto udp --port 5011 --secret ../openvpn.key --ifconfig-noexec "$@"

Line 0 Link Here

(-)a/jjo-tests/run-udp6-0-loopback-byname.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${GDB} ${OPENVPN} --dev null --proto udp6 --remote ip6-localhost --port 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-udp6-0-loopback-self.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${GDB} ${OPENVPN} --dev null --proto udp6 --remote ::1 --port 5011 --secret ../openvpn.key "$@"

Line 0 Link Here

(-)a/jjo-tests/run-udp6-1-carpediem.sh (+4 lines)
	1	#!/bin/sh -x
	2	REM6="fe80::2e0:7dff:fee3:ef17"
	3	: ${OPENVPN:=./openvpn}
	4	${GDB} ${OPENVPN} --dev tun --proto udp6 --remote "$REM6" --port 5010 --secret ../openvpn.key --ifconfig 1.1.1.253 1.1.1.1

Line 0 Link Here

(-)a/jjo-tests/run-udp6-1-cx.sh (+3 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	${GDB} ${OPENVPN} --verb 5 --dev tun --proto udp6 --port 5010 --secret /home/jjo/src/juanjo/openvpn/openvpn.key --float --ifconfig 1.1.1.1 1.1.1.253

Line 0 Link Here

(-)a/jjo-tests/run-udp6-2-qemu-guest.sh (+8 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	case "$1" in
	4	--freebsd) shift;set -- ed0 "$@";;
	5	--openbsd) shift;set -- ne3 --dev tun0 "$@";;
	6	esac
	7	DEV=${1:?missing devname};shift
	8	${GDB} ${OPENVPN} --dev tun --proto udp6 --remote fe80::200:ff:fe00:1%$DEV --port 5010 --secret ../openvpn.key "$@" --ifconfig 1.1.1.253 1.1.1.1

Line 0 Link Here

(-)a/jjo-tests/run-udp6-2-qemu-host.sh (+4 lines)
	1	#!/bin/sh -x
	2	: ${OPENVPN:=./openvpn}
	3	DEV=${1:?missing devname};shift
	4	${GDB} ${OPENVPN} --dev tun --proto udp6 --remote fe80::5054:ff:fe12:3456%$DEV --port 5010 --secret ../openvpn.key --ifconfig 1.1.1.1 1.1.1.253 "$@"




    }
}

void buf_puts(struct buffer *buf, const char *str)
{
  uint8_t *ptr = BEND (buf);
  int cap = buf_forward_capacity (buf);
  if (cap > 0)
    {
      strncpynt ((char *)ptr,str, cap);
      *(buf->data + buf->capacity - 1) = 0; /* windows vsnprintf needs this */
      buf->len += (int) strlen ((char *)ptr);
    }
}
 

/*
 * This is necessary due to certain buggy implementations of snprintf,
 * that don't guarantee null termination for size > 0.

Lines 101-106 AC_ARG_ENABLE(multihome, Link Here

(-)a/openvpn/configure.ac (+16 lines)
101	[MULTIHOME="yes"]	101	[MULTIHOME="yes"]
102	)	102	)
103		103
		104	AC_ARG_ENABLE(ipv6,
		105	[ --disable-ipv6 Disable UDP/IPv6 support],
		106	[PF_INET6="$enableval"],
		107	[PF_INET6="yes"]
		108	)
		109
104	AC_ARG_ENABLE(port-share,	110	AC_ARG_ENABLE(port-share,
105	[ --disable-port-share Disable TCP server port-share support (--port-share)],	111	[ --disable-port-share Disable TCP server port-share support (--port-share)],
106	[PORT_SHARE="$enableval"],	112	[PORT_SHARE="$enableval"],
Lines 406-411 LDFLAGS="$LDFLAGS -Wl,--fatal-warnings" Link Here
406	AC_CHECK_FUNCS(epoll_create, AC_DEFINE([HAVE_EPOLL_CREATE], 1, []))	412	AC_CHECK_FUNCS(epoll_create, AC_DEFINE([HAVE_EPOLL_CREATE], 1, []))
407	LDFLAGS="$OLDLDFLAGS"	413	LDFLAGS="$OLDLDFLAGS"
408		414
		415	dnl ipv6 support
		416	if test "$PF_INET6" = "yes"; then
		417	AC_CHECKING([for struct sockaddr_in6 for IPv6 support])
		418	AC_CHECK_TYPE(
		419	[struct sockaddr_in6],
		420	[AC_DEFINE(USE_PF_INET6, 1, [struct sockaddr_in6 is needed for IPv6 peer support])],
		421	[],
		422	[#include "syshead.h"])
		423	fi
		424
409	dnl	425	dnl
410	dnl check for valgrind tool	426	dnl check for valgrind tool
411	dnl	427	dnl

Lines 358-363 #endif /* P2MP_SERVER */ Link Here

(-)a/openvpn/helper.c (+4 lines)
358		358
359	if (o->proto == PROTO_TCPv4)	359	if (o->proto == PROTO_TCPv4)
360	o->proto = PROTO_TCPv4_CLIENT;	360	o->proto = PROTO_TCPv4_CLIENT;
		361	#ifdef USE_PF_INET6
		362	else if (o->proto == PROTO_TCPv6)
		363	o->proto = PROTO_TCPv6_CLIENT;
		364	#endif
361	}	365	}
362		366
363	#endif /* P2MP */	367	#endif /* P2MP */

Lines 703-709 #ifdef ENABLE_MANAGEMENT Link Here

(-)a/openvpn/init.c (-15 / +18 lines)
703	const char *detail = "SUCCESS";	703	const char *detail = "SUCCESS";
704	if (c->c1.tuntap)	704	if (c->c1.tuntap)
705	tun_local = c->c1.tuntap->local;	705	tun_local = c->c1.tuntap->local;
706	tun_remote = htonl (c->c1.link_socket_addr.actual.dest.sa.sin_addr.s_addr);	706	tun_remote = htonl (c->c1.link_socket_addr.actual.dest.addr.in4.sin_addr.s_addr);
707	if (flags & ISC_ERRORS)	707	if (flags & ISC_ERRORS)
708	detail = "ERROR";	708	detail = "ERROR";
709	management_set_state (management,	709	management_set_state (management,
Lines 1105-1111 do_deferred_options (struct context *c, Link Here
1105	#ifdef ENABLE_OCC	1105	#ifdef ENABLE_OCC
1106	if (found & OPT_P_EXPLICIT_NOTIFY)	1106	if (found & OPT_P_EXPLICIT_NOTIFY)
1107	{	1107	{
1108	if (c->options.proto != PROTO_UDPv4 && c->options.explicit_exit_notification)	1108	if (!proto_is_udp(c->options.proto) && c->options.explicit_exit_notification)
1109	{	1109	{
1110	msg (D_PUSH, "OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp");	1110	msg (D_PUSH, "OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp");
1111	c->options.explicit_exit_notification = 0;	1111	c->options.explicit_exit_notification = 0;
Lines 1200-1211 #endif Link Here
1200	switch (c->options.proto)	1200	switch (c->options.proto)
1201	{	1201	{
1202	case PROTO_UDPv4:	1202	case PROTO_UDPv4:
		1203	#ifdef USE_PF_INET6
		1204	case PROTO_UDPv6:
		1205	#endif
1203	if (proxy)	1206	if (proxy)
1204	sec = c->options.connect_retry_seconds;	1207	sec = c->options.connect_retry_seconds;
1205	break;	1208	break;
		1209	#ifdef USE_PF_INET6
		1210	case PROTO_TCPv6_SERVER:
		1211	#endif
1206	case PROTO_TCPv4_SERVER:	1212	case PROTO_TCPv4_SERVER:
1207	sec = 1;	1213	sec = 1;
1208	break;	1214	break;
		1215	#ifdef USE_PF_INET6
		1216	case PROTO_TCPv6_CLIENT:
		1217	#endif
1209	case PROTO_TCPv4_CLIENT:	1218	case PROTO_TCPv4_CLIENT:
1210	sec = c->options.connect_retry_seconds;	1219	sec = c->options.connect_retry_seconds;
1211	break;	1220	break;
Lines 2292-2298 do_setup_fast_io (struct context *c) Link Here
2292	#ifdef WIN32	2301	#ifdef WIN32
2293	msg (M_INFO, "NOTE: --fast-io is disabled since we are running on Windows");	2302	msg (M_INFO, "NOTE: --fast-io is disabled since we are running on Windows");
2294	#else	2303	#else
2295	if (c->options.proto != PROTO_UDPv4)	2304	if (!proto_is_udp(c->options.proto))
2296	msg (M_INFO, "NOTE: --fast-io is disabled since we are not using UDP");	2305	msg (M_INFO, "NOTE: --fast-io is disabled since we are not using UDP");
2297	else	2306	else
2298	{	2307	{
Lines 2549-2555 init_instance (struct context *c, const Link Here
2549	/* link_socket_mode allows CM_CHILD_TCP	2558	/* link_socket_mode allows CM_CHILD_TCP
2550	instances to inherit acceptable fds	2559	instances to inherit acceptable fds
2551	from a top-level parent */	2560	from a top-level parent */
		2561	#ifdef USE_PF_INET6
		2562	if (c->options.proto == PROTO_TCPv4_SERVER \|\| c->options.proto == PROTO_TCPv6_SERVER)
		2563	#else
2552	if (c->options.proto == PROTO_TCPv4_SERVER)	2564	if (c->options.proto == PROTO_TCPv4_SERVER)
		2565	#endif
2553	{	2566	{
2554	if (c->mode == CM_TOP)	2567	if (c->mode == CM_TOP)
2555	link_socket_mode = LS_MODE_TCP_LISTEN;	2568	link_socket_mode = LS_MODE_TCP_LISTEN;
Lines 2809-2825 inherit_context_child (struct context *d Link Here
2809	{	2822	{
2810	CLEAR (*dest);	2823	CLEAR (*dest);
2811		2824
2812	switch (src->options.proto)	2825	dest->mode = proto_is_dgram(src->options.proto)? CM_CHILD_UDP : CM_CHILD_TCP;
2813	{
2814	case PROTO_UDPv4:
2815	dest->mode = CM_CHILD_UDP;
2816	break;
2817	case PROTO_TCPv4_SERVER:
2818	dest->mode = CM_CHILD_TCP;
2819	break;
2820	default:
2821	ASSERT (0);
2822	}
2823		2826
2824	dest->gc = gc_new ();	2827	dest->gc = gc_new ();
2825		2828
Lines 2924-2930 #endif Link Here
2924	dest->c2.buffers_owned = false;	2927	dest->c2.buffers_owned = false;
2925		2928
2926	dest->c2.event_set = NULL;	2929	dest->c2.event_set = NULL;
2927	if (src->options.proto == PROTO_UDPv4)	2930	if (proto_is_dgram(src->options.proto))
2928	do_event_set_init (dest, false);	2931	do_event_set_init (dest, false);
2929	}	2932	}
2930		2933




      /*
       * Initialize socket address
       */
      ms->local.addr.in4.sin_family = AF_INET;
      ms->local.addr.in4.sin_addr.s_addr = 0;
      ms->local.addr.in4.sin_port = htons (port);

      /*
       * Run management over tunnel, or

	}
      else
	{
	  ms->local.addr.in4.sin_addr.s_addr = getaddr
	    (GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL, addr, 0, NULL, NULL);
	}
      

      && man->connection.state == MS_INITIAL)
    {
      /* listen on our local TUN/TAP IP address */
      man->settings.local.addr.in4.sin_addr.s_addr = htonl (tun_local_ip);
      man_connection_init (man);
    }





				      const struct openvpn_sockaddr *osaddr,
				      bool use_port)
{
  switch (osaddr->addr.sa.sa_family) 
  {
    case AF_INET:
    {
      if (use_port)
	{
	  addr->type = MR_ADDR_IPV4 | MR_WITH_PORT;
	  addr->netbits = 0;
	  addr->len = 6;
	  memcpy (addr->addr, &osaddr->addr.in4.sin_addr.s_addr, 4);
	  memcpy (addr->addr + 4, &osaddr->addr.in4.sin_port, 2);
	}
      else
	{
	  addr->type = MR_ADDR_IPV4;
	  addr->netbits = 0;
	  addr->len = 4;
	  memcpy (addr->addr, &osaddr->addr.in4.sin_addr.s_addr, 4);
	}
      return true;
    }
#ifdef USE_PF_INET6
    case AF_INET6:
      if (use_port)
	{
	  addr->type = MR_ADDR_IPV6 | MR_WITH_PORT;
	  addr->netbits = 0;
	  addr->len = 18;
	  memcpy (addr->addr, &osaddr->addr.in6.sin6_addr, 16);
	  memcpy (addr->addr + 16, &osaddr->addr.in6.sin6_port, 2);
	}
      else
	{
	  addr->type = MR_ADDR_IPV6;
	  addr->netbits = 0;
	  addr->len = 16;
	  memcpy (addr->addr, &osaddr->addr.in6.sin6_addr, 16);
	}
      return true;
#endif
  }
  return false;
}


	  }
	  break;
	case MR_ADDR_IPV6:
#ifdef USE_PF_INET6
          {
	    struct buffer buf;
	    struct sockaddr_in6 sin6;
	    int port;
	    char buf6[INET6_ADDRSTRLEN] = "";
	    memset(&sin6, 0, sizeof sin6);
	    sin6.sin6_family = AF_INET6;
	    buf_set_read (&buf, maddr.addr, maddr.len);
            if (buf_read(&buf, &sin6.sin6_addr, sizeof (sin6.sin6_addr)))
            {
              if (getnameinfo((struct sockaddr *)&sin6, sizeof (struct sockaddr_in6),
                                      buf6, sizeof (buf6), NULL, 0, NI_NUMERICHOST) != 0)
                {
                  buf_printf (&out, "MR_ADDR_IPV6 getnameinfo() err");
                  break;
		}
              buf_puts (&out, buf6);
	      if (maddr.type & MR_WITH_NETBITS)
	        buf_printf (&out, "/%d", maddr.netbits);
              if (maddr.type & MR_WITH_PORT)
                {
                  port = buf_read_u16 (&buf);
                  if (port >= 0)
                    buf_printf (&out, ":%d", port);
                }
	    }
          }
#else /* old pre IPV6 1-line code: */
	  buf_printf (&out, "IPV6"); 
#endif
	  break;
	default:
	  buf_printf (&out, "UNKNOWN"); 

Lines 159-164 multi_tcp_instance_specific_init (struct Link Here

(-)a/openvpn/mtcp.c (+1 lines)
159	ASSERT (mi->context.c2.link_socket);	159	ASSERT (mi->context.c2.link_socket);
160	ASSERT (mi->context.c2.link_socket->info.lsa);	160	ASSERT (mi->context.c2.link_socket->info.lsa);
161	ASSERT (mi->context.c2.link_socket->mode == LS_MODE_TCP_ACCEPT_FROM);	161	ASSERT (mi->context.c2.link_socket->mode == LS_MODE_TCP_ACCEPT_FROM);
		162	ASSERT (mi->context.c2.link_socket->info.lsa->actual.dest.addr.sa.sa_family == AF_INET);
162	if (!mroute_extract_openvpn_sockaddr (&mi->real, &mi->context.c2.link_socket->info.lsa->actual.dest, true))	163	if (!mroute_extract_openvpn_sockaddr (&mi->real, &mi->context.c2.link_socket->info.lsa->actual.dest, true))
163	{	164	{
164	msg (D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined");	165	msg (D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined");




  struct mroute_addr addr;

  CLEAR (remote_si);
  remote_si.addr.in4.sin_family = AF_INET;
  remote_si.addr.in4.sin_addr.s_addr = htonl (a);
  ASSERT (mroute_extract_openvpn_sockaddr (&addr, &remote_si, false));

  if (netbits >= 0)

  int count = 0;

  CLEAR (saddr);
  saddr.addr.in4.sin_family = AF_INET;
  saddr.addr.in4.sin_addr.s_addr = htonl (addr);
  saddr.addr.in4.sin_port = htons (port);
  if (mroute_extract_openvpn_sockaddr (&maddr, &saddr, true))
    {
      hash_iterator_init (m->iter, &hi, true);

{
  ASSERT (top->options.mode == MODE_SERVER);

  if (proto_is_dgram(top->options.proto))
    tunnel_server_udp(top);
  else
    tunnel_server_tcp(top);
  case PROTO_TCPv4_SERVER:
    tunnel_server_tcp (top);
    break;
  default:
    ASSERT (0);
  }
}


#else
static void dummy(void) {}
#endif /* P2MP_SERVER */

Lines 375-381 process_received_occ_msg (struct context Link Here

(-)a/openvpn/occ.c (-1 / +1 lines)
375	c->c2.max_send_size_remote,	375	c->c2.max_send_size_remote,
376	c->c2.max_recv_size_local);	376	c->c2.max_recv_size_local);
377	if (!c->options.fragment	377	if (!c->options.fragment
378	&& c->options.proto == PROTO_UDPv4	378	&& (proto_is_dgram(c->options.proto))
379	&& c->c2.max_send_size_local > TUN_MTU_MIN	379	&& c->c2.max_send_size_local > TUN_MTU_MIN
380	&& (c->c2.max_recv_size_remote < c->c2.max_send_size_local	380	&& (c->c2.max_recv_size_remote < c->c2.max_send_size_local
381	\|\| c->c2.max_recv_size_local < c->c2.max_send_size_remote))	381	\|\| c->c2.max_recv_size_local < c->c2.max_send_size_remote))

Lines 73-78 #endif Link Here

(-)a/openvpn/options.c (-15 / +26 lines)
73	#ifdef USE_PTHREAD	73	#ifdef USE_PTHREAD
74	" [PTHREAD]"	74	" [PTHREAD]"
75	#endif	75	#endif
		76	#ifdef ENABLE_IP_PKTINFO
		77	" [MH]"
		78	#endif
		79	#ifdef USE_PF_INET6
		80	" [PF_INET6]"
		81	#endif
76	" built on " __DATE__	82	" built on " __DATE__
77	;	83	;
78		84
Lines 93-98 static const char usage_message[] = Link Here
93	"--mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'.\n"	99	"--mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'.\n"
94	"--proto p : Use protocol p for communicating with peer.\n"	100	"--proto p : Use protocol p for communicating with peer.\n"
95	" p = udp (default), tcp-server, or tcp-client\n"	101	" p = udp (default), tcp-server, or tcp-client\n"
		102	#ifdef USE_PF_INET6
		103	" p = udp6, tcp6-server, or tcp6-client (IPv6)\n"
		104	#endif
96	"--connect-retry n : For --proto tcp-client, number of seconds to wait\n"	105	"--connect-retry n : For --proto tcp-client, number of seconds to wait\n"
97	" between connection retries (default=%d).\n"	106	" between connection retries (default=%d).\n"
98	"--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n"	107	"--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n"
Lines 1421-1430 #endif Link Here
1421	* Sanity check on TCP mode options	1430	* Sanity check on TCP mode options
1422	*/	1431	*/
1423		1432
1424	if (options->connect_retry_defined && options->proto != PROTO_TCPv4_CLIENT)	1433	if (options->connect_retry_defined && options->proto != PROTO_TCPv4_CLIENT && options->proto != PROTO_TCPv6_CLIENT)
1425	msg (M_USAGE, "--connect-retry doesn't make sense unless also used with --proto tcp-client");	1434	msg (M_USAGE, "--connect-retry doesn't make sense unless also used with --proto tcp-client");
1426		1435
1427	if (options->connect_timeout_defined && options->proto != PROTO_TCPv4_CLIENT)	1436	if (options->connect_timeout_defined && options->proto != PROTO_TCPv4_CLIENT && options->proto != PROTO_TCPv6_CLIENT)
1428	msg (M_USAGE, "--connect-timeout doesn't make sense unless also used with --proto tcp-client");	1437	msg (M_USAGE, "--connect-timeout doesn't make sense unless also used with --proto tcp-client");
1429		1438
1430	/*	1439	/*
Lines 1434-1440 #endif Link Here
1434	msg (M_USAGE, "only one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT);	1443	msg (M_USAGE, "only one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT);
1435		1444
1436	#ifdef ENABLE_OCC	1445	#ifdef ENABLE_OCC
1437	if (options->proto != PROTO_UDPv4 && options->mtu_test)	1446	if (!proto_is_udp(options->proto) && options->mtu_test)
1438	msg (M_USAGE, "--mtu-test only makes sense with --proto udp");	1447	msg (M_USAGE, "--mtu-test only makes sense with --proto udp");
1439	#endif	1448	#endif
1440		1449
Lines 1479-1485 #endif Link Here
1479	const char *remote = l->array[i].hostname;	1488	const char *remote = l->array[i].hostname;
1480	const int remote_port = l->array[i].port;	1489	const int remote_port = l->array[i].port;
1481		1490
1482	if (string_defined_equal (options->local, remote)	1491	if (proto_is_net(options->proto)
		1492	&& string_defined_equal (options->local, remote)
1483	&& options->local_port == remote_port)	1493	&& options->local_port == remote_port)
1484	msg (M_USAGE, "--remote and --local addresses are the same");	1494	msg (M_USAGE, "--remote and --local addresses are the same");
1485		1495
Lines 1508-1514 #endif Link Here
1508	if (!options->remote_list && !options->bind_local)	1518	if (!options->remote_list && !options->bind_local)
1509	msg (M_USAGE, "--nobind doesn't make sense unless used with --remote");	1519	msg (M_USAGE, "--nobind doesn't make sense unless used with --remote");
1510		1520
1511	if (options->proto == PROTO_TCPv4_CLIENT && !options->local && !options->local_port_defined && !options->bind_defined)	1521	if ((options->proto == PROTO_TCPv4_CLIENT\|\|options->proto == PROTO_TCPv6_CLIENT) && !options->local && !options->local_port_defined && !options->bind_defined)
1512	options->bind_local = false;	1522	options->bind_local = false;
1513		1523
1514	#ifdef ENABLE_SOCKS	1524	#ifdef ENABLE_SOCKS
Lines 1565-1580 #endif Link Here
1565	*/	1575	*/
1566		1576
1567	#ifdef ENABLE_FRAGMENT	1577	#ifdef ENABLE_FRAGMENT
1568	if (options->proto != PROTO_UDPv4 && options->fragment)	1578	if (!proto_is_udp(options->proto) && options->fragment)
1569	msg (M_USAGE, "--fragment can only be used with --proto udp");	1579	msg (M_USAGE, "--fragment can only be used with --proto udp");
1570	#endif	1580	#endif
1571		1581
1572	#ifdef ENABLE_OCC	1582	#ifdef ENABLE_OCC
1573	if (options->proto != PROTO_UDPv4 && options->explicit_exit_notification)	1583	if (!proto_is_udp(options->proto) && options->explicit_exit_notification)
1574	msg (M_USAGE, "--explicit-exit-notify can only be used with --proto udp");	1584	msg (M_USAGE, "--explicit-exit-notify can only be used with --proto udp");
1575	#endif	1585	#endif
1576		1586
1577	if (!options->remote_list && options->proto == PROTO_TCPv4_CLIENT)	1587	if (!options->remote_list && (options->proto == PROTO_TCPv4_CLIENT\|\|options->proto == PROTO_TCPv6_CLIENT))
1578	msg (M_USAGE, "--remote MUST be used in TCP Client mode");	1588	msg (M_USAGE, "--remote MUST be used in TCP Client mode");
1579		1589
1580	#ifdef ENABLE_HTTP_PROXY	1590	#ifdef ENABLE_HTTP_PROXY
Lines 1592-1598 #ifdef ENABLE_SOCKS Link Here
1592	msg (M_USAGE, "--socks-proxy can not be used in TCP Server mode");	1602	msg (M_USAGE, "--socks-proxy can not be used in TCP Server mode");
1593	#endif	1603	#endif
1594		1604
1595	if (options->proto == PROTO_TCPv4_SERVER && remote_list_len (options->remote_list) > 1)	1605	if ((options->proto == PROTO_TCPv4_SERVER\|\|options->proto == PROTO_TCPv6_SERVER)
		1606	&& remote_list_len (options->remote_list) > 1)
1596	msg (M_USAGE, "TCP server mode allows at most one --remote address");	1607	msg (M_USAGE, "TCP server mode allows at most one --remote address");
1597		1608
1598	#if P2MP_SERVER	1609	#if P2MP_SERVER
Lines 1617-1623 #endif Link Here
1617	msg (M_USAGE, "--mode server only works with --dev tun or --dev tap");	1628	msg (M_USAGE, "--mode server only works with --dev tun or --dev tap");
1618	if (options->pull)	1629	if (options->pull)
1619	msg (M_USAGE, "--pull cannot be used with --mode server");	1630	msg (M_USAGE, "--pull cannot be used with --mode server");
1620	if (!(options->proto == PROTO_UDPv4 \|\| options->proto == PROTO_TCPv4_SERVER))	1631	if (!(proto_is_udp(options->proto) \|\| options->proto == PROTO_TCPv4_SERVER \|\| options->proto == PROTO_TCPv6_SERVER))
1621	msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server");	1632	msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server");
1622	#if PORT_SHARE	1633	#if PORT_SHARE
1623	if ((options->port_share_host \|\| options->port_share_port) && options->proto != PROTO_TCPv4_SERVER)	1634	if ((options->port_share_host \|\| options->port_share_port) && options->proto != PROTO_TCPv4_SERVER)
Lines 1645-1653 #endif Link Here
1645	msg (M_USAGE, "--inetd cannot be used with --mode server");	1656	msg (M_USAGE, "--inetd cannot be used with --mode server");
1646	if (options->ipchange)	1657	if (options->ipchange)
1647	msg (M_USAGE, "--ipchange cannot be used with --mode server (use --client-connect instead)");	1658	msg (M_USAGE, "--ipchange cannot be used with --mode server (use --client-connect instead)");
1648	if (!(options->proto == PROTO_UDPv4 \|\| options->proto == PROTO_TCPv4_SERVER))	1659	if (!(proto_is_dgram(options->proto) \|\| options->proto == PROTO_TCPv4_SERVER \|\| options->proto == PROTO_TCPv6_SERVER ))
1649	msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server");	1660	msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server (also udp6/tcp6)");
1650	if (options->proto != PROTO_UDPv4 && (options->cf_max \|\| options->cf_per))	1661	if (!proto_is_udp(options->proto) && (options->cf_max \|\| options->cf_per))
1651	msg (M_USAGE, "--connect-freq only works with --mode server --proto udp. Try --max-clients instead.");	1662	msg (M_USAGE, "--connect-freq only works with --mode server --proto udp. Try --max-clients instead.");
1652	if (!(dev == DEV_TYPE_TAP \|\| (dev == DEV_TYPE_TUN && options->topology == TOP_SUBNET)) && options->ifconfig_pool_netmask)	1663	if (!(dev == DEV_TYPE_TAP \|\| (dev == DEV_TYPE_TUN && options->topology == TOP_SUBNET)) && options->ifconfig_pool_netmask)
1653	msg (M_USAGE, "The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode");	1664	msg (M_USAGE, "The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode");
Lines 1724-1730 #ifdef USE_CRYPTO Link Here
1724	/*	1735	/*
1725	* Check consistency of replay options	1736	* Check consistency of replay options
1726	*/	1737	*/
1727	if ((options->proto != PROTO_UDPv4)	1738	if ((!proto_is_udp(options->proto))
1728	&& (options->replay_window != defaults.replay_window	1739	&& (options->replay_window != defaults.replay_window
1729	\|\| options->replay_time != defaults.replay_time))	1740	\|\| options->replay_time != defaults.replay_time))
1730	msg (M_USAGE, "--replay-window only makes sense with --proto udp");	1741	msg (M_USAGE, "--replay-window only makes sense with --proto udp");
Lines 1913-1919 #if P2MP Link Here
1913	*/	1924	*/
1914	if (options->pull	1925	if (options->pull
1915	&& options->ping_rec_timeout_action == PING_UNDEF	1926	&& options->ping_rec_timeout_action == PING_UNDEF
1916	&& options->proto == PROTO_UDPv4)	1927	&& proto_is_udp(options->proto))
1917	{	1928	{
1918	options->ping_rec_timeout = PRE_PULL_INITIAL_PING_RESTART;	1929	options->ping_rec_timeout = PRE_PULL_INITIAL_PING_RESTART;
1919	options->ping_rec_timeout_action = PING_RESTART;	1930	options->ping_rec_timeout_action = PING_RESTART;

Lines 337-345 sock_addr_set (struct openvpn_sockaddr * Link Here

(-)a/openvpn/ps.c (-3 / +3 lines)
337	const int port)	337	const int port)
338	{	338	{
339	CLEAR (*osaddr);	339	CLEAR (*osaddr);
340	osaddr->sa.sin_family = AF_INET;	340	osaddr->addr.in4.sin_family = AF_INET;
341	osaddr->sa.sin_addr.s_addr = htonl (addr);	341	osaddr->addr.in4.sin_addr.s_addr = htonl (addr);
342	osaddr->sa.sin_port = htons (port);	342	osaddr->addr.in4.sin_port = htons (port);
343	}	343	}
344		344
345	static inline void	345	static inline void




#include "memdbg.h"

const int proto_overhead[] = { /* indexed by PROTO_x */
  0,
  IPv4_UDP_HEADER_SIZE, /* IPv4 */
  IPv4_TCP_HEADER_SIZE,
  IPv4_TCP_HEADER_SIZE,
#ifdef USE_PF_INET6
  IPv6_UDP_HEADER_SIZE, /* IPv6 */
  IPv6_TCP_HEADER_SIZE,
  IPv6_TCP_HEADER_SIZE,
  IPv6_TCP_HEADER_SIZE,
#endif
};

/*

	       struct openvpn_sockaddr *addr,
	       bool *changed)
{
  switch(addr->addr.sa.sa_family) {
    case AF_INET:
      if (host && addr)
      {
	const in_addr_t new_addr = getaddr (
	    GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE,
	    host,
	    1,
	    NULL,
	    NULL);
	if (new_addr && addr->addr.in4.sin_addr.s_addr != new_addr)
	{
	  addr->addr.in4.sin_addr.s_addr = new_addr;
	  *changed = true;
	}
      }
      break;
#ifdef USE_PF_INET6
    case AF_INET6: /* jjoFIXME: should adapt getaddr() for AF_INET6 */
      if (host && addr)
      {
	struct addrinfo hints , *ai;
	int err;
	memset(&hints, 0, sizeof hints);
	hints.ai_flags=AI_PASSIVE;
	hints.ai_family=AF_INET6;
	if ((err=getaddrinfo(host, NULL, &hints, &ai))==0)
	{
	  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)ai->ai_addr;
	  if (IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &addr->addr.in6.sin6_addr))
	  {
	    int port=addr->addr.in6.sin6_port; /* backup current port for easier copy, restore later */
	    addr->addr.in6=*sin6; /* ipv6 requires also eg. sin6_scope_id => easy to full copy*/
	    addr->addr.in6.sin6_port=port;
	  }
	  freeaddrinfo(ai);
	}
      }
      break;
#endif
    default:
    	ASSERT(0);
  }
}

static int

  return sd;
}

#ifdef USE_PF_INET6
static socket_descriptor_t
create_socket_udp6 (const unsigned int flags)
{
  socket_descriptor_t sd;

  if ((sd = socket (PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0)
    msg (M_SOCKERR, "UDP: Cannot create UDP6 socket");
#if ENABLE_IP_PKTINFO
  else if (flags & SF_USE_IP_PKTINFO)
    {
      int pad = 1;
      setsockopt (sd, IPPROTO_IPV6, IPV6_PKTINFO, (void*)&pad, sizeof(pad));
    }
#endif
  return sd;
}

static socket_descriptor_t
create_socket_tcp6 (void)
{
  socket_descriptor_t sd;

  if ((sd = socket (PF_INET6, SOCK_STREAM, IPPROTO_TCP)) < 0)
    msg (M_SOCKERR, "Cannot create TCP6 socket");

  /* set SO_REUSEADDR on socket */
  {
    int on = 1;
    if (setsockopt (sd, SOL_SOCKET, SO_REUSEADDR,
		    (void *) &on, sizeof (on)) < 0)
      msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket");
  }

  return sd;
}

#endif
static void
create_socket (struct link_socket *sock)
{

    {
      sock->sd = create_socket_tcp ();
    }
#ifdef USE_PF_INET6
  else if (sock->info.proto == PROTO_TCPv6_SERVER
	   || sock->info.proto == PROTO_TCPv6_CLIENT)
    {
      sock->sd = create_socket_tcp6 ();
    }
  else if (sock->info.proto == PROTO_UDPv6)
    {
      sock->sd = create_socket_udp6 (sock->sockflags);
    }
#endif
  else
    {
      ASSERT (0);

		  struct link_socket_actual *act,
		  const bool nowait)
{
  /* af_addr_size WILL return 0 in this case if AFs other than AF_INET
   * are compiled because act is empty here.
   * could use getsockname() to support later remote_len check
   */
  socklen_t remote_len_af = af_addr_size(act->dest.addr.sa.sa_family);
  socklen_t remote_len = sizeof(act->dest.addr);
  socket_descriptor_t new_sd = SOCKET_UNDEFINED;

  CLEAR (*act);

#ifdef HAVE_GETPEERNAME
  if (nowait)
    {
      new_sd = getpeername (sd, &act->dest.addr.sa, &remote_len);

      if (!socket_defined (new_sd))
	msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed");

#endif
  else
    {
      new_sd = accept (sd, &act->dest.addr.sa, &remote_len);
    }

#if 0 /* For debugging only, test the effect of accept() failures */

    {
      msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd);
    }
  /* only valid if we have remote_len_af!=0 */
  else if (remote_len_af && remote_len != remote_len_af)
    {
      msg (D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len);
      openvpn_close_socket (new_sd);

{
  struct gc_arena gc = gc_new ();

  if (bind (sd, &local->addr.sa, af_addr_size(local->addr.sa.sa_family)))
    {
      const int errnum = openvpn_errno_socket ();
      msg (M_FATAL, "%s: Socket bind failed on local address %s: %s",


#ifdef CONNECT_NONBLOCK
  set_nonblock (sd);
  status = connect (sd, &remote->addr.sa, af_addr_size(remote->addr.sa.sa_family));
  if (status)
    status = openvpn_errno_socket ();
  if (status == EINPROGRESS)


#ifdef CONNECT_NONBLOCK
  msg (M_INFO, "Attempting to establish TCP connection with %s [nonblock]", 
      print_sockaddr (remote, &gc));
#else
  msg (M_INFO, "Attempting to establish TCP connection with %s", 
      print_sockaddr (remote, &gc));
#endif

  while (true)
  {
    int status;

#ifdef ENABLE_MANAGEMENT
    if (management)
      management_set_state (management,
	  OPENVPN_STATE_TCP_CONNECT,
	  NULL,
	  (in_addr_t)0,
	  (in_addr_t)0);
#endif

    status = openvpn_connect (*sd, remote, connect_timeout, signal_received);

    get_signal (signal_received);
    if (*signal_received)
      goto done;

    if (!status)
      break;

    msg (D_LINK_ERRORS,
	"TCP: connect to %s failed, will try again in %d seconds: %s",
	print_sockaddr (remote, &gc),
	connect_retry_seconds,
	strerror_ts (status, &gc));

    openvpn_close_socket (*sd);
    *sd = SOCKET_UNDEFINED;

    if (connect_retry_max > 0 && ++retry >= connect_retry_max)
    {
      *signal_received = SIGUSR1;
      goto done;
    }

    openvpn_sleep (connect_retry_seconds);

    get_signal (signal_received);
    if (*signal_received)
      goto done;

    switch(remote->addr.sa.sa_family) {
      case AF_INET:
	if (remote_list)
	{
	  remote_list_next (remote_list);
	  remote_dynamic = remote_list_host (remote_list);
	  remote->addr.in4.sin_port = htons (remote_list_port (remote_list));
	  *remote_changed = true;
	}

	*sd = create_socket_tcp ();
	if (bind_local)
	  socket_bind (*sd, local, "TCP Client");
	update_remote (remote_dynamic, remote, remote_changed);
	break;
#ifdef USE_PF_INET6
      case AF_INET6: 
	if (remote_list)
	{
	  remote_list_next (remote_list);
	  remote_dynamic = remote_list_host (remote_list);
	  remote->addr.in6.sin6_port = htons (remote_list_port (remote_list));
	  *remote_changed = true;
	}
	*sd = create_socket_tcp6 ();
	if (bind_local)
	  socket_bind (*sd, local, "TCP6 Client");
	update_remote (remote_dynamic, remote, remote_changed);
	break;
#endif
      default:
	msg(M_FATAL, "Only TCP is supported for connection oriented, sa_family=%d", 
	    remote->addr.sa.sa_family);
    }
  }

  msg (M_INFO, "TCP connection established with %s", 
      print_sockaddr (remote, &gc));

done:
  gc_free (&gc);
}



  /* resolve local address if undefined */
  if (!addr_defined (&sock->info.lsa->local))
  {
    /* may return AF_{INET|INET6} guessed from local_host */
    switch(addr_guess_family(sock->info.proto, sock->local_host)) {
      case AF_INET:
	sock->info.lsa->local.addr.in4.sin_family = AF_INET;
	sock->info.lsa->local.addr.in4.sin_addr.s_addr =
	  (sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL,
				       sock->local_host,
				       0,
				       NULL,
				       NULL)
	   : htonl (INADDR_ANY));
	sock->info.lsa->local.addr.in4.sin_port = htons (sock->local_port);
	break;
#ifdef USE_PF_INET6
      case AF_INET6:
	{
	  struct addrinfo hints , *ai;
	  int err;
	  memset(&hints, 0, sizeof hints);
	  hints.ai_flags=AI_PASSIVE;
	  hints.ai_family=AF_INET6;
	  /* if no local_host provided, ask for IN6ADDR_ANY ... */
	  if ((err=getaddrinfo(sock->local_host? sock->local_host : "::", 
		  NULL, &hints, &ai))==0) {
	    sock->info.lsa->local.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr));
	    freeaddrinfo(ai);
	  } else {
	    msg (M_FATAL, "getaddrinfo() failed for local \"%s\": %s",
		sock->local_host,
		gai_strerror(err));
	  }
	  sock->info.lsa->local.addr.in6.sin6_port = htons (sock->local_port);
	}
	break;
#endif
    }
  }
  
  /* bind to local address/port */
  if (sock->bind_local)

  struct gc_arena gc = gc_new ();

  if (!sock->did_resolve_remote)
  {
    /* resolve remote address if undefined */
    if (!addr_defined (&sock->info.lsa->remote))
    {
      switch(addr_guess_family(sock->info.proto, sock->remote_host)) 
      {
	case AF_INET:
	  sock->info.lsa->remote.addr.in4.sin_family = AF_INET;
	  sock->info.lsa->remote.addr.in4.sin_addr.s_addr = 0;

	  if (sock->remote_host)
	  {
	    unsigned int flags = GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE;
	    int retry = 0;
	    bool status = false;

	    if (remote_list_len (sock->remote_list) > 1 && sock->resolve_retry_seconds == RESOLV_RETRY_INFINITE)
	    {
	      if (phase == 2)
		flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL);
	      retry = 0;
	    }
	    else if (phase == 1)
	    {
	      if (sock->resolve_retry_seconds)
	      {
		retry = 0;
	      }
		  else
		    {
		      flags |= (GETADDR_FATAL | GETADDR_MENTION_RESOLVE_RETRY);
		      retry = 0;
		    }
		}
	      else if (phase == 2)
		{
		  if (sock->resolve_retry_seconds)
		    {
		      flags |= GETADDR_FATAL;
		      retry = sock->resolve_retry_seconds;
		    }
		  else
		    {
		      ASSERT (0);
		    }
		}
	      else
	      {
		flags |= (GETADDR_FATAL | GETADDR_MENTION_RESOLVE_RETRY);
		retry = 0;
	      }
	    }
	    else if (phase == 2)
	    {
	      if (sock->resolve_retry_seconds)
	      {
		flags |= GETADDR_FATAL;
		retry = sock->resolve_retry_seconds;
	      }
	      else
	      {
		ASSERT (0);
	      }
	    }
	    else
	    {
	      ASSERT (0);
	    }

	    sock->info.lsa->remote.addr.in4.sin_addr.s_addr = getaddr (
		flags,
		sock->remote_host,
		retry,
		&status,
		signal_received);

	    dmsg (D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d",
		flags,
		phase,
		retry,
		signal_received ? *signal_received : -1,
		status);

	    if (signal_received)
	    {
	      if (*signal_received)
		goto done;
	    }
	    if (!status)
	    {
	      if (signal_received)
		*signal_received = SIGUSR1;
	      goto done;
		    goto done;
		}
	      if (!status)
		{
		  if (signal_received)
		    *signal_received = SIGUSR1;
		  goto done;
		}
	    }
	  }

	  sock->info.lsa->remote.addr.in4.sin_port = htons (sock->remote_port);
	  break;
  
      /* should we re-use previous active remote address? */
      if (link_socket_actual_defined (&sock->info.lsa->actual))
	{
	  msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
	       print_link_socket_actual (&sock->info.lsa->actual, &gc));
	  if (remote_dynamic)
	    *remote_dynamic = NULL;
	}
      else
	{
	  CLEAR (sock->info.lsa->actual);
	  sock->info.lsa->actual.dest = sock->info.lsa->remote;
	}

#ifdef USE_PF_INET6
	case AF_INET6: /* jjoFIXME: ipv6 signal logic */
	  {
	    struct addrinfo hints , *ai;
	    int err;
	    memset(&hints, 0, sizeof hints);
	    hints.ai_flags=0;
	    hints.ai_family=AF_INET6;
	    if ((err=getaddrinfo(sock->remote_host? sock->remote_host : "::" , NULL, &hints, &ai))==0) {
	      sock->info.lsa->remote.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr));
	      freeaddrinfo(ai);
	    } else {
	      msg (M_FATAL, "getaddrinfo() failed for remote \"%s\": %s",
		  sock->remote_host,
		  gai_strerror(err));
	    }
	    sock->info.lsa->remote.addr.in6.sin6_port = htons (sock->remote_port);
	  }
	  break;
#endif
      }
    }
    /* should we re-use previous active remote address? */
    if (link_socket_actual_defined (&sock->info.lsa->actual))
    {
      msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
	  print_link_socket_actual (&sock->info.lsa->actual, &gc));
      if (remote_dynamic)
	*remote_dynamic = NULL;
    }
    else
    {
      CLEAR (sock->info.lsa->actual);
      sock->info.lsa->actual.dest = sock->info.lsa->remote;
    }

    /* remember that we finished */
    sock->did_resolve_remote = true;
  }

done:
  gc_free (&gc);
}


	goto done;

      /* TCP client/server */
      if (sock->info.proto == PROTO_TCPv4_SERVER
#ifdef USE_PF_INET6
	||sock->info.proto == PROTO_TCPv6_SERVER
#endif
	)
	{
	  switch (sock->mode)
	    {

	      ASSERT (0);
	    }
	}
      else if (sock->info.proto == PROTO_TCPv4_CLIENT
#ifdef USE_PF_INET6
	||sock->info.proto == PROTO_TCPv6_CLIENT
#endif
	)
	{

#ifdef GENERAL_PROXY_SUPPORT

	  sock->remote_port = sock->proxy_dest_port;
	  sock->did_resolve_remote = false;

	  addr_zero_host(&sock->info.lsa->actual.dest);
	  addr_zero_host(&sock->info.lsa->remote);

	  resolve_remote (sock, 1, NULL, signal_received);


      if (remote_changed)
	{
	  msg (M_INFO, "TCP/UDP: Dynamic remote address changed during TCP connection establishment");
	  addr_copy_host(&sock->info.lsa->remote, &sock->info.lsa->actual.dest);
	}
    }


{
  struct gc_arena gc = gc_new ();

  switch(from_addr->dest.addr.sa.sa_family)
  {
    case AF_INET:
#ifdef USE_PF_INET6
    case AF_INET6:
#endif
      msg (D_LINK_ERRORS,
	  "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
	  print_link_socket_actual (from_addr, &gc),
	  (int)from_addr->dest.addr.sa.sa_family,
	  print_sockaddr (&info->lsa->remote, &gc));
      break;
  }
  buf->len = 0;

  gc_free (&gc);
}


{
  const struct link_socket_addr *lsa = info->lsa;

/* 
 * This logic supports "redirect-gateway" semantic, which 
 * makes sense only for PF_INET routes over PF_INET endpoints
 *
 * Maybe in the future consider PF_INET6 endpoints also ...
 * by now just ignore it
 *
 */
#if defined ( USE_PF_INET6 )
  if(lsa->actual.dest.addr.sa.sa_family != AF_INET)
	  return 0;
#else
  ASSERT(lsa->actual.dest.addr.sa.sa_family == AF_INET);
#endif

  if (link_socket_actual_defined (&lsa->actual))
    return ntohl (lsa->actual.dest.addr.in4.sin_addr.s_addr);
  else if (addr_defined (&lsa->remote))
    return ntohl (lsa->remote.addr.in4.sin_addr.s_addr);
  else
    return 0;
}

		   const unsigned int flags,
		   struct gc_arena *gc)
{
  struct buffer out;
  bool addr_is_defined;
  if (!addr) {
    return "[NULL]";
  }
  addr_is_defined =  addr_defined (addr);
  switch(addr->addr.sa.sa_family) {
    case AF_INET:
      {
	const int port= ntohs (addr->addr.in4.sin_port);
	out = alloc_buf_gc (128, gc);
	buf_puts (&out, "[AF_INET]");
	mutex_lock_static (L_INET_NTOA);
	buf_puts (&out, (addr_is_defined ? inet_ntoa (addr->addr.in4.sin_addr) : "[undef]"));
	mutex_unlock_static (L_INET_NTOA);

	if (((flags & PS_SHOW_PORT) || (addr_is_defined && (flags & PS_SHOW_PORT_IF_DEFINED)))
	    && port)
	{
	  if (separator)
	    buf_printf (&out, "%s", separator);

	  buf_printf (&out, "%d", port);
	}
      }
      break;
#ifdef USE_PF_INET6
    case AF_INET6:
      {
	const int port= ntohs (addr->addr.in6.sin6_port);
	char buf[INET6_ADDRSTRLEN] = "[undef]";
	out = alloc_buf_gc (128, gc);
	buf_puts (&out, "[AF_INET6]");
	if (addr_is_defined)
	{
	  getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6),
	      buf, sizeof (buf), NULL, 0, NI_NUMERICHOST);
	  buf_puts (&out, buf);
	}
	if (((flags & PS_SHOW_PORT) || (addr_is_defined && (flags & PS_SHOW_PORT_IF_DEFINED)))
	    && port)
	{
	  if (separator)
	    buf_puts (&out, separator);

	  buf_printf (&out, "%d", port);
	}
      }
      break;
#endif
  }
   return BSTR (&out);
}

const char *

      struct buffer out = alloc_buf_gc (128, gc);
      buf_printf (&out, "%s", print_sockaddr_ex (&act->dest, separator, flags, gc));
#if ENABLE_IP_PKTINFO
      if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(act))
	{
	  switch(act->dest.addr.sa.sa_family)
	  {
	case AF_INET:
	  {
	  struct openvpn_sockaddr sa;
	  CLEAR (sa);
	  sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst;
	  buf_printf (&out, " (via %s)", print_sockaddr_ex (&sa, separator, 0, gc));
	  }
	  break;
#ifdef USE_PF_INET6
	case AF_INET6:
	  {
	    struct sockaddr_in6 sin6;
	    char buf[INET6_ADDRSTRLEN] = "[undef]";
	    memset(&sin6, 0, sizeof sin6);
	    sin6.sin6_family = AF_INET6;
	    sin6.sin6_addr = act->pi.in6.ipi6_addr;
	    {
	      if (getnameinfo((struct sockaddr *)&sin6, sizeof (struct sockaddr_in6),
		    buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) == 0)
		buf_printf (&out, " (via %s)", buf);
	      else
		buf_printf (&out, " (via [getnameinfo() err])");
	    }
	  }
	  break;
#endif
	  }

	}
#endif
      return BSTR (&out);

setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const bool flags)
{
  char name_buf[256];
  char buf[128];

  switch(addr->addr.sa.sa_family) {
    case AF_INET:
      if (flags & SA_IP_PORT)
	openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip", name_prefix);
      else
	openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix);

      mutex_lock_static (L_INET_NTOA);
      setenv_str (es, name_buf, inet_ntoa (addr->addr.in4.sin_addr));
      mutex_unlock_static (L_INET_NTOA);

      if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port)
      {
	openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix);
	setenv_int (es, name_buf, ntohs (addr->addr.in4.sin_port));
      }
      break;
#ifdef USE_PF_INET6
    case AF_INET6:
      openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix);
      getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6),
	  buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
      setenv_str (es, name_buf, buf);

  if ((flags & SA_IP_PORT) && addr->sa.sin_port)
    {
      openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix);
      setenv_int (es, name_buf, ntohs (addr->addr.in6.sin6_port));
      break;
#endif
  }
}

void

    {
      struct openvpn_sockaddr si;
      CLEAR (si);
      si.addr.in4.sin_family = AF_INET;
      si.addr.in4.sin_addr.s_addr = htonl (addr);
      setenv_sockaddr (es, name_prefix, &si, flags);
    }
}

struct proto_names {
  const char *short_form;
  const char *display_form;
  bool	is_dgram;
  bool	is_net;
  sa_family_t proto_af;
};

/* Indexed by PROTO_x */
static const struct proto_names proto_names[PROTO_N] = {
  {"proto-uninitialized",        "proto-NONE",0,0, AF_UNSPEC},
  {"udp",        "UDPv4",1,1, AF_INET},
  {"tcp-server", "TCPv4_SERVER",0,1, AF_INET},
  {"tcp-client", "TCPv4_CLIENT",0,1, AF_INET},
  {"tcp",        "TCPv4",0,1, AF_INET},
#ifdef USE_PF_INET6
  {"udp6"       ,"UDPv6",1,1, AF_INET6},
  {"tcp6-server","TCPv6_SERVER",0,1, AF_INET6},
  {"tcp6-client","TCPv6_CLIENT",0,1, AF_INET6},
  {"tcp6"       ,"TCPv6",0,1, AF_INET6},
#endif
};

bool
proto_is_net(int proto)
{
  if (proto < 0 || proto >= PROTO_N)
    ASSERT(0);
  return proto_names[proto].is_net;
}
bool
proto_is_dgram(int proto)
{
  if (proto < 0 || proto >= PROTO_N)
    ASSERT(0);
  return proto_names[proto].is_dgram;
}
bool
proto_is_udp(int proto)
{
  if (proto < 0 || proto >= PROTO_N)
    ASSERT(0);
  return proto_names[proto].is_dgram&&proto_names[proto].is_net;
}
bool
proto_is_tcp(int proto)
{
  if (proto < 0 || proto >= PROTO_N)
    ASSERT(0);
  return (!proto_names[proto].is_dgram)&&proto_names[proto].is_net;
}

sa_family_t 
proto_sa_family(int proto)
{
  if (proto < 0 || proto >= PROTO_N)
    ASSERT(0);
  return proto_names[proto].proto_af;
}

int
ascii2proto (const char* proto_name)
{

  return BSTR (&out);
}

int
addr_guess_family(int proto, const char *name) 
{
  sa_family_t ret;
  if (proto) {
    return proto_sa_family(proto);	/* already stamped */
  } 
#ifdef USE_PF_UNIX
  else if (name && name[0] == '/') {
    return AF_UNIX;
  }
#endif
#ifdef USE_PF_INET6
  else {
    struct addrinfo hints , *ai;
    int err;
    memset(&hints, 0, sizeof hints);
    hints.ai_flags=AI_NUMERICHOST;
    if ((err=getaddrinfo(name, NULL, &hints, &ai))==0) {
      ret=ai->ai_family;
      freeaddrinfo(ai);
      return ret;
    }
  }
#endif
  return AF_INET;	/* default */
}
const char *
addr_family_name (int af) 
{
  switch (af) {
    case AF_INET: return "AF_INET";
    case AF_INET6: return "AF_INET6";
#ifdef USE_PF_UNIX
    case AF_UNIX: return "AF_UNIX";
#endif
  }
  return "AF_UNSPEC";
}

/*
 * Given a local proto, return local proto
 * if !remote, or compatible remote proto

  ASSERT (proto >= 0 && proto < PROTO_N);
  if (remote)
    {
      switch (proto)
      {
	case PROTO_TCPv4_SERVER: return PROTO_TCPv4_CLIENT;
	case PROTO_TCPv4_CLIENT: return PROTO_TCPv4_SERVER;
#ifdef USE_PF_INET6
	case PROTO_TCPv6_SERVER: return PROTO_TCPv6_CLIENT;
	case PROTO_TCPv6_CLIENT: return PROTO_TCPv6_SERVER;
#endif
      }
    }
  return proto;
}


#if ENABLE_IP_PKTINFO

struct openvpn_in4_pktinfo
{
  struct cmsghdr cmsghdr;
  struct in_pktinfo pi;
};
#ifdef USE_PF_INET6
struct openvpn_in6_pktinfo
{
  struct cmsghdr cmsghdr;
  struct in6_pktinfo pi6;
};
#endif

union openvpn_pktinfo {
	struct openvpn_in4_pktinfo cmsgpi;
#ifdef USE_PF_INET6
	struct openvpn_in6_pktinfo cmsgpi6;
#endif
};


static socklen_t
link_socket_read_udp_posix_recvmsg (struct link_socket *sock,

				    struct link_socket_actual *from)
{
  struct iovec iov;
  union openvpn_pktinfo opi;
  struct msghdr mesg;
  socklen_t fromlen = sizeof (from->dest.addr);

  iov.iov_base = BPTR (buf);
  iov.iov_len = maxsize;
  mesg.msg_iov = &iov;
  mesg.msg_iovlen = 1;
  mesg.msg_name = &from->dest.addr;
  mesg.msg_namelen = fromlen;
  mesg.msg_control = &opi;
  mesg.msg_controllen = sizeof (opi);

	  && cmsg->cmsg_len >= sizeof (opi))
	{
	  struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA (cmsg);
	  from->pi.in4.ipi_ifindex = pkti->ipi_ifindex;
	  from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst;
	}
#ifdef USE_PF_INET6
      else if (cmsg != NULL
	  && CMSG_NXTHDR (&mesg, cmsg) == NULL
	  && cmsg->cmsg_level == IPPROTO_IPV6 
	  && cmsg->cmsg_type == IPV6_PKTINFO
	  && cmsg->cmsg_len >= sizeof (struct openvpn_in6_pktinfo))
	{
	  struct in6_pktinfo *pkti6 = (struct in6_pktinfo *) CMSG_DATA (cmsg);
	  from->pi.in6.ipi6_ifindex = pkti6->ipi6_ifindex;
	  from->pi.in6.ipi6_addr = pkti6->ipi6_addr;
	}
#endif
    }
  return fromlen;
}

			    int maxsize,
			    struct link_socket_actual *from)
{
  socklen_t fromlen = sizeof (from->dest.addr);
  socklen_t expectedlen = af_addr_size(proto_sa_family(sock->info.proto));
  addr_zero_host(&from->dest);
  ASSERT (buf_safe (buf, maxsize));
#if ENABLE_IP_PKTINFO
  /* Both PROTO_UDPv4 and PROTO_UDPv6 */
  if (proto_is_udp(sock->info.proto) && sock->sockflags & SF_USE_IP_PKTINFO)
    fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from);
  else
#endif
    buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0,
			 &from->dest.addr.sa, &fromlen);
  if (buf->len >= 0 && expectedlen && fromlen != expectedlen)
    bad_address_length (fromlen, expectedlen);
  return buf->len;
}


  struct iovec iov;
  struct msghdr mesg;
  struct cmsghdr *cmsg;
  struct in_pktinfo *pkti;
  struct openvpn_pktinfo opi;

  iov.iov_base = BPTR (buf);
  iov.iov_len = BLEN (buf);
  mesg.msg_iov = &iov;
  mesg.msg_iovlen = 1;
  switch (sock->info.lsa->remote.addr.sa.sa_family)
  {
    case AF_INET: {
	  struct openvpn_in4_pktinfo opi;
	  struct in_pktinfo *pkti;
	  mesg.msg_name = &to->dest.addr.sa;
	  mesg.msg_namelen = sizeof (struct sockaddr_in);
	  mesg.msg_control = &opi;
	  mesg.msg_controllen = sizeof (opi);
	  mesg.msg_flags = 0;
	  cmsg = CMSG_FIRSTHDR (&mesg);
	  cmsg->cmsg_len = sizeof (opi);
	  cmsg->cmsg_level = SOL_IP;
	  cmsg->cmsg_type = IP_PKTINFO;
	  pkti = (struct in_pktinfo *) CMSG_DATA (cmsg);
	  pkti->ipi_ifindex = to->pi.in4.ipi_ifindex;
	  pkti->ipi_spec_dst = to->pi.in4.ipi_spec_dst;
	  pkti->ipi_addr.s_addr = 0;
	  break;
    }
#ifdef USE_PF_INET6
    case AF_INET6: {
	  struct openvpn_in6_pktinfo opi6;
	  struct in6_pktinfo *pkti6;
	  mesg.msg_name = &to->dest.addr.sa;
	  mesg.msg_namelen = sizeof (struct sockaddr_in6);
	  mesg.msg_control = &opi6;
	  mesg.msg_controllen = sizeof (opi6);
	  mesg.msg_flags = 0;
	  cmsg = CMSG_FIRSTHDR (&mesg);
	  cmsg->cmsg_len = sizeof (opi6);
	  cmsg->cmsg_level = IPPROTO_IPV6;
	  cmsg->cmsg_type = IPV6_PKTINFO;
	  pkti6 = (struct in6_pktinfo *) CMSG_DATA (cmsg);
	  pkti6->ipi6_ifindex = to->pi.in6.ipi6_ifindex;
	  pkti6->ipi6_addr = to->pi.in6.ipi6_addr;
	  break;
    }
#endif
    default: ASSERT(0);
  }
  return sendmsg (sock->sd, &mesg, 0);
}


	{
	  /* set destination address for UDP writes */
	  sock->writes.addr_defined = true;
	  sock->writes.addr = to->dest.addr.in4;
	  sock->writes.addrlen = sizeof (sock->writes.addr);

	  status = WSASendTo(

	{
	  if (io->addrlen != sizeof (io->addr))
	    bad_address_length (io->addrlen, sizeof (io->addr));
	  from->dest.addr.sa = io->addr;
	}
      else
	CLEAR (from->dest.addr.sa);
    }
  
  if (buf)

Lines 81-87 #define ntohps(x) ntohs(x) Link Here

(-)a/openvpn/socket.h (-31 / +202 lines)
81	struct openvpn_sockaddr	81	struct openvpn_sockaddr
82	{	82	{
83	/int dummy;/ /* add offset to force a bug if sa not explicitly dereferenced */	83	/int dummy;/ /* add offset to force a bug if sa not explicitly dereferenced */
84	struct sockaddr_in sa;	84	union {
		85	struct sockaddr sa;
		86	struct sockaddr_in in4;
		87	#ifdef USE_PF_INET6
		88	struct sockaddr_in6 in6;
		89	#endif
		90	} addr;
85	};	91	};
86		92
87	/* actual address of remote, based on source address of received packets */	93	/* actual address of remote, based on source address of received packets */
Lines 90-96 struct link_socket_actual Link Here
90	int dummy; /* JYFIXME -- add offset to force a bug if dest not explicitly dereferenced */	96	int dummy; /* JYFIXME -- add offset to force a bug if dest not explicitly dereferenced */
91	struct openvpn_sockaddr dest;	97	struct openvpn_sockaddr dest;
92	#if ENABLE_IP_PKTINFO	98	#if ENABLE_IP_PKTINFO
93	struct in_pktinfo pi;	99	union {
		100	struct in_pktinfo in4;
		101	#ifdef USE_PF_INET6
		102	struct in6_pktinfo in6;
		103	#endif
		104	} pi;
94	#endif	105	#endif
95	};	106	};
96		107
Lines 411-416 socket_descriptor_t create_socket_tcp (v Link Here
411	socket_descriptor_t socket_do_accept (socket_descriptor_t sd,	422	socket_descriptor_t socket_do_accept (socket_descriptor_t sd,
412	struct link_socket_actual *act,	423	struct link_socket_actual *act,
413	const bool nowait);	424	const bool nowait);
		425	/*
		426	* proto related
		427	*/
		428	bool proto_is_net(int proto);
		429	bool proto_is_dgram(int proto);
		430	bool proto_is_udp(int proto);
		431	bool proto_is_tcp(int proto);
		432
414		433
415	/*	434	/*
416	* DNS resolution	435	* DNS resolution
Lines 436-458 in_addr_t getaddr (unsigned int flags, Link Here
436	* Transport protocol naming and other details.	455	* Transport protocol naming and other details.
437	*/	456	*/
438		457
439	#define PROTO_UDPv4 0	458	#if 0 /* PRE UDPv6/TCPv6 code */
440	#define PROTO_TCPv4_SERVER 1	459	#define PROTO_NONE 0 /* catch for uninitialized */
441	#define PROTO_TCPv4_CLIENT 2	460	#define PROTO_UDPv4 1
442	#define PROTO_TCPv4 3	461	#define PROTO_TCPv4_SERVER 2
443	#define PROTO_N 4	462	#define PROTO_TCPv4_CLIENT 3
		463	#define PROTO_TCPv4 4
		464	#define PROTO_UDPv6 5
		465	#define PROTO_TCPv6_SERVER 6
		466	#define PROTO_TCPv6_CLIENT 7
		467	#define PROTO_TCPv6 8
		468	#define PROTO_N 9
		469	#endif /* if 0 */
		470
		471	/*
		472	* Use enum's instead of #define to allow for easier
		473	* optional proto support
		474	*/
		475	enum proto_num {
		476	PROTO_NONE, /* catch for uninitialized */
		477	PROTO_UDPv4,
		478	PROTO_TCPv4_SERVER,
		479	PROTO_TCPv4_CLIENT,
		480	PROTO_TCPv4,
		481	PROTO_UDPv6,
		482	PROTO_TCPv6_SERVER,
		483	PROTO_TCPv6_CLIENT,
		484	PROTO_TCPv6,
		485	PROTO_N
		486	};
444		487
445	int ascii2proto (const char* proto_name);	488	int ascii2proto (const char* proto_name);
446	const char *proto2ascii (int proto, bool display_form);	489	const char *proto2ascii (int proto, bool display_form);
447	const char proto2ascii_all (struct gc_arena gc);	490	const char proto2ascii_all (struct gc_arena gc);
448	int proto_remote (int proto, bool remote);	491	int proto_remote (int proto, bool remote);
		492	const char *addr_family_name(int af);
449		493
450	/*	494	/*
451	* Overhead added to packets by various protocols.	495	* Overhead added to packets by various protocols.
452	*/	496	*/
453	#define IPv4_UDP_HEADER_SIZE 28	497	#define IPv4_UDP_HEADER_SIZE 28
454	#define IPv4_TCP_HEADER_SIZE 40	498	#define IPv4_TCP_HEADER_SIZE 40
455	#define IPv6_UDP_HEADER_SIZE 40	499	#define IPv6_UDP_HEADER_SIZE 48
		500	#define IPv6_TCP_HEADER_SIZE 60
456		501
457	extern const int proto_overhead[];	502	extern const int proto_overhead[];
458		503
Lines 485-491 legal_ipv4_port (int port) Link Here
485	static inline bool	530	static inline bool
486	link_socket_proto_connection_oriented (int proto)	531	link_socket_proto_connection_oriented (int proto)
487	{	532	{
488	return proto == PROTO_TCPv4_SERVER \|\| proto == PROTO_TCPv4_CLIENT;	533	return !proto_is_dgram(proto);
489	}	534	}
490		535
491	static inline bool	536	static inline bool
Lines 500-506 link_socket_connection_oriented (const s Link Here
500	static inline bool	545	static inline bool
501	addr_defined (const struct openvpn_sockaddr *addr)	546	addr_defined (const struct openvpn_sockaddr *addr)
502	{	547	{
503	return addr->sa.sin_addr.s_addr != 0;	548	if (!addr) return 0;
		549	switch (addr->addr.sa.sa_family) {
		550	case AF_INET: return addr->addr.in4.sin_addr.s_addr != 0;
		551	#ifdef USE_PF_INET6
		552	case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&addr->addr.in6.sin6_addr);
		553	#endif
		554	default: return 0;
		555	}
		556	}
		557	static inline bool
		558	addr_defined_ipi (const struct link_socket_actual *lsa)
		559	{
		560	#if ENABLE_IP_PKTINFO
		561	if (!lsa) return 0;
		562	switch (lsa->dest.addr.sa.sa_family) {
		563	case AF_INET: return lsa->pi.in4.ipi_spec_dst.s_addr != 0;
		564	#ifdef USE_PF_INET6
		565	case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&lsa->pi.in6.ipi6_addr);
		566	#endif
		567	default: return 0;
		568	}
		569	#else
		570	ASSERT(0);
		571	#endif
504	}	572	}
505		573
506	static inline bool	574	static inline bool
Lines 512-531 link_socket_actual_defined (const struct Link Here
512	static inline bool	580	static inline bool
513	addr_match (const struct openvpn_sockaddr a1, const struct openvpn_sockaddr a2)	581	addr_match (const struct openvpn_sockaddr a1, const struct openvpn_sockaddr a2)
514	{	582	{
515	return a1->sa.sin_addr.s_addr == a2->sa.sin_addr.s_addr;	583	switch(a1->addr.sa.sa_family) {
		584	case AF_INET:
		585	return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr;
		586	#ifdef USE_PF_INET6
		587	case AF_INET6:
		588	return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr);
		589	#endif
		590	}
		591	ASSERT(0);
		592	return false;
516	}	593	}
517		594
518	static inline in_addr_t	595	static inline in_addr_t
519	addr_host (const struct openvpn_sockaddr *s)	596	addr_host (const struct openvpn_sockaddr *addr)
520	{	597	{
521	return ntohl (s->sa.sin_addr.s_addr);	598	/*
		599	* "public" addr returned is checked against ifconfig for
		600	* possible clash: non sense for now given
		601	* that we do ifconfig only IPv4
		602	*/
		603	#if defined(USE_PF_INET6)
		604	if(addr->addr.sa.sa_family != AF_INET)
		605	return 0;
		606	#else
		607	ASSERT(addr->addr.sa.sa_family == AF_INET);
		608	#endif
		609	return ntohl (addr->addr.in4.sin_addr.s_addr);
522	}	610	}
523		611
524	static inline bool	612	static inline bool
525	addr_port_match (const struct openvpn_sockaddr a1, const struct openvpn_sockaddr a2)	613	addr_port_match (const struct openvpn_sockaddr a1, const struct openvpn_sockaddr a2)
526	{	614	{
527	return a1->sa.sin_addr.s_addr == a2->sa.sin_addr.s_addr	615	switch(a1->addr.sa.sa_family) {
528	&& a1->sa.sin_port == a2->sa.sin_port;	616	case AF_INET:
		617	return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr
		618	&& a1->addr.in4.sin_port == a2->addr.in4.sin_port;
		619	#ifdef USE_PF_INET6
		620	case AF_INET6:
		621	return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr)
		622	&& a1->addr.in6.sin6_port == a2->addr.in6.sin6_port;
		623	#endif
		624	}
		625	ASSERT(0);
		626	return false;
529	}	627	}
530		628
531	static inline bool	629	static inline bool
Lines 538-543 addr_match_proto (const struct openvpn_s Link Here
538	: addr_port_match (a1, a2);	636	: addr_port_match (a1, a2);
539	}	637	}
540		638
		639	static inline void
		640	addr_zero_host(struct openvpn_sockaddr *addr)
		641	{
		642	switch(addr->addr.sa.sa_family) {
		643	case AF_INET:
		644	addr->addr.in4.sin_addr.s_addr = 0;
		645	break;
		646	#ifdef USE_PF_INET6
		647	case AF_INET6:
		648	memset(&addr->addr.in6.sin6_addr, 0, sizeof (struct in6_addr));
		649	break;
		650	#endif
		651	}
		652	}
		653
		654	static inline void
		655	addr_copy_sa(struct openvpn_sockaddr dst, const struct openvpn_sockaddr src)
		656	{
		657	dst->addr = src->addr;
		658	}
		659
		660	static inline void
		661	addr_copy_host(struct openvpn_sockaddr dst, const struct openvpn_sockaddr src)
		662	{
		663	switch(src->addr.sa.sa_family) {
		664	case AF_INET:
		665	dst->addr.in4.sin_addr.s_addr = src->addr.in4.sin_addr.s_addr;
		666	break;
		667	#ifdef USE_PF_INET6
		668	case AF_INET6:
		669	dst->addr.in6.sin6_addr = src->addr.in6.sin6_addr;
		670	break;
		671	#endif
		672	}
		673	}
		674
		675	static inline bool
		676	addr_inet4or6(struct sockaddr *addr)
		677	{
		678	return addr->sa_family == AF_INET \|\| addr->sa_family == AF_INET6;
		679	}
		680
		681	int addr_guess_family(int proto, const char *name);
		682	static inline int
		683	af_addr_size(sa_family_t af)
		684	{
		685	#if defined(USE_PF_INET6) \|\| defined (USE_PF_UNIX)
		686	switch(af) {
		687	case AF_INET: return sizeof (struct sockaddr_in);
		688	#ifdef USE_PF_UNIX
		689	case AF_UNIX: return sizeof (struct sockaddr_un);
		690	#endif
		691	#ifdef USE_PF_INET6
		692	case AF_INET6: return sizeof (struct sockaddr_in6);
		693	#endif
		694	default:
		695	#if 0
		696	/* could be called from socket_do_accept() with empty addr */
		697	msg (M_ERR, "Bad address family: %d\n", addr->sa_family);
		698	ASSERT(0);
		699	#endif
		700	return 0;
		701	}
		702	#else /* only AF_INET */
703	return sizeof(struct sockaddr_in);
704	#endif
705	}
706
541	static inline bool	707	static inline bool
542	link_socket_actual_match (const struct link_socket_actual a1, const struct link_socket_actual a2)	708	link_socket_actual_match (const struct link_socket_actual a1, const struct link_socket_actual a2)
543	{	709	{
Lines 594-607 link_socket_verify_incoming_addr (struct Link Here
594	{	760	{
595	if (buf->len > 0)	761	if (buf->len > 0)
596	{	762	{
597	if (from_addr->dest.sa.sin_family != AF_INET)	763	switch (from_addr->dest.addr.sa.sa_family) {
598	return false;	764	#ifdef USE_PF_INET6
599	if (!link_socket_actual_defined (from_addr))	765	case AF_INET6:
600	return false;	766	#endif
601	if (info->remote_float \|\| !addr_defined (&info->lsa->remote))	767	case AF_INET:
602	return true;	768	if (!link_socket_actual_defined (from_addr))
603	if (addr_match_proto (&from_addr->dest, &info->lsa->remote, info->proto))	769	return false;
604	return true;	770	if (info->remote_float \|\| !addr_defined (&info->lsa->remote))
		771	return true;
		772	if (addr_match_proto (&from_addr->dest, &info->lsa->remote, info->proto))
		773	return true;
		774	}
605	}	775	}
606	return false;	776	return false;
607	}	777	}
Lines 707-713 link_socket_read (struct link_socket *so Link Here
707	int maxsize,	877	int maxsize,
708	struct link_socket_actual *from)	878	struct link_socket_actual *from)
709	{	879	{
710	if (sock->info.proto == PROTO_UDPv4)	880	if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
711	{	881	{
712	int res;	882	int res;
713		883
Lines 718-727 #else Link Here
718	#endif	888	#endif
719	return res;	889	return res;
720	}	890	}
721	else if (sock->info.proto == PROTO_TCPv4_SERVER \|\| sock->info.proto == PROTO_TCPv4_CLIENT)	891	else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
722	{	892	{
723	/* from address was returned by accept */	893	/* from address was returned by accept */
724	from->dest.sa = sock->info.lsa->actual.dest.sa;	894	addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest);
725	return link_socket_read_tcp (sock, buf);	895	return link_socket_read_tcp (sock, buf);
726	}	896	}
727	else	897	else
Lines 776-788 #if ENABLE_IP_PKTINFO Link Here
776	struct buffer *buf,	946	struct buffer *buf,
777	struct link_socket_actual *to);	947	struct link_socket_actual *to);
778		948
779	if (sock->sockflags & SF_USE_IP_PKTINFO)	949	if (proto_is_udp(sock->info.proto) && (sock->sockflags & SF_USE_IP_PKTINFO)
		950	&& addr_defined_ipi(to))
780	return link_socket_write_udp_posix_sendmsg (sock, buf, to);	951	return link_socket_write_udp_posix_sendmsg (sock, buf, to);
781	else	952	else
782	#endif	953	#endif
783	return sendto (sock->sd, BPTR (buf), BLEN (buf), 0,	954	return sendto (sock->sd, BPTR (buf), BLEN (buf), 0,
784	(struct sockaddr *) &to->dest.sa,	955	(struct sockaddr *) &to->dest.addr.sa,
785	(socklen_t) sizeof (to->dest.sa));	956	(socklen_t) af_addr_size(to->dest.addr.sa.sa_family));
786	}	957	}
787		958
788	static inline int	959	static inline int
Lines 813-823 link_socket_write (struct link_socket *s Link Here
813	struct buffer *buf,	984	struct buffer *buf,
814	struct link_socket_actual *to)	985	struct link_socket_actual *to)
815	{	986	{
816	if (sock->info.proto == PROTO_UDPv4)	987	if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
817	{	988	{
818	return link_socket_write_udp (sock, buf, to);	989	return link_socket_write_udp (sock, buf, to);
819	}	990	}
820	else if (sock->info.proto == PROTO_TCPv4_SERVER \|\| sock->info.proto == PROTO_TCPv4_CLIENT)	991	else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */
821	{	992	{
822	return link_socket_write_tcp (sock, buf, to);	993	return link_socket_write_tcp (sock, buf, to);
823	}	994	}





  if (addr != NULL)
    {
      addr->addr.in4.sin_family = AF_INET;
      addr->addr.in4.sin_addr.s_addr = htonl (INADDR_ANY);
      addr->addr.in4.sin_port = htons (0);
    }

  while (len < 4 + alen + 2)

  /* ATYP == 1 (IP V4 address) */
  if (atyp == '\x01' && addr != NULL)
    {
      memcpy (&addr->addr.in4.sin_addr, buf + 4, sizeof (addr->addr.in4.sin_addr));
      memcpy (&addr->addr.in4.sin_port, buf + 8, sizeof (addr->addr.in4.sin_port));
    }



  if (atyp != 1)		/* ATYP == 1 (IP V4) */
    goto error;

  buf_read (buf, &from->dest.addr.in4.sin_addr, sizeof (from->dest.addr.in4.sin_addr));
  buf_read (buf, &from->dest.addr.in4.sin_port, sizeof (from->dest.addr.in4.sin_port));

  return;


  buf_write_u16 (&head, 0);	/* RSV = 0 */
  buf_write_u8 (&head, 0);	/* FRAG = 0 */
  buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */
  buf_write (&head, &to->dest.addr.in4.sin_addr, sizeof (to->dest.addr.in4.sin_addr));
  buf_write (&head, &to->dest.addr.in4.sin_port, sizeof (to->dest.addr.in4.sin_port));

  return 10;
}

Return to bug 183457

Lines 1351-1359 man_settings_init (struct man_settings * Link Here

(-)a/openvpn/manage.c (-5 / +5 lines)
1351	/*	1351	/*
1352	* Initialize socket address	1352	* Initialize socket address
1353	*/	1353	*/
1354	ms->local.sa.sin_family = AF_INET;	1354	ms->local.addr.in4.sin_family = AF_INET;
1355	ms->local.sa.sin_addr.s_addr = 0;	1355	ms->local.addr.in4.sin_addr.s_addr = 0;
1356	ms->local.sa.sin_port = htons (port);	1356	ms->local.addr.in4.sin_port = htons (port);
1357		1357
1358	/*	1358	/*
1359	* Run management over tunnel, or	1359	* Run management over tunnel, or
Lines 1365-1371 man_settings_init (struct man_settings * Link Here
1365	}	1365	}
1366	else	1366	else
1367	{	1367	{
1368	ms->local.sa.sin_addr.s_addr = getaddr	1368	ms->local.addr.in4.sin_addr.s_addr = getaddr
1369	(GETADDR_RESOLVE\|GETADDR_WARN_ON_SIGNAL\|GETADDR_FATAL, addr, 0, NULL, NULL);	1369	(GETADDR_RESOLVE\|GETADDR_WARN_ON_SIGNAL\|GETADDR_FATAL, addr, 0, NULL, NULL);
1370	}	1370	}
1371		1371
Lines 1634-1640 management_post_tunnel_open (struct mana Link Here
1634	&& man->connection.state == MS_INITIAL)	1634	&& man->connection.state == MS_INITIAL)
1635	{	1635	{
1636	/* listen on our local TUN/TAP IP address */	1636	/* listen on our local TUN/TAP IP address */
1637	man->settings.local.sa.sin_addr.s_addr = htonl (tun_local_ip);	1637	man->settings.local.addr.in4.sin_addr.s_addr = htonl (tun_local_ip);
1638	man_connection_init (man);	1638	man_connection_init (man);
1639	}	1639	}
1640		1640

Lines 175-183 recv_socks_reply (socket_descriptor_t sd Link Here

(-)a/openvpn/socks.c (-9 / +9 lines)
175		175
176	if (addr != NULL)	176	if (addr != NULL)
177	{	177	{
178	addr->sa.sin_family = AF_INET;	178	addr->addr.in4.sin_family = AF_INET;
179	addr->sa.sin_addr.s_addr = htonl (INADDR_ANY);	179	addr->addr.in4.sin_addr.s_addr = htonl (INADDR_ANY);
180	addr->sa.sin_port = htons (0);	180	addr->addr.in4.sin_port = htons (0);
181	}	181	}
182		182
183	while (len < 4 + alen + 2)	183	while (len < 4 + alen + 2)
Lines 264-271 recv_socks_reply (socket_descriptor_t sd Link Here
264	/* ATYP == 1 (IP V4 address) */	264	/* ATYP == 1 (IP V4 address) */
265	if (atyp == '\x01' && addr != NULL)	265	if (atyp == '\x01' && addr != NULL)
266	{	266	{
267	memcpy (&addr->sa.sin_addr, buf + 4, sizeof (addr->sa.sin_addr));	267	memcpy (&addr->addr.in4.sin_addr, buf + 4, sizeof (addr->addr.in4.sin_addr));
268	memcpy (&addr->sa.sin_port, buf + 8, sizeof (addr->sa.sin_port));	268	memcpy (&addr->addr.in4.sin_port, buf + 8, sizeof (addr->addr.in4.sin_port));
269	}	269	}
270		270
271		271
Lines 383-390 socks_process_incoming_udp (struct buffe Link Here
383	if (atyp != 1) /* ATYP == 1 (IP V4) */	383	if (atyp != 1) /* ATYP == 1 (IP V4) */
384	goto error;	384	goto error;
385		385
386	buf_read (buf, &from->dest.sa.sin_addr, sizeof (from->dest.sa.sin_addr));	386	buf_read (buf, &from->dest.addr.in4.sin_addr, sizeof (from->dest.addr.in4.sin_addr));
387	buf_read (buf, &from->dest.sa.sin_port, sizeof (from->dest.sa.sin_port));	387	buf_read (buf, &from->dest.addr.in4.sin_port, sizeof (from->dest.addr.in4.sin_port));
388		388
389	return;	389	return;
390		390
Lines 416-423 socks_process_outgoing_udp (struct buffe Link Here
416	buf_write_u16 (&head, 0); /* RSV = 0 */	416	buf_write_u16 (&head, 0); /* RSV = 0 */
417	buf_write_u8 (&head, 0); /* FRAG = 0 */	417	buf_write_u8 (&head, 0); /* FRAG = 0 */
418	buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */	418	buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */
419	buf_write (&head, &to->dest.sa.sin_addr, sizeof (to->dest.sa.sin_addr));	419	buf_write (&head, &to->dest.addr.in4.sin_addr, sizeof (to->dest.addr.in4.sin_addr));
420	buf_write (&head, &to->dest.sa.sin_port, sizeof (to->dest.sa.sin_port));	420	buf_write (&head, &to->dest.addr.in4.sin_port, sizeof (to->dest.addr.in4.sin_port));
421		421
422	return 10;	422	return 10;
423	}	423	}

Line 0 Link Here

(-)a/jjo-tests/libtest.sh (+115 lines)
		1	#!/bin/bash
		2
		3	typeset -i test_num=0 # increments w/each test_define
		4	typeset test_msg # prefix: "test nr#" for msgs
		5	typeset test_name # test name given
		6	typeset test_sanename # test name with all whitespace (and alike) replaced by '_'
		7
		8	TEST_CLEANUP=":"
		9
		10	say () {
		11	echo "$@" >&3
		12	}
		13	err () {
		14	echo "$@" >&4
		15	}
		16	debug () {
		17	echo "$@" >&4
		18	}
		19	test_define() {
		20	test_name="$*"
		21	test_sanename="$(echo -n $test_name\| tr -c '[A-Za-z0-9._]' _ )"
		22	test_num=test_num+1
		23	test_msg="test $test_num"
		24	test_bg_cleanup
		25	}
		26	test_expect_success () {
		27	local msg="$1"
		28	test $# -ge 2 \|\| { err "usage error: test_expect_failure msg cmd args ..."; return 1; }
		29	say -n "$test_msg: -- $msg (expecting success) "
		30	shift
		31	(eval "$@" 4>&1) && { say -e "\n$test_msg: OK %%% $test_sanename" ; return 0 ; }
		32	say -e "\n$test_msg: FAILED %%% $test_sanename"
		33	return 1
		34	}
		35
		36	test_expect_failure () {
		37	local msg="$1"
		38	test $# -ge 2 \|\| { err "usage error: test_expect_failure msg cmd args ..."; return 1;}
		39	say -n "$test_msg: -- $msg (expecting failure) "
		40	shift
		41	(eval "$@") && { say -e "\n$test_msg: FAILED %%% $test_sanename" >&3 ; return 0 ; }
		42	say -e "\n$test_msg: OK %%% $test_sanename"
		43	return 1
		44	}
		45
		46	test_bg_egrep() {
		47	local nsecs="$1"
		48	local txt="$2"
		49	local ret
		50	shift 2
		51	test_expect_success "$test_name" \
		52	"set -m ; $@ &> $t/out-$test_sanename &
		53	s=1;
		54	for i in \$(seq 1 $nsecs);do
		55	say -n '.'
		56	kill -0 %1 \|\| { egrep failed $t/out-$test_sanename >&4; break; }
		57	o=\$(egrep \"$txt\" $t/out-$test_sanename ) && { debug \$o; s=0; break; }
		58	sleep 1;
		59	done;
		60	kill %1
		61	wait
		62	exit \$s
		63	" 2>/dev/null 4>$t/err
		64	ret=$?
65	test $ret -eq 0 && return 0
66	say "$test_msg: see: $t/out-$test_sanename*"
67	return $ret
68	}
69	# run command in current shell ignoring stderr, evals args passed
70	quiet2() {
71	#backup fd=2
72	exec 250>&2
73	exec 2>/dev/null
74	eval "$@"
75	#close auxfd
76	exec 2>&250
77	exec 250>&-
78	}
79	test_bg_prev(){ local out=$t/out-$test_sanename-prev; $@ >& $out & }
80	test_bg_cleanup() { quiet2 "$TEST_CLEANUP;${@:-:};kill % 2>/dev/null;wait" ;}
81	test_set_cleanup () { TEST_CLEANUP="${*:-:}" ;}
82
83	t=/tmp
84	exec 3>&1
85	exec 4>&2
86
87	#=========
88
89	ln -sf $PWD/openvpn $t/openvpn-test
90	export OPENVPN=$t/openvpn-test
91
92	test_set_cleanup "killall $OPENVPN"
93
94	trap 'test_bg_cleanup;exit' 0 2 15
95
96	test_define "UDP6 loopback"
97	test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp6-0-loopback-self.sh
98
99	test_define "UDP6 loopback byname"
100	test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp6-0-loopback-byname.sh
101
102	test_define "TCP6 loopback"
103	test_bg_prev ../jjo-tests/run-tcp6-0-loopback-server.sh
104	test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp6-0-loopback-client.sh
105
106	test_define "TCP6 loopback byname"
107	test_bg_prev ../jjo-tests/run-tcp6-0-loopback-server-byname.sh
108	test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp6-0-loopback-client-byname.sh
109
110	test_define "UDP4 loopback"
111	test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp4-0-loopback-self.sh
112
113	test_define "TCP4 loopback"
114	test_bg_prev ../jjo-tests/run-tcp4-0-loopback-server.sh
115	test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp4-0-loopback-client.sh

Lines 198-203 buf_printf (struct buffer *buf, const ch Link Here

(-)a/openvpn/buffer.c (+13 lines)
198	}	198	}
199	}	199	}
200		200
		201	void buf_puts(struct buffer buf, const char str)
		202	{
		203	uint8_t *ptr = BEND (buf);
		204	int cap = buf_forward_capacity (buf);
		205	if (cap > 0)
		206	{
		207	strncpynt ((char *)ptr,str, cap);
		208	(buf->data + buf->capacity - 1) = 0; / windows vsnprintf needs this */
		209	buf->len += (int) strlen ((char *)ptr);
		210	}
		211	}
		212
		213
201	/*	214	/*
202	* This is necessary due to certain buggy implementations of snprintf,	215	* This is necessary due to certain buggy implementations of snprintf,
203	* that don't guarantee null termination for size > 0.	216	* that don't guarantee null termination for size > 0.

Lines 175-199 bool mroute_extract_openvpn_sockaddr (st Link Here

(-)a/openvpn/mroute.c (-4 / +56 lines)
175	const struct openvpn_sockaddr *osaddr,	175	const struct openvpn_sockaddr *osaddr,
176	bool use_port)	176	bool use_port)
177	{	177	{
178	if (osaddr->sa.sin_family == AF_INET)	178	switch (osaddr->addr.sa.sa_family)
		179	{
		180	case AF_INET:
179	{	181	{
180	if (use_port)	182	if (use_port)
181	{	183	{
182	addr->type = MR_ADDR_IPV4 \| MR_WITH_PORT;	184	addr->type = MR_ADDR_IPV4 \| MR_WITH_PORT;
183	addr->netbits = 0;	185	addr->netbits = 0;
184	addr->len = 6;	186	addr->len = 6;
185	memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4);	187	memcpy (addr->addr, &osaddr->addr.in4.sin_addr.s_addr, 4);
186	memcpy (addr->addr + 4, &osaddr->sa.sin_port, 2);	188	memcpy (addr->addr + 4, &osaddr->addr.in4.sin_port, 2);
187	}	189	}
188	else	190	else
189	{	191	{
190	addr->type = MR_ADDR_IPV4;	192	addr->type = MR_ADDR_IPV4;
191	addr->netbits = 0;	193	addr->netbits = 0;
192	addr->len = 4;	194	addr->len = 4;
193	memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4);	195	memcpy (addr->addr, &osaddr->addr.in4.sin_addr.s_addr, 4);
194	}	196	}
195	return true;	197	return true;
196	}	198	}
		199	#ifdef USE_PF_INET6
		200	case AF_INET6:
		201	if (use_port)
		202	{
		203	addr->type = MR_ADDR_IPV6 \| MR_WITH_PORT;
		204	addr->netbits = 0;
		205	addr->len = 18;
		206	memcpy (addr->addr, &osaddr->addr.in6.sin6_addr, 16);
		207	memcpy (addr->addr + 16, &osaddr->addr.in6.sin6_port, 2);
		208	}
		209	else
		210	{
		211	addr->type = MR_ADDR_IPV6;
		212	addr->netbits = 0;
		213	addr->len = 16;
		214	memcpy (addr->addr, &osaddr->addr.in6.sin6_addr, 16);
		215	}
		216	return true;
		217	#endif
		218	}
197	return false;	219	return false;
198	}	220	}
199		221
Lines 268-274 mroute_addr_print (const struct mroute_a Link Here
268	}	290	}
269	break;	291	break;
270	case MR_ADDR_IPV6:	292	case MR_ADDR_IPV6:
		293	#ifdef USE_PF_INET6
		294	{
		295	struct buffer buf;
		296	struct sockaddr_in6 sin6;
		297	int port;
		298	char buf6[INET6_ADDRSTRLEN] = "";
		299	memset(&sin6, 0, sizeof sin6);
		300	sin6.sin6_family = AF_INET6;
		301	buf_set_read (&buf, maddr.addr, maddr.len);
		302	if (buf_read(&buf, &sin6.sin6_addr, sizeof (sin6.sin6_addr)))
		303	{
		304	if (getnameinfo((struct sockaddr *)&sin6, sizeof (struct sockaddr_in6),
		305	buf6, sizeof (buf6), NULL, 0, NI_NUMERICHOST) != 0)
		306	{
		307	buf_printf (&out, "MR_ADDR_IPV6 getnameinfo() err");
		308	break;
		309	}
		310	buf_puts (&out, buf6);
		311	if (maddr.type & MR_WITH_NETBITS)
		312	buf_printf (&out, "/%d", maddr.netbits);
		313	if (maddr.type & MR_WITH_PORT)
		314	{
		315	port = buf_read_u16 (&buf);
		316	if (port >= 0)
		317	buf_printf (&out, ":%d", port);
		318	}
		319	}
		320	}
		321	#else /* old pre IPV6 1-line code: */
271	buf_printf (&out, "IPV6");	322	buf_printf (&out, "IPV6");
		323	#endif
272	break;	324	break;
273	default:	325	default:
274	buf_printf (&out, "UNKNOWN");	326	buf_printf (&out, "UNKNOWN");

Lines 990-997 multi_learn_in_addr_t (struct multi_cont Link Here

(-)a/openvpn/multi.c (-15 / +10 lines)
990	struct mroute_addr addr;	990	struct mroute_addr addr;
991		991
992	CLEAR (remote_si);	992	CLEAR (remote_si);
993	remote_si.sa.sin_family = AF_INET;	993	remote_si.addr.in4.sin_family = AF_INET;
994	remote_si.sa.sin_addr.s_addr = htonl (a);	994	remote_si.addr.in4.sin_addr.s_addr = htonl (a);
995	ASSERT (mroute_extract_openvpn_sockaddr (&addr, &remote_si, false));	995	ASSERT (mroute_extract_openvpn_sockaddr (&addr, &remote_si, false));
996		996
997	if (netbits >= 0)	997	if (netbits >= 0)
Lines 2224-2232 management_callback_kill_by_addr (void * Link Here
2224	int count = 0;	2224	int count = 0;
2225		2225
2226	CLEAR (saddr);	2226	CLEAR (saddr);
2227	saddr.sa.sin_family = AF_INET;	2227	saddr.addr.in4.sin_family = AF_INET;
2228	saddr.sa.sin_addr.s_addr = htonl (addr);	2228	saddr.addr.in4.sin_addr.s_addr = htonl (addr);
2229	saddr.sa.sin_port = htons (port);	2229	saddr.addr.in4.sin_port = htons (port);
2230	if (mroute_extract_openvpn_sockaddr (&maddr, &saddr, true))	2230	if (mroute_extract_openvpn_sockaddr (&maddr, &saddr, true))
2231	{	2231	{
2232	hash_iterator_init (m->iter, &hi, true);	2232	hash_iterator_init (m->iter, &hi, true);
Lines 2287-2304 tunnel_server (struct context *top) Link Here
2287	{	2287	{
2288	ASSERT (top->options.mode == MODE_SERVER);	2288	ASSERT (top->options.mode == MODE_SERVER);
2289		2289
2290	switch (top->options.proto) {	2290	if (proto_is_dgram(top->options.proto))
2291	case PROTO_UDPv4:	2291	tunnel_server_udp(top);
2292	tunnel_server_udp (top);	2292	else
2293	break;	2293	tunnel_server_tcp(top);
2294	case PROTO_TCPv4_SERVER:
2295	tunnel_server_tcp (top);
2296	break;
2297	default:
2298	ASSERT (0);
2299	}
2300	}	2294	}
2301		2295
		2296
2302	#else	2297	#else
2303	static void dummy(void) {}	2298	static void dummy(void) {}
2304	#endif /* P2MP_SERVER */	2299	#endif /* P2MP_SERVER */