| Age | Commit message (Collapse) | Author |
|---|
|
- Update the update-copyright script to include more contributors as well
as correcting a few typos
- Correct a copyright address in the source code to now used address
(dazo)
- Update copyright year to 2021
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210609213231.22576-1-openvpn@sf.lists.topphemmelig.net>
URL: https://www.mail-archive.com/search?l=mid&q=20210609213231.22576-1-openvpn@sf.lists.topphemmelig.net
URL: https://sourceforge.net/p/openvpn/mailman/message/37299719/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
getpeername is part of SUSv3 and Windows also provides the function
as part of winsocks.
getpid is also provided by both Posix and windows and we do not even
use getpid on Windows since we rather call GetCurrentProcessId.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210512131511.1309914-3-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22340.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
It is hard to imagine that we still have any supported OS that does
not support non-blocking connect while still supporting non-blocking
sockets in general.
Patch V2: remove epoll.h removal that should have been in other patch.
Patch V3: remove another instance in socket.c that I misseds in v1
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210503105850.3903732-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22291.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
- Remove windows XP/old mingw compat code in socket.c
- Use _WIN32 instead checking for existence of windows.h, winsock2.h
and ws2tcpip.h in autconf
- Remove check for unlink. The last remaining use is a check inside
a Unix socket.
- Even Windows has umask, so remove the check for it
- Move epoll.h inclusion to event.c
Patch V2: Add epoll.h syshead.h that accidently was put into another
patch
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210422152939.2134046-6-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22201.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Move to definition inside the ifdef where they are used to avoid
unused warnings.
Fix a few printf related warnings when DWORD is used as paramter and
the printf format should be %lu (long unsigned int)
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20210421134348.1950392-4-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22176.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
While the check if all socket related functions are present sounds like
a good idea in theory, in reality it just adds time to configure runs.
Our poll check on windows is currently only depending on sys/poll.h
non-existance. Make the check and comment more explicit.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210406162518.4075-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22052.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
These two function basically just pass a number of fields of context to
the linit_socket_init1/2 functions. This wrapper add little to no value
in understanding the code, especially since the linit_socket_init1 will
just copy them to yet another structure.
Remove these wrapper functions and pass context directly to the called
function.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210401131337.3684-15-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21954.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
These functions are small enough to be inlined and also avoids
dependency on socket.c from unit_tests using those functions.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210401131337.3684-10-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21950.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
On windows the SOCKET type is a UINT_PTR, which is a 64 bit pointer,
so using an int worked so far but is actually quite wrong.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210324222330.455-3-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21806.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
When using the LLVM clang compiler instead the MSVC cl.exe but with
the same build environment as MSVC, clang encounters a few errors:
src\openvpn\socket.c(3550,23): warning: assigning to 'CHAR *' (aka 'char
*') from 'uint8_t *' (aka 'unsigned char *') converts between pointers to
integer types with different sign [-Wpointer-sign]
wsabuf[0].buf = BPTR(&sock->reads.buf);
^ ~~~~~~~~~~~~~~~~~~~~~~
src\openvpn\socket.c(3670,23): warning: assigning to 'CHAR *' (aka 'char
*') from 'uint8_t *' (aka 'unsigned char *') converts between pointers to
integer types with different sign [-Wpointer-sign]
wsabuf[0].buf = BPTR(&sock->writes.buf);
^ ~~~~~~~~~~~~~~~~~~~~~~~
Use BSTR instead of BPTR, which casts to the correct type that is
expected.
src\compat\compat-gettimeofday.c(105,18): error: assignment to cast is
illegal, lvalue casts are not supported
tv->tv_sec = (long)last_sec = (long)sec;
Split into two assignments to avoid the illegal cast
include\stdint.h(18,28): error: typedef redefinition with different types
('signed char' vs 'char')
typedef signed char int8_t;
^
openvpn\config-msvc.h(162,16): note: previous definition is here
typedef __int8 int8_t;
Removes our custom int type typdefs from config-msvc.h and replace it
with an include of inttypes.h.
C:\Program Files (x86)\Windows
Kits\10\include\10.0.19041.0\shared\tcpmib.h(56,3): error: typedef
redefinition with different types ('enum MIB_TCP_STATE' vs 'int')
} MIB_TCP_STATE;
^
C:\Users\User\source\repos\openvpn\src\openvpn/syshead.h(369,13): note:
previous definition is here
typedef int MIB_TCP_STATE;
^
1 error generated.
This seems to be for mingw32 only, so guard this with a mingw32
compiler guard.
\src\openvpn\tun.c(3727,34): warning: passing 'char [256]' to parameter of
type 'LPBYTE' (aka 'unsigned char *') converts between pointers to integer
types with different sign [-Wpointer-sign]
net_cfg_instance_id,
^~~~~~~~~~~~~~~~~~~
C:\Program Files (x86)\Windows
Kits\10\include\10.0.19041.0\um\winreg.h(955,88): note: passing argument
to parameter 'lpData' here
This is windows specific code, use the Windows LPBTYE in the
definitions. (long pointer to BYTE (long pointer as far/near pointer
relict from windows 16 bit times, in moddern words (unsigned char *))
Fix also a few other char vs uint8/unisgned char/BYTE issues in tun.c
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210319114631.20459-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21719.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
This code is from another time and has almost no relevance today.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20201214172407.30451-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21360.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
For non-blocking TCP/Unix connection, OpenVPN checks was it established in
loop and if not - sleeps or handles management for next one second. Since
the first check is made right after the connection attempt, it will likely
be always unsuccessful, causing redundant wait for one or more seconds:
00:00:00.667607 fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
00:00:00.667713 connect(5, {...}, 16) = -1 EINPROGRESS (Operation now
in progress)
00:00:00.667832 poll([{fd=5, events=POLLOUT}], 1, 0) = 0 (Timeout)
00:00:00.667954 nanosleep({tv_sec=1, tv_nsec=0}, 0x7fff52450270) = 0
00:00:01.668608 poll([{fd=5, events=POLLOUT}], 1, 0) = 1 ([{fd=5,
revents=POLLOUT}])
After this patch openvpn_connect() will perform blocking wait for
connection
establishment (if possible) and just check for management events once in
one
second (if management enabled) w/o sleep. This speedups TCP/Unix connection
establishment and provides almost real connection time that can be used for
detection of the fastest remote server in subsequent patches:
00:00:00.790510 fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
00:00:00.790616 connect(5, {...}, 16) = -1 EINPROGRESS (Operation now
in progress)
00:00:00.790877 poll([{fd=5, events=POLLOUT}], 1, 1000) = 0 (Timeout)
00:00:01.792880 poll([{fd=5, events=POLLOUT}], 1, 1000) = 1 ([{fd=5,
revents=POLLOUT}])
Or, with management interface enabled:
00:00:00.906421 fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
00:00:00.906527 connect(6, {...}, 16) = -1 EINPROGRESS (Operation now
in progress)
00:00:00.906779 poll([{fd=6, events=POLLOUT}], 1, 1000) = 0 (Timeout)
00:00:01.910418 poll([{fd=3, events=POLLIN|POLLPRI}], 1, 0) = 0
(Timeout)
00:00:01.911365 poll([{fd=6, events=POLLOUT}], 1, 1000) = 0 ([{fd=6,
revents=POLLOUT}])
v2: cosmetics, decrease connection_timeout to avoid wait more than it
v3: teach management_sleep() to handle zero timeout and reject negative
use 1s timeout for connection and 0s timeout for management events
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20201001225319.25125-1-themiron@yandex-team.ru>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21139.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Per https://community.openvpn.net/openvpn/wiki/CodeStyle the maximum line
length is 80 characters. This patch allows to split upcoming changes into
CodeStyle-conformant (w/o real code change) and more feature-specific.
Upcoming changes adds new PROTO_AUTO, so existing proto_names array is
reformatted as well.
v7: prefer line breaks before long string parameters
reformat proto_names array
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20200924091004.29065-1-themiron@yandex-team.ru>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21083.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Calling "openvpn --inetd" from the CLI (= no socket on stdin) will
lead to endless looping in the accept(4) loop.
Instead of cluttering that function further, detect failure to call
getsockame() in phase2_inetd() already, and trigger a M_FATAL abort
on "errno == ENOTSOCK" ("The argument s is a file, not a socket").
While at it, uncrustify the --bind-dev code (whitespace only).
Trac: #350
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20200908105130.24171-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20897.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
This was only used in a check that is better suited in the calling
functions. This also removes passing the buf argument to
link_socket_connection_initiated that also does not use that
parameter at all.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20200810143707.5834-6-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20677.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
This options allows the user to specify a network interface or VRF
device the OpenVPN process should use when making a connection or
binding to an address.
This is done by setting the SO_BINDTODEVICE option to the corresponding
socket (on Linux). SO_BINDTODEVICE forces all packets sent on that socket
to go out via the specified interface, and only packets coming in on
that interface are received by OpenVPN.
When used in a VRF context on Linux [0], you can also specify the name
of the VRF ("--bind-dev external_vrf"), which will put the OpenVPN
"network side" into this VRF. This allows making connections using a
non-default VRF and having the tun/tap interface in the default VRF.
Thanks to David Ahern (Cumulus Networks) for insights on this.
[0] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/vrf.txt
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1593427748-29801-2-git-send-email-max@rfc2324.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20156.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Prevent the re-allocations of memory when the internal argv grows
beyond 2 and 4 arguments by initially allocating argv to hold up to
7 (+ trailing NULL) pointers.
While at it rename argv_reset to argv_free to actually express
what's going on. Redo the argv_reset functionality so that it can
be used to actually reset the argv without re-allocation.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20200206132103.15977-3-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19378.html
|
|
For reasons historically unknown, OpenVPN sets the listen() backlog
queue to "1", which signals the kernel "while there is one TCP connect
waiting for OpenVPN to handle it, refuse all others" - which, on
restarting a busy TCP server, will create connection issues.
The exact "best" value of the backlog queue is subject of discussion,
but for a server that is not extremely busy with many connections
coming in in parallel, there is no real difference between "10" or "500",
as long as it's "more than 1".
Found and debugged by "mjo" in Trac.
Trac: #1208
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20190815155319.28249-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18758.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
New patch, omitted changes to copyrights/licenses & changelog.
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20190123201717.15048-1-jonathan@reliablehosting.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18177.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
There are an amazing number of brackets that were either
totally missing, or have snuck up on the "for(...){"
line. Further, uncrustify wants "|" in multi-line
logical expressions now at the beginning of the new
line, and "PRIi64" now gets surrounding spaces.
Added "sp_after_semi_for_empty=Add" to uncrustify.conf
to leave a few for() statements alone that look better
the way they are.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20181130135641.11533-3-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17970.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
|
|
Similarly to ifconfig(-push), its IPv6 counterpart is now able to
accept hostnames as well instead of IP addresses in numeric form.
Basically this means that the user is now allowed to specify
something like this:
ifconfig-ipv6-push my.hostname.cx/64
This is exactly the same behaviour that we already have with
ifconfig(-push).
The generic code introduced in this patch will be later used to
implement the /bits parsing support for IPv4 addresses.
Trac: #808
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20171203041426.25316-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15969.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
|
|
stream_buf_init(), stream_buf_close() and stream_buf_added()
are only used within socket.c, therefore there is noneed to
have them declared in socket.h.
Make them static and remove useless declarations.
This change reuired adding function prototypes in socket.c to
avoid useless code re-ordering.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20180712012955.24050-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17246.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
To avoid having to include misc.c - which is a dependency mess - in the
tls-crypt unit tests, move the command execution helper functions to a new
run_command.c module.
While at it, abstract away the script_security global variable.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20180704175404.22371-2-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17212.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
- "%ll" is not supported by Windows run time, so use PRIi64
and cast the variable to (int64_t) in output statements
(as in commit 9ba36639abcac4367c8227d2dd87b18fb56267c4)
- Fix an instance of wchar_t * printed using %s -- should be %ls.
- Cast variables to int or unsigned int to match the output
format spec when necessary.
- In route.c correct format of adapter_index (should be %lu) in a few
places and remove some unnecessary casts to (unsigned int). Not
all such instances are changed, only those related to adapter_index
(for consistency) or close-by contexts are edited.
Most of these errors are seen in current Windows cross-compile,
but a few are triggered only if some DEBUG options are enabled.
Some are not in Windows specific paths. But for consistency, all uses
of %llu/%lld are removed. As these only affect log output, there are
no potential side effects.
Replacing long long by int64_t also has the advantage of avoiding
size ambiguity as long long is not guaranteed to be 64 bytes.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1519275295-29121-1-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16522.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
The autumn of 2017, OpenVPN Technologies, Inc changed name to just
OpenVPN Inc. Otherwise, extend the copyright to cover 2018 as well.
With the exception of the company name change, all changes have been
performed by the dev-tools/update-copyright.sh script.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20180131140314.11103-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16418.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Commit 23d61c56 introduced the AF_UNSPEC socket family
to be used when we don't know the actual one until the local
socket binding is performed.
In such case AF_UNSPEC is stored in the `ce.af` member of
the `c->options` object, indicating that the family has to be
determined at runtime.
However, the determined value is never propagated back to the
`options` object, which remains AF_UNSPEC and that is
later used to initialize the TCP children contexts (UDP
children contexts are unaffected).
This unexpected setting can trigger weird behaviours, like
the one reported in ticket #933.
In this case the value AF_UNSPEC in combination with the
changes implemented in 2bed089d are leading to a TCP
server quitting with M_FATAL upon client connection.
Note that the misbehaviour described in #933 can only be
triggered when running a TCP server with mtu-disc set
in the config (no matter the value).
Fix this inconsistency by always propagating the AF
family from the top to the child context when running
in TCP server mode.
As a direct consequence, this patch fixes Trac #933.
Trac: 933
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20170907095530.15972-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15380.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
|
|
Functions used only in the file where they are
defined and not exported in any header, should
always defined as static in order to make the scope
clear to the compiler and the developers.
Add the static attribute where missing.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170811090744.31750-4-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15202.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
|
|
openvpn_sleep() is basically "service the management interface for x
seconds, then return". Therefore, manage.c is a more suitable location
than the random collection of unrelated stuff called misc.c.
(I think we should find a better place for everything currently in misc.c,
and get rid of it all together. This patch is part of that effort.)
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1500566435-29920-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15109.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
This function was only called in string format functions, which already
copy the contents, so all this ever did was adding redundant malloc() and
free() calls.
Also, this wasn't as thread-safe as it claims: another thread could still
change the string value between the strerror() and buf_printf() calls. So,
instead of a not needed false sense of thread-safeness, just be honest and
use strerror() directly.
(I think we should find a better place for everything currently in misc.c,
and get rid of it all together. In this case, the better place is
/dev/null. This patch is part of that effort.)
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1500550740-24773-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15105.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
the msg() function will print the errno for us when
provided with the M_ERRNO flag.
Therefore, don't bother printing errno explicitly and always
pass M_ERRNO to msg().
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20170713080527.13299-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15056.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
The COPYRIGHT.GPL file was slightly out-of-sync with the last GPLv2
license from Free Software Foundation, Inc.
The changes are primarily a new address, which required touching almost
all the project files.
Except of that, it is just minor adjustments to formatting, removal of
form-feed characters and referencing "GNU Lesser General Public License"
instead of "GNU Library General Public License".
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170329093648.10156-1-davids@openvpn.net>
URL: https://www.mail-archive.com/search?l=mid&q=20170329093648.10156-1-davids@openvpn.net
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Although it does not make sense to specify remote-random-hostname
when a numeric hostname is provided (being it the remote, the http
proxy or the socks server), this is still a valid configuration.
For this reason, this combination should still work as expected,
which means ignoring the randomization and directly using the
numeric IP.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170130152658.15786-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13993.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
SOCKET_UNDEFINED is of type socket_descriptor_t (or SOCKET, in MS types),
so new_sd should be too. Also, the return value of this function is
always stored in a socket_descriptor_t variable, so it should return that
type (which makes sense now, because it returns new_sd) instead of an int.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1489056455-6004-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14239.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
We want { and } aligned, which means also adding a newline between each
for() and {, while() and {, etc.
Also, we agreed to always use braces with conditionals. The previous
uncrustify config added these for if()s, now also add these for while()
and for().
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1484403020-6857-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13875.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
|
|
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <1482350454-27280-2-git-send-email-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13653.html
|
|
This is the first commit of the big reformatting task. This
is performed by running the ./dev-tools/reformat-all.sh script.
This is based upon the v3 reformat-all.sh/uncrustify.conf version
which is now applied to git master.
Signed-off-by: David Sommerseth <davids@openvpn.net>
|
|
The existing code can leak socket FDs to the "--up" script, which is
not desired. Brought up by Alberto Gonzalez Iniesta, based on debian
bug 367716.
Since different sockets get create at different times, just moving the
set_cloexec() to link_socket_init_phase1() is not good enough - so move
the call into create_socket_<family>(), so we will catch ALL socket
creations, no matter when or under which conditions they will be
created (SOCKS proxy socket, listening socket, ...).
--inetd gets an extra fd_cloexec() call, as socket FD is inherited.
URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=367716
v2: remove set_cloexec() calls from manage.c
v3: add set_cloexec() calls to accept()ed TCP/unix child sockets
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1481027162-12165-1-git-send-email-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13405.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
With c99, "WIN32" is no longer automatically defined when (cross-)building
for Windows, and proper compilation relies on including <windefs.h>,
before checking the macro. "_WIN32" is the official define that is
guaranteed to be defined by the compiler itself, no includes are needed.
So, mechanically change all occurrances of "WIN32" to "_WIN32".
While at it, get rid of unused WIN32_0_1 #define in syshead.h
See also:
http://nadeausoftware.com/articles/2012/01/c_c_tip_how_use_compiler_predefi
ned_macros_detect_operating_system#WindowsCygwinnonPOSIXandMinGW
Trac #746
v2: rebased to master, merge the console[_builtin].c changes
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20161113195228.74090-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13035.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Move functionality to parse command strings into argv_parse_cmd().
That is a preparation for the upcoming refactoring of argv_printf().
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: <1477672963-5724-5-git-send-email-heiko.hund@sophos.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12816.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Dereferencing type-punned pointers is undefined behaviour according to the
C standard. We should either obey the standard, or ensure that all
supported compilers deal with dereferencing type-punned pointers as we
want them to. I think just obeying the standard is the easiest solution.
See e.g. http://blog.regehr.org/archives/959.
This commit refactors the offending code to use unions or memcpy() to
comply to strict aliasing rules.
Note that this also slightly changes mroute_addr_mask_host_bits(), to
behave as it was probably intended to: only mask the address part, not
also the port part of IPv6 adresses if MR_WITH_PORT is used (ie ma->len
is sizeof(struct in6_addr)+2).
v2: fix all strict aliasing occurrences, not just those in mroute.h
v3: add missing ntohs() in mroute_addr_print_ex()
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1479043047-25883-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13017.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
The code was a mix of "assume that it is not NULL" and "check that
it is not NULL before using" - it cannot be NULL (due to the single
call graph, referencing c->sig with the global context), but for
good measure, add an ASSERT() upon function entry and get rid of
all the individual checks.
Found by Coverity.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1478555042-31299-1-git-send-email-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12931.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
The old code only worked if "struct openvpn*pktinfo" happened to use
the same structure packing as the CMSG_SPACE() / CMSG_LEN() macros
(which are part of the official API, see RFC 2292).
Get rid of "struct openvpn_*_pktinfo" definitions, replace them by
an opaque buffer sized large enough to fit IPv4 and IPv6 packet info
messages, as defined by CMSG_SPACE(sizeof(struct ...)).
On 32 bit platforms, the net result is the same. On 64 bit platforms,
the new buffer is bigger than openvpn_pktinfo was, fixing an overflow
with ipi6_ifindex corruption on reception, and EINVAL on sendmsg().
The IPv4 related changes are only side effects of using the new buffer.
Fixes: FreeBSD 10.3/amd64, FreeBSD 9.3/sparc64, OpenBSD 6.0/amd64,
NetBSD 7.0.1/i386.
Note: --multihome for IPv4 on NetBSD is still broken and non-fixable(!)
as NetBSD lacks the necessary kernel code for the sendmsg() side.
Verified that "--multihome works as well as before" on FreeBSD 7.4/amd64,
NetBSD 5.1/amd64, OpenBSD 4.9/i386, Linux/x86_64, Linux/i386,
OpenSolaris 10 (--multihome needs -D_XPG4_2, see trac #750)
See also: ip(4), ip6(4), recv(2)
Trac #634, #327, #28
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20161009100929.46472-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12626.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
NetBSD has introduced IP_PKTINFO and struct in_pktinfo, but does not
have the "ipi_spec_dst" structure element, causing compilation errors.
Introduce a check for that (AC_CHECK_MEMBER) in configure.ac, and
change all "#ifdef HAVE_IN_PKTINFO" to also check "HAVE_IPI_SPEC_DST".
Patch inspired by NetBSD pkgsrc patch set.
(Note: with that patch, OpenVPN --multihome is still broken for IPv4
on NetBSD 7.0.1 / amd64, but that's a different issue)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20160916190242.44897-1-gert@greenie.muc.de>
URL: http://www.mail-archive.com/search?l=mid&q=20160916190242.44897-1-gert@greenie.muc.de
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
server-poll-timeout to 120s
With this change all timeouts before the first packet from the OpenVPN
server are unified into the server-poll-timeout option.
The default of 120s has been chosen to be a safe value is larger as it is
larger the sums of the old small timeouts.
V3: fix some whitespace/typos problems
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1465656195-12722-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11899
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
"Be conservative in what you send, be liberal in what you accept"
When receiving packets, the real limitation of how much data we can accept
is the size of our internal buffers, not the maximum size we expect
incoming packets to have.
I ran into this while working on cipher negotiation, which will need
separate bookkeeping for the required internal buffer size, and the
link/tun MTU. Basing this code on the buffer size instead of c2->frame
makes that easier. A nice side-effect of this change is that it
simplifies the code.
This should also reduce the impact of using asymmetric tun/link MTU's,
such as in trac ticket #647.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1465388443-15484-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11850
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Fixed port-share bug that can cause segfault when the number
of concurrent connections is large.
The issue is that the port-share code calls openvpn_connect()
which in turn calls select(). When there are a high number
of concurrent port-share connections, the fd passed to select
can potentially exceed FD_SETSIZE, causing undefined behavior.
The fix is to use poll() (if available) instead of select().
Signed-off-by: James Yonan <james@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <CAA1Abx+2E2FZN-y6P=mkKpSuZ7bOV5m6rUMTx3V7UP2qPMjZPg@mail.gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11626
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
On many platforms (not Windows, for once), FD_SET() can write outside the
given fd_set if an fd >= FD_SETSIZE is given. To make sure we don't do
that, add an ASSERT() to error out with a clear error message when this
does happen.
This patch was inspired by remarks about FD_SET() from Sebastian Krahmer
of the SuSE Security Team.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1456996968-29472-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11285
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
On nonblocking TCP connects, we set status = ETIMEOUT on failure.
On windows, depending on which header files are included, ETIMEOUT
is defined differently, and this leads to incomprehensible error
messages - so, always use WSAETIMEDOUT here.
Trac #651
Signed-off-by: Leonardo Basilio <leobasilio@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <CACqLfMnBXwSY=MXyc7B1oMKwYE2Z_49G3mpkEPxbSAuG61tgZA@mail.gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11085
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Add missing environment variables for IPv6 virtual addresses:
* ifconfig_pool_local_ip6
* ifconfig_pool_remote_ip6
* ifconfig_pool_ip6_netbits
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1448470009-5243-1-git-send-email-heiko.hund@sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10613
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
Currently the state command shows only the tun/tap IPv4 address. The
IPv4 address of the remote peer is also displayed. In case you connect
via IPv6 it just shows the first 4 bytes of the address in IPv4 notation.
This patch extends the state command, so it handles IPv6 addresses.
In addition it also displays the local address and the both port numbers
of the connection, e.g.
1447250958,CONNECTED,SUCCESS,10.0.0.2,fd00::1,1193,fd00::2,6492,fdff::1002
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1448456220-2042-1-git-send-email-heiko.hund@sophos.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10603
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
