2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
40 * OpenVPN's default port number as assigned by IANA.
42 #define OPENVPN_PORT 1194
45 * Number of seconds that "resolv-retry infinite"
48 #define RESOLV_RETRY_INFINITE 1000000000
50 #define REMOTE_LIST_SIZE 64
63 struct remote_entry array
[REMOTE_LIST_SIZE
];
67 * packet_size_type is used to communicate packet size
68 * over the wire when stream oriented protocols are
72 typedef uint16_t packet_size_type
;
74 /* convert a packet_size_type from host to network order */
75 #define htonps(x) htons(x)
77 /* convert a packet_size_type from network to host order */
78 #define ntohps(x) ntohs(x)
80 /* IP addresses which are persistant across SIGUSR1s */
81 struct link_socket_addr
83 struct sockaddr_in local
;
84 struct sockaddr_in remote
; /* initial remote */
85 struct sockaddr_in actual
; /* remote may change due to --float */
88 struct link_socket_info
90 struct link_socket_addr
*lsa
;
91 bool connection_established
;
92 const char *ipchange_command
;
93 const struct plugin_list
*plugins
;
95 int proto
; /* Protocol (PROTO_x defined below) */
96 int mtu_changed
; /* Set to true when mtu value is changed */
100 * Used to extract packets encapsulated in streams into a buffer,
101 * in this case IP packets embedded in a TCP stream.
105 struct buffer buf_init
;
106 struct buffer residual
;
108 bool residual_fully_formed
;
112 int len
; /* -1 if not yet known */
114 bool error
; /* if true, fatal TCP error has occurred,
115 requiring that connection be restarted */
119 * Used to set socket buffer sizes
121 struct socket_buffer_size
128 * This is the main socket structure used by OpenVPN. The SOCKET_
129 * defines try to abstract away our implementation differences between
130 * using sockets on Posix vs. Win32.
134 struct link_socket_info info
;
136 socket_descriptor_t sd
;
139 socket_descriptor_t ctrl_sd
; /* only used for UDP over Socks */
143 struct overlapped_io reads
;
144 struct overlapped_io writes
;
145 struct rw_handle rw_handle
;
146 struct rw_handle listen_handle
; /* For listening on TCP socket in server mode */
149 /* used for printing status info only */
150 unsigned int rwflags_debug
;
152 /* used for long-term queueing of pre-accepted socket listen */
153 bool listen_persistent_queued
;
155 /* set on initial call to init phase 1 */
156 struct remote_list
*remote_list
;
157 const char *remote_host
;
159 const char *local_host
;
163 # define INETD_NONE 0
164 # define INETD_WAIT 1
165 # define INETD_NOWAIT 2
168 # define LS_MODE_DEFAULT 0
169 # define LS_MODE_TCP_LISTEN 1
170 # define LS_MODE_TCP_ACCEPT_FROM 2
173 int resolve_retry_seconds
;
174 int connect_retry_seconds
;
175 int mtu_discover_type
;
177 struct socket_buffer_size socket_buffer_sizes
;
179 int mtu
; /* OS discovered MTU, or 0 if unknown */
181 bool did_resolve_remote
;
183 /* for stream sockets */
184 struct stream_buf stream_buf
;
185 struct buffer stream_buf_data
;
188 #ifdef ENABLE_HTTP_PROXY
190 struct http_proxy_info
*http_proxy
;
195 struct socks_proxy_info
*socks_proxy
;
196 struct sockaddr_in socks_relay
; /* Socks UDP relay address */
199 #if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_SOCKS)
200 /* The OpenVPN server we will use the proxy to connect to */
201 const char *proxy_dest_host
;
205 #if PASSTOS_CAPABILITY
206 /* used to get/set TOS. */
212 int gremlin
; /* --gremlin bits */
217 * Some Posix/Win32 differences.
221 #define MSG_NOSIGNAL 0
226 #define openvpn_close_socket(s) closesocket(s)
228 int socket_recv_queue (struct link_socket
*sock
, int maxsize
);
230 int socket_send_queue (struct link_socket
*sock
,
232 const struct sockaddr_in
*to
);
234 int socket_finalize (
236 struct overlapped_io
*io
,
238 struct sockaddr_in
*from
);
242 #define openvpn_close_socket(s) close(s)
246 struct link_socket
*link_socket_new (void);
249 * Initialize link_socket object.
253 link_socket_init_phase1 (struct link_socket
*sock
,
254 const char *local_host
,
255 struct remote_list
*remote_list
,
259 const struct link_socket
*accept_from
,
260 #ifdef ENABLE_HTTP_PROXY
261 struct http_proxy_info
*http_proxy
,
264 struct socks_proxy_info
*socks_proxy
,
272 struct link_socket_addr
*lsa
,
273 const char *ipchange_command
,
274 const struct plugin_list
*plugins
,
275 int resolve_retry_seconds
,
276 int connect_retry_seconds
,
277 int mtu_discover_type
,
281 void link_socket_init_phase2 (struct link_socket
*sock
,
282 const struct frame
*frame
,
283 volatile int *signal_received
);
285 void link_socket_post_fork (const struct link_socket
*sock
,
286 const struct sockaddr_in
*remote
);
288 void socket_adjust_frame_parameters (struct frame
*frame
, int proto
);
290 void frame_adjust_path_mtu (struct frame
*frame
, int pmtu
, int proto
);
292 void link_socket_close (struct link_socket
*sock
);
294 const char *print_sockaddr_ex (const struct sockaddr_in
*addr
,
296 const char* separator
,
297 struct gc_arena
*gc
);
299 const char *print_sockaddr (const struct sockaddr_in
*addr
,
300 struct gc_arena
*gc
);
302 #define IA_EMPTY_IF_UNDEF (1<<0)
303 #define IA_NET_ORDER (1<<1)
304 const char *print_in_addr_t (in_addr_t addr
, unsigned int flags
, struct gc_arena
*gc
);
306 #define SA_IP_PORT (1<<0)
307 #define SA_SET_IF_NONZERO (1<<1)
308 void setenv_sockaddr (struct env_set
*es
,
309 const char *name_prefix
,
310 const struct sockaddr_in
*addr
,
313 void setenv_in_addr_t (struct env_set
*es
,
314 const char *name_prefix
,
318 void bad_address_length (int actual
, int expected
);
320 in_addr_t
link_socket_current_remote (const struct link_socket_info
*info
);
322 void link_socket_connection_initiated (const struct buffer
*buf
,
323 struct link_socket_info
*info
,
324 const struct sockaddr_in
*addr
,
325 const char *common_name
,
328 void link_socket_bad_incoming_addr (struct buffer
*buf
,
329 const struct link_socket_info
*info
,
330 const struct sockaddr_in
*from_addr
);
332 void link_socket_bad_outgoing_addr (void);
334 void setenv_trusted (struct env_set
*es
, const struct link_socket_info
*info
);
336 void remote_list_randomize (struct remote_list
*l
);
339 * Low-level functions
342 /* return values of openvpn_inet_aton */
343 #define OIA_HOSTNAME 0
346 int openvpn_inet_aton (const char *dotted_quad
, struct in_addr
*addr
);
348 socket_descriptor_t
create_socket_tcp (void);
350 socket_descriptor_t
socket_do_accept (socket_descriptor_t sd
,
351 struct sockaddr_in
*remote
,
358 #define GETADDR_RESOLVE (1<<0)
359 #define GETADDR_FATAL (1<<1)
360 #define GETADDR_HOST_ORDER (1<<2)
361 #define GETADDR_MENTION_RESOLVE_RETRY (1<<3)
362 #define GETADDR_FATAL_ON_SIGNAL (1<<4)
363 #define GETADDR_WARN_ON_SIGNAL (1<<5)
364 #define GETADDR_MSG_VIRT_OUT (1<<6)
365 #define GETADDR_TRY_ONCE (1<<7)
367 in_addr_t
getaddr (unsigned int flags
,
368 const char *hostname
,
369 int resolve_retry_seconds
,
371 volatile int *signal_received
);
374 * Transport protocol naming and other details.
377 #define PROTO_UDPv4 0
378 #define PROTO_TCPv4_SERVER 1
379 #define PROTO_TCPv4_CLIENT 2
380 #define PROTO_TCPv4 3
383 int ascii2proto (const char* proto_name
);
384 const char *proto2ascii (int proto
, bool display_form
);
385 const char *proto2ascii_all (struct gc_arena
*gc
);
386 int proto_remote (int proto
, bool remote
);
389 * Overhead added to packets by various protocols.
391 #define IPv4_UDP_HEADER_SIZE 28
392 #define IPv4_TCP_HEADER_SIZE 40
393 #define IPv6_UDP_HEADER_SIZE 40
395 static const int proto_overhead
[] = { /* indexed by PROTO_x */
396 IPv4_UDP_HEADER_SIZE
,
397 IPv4_TCP_HEADER_SIZE
,
402 datagram_overhead (int proto
)
404 ASSERT (proto
>= 0 && proto
< PROTO_N
);
405 return proto_overhead
[proto
];
409 * Misc inline functions
413 remote_list_len (const struct remote_list
*rl
)
422 legal_ipv4_port (int port
)
424 return port
> 0 && port
< 65536;
428 link_socket_proto_connection_oriented (int proto
)
430 return proto
== PROTO_TCPv4_SERVER
|| proto
== PROTO_TCPv4_CLIENT
;
434 link_socket_connection_oriented (const struct link_socket
*sock
)
437 return link_socket_proto_connection_oriented (sock
->info
.proto
);
443 addr_defined (const struct sockaddr_in
*addr
)
445 return addr
->sin_addr
.s_addr
!= 0;
449 addr_match (const struct sockaddr_in
*a1
, const struct sockaddr_in
*a2
)
451 return a1
->sin_addr
.s_addr
== a2
->sin_addr
.s_addr
;
454 static inline in_addr_t
455 addr_host (const struct sockaddr_in
*s
)
457 return ntohl (s
->sin_addr
.s_addr
);
461 addr_port_match (const struct sockaddr_in
*a1
, const struct sockaddr_in
*a2
)
463 return a1
->sin_addr
.s_addr
== a2
->sin_addr
.s_addr
464 && a1
->sin_port
== a2
->sin_port
;
468 addr_match_proto (const struct sockaddr_in
*a1
,
469 const struct sockaddr_in
*a2
,
472 return link_socket_proto_connection_oriented (proto
)
473 ? addr_match (a1
, a2
)
474 : addr_port_match (a1
, a2
);
478 socket_connection_reset (const struct link_socket
*sock
, int status
)
480 if (link_socket_connection_oriented (sock
))
482 if (sock
->stream_reset
|| sock
->stream_buf
.error
)
486 const int err
= openvpn_errno_socket ();
488 return err
== WSAECONNRESET
|| err
== WSAECONNABORTED
;
490 return err
== ECONNRESET
;
498 link_socket_verify_incoming_addr (struct buffer
*buf
,
499 const struct link_socket_info
*info
,
500 const struct sockaddr_in
*from_addr
)
504 if (from_addr
->sin_family
!= AF_INET
)
506 if (!addr_defined (from_addr
))
508 if (info
->remote_float
|| !addr_defined (&info
->lsa
->remote
))
510 if (addr_match_proto (from_addr
, &info
->lsa
->remote
, info
->proto
))
517 link_socket_get_outgoing_addr (struct buffer
*buf
,
518 const struct link_socket_info
*info
,
519 struct sockaddr_in
*addr
)
523 struct link_socket_addr
*lsa
= info
->lsa
;
524 if (addr_defined (&lsa
->actual
))
526 addr
->sin_family
= lsa
->actual
.sin_family
;
527 addr
->sin_addr
.s_addr
= lsa
->actual
.sin_addr
.s_addr
;
528 addr
->sin_port
= lsa
->actual
.sin_port
;
532 link_socket_bad_outgoing_addr ();
539 link_socket_set_outgoing_addr (const struct buffer
*buf
,
540 struct link_socket_info
*info
,
541 const struct sockaddr_in
*addr
,
542 const char *common_name
,
545 if (!buf
|| buf
->len
> 0)
547 struct link_socket_addr
*lsa
= info
->lsa
;
549 /* new or changed address? */
550 (!info
->connection_established
551 || !addr_match_proto (addr
, &lsa
->actual
, info
->proto
))
552 /* address undef or address == remote or --float */
553 && (info
->remote_float
554 || !addr_defined (&lsa
->remote
)
555 || addr_match_proto (addr
, &lsa
->remote
, info
->proto
))
558 link_socket_connection_initiated (buf
, info
, addr
, common_name
, es
);
564 * Stream buffer handling -- stream_buf is a helper class
565 * to assist in the packetization of stream transport protocols
569 void stream_buf_init (struct stream_buf
*sb
, struct buffer
*buf
);
570 void stream_buf_close (struct stream_buf
* sb
);
571 bool stream_buf_added (struct stream_buf
*sb
, int length_added
);
574 stream_buf_read_setup (struct link_socket
* sock
)
576 bool stream_buf_read_setup_dowork (struct link_socket
* sock
);
577 if (link_socket_connection_oriented (sock
))
578 return stream_buf_read_setup_dowork (sock
);
584 * Socket Read Routines
587 int link_socket_read_tcp (struct link_socket
*sock
,
593 link_socket_read_udp_win32 (struct link_socket
*sock
,
595 struct sockaddr_in
*from
)
597 return socket_finalize (sock
->sd
, &sock
->reads
, buf
, from
);
602 int link_socket_read_udp_posix (struct link_socket
*sock
,
605 struct sockaddr_in
*from
);
609 /* read a TCP or UDP packet from link */
611 link_socket_read (struct link_socket
*sock
,
614 struct sockaddr_in
*from
)
616 if (sock
->info
.proto
== PROTO_UDPv4
)
621 res
= link_socket_read_udp_win32 (sock
, buf
, from
);
623 res
= link_socket_read_udp_posix (sock
, buf
, maxsize
, from
);
627 else if (sock
->info
.proto
== PROTO_TCPv4_SERVER
|| sock
->info
.proto
== PROTO_TCPv4_CLIENT
)
629 /* from address was returned by accept */
630 *from
= sock
->info
.lsa
->actual
;
631 return link_socket_read_tcp (sock
, buf
);
636 return -1; /* NOTREACHED */
641 * Socket Write routines
644 int link_socket_write_tcp (struct link_socket
*sock
,
646 struct sockaddr_in
*to
);
651 link_socket_write_win32 (struct link_socket
*sock
,
653 struct sockaddr_in
*to
)
657 if (overlapped_io_active (&sock
->writes
))
659 status
= socket_finalize (sock
->sd
, &sock
->writes
, NULL
, NULL
);
661 err
= WSAGetLastError ();
663 socket_send_queue (sock
, buf
, to
);
666 WSASetLastError (err
);
676 link_socket_write_udp_posix (struct link_socket
*sock
,
678 struct sockaddr_in
*to
)
680 return sendto (sock
->sd
, BPTR (buf
), BLEN (buf
), 0,
681 (struct sockaddr
*) to
,
682 (socklen_t
) sizeof (*to
));
686 link_socket_write_tcp_posix (struct link_socket
*sock
,
688 struct sockaddr_in
*to
)
690 return send (sock
->sd
, BPTR (buf
), BLEN (buf
), MSG_NOSIGNAL
);
696 link_socket_write_udp (struct link_socket
*sock
,
698 struct sockaddr_in
*to
)
701 return link_socket_write_win32 (sock
, buf
, to
);
703 return link_socket_write_udp_posix (sock
, buf
, to
);
707 /* write a TCP or UDP packet to link */
709 link_socket_write (struct link_socket
*sock
,
711 struct sockaddr_in
*to
)
713 if (sock
->info
.proto
== PROTO_UDPv4
)
715 return link_socket_write_udp (sock
, buf
, to
);
717 else if (sock
->info
.proto
== PROTO_TCPv4_SERVER
|| sock
->info
.proto
== PROTO_TCPv4_CLIENT
)
719 return link_socket_write_tcp (sock
, buf
, to
);
724 return -1; /* NOTREACHED */
728 #if PASSTOS_CAPABILITY
731 * Extract TOS bits. Assumes that ipbuf is a valid IPv4 packet.
734 link_socket_extract_tos (struct link_socket
*ls
, const struct buffer
*ipbuf
)
738 struct openvpn_iphdr
*iph
= (struct openvpn_iphdr
*) BPTR (ipbuf
);
740 ls
->ptos_defined
= true;
745 * Set socket properties to reflect TOS bits which were extracted
746 * from tunnel packet.
749 link_socket_set_tos (struct link_socket
*ls
)
751 if (ls
&& ls
->ptos_defined
)
752 setsockopt (ls
->sd
, IPPROTO_IP
, IP_TOS
, &ls
->ptos
, sizeof (ls
->ptos
));
758 * Socket I/O wait functions
762 socket_read_residual (const struct link_socket
*s
)
764 return s
&& s
->stream_buf
.residual_fully_formed
;
767 static inline event_t
768 socket_event_handle (const struct link_socket
*s
)
771 return &s
->rw_handle
;
777 event_t
socket_listen_event_handle (struct link_socket
*s
);
780 socket_set (struct link_socket
*s
,
781 struct event_set
*es
,
782 unsigned int rwflags
,
784 unsigned int *persistent
);
787 socket_set_listen_persistent (struct link_socket
*s
,
788 struct event_set
*es
,
791 if (s
&& !s
->listen_persistent_queued
)
793 event_ctl (es
, socket_listen_event_handle (s
), EVENT_READ
, arg
);
794 s
->listen_persistent_queued
= true;
799 socket_reset_listen_persistent (struct link_socket
*s
)
802 reset_net_event_win32 (&s
->listen_handle
, s
->sd
);
806 const char *socket_stat (const struct link_socket
*s
, unsigned int rwflags
, struct gc_arena
*gc
);
808 #endif /* SOCKET_H */