2
* OpenVPN -- An application to securely tunnel IP networks
3
* over a single UDP port, with support for SSL/TLS-based
4
* session authentication and key exchange,
5
* packet encryption, packet authentication, and
8
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License version 2
12
* as published by the Free Software Foundation.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program (see the file COPYING included with this
21
* distribution); if not, write to the Free Software Foundation, Inc.,
22
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29
* Only include if not during configure
32
/* USE_PF_INET6: win32 ipv6 exists only after 0x0501 (XP) */
39
/* branch prediction hints */
41
# define likely(x) __builtin_expect((x),1)
42
# define unlikely(x) __builtin_expect((x),0)
44
# define likely(x) (x)
45
# define unlikely(x) (x)
48
#if defined(_WIN32) && !defined(WIN32)
55
#define sleep(x) Sleep((x)*1000)
60
#ifdef HAVE_SYS_TYPES_H
61
#include <sys/types.h>
64
#ifdef HAVE_SYS_WAIT_H
65
# include <sys/wait.h>
70
# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
73
# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
77
#ifdef TIME_WITH_SYS_TIME
78
# include <sys/time.h>
81
# ifdef HAVE_SYS_TIME_H
82
# include <sys/time.h>
88
#ifdef HAVE_SYS_SOCKET_H
89
# if defined(TARGET_LINUX) && !defined(_GNU_SOURCE)
90
/* needed for peercred support on glibc-2.8 */
93
#include <sys/socket.h>
100
#ifdef HAVE_SYS_IOCTL_H
101
#include <sys/ioctl.h>
104
#ifdef HAVE_SYS_STAT_H
105
#include <sys/stat.h>
112
#ifdef HAVE_SYS_FILE_H
113
#include <sys/file.h>
172
#ifdef HAVE_NETINET_IN_H
173
#include <netinet/in.h>
180
#ifdef HAVE_SYS_POLL_H
181
#include <sys/poll.h>
184
#ifdef HAVE_SYS_EPOLL_H
185
#include <sys/epoll.h>
189
#include <selinux/selinux.h>
192
#ifdef TARGET_SOLARIS
193
#ifdef HAVE_STRINGS_H
202
#ifdef HAVE_ARPA_INET_H
203
#include <arpa/inet.h>
212
#if defined(HAVE_NETINET_IF_ETHER_H)
213
#include <netinet/if_ether.h>
216
#ifdef HAVE_LINUX_IF_TUN_H
217
#include <linux/if_tun.h>
220
#ifdef HAVE_NETINET_IP_H
221
#include <netinet/ip.h>
224
#ifdef HAVE_LINUX_SOCKIOS_H
225
#include <linux/sockios.h>
228
#ifdef HAVE_LINUX_TYPES_H
229
#include <linux/types.h>
232
#ifdef HAVE_LINUX_ERRQUEUE_H
233
#include <linux/errqueue.h>
236
#ifdef HAVE_NETINET_TCP_H
237
#include <netinet/tcp.h>
240
#endif /* TARGET_LINUX */
242
#ifdef TARGET_SOLARIS
244
#ifdef HAVE_STROPTS_H
249
#ifdef HAVE_NET_IF_TUN_H
250
#include <net/if_tun.h>
253
#ifdef HAVE_SYS_SOCKIO_H
254
#include <sys/sockio.h>
257
#ifdef HAVE_NETINET_IN_SYSTM_H
258
#include <netinet/in_systm.h>
261
#ifdef HAVE_NETINET_IP_H
262
#include <netinet/ip.h>
265
#ifdef HAVE_NETINET_TCP_H
266
#include <netinet/tcp.h>
269
#endif /* TARGET_SOLARIS */
271
#ifdef TARGET_OPENBSD
273
#ifdef HAVE_SYS_UIO_H
277
#ifdef HAVE_NETINET_IN_SYSTM_H
278
#include <netinet/in_systm.h>
281
#ifdef HAVE_NETINET_IP_H
282
#include <netinet/ip.h>
285
#ifdef HAVE_NET_IF_TUN_H
286
#include <net/if_tun.h>
289
#endif /* TARGET_OPENBSD */
291
#ifdef TARGET_FREEBSD
293
#ifdef HAVE_SYS_UIO_H
297
#ifdef HAVE_NETINET_IN_SYSTM_H
298
#include <netinet/in_systm.h>
301
#ifdef HAVE_NETINET_IP_H
302
#include <netinet/ip.h>
305
#ifdef HAVE_NET_IF_TUN_H
306
#include <net/if_tun.h>
309
#endif /* TARGET_FREEBSD */
313
#ifdef HAVE_NET_IF_TUN_H
314
#include <net/if_tun.h>
317
#ifdef HAVE_NETINET_TCP_H
318
#include <netinet/tcp.h>
321
#endif /* TARGET_NETBSD */
323
#ifdef TARGET_DRAGONFLY
325
#ifdef HAVE_SYS_UIO_H
329
#ifdef HAVE_NETINET_IN_SYSTM_H
330
#include <netinet/in_systm.h>
333
#ifdef HAVE_NETINET_IP_H
334
#include <netinet/ip.h>
337
#ifdef HAVE_NET_TUN_IF_TUN_H
338
#include <net/tun/if_tun.h>
341
#endif /* TARGET_DRAGONFLY */
344
#include <iphlpapi.h>
346
/* The following two headers are needed of USE_PF_INET6 */
347
#include <winsock2.h>
348
#include <ws2tcpip.h>
351
#ifdef HAVE_SYS_MMAN_H
353
#define _P1003_1B_VISIBLE
354
#endif /* TARGET_DARWIN */
355
#include <sys/mman.h>
359
* Pedantic mode is meant to accomplish lint-style program checking,
360
* not to build a working executable.
362
#ifdef __STRICT_ANSI__
364
# undef HAVE_CPP_VARARG_MACRO_GCC
365
# undef HAVE_CPP_VARARG_MACRO_ISO
366
# undef EMPTY_ARRAY_SIZE
367
# define EMPTY_ARRAY_SIZE 1
375
* Do we have the capability to support the --passtos option?
377
#if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
378
#define PASSTOS_CAPABILITY 1
380
#define PASSTOS_CAPABILITY 0
384
* Do we have the capability to report extended socket errors?
386
#if defined(HAVE_LINUX_TYPES_H) && defined(HAVE_LINUX_ERRQUEUE_H) && defined(HAVE_SOCK_EXTENDED_ERR) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(IP_RECVERR) && defined(MSG_ERRQUEUE) && defined(SOL_IP) && defined(HAVE_IOVEC)
387
#define EXTENDED_SOCKET_ERROR_CAPABILITY 1
389
#define EXTENDED_SOCKET_ERROR_CAPABILITY 0
393
* Does this platform support linux-style IP_PKTINFO
394
* or bsd-style IP_RECVDSTADDR ?
396
#if defined(ENABLE_MULTIHOME) && ((defined(HAVE_IN_PKTINFO)&&defined(IP_PKTINFO)) || defined(IP_RECVDSTADDR)) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG)
397
#define ENABLE_IP_PKTINFO 1
399
#define ENABLE_IP_PKTINFO 0
406
#undef EXTENDED_SOCKET_ERROR_CAPABILITY
407
#define EXTENDED_SOCKET_ERROR_CAPABILITY 0
411
* Do we have a syslog capability?
413
#if defined(HAVE_OPENLOG) && defined(HAVE_SYSLOG)
414
#define SYSLOG_CAPABILITY 1
416
#define SYSLOG_CAPABILITY 0
420
* Does this OS draw a distinction between binary and ascii files?
427
* Directory separation char
430
#define OS_SPECIFIC_DIRSEP '\\'
432
#define OS_SPECIFIC_DIRSEP '/'
436
* Define a boolean value based
446
* Our socket descriptor type.
449
#define SOCKET_UNDEFINED (INVALID_SOCKET)
450
typedef SOCKET socket_descriptor_t;
452
#define SOCKET_UNDEFINED (-1)
453
typedef int socket_descriptor_t;
457
socket_defined (const socket_descriptor_t sd)
459
return sd != SOCKET_UNDEFINED;
463
* Should statistics counters be 64 bits?
465
#define USE_64_BIT_COUNTERS
468
* Should we enable the use of execve() for calling subprocesses,
469
* instead of system()?
471
#if defined(HAVE_EXECVE) && defined(HAVE_FORK)
472
#define ENABLE_EXECVE
476
* Do we have point-to-multipoint capability?
479
#if defined(ENABLE_CLIENT_SERVER) && defined(USE_CRYPTO) && defined(USE_SSL) && defined(HAVE_GETTIMEOFDAY)
485
#if P2MP && !defined(ENABLE_CLIENT_ONLY)
486
#define P2MP_SERVER 1
488
#define P2MP_SERVER 0
492
* HTTPS port sharing capability
494
#if defined(ENABLE_PORT_SHARE) && P2MP_SERVER && defined(SCM_RIGHTS) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG)
501
* Do we have a plug-in capability?
503
#if defined(USE_LIBDL) || defined(USE_LOAD_LIBRARY)
504
#define ENABLE_PLUGIN
508
* Enable deferred authentication?
510
#if defined(CONFIGURE_DEF_AUTH) && P2MP_SERVER && defined(ENABLE_PLUGIN)
511
#define PLUGIN_DEF_AUTH
513
#if defined(CONFIGURE_DEF_AUTH) && P2MP_SERVER && defined(ENABLE_MANAGEMENT)
514
#define MANAGEMENT_DEF_AUTH
516
#if defined(PLUGIN_DEF_AUTH) || defined(MANAGEMENT_DEF_AUTH)
517
#define ENABLE_DEF_AUTH
521
* Enable packet filter?
523
#if defined(CONFIGURE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) && defined(HAVE_STAT)
526
#if defined(CONFIGURE_PF) && P2MP_SERVER && defined(MANAGEMENT_DEF_AUTH)
527
#define MANAGEMENT_PF
529
#if defined(PLUGIN_PF) || defined(MANAGEMENT_PF)
534
* Do we support Unix domain sockets?
536
#if defined(PF_UNIX) && !defined(WIN32)
537
#define UNIX_SOCK_SUPPORT 1
539
#define UNIX_SOCK_SUPPORT 0
543
* Compile the struct buffer_list code
545
#define ENABLE_BUFFER_LIST
548
* Should we include OCC (options consistency check) code?
555
* Should we include NTLM proxy functionality
557
#if defined(USE_CRYPTO) && defined(ENABLE_HTTP_PROXY)
564
* Should we include proxy digest auth functionality
566
#if defined(USE_CRYPTO) && defined(ENABLE_HTTP_PROXY)
567
#define PROXY_DIGEST_AUTH 1
569
#define PROXY_DIGEST_AUTH 0
573
* Should we include code common to all proxy methods?
575
#if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_SOCKS)
576
#define GENERAL_PROXY_SUPPORT
580
* Do we have PKCS11 capability?
582
#if defined(USE_PKCS11) && defined(USE_CRYPTO) && defined(USE_SSL)
583
#define ENABLE_PKCS11
587
* Is poll available on this platform?
589
#if defined(HAVE_POLL) && defined(HAVE_SYS_POLL_H)
596
* Is epoll available on this platform?
598
#if defined(HAVE_EPOLL_CREATE) && defined(HAVE_SYS_EPOLL_H)
611
* Should we allow ca/cert/key files to be
612
* included inline, in the configuration file?
614
#define ENABLE_INLINE_FILES 1
617
* Support "connection" directive
619
#if ENABLE_INLINE_FILES
620
#define ENABLE_CONNECTION 1
624
* Should we include http proxy fallback functionality
626
#if defined(ENABLE_CONNECTION) && defined(ENABLE_MANAGEMENT) && defined(ENABLE_HTTP_PROXY)
627
#define HTTP_PROXY_FALLBACK 1
629
#define HTTP_PROXY_FALLBACK 0
633
* Reduce sensitivity to system clock instability
636
#define TIME_BACKTRACK_PROTECTION 1
639
* Is non-blocking connect() supported?
641
#if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_ERROR) && defined(EINPROGRESS) && defined(ETIMEDOUT)
642
#define CONNECT_NONBLOCK
646
* Do we have the capability to support the AUTO_USERID feature?
648
#if defined(ENABLE_AUTO_USERID)
649
#define AUTO_USERID 1
651
#define AUTO_USERID 0
655
* Do we support challenge/response authentication, as a console-based client?
657
#define ENABLE_CLIENT_CR
660
* Do we support pushing peer info?
662
#if defined(USE_CRYPTO) && defined(USE_SSL)
663
#define ENABLE_PUSH_PEER_INFO