]> git.pld-linux.org Git - packages/openvpn.git/blame - openvpn-2.0_rc16MH.patch
projects / packages / openvpn.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- add BR: pkcs11-helper-devel
[packages/openvpn.git] / openvpn-2.0_rc16MH.patch
CommitLineData
27b50dc5 1diff -ur openvpn-2.0_rc16/configure.ac openvpn-2.0_rc16MH/configure.ac
2--- openvpn-2.0_rc16/configure.ac 2005-02-20 11:46:15.000000000 -0700
3+++ openvpn-2.0_rc16MH/configure.ac 2005-02-26 00:21:45.000000000 -0700
4@@ -89,6 +89,12 @@
5 [FRAGMENT="yes"]
6 )
7
8+AC_ARG_ENABLE(multihome,
9+ [ --disable-multihome Disable multi-homed UDP server support (--multihome)],
10+ [MULTIHOME="$enableval"],
11+ [MULTIHOME="yes"]
12+)
13+
14 AC_ARG_ENABLE(debug,
15 [ --disable-debug Disable debugging support (disable gremlin and verb 7+ messages)],
16 [DEBUG="$enableval"],
17@@ -326,6 +332,11 @@
18 [AC_DEFINE(HAVE_CMSGHDR, 1, [struct cmsghdr needed for extended socket error support])],
19 [],
20 [#include "syshead.h"])
21+AC_CHECK_TYPE(
22+ [struct in_pktinfo],
23+ [AC_DEFINE(HAVE_IN_PKTINFO, 1, [struct in_pktinfo needed for IP_PKTINFO support])],
24+ [],
25+ [#include "syshead.h"])
26
27 AC_CHECK_SIZEOF(unsigned int)
28 AC_CHECK_SIZEOF(unsigned long)
29@@ -351,7 +362,7 @@
30 getpass strerror syslog openlog mlockall getgrnam setgid dnl
31 setgroups stat flock readv writev setsockopt getsockopt dnl
32 setsid chdir gettimeofday putenv getpeername unlink dnl
33- poll chsize ftruncate)
34+ poll chsize ftruncate sendmsg recvmsg)
35 AC_CACHE_SAVE
36
37 dnl Required library functions
38@@ -568,6 +579,11 @@
39 AC_DEFINE(ENABLE_HTTP_PROXY, 1, [Enable HTTP proxy support])
40 fi
41
42+dnl compile --multihome option
43+if test "$MULTIHOME" = "yes"; then
44+ AC_DEFINE(ENABLE_MULTIHOME, 1, [Enable multi-homed UDP server capability])
45+fi
46+
47 dnl enable debugging
48 if test "$DEBUG" = "yes"; then
49 AC_DEFINE(ENABLE_DEBUG, 1, [Enable debugging support])
50diff -ur openvpn-2.0_rc16/forward.c openvpn-2.0_rc16MH/forward.c
51--- openvpn-2.0_rc16/forward.c 2005-02-05 01:55:10.000000000 -0700
52+++ openvpn-2.0_rc16MH/forward.c 2005-02-25 20:52:18.000000000 -0700
53@@ -563,12 +563,12 @@
54
55 static inline void
56 socks_preprocess_outgoing_link (struct context *c,
57- struct sockaddr_in **to_addr,
58+ struct link_socket_actual **to_addr,
59 int *size_delta)
60 {
61 if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDPv4)
62 {
63- *size_delta += socks_process_outgoing_udp (&c->c2.to_link, &c->c2.to_link_addr);
64+ *size_delta += socks_process_outgoing_udp (&c->c2.to_link, c->c2.to_link_addr);
65 *to_addr = &c->c2.link_socket->socks_relay;
66 }
67 }
68@@ -607,7 +607,11 @@
69
70 c->c2.buf = c->c2.buffers->read_link_buf;
71 ASSERT (buf_init (&c->c2.buf, FRAME_HEADROOM_ADJ (&c->c2.frame, FRAME_HEADROOM_MARKER_READ_LINK)));
72- status = link_socket_read (c->c2.link_socket, &c->c2.buf, MAX_RW_SIZE_LINK (&c->c2.frame), &c->c2.from);
73+
74+ status = link_socket_read (c->c2.link_socket,
75+ &c->c2.buf,
76+ MAX_RW_SIZE_LINK (&c->c2.frame),
77+ &c->c2.from);
78
79 if (socket_connection_reset (c->c2.link_socket, status))
80 {
81@@ -677,7 +681,7 @@
82 msg (D_LINK_RW, "%s READ [%d] from %s: %s",
83 proto2ascii (lsi->proto, true),
84 BLEN (&c->c2.buf),
85- print_sockaddr (&c->c2.from, &gc),
86+ print_link_socket_actual (&c->c2.from, &gc),
87 PROTO_DUMP (&c->c2.buf, &gc));
88
89 /*
90@@ -947,7 +951,7 @@
91 * packet to remote over the TCP/UDP port.
92 */
93 int size = 0;
94- ASSERT (addr_defined (&c->c2.to_link_addr));
95+ ASSERT (link_socket_actual_defined (c->c2.to_link_addr));
96
97 #ifdef ENABLE_DEBUG
98 /* In gremlin-test mode, we may choose to drop this packet */
99@@ -982,12 +986,12 @@
100 msg (D_LINK_RW, "%s WRITE [%d] to %s: %s",
101 proto2ascii (c->c2.link_socket->info.proto, true),
102 BLEN (&c->c2.to_link),
103- print_sockaddr (&c->c2.to_link_addr, &gc),
104+ print_link_socket_actual (c->c2.to_link_addr, &gc),
105 PROTO_DUMP (&c->c2.to_link, &gc));
106
107 /* Packet send complexified by possible Socks5 usage */
108 {
109- struct sockaddr_in *to_addr = &c->c2.to_link_addr;
110+ struct link_socket_actual *to_addr = c->c2.to_link_addr;
111 #ifdef ENABLE_SOCKS
112 int size_delta = 0;
113 #endif
114@@ -997,7 +1001,9 @@
115 socks_preprocess_outgoing_link (c, &to_addr, &size_delta);
116 #endif
117 /* Send packet */
118- size = link_socket_write (c->c2.link_socket, &c->c2.to_link, to_addr);
119+ size = link_socket_write (c->c2.link_socket,
120+ &c->c2.to_link,
121+ to_addr);
122
123 #ifdef ENABLE_SOCKS
124 /* Undo effect of prepend */
125@@ -1021,7 +1027,7 @@
126 if (size != BLEN (&c->c2.to_link))
127 msg (D_LINK_ERRORS,
128 "TCP/UDP packet was truncated/expanded on write to %s (tried=%d,actual=%d)",
129- print_sockaddr (&c->c2.to_link_addr, &gc),
130+ print_link_socket_actual (c->c2.to_link_addr, &gc),
131 BLEN (&c->c2.to_link),
132 size);
133 }
134@@ -1030,7 +1036,7 @@
135 {
136 if (c->c2.to_link.len > 0)
137 msg (D_LINK_ERRORS, "TCP/UDP packet too large on write to %s (tried=%d,max=%d)",
138- print_sockaddr (&c->c2.to_link_addr, &gc),
139+ print_link_socket_actual (c->c2.to_link_addr, &gc),
140 c->c2.to_link.len,
141 EXPANDED_SIZE (&c->c2.frame));
142 }
143diff -ur openvpn-2.0_rc16/init.c openvpn-2.0_rc16MH/init.c
144--- openvpn-2.0_rc16/init.c 2005-02-17 13:36:08.000000000 -0700
145+++ openvpn-2.0_rc16MH/init.c 2005-02-25 21:12:42.000000000 -0700
146@@ -1651,6 +1651,13 @@
147 static void
148 do_init_socket_1 (struct context *c, int mode)
149 {
150+ unsigned int flags = 0;
151+
152+#if ENABLE_IP_PKTINFO
153+ if (c->options.multihome)
154+ flags |= SF_USE_IP_PKTINFO;
155+#endif
156+
157 link_socket_init_phase1 (c->c2.link_socket,
158 c->options.local,
159 c->c1.remote_list,
160@@ -1677,7 +1684,8 @@
161 c->options.connect_retry_seconds,
162 c->options.mtu_discover_type,
163 c->options.rcvbuf,
164- c->options.sndbuf);
165+ c->options.sndbuf,
166+ flags);
167 }
168
169 /*
170diff -ur openvpn-2.0_rc16/manage.c openvpn-2.0_rc16MH/manage.c
171--- openvpn-2.0_rc16/manage.c 2005-01-14 21:04:11.000000000 -0700
172+++ openvpn-2.0_rc16MH/manage.c 2005-02-24 20:13:31.000000000 -0700
173@@ -746,13 +746,16 @@
174 man_accept (struct management *man)
175 {
176 struct gc_arena gc = gc_new ();
177+ struct link_socket_actual act;
178
179 /*
180 * Accept the TCP client.
181 */
182- man->connection.sd_cli = socket_do_accept (man->connection.sd_top, &man->connection.remote, false);
183+ man->connection.sd_cli = socket_do_accept (man->connection.sd_top, &act, false);
184 if (socket_defined (man->connection.sd_cli))
185 {
186+ man->connection.remote = act.dest;
187+
188 if (socket_defined (man->connection.sd_top))
189 {
190 #ifdef WIN32
191@@ -1121,9 +1124,9 @@
192 /*
193 * Initialize socket address
194 */
195- ms->local.sin_family = AF_INET;
196- ms->local.sin_addr.s_addr = 0;
197- ms->local.sin_port = htons (port);
198+ ms->local.sa.sin_family = AF_INET;
199+ ms->local.sa.sin_addr.s_addr = 0;
200+ ms->local.sa.sin_port = htons (port);
201
202 /*
203 * Run management over tunnel, or
204@@ -1135,7 +1138,7 @@
205 }
206 else
207 {
208- ms->local.sin_addr.s_addr = getaddr
209+ ms->local.sa.sin_addr.s_addr = getaddr
210 (GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL, addr, 0, NULL, NULL);
211 }
212
213@@ -1382,7 +1385,7 @@
214 && man->connection.state == MS_INITIAL)
215 {
216 /* listen on our local TUN/TAP IP address */
217- man->settings.local.sin_addr.s_addr = htonl (tun_local_ip);
218+ man->settings.local.sa.sin_addr.s_addr = htonl (tun_local_ip);
219 man_connection_init (man);
220 }
221
222diff -ur openvpn-2.0_rc16/manage.h openvpn-2.0_rc16MH/manage.h
223--- openvpn-2.0_rc16/manage.h 2005-01-09 17:46:29.000000000 -0700
224+++ openvpn-2.0_rc16MH/manage.h 2005-02-24 20:01:50.000000000 -0700
225@@ -186,7 +186,7 @@
226
227 struct man_settings {
228 bool defined;
229- struct sockaddr_in local;
230+ struct openvpn_sockaddr local;
231 bool up_query_passwords;
232 bool management_over_tunnel;
233 struct user_pass up;
234@@ -213,7 +213,7 @@
235
236 socket_descriptor_t sd_top;
237 socket_descriptor_t sd_cli;
238- struct sockaddr_in remote;
239+ struct openvpn_sockaddr remote;
240
241 #ifdef WIN32
242 struct net_event_win32 ne32;
243diff -ur openvpn-2.0_rc16/mroute.c openvpn-2.0_rc16MH/mroute.c
244--- openvpn-2.0_rc16/mroute.c 2005-01-09 17:46:41.000000000 -0700
245+++ openvpn-2.0_rc16MH/mroute.c 2005-02-24 20:20:57.000000000 -0700
246@@ -169,28 +169,29 @@
247 }
248
249 /*
250- * Translate a struct sockaddr_in (saddr)
251+ * Translate a struct openvpn_sockaddr (osaddr)
252 * to a struct mroute_addr (addr).
253 */
254-bool
255-mroute_extract_sockaddr_in (struct mroute_addr *addr, const struct sockaddr_in *saddr, bool use_port)
256+bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr,
257+ const struct openvpn_sockaddr *osaddr,
258+ bool use_port)
259 {
260- if (saddr->sin_family == AF_INET)
261+ if (osaddr->sa.sin_family == AF_INET)
262 {
263 if (use_port)
264 {
265 addr->type = MR_ADDR_IPV4 | MR_WITH_PORT;
266 addr->netbits = 0;
267 addr->len = 6;
268- memcpy (addr->addr, &saddr->sin_addr.s_addr, 4);
269- memcpy (addr->addr + 4, &saddr->sin_port, 2);
270+ memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4);
271+ memcpy (addr->addr + 4, &osaddr->sa.sin_port, 2);
272 }
273 else
274 {
275 addr->type = MR_ADDR_IPV4;
276 addr->netbits = 0;
277 addr->len = 4;
278- memcpy (addr->addr, &saddr->sin_addr.s_addr, 4);
279+ memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4);
280 }
281 return true;
282 }
283diff -ur openvpn-2.0_rc16/mroute.h openvpn-2.0_rc16MH/mroute.h
284--- openvpn-2.0_rc16/mroute.h 2005-01-09 17:46:41.000000000 -0700
285+++ openvpn-2.0_rc16MH/mroute.h 2005-02-24 20:19:05.000000000 -0700
286@@ -95,9 +95,11 @@
287 struct buffer *buf,
288 int tunnel_type);
289
290-bool mroute_extract_sockaddr_in (struct mroute_addr *addr,
291- const struct sockaddr_in *saddr,
292- bool use_port);
293+struct openvpn_sockaddr;
294+
295+bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr,
296+ const struct openvpn_sockaddr *osaddr,
297+ bool use_port);
298
299 bool mroute_learnable_address (const struct mroute_addr *addr);
300
301diff -ur openvpn-2.0_rc16/mtcp.c openvpn-2.0_rc16MH/mtcp.c
302--- openvpn-2.0_rc16/mtcp.c 2005-02-05 01:55:09.000000000 -0700
303+++ openvpn-2.0_rc16MH/mtcp.c 2005-02-24 20:18:27.000000000 -0700
304@@ -160,7 +160,7 @@
305 ASSERT (mi->context.c2.link_socket);
306 ASSERT (mi->context.c2.link_socket->info.lsa);
307 ASSERT (mi->context.c2.link_socket->mode == LS_MODE_TCP_ACCEPT_FROM);
308- if (!mroute_extract_sockaddr_in (&mi->real, &mi->context.c2.link_socket->info.lsa->actual, true))
309+ if (!mroute_extract_openvpn_sockaddr (&mi->real, &mi->context.c2.link_socket->info.lsa->actual.dest, true))
310 {
311 msg (D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined");
312 return false;
313diff -ur openvpn-2.0_rc16/mudp.c openvpn-2.0_rc16MH/mudp.c
314--- openvpn-2.0_rc16/mudp.c 2005-02-05 01:55:09.000000000 -0700
315+++ openvpn-2.0_rc16MH/mudp.c 2005-02-24 20:23:14.000000000 -0700
316@@ -52,7 +52,7 @@
317 struct multi_instance *mi = NULL;
318 struct hash *hash = m->hash;
319
320- if (mroute_extract_sockaddr_in (&real, &m->top.c2.from, true))
321+ if (mroute_extract_openvpn_sockaddr (&real, &m->top.c2.from.dest, true))
322 {
323 struct hash_element *he;
324 const uint32_t hv = hash_value (hash, &real);
325diff -ur openvpn-2.0_rc16/multi.c openvpn-2.0_rc16MH/multi.c
326--- openvpn-2.0_rc16/multi.c 2005-01-18 22:23:17.000000000 -0700
327+++ openvpn-2.0_rc16MH/multi.c 2005-02-24 20:27:42.000000000 -0700
328@@ -939,13 +939,13 @@
329 in_addr_t a,
330 int netbits) /* -1 if host route, otherwise # of network bits in address */
331 {
332- struct sockaddr_in remote_si;
333+ struct openvpn_sockaddr remote_si;
334 struct mroute_addr addr;
335
336 CLEAR (remote_si);
337- remote_si.sin_family = AF_INET;
338- remote_si.sin_addr.s_addr = htonl (a);
339- ASSERT (mroute_extract_sockaddr_in (&addr, &remote_si, false));
340+ remote_si.sa.sin_family = AF_INET;
341+ remote_si.sa.sin_addr.s_addr = htonl (a);
342+ ASSERT (mroute_extract_openvpn_sockaddr (&addr, &remote_si, false));
343
344 if (netbits >= 0)
345 {
346@@ -2009,15 +2009,15 @@
347 struct multi_context *m = (struct multi_context *) arg;
348 struct hash_iterator hi;
349 struct hash_element *he;
350- struct sockaddr_in saddr;
351+ struct openvpn_sockaddr saddr;
352 struct mroute_addr maddr;
353 int count = 0;
354
355 CLEAR (saddr);
356- saddr.sin_family = AF_INET;
357- saddr.sin_addr.s_addr = htonl (addr);
358- saddr.sin_port = htons (port);
359- if (mroute_extract_sockaddr_in (&maddr, &saddr, true))
360+ saddr.sa.sin_family = AF_INET;
361+ saddr.sa.sin_addr.s_addr = htonl (addr);
362+ saddr.sa.sin_port = htons (port);
363+ if (mroute_extract_openvpn_sockaddr (&maddr, &saddr, true))
364 {
365 hash_iterator_init (m->iter, &hi, true);
366 while ((he = hash_iterator_next (&hi)))
367diff -ur openvpn-2.0_rc16/openvpn.h openvpn-2.0_rc16MH/openvpn.h
368--- openvpn-2.0_rc16/openvpn.h 2005-01-09 17:46:29.000000000 -0700
369+++ openvpn-2.0_rc16MH/openvpn.h 2005-02-24 18:53:27.000000000 -0700
370@@ -210,8 +210,8 @@
371 struct link_socket_info *link_socket_info;
372 const struct link_socket *accept_from; /* possibly do accept() on a parent link_socket */
373
374- struct sockaddr_in to_link_addr; /* IP address of remote */
375- struct sockaddr_in from; /* address of incoming datagram */
376+ struct link_socket_actual *to_link_addr; /* IP address of remote */
377+ struct link_socket_actual from; /* address of incoming datagram */
378
379 /* MTU frame parameters */
380 struct frame frame;
381diff -ur openvpn-2.0_rc16/options.c openvpn-2.0_rc16MH/options.c
382--- openvpn-2.0_rc16/options.c 2005-02-10 19:18:08.000000000 -0700
383+++ openvpn-2.0_rc16MH/options.c 2005-02-25 21:11:12.000000000 -0700
384@@ -172,6 +172,9 @@
385 "--ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a\n"
386 " remote address.\n"
387 "--ping n : Ping remote once every n seconds over TCP/UDP port.\n"
388+#if ENABLE_IP_PKTINFO
389+ "--multihome : Configure a multi-homed UDP server.\n"
390+#endif
391 "--fast-io : (experimental) Optimize TUN/TAP/UDP writes.\n"
392 #ifdef ENABLE_OCC
393 "--explicit-exit-notify n : (experimental) on exit, send exit signal to remote.\n"
394@@ -1034,6 +1037,10 @@
395 SHOW_INT (rcvbuf);
396 SHOW_INT (sndbuf);
397
398+#if ENABLE_IP_PKTINFO
399+ SHOW_BOOL (multihome);
400+#endif
401+
402 #ifdef ENABLE_HTTP_PROXY
403 if (o->http_proxy_options)
404 show_http_proxy_options (o->http_proxy_options);
405@@ -2997,6 +3004,13 @@
406 VERIFY_PERMISSION (OPT_P_GENERAL);
407 options->mlock = true;
408 }
409+#if ENABLE_IP_PKTINFO
410+ else if (streq (p[0], "multihome"))
411+ {
412+ VERIFY_PERMISSION (OPT_P_GENERAL);
413+ options->multihome = true;
414+ }
415+#endif
416 else if (streq (p[0], "verb") && p[1])
417 {
418 ++i;
419diff -ur openvpn-2.0_rc16/options.h openvpn-2.0_rc16MH/options.h
420--- openvpn-2.0_rc16/options.h 2005-02-10 16:37:25.000000000 -0700
421+++ openvpn-2.0_rc16MH/options.h 2005-02-25 21:11:13.000000000 -0700
422@@ -223,6 +223,10 @@
423 /* optimize TUN/TAP/UDP writes */
424 bool fast_io;
425
426+#if ENABLE_IP_PKTINFO
427+ bool multihome;
428+#endif
429+
430 #ifdef USE_LZO
431 bool comp_lzo;
432 bool comp_lzo_adaptive;
433diff -ur openvpn-2.0_rc16/ping-inline.h openvpn-2.0_rc16MH/ping-inline.h
434--- openvpn-2.0_rc16/ping-inline.h 2005-01-09 17:46:41.000000000 -0700
435+++ openvpn-2.0_rc16MH/ping-inline.h 2005-02-24 19:56:53.000000000 -0700
436@@ -38,7 +38,7 @@
437 && event_timeout_trigger (&c->c2.ping_rec_interval,
438 &c->c2.timeval,
439 (!c->options.ping_timer_remote
440- || addr_defined (&c->c1.link_socket_addr.actual))
441+ || link_socket_actual_defined (&c->c1.link_socket_addr.actual))
442 ? ETT_DEFAULT : 15))
443 check_ping_restart_dowork (c);
444 }
445Only in openvpn-2.0_rc16MH/plugin: common
446diff -ur openvpn-2.0_rc16/socket.c openvpn-2.0_rc16MH/socket.c
447--- openvpn-2.0_rc16/socket.c 2005-02-05 01:42:13.000000000 -0700
448+++ openvpn-2.0_rc16MH/socket.c 2005-02-25 21:41:34.000000000 -0700
449@@ -237,7 +237,7 @@
450
451 static void
452 update_remote (const char* host,
453- struct sockaddr_in *addr,
454+ struct openvpn_sockaddr *addr,
455 bool *changed)
456 {
457 if (host && addr)
458@@ -248,9 +248,9 @@
459 1,
460 NULL,
461 NULL);
462- if (new_addr && addr->sin_addr.s_addr != new_addr)
463+ if (new_addr && addr->sa.sin_addr.s_addr != new_addr)
464 {
465- addr->sin_addr.s_addr = new_addr;
466+ addr->sa.sin_addr.s_addr = new_addr;
467 *changed = true;
468 }
469 }
470@@ -440,12 +440,19 @@
471 }
472
473 static socket_descriptor_t
474-create_socket_udp (void)
475+create_socket_udp (const unsigned int flags)
476 {
477 socket_descriptor_t sd;
478
479 if ((sd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
480 msg (M_SOCKERR, "UDP: Cannot create UDP socket");
481+#if ENABLE_IP_PKTINFO
482+ else if (flags & SF_USE_IP_PKTINFO)
483+ {
484+ int pad = 1;
485+ setsockopt (sd, SOL_IP, IP_PKTINFO, (void*)&pad, sizeof(pad));
486+ }
487+#endif
488 return sd;
489 }
490
491@@ -455,7 +462,7 @@
492 /* create socket */
493 if (sock->info.proto == PROTO_UDPv4)
494 {
495- sock->sd = create_socket_udp ();
496+ sock->sd = create_socket_udp (sock->socket_flags);
497
498 #ifdef ENABLE_SOCKS
499 if (sock->socks_proxy)
500@@ -479,7 +486,7 @@
501
502 static void
503 socket_do_listen (socket_descriptor_t sd,
504- const struct sockaddr_in *local,
505+ const struct openvpn_sockaddr *local,
506 bool do_listen,
507 bool do_set_nonblock)
508 {
509@@ -501,16 +508,18 @@
510
511 socket_descriptor_t
512 socket_do_accept (socket_descriptor_t sd,
513- struct sockaddr_in *remote,
514+ struct link_socket_actual *act,
515 const bool nowait)
516 {
517- socklen_t remote_len = sizeof (*remote);
518+ socklen_t remote_len = sizeof (act->dest.sa);
519 socket_descriptor_t new_sd = SOCKET_UNDEFINED;
520
521+ CLEAR (*act);
522+
523 #ifdef HAVE_GETPEERNAME
524 if (nowait)
525 {
526- new_sd = getpeername (sd, (struct sockaddr *) remote, &remote_len);
527+ new_sd = getpeername (sd, (struct sockaddr *) &act->dest.sa, &remote_len);
528
529 if (!socket_defined (new_sd))
530 msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed");
2b9fb954 531@@ -522,7 +531,7 @@
27b50dc5 532 #endif
533 else
534 {
535- new_sd = accept (sd, (struct sockaddr *) remote, &remote_len);
536+ new_sd = accept (sd, (struct sockaddr *) &act->dest.sa, &remote_len);
537 }
2b9fb954
AZ		 538
539 #if 0 /* For debugging only, test the effect of accept() failures */
540@@ -538,7 +547,7 @@
27b50dc5 541 {
542 msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd);
543 }
544- else if (remote_len != sizeof (*remote))
545+ else if (remote_len != sizeof (act->dest.sa))
546 {
547 msg (D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len);
548 openvpn_close_socket (new_sd);
549@@ -540,28 +549,30 @@
550 }
551
552 static void
553-tcp_connection_established (const struct sockaddr_in *remote)
554+tcp_connection_established (const struct link_socket_actual *act)
555 {
556 struct gc_arena gc = gc_new ();
557 msg (M_INFO, "TCP connection established with %s",
558- print_sockaddr (remote, &gc));
559+ print_link_socket_actual (act, &gc));
560 gc_free (&gc);
561 }
562
563 static int
564 socket_listen_accept (socket_descriptor_t sd,
565- struct sockaddr_in *remote,
566+ struct link_socket_actual *act,
567 const char *remote_dynamic,
568 bool *remote_changed,
569- const struct sockaddr_in *local,
570+ const struct openvpn_sockaddr *local,
571 bool do_listen,
572 bool nowait,
573 volatile int *signal_received)
574 {
575 struct gc_arena gc = gc_new ();
576- struct sockaddr_in remote_verify = *remote;
577+ //struct openvpn_sockaddr *remote = &act->dest;
578+ struct openvpn_sockaddr remote_verify = act->dest;
579 int new_sd = SOCKET_UNDEFINED;
580
581+ CLEAR (*act);
582 socket_do_listen (sd, local, do_listen, true);
583
584 while (true)
585@@ -590,17 +601,17 @@
586 if (status <= 0)
587 continue;
588
589- new_sd = socket_do_accept (sd, remote, nowait);
590+ new_sd = socket_do_accept (sd, act, nowait);
591
592 if (socket_defined (new_sd))
593 {
594 update_remote (remote_dynamic, &remote_verify, remote_changed);
595 if (addr_defined (&remote_verify)
596- && !addr_match (&remote_verify, remote))
597+ && !addr_match (&remote_verify, &act->dest))
598 {
599 msg (M_WARN,
600 "TCP NOTE: Rejected connection attempt from %s due to --remote setting",
601- print_sockaddr (remote, &gc));
602+ print_link_socket_actual (act, &gc));
603 if (openvpn_close_socket (new_sd))
604 msg (M_SOCKERR, "TCP: close socket failed (new_sd)");
605 }
606@@ -613,7 +624,7 @@
607 if (!nowait && openvpn_close_socket (sd))
608 msg (M_SOCKERR, "TCP: close socket failed (sd)");
609
610- tcp_connection_established (remote);
611+ tcp_connection_established (act);
612
613 gc_free (&gc);
614 return new_sd;
615@@ -621,7 +632,7 @@
616
617 static void
618 socket_connect (socket_descriptor_t *sd,
619- struct sockaddr_in *remote,
620+ struct openvpn_sockaddr *remote,
621 struct remote_list *remote_list,
622 const char *remote_dynamic,
623 bool *remote_changed,
624@@ -634,8 +645,8 @@
625 print_sockaddr (remote, &gc));
626 while (true)
627 {
628- const int status = connect (*sd, (struct sockaddr *) remote,
629- sizeof (*remote));
630+ const int status = connect (*sd, (struct sockaddr *) &remote->sa,
631+ sizeof (remote->sa));
632
633 get_signal (signal_received);
634 if (*signal_received)
635@@ -656,7 +667,7 @@
636 {
637 remote_list_next (remote_list);
638 remote_dynamic = remote_list_host (remote_list);
639- remote->sin_port = htons (remote_list_port (remote_list));
640+ remote->sa.sin_port = htons (remote_list_port (remote_list));
641 *remote_changed = true;
642 }
643
644@@ -716,22 +727,22 @@
645 /* resolve local address if undefined */
646 if (!addr_defined (&sock->info.lsa->local))
647 {
648- sock->info.lsa->local.sin_family = AF_INET;
649- sock->info.lsa->local.sin_addr.s_addr =
650+ sock->info.lsa->local.sa.sin_family = AF_INET;
651+ sock->info.lsa->local.sa.sin_addr.s_addr =
652 (sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL,
653 sock->local_host,
654 0,
655 NULL,
656 NULL)
657 : htonl (INADDR_ANY));
658- sock->info.lsa->local.sin_port = htons (sock->local_port);
659+ sock->info.lsa->local.sa.sin_port = htons (sock->local_port);
660 }
661
662 /* bind to local address/port */
663 if (sock->bind_local)
664 {
665- if (bind (sock->sd, (struct sockaddr *) &sock->info.lsa->local,
666- sizeof (sock->info.lsa->local)))
667+ if (bind (sock->sd, (struct sockaddr *) &sock->info.lsa->local.sa,
668+ sizeof (sock->info.lsa->local.sa)))
669 {
670 const int errnum = openvpn_errno_socket ();
671 msg (M_FATAL, "TCP/UDP: Socket bind failed on local address %s: %s",
672@@ -755,8 +766,8 @@
673 /* resolve remote address if undefined */
674 if (!addr_defined (&sock->info.lsa->remote))
675 {
676- sock->info.lsa->remote.sin_family = AF_INET;
677- sock->info.lsa->remote.sin_addr.s_addr = 0;
678+ sock->info.lsa->remote.sa.sin_family = AF_INET;
679+ sock->info.lsa->remote.sa.sin_addr.s_addr = 0;
680
681 if (sock->remote_host)
682 {
683@@ -794,7 +805,7 @@
684 ASSERT (0);
685 }
686
687- sock->info.lsa->remote.sin_addr.s_addr = getaddr (
688+ sock->info.lsa->remote.sa.sin_addr.s_addr = getaddr (
689 flags,
690 sock->remote_host,
691 retry,
692@@ -821,19 +832,22 @@
693 }
694 }
695
696- sock->info.lsa->remote.sin_port = htons (sock->remote_port);
697+ sock->info.lsa->remote.sa.sin_port = htons (sock->remote_port);
698 }
699
700 /* should we re-use previous active remote address? */
701- if (addr_defined (&sock->info.lsa->actual))
702+ if (link_socket_actual_defined (&sock->info.lsa->actual))
703 {
704 msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
705- print_sockaddr (&sock->info.lsa->actual, &gc));
706+ print_link_socket_actual (&sock->info.lsa->actual, &gc));
707 if (remote_dynamic)
708 *remote_dynamic = NULL;
709 }
710 else
711- sock->info.lsa->actual = sock->info.lsa->remote;
712+ {
713+ CLEAR (sock->info.lsa->actual);
714+ sock->info.lsa->actual.dest = sock->info.lsa->remote;
715+ }
716
717 /* remember that we finished */
718 sock->did_resolve_remote = true;
719@@ -884,7 +898,8 @@
720 int connect_retry_seconds,
721 int mtu_discover_type,
722 int rcvbuf,
723- int sndbuf)
724+ int sndbuf,
725+ const unsigned int socket_flags)
726 {
727 const char *remote_host;
728 int remote_port;
729@@ -920,6 +935,8 @@
730 sock->socket_buffer_sizes.rcvbuf = rcvbuf;
731 sock->socket_buffer_sizes.sndbuf = sndbuf;
732
733+ sock->socket_flags = socket_flags;
734+
735 sock->info.proto = proto;
736 sock->info.remote_float = remote_float;
737 sock->info.lsa = lsa;
738@@ -1097,7 +1114,7 @@
739 else if (sock->info.proto == PROTO_TCPv4_CLIENT)
740 {
741 socket_connect (&sock->sd,
742- &sock->info.lsa->actual,
743+ &sock->info.lsa->actual.dest,
744 sock->remote_list,
745 remote_dynamic,
746 &remote_changed,
747@@ -1135,7 +1152,7 @@
748 else if (sock->info.proto == PROTO_UDPv4 && sock->socks_proxy)
749 {
750 socket_connect (&sock->ctrl_sd,
751- &sock->info.lsa->actual,
752+ &sock->info.lsa->actual.dest,
753 NULL,
754 remote_dynamic,
755 &remote_changed,
756@@ -1147,7 +1164,8 @@
757
758 establish_socks_proxy_udpassoc (sock->socks_proxy,
759 sock->ctrl_sd,
760- sock->sd, &sock->socks_relay,
761+ sock->sd,
762+ &sock->socks_relay.dest,
763 signal_received);
764
765 if (*signal_received)
766@@ -1156,8 +1174,9 @@
767 sock->remote_host = sock->proxy_dest_host;
768 sock->remote_port = sock->proxy_dest_port;
769 sock->did_resolve_remote = false;
770- sock->info.lsa->actual.sin_addr.s_addr = 0;
771- sock->info.lsa->remote.sin_addr.s_addr = 0;
772+
773+ sock->info.lsa->actual.dest.sa.sin_addr.s_addr = 0;
774+ sock->info.lsa->remote.sa.sin_addr.s_addr = 0;
775
776 resolve_remote (sock, 1, NULL, signal_received);
777
778@@ -1172,7 +1191,7 @@
779 if (remote_changed)
780 {
781 msg (M_INFO, "TCP/UDP: Dynamic remote address changed during TCP connection establishment");
782- sock->info.lsa->remote.sin_addr.s_addr = sock->info.lsa->actual.sin_addr.s_addr;
783+ sock->info.lsa->remote.sa.sin_addr.s_addr = sock->info.lsa->actual.dest.sa.sin_addr.s_addr;
784 }
785 }
786
787@@ -1206,12 +1225,15 @@
788 msg (M_INFO, "%s link local%s: %s",
789 proto2ascii (sock->info.proto, true),
790 (sock->bind_local ? " (bound)" : ""),
791- print_sockaddr_ex (&sock->info.lsa->local, sock->bind_local, ":", &gc));
792+ print_sockaddr_ex (&sock->info.lsa->local, ":", sock->bind_local ? PS_SHOW_PORT : 0, &gc));
793
794 /* print active remote address */
795 msg (M_INFO, "%s link remote: %s",
796 proto2ascii (sock->info.proto, true),
797- print_sockaddr_ex (&sock->info.lsa->actual, addr_defined (&sock->info.lsa->actual), ":", &gc));
798+ print_link_socket_actual_ex (&sock->info.lsa->actual,
799+ ":",
800+ PS_SHOW_PORT_IF_DEFINED,
801+ &gc));
802
803 done:
804 gc_free (&gc);
805@@ -1276,19 +1298,19 @@
806 void
807 setenv_trusted (struct env_set *es, const struct link_socket_info *info)
808 {
809- setenv_sockaddr (es, "trusted", &info->lsa->actual, SA_IP_PORT);
810+ setenv_link_socket_actual (es, "trusted", &info->lsa->actual, SA_IP_PORT);
811 }
812
813 void
814 link_socket_connection_initiated (const struct buffer *buf,
815 struct link_socket_info *info,
816- const struct sockaddr_in *addr,
817+ const struct link_socket_actual *act,
818 const char *common_name,
819 struct env_set *es)
820 {
821 struct gc_arena gc = gc_new ();
822
823- info->lsa->actual = *addr; /* Note: skip this line for --force-dest */
824+ info->lsa->actual = *act; /* Note: skip this line for --force-dest */
825 setenv_trusted (es, info);
826 info->connection_established = true;
827
828@@ -1297,7 +1319,7 @@
829 struct buffer out = alloc_buf_gc (256, &gc);
830 if (common_name)
831 buf_printf (&out, "[%s] ", common_name);
832- buf_printf (&out, "Peer Connection Initiated with %s", print_sockaddr (&info->lsa->actual, &gc));
833+ buf_printf (&out, "Peer Connection Initiated with %s", print_link_socket_actual (&info->lsa->actual, &gc));
834 msg (M_INFO, "%s", BSTR (&out));
835 }
836
837@@ -1307,7 +1329,7 @@
838 /* Process --ipchange plugin */
839 if (plugin_defined (info->plugins, OPENVPN_PLUGIN_IPCHANGE))
840 {
841- const char *addr_ascii = print_sockaddr_ex (&info->lsa->actual, true, " ", &gc);
842+ const char *addr_ascii = print_sockaddr_ex (&info->lsa->actual.dest, " ", PS_SHOW_PORT, &gc);
843 if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, addr_ascii, es))
844 msg (M_WARN, "WARNING: ipchange plugin call failed");
845 }
846@@ -1319,7 +1341,7 @@
847 setenv_str (es, "script_type", "ipchange");
848 buf_printf (&out, "%s %s",
849 info->ipchange_command,
850- print_sockaddr_ex (&info->lsa->actual, true, " ", &gc));
851+ print_sockaddr_ex (&info->lsa->actual.dest, " ", PS_SHOW_PORT, &gc));
852 system_check (BSTR (&out), es, S_SCRIPT, "ip-change command failed");
853 }
854
855@@ -1329,14 +1351,14 @@
856 void
857 link_socket_bad_incoming_addr (struct buffer *buf,
858 const struct link_socket_info *info,
859- const struct sockaddr_in *from_addr)
860+ const struct link_socket_actual *from_addr)
861 {
862 struct gc_arena gc = gc_new ();
863
864 msg (D_LINK_ERRORS,
865 "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
866- print_sockaddr (from_addr, &gc),
867- (int)from_addr->sin_family,
868+ print_link_socket_actual (from_addr, &gc),
869+ (int)from_addr->dest.sa.sin_family,
870 print_sockaddr (&info->lsa->remote, &gc));
871 buf->len = 0;
872
873@@ -1354,10 +1376,10 @@
874 {
875 const struct link_socket_addr *lsa = info->lsa;
876
877- if (addr_defined (&lsa->actual))
878- return ntohl (lsa->actual.sin_addr.s_addr);
879+ if (link_socket_actual_defined (&lsa->actual))
880+ return ntohl (lsa->actual.dest.sa.sin_addr.s_addr);
881 else if (addr_defined (&lsa->remote))
882- return ntohl (lsa->remote.sin_addr.s_addr);
883+ return ntohl (lsa->remote.sa.sin_addr.s_addr);
884 else
885 return 0;
886 }
887@@ -1550,29 +1572,69 @@
888 */
889
890 const char *
891-print_sockaddr (const struct sockaddr_in *addr, struct gc_arena *gc)
892+print_sockaddr (const struct openvpn_sockaddr *addr, struct gc_arena *gc)
893 {
894- return print_sockaddr_ex(addr, true, ":", gc);
895+ return print_sockaddr_ex (addr, ":", PS_SHOW_PORT, gc);
896 }
897
898 const char *
899-print_sockaddr_ex (const struct sockaddr_in *addr, bool do_port, const char* separator, struct gc_arena *gc)
900+print_sockaddr_ex (const struct openvpn_sockaddr *addr,
901+ const char* separator,
902+ const unsigned int flags,
903+ struct gc_arena *gc)
904 {
905- struct buffer out = alloc_buf_gc (64, gc);
906- const int port = ntohs (addr->sin_port);
907+ if (addr)
908+ {
909+ struct buffer out = alloc_buf_gc (64, gc);
910+ const int port = ntohs (addr->sa.sin_port);
911
912- mutex_lock_static (L_INET_NTOA);
913- buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->sin_addr) : "[undef]"));
914- mutex_unlock_static (L_INET_NTOA);
915+ mutex_lock_static (L_INET_NTOA);
916+ buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->sa.sin_addr) : "[undef]"));
917+ mutex_unlock_static (L_INET_NTOA);
918
919- if (do_port && port)
920- {
921- if (separator)
922- buf_printf (&out, "%s", separator);
923+ if (((flags & PS_SHOW_PORT) || (addr_defined (addr) && (flags & PS_SHOW_PORT_IF_DEFINED)))
924+ && port)
925+ {
926+ if (separator)
927+ buf_printf (&out, "%s", separator);
928
929- buf_printf (&out, "%d", port);
930+ buf_printf (&out, "%d", port);
931+ }
932+ return BSTR (&out);
933 }
934- return BSTR (&out);
935+ else
936+ return "[NULL]";
937+}
938+
939+const char *
940+print_link_socket_actual (const struct link_socket_actual *act, struct gc_arena *gc)
941+{
942+ return print_link_socket_actual_ex (act, ":", PS_SHOW_PORT|PS_SHOW_PKTINFO, gc);
943+}
944+
945+const char *
946+print_link_socket_actual_ex (const struct link_socket_actual *act,
947+ const char *separator,
948+ const unsigned int flags,
949+ struct gc_arena *gc)
950+{
951+ if (act)
952+ {
953+ struct buffer out = alloc_buf_gc (128, gc);
954+ buf_printf (&out, "%s", print_sockaddr_ex (&act->dest, separator, flags, gc));
955+#if ENABLE_IP_PKTINFO
956+ if ((flags & PS_SHOW_PKTINFO) && act->pi.ipi_spec_dst.s_addr)
957+ {
958+ struct openvpn_sockaddr sa;
959+ CLEAR (sa);
960+ sa.sa.sin_addr = act->pi.ipi_spec_dst;
961+ buf_printf (&out, " (via %s)", print_sockaddr_ex (&sa, separator, 0, gc));
962+ }
963+#endif
964+ return BSTR (&out);
965+ }
966+ else
967+ return "[NULL]";
968 }
969
970 /*
971@@ -1599,7 +1661,7 @@
972
973 /* set environmental variables for ip/port in *addr */
974 void
975-setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct sockaddr_in *addr, const bool flags)
976+setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const bool flags)
977 {
978 char name_buf[256];
979
980@@ -1609,13 +1671,13 @@
981 openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix);
982
983 mutex_lock_static (L_INET_NTOA);
984- setenv_str (es, name_buf, inet_ntoa (addr->sin_addr));
985+ setenv_str (es, name_buf, inet_ntoa (addr->sa.sin_addr));
986 mutex_unlock_static (L_INET_NTOA);
987
988- if ((flags & SA_IP_PORT) && addr->sin_port)
989+ if ((flags & SA_IP_PORT) && addr->sa.sin_port)
990 {
991 openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix);
992- setenv_int (es, name_buf, ntohs (addr->sin_port));
993+ setenv_int (es, name_buf, ntohs (addr->sa.sin_port));
994 }
995 }
996
997@@ -1624,13 +1686,22 @@
998 {
999 if (addr || !(flags & SA_SET_IF_NONZERO))
1000 {
1001- struct sockaddr_in si;
1002+ struct openvpn_sockaddr si;
1003 CLEAR (si);
1004- si.sin_addr.s_addr = htonl (addr);
1005+ si.sa.sin_addr.s_addr = htonl (addr);
1006 setenv_sockaddr (es, name_prefix, &si, flags);
1007 }
1008 }
1009
1010+void
1011+setenv_link_socket_actual (struct env_set *es,
1012+ const char *name_prefix,
1013+ const struct link_socket_actual *act,
1014+ const bool flags)
1015+{
1016+ setenv_sockaddr (es, name_prefix, &act->dest, flags);
1017+}
1018+
1019 /*
1020 * Convert protocol names between index and ascii form.
1021 */
1022@@ -1760,19 +1831,72 @@
1023
1024 #ifndef WIN32
1025
1026+#if ENABLE_IP_PKTINFO
1027+
1028+struct openvpn_pktinfo
1029+{
1030+ struct cmsghdr cmsghdr;
1031+ struct in_pktinfo in_pktinfo;
1032+};
1033+
1034+static socklen_t
1035+link_socket_read_udp_posix_recvmsg (struct link_socket *sock,
1036+ struct buffer *buf,
1037+ int maxsize,
1038+ struct link_socket_actual *from)
1039+{
1040+ struct iovec iov;
1041+ struct openvpn_pktinfo opi;
1042+ struct msghdr mesg;
1043+ socklen_t fromlen = sizeof (from->dest.sa);
1044+
1045+ iov.iov_base = BPTR (buf);
1046+ iov.iov_len = maxsize;
1047+ mesg.msg_iov = &iov;
1048+ mesg.msg_iovlen = 1;
1049+ mesg.msg_name = &from->dest.sa;
1050+ mesg.msg_namelen = fromlen;
1051+ mesg.msg_control = &opi;
1052+ mesg.msg_controllen = sizeof (opi);
1053+ buf->len = recvmsg (sock->sd, &mesg, 0);
1054+ if (buf->len >= 0)
1055+ {
1056+ struct cmsghdr *cmsg;
1057+ fromlen = mesg.msg_namelen;
1058+ cmsg = CMSG_FIRSTHDR (&mesg);
1059+ if (cmsg != NULL
1060+ && CMSG_NXTHDR (&mesg, cmsg) == NULL
1061+ && cmsg->cmsg_level == SOL_IP
1062+ && cmsg->cmsg_type == IP_PKTINFO
1063+ && cmsg->cmsg_len >= sizeof (opi))
1064+ {
1065+ struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA (cmsg);
1066+ from->pi.ipi_ifindex = pkti->ipi_ifindex;
1067+ from->pi.ipi_spec_dst = pkti->ipi_spec_dst;
1068+ }
1069+ }
1070+ return fromlen;
1071+}
1072+#endif
1073+
1074 int
1075 link_socket_read_udp_posix (struct link_socket *sock,
1076 struct buffer *buf,
1077 int maxsize,
1078- struct sockaddr_in *from)
1079+ struct link_socket_actual *from)
1080 {
1081- socklen_t fromlen = sizeof (*from);
1082- CLEAR (*from);
1083+ socklen_t fromlen = sizeof (from->dest.sa);
1084+ from->dest.sa.sin_addr.s_addr = 0;
1085 ASSERT (buf_safe (buf, maxsize));
1086- buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0,
1087- (struct sockaddr *) from, &fromlen);
1088- if (fromlen != sizeof (*from))
1089- bad_address_length (fromlen, sizeof (*from));
1090+#if ENABLE_IP_PKTINFO
1091+ if (sock->socket_flags & SF_USE_IP_PKTINFO)
1092+ fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from);
1093+ else
1094+#endif
1095+ buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0,
1096+ (struct sockaddr *) &from->dest.sa, &fromlen);
1097+ if (fromlen != sizeof (from->dest.sa))
1098+ bad_address_length (fromlen, sizeof (from->dest.sa));
1099 return buf->len;
1100 }
1101
1102@@ -1785,7 +1909,7 @@
1103 int
1104 link_socket_write_tcp (struct link_socket *sock,
1105 struct buffer *buf,
1106- struct sockaddr_in *to)
1107+ struct link_socket_actual *to)
1108 {
1109 packet_size_type len = BLEN (buf);
1110 dmsg (D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset);
1111@@ -1799,6 +1923,41 @@
1112 #endif
1113 }
1114
1115+#if ENABLE_IP_PKTINFO
1116+
1117+int
1118+link_socket_write_udp_posix_sendmsg (struct link_socket *sock,
1119+ struct buffer *buf,
1120+ struct link_socket_actual *to)
1121+{
1122+ struct iovec iov;
1123+ struct msghdr mesg;
1124+ struct cmsghdr *cmsg;
1125+ struct in_pktinfo *pkti;
1126+ struct openvpn_pktinfo opi;
1127+
1128+ iov.iov_base = BPTR (buf);
1129+ iov.iov_len = BLEN (buf);
1130+ mesg.msg_iov = &iov;
1131+ mesg.msg_iovlen = 1;
1132+ mesg.msg_name = &to->dest.sa;
1133+ mesg.msg_namelen = sizeof (to->dest.sa);
1134+ mesg.msg_control = &opi;
1135+ mesg.msg_controllen = sizeof (opi);
1136+ mesg.msg_flags = 0;
1137+ cmsg = CMSG_FIRSTHDR (&mesg);
1138+ cmsg->cmsg_len = sizeof (opi);
1139+ cmsg->cmsg_level = SOL_IP;
1140+ cmsg->cmsg_type = IP_PKTINFO;
1141+ pkti = (struct in_pktinfo *) CMSG_DATA (cmsg);
1142+ pkti->ipi_ifindex = to->pi.ipi_ifindex;
1143+ pkti->ipi_spec_dst = to->pi.ipi_spec_dst;
1144+ pkti->ipi_addr.s_addr = 0;
1145+ return sendmsg (sock->sd, &mesg, 0);
1146+}
1147+
1148+#endif
1149+
1150 /*
1151 * Win32 overlapped socket I/O functions.
1152 */
1153@@ -1913,7 +2072,7 @@
1154 }
1155
1156 int
1157-socket_send_queue (struct link_socket *sock, struct buffer *buf, const struct sockaddr_in *to)
1158+socket_send_queue (struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
1159 {
1160 if (sock->writes.iostate == IOSTATE_INITIAL)
1161 {
1162@@ -1937,7 +2096,7 @@
1163 {
1164 /* set destination address for UDP writes */
1165 sock->writes.addr_defined = true;
1166- sock->writes.addr = *to;
1167+ sock->writes.addr = to->dest.sa;
1168 sock->writes.addrlen = sizeof (sock->writes.addr);
1169
1170 status = WSASendTo(
1171@@ -2013,11 +2172,10 @@
1172 }
1173
1174 int
1175-socket_finalize (
1176- SOCKET s,
1177+socket_finalize (SOCKET s,
1178 struct overlapped_io *io,
1179 struct buffer *buf,
1180- struct sockaddr_in *from)
1181+ struct link_socket_actual *from)
1182 {
1183 int ret = -1;
1184 BOOL status;
1185@@ -2094,10 +2252,10 @@
1186 {
1187 if (io->addrlen != sizeof (io->addr))
1188 bad_address_length (io->addrlen, sizeof (io->addr));
1189- *from = io->addr;
1190+ from->dest.sa = io->addr;
1191 }
1192 else
1193- CLEAR (*from);
1194+ CLEAR (from->dest.sa);
1195 }
1196
1197 if (buf)
1198diff -ur openvpn-2.0_rc16/socket.h openvpn-2.0_rc16MH/socket.h
1199--- openvpn-2.0_rc16/socket.h 2005-02-05 01:36:31.000000000 -0700
1200+++ openvpn-2.0_rc16MH/socket.h 2005-02-25 21:13:53.000000000 -0700
1201@@ -78,12 +78,29 @@
1202 /* convert a packet_size_type from network to host order */
1203 #define ntohps(x) ntohs(x)
1204
1205+/* OpenVPN sockaddr struct */
1206+struct openvpn_sockaddr
1207+{
1208+ int dummy; // JYFIXME
1209+ struct sockaddr_in sa;
1210+};
1211+
1212+/* actual address of remote, based on source address of received packets */
1213+struct link_socket_actual
1214+{
1215+ int dummy; // JYFIXME
1216+ struct openvpn_sockaddr dest;
1217+#if ENABLE_IP_PKTINFO
1218+ struct in_pktinfo pi;
1219+#endif
1220+};
1221+
1222 /* IP addresses which are persistant across SIGUSR1s */
1223 struct link_socket_addr
1224 {
1225- struct sockaddr_in local;
1226- struct sockaddr_in remote; /* initial remote */
1227- struct sockaddr_in actual; /* remote may change due to --float */
1228+ struct openvpn_sockaddr local;
1229+ struct openvpn_sockaddr remote; /* initial remote */
1230+ struct link_socket_actual actual; /* reply to this address */
1231 };
1232
1233 struct link_socket_info
1234@@ -186,6 +203,9 @@
1235 struct buffer stream_buf_data;
1236 bool stream_reset;
1237
1238+# define SF_USE_IP_PKTINFO (1<<0)
1239+ unsigned int socket_flags;
1240+
1241 #ifdef ENABLE_HTTP_PROXY
1242 /* HTTP proxy */
1243 struct http_proxy_info *http_proxy;
1244@@ -194,7 +214,7 @@
1245 #ifdef ENABLE_SOCKS
1246 /* Socks proxy */
1247 struct socks_proxy_info *socks_proxy;
1248- struct sockaddr_in socks_relay; /* Socks UDP relay address */
1249+ struct link_socket_actual socks_relay; /* Socks UDP relay address */
1250 #endif
1251
1252 #if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_SOCKS)
1253@@ -230,13 +250,13 @@
1254
1255 int socket_send_queue (struct link_socket *sock,
1256 struct buffer *buf,
1257- const struct sockaddr_in *to);
1258+ const struct link_socket_actual *to);
1259
1260 int socket_finalize (
1261 SOCKET s,
1262 struct overlapped_io *io,
1263 struct buffer *buf,
1264- struct sockaddr_in *from);
1265+ struct link_socket_actual *from);
1266
1267 #else
1268
1269@@ -277,29 +297,41 @@
1270 int connect_retry_seconds,
1271 int mtu_discover_type,
1272 int rcvbuf,
1273- int sndbuf);
1274+ int sndbuf,
1275+ const unsigned int socket_flags);
1276
1277 void link_socket_init_phase2 (struct link_socket *sock,
1278 const struct frame *frame,
1279 volatile int *signal_received);
1280
1281-void link_socket_post_fork (const struct link_socket *sock,
1282- const struct sockaddr_in *remote);
1283-
1284 void socket_adjust_frame_parameters (struct frame *frame, int proto);
1285
1286 void frame_adjust_path_mtu (struct frame *frame, int pmtu, int proto);
1287
1288 void link_socket_close (struct link_socket *sock);
1289
1290-const char *print_sockaddr_ex (const struct sockaddr_in *addr,
1291- bool do_port,
1292+#define PS_SHOW_PORT_IF_DEFINED (1<<0)
1293+#define PS_SHOW_PORT (1<<1)
1294+#define PS_SHOW_PKTINFO (1<<2)
1295+
1296+const char *print_sockaddr_ex (const struct openvpn_sockaddr *addr,
1297 const char* separator,
1298+ const unsigned int flags,
1299 struct gc_arena *gc);
1300
1301-const char *print_sockaddr (const struct sockaddr_in *addr,
1302+
1303+const char *print_sockaddr (const struct openvpn_sockaddr *addr,
1304 struct gc_arena *gc);
1305
1306+const char *print_link_socket_actual_ex (const struct link_socket_actual *act,
1307+ const char* separator,
1308+ const unsigned int flags,
1309+ struct gc_arena *gc);
1310+
1311+const char *print_link_socket_actual (const struct link_socket_actual *act,
1312+ struct gc_arena *gc);
1313+
1314+
1315 #define IA_EMPTY_IF_UNDEF (1<<0)
1316 #define IA_NET_ORDER (1<<1)
1317 const char *print_in_addr_t (in_addr_t addr, unsigned int flags, struct gc_arena *gc);
1318@@ -308,7 +340,7 @@
1319 #define SA_SET_IF_NONZERO (1<<1)
1320 void setenv_sockaddr (struct env_set *es,
1321 const char *name_prefix,
1322- const struct sockaddr_in *addr,
1323+ const struct openvpn_sockaddr *addr,
1324 const bool flags);
1325
1326 void setenv_in_addr_t (struct env_set *es,
1327@@ -316,19 +348,24 @@
1328 in_addr_t addr,
1329 const bool flags);
1330
1331+void setenv_link_socket_actual (struct env_set *es,
1332+ const char *name_prefix,
1333+ const struct link_socket_actual *act,
1334+ const bool flags);
1335+
1336 void bad_address_length (int actual, int expected);
1337
1338 in_addr_t link_socket_current_remote (const struct link_socket_info *info);
1339
1340 void link_socket_connection_initiated (const struct buffer *buf,
1341 struct link_socket_info *info,
1342- const struct sockaddr_in *addr,
1343+ const struct link_socket_actual *addr,
1344 const char *common_name,
1345 struct env_set *es);
1346
1347 void link_socket_bad_incoming_addr (struct buffer *buf,
1348 const struct link_socket_info *info,
1349- const struct sockaddr_in *from_addr);
1350+ const struct link_socket_actual *from_addr);
1351
1352 void link_socket_bad_outgoing_addr (void);
1353
1354@@ -349,7 +386,7 @@
1355 socket_descriptor_t create_socket_tcp (void);
1356
1357 socket_descriptor_t socket_do_accept (socket_descriptor_t sd,
1358- struct sockaddr_in *remote,
1359+ struct link_socket_actual *act,
1360 const bool nowait);
1361
1362 /*
1363@@ -440,33 +477,39 @@
1364 }
1365
1366 static inline bool
1367-addr_defined (const struct sockaddr_in *addr)
1368+addr_defined (const struct openvpn_sockaddr *addr)
1369 {
1370- return addr->sin_addr.s_addr != 0;
1371+ return addr->sa.sin_addr.s_addr != 0;
1372 }
1373
1374 static inline bool
1375-addr_match (const struct sockaddr_in *a1, const struct sockaddr_in *a2)
1376+link_socket_actual_defined (const struct link_socket_actual *act)
1377 {
1378- return a1->sin_addr.s_addr == a2->sin_addr.s_addr;
1379+ return act && addr_defined (&act->dest);
1380+}
1381+
1382+static inline bool
1383+addr_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
1384+{
1385+ return a1->sa.sin_addr.s_addr == a2->sa.sin_addr.s_addr;
1386 }
1387
1388 static inline in_addr_t
1389-addr_host (const struct sockaddr_in *s)
1390+addr_host (const struct openvpn_sockaddr *s)
1391 {
1392- return ntohl (s->sin_addr.s_addr);
1393+ return ntohl (s->sa.sin_addr.s_addr);
1394 }
1395
1396 static inline bool
1397-addr_port_match (const struct sockaddr_in *a1, const struct sockaddr_in *a2)
1398+addr_port_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
1399 {
1400- return a1->sin_addr.s_addr == a2->sin_addr.s_addr
1401- && a1->sin_port == a2->sin_port;
1402+ return a1->sa.sin_addr.s_addr == a2->sa.sin_addr.s_addr
1403+ && a1->sa.sin_port == a2->sa.sin_port;
1404 }
1405
1406 static inline bool
1407-addr_match_proto (const struct sockaddr_in *a1,
1408- const struct sockaddr_in *a2,
1409+addr_match_proto (const struct openvpn_sockaddr *a1,
1410+ const struct openvpn_sockaddr *a2,
1411 const int proto)
1412 {
1413 return link_socket_proto_connection_oriented (proto)
1414@@ -475,6 +518,12 @@
1415 }
1416
1417 static inline bool
1418+link_socket_actual_match (const struct link_socket_actual *a1, const struct link_socket_actual *a2)
1419+{
1420+ return addr_port_match (&a1->dest, &a2->dest);
1421+}
1422+
1423+static inline bool
1424 socket_connection_reset (const struct link_socket *sock, int status)
1425 {
1426 if (link_socket_connection_oriented (sock))
1427@@ -497,17 +546,17 @@
1428 static inline bool
1429 link_socket_verify_incoming_addr (struct buffer *buf,
1430 const struct link_socket_info *info,
1431- const struct sockaddr_in *from_addr)
1432+ const struct link_socket_actual *from_addr)
1433 {
1434 if (buf->len > 0)
1435 {
1436- if (from_addr->sin_family != AF_INET)
1437+ if (from_addr->dest.sa.sin_family != AF_INET)
1438 return false;
1439- if (!addr_defined (from_addr))
1440+ if (!link_socket_actual_defined (from_addr))
1441 return false;
1442 if (info->remote_float || !addr_defined (&info->lsa->remote))
1443 return true;
1444- if (addr_match_proto (from_addr, &info->lsa->remote, info->proto))
1445+ if (addr_match_proto (&from_addr->dest, &info->lsa->remote, info->proto))
1446 return true;
1447 }
1448 return false;
1449@@ -516,21 +565,18 @@
1450 static inline void
1451 link_socket_get_outgoing_addr (struct buffer *buf,
1452 const struct link_socket_info *info,
1453- struct sockaddr_in *addr)
1454+ struct link_socket_actual **act)
1455 {
1456 if (buf->len > 0)
1457 {
1458 struct link_socket_addr *lsa = info->lsa;
1459- if (addr_defined (&lsa->actual))
1460- {
1461- addr->sin_family = lsa->actual.sin_family;
1462- addr->sin_addr.s_addr = lsa->actual.sin_addr.s_addr;
1463- addr->sin_port = lsa->actual.sin_port;
1464- }
1465+ if (link_socket_actual_defined (&lsa->actual))
1466+ *act = &lsa->actual;
1467 else
1468 {
1469 link_socket_bad_outgoing_addr ();
1470 buf->len = 0;
1471+ *act = NULL;
1472 }
1473 }
1474 }
1475@@ -538,7 +584,7 @@
1476 static inline void
1477 link_socket_set_outgoing_addr (const struct buffer *buf,
1478 struct link_socket_info *info,
1479- const struct sockaddr_in *addr,
1480+ const struct link_socket_actual *act,
1481 const char *common_name,
1482 struct env_set *es)
1483 {
1484@@ -548,14 +594,14 @@
1485 if (
1486 /* new or changed address? */
1487 (!info->connection_established
1488- || !addr_match_proto (addr, &lsa->actual, info->proto))
1489+ || !addr_match_proto (&act->dest, &lsa->actual.dest, info->proto))
1490 /* address undef or address == remote or --float */
1491 && (info->remote_float
1492 || !addr_defined (&lsa->remote)
1493- || addr_match_proto (addr, &lsa->remote, info->proto))
1494+ || addr_match_proto (&act->dest, &lsa->remote, info->proto))
1495 )
1496 {
1497- link_socket_connection_initiated (buf, info, addr, common_name, es);
1498+ link_socket_connection_initiated (buf, info, act, common_name, es);
1499 }
1500 }
1501 }
1502@@ -592,7 +638,7 @@
1503 static inline int
1504 link_socket_read_udp_win32 (struct link_socket *sock,
1505 struct buffer *buf,
1506- struct sockaddr_in *from)
1507+ struct link_socket_actual *from)
1508 {
1509 return socket_finalize (sock->sd, &sock->reads, buf, from);
1510 }
1511@@ -602,7 +648,7 @@
1512 int link_socket_read_udp_posix (struct link_socket *sock,
1513 struct buffer *buf,
1514 int maxsize,
1515- struct sockaddr_in *from);
1516+ struct link_socket_actual *from);
1517
1518 #endif
1519
1520@@ -611,7 +657,7 @@
1521 link_socket_read (struct link_socket *sock,
1522 struct buffer *buf,
1523 int maxsize,
1524- struct sockaddr_in *from)
1525+ struct link_socket_actual *from)
1526 {
1527 if (sock->info.proto == PROTO_UDPv4)
1528 {
1529@@ -627,7 +673,7 @@
1530 else if (sock->info.proto == PROTO_TCPv4_SERVER || sock->info.proto == PROTO_TCPv4_CLIENT)
1531 {
1532 /* from address was returned by accept */
1533- *from = sock->info.lsa->actual;
1534+ from->dest.sa = sock->info.lsa->actual.dest.sa;
1535 return link_socket_read_tcp (sock, buf);
1536 }
1537 else
1538@@ -643,14 +689,14 @@
1539
1540 int link_socket_write_tcp (struct link_socket *sock,
1541 struct buffer *buf,
1542- struct sockaddr_in *to);
1543+ struct link_socket_actual *to);
1544
1545 #ifdef WIN32
1546
1547 static inline int
1548 link_socket_write_win32 (struct link_socket *sock,
1549 struct buffer *buf,
1550- struct sockaddr_in *to)
1551+ struct link_socket_actual *to)
1552 {
1553 int err = 0;
1554 int status = 0;
1555@@ -675,17 +721,26 @@
1556 static inline int
1557 link_socket_write_udp_posix (struct link_socket *sock,
1558 struct buffer *buf,
1559- struct sockaddr_in *to)
1560+ struct link_socket_actual *to)
1561 {
1562- return sendto (sock->sd, BPTR (buf), BLEN (buf), 0,
1563- (struct sockaddr *) to,
1564- (socklen_t) sizeof (*to));
1565+#if ENABLE_IP_PKTINFO
1566+ int link_socket_write_udp_posix_sendmsg (struct link_socket *sock,
1567+ struct buffer *buf,
1568+ struct link_socket_actual *to);
1569+
1570+ if (sock->socket_flags & SF_USE_IP_PKTINFO)
1571+ return link_socket_write_udp_posix_sendmsg (sock, buf, to);
1572+ else
1573+#endif
1574+ return sendto (sock->sd, BPTR (buf), BLEN (buf), 0,
1575+ (struct sockaddr *) &to->dest.sa,
1576+ (socklen_t) sizeof (to->dest.sa));
1577 }
1578
1579 static inline int
1580 link_socket_write_tcp_posix (struct link_socket *sock,
1581 struct buffer *buf,
1582- struct sockaddr_in *to)
1583+ struct link_socket_actual *to)
1584 {
1585 return send (sock->sd, BPTR (buf), BLEN (buf), MSG_NOSIGNAL);
1586 }
1587@@ -695,7 +750,7 @@
1588 static inline int
1589 link_socket_write_udp (struct link_socket *sock,
1590 struct buffer *buf,
1591- struct sockaddr_in *to)
1592+ struct link_socket_actual *to)
1593 {
1594 #ifdef WIN32
1595 return link_socket_write_win32 (sock, buf, to);
1596@@ -708,7 +763,7 @@
1597 static inline int
1598 link_socket_write (struct link_socket *sock,
1599 struct buffer *buf,
1600- struct sockaddr_in *to)
1601+ struct link_socket_actual *to)
1602 {
1603 if (sock->info.proto == PROTO_UDPv4)
1604 {
1605diff -ur openvpn-2.0_rc16/socks.c openvpn-2.0_rc16MH/socks.c
1606--- openvpn-2.0_rc16/socks.c 2005-01-09 17:46:29.000000000 -0700
1607+++ openvpn-2.0_rc16MH/socks.c 2005-02-24 22:52:32.000000000 -0700
1608@@ -149,7 +149,8 @@
1609 }
1610
1611 static bool
1612-recv_socks_reply (socket_descriptor_t sd, struct sockaddr_in *addr,
1613+recv_socks_reply (socket_descriptor_t sd,
1614+ struct openvpn_sockaddr *addr,
1615 volatile int *signal_received)
1616 {
1617 char atyp = '\0';
1618@@ -160,9 +161,9 @@
1619
1620 if (addr != NULL)
1621 {
1622- addr->sin_family = AF_INET;
1623- addr->sin_addr.s_addr = htonl (INADDR_ANY);
1624- addr->sin_port = htons (0);
1625+ addr->sa.sin_family = AF_INET;
1626+ addr->sa.sin_addr.s_addr = htonl (INADDR_ANY);
1627+ addr->sa.sin_port = htons (0);
1628 }
1629
1630 while (len < 4 + alen + 2)
1631@@ -249,8 +250,8 @@
1632 /* ATYP == 1 (IP V4 address) */
1633 if (atyp == '\x01' && addr != NULL)
1634 {
1635- memcpy (&addr->sin_addr, buf + 4, sizeof (addr->sin_addr));
1636- memcpy (&addr->sin_port, buf + 8, sizeof (addr->sin_port));
1637+ memcpy (&addr->sa.sin_addr, buf + 4, sizeof (addr->sa.sin_addr));
1638+ memcpy (&addr->sa.sin_port, buf + 8, sizeof (addr->sa.sin_port));
1639 }
1640
1641
1642@@ -311,7 +312,7 @@
1643 establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
1644 socket_descriptor_t ctrl_sd, /* already open to proxy */
1645 socket_descriptor_t udp_sd,
1646- struct sockaddr_in *relay_addr,
1647+ struct openvpn_sockaddr *relay_addr,
1648 volatile int *signal_received)
1649 {
1650 if (!socks_handshake (ctrl_sd, signal_received))
1651@@ -353,7 +354,7 @@
1652 */
1653 void
1654 socks_process_incoming_udp (struct buffer *buf,
1655- struct sockaddr_in *from)
1656+ struct link_socket_actual *from)
1657 {
1658 int atyp;
1659
1660@@ -368,8 +369,8 @@
1661 if (atyp != 1) /* ATYP == 1 (IP V4) */
1662 goto error;
1663
1664- buf_read (buf, &from->sin_addr, sizeof (from->sin_addr));
1665- buf_read (buf, &from->sin_port, sizeof (from->sin_port));
1666+ buf_read (buf, &from->dest.sa.sin_addr, sizeof (from->dest.sa.sin_addr));
1667+ buf_read (buf, &from->dest.sa.sin_port, sizeof (from->dest.sa.sin_port));
1668
1669 return;
1670
1671@@ -386,7 +387,7 @@
1672 */
1673 int
1674 socks_process_outgoing_udp (struct buffer *buf,
1675- struct sockaddr_in *to)
1676+ const struct link_socket_actual *to)
1677 {
1678 /*
1679 * Get a 10 byte subset buffer prepended to buf --
1680@@ -401,8 +402,8 @@
1681 buf_write_u16 (&head, 0); /* RSV = 0 */
1682 buf_write_u8 (&head, 0); /* FRAG = 0 */
1683 buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */
1684- buf_write (&head, &to->sin_addr, sizeof (to->sin_addr));
1685- buf_write (&head, &to->sin_port, sizeof (to->sin_port));
1686+ buf_write (&head, &to->dest.sa.sin_addr, sizeof (to->dest.sa.sin_addr));
1687+ buf_write (&head, &to->dest.sa.sin_port, sizeof (to->dest.sa.sin_port));
1688
1689 return 10;
1690 }
1691diff -ur openvpn-2.0_rc16/socks.h openvpn-2.0_rc16MH/socks.h
1692--- openvpn-2.0_rc16/socks.h 2005-01-09 17:46:29.000000000 -0700
1693+++ openvpn-2.0_rc16MH/socks.h 2005-02-24 22:52:11.000000000 -0700
1694@@ -35,6 +35,9 @@
1695
1696 #include "buffer.h"
1697
1698+struct openvpn_sockaddr;
1699+struct link_socket_actual;
1700+
1701 struct socks_proxy_info {
1702 bool defined;
1703 bool retry;
1704@@ -59,14 +62,14 @@
1705 void establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
1706 socket_descriptor_t ctrl_sd, /* already open to proxy */
1707 socket_descriptor_t udp_sd,
1708- struct sockaddr_in *relay_addr,
1709+ struct openvpn_sockaddr *relay_addr,
1710 volatile int *signal_received);
1711
1712 void socks_process_incoming_udp (struct buffer *buf,
1713- struct sockaddr_in *from);
1714+ struct link_socket_actual *from);
1715
1716 int socks_process_outgoing_udp (struct buffer *buf,
1717- struct sockaddr_in *to);
1718+ const struct link_socket_actual *to);
1719
1720 #endif
1721 #endif
1722diff -ur openvpn-2.0_rc16/ssl.c openvpn-2.0_rc16MH/ssl.c
2b9fb954
AZ		 1723--- openvpn-2.0_rc16/ssl.c.orig 2005-12-13 17:10:01.000000000 +0000
1724+++ openvpn-2.0_rc16MH/ssl.c 2006-04-06 20:23:48.000000000 +0000
1725@@ -373,7 +373,7 @@
27b50dc5 1726 static void
1727 setenv_untrusted (struct tls_session *session)
1728 {
1729- setenv_sockaddr (session->opt->es, "untrusted", &session->untrusted_sockaddr, SA_IP_PORT);
1730+ setenv_link_socket_actual (session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT);
1731 }
1732
1733 static void
2b9fb954 1734@@ -1814,7 +1814,7 @@
27b50dc5 1735 write_control_auth (struct tls_session *session,
1736 struct key_state *ks,
1737 struct buffer *buf,
1738- struct sockaddr_in *to_link_addr,
1739+ struct link_socket_actual **to_link_addr,
1740 int opcode,
1741 int max_ack,
1742 bool prepend_ack)
2b9fb954 1743@@ -1822,7 +1822,7 @@
27b50dc5 1744 uint8_t *header;
1745 struct buffer null = clear_buf ();
1746
1747- ASSERT (addr_defined (&ks->remote_addr));
1748+ ASSERT (link_socket_actual_defined (&ks->remote_addr));
1749 ASSERT (reliable_ack_write
1750 (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack));
1751 ASSERT (session_id_write_prepend (&session->session_id, buf));
2b9fb954 1752@@ -1834,7 +1834,7 @@
27b50dc5 1753 openvpn_encrypt (buf, null, &session->tls_auth, NULL);
1754 ASSERT (swap_hmac (buf, &session->tls_auth, false));
1755 }
1756- *to_link_addr = ks->remote_addr;
1757+ *to_link_addr = &ks->remote_addr;
1758 }
1759
1760 /*
2b9fb954 1761@@ -1843,7 +1843,7 @@
27b50dc5 1762 static bool
1763 read_control_auth (struct buffer *buf,
1764 const struct crypto_options *co,
1765- const struct sockaddr_in *from)
1766+ const struct link_socket_actual *from)
1767 {
1768 struct gc_arena gc = gc_new ();
1769
2b9fb954 1770@@ -1856,7 +1856,7 @@
27b50dc5 1771 {
1772 msg (D_TLS_ERRORS,
1773 "TLS Error: cannot locate HMAC in incoming packet from %s",
1774- print_sockaddr (from, &gc));
1775+ print_link_socket_actual (from, &gc));
1776 gc_free (&gc);
1777 return false;
1778 }
2b9fb954 1779@@ -1868,7 +1868,7 @@
27b50dc5 1780 {
1781 msg (D_TLS_ERRORS,
1782 "TLS Error: incoming packet authentication failed from %s",
1783- print_sockaddr (from, &gc));
1784+ print_link_socket_actual (from, &gc));
1785 gc_free (&gc);
1786 return false;
1787 }
2b9fb954 1788@@ -2757,7 +2757,7 @@
27b50dc5 1789 tls_process (struct tls_multi *multi,
1790 struct tls_session *session,
1791 struct buffer *to_link,
1792- struct sockaddr_in *to_link_addr,
1793+ struct link_socket_actual **to_link_addr,
1794 struct link_socket_info *to_link_socket_info,
1795 interval_t *wakeup)
1796 {
2b9fb954 1797@@ -3151,7 +3151,7 @@
27b50dc5 1798 bool
1799 tls_multi_process (struct tls_multi *multi,
1800 struct buffer *to_link,
1801- struct sockaddr_in *to_link_addr,
1802+ struct link_socket_actual **to_link_addr,
1803 struct link_socket_info *to_link_socket_info,
1804 interval_t *wakeup)
1805 {
2b9fb954 1806@@ -3177,7 +3177,7 @@
27b50dc5 1807
1808 /* set initial remote address */
1809 if (i == TM_ACTIVE && ks->state == S_INITIAL &&
1810- addr_defined (&to_link_socket_info->lsa->actual))
1811+ link_socket_actual_defined (&to_link_socket_info->lsa->actual))
1812 ks->remote_addr = to_link_socket_info->lsa->actual;
1813
1814 dmsg (D_TLS_DEBUG,
2b9fb954 1815@@ -3186,17 +3186,30 @@
27b50dc5 1816 state_name (ks->state),
1817 session_id_print (&session->session_id, &gc),
1818 session_id_print (&ks->session_id_remote, &gc),
1819- print_sockaddr (&ks->remote_addr, &gc));
1820+ print_link_socket_actual (&ks->remote_addr, &gc));
1821
1822- if (ks->state >= S_INITIAL && addr_defined (&ks->remote_addr))
1823+ if (ks->state >= S_INITIAL && link_socket_actual_defined (&ks->remote_addr))
1824 {
1825+ struct link_socket_actual *tla = NULL;
1826+
1827 update_time ();
1828
1829- if (tls_process (multi, session, to_link, to_link_addr,
1830+ if (tls_process (multi, session, to_link, &tla,
1831 to_link_socket_info, wakeup))
1832 active = true;
1833
1834 /*
1835+ * If tls_process produced an outgoing packet,
1836+ * return the link_socket_actual object (which
1837+ * contains the outgoing address).
1838+ */
1839+ if (tla)
1840+ {
1841+ multi->to_link_addr = *tla;
1842+ *to_link_addr = &multi->to_link_addr;
1843+ }
1844+
1845+ /*
1846 * If tls_process hits an error:
1847 * (1) If the session has an unexpired lame duck key, preserve it.
1848 * (2) Reinitialize the session.
2b9fb954 1849@@ -3315,7 +3328,7 @@
27b50dc5 1850
1851 bool
1852 tls_pre_decrypt (struct tls_multi *multi,
1853- struct sockaddr_in *from,
1854+ const struct link_socket_actual *from,
1855 struct buffer *buf,
1856 struct crypto_options *opt)
1857 {
2b9fb954 1858@@ -3357,7 +3370,7 @@
27b50dc5 1859 if (DECRYPT_KEY_ENABLED (multi, ks)
1860 && key_id == ks->key_id
1861 && ks->authenticated
1862- && addr_port_match(from, &ks->remote_addr))
1863+ && link_socket_actual_match (from, &ks->remote_addr))
1864 {
1865 /* return appropriate data channel decrypt key in opt */
1866 opt->key_ctx_bi = &ks->key;
2b9fb954 1867@@ -3370,7 +3383,7 @@
27b50dc5 1868 ks->n_bytes += buf->len;
1869 dmsg (D_TLS_DEBUG,
1870 "TLS: data channel, key_id=%d, IP=%s",
1871- key_id, print_sockaddr (from, &gc));
1872+ key_id, print_link_socket_actual (from, &gc));
1873 gc_free (&gc);
1874 return ret;
1875 }
2b9fb954 1876@@ -3383,14 +3396,14 @@
27b50dc5 1877 key_id,
1878 ks->key_id,
1879 ks->authenticated,
1880- addr_port_match (from, &ks->remote_addr));
1881+ link_socket_actual_match (from, &ks->remote_addr));
1882 }
1883 #endif
1884 }
1885
1886 msg (D_TLS_ERRORS,
1887 "TLS Error: local/remote TLS keys are out of sync: %s [%d]",
1888- print_sockaddr (from, &gc), key_id);
1889+ print_link_socket_actual (from, &gc), key_id);
1890 goto error;
1891 }
1892 else /* control channel packet */
2b9fb954 1893@@ -3404,7 +3417,7 @@
27b50dc5 1894 {
1895 msg (D_TLS_ERRORS,
1896 "TLS Error: unknown opcode received from %s op=%d",
1897- print_sockaddr (from, &gc), op);
1898+ print_link_socket_actual (from, &gc), op);
1899 goto error;
1900 }
1901
2b9fb954 1902@@ -3419,7 +3432,7 @@
27b50dc5 1903 {
1904 msg (D_TLS_ERRORS,
1905 "TLS Error: client->client or server->server connection attempted from %s",
1906- print_sockaddr (from, &gc));
1907+ print_link_socket_actual (from, &gc));
1908 goto error;
1909 }
1910 }
2b9fb954 1911@@ -3428,7 +3441,7 @@
27b50dc5 1912 * Authenticate Packet
1913 */
1914 dmsg (D_TLS_DEBUG, "TLS: control channel, op=%s, IP=%s",
1915- packet_opcode_name (op), print_sockaddr (from, &gc));
1916+ packet_opcode_name (op), print_link_socket_actual (from, &gc));
1917
1918 /* get remote session-id */
1919 {
2b9fb954 1920@@ -3438,7 +3451,7 @@
27b50dc5 1921 {
1922 msg (D_TLS_ERRORS,
1923 "TLS Error: session-id not found in packet from %s",
1924- print_sockaddr (from, &gc));
1925+ print_link_socket_actual (from, &gc));
1926 goto error;
1927 }
1928 }
2b9fb954 1929@@ -3455,9 +3468,9 @@
27b50dc5 1930 state_name (ks->state),
1931 session_id_print (&session->session_id, &gc),
1932 session_id_print (&sid, &gc),
1933- print_sockaddr (from, &gc),
1934+ print_link_socket_actual (from, &gc),
1935 session_id_print (&ks->session_id_remote, &gc),
1936- print_sockaddr (&ks->remote_addr, &gc));
1937+ print_link_socket_actual (&ks->remote_addr, &gc));
1938
1939 if (session_id_equal (&ks->session_id_remote, &sid))
1940 /* found a match */
2b9fb954 1941@@ -3502,7 +3515,7 @@
27b50dc5 1942 {
1943 msg (D_TLS_ERRORS,
2b9fb954 1944 "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [1]",
27b50dc5 1945- print_sockaddr (from, &gc));
1946+ print_link_socket_actual (from, &gc));
1947 goto error;
1948 }
1949
2b9fb954 1950@@ -3518,13 +3531,13 @@
27b50dc5 1951
1952 msg (D_TLS_DEBUG_LOW,
1953 "TLS: Initial packet from %s, sid=%s",
1954- print_sockaddr (from, &gc),
1955+ print_link_socket_actual (from, &gc),
1956 session_id_print (&sid, &gc));
1957
1958 do_burst = true;
1959 new_link = true;
1960 i = TM_ACTIVE;
1961- session->untrusted_sockaddr = *from;
1962+ session->untrusted_addr = *from;
1963 }
1964 }
1965
2b9fb954 1966@@ -3544,7 +3557,7 @@
27b50dc5 1967 {
1968 msg (D_TLS_ERRORS,
2b9fb954 1969 "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [2]",
27b50dc5 1970- print_sockaddr (from, &gc));
1971+ print_link_socket_actual (from, &gc));
1972 goto error;
1973 }
1974
2b9fb954 1975@@ -3567,11 +3580,11 @@
27b50dc5 1976 */
1977 msg (D_TLS_DEBUG_LOW,
1978 "TLS: new session incoming connection from %s",
1979- print_sockaddr (from, &gc));
1980+ print_link_socket_actual (from, &gc));
1981
1982 new_link = true;
1983 i = TM_UNTRUSTED;
1984- session->untrusted_sockaddr = *from;
1985+ session->untrusted_addr = *from;
1986 }
1987 else
1988 {
2b9fb954 1989@@ -3585,7 +3598,7 @@
27b50dc5 1990 {
1991 msg (D_TLS_ERRORS,
1992 "TLS Error: Unroutable control packet received from %s (si=%d op=%s)",
1993- print_sockaddr (from, &gc),
1994+ print_link_socket_actual (from, &gc),
1995 i,
1996 packet_opcode_name (op));
1997 goto error;
2b9fb954 1998@@ -3594,10 +3607,10 @@
27b50dc5 1999 /*
2000 * Verify remote IP address
2001 */
2002- if (!new_link && !addr_port_match (&ks->remote_addr, from))
2003+ if (!new_link && !link_socket_actual_match (&ks->remote_addr, from))
2004 {
2005 msg (D_TLS_ERRORS, "TLS Error: Received control packet from unexpected IP addr: %s",
2006- print_sockaddr (from, &gc));
2007+ print_link_socket_actual (from, &gc));
2008 goto error;
2009 }
2010
2b9fb954 2011@@ -3659,11 +3672,11 @@
27b50dc5 2012 ks->remote_addr = *from;
2013 ++multi->n_sessions;
2014 }
2015- else if (!addr_port_match (&ks->remote_addr, from))
2016+ else if (!link_socket_actual_match (&ks->remote_addr, from))
2017 {
2018 msg (D_TLS_ERRORS,
2019 "TLS Error: Existing session control channel packet from unknown IP address: %s",
2020- print_sockaddr (from, &gc));
2021+ print_link_socket_actual (from, &gc));
2022 goto error;
2023 }
2024
2b9fb954 2025@@ -3761,8 +3774,9 @@
27b50dc5 2026 */
2027 bool
2028 tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
2029- const struct sockaddr_in *from,
2030+ const struct link_socket_actual *from,
2031 const struct buffer *buf)
2032+
2033 {
2034 struct gc_arena gc = gc_new ();
2035 bool ret = false;
2b9fb954 2036@@ -3789,7 +3803,7 @@
27b50dc5 2037 */
2038 dmsg (D_TLS_STATE_ERRORS,
2039 "TLS State Error: No TLS state for client %s, opcode=%d",
2040- print_sockaddr (from, &gc),
2041+ print_link_socket_actual (from, &gc),
2042 op);
2043 goto error;
2044 }
2b9fb954 2045@@ -3799,7 +3813,7 @@
27b50dc5 2046 dmsg (D_TLS_STATE_ERRORS,
2047 "TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected",
2048 key_id,
2049- print_sockaddr (from, &gc));
2050+ print_link_socket_actual (from, &gc));
2051 goto error;
2052 }
2053
2b9fb954 2054@@ -3808,7 +3822,7 @@
27b50dc5 2055 dmsg (D_TLS_STATE_ERRORS,
2056 "TLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expected",
2057 buf->len,
2058- print_sockaddr (from, &gc),
2059+ print_link_socket_actual (from, &gc),
2060 EXPANDED_SIZE_DYNAMIC (&tas->frame));
2061 goto error;
2062 }
2063diff -ur openvpn-2.0_rc16/ssl.h openvpn-2.0_rc16MH/ssl.h
2064--- openvpn-2.0_rc16/ssl.h 2005-01-18 22:59:20.000000000 -0700
2065+++ openvpn-2.0_rc16MH/ssl.h 2005-02-25 14:47:49.000000000 -0700
2066@@ -345,8 +345,8 @@
2067 time_t must_die; /* this object is destroyed at this time */
2068
2069 int initial_opcode; /* our initial P_ opcode */
2070- struct session_id session_id_remote; /* peer's random session ID */
2071- struct sockaddr_in remote_addr; /* peer's IP addr */
2072+ struct session_id session_id_remote; /* peer's random session ID */
2073+ struct link_socket_actual remote_addr; /* peer's IP addr */
2074 struct packet_id packet_id; /* for data channel, to prevent replay attacks */
2075
2076 struct key_ctx_bi key; /* data channel keys for encrypt/decrypt/hmac */
2077@@ -489,7 +489,7 @@
2078 bool verified; /* true if peer certificate was verified against CA */
2079
2080 /* not-yet-authenticated incoming client */
2081- struct sockaddr_in untrusted_sockaddr;
2082+ struct link_socket_actual untrusted_addr;
2083
2084 struct key_state key[KS_SIZE];
2085 };
2086@@ -536,6 +536,12 @@
2087 struct key_state *save_ks; /* temporary pointer used between pre/post routines */
2088
2089 /*
2090+ * Used to return outgoing address from
2091+ * tls_multi_process.
2092+ */
2093+ struct link_socket_actual to_link_addr;
2094+
2095+ /*
2096 * Number of sessions negotiated thus far.
2097 */
2098 int n_sessions;
2099@@ -591,19 +597,19 @@
2100
2101 bool tls_multi_process (struct tls_multi *multi,
2102 struct buffer *to_link,
2103- struct sockaddr_in *to_link_addr,
2104+ struct link_socket_actual **to_link_addr,
2105 struct link_socket_info *to_link_socket_info,
2106 interval_t *wakeup);
2107
2108 void tls_multi_free (struct tls_multi *multi, bool clear);
2109
2110 bool tls_pre_decrypt (struct tls_multi *multi,
2111- struct sockaddr_in *from,
2112+ const struct link_socket_actual *from,
2113 struct buffer *buf,
2114 struct crypto_options *opt);
2115
2116 bool tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
2117- const struct sockaddr_in *from,
2118+ const struct link_socket_actual *from,
2119 const struct buffer *buf);
2120
2121 void tls_pre_encrypt (struct tls_multi *multi,
2122diff -ur openvpn-2.0_rc16/syshead.h openvpn-2.0_rc16MH/syshead.h
2123--- openvpn-2.0_rc16/syshead.h 2005-01-09 17:46:27.000000000 -0700
2124+++ openvpn-2.0_rc16MH/syshead.h 2005-02-25 21:23:50.000000000 -0700
2125@@ -291,6 +291,15 @@
2126 #endif
2127
2128 /*
2129+ * Does this platform support linux-style IP_PKTINFO?
2130+ */
2131+#if defined(ENABLE_MULTIHOME) && defined(HAVE_IN_PKTINFO) && defined(IP_PKTINFO) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG)
2132+#define ENABLE_IP_PKTINFO 1
2133+#else
2134+#define ENABLE_IP_PKTINFO 0
2135+#endif
2136+
2137+/*
2138 * Disable ESEC
2139 */
2140 #if 0
VPN Daemon
This page took 0.254241 seconds and 4 git commands to generate.