+++ /dev/null
-diff -ur openvpn-2.0_rc16/configure.ac openvpn-2.0_rc16MH/configure.ac
---- openvpn-2.0_rc16/configure.ac 2005-02-20 11:46:15.000000000 -0700
-+++ openvpn-2.0_rc16MH/configure.ac 2005-02-26 00:21:45.000000000 -0700
-@@ -89,6 +89,12 @@
- [FRAGMENT="yes"]
- )
-
-+AC_ARG_ENABLE(multihome,
-+ [ --disable-multihome Disable multi-homed UDP server support (--multihome)],
-+ [MULTIHOME="$enableval"],
-+ [MULTIHOME="yes"]
-+)
-+
- AC_ARG_ENABLE(debug,
- [ --disable-debug Disable debugging support (disable gremlin and verb 7+ messages)],
- [DEBUG="$enableval"],
-@@ -326,6 +332,11 @@
- [AC_DEFINE(HAVE_CMSGHDR, 1, [struct cmsghdr needed for extended socket error support])],
- [],
- [#include "syshead.h"])
-+AC_CHECK_TYPE(
-+ [struct in_pktinfo],
-+ [AC_DEFINE(HAVE_IN_PKTINFO, 1, [struct in_pktinfo needed for IP_PKTINFO support])],
-+ [],
-+ [#include "syshead.h"])
-
- AC_CHECK_SIZEOF(unsigned int)
- AC_CHECK_SIZEOF(unsigned long)
-@@ -351,7 +362,7 @@
- getpass strerror syslog openlog mlockall getgrnam setgid dnl
- setgroups stat flock readv writev setsockopt getsockopt dnl
- setsid chdir gettimeofday putenv getpeername unlink dnl
-- poll chsize ftruncate)
-+ poll chsize ftruncate sendmsg recvmsg)
- AC_CACHE_SAVE
-
- dnl Required library functions
-@@ -568,6 +579,11 @@
- AC_DEFINE(ENABLE_HTTP_PROXY, 1, [Enable HTTP proxy support])
- fi
-
-+dnl compile --multihome option
-+if test "$MULTIHOME" = "yes"; then
-+ AC_DEFINE(ENABLE_MULTIHOME, 1, [Enable multi-homed UDP server capability])
-+fi
-+
- dnl enable debugging
- if test "$DEBUG" = "yes"; then
- AC_DEFINE(ENABLE_DEBUG, 1, [Enable debugging support])
-diff -ur openvpn-2.0_rc16/forward.c openvpn-2.0_rc16MH/forward.c
---- openvpn-2.0_rc16/forward.c 2005-02-05 01:55:10.000000000 -0700
-+++ openvpn-2.0_rc16MH/forward.c 2005-02-25 20:52:18.000000000 -0700
-@@ -563,12 +563,12 @@
-
- static inline void
- socks_preprocess_outgoing_link (struct context *c,
-- struct sockaddr_in **to_addr,
-+ struct link_socket_actual **to_addr,
- int *size_delta)
- {
- if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDPv4)
- {
-- *size_delta += socks_process_outgoing_udp (&c->c2.to_link, &c->c2.to_link_addr);
-+ *size_delta += socks_process_outgoing_udp (&c->c2.to_link, c->c2.to_link_addr);
- *to_addr = &c->c2.link_socket->socks_relay;
- }
- }
-@@ -607,7 +607,11 @@
-
- c->c2.buf = c->c2.buffers->read_link_buf;
- ASSERT (buf_init (&c->c2.buf, FRAME_HEADROOM_ADJ (&c->c2.frame, FRAME_HEADROOM_MARKER_READ_LINK)));
-- status = link_socket_read (c->c2.link_socket, &c->c2.buf, MAX_RW_SIZE_LINK (&c->c2.frame), &c->c2.from);
-+
-+ status = link_socket_read (c->c2.link_socket,
-+ &c->c2.buf,
-+ MAX_RW_SIZE_LINK (&c->c2.frame),
-+ &c->c2.from);
-
- if (socket_connection_reset (c->c2.link_socket, status))
- {
-@@ -677,7 +681,7 @@
- msg (D_LINK_RW, "%s READ [%d] from %s: %s",
- proto2ascii (lsi->proto, true),
- BLEN (&c->c2.buf),
-- print_sockaddr (&c->c2.from, &gc),
-+ print_link_socket_actual (&c->c2.from, &gc),
- PROTO_DUMP (&c->c2.buf, &gc));
-
- /*
-@@ -947,7 +951,7 @@
- * packet to remote over the TCP/UDP port.
- */
- int size = 0;
-- ASSERT (addr_defined (&c->c2.to_link_addr));
-+ ASSERT (link_socket_actual_defined (c->c2.to_link_addr));
-
- #ifdef ENABLE_DEBUG
- /* In gremlin-test mode, we may choose to drop this packet */
-@@ -982,12 +986,12 @@
- msg (D_LINK_RW, "%s WRITE [%d] to %s: %s",
- proto2ascii (c->c2.link_socket->info.proto, true),
- BLEN (&c->c2.to_link),
-- print_sockaddr (&c->c2.to_link_addr, &gc),
-+ print_link_socket_actual (c->c2.to_link_addr, &gc),
- PROTO_DUMP (&c->c2.to_link, &gc));
-
- /* Packet send complexified by possible Socks5 usage */
- {
-- struct sockaddr_in *to_addr = &c->c2.to_link_addr;
-+ struct link_socket_actual *to_addr = c->c2.to_link_addr;
- #ifdef ENABLE_SOCKS
- int size_delta = 0;
- #endif
-@@ -997,7 +1001,9 @@
- socks_preprocess_outgoing_link (c, &to_addr, &size_delta);
- #endif
- /* Send packet */
-- size = link_socket_write (c->c2.link_socket, &c->c2.to_link, to_addr);
-+ size = link_socket_write (c->c2.link_socket,
-+ &c->c2.to_link,
-+ to_addr);
-
- #ifdef ENABLE_SOCKS
- /* Undo effect of prepend */
-@@ -1021,7 +1027,7 @@
- if (size != BLEN (&c->c2.to_link))
- msg (D_LINK_ERRORS,
- "TCP/UDP packet was truncated/expanded on write to %s (tried=%d,actual=%d)",
-- print_sockaddr (&c->c2.to_link_addr, &gc),
-+ print_link_socket_actual (c->c2.to_link_addr, &gc),
- BLEN (&c->c2.to_link),
- size);
- }
-@@ -1030,7 +1036,7 @@
- {
- if (c->c2.to_link.len > 0)
- msg (D_LINK_ERRORS, "TCP/UDP packet too large on write to %s (tried=%d,max=%d)",
-- print_sockaddr (&c->c2.to_link_addr, &gc),
-+ print_link_socket_actual (c->c2.to_link_addr, &gc),
- c->c2.to_link.len,
- EXPANDED_SIZE (&c->c2.frame));
- }
-diff -ur openvpn-2.0_rc16/init.c openvpn-2.0_rc16MH/init.c
---- openvpn-2.0_rc16/init.c 2005-02-17 13:36:08.000000000 -0700
-+++ openvpn-2.0_rc16MH/init.c 2005-02-25 21:12:42.000000000 -0700
-@@ -1651,6 +1651,13 @@
- static void
- do_init_socket_1 (struct context *c, int mode)
- {
-+ unsigned int flags = 0;
-+
-+#if ENABLE_IP_PKTINFO
-+ if (c->options.multihome)
-+ flags |= SF_USE_IP_PKTINFO;
-+#endif
-+
- link_socket_init_phase1 (c->c2.link_socket,
- c->options.local,
- c->c1.remote_list,
-@@ -1677,7 +1684,8 @@
- c->options.connect_retry_seconds,
- c->options.mtu_discover_type,
- c->options.rcvbuf,
-- c->options.sndbuf);
-+ c->options.sndbuf,
-+ flags);
- }
-
- /*
-diff -ur openvpn-2.0_rc16/manage.c openvpn-2.0_rc16MH/manage.c
---- openvpn-2.0_rc16/manage.c 2005-01-14 21:04:11.000000000 -0700
-+++ openvpn-2.0_rc16MH/manage.c 2005-02-24 20:13:31.000000000 -0700
-@@ -746,13 +746,16 @@
- man_accept (struct management *man)
- {
- struct gc_arena gc = gc_new ();
-+ struct link_socket_actual act;
-
- /*
- * Accept the TCP client.
- */
-- man->connection.sd_cli = socket_do_accept (man->connection.sd_top, &man->connection.remote, false);
-+ man->connection.sd_cli = socket_do_accept (man->connection.sd_top, &act, false);
- if (socket_defined (man->connection.sd_cli))
- {
-+ man->connection.remote = act.dest;
-+
- if (socket_defined (man->connection.sd_top))
- {
- #ifdef WIN32
-@@ -1121,9 +1124,9 @@
- /*
- * Initialize socket address
- */
-- ms->local.sin_family = AF_INET;
-- ms->local.sin_addr.s_addr = 0;
-- ms->local.sin_port = htons (port);
-+ ms->local.sa.sin_family = AF_INET;
-+ ms->local.sa.sin_addr.s_addr = 0;
-+ ms->local.sa.sin_port = htons (port);
-
- /*
- * Run management over tunnel, or
-@@ -1135,7 +1138,7 @@
- }
- else
- {
-- ms->local.sin_addr.s_addr = getaddr
-+ ms->local.sa.sin_addr.s_addr = getaddr
- (GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL, addr, 0, NULL, NULL);
- }
-
-@@ -1382,7 +1385,7 @@
- && man->connection.state == MS_INITIAL)
- {
- /* listen on our local TUN/TAP IP address */
-- man->settings.local.sin_addr.s_addr = htonl (tun_local_ip);
-+ man->settings.local.sa.sin_addr.s_addr = htonl (tun_local_ip);
- man_connection_init (man);
- }
-
-diff -ur openvpn-2.0_rc16/manage.h openvpn-2.0_rc16MH/manage.h
---- openvpn-2.0_rc16/manage.h 2005-01-09 17:46:29.000000000 -0700
-+++ openvpn-2.0_rc16MH/manage.h 2005-02-24 20:01:50.000000000 -0700
-@@ -186,7 +186,7 @@
-
- struct man_settings {
- bool defined;
-- struct sockaddr_in local;
-+ struct openvpn_sockaddr local;
- bool up_query_passwords;
- bool management_over_tunnel;
- struct user_pass up;
-@@ -213,7 +213,7 @@
-
- socket_descriptor_t sd_top;
- socket_descriptor_t sd_cli;
-- struct sockaddr_in remote;
-+ struct openvpn_sockaddr remote;
-
- #ifdef WIN32
- struct net_event_win32 ne32;
-diff -ur openvpn-2.0_rc16/mroute.c openvpn-2.0_rc16MH/mroute.c
---- openvpn-2.0_rc16/mroute.c 2005-01-09 17:46:41.000000000 -0700
-+++ openvpn-2.0_rc16MH/mroute.c 2005-02-24 20:20:57.000000000 -0700
-@@ -169,28 +169,29 @@
- }
-
- /*
-- * Translate a struct sockaddr_in (saddr)
-+ * Translate a struct openvpn_sockaddr (osaddr)
- * to a struct mroute_addr (addr).
- */
--bool
--mroute_extract_sockaddr_in (struct mroute_addr *addr, const struct sockaddr_in *saddr, bool use_port)
-+bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr,
-+ const struct openvpn_sockaddr *osaddr,
-+ bool use_port)
- {
-- if (saddr->sin_family == AF_INET)
-+ if (osaddr->sa.sin_family == AF_INET)
- {
- if (use_port)
- {
- addr->type = MR_ADDR_IPV4 | MR_WITH_PORT;
- addr->netbits = 0;
- addr->len = 6;
-- memcpy (addr->addr, &saddr->sin_addr.s_addr, 4);
-- memcpy (addr->addr + 4, &saddr->sin_port, 2);
-+ memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4);
-+ memcpy (addr->addr + 4, &osaddr->sa.sin_port, 2);
- }
- else
- {
- addr->type = MR_ADDR_IPV4;
- addr->netbits = 0;
- addr->len = 4;
-- memcpy (addr->addr, &saddr->sin_addr.s_addr, 4);
-+ memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4);
- }
- return true;
- }
-diff -ur openvpn-2.0_rc16/mroute.h openvpn-2.0_rc16MH/mroute.h
---- openvpn-2.0_rc16/mroute.h 2005-01-09 17:46:41.000000000 -0700
-+++ openvpn-2.0_rc16MH/mroute.h 2005-02-24 20:19:05.000000000 -0700
-@@ -95,9 +95,11 @@
- struct buffer *buf,
- int tunnel_type);
-
--bool mroute_extract_sockaddr_in (struct mroute_addr *addr,
-- const struct sockaddr_in *saddr,
-- bool use_port);
-+struct openvpn_sockaddr;
-+
-+bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr,
-+ const struct openvpn_sockaddr *osaddr,
-+ bool use_port);
-
- bool mroute_learnable_address (const struct mroute_addr *addr);
-
-diff -ur openvpn-2.0_rc16/mtcp.c openvpn-2.0_rc16MH/mtcp.c
---- openvpn-2.0_rc16/mtcp.c 2005-02-05 01:55:09.000000000 -0700
-+++ openvpn-2.0_rc16MH/mtcp.c 2005-02-24 20:18:27.000000000 -0700
-@@ -160,7 +160,7 @@
- ASSERT (mi->context.c2.link_socket);
- ASSERT (mi->context.c2.link_socket->info.lsa);
- ASSERT (mi->context.c2.link_socket->mode == LS_MODE_TCP_ACCEPT_FROM);
-- if (!mroute_extract_sockaddr_in (&mi->real, &mi->context.c2.link_socket->info.lsa->actual, true))
-+ if (!mroute_extract_openvpn_sockaddr (&mi->real, &mi->context.c2.link_socket->info.lsa->actual.dest, true))
- {
- msg (D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined");
- return false;
-diff -ur openvpn-2.0_rc16/mudp.c openvpn-2.0_rc16MH/mudp.c
---- openvpn-2.0_rc16/mudp.c 2005-02-05 01:55:09.000000000 -0700
-+++ openvpn-2.0_rc16MH/mudp.c 2005-02-24 20:23:14.000000000 -0700
-@@ -52,7 +52,7 @@
- struct multi_instance *mi = NULL;
- struct hash *hash = m->hash;
-
-- if (mroute_extract_sockaddr_in (&real, &m->top.c2.from, true))
-+ if (mroute_extract_openvpn_sockaddr (&real, &m->top.c2.from.dest, true))
- {
- struct hash_element *he;
- const uint32_t hv = hash_value (hash, &real);
-diff -ur openvpn-2.0_rc16/multi.c openvpn-2.0_rc16MH/multi.c
---- openvpn-2.0_rc16/multi.c 2005-01-18 22:23:17.000000000 -0700
-+++ openvpn-2.0_rc16MH/multi.c 2005-02-24 20:27:42.000000000 -0700
-@@ -939,13 +939,13 @@
- in_addr_t a,
- int netbits) /* -1 if host route, otherwise # of network bits in address */
- {
-- struct sockaddr_in remote_si;
-+ struct openvpn_sockaddr remote_si;
- struct mroute_addr addr;
-
- CLEAR (remote_si);
-- remote_si.sin_family = AF_INET;
-- remote_si.sin_addr.s_addr = htonl (a);
-- ASSERT (mroute_extract_sockaddr_in (&addr, &remote_si, false));
-+ remote_si.sa.sin_family = AF_INET;
-+ remote_si.sa.sin_addr.s_addr = htonl (a);
-+ ASSERT (mroute_extract_openvpn_sockaddr (&addr, &remote_si, false));
-
- if (netbits >= 0)
- {
-@@ -2009,15 +2009,15 @@
- struct multi_context *m = (struct multi_context *) arg;
- struct hash_iterator hi;
- struct hash_element *he;
-- struct sockaddr_in saddr;
-+ struct openvpn_sockaddr saddr;
- struct mroute_addr maddr;
- int count = 0;
-
- CLEAR (saddr);
-- saddr.sin_family = AF_INET;
-- saddr.sin_addr.s_addr = htonl (addr);
-- saddr.sin_port = htons (port);
-- if (mroute_extract_sockaddr_in (&maddr, &saddr, true))
-+ saddr.sa.sin_family = AF_INET;
-+ saddr.sa.sin_addr.s_addr = htonl (addr);
-+ saddr.sa.sin_port = htons (port);
-+ if (mroute_extract_openvpn_sockaddr (&maddr, &saddr, true))
- {
- hash_iterator_init (m->iter, &hi, true);
- while ((he = hash_iterator_next (&hi)))
-diff -ur openvpn-2.0_rc16/openvpn.h openvpn-2.0_rc16MH/openvpn.h
---- openvpn-2.0_rc16/openvpn.h 2005-01-09 17:46:29.000000000 -0700
-+++ openvpn-2.0_rc16MH/openvpn.h 2005-02-24 18:53:27.000000000 -0700
-@@ -210,8 +210,8 @@
- struct link_socket_info *link_socket_info;
- const struct link_socket *accept_from; /* possibly do accept() on a parent link_socket */
-
-- struct sockaddr_in to_link_addr; /* IP address of remote */
-- struct sockaddr_in from; /* address of incoming datagram */
-+ struct link_socket_actual *to_link_addr; /* IP address of remote */
-+ struct link_socket_actual from; /* address of incoming datagram */
-
- /* MTU frame parameters */
- struct frame frame;
-diff -ur openvpn-2.0_rc16/options.c openvpn-2.0_rc16MH/options.c
---- openvpn-2.0_rc16/options.c 2005-02-10 19:18:08.000000000 -0700
-+++ openvpn-2.0_rc16MH/options.c 2005-02-25 21:11:12.000000000 -0700
-@@ -172,6 +172,9 @@
- "--ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a\n"
- " remote address.\n"
- "--ping n : Ping remote once every n seconds over TCP/UDP port.\n"
-+#if ENABLE_IP_PKTINFO
-+ "--multihome : Configure a multi-homed UDP server.\n"
-+#endif
- "--fast-io : (experimental) Optimize TUN/TAP/UDP writes.\n"
- #ifdef ENABLE_OCC
- "--explicit-exit-notify n : (experimental) on exit, send exit signal to remote.\n"
-@@ -1034,6 +1037,10 @@
- SHOW_INT (rcvbuf);
- SHOW_INT (sndbuf);
-
-+#if ENABLE_IP_PKTINFO
-+ SHOW_BOOL (multihome);
-+#endif
-+
- #ifdef ENABLE_HTTP_PROXY
- if (o->http_proxy_options)
- show_http_proxy_options (o->http_proxy_options);
-@@ -2997,6 +3004,13 @@
- VERIFY_PERMISSION (OPT_P_GENERAL);
- options->mlock = true;
- }
-+#if ENABLE_IP_PKTINFO
-+ else if (streq (p[0], "multihome"))
-+ {
-+ VERIFY_PERMISSION (OPT_P_GENERAL);
-+ options->multihome = true;
-+ }
-+#endif
- else if (streq (p[0], "verb") && p[1])
- {
- ++i;
-diff -ur openvpn-2.0_rc16/options.h openvpn-2.0_rc16MH/options.h
---- openvpn-2.0_rc16/options.h 2005-02-10 16:37:25.000000000 -0700
-+++ openvpn-2.0_rc16MH/options.h 2005-02-25 21:11:13.000000000 -0700
-@@ -223,6 +223,10 @@
- /* optimize TUN/TAP/UDP writes */
- bool fast_io;
-
-+#if ENABLE_IP_PKTINFO
-+ bool multihome;
-+#endif
-+
- #ifdef USE_LZO
- bool comp_lzo;
- bool comp_lzo_adaptive;
-diff -ur openvpn-2.0_rc16/ping-inline.h openvpn-2.0_rc16MH/ping-inline.h
---- openvpn-2.0_rc16/ping-inline.h 2005-01-09 17:46:41.000000000 -0700
-+++ openvpn-2.0_rc16MH/ping-inline.h 2005-02-24 19:56:53.000000000 -0700
-@@ -38,7 +38,7 @@
- && event_timeout_trigger (&c->c2.ping_rec_interval,
- &c->c2.timeval,
- (!c->options.ping_timer_remote
-- || addr_defined (&c->c1.link_socket_addr.actual))
-+ || link_socket_actual_defined (&c->c1.link_socket_addr.actual))
- ? ETT_DEFAULT : 15))
- check_ping_restart_dowork (c);
- }
-Only in openvpn-2.0_rc16MH/plugin: common
-diff -ur openvpn-2.0_rc16/socket.c openvpn-2.0_rc16MH/socket.c
---- openvpn-2.0_rc16/socket.c 2005-02-05 01:42:13.000000000 -0700
-+++ openvpn-2.0_rc16MH/socket.c 2005-02-25 21:41:34.000000000 -0700
-@@ -237,7 +237,7 @@
-
- static void
- update_remote (const char* host,
-- struct sockaddr_in *addr,
-+ struct openvpn_sockaddr *addr,
- bool *changed)
- {
- if (host && addr)
-@@ -248,9 +248,9 @@
- 1,
- NULL,
- NULL);
-- if (new_addr && addr->sin_addr.s_addr != new_addr)
-+ if (new_addr && addr->sa.sin_addr.s_addr != new_addr)
- {
-- addr->sin_addr.s_addr = new_addr;
-+ addr->sa.sin_addr.s_addr = new_addr;
- *changed = true;
- }
- }
-@@ -440,12 +440,19 @@
- }
-
- static socket_descriptor_t
--create_socket_udp (void)
-+create_socket_udp (const unsigned int flags)
- {
- socket_descriptor_t sd;
-
- if ((sd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)
- msg (M_SOCKERR, "UDP: Cannot create UDP socket");
-+#if ENABLE_IP_PKTINFO
-+ else if (flags & SF_USE_IP_PKTINFO)
-+ {
-+ int pad = 1;
-+ setsockopt (sd, SOL_IP, IP_PKTINFO, (void*)&pad, sizeof(pad));
-+ }
-+#endif
- return sd;
- }
-
-@@ -455,7 +462,7 @@
- /* create socket */
- if (sock->info.proto == PROTO_UDPv4)
- {
-- sock->sd = create_socket_udp ();
-+ sock->sd = create_socket_udp (sock->socket_flags);
-
- #ifdef ENABLE_SOCKS
- if (sock->socks_proxy)
-@@ -479,7 +486,7 @@
-
- static void
- socket_do_listen (socket_descriptor_t sd,
-- const struct sockaddr_in *local,
-+ const struct openvpn_sockaddr *local,
- bool do_listen,
- bool do_set_nonblock)
- {
-@@ -501,16 +508,18 @@
-
- socket_descriptor_t
- socket_do_accept (socket_descriptor_t sd,
-- struct sockaddr_in *remote,
-+ struct link_socket_actual *act,
- const bool nowait)
- {
-- socklen_t remote_len = sizeof (*remote);
-+ socklen_t remote_len = sizeof (act->dest.sa);
- socket_descriptor_t new_sd = SOCKET_UNDEFINED;
-
-+ CLEAR (*act);
-+
- #ifdef HAVE_GETPEERNAME
- if (nowait)
- {
-- new_sd = getpeername (sd, (struct sockaddr *) remote, &remote_len);
-+ new_sd = getpeername (sd, (struct sockaddr *) &act->dest.sa, &remote_len);
-
- if (!socket_defined (new_sd))
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed");
-@@ -522,7 +531,7 @@
- #endif
- else
- {
-- new_sd = accept (sd, (struct sockaddr *) remote, &remote_len);
-+ new_sd = accept (sd, (struct sockaddr *) &act->dest.sa, &remote_len);
- }
-
- #if 0 /* For debugging only, test the effect of accept() failures */
-@@ -538,7 +547,7 @@
- {
- msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd);
- }
-- else if (remote_len != sizeof (*remote))
-+ else if (remote_len != sizeof (act->dest.sa))
- {
- msg (D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len);
- openvpn_close_socket (new_sd);
-@@ -540,28 +549,30 @@
- }
-
- static void
--tcp_connection_established (const struct sockaddr_in *remote)
-+tcp_connection_established (const struct link_socket_actual *act)
- {
- struct gc_arena gc = gc_new ();
- msg (M_INFO, "TCP connection established with %s",
-- print_sockaddr (remote, &gc));
-+ print_link_socket_actual (act, &gc));
- gc_free (&gc);
- }
-
- static int
- socket_listen_accept (socket_descriptor_t sd,
-- struct sockaddr_in *remote,
-+ struct link_socket_actual *act,
- const char *remote_dynamic,
- bool *remote_changed,
-- const struct sockaddr_in *local,
-+ const struct openvpn_sockaddr *local,
- bool do_listen,
- bool nowait,
- volatile int *signal_received)
- {
- struct gc_arena gc = gc_new ();
-- struct sockaddr_in remote_verify = *remote;
-+ //struct openvpn_sockaddr *remote = &act->dest;
-+ struct openvpn_sockaddr remote_verify = act->dest;
- int new_sd = SOCKET_UNDEFINED;
-
-+ CLEAR (*act);
- socket_do_listen (sd, local, do_listen, true);
-
- while (true)
-@@ -590,17 +601,17 @@
- if (status <= 0)
- continue;
-
-- new_sd = socket_do_accept (sd, remote, nowait);
-+ new_sd = socket_do_accept (sd, act, nowait);
-
- if (socket_defined (new_sd))
- {
- update_remote (remote_dynamic, &remote_verify, remote_changed);
- if (addr_defined (&remote_verify)
-- && !addr_match (&remote_verify, remote))
-+ && !addr_match (&remote_verify, &act->dest))
- {
- msg (M_WARN,
- "TCP NOTE: Rejected connection attempt from %s due to --remote setting",
-- print_sockaddr (remote, &gc));
-+ print_link_socket_actual (act, &gc));
- if (openvpn_close_socket (new_sd))
- msg (M_SOCKERR, "TCP: close socket failed (new_sd)");
- }
-@@ -613,7 +624,7 @@
- if (!nowait && openvpn_close_socket (sd))
- msg (M_SOCKERR, "TCP: close socket failed (sd)");
-
-- tcp_connection_established (remote);
-+ tcp_connection_established (act);
-
- gc_free (&gc);
- return new_sd;
-@@ -621,7 +632,7 @@
-
- static void
- socket_connect (socket_descriptor_t *sd,
-- struct sockaddr_in *remote,
-+ struct openvpn_sockaddr *remote,
- struct remote_list *remote_list,
- const char *remote_dynamic,
- bool *remote_changed,
-@@ -634,8 +645,8 @@
- print_sockaddr (remote, &gc));
- while (true)
- {
-- const int status = connect (*sd, (struct sockaddr *) remote,
-- sizeof (*remote));
-+ const int status = connect (*sd, (struct sockaddr *) &remote->sa,
-+ sizeof (remote->sa));
-
- get_signal (signal_received);
- if (*signal_received)
-@@ -656,7 +667,7 @@
- {
- remote_list_next (remote_list);
- remote_dynamic = remote_list_host (remote_list);
-- remote->sin_port = htons (remote_list_port (remote_list));
-+ remote->sa.sin_port = htons (remote_list_port (remote_list));
- *remote_changed = true;
- }
-
-@@ -716,22 +727,22 @@
- /* resolve local address if undefined */
- if (!addr_defined (&sock->info.lsa->local))
- {
-- sock->info.lsa->local.sin_family = AF_INET;
-- sock->info.lsa->local.sin_addr.s_addr =
-+ sock->info.lsa->local.sa.sin_family = AF_INET;
-+ sock->info.lsa->local.sa.sin_addr.s_addr =
- (sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL,
- sock->local_host,
- 0,
- NULL,
- NULL)
- : htonl (INADDR_ANY));
-- sock->info.lsa->local.sin_port = htons (sock->local_port);
-+ sock->info.lsa->local.sa.sin_port = htons (sock->local_port);
- }
-
- /* bind to local address/port */
- if (sock->bind_local)
- {
-- if (bind (sock->sd, (struct sockaddr *) &sock->info.lsa->local,
-- sizeof (sock->info.lsa->local)))
-+ if (bind (sock->sd, (struct sockaddr *) &sock->info.lsa->local.sa,
-+ sizeof (sock->info.lsa->local.sa)))
- {
- const int errnum = openvpn_errno_socket ();
- msg (M_FATAL, "TCP/UDP: Socket bind failed on local address %s: %s",
-@@ -755,8 +766,8 @@
- /* resolve remote address if undefined */
- if (!addr_defined (&sock->info.lsa->remote))
- {
-- sock->info.lsa->remote.sin_family = AF_INET;
-- sock->info.lsa->remote.sin_addr.s_addr = 0;
-+ sock->info.lsa->remote.sa.sin_family = AF_INET;
-+ sock->info.lsa->remote.sa.sin_addr.s_addr = 0;
-
- if (sock->remote_host)
- {
-@@ -794,7 +805,7 @@
- ASSERT (0);
- }
-
-- sock->info.lsa->remote.sin_addr.s_addr = getaddr (
-+ sock->info.lsa->remote.sa.sin_addr.s_addr = getaddr (
- flags,
- sock->remote_host,
- retry,
-@@ -821,19 +832,22 @@
- }
- }
-
-- sock->info.lsa->remote.sin_port = htons (sock->remote_port);
-+ sock->info.lsa->remote.sa.sin_port = htons (sock->remote_port);
- }
-
- /* should we re-use previous active remote address? */
-- if (addr_defined (&sock->info.lsa->actual))
-+ if (link_socket_actual_defined (&sock->info.lsa->actual))
- {
- msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s",
-- print_sockaddr (&sock->info.lsa->actual, &gc));
-+ print_link_socket_actual (&sock->info.lsa->actual, &gc));
- if (remote_dynamic)
- *remote_dynamic = NULL;
- }
- else
-- sock->info.lsa->actual = sock->info.lsa->remote;
-+ {
-+ CLEAR (sock->info.lsa->actual);
-+ sock->info.lsa->actual.dest = sock->info.lsa->remote;
-+ }
-
- /* remember that we finished */
- sock->did_resolve_remote = true;
-@@ -884,7 +898,8 @@
- int connect_retry_seconds,
- int mtu_discover_type,
- int rcvbuf,
-- int sndbuf)
-+ int sndbuf,
-+ const unsigned int socket_flags)
- {
- const char *remote_host;
- int remote_port;
-@@ -920,6 +935,8 @@
- sock->socket_buffer_sizes.rcvbuf = rcvbuf;
- sock->socket_buffer_sizes.sndbuf = sndbuf;
-
-+ sock->socket_flags = socket_flags;
-+
- sock->info.proto = proto;
- sock->info.remote_float = remote_float;
- sock->info.lsa = lsa;
-@@ -1097,7 +1114,7 @@
- else if (sock->info.proto == PROTO_TCPv4_CLIENT)
- {
- socket_connect (&sock->sd,
-- &sock->info.lsa->actual,
-+ &sock->info.lsa->actual.dest,
- sock->remote_list,
- remote_dynamic,
- &remote_changed,
-@@ -1135,7 +1152,7 @@
- else if (sock->info.proto == PROTO_UDPv4 && sock->socks_proxy)
- {
- socket_connect (&sock->ctrl_sd,
-- &sock->info.lsa->actual,
-+ &sock->info.lsa->actual.dest,
- NULL,
- remote_dynamic,
- &remote_changed,
-@@ -1147,7 +1164,8 @@
-
- establish_socks_proxy_udpassoc (sock->socks_proxy,
- sock->ctrl_sd,
-- sock->sd, &sock->socks_relay,
-+ sock->sd,
-+ &sock->socks_relay.dest,
- signal_received);
-
- if (*signal_received)
-@@ -1156,8 +1174,9 @@
- sock->remote_host = sock->proxy_dest_host;
- sock->remote_port = sock->proxy_dest_port;
- sock->did_resolve_remote = false;
-- sock->info.lsa->actual.sin_addr.s_addr = 0;
-- sock->info.lsa->remote.sin_addr.s_addr = 0;
-+
-+ sock->info.lsa->actual.dest.sa.sin_addr.s_addr = 0;
-+ sock->info.lsa->remote.sa.sin_addr.s_addr = 0;
-
- resolve_remote (sock, 1, NULL, signal_received);
-
-@@ -1172,7 +1191,7 @@
- if (remote_changed)
- {
- msg (M_INFO, "TCP/UDP: Dynamic remote address changed during TCP connection establishment");
-- sock->info.lsa->remote.sin_addr.s_addr = sock->info.lsa->actual.sin_addr.s_addr;
-+ sock->info.lsa->remote.sa.sin_addr.s_addr = sock->info.lsa->actual.dest.sa.sin_addr.s_addr;
- }
- }
-
-@@ -1206,12 +1225,15 @@
- msg (M_INFO, "%s link local%s: %s",
- proto2ascii (sock->info.proto, true),
- (sock->bind_local ? " (bound)" : ""),
-- print_sockaddr_ex (&sock->info.lsa->local, sock->bind_local, ":", &gc));
-+ print_sockaddr_ex (&sock->info.lsa->local, ":", sock->bind_local ? PS_SHOW_PORT : 0, &gc));
-
- /* print active remote address */
- msg (M_INFO, "%s link remote: %s",
- proto2ascii (sock->info.proto, true),
-- print_sockaddr_ex (&sock->info.lsa->actual, addr_defined (&sock->info.lsa->actual), ":", &gc));
-+ print_link_socket_actual_ex (&sock->info.lsa->actual,
-+ ":",
-+ PS_SHOW_PORT_IF_DEFINED,
-+ &gc));
-
- done:
- gc_free (&gc);
-@@ -1276,19 +1298,19 @@
- void
- setenv_trusted (struct env_set *es, const struct link_socket_info *info)
- {
-- setenv_sockaddr (es, "trusted", &info->lsa->actual, SA_IP_PORT);
-+ setenv_link_socket_actual (es, "trusted", &info->lsa->actual, SA_IP_PORT);
- }
-
- void
- link_socket_connection_initiated (const struct buffer *buf,
- struct link_socket_info *info,
-- const struct sockaddr_in *addr,
-+ const struct link_socket_actual *act,
- const char *common_name,
- struct env_set *es)
- {
- struct gc_arena gc = gc_new ();
-
-- info->lsa->actual = *addr; /* Note: skip this line for --force-dest */
-+ info->lsa->actual = *act; /* Note: skip this line for --force-dest */
- setenv_trusted (es, info);
- info->connection_established = true;
-
-@@ -1297,7 +1319,7 @@
- struct buffer out = alloc_buf_gc (256, &gc);
- if (common_name)
- buf_printf (&out, "[%s] ", common_name);
-- buf_printf (&out, "Peer Connection Initiated with %s", print_sockaddr (&info->lsa->actual, &gc));
-+ buf_printf (&out, "Peer Connection Initiated with %s", print_link_socket_actual (&info->lsa->actual, &gc));
- msg (M_INFO, "%s", BSTR (&out));
- }
-
-@@ -1307,7 +1329,7 @@
- /* Process --ipchange plugin */
- if (plugin_defined (info->plugins, OPENVPN_PLUGIN_IPCHANGE))
- {
-- const char *addr_ascii = print_sockaddr_ex (&info->lsa->actual, true, " ", &gc);
-+ const char *addr_ascii = print_sockaddr_ex (&info->lsa->actual.dest, " ", PS_SHOW_PORT, &gc);
- if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, addr_ascii, es))
- msg (M_WARN, "WARNING: ipchange plugin call failed");
- }
-@@ -1319,7 +1341,7 @@
- setenv_str (es, "script_type", "ipchange");
- buf_printf (&out, "%s %s",
- info->ipchange_command,
-- print_sockaddr_ex (&info->lsa->actual, true, " ", &gc));
-+ print_sockaddr_ex (&info->lsa->actual.dest, " ", PS_SHOW_PORT, &gc));
- system_check (BSTR (&out), es, S_SCRIPT, "ip-change command failed");
- }
-
-@@ -1329,14 +1351,14 @@
- void
- link_socket_bad_incoming_addr (struct buffer *buf,
- const struct link_socket_info *info,
-- const struct sockaddr_in *from_addr)
-+ const struct link_socket_actual *from_addr)
- {
- struct gc_arena gc = gc_new ();
-
- msg (D_LINK_ERRORS,
- "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",
-- print_sockaddr (from_addr, &gc),
-- (int)from_addr->sin_family,
-+ print_link_socket_actual (from_addr, &gc),
-+ (int)from_addr->dest.sa.sin_family,
- print_sockaddr (&info->lsa->remote, &gc));
- buf->len = 0;
-
-@@ -1354,10 +1376,10 @@
- {
- const struct link_socket_addr *lsa = info->lsa;
-
-- if (addr_defined (&lsa->actual))
-- return ntohl (lsa->actual.sin_addr.s_addr);
-+ if (link_socket_actual_defined (&lsa->actual))
-+ return ntohl (lsa->actual.dest.sa.sin_addr.s_addr);
- else if (addr_defined (&lsa->remote))
-- return ntohl (lsa->remote.sin_addr.s_addr);
-+ return ntohl (lsa->remote.sa.sin_addr.s_addr);
- else
- return 0;
- }
-@@ -1550,29 +1572,69 @@
- */
-
- const char *
--print_sockaddr (const struct sockaddr_in *addr, struct gc_arena *gc)
-+print_sockaddr (const struct openvpn_sockaddr *addr, struct gc_arena *gc)
- {
-- return print_sockaddr_ex(addr, true, ":", gc);
-+ return print_sockaddr_ex (addr, ":", PS_SHOW_PORT, gc);
- }
-
- const char *
--print_sockaddr_ex (const struct sockaddr_in *addr, bool do_port, const char* separator, struct gc_arena *gc)
-+print_sockaddr_ex (const struct openvpn_sockaddr *addr,
-+ const char* separator,
-+ const unsigned int flags,
-+ struct gc_arena *gc)
- {
-- struct buffer out = alloc_buf_gc (64, gc);
-- const int port = ntohs (addr->sin_port);
-+ if (addr)
-+ {
-+ struct buffer out = alloc_buf_gc (64, gc);
-+ const int port = ntohs (addr->sa.sin_port);
-
-- mutex_lock_static (L_INET_NTOA);
-- buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->sin_addr) : "[undef]"));
-- mutex_unlock_static (L_INET_NTOA);
-+ mutex_lock_static (L_INET_NTOA);
-+ buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->sa.sin_addr) : "[undef]"));
-+ mutex_unlock_static (L_INET_NTOA);
-
-- if (do_port && port)
-- {
-- if (separator)
-- buf_printf (&out, "%s", separator);
-+ if (((flags & PS_SHOW_PORT) || (addr_defined (addr) && (flags & PS_SHOW_PORT_IF_DEFINED)))
-+ && port)
-+ {
-+ if (separator)
-+ buf_printf (&out, "%s", separator);
-
-- buf_printf (&out, "%d", port);
-+ buf_printf (&out, "%d", port);
-+ }
-+ return BSTR (&out);
- }
-- return BSTR (&out);
-+ else
-+ return "[NULL]";
-+}
-+
-+const char *
-+print_link_socket_actual (const struct link_socket_actual *act, struct gc_arena *gc)
-+{
-+ return print_link_socket_actual_ex (act, ":", PS_SHOW_PORT|PS_SHOW_PKTINFO, gc);
-+}
-+
-+const char *
-+print_link_socket_actual_ex (const struct link_socket_actual *act,
-+ const char *separator,
-+ const unsigned int flags,
-+ struct gc_arena *gc)
-+{
-+ if (act)
-+ {
-+ struct buffer out = alloc_buf_gc (128, gc);
-+ buf_printf (&out, "%s", print_sockaddr_ex (&act->dest, separator, flags, gc));
-+#if ENABLE_IP_PKTINFO
-+ if ((flags & PS_SHOW_PKTINFO) && act->pi.ipi_spec_dst.s_addr)
-+ {
-+ struct openvpn_sockaddr sa;
-+ CLEAR (sa);
-+ sa.sa.sin_addr = act->pi.ipi_spec_dst;
-+ buf_printf (&out, " (via %s)", print_sockaddr_ex (&sa, separator, 0, gc));
-+ }
-+#endif
-+ return BSTR (&out);
-+ }
-+ else
-+ return "[NULL]";
- }
-
- /*
-@@ -1599,7 +1661,7 @@
-
- /* set environmental variables for ip/port in *addr */
- void
--setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct sockaddr_in *addr, const bool flags)
-+setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const bool flags)
- {
- char name_buf[256];
-
-@@ -1609,13 +1671,13 @@
- openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix);
-
- mutex_lock_static (L_INET_NTOA);
-- setenv_str (es, name_buf, inet_ntoa (addr->sin_addr));
-+ setenv_str (es, name_buf, inet_ntoa (addr->sa.sin_addr));
- mutex_unlock_static (L_INET_NTOA);
-
-- if ((flags & SA_IP_PORT) && addr->sin_port)
-+ if ((flags & SA_IP_PORT) && addr->sa.sin_port)
- {
- openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix);
-- setenv_int (es, name_buf, ntohs (addr->sin_port));
-+ setenv_int (es, name_buf, ntohs (addr->sa.sin_port));
- }
- }
-
-@@ -1624,13 +1686,22 @@
- {
- if (addr || !(flags & SA_SET_IF_NONZERO))
- {
-- struct sockaddr_in si;
-+ struct openvpn_sockaddr si;
- CLEAR (si);
-- si.sin_addr.s_addr = htonl (addr);
-+ si.sa.sin_addr.s_addr = htonl (addr);
- setenv_sockaddr (es, name_prefix, &si, flags);
- }
- }
-
-+void
-+setenv_link_socket_actual (struct env_set *es,
-+ const char *name_prefix,
-+ const struct link_socket_actual *act,
-+ const bool flags)
-+{
-+ setenv_sockaddr (es, name_prefix, &act->dest, flags);
-+}
-+
- /*
- * Convert protocol names between index and ascii form.
- */
-@@ -1760,19 +1831,72 @@
-
- #ifndef WIN32
-
-+#if ENABLE_IP_PKTINFO
-+
-+struct openvpn_pktinfo
-+{
-+ struct cmsghdr cmsghdr;
-+ struct in_pktinfo in_pktinfo;
-+};
-+
-+static socklen_t
-+link_socket_read_udp_posix_recvmsg (struct link_socket *sock,
-+ struct buffer *buf,
-+ int maxsize,
-+ struct link_socket_actual *from)
-+{
-+ struct iovec iov;
-+ struct openvpn_pktinfo opi;
-+ struct msghdr mesg;
-+ socklen_t fromlen = sizeof (from->dest.sa);
-+
-+ iov.iov_base = BPTR (buf);
-+ iov.iov_len = maxsize;
-+ mesg.msg_iov = &iov;
-+ mesg.msg_iovlen = 1;
-+ mesg.msg_name = &from->dest.sa;
-+ mesg.msg_namelen = fromlen;
-+ mesg.msg_control = &opi;
-+ mesg.msg_controllen = sizeof (opi);
-+ buf->len = recvmsg (sock->sd, &mesg, 0);
-+ if (buf->len >= 0)
-+ {
-+ struct cmsghdr *cmsg;
-+ fromlen = mesg.msg_namelen;
-+ cmsg = CMSG_FIRSTHDR (&mesg);
-+ if (cmsg != NULL
-+ && CMSG_NXTHDR (&mesg, cmsg) == NULL
-+ && cmsg->cmsg_level == SOL_IP
-+ && cmsg->cmsg_type == IP_PKTINFO
-+ && cmsg->cmsg_len >= sizeof (opi))
-+ {
-+ struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA (cmsg);
-+ from->pi.ipi_ifindex = pkti->ipi_ifindex;
-+ from->pi.ipi_spec_dst = pkti->ipi_spec_dst;
-+ }
-+ }
-+ return fromlen;
-+}
-+#endif
-+
- int
- link_socket_read_udp_posix (struct link_socket *sock,
- struct buffer *buf,
- int maxsize,
-- struct sockaddr_in *from)
-+ struct link_socket_actual *from)
- {
-- socklen_t fromlen = sizeof (*from);
-- CLEAR (*from);
-+ socklen_t fromlen = sizeof (from->dest.sa);
-+ from->dest.sa.sin_addr.s_addr = 0;
- ASSERT (buf_safe (buf, maxsize));
-- buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0,
-- (struct sockaddr *) from, &fromlen);
-- if (fromlen != sizeof (*from))
-- bad_address_length (fromlen, sizeof (*from));
-+#if ENABLE_IP_PKTINFO
-+ if (sock->socket_flags & SF_USE_IP_PKTINFO)
-+ fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from);
-+ else
-+#endif
-+ buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0,
-+ (struct sockaddr *) &from->dest.sa, &fromlen);
-+ if (fromlen != sizeof (from->dest.sa))
-+ bad_address_length (fromlen, sizeof (from->dest.sa));
- return buf->len;
- }
-
-@@ -1785,7 +1909,7 @@
- int
- link_socket_write_tcp (struct link_socket *sock,
- struct buffer *buf,
-- struct sockaddr_in *to)
-+ struct link_socket_actual *to)
- {
- packet_size_type len = BLEN (buf);
- dmsg (D_STREAM_DEBUG, "STREAM: WRITE %d offset=%d", (int)len, buf->offset);
-@@ -1799,6 +1923,41 @@
- #endif
- }
-
-+#if ENABLE_IP_PKTINFO
-+
-+int
-+link_socket_write_udp_posix_sendmsg (struct link_socket *sock,
-+ struct buffer *buf,
-+ struct link_socket_actual *to)
-+{
-+ struct iovec iov;
-+ struct msghdr mesg;
-+ struct cmsghdr *cmsg;
-+ struct in_pktinfo *pkti;
-+ struct openvpn_pktinfo opi;
-+
-+ iov.iov_base = BPTR (buf);
-+ iov.iov_len = BLEN (buf);
-+ mesg.msg_iov = &iov;
-+ mesg.msg_iovlen = 1;
-+ mesg.msg_name = &to->dest.sa;
-+ mesg.msg_namelen = sizeof (to->dest.sa);
-+ mesg.msg_control = &opi;
-+ mesg.msg_controllen = sizeof (opi);
-+ mesg.msg_flags = 0;
-+ cmsg = CMSG_FIRSTHDR (&mesg);
-+ cmsg->cmsg_len = sizeof (opi);
-+ cmsg->cmsg_level = SOL_IP;
-+ cmsg->cmsg_type = IP_PKTINFO;
-+ pkti = (struct in_pktinfo *) CMSG_DATA (cmsg);
-+ pkti->ipi_ifindex = to->pi.ipi_ifindex;
-+ pkti->ipi_spec_dst = to->pi.ipi_spec_dst;
-+ pkti->ipi_addr.s_addr = 0;
-+ return sendmsg (sock->sd, &mesg, 0);
-+}
-+
-+#endif
-+
- /*
- * Win32 overlapped socket I/O functions.
- */
-@@ -1913,7 +2072,7 @@
- }
-
- int
--socket_send_queue (struct link_socket *sock, struct buffer *buf, const struct sockaddr_in *to)
-+socket_send_queue (struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to)
- {
- if (sock->writes.iostate == IOSTATE_INITIAL)
- {
-@@ -1937,7 +2096,7 @@
- {
- /* set destination address for UDP writes */
- sock->writes.addr_defined = true;
-- sock->writes.addr = *to;
-+ sock->writes.addr = to->dest.sa;
- sock->writes.addrlen = sizeof (sock->writes.addr);
-
- status = WSASendTo(
-@@ -2013,11 +2172,10 @@
- }
-
- int
--socket_finalize (
-- SOCKET s,
-+socket_finalize (SOCKET s,
- struct overlapped_io *io,
- struct buffer *buf,
-- struct sockaddr_in *from)
-+ struct link_socket_actual *from)
- {
- int ret = -1;
- BOOL status;
-@@ -2094,10 +2252,10 @@
- {
- if (io->addrlen != sizeof (io->addr))
- bad_address_length (io->addrlen, sizeof (io->addr));
-- *from = io->addr;
-+ from->dest.sa = io->addr;
- }
- else
-- CLEAR (*from);
-+ CLEAR (from->dest.sa);
- }
-
- if (buf)
-diff -ur openvpn-2.0_rc16/socket.h openvpn-2.0_rc16MH/socket.h
---- openvpn-2.0_rc16/socket.h 2005-02-05 01:36:31.000000000 -0700
-+++ openvpn-2.0_rc16MH/socket.h 2005-02-25 21:13:53.000000000 -0700
-@@ -78,12 +78,29 @@
- /* convert a packet_size_type from network to host order */
- #define ntohps(x) ntohs(x)
-
-+/* OpenVPN sockaddr struct */
-+struct openvpn_sockaddr
-+{
-+ int dummy; // JYFIXME
-+ struct sockaddr_in sa;
-+};
-+
-+/* actual address of remote, based on source address of received packets */
-+struct link_socket_actual
-+{
-+ int dummy; // JYFIXME
-+ struct openvpn_sockaddr dest;
-+#if ENABLE_IP_PKTINFO
-+ struct in_pktinfo pi;
-+#endif
-+};
-+
- /* IP addresses which are persistant across SIGUSR1s */
- struct link_socket_addr
- {
-- struct sockaddr_in local;
-- struct sockaddr_in remote; /* initial remote */
-- struct sockaddr_in actual; /* remote may change due to --float */
-+ struct openvpn_sockaddr local;
-+ struct openvpn_sockaddr remote; /* initial remote */
-+ struct link_socket_actual actual; /* reply to this address */
- };
-
- struct link_socket_info
-@@ -186,6 +203,9 @@
- struct buffer stream_buf_data;
- bool stream_reset;
-
-+# define SF_USE_IP_PKTINFO (1<<0)
-+ unsigned int socket_flags;
-+
- #ifdef ENABLE_HTTP_PROXY
- /* HTTP proxy */
- struct http_proxy_info *http_proxy;
-@@ -194,7 +214,7 @@
- #ifdef ENABLE_SOCKS
- /* Socks proxy */
- struct socks_proxy_info *socks_proxy;
-- struct sockaddr_in socks_relay; /* Socks UDP relay address */
-+ struct link_socket_actual socks_relay; /* Socks UDP relay address */
- #endif
-
- #if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_SOCKS)
-@@ -230,13 +250,13 @@
-
- int socket_send_queue (struct link_socket *sock,
- struct buffer *buf,
-- const struct sockaddr_in *to);
-+ const struct link_socket_actual *to);
-
- int socket_finalize (
- SOCKET s,
- struct overlapped_io *io,
- struct buffer *buf,
-- struct sockaddr_in *from);
-+ struct link_socket_actual *from);
-
- #else
-
-@@ -277,29 +297,41 @@
- int connect_retry_seconds,
- int mtu_discover_type,
- int rcvbuf,
-- int sndbuf);
-+ int sndbuf,
-+ const unsigned int socket_flags);
-
- void link_socket_init_phase2 (struct link_socket *sock,
- const struct frame *frame,
- volatile int *signal_received);
-
--void link_socket_post_fork (const struct link_socket *sock,
-- const struct sockaddr_in *remote);
--
- void socket_adjust_frame_parameters (struct frame *frame, int proto);
-
- void frame_adjust_path_mtu (struct frame *frame, int pmtu, int proto);
-
- void link_socket_close (struct link_socket *sock);
-
--const char *print_sockaddr_ex (const struct sockaddr_in *addr,
-- bool do_port,
-+#define PS_SHOW_PORT_IF_DEFINED (1<<0)
-+#define PS_SHOW_PORT (1<<1)
-+#define PS_SHOW_PKTINFO (1<<2)
-+
-+const char *print_sockaddr_ex (const struct openvpn_sockaddr *addr,
- const char* separator,
-+ const unsigned int flags,
- struct gc_arena *gc);
-
--const char *print_sockaddr (const struct sockaddr_in *addr,
-+
-+const char *print_sockaddr (const struct openvpn_sockaddr *addr,
- struct gc_arena *gc);
-
-+const char *print_link_socket_actual_ex (const struct link_socket_actual *act,
-+ const char* separator,
-+ const unsigned int flags,
-+ struct gc_arena *gc);
-+
-+const char *print_link_socket_actual (const struct link_socket_actual *act,
-+ struct gc_arena *gc);
-+
-+
- #define IA_EMPTY_IF_UNDEF (1<<0)
- #define IA_NET_ORDER (1<<1)
- const char *print_in_addr_t (in_addr_t addr, unsigned int flags, struct gc_arena *gc);
-@@ -308,7 +340,7 @@
- #define SA_SET_IF_NONZERO (1<<1)
- void setenv_sockaddr (struct env_set *es,
- const char *name_prefix,
-- const struct sockaddr_in *addr,
-+ const struct openvpn_sockaddr *addr,
- const bool flags);
-
- void setenv_in_addr_t (struct env_set *es,
-@@ -316,19 +348,24 @@
- in_addr_t addr,
- const bool flags);
-
-+void setenv_link_socket_actual (struct env_set *es,
-+ const char *name_prefix,
-+ const struct link_socket_actual *act,
-+ const bool flags);
-+
- void bad_address_length (int actual, int expected);
-
- in_addr_t link_socket_current_remote (const struct link_socket_info *info);
-
- void link_socket_connection_initiated (const struct buffer *buf,
- struct link_socket_info *info,
-- const struct sockaddr_in *addr,
-+ const struct link_socket_actual *addr,
- const char *common_name,
- struct env_set *es);
-
- void link_socket_bad_incoming_addr (struct buffer *buf,
- const struct link_socket_info *info,
-- const struct sockaddr_in *from_addr);
-+ const struct link_socket_actual *from_addr);
-
- void link_socket_bad_outgoing_addr (void);
-
-@@ -349,7 +386,7 @@
- socket_descriptor_t create_socket_tcp (void);
-
- socket_descriptor_t socket_do_accept (socket_descriptor_t sd,
-- struct sockaddr_in *remote,
-+ struct link_socket_actual *act,
- const bool nowait);
-
- /*
-@@ -440,33 +477,39 @@
- }
-
- static inline bool
--addr_defined (const struct sockaddr_in *addr)
-+addr_defined (const struct openvpn_sockaddr *addr)
- {
-- return addr->sin_addr.s_addr != 0;
-+ return addr->sa.sin_addr.s_addr != 0;
- }
-
- static inline bool
--addr_match (const struct sockaddr_in *a1, const struct sockaddr_in *a2)
-+link_socket_actual_defined (const struct link_socket_actual *act)
- {
-- return a1->sin_addr.s_addr == a2->sin_addr.s_addr;
-+ return act && addr_defined (&act->dest);
-+}
-+
-+static inline bool
-+addr_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
-+{
-+ return a1->sa.sin_addr.s_addr == a2->sa.sin_addr.s_addr;
- }
-
- static inline in_addr_t
--addr_host (const struct sockaddr_in *s)
-+addr_host (const struct openvpn_sockaddr *s)
- {
-- return ntohl (s->sin_addr.s_addr);
-+ return ntohl (s->sa.sin_addr.s_addr);
- }
-
- static inline bool
--addr_port_match (const struct sockaddr_in *a1, const struct sockaddr_in *a2)
-+addr_port_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
- {
-- return a1->sin_addr.s_addr == a2->sin_addr.s_addr
-- && a1->sin_port == a2->sin_port;
-+ return a1->sa.sin_addr.s_addr == a2->sa.sin_addr.s_addr
-+ && a1->sa.sin_port == a2->sa.sin_port;
- }
-
- static inline bool
--addr_match_proto (const struct sockaddr_in *a1,
-- const struct sockaddr_in *a2,
-+addr_match_proto (const struct openvpn_sockaddr *a1,
-+ const struct openvpn_sockaddr *a2,
- const int proto)
- {
- return link_socket_proto_connection_oriented (proto)
-@@ -475,6 +518,12 @@
- }
-
- static inline bool
-+link_socket_actual_match (const struct link_socket_actual *a1, const struct link_socket_actual *a2)
-+{
-+ return addr_port_match (&a1->dest, &a2->dest);
-+}
-+
-+static inline bool
- socket_connection_reset (const struct link_socket *sock, int status)
- {
- if (link_socket_connection_oriented (sock))
-@@ -497,17 +546,17 @@
- static inline bool
- link_socket_verify_incoming_addr (struct buffer *buf,
- const struct link_socket_info *info,
-- const struct sockaddr_in *from_addr)
-+ const struct link_socket_actual *from_addr)
- {
- if (buf->len > 0)
- {
-- if (from_addr->sin_family != AF_INET)
-+ if (from_addr->dest.sa.sin_family != AF_INET)
- return false;
-- if (!addr_defined (from_addr))
-+ if (!link_socket_actual_defined (from_addr))
- return false;
- if (info->remote_float || !addr_defined (&info->lsa->remote))
- return true;
-- if (addr_match_proto (from_addr, &info->lsa->remote, info->proto))
-+ if (addr_match_proto (&from_addr->dest, &info->lsa->remote, info->proto))
- return true;
- }
- return false;
-@@ -516,21 +565,18 @@
- static inline void
- link_socket_get_outgoing_addr (struct buffer *buf,
- const struct link_socket_info *info,
-- struct sockaddr_in *addr)
-+ struct link_socket_actual **act)
- {
- if (buf->len > 0)
- {
- struct link_socket_addr *lsa = info->lsa;
-- if (addr_defined (&lsa->actual))
-- {
-- addr->sin_family = lsa->actual.sin_family;
-- addr->sin_addr.s_addr = lsa->actual.sin_addr.s_addr;
-- addr->sin_port = lsa->actual.sin_port;
-- }
-+ if (link_socket_actual_defined (&lsa->actual))
-+ *act = &lsa->actual;
- else
- {
- link_socket_bad_outgoing_addr ();
- buf->len = 0;
-+ *act = NULL;
- }
- }
- }
-@@ -538,7 +584,7 @@
- static inline void
- link_socket_set_outgoing_addr (const struct buffer *buf,
- struct link_socket_info *info,
-- const struct sockaddr_in *addr,
-+ const struct link_socket_actual *act,
- const char *common_name,
- struct env_set *es)
- {
-@@ -548,14 +594,14 @@
- if (
- /* new or changed address? */
- (!info->connection_established
-- || !addr_match_proto (addr, &lsa->actual, info->proto))
-+ || !addr_match_proto (&act->dest, &lsa->actual.dest, info->proto))
- /* address undef or address == remote or --float */
- && (info->remote_float
- || !addr_defined (&lsa->remote)
-- || addr_match_proto (addr, &lsa->remote, info->proto))
-+ || addr_match_proto (&act->dest, &lsa->remote, info->proto))
- )
- {
-- link_socket_connection_initiated (buf, info, addr, common_name, es);
-+ link_socket_connection_initiated (buf, info, act, common_name, es);
- }
- }
- }
-@@ -592,7 +638,7 @@
- static inline int
- link_socket_read_udp_win32 (struct link_socket *sock,
- struct buffer *buf,
-- struct sockaddr_in *from)
-+ struct link_socket_actual *from)
- {
- return socket_finalize (sock->sd, &sock->reads, buf, from);
- }
-@@ -602,7 +648,7 @@
- int link_socket_read_udp_posix (struct link_socket *sock,
- struct buffer *buf,
- int maxsize,
-- struct sockaddr_in *from);
-+ struct link_socket_actual *from);
-
- #endif
-
-@@ -611,7 +657,7 @@
- link_socket_read (struct link_socket *sock,
- struct buffer *buf,
- int maxsize,
-- struct sockaddr_in *from)
-+ struct link_socket_actual *from)
- {
- if (sock->info.proto == PROTO_UDPv4)
- {
-@@ -627,7 +673,7 @@
- else if (sock->info.proto == PROTO_TCPv4_SERVER || sock->info.proto == PROTO_TCPv4_CLIENT)
- {
- /* from address was returned by accept */
-- *from = sock->info.lsa->actual;
-+ from->dest.sa = sock->info.lsa->actual.dest.sa;
- return link_socket_read_tcp (sock, buf);
- }
- else
-@@ -643,14 +689,14 @@
-
- int link_socket_write_tcp (struct link_socket *sock,
- struct buffer *buf,
-- struct sockaddr_in *to);
-+ struct link_socket_actual *to);
-
- #ifdef WIN32
-
- static inline int
- link_socket_write_win32 (struct link_socket *sock,
- struct buffer *buf,
-- struct sockaddr_in *to)
-+ struct link_socket_actual *to)
- {
- int err = 0;
- int status = 0;
-@@ -675,17 +721,26 @@
- static inline int
- link_socket_write_udp_posix (struct link_socket *sock,
- struct buffer *buf,
-- struct sockaddr_in *to)
-+ struct link_socket_actual *to)
- {
-- return sendto (sock->sd, BPTR (buf), BLEN (buf), 0,
-- (struct sockaddr *) to,
-- (socklen_t) sizeof (*to));
-+#if ENABLE_IP_PKTINFO
-+ int link_socket_write_udp_posix_sendmsg (struct link_socket *sock,
-+ struct buffer *buf,
-+ struct link_socket_actual *to);
-+
-+ if (sock->socket_flags & SF_USE_IP_PKTINFO)
-+ return link_socket_write_udp_posix_sendmsg (sock, buf, to);
-+ else
-+#endif
-+ return sendto (sock->sd, BPTR (buf), BLEN (buf), 0,
-+ (struct sockaddr *) &to->dest.sa,
-+ (socklen_t) sizeof (to->dest.sa));
- }
-
- static inline int
- link_socket_write_tcp_posix (struct link_socket *sock,
- struct buffer *buf,
-- struct sockaddr_in *to)
-+ struct link_socket_actual *to)
- {
- return send (sock->sd, BPTR (buf), BLEN (buf), MSG_NOSIGNAL);
- }
-@@ -695,7 +750,7 @@
- static inline int
- link_socket_write_udp (struct link_socket *sock,
- struct buffer *buf,
-- struct sockaddr_in *to)
-+ struct link_socket_actual *to)
- {
- #ifdef WIN32
- return link_socket_write_win32 (sock, buf, to);
-@@ -708,7 +763,7 @@
- static inline int
- link_socket_write (struct link_socket *sock,
- struct buffer *buf,
-- struct sockaddr_in *to)
-+ struct link_socket_actual *to)
- {
- if (sock->info.proto == PROTO_UDPv4)
- {
-diff -ur openvpn-2.0_rc16/socks.c openvpn-2.0_rc16MH/socks.c
---- openvpn-2.0_rc16/socks.c 2005-01-09 17:46:29.000000000 -0700
-+++ openvpn-2.0_rc16MH/socks.c 2005-02-24 22:52:32.000000000 -0700
-@@ -149,7 +149,8 @@
- }
-
- static bool
--recv_socks_reply (socket_descriptor_t sd, struct sockaddr_in *addr,
-+recv_socks_reply (socket_descriptor_t sd,
-+ struct openvpn_sockaddr *addr,
- volatile int *signal_received)
- {
- char atyp = '\0';
-@@ -160,9 +161,9 @@
-
- if (addr != NULL)
- {
-- addr->sin_family = AF_INET;
-- addr->sin_addr.s_addr = htonl (INADDR_ANY);
-- addr->sin_port = htons (0);
-+ addr->sa.sin_family = AF_INET;
-+ addr->sa.sin_addr.s_addr = htonl (INADDR_ANY);
-+ addr->sa.sin_port = htons (0);
- }
-
- while (len < 4 + alen + 2)
-@@ -249,8 +250,8 @@
- /* ATYP == 1 (IP V4 address) */
- if (atyp == '\x01' && addr != NULL)
- {
-- memcpy (&addr->sin_addr, buf + 4, sizeof (addr->sin_addr));
-- memcpy (&addr->sin_port, buf + 8, sizeof (addr->sin_port));
-+ memcpy (&addr->sa.sin_addr, buf + 4, sizeof (addr->sa.sin_addr));
-+ memcpy (&addr->sa.sin_port, buf + 8, sizeof (addr->sa.sin_port));
- }
-
-
-@@ -311,7 +312,7 @@
- establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
- socket_descriptor_t ctrl_sd, /* already open to proxy */
- socket_descriptor_t udp_sd,
-- struct sockaddr_in *relay_addr,
-+ struct openvpn_sockaddr *relay_addr,
- volatile int *signal_received)
- {
- if (!socks_handshake (ctrl_sd, signal_received))
-@@ -353,7 +354,7 @@
- */
- void
- socks_process_incoming_udp (struct buffer *buf,
-- struct sockaddr_in *from)
-+ struct link_socket_actual *from)
- {
- int atyp;
-
-@@ -368,8 +369,8 @@
- if (atyp != 1) /* ATYP == 1 (IP V4) */
- goto error;
-
-- buf_read (buf, &from->sin_addr, sizeof (from->sin_addr));
-- buf_read (buf, &from->sin_port, sizeof (from->sin_port));
-+ buf_read (buf, &from->dest.sa.sin_addr, sizeof (from->dest.sa.sin_addr));
-+ buf_read (buf, &from->dest.sa.sin_port, sizeof (from->dest.sa.sin_port));
-
- return;
-
-@@ -386,7 +387,7 @@
- */
- int
- socks_process_outgoing_udp (struct buffer *buf,
-- struct sockaddr_in *to)
-+ const struct link_socket_actual *to)
- {
- /*
- * Get a 10 byte subset buffer prepended to buf --
-@@ -401,8 +402,8 @@
- buf_write_u16 (&head, 0); /* RSV = 0 */
- buf_write_u8 (&head, 0); /* FRAG = 0 */
- buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */
-- buf_write (&head, &to->sin_addr, sizeof (to->sin_addr));
-- buf_write (&head, &to->sin_port, sizeof (to->sin_port));
-+ buf_write (&head, &to->dest.sa.sin_addr, sizeof (to->dest.sa.sin_addr));
-+ buf_write (&head, &to->dest.sa.sin_port, sizeof (to->dest.sa.sin_port));
-
- return 10;
- }
-diff -ur openvpn-2.0_rc16/socks.h openvpn-2.0_rc16MH/socks.h
---- openvpn-2.0_rc16/socks.h 2005-01-09 17:46:29.000000000 -0700
-+++ openvpn-2.0_rc16MH/socks.h 2005-02-24 22:52:11.000000000 -0700
-@@ -35,6 +35,9 @@
-
- #include "buffer.h"
-
-+struct openvpn_sockaddr;
-+struct link_socket_actual;
-+
- struct socks_proxy_info {
- bool defined;
- bool retry;
-@@ -59,14 +62,14 @@
- void establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
- socket_descriptor_t ctrl_sd, /* already open to proxy */
- socket_descriptor_t udp_sd,
-- struct sockaddr_in *relay_addr,
-+ struct openvpn_sockaddr *relay_addr,
- volatile int *signal_received);
-
- void socks_process_incoming_udp (struct buffer *buf,
-- struct sockaddr_in *from);
-+ struct link_socket_actual *from);
-
- int socks_process_outgoing_udp (struct buffer *buf,
-- struct sockaddr_in *to);
-+ const struct link_socket_actual *to);
-
- #endif
- #endif
-diff -ur openvpn-2.0_rc16/ssl.c openvpn-2.0_rc16MH/ssl.c
---- openvpn-2.0_rc16/ssl.c.orig 2005-12-13 17:10:01.000000000 +0000
-+++ openvpn-2.0_rc16MH/ssl.c 2006-04-06 20:23:48.000000000 +0000
-@@ -373,7 +373,7 @@
- static void
- setenv_untrusted (struct tls_session *session)
- {
-- setenv_sockaddr (session->opt->es, "untrusted", &session->untrusted_sockaddr, SA_IP_PORT);
-+ setenv_link_socket_actual (session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT);
- }
-
- static void
-@@ -1814,7 +1814,7 @@
- write_control_auth (struct tls_session *session,
- struct key_state *ks,
- struct buffer *buf,
-- struct sockaddr_in *to_link_addr,
-+ struct link_socket_actual **to_link_addr,
- int opcode,
- int max_ack,
- bool prepend_ack)
-@@ -1822,7 +1822,7 @@
- uint8_t *header;
- struct buffer null = clear_buf ();
-
-- ASSERT (addr_defined (&ks->remote_addr));
-+ ASSERT (link_socket_actual_defined (&ks->remote_addr));
- ASSERT (reliable_ack_write
- (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack));
- ASSERT (session_id_write_prepend (&session->session_id, buf));
-@@ -1834,7 +1834,7 @@
- openvpn_encrypt (buf, null, &session->tls_auth, NULL);
- ASSERT (swap_hmac (buf, &session->tls_auth, false));
- }
-- *to_link_addr = ks->remote_addr;
-+ *to_link_addr = &ks->remote_addr;
- }
-
- /*
-@@ -1843,7 +1843,7 @@
- static bool
- read_control_auth (struct buffer *buf,
- const struct crypto_options *co,
-- const struct sockaddr_in *from)
-+ const struct link_socket_actual *from)
- {
- struct gc_arena gc = gc_new ();
-
-@@ -1856,7 +1856,7 @@
- {
- msg (D_TLS_ERRORS,
- "TLS Error: cannot locate HMAC in incoming packet from %s",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- gc_free (&gc);
- return false;
- }
-@@ -1868,7 +1868,7 @@
- {
- msg (D_TLS_ERRORS,
- "TLS Error: incoming packet authentication failed from %s",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- gc_free (&gc);
- return false;
- }
-@@ -2757,7 +2757,7 @@
- tls_process (struct tls_multi *multi,
- struct tls_session *session,
- struct buffer *to_link,
-- struct sockaddr_in *to_link_addr,
-+ struct link_socket_actual **to_link_addr,
- struct link_socket_info *to_link_socket_info,
- interval_t *wakeup)
- {
-@@ -3151,7 +3151,7 @@
- bool
- tls_multi_process (struct tls_multi *multi,
- struct buffer *to_link,
-- struct sockaddr_in *to_link_addr,
-+ struct link_socket_actual **to_link_addr,
- struct link_socket_info *to_link_socket_info,
- interval_t *wakeup)
- {
-@@ -3177,7 +3177,7 @@
-
- /* set initial remote address */
- if (i == TM_ACTIVE && ks->state == S_INITIAL &&
-- addr_defined (&to_link_socket_info->lsa->actual))
-+ link_socket_actual_defined (&to_link_socket_info->lsa->actual))
- ks->remote_addr = to_link_socket_info->lsa->actual;
-
- dmsg (D_TLS_DEBUG,
-@@ -3186,17 +3186,30 @@
- state_name (ks->state),
- session_id_print (&session->session_id, &gc),
- session_id_print (&ks->session_id_remote, &gc),
-- print_sockaddr (&ks->remote_addr, &gc));
-+ print_link_socket_actual (&ks->remote_addr, &gc));
-
-- if (ks->state >= S_INITIAL && addr_defined (&ks->remote_addr))
-+ if (ks->state >= S_INITIAL && link_socket_actual_defined (&ks->remote_addr))
- {
-+ struct link_socket_actual *tla = NULL;
-+
- update_time ();
-
-- if (tls_process (multi, session, to_link, to_link_addr,
-+ if (tls_process (multi, session, to_link, &tla,
- to_link_socket_info, wakeup))
- active = true;
-
- /*
-+ * If tls_process produced an outgoing packet,
-+ * return the link_socket_actual object (which
-+ * contains the outgoing address).
-+ */
-+ if (tla)
-+ {
-+ multi->to_link_addr = *tla;
-+ *to_link_addr = &multi->to_link_addr;
-+ }
-+
-+ /*
- * If tls_process hits an error:
- * (1) If the session has an unexpired lame duck key, preserve it.
- * (2) Reinitialize the session.
-@@ -3315,7 +3328,7 @@
-
- bool
- tls_pre_decrypt (struct tls_multi *multi,
-- struct sockaddr_in *from,
-+ const struct link_socket_actual *from,
- struct buffer *buf,
- struct crypto_options *opt)
- {
-@@ -3357,7 +3370,7 @@
- if (DECRYPT_KEY_ENABLED (multi, ks)
- && key_id == ks->key_id
- && ks->authenticated
-- && addr_port_match(from, &ks->remote_addr))
-+ && link_socket_actual_match (from, &ks->remote_addr))
- {
- /* return appropriate data channel decrypt key in opt */
- opt->key_ctx_bi = &ks->key;
-@@ -3370,7 +3383,7 @@
- ks->n_bytes += buf->len;
- dmsg (D_TLS_DEBUG,
- "TLS: data channel, key_id=%d, IP=%s",
-- key_id, print_sockaddr (from, &gc));
-+ key_id, print_link_socket_actual (from, &gc));
- gc_free (&gc);
- return ret;
- }
-@@ -3383,14 +3396,14 @@
- key_id,
- ks->key_id,
- ks->authenticated,
-- addr_port_match (from, &ks->remote_addr));
-+ link_socket_actual_match (from, &ks->remote_addr));
- }
- #endif
- }
-
- msg (D_TLS_ERRORS,
- "TLS Error: local/remote TLS keys are out of sync: %s [%d]",
-- print_sockaddr (from, &gc), key_id);
-+ print_link_socket_actual (from, &gc), key_id);
- goto error;
- }
- else /* control channel packet */
-@@ -3404,7 +3417,7 @@
- {
- msg (D_TLS_ERRORS,
- "TLS Error: unknown opcode received from %s op=%d",
-- print_sockaddr (from, &gc), op);
-+ print_link_socket_actual (from, &gc), op);
- goto error;
- }
-
-@@ -3419,7 +3432,7 @@
- {
- msg (D_TLS_ERRORS,
- "TLS Error: client->client or server->server connection attempted from %s",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- goto error;
- }
- }
-@@ -3428,7 +3441,7 @@
- * Authenticate Packet
- */
- dmsg (D_TLS_DEBUG, "TLS: control channel, op=%s, IP=%s",
-- packet_opcode_name (op), print_sockaddr (from, &gc));
-+ packet_opcode_name (op), print_link_socket_actual (from, &gc));
-
- /* get remote session-id */
- {
-@@ -3438,7 +3451,7 @@
- {
- msg (D_TLS_ERRORS,
- "TLS Error: session-id not found in packet from %s",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- goto error;
- }
- }
-@@ -3455,9 +3468,9 @@
- state_name (ks->state),
- session_id_print (&session->session_id, &gc),
- session_id_print (&sid, &gc),
-- print_sockaddr (from, &gc),
-+ print_link_socket_actual (from, &gc),
- session_id_print (&ks->session_id_remote, &gc),
-- print_sockaddr (&ks->remote_addr, &gc));
-+ print_link_socket_actual (&ks->remote_addr, &gc));
-
- if (session_id_equal (&ks->session_id_remote, &sid))
- /* found a match */
-@@ -3502,7 +3515,7 @@
- {
- msg (D_TLS_ERRORS,
- "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [1]",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- goto error;
- }
-
-@@ -3518,13 +3531,13 @@
-
- msg (D_TLS_DEBUG_LOW,
- "TLS: Initial packet from %s, sid=%s",
-- print_sockaddr (from, &gc),
-+ print_link_socket_actual (from, &gc),
- session_id_print (&sid, &gc));
-
- do_burst = true;
- new_link = true;
- i = TM_ACTIVE;
-- session->untrusted_sockaddr = *from;
-+ session->untrusted_addr = *from;
- }
- }
-
-@@ -3544,7 +3557,7 @@
- {
- msg (D_TLS_ERRORS,
- "TLS Error: Cannot accept new session request from %s due to session context expire or --single-session [2]",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- goto error;
- }
-
-@@ -3567,11 +3580,11 @@
- */
- msg (D_TLS_DEBUG_LOW,
- "TLS: new session incoming connection from %s",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
-
- new_link = true;
- i = TM_UNTRUSTED;
-- session->untrusted_sockaddr = *from;
-+ session->untrusted_addr = *from;
- }
- else
- {
-@@ -3585,7 +3598,7 @@
- {
- msg (D_TLS_ERRORS,
- "TLS Error: Unroutable control packet received from %s (si=%d op=%s)",
-- print_sockaddr (from, &gc),
-+ print_link_socket_actual (from, &gc),
- i,
- packet_opcode_name (op));
- goto error;
-@@ -3594,10 +3607,10 @@
- /*
- * Verify remote IP address
- */
-- if (!new_link && !addr_port_match (&ks->remote_addr, from))
-+ if (!new_link && !link_socket_actual_match (&ks->remote_addr, from))
- {
- msg (D_TLS_ERRORS, "TLS Error: Received control packet from unexpected IP addr: %s",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- goto error;
- }
-
-@@ -3659,11 +3672,11 @@
- ks->remote_addr = *from;
- ++multi->n_sessions;
- }
-- else if (!addr_port_match (&ks->remote_addr, from))
-+ else if (!link_socket_actual_match (&ks->remote_addr, from))
- {
- msg (D_TLS_ERRORS,
- "TLS Error: Existing session control channel packet from unknown IP address: %s",
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- goto error;
- }
-
-@@ -3761,8 +3774,9 @@
- */
- bool
- tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
-- const struct sockaddr_in *from,
-+ const struct link_socket_actual *from,
- const struct buffer *buf)
-+
- {
- struct gc_arena gc = gc_new ();
- bool ret = false;
-@@ -3789,7 +3803,7 @@
- */
- dmsg (D_TLS_STATE_ERRORS,
- "TLS State Error: No TLS state for client %s, opcode=%d",
-- print_sockaddr (from, &gc),
-+ print_link_socket_actual (from, &gc),
- op);
- goto error;
- }
-@@ -3799,7 +3813,7 @@
- dmsg (D_TLS_STATE_ERRORS,
- "TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected",
- key_id,
-- print_sockaddr (from, &gc));
-+ print_link_socket_actual (from, &gc));
- goto error;
- }
-
-@@ -3808,7 +3822,7 @@
- dmsg (D_TLS_STATE_ERRORS,
- "TLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expected",
- buf->len,
-- print_sockaddr (from, &gc),
-+ print_link_socket_actual (from, &gc),
- EXPANDED_SIZE_DYNAMIC (&tas->frame));
- goto error;
- }
-diff -ur openvpn-2.0_rc16/ssl.h openvpn-2.0_rc16MH/ssl.h
---- openvpn-2.0_rc16/ssl.h 2005-01-18 22:59:20.000000000 -0700
-+++ openvpn-2.0_rc16MH/ssl.h 2005-02-25 14:47:49.000000000 -0700
-@@ -345,8 +345,8 @@
- time_t must_die; /* this object is destroyed at this time */
-
- int initial_opcode; /* our initial P_ opcode */
-- struct session_id session_id_remote; /* peer's random session ID */
-- struct sockaddr_in remote_addr; /* peer's IP addr */
-+ struct session_id session_id_remote; /* peer's random session ID */
-+ struct link_socket_actual remote_addr; /* peer's IP addr */
- struct packet_id packet_id; /* for data channel, to prevent replay attacks */
-
- struct key_ctx_bi key; /* data channel keys for encrypt/decrypt/hmac */
-@@ -489,7 +489,7 @@
- bool verified; /* true if peer certificate was verified against CA */
-
- /* not-yet-authenticated incoming client */
-- struct sockaddr_in untrusted_sockaddr;
-+ struct link_socket_actual untrusted_addr;
-
- struct key_state key[KS_SIZE];
- };
-@@ -536,6 +536,12 @@
- struct key_state *save_ks; /* temporary pointer used between pre/post routines */
-
- /*
-+ * Used to return outgoing address from
-+ * tls_multi_process.
-+ */
-+ struct link_socket_actual to_link_addr;
-+
-+ /*
- * Number of sessions negotiated thus far.
- */
- int n_sessions;
-@@ -591,19 +597,19 @@
-
- bool tls_multi_process (struct tls_multi *multi,
- struct buffer *to_link,
-- struct sockaddr_in *to_link_addr,
-+ struct link_socket_actual **to_link_addr,
- struct link_socket_info *to_link_socket_info,
- interval_t *wakeup);
-
- void tls_multi_free (struct tls_multi *multi, bool clear);
-
- bool tls_pre_decrypt (struct tls_multi *multi,
-- struct sockaddr_in *from,
-+ const struct link_socket_actual *from,
- struct buffer *buf,
- struct crypto_options *opt);
-
- bool tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
-- const struct sockaddr_in *from,
-+ const struct link_socket_actual *from,
- const struct buffer *buf);
-
- void tls_pre_encrypt (struct tls_multi *multi,
-diff -ur openvpn-2.0_rc16/syshead.h openvpn-2.0_rc16MH/syshead.h
---- openvpn-2.0_rc16/syshead.h 2005-01-09 17:46:27.000000000 -0700
-+++ openvpn-2.0_rc16MH/syshead.h 2005-02-25 21:23:50.000000000 -0700
-@@ -291,6 +291,15 @@
- #endif
-
- /*
-+ * Does this platform support linux-style IP_PKTINFO?
-+ */
-+#if defined(ENABLE_MULTIHOME) && defined(HAVE_IN_PKTINFO) && defined(IP_PKTINFO) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG)
-+#define ENABLE_IP_PKTINFO 1
-+#else
-+#define ENABLE_IP_PKTINFO 0
-+#endif
-+
-+/*
- * Disable ESEC
- */
- #if 0
projects / packages / openvpn.git / commitdiff