summaryrefslogtreecommitdiff
path: root/openvpn/src
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn/src')
-rw-r--r--openvpn/src/openvpn/ps.c3
-rw-r--r--openvpn/src/openvpn/route.c140
-rw-r--r--openvpn/src/openvpn/route.h10
-rw-r--r--openvpn/src/openvpn/socket.c3
-rw-r--r--openvpn/src/openvpn/ssl_polarssl.c13
-rw-r--r--openvpn/src/openvpn/ssl_verify_polarssl.c2
-rw-r--r--openvpn/src/openvpn/syshead.h7
-rw-r--r--openvpn/src/openvpn/tun.c6
-rw-r--r--openvpn/src/openvpn/win32.c2
9 files changed, 54 insertions, 132 deletions
diff --git a/openvpn/src/openvpn/ps.c b/openvpn/src/openvpn/ps.c
index b22653b4..901a094f 100644
--- a/openvpn/src/openvpn/ps.c
+++ b/openvpn/src/openvpn/ps.c
@@ -340,7 +340,8 @@ journal_add (const char *journal_dir, struct proxy_connection *pc, struct proxy_
fd = platform_open (jfn, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP);
if (fd != -1)
{
- write(fd, f, strlen(f));
+ if (write(fd, f, strlen(f)) != strlen(f))
+ msg(M_WARN, "PORT SHARE: writing to journal file (%s) failed", jfn);
close (fd);
cp->jfn = jfn;
}
diff --git a/openvpn/src/openvpn/route.c b/openvpn/src/openvpn/route.c
index 81ffa876..fa8221d4 100644
--- a/openvpn/src/openvpn/route.c
+++ b/openvpn/src/openvpn/route.c
@@ -49,7 +49,7 @@
#define METRIC_NOT_USED ((DWORD)-1)
#endif
-static void delete_route (struct route *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es);
+static void delete_route (struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es);
static void get_bypass_addresses (struct route_bypass *rb, const unsigned int flags);
@@ -150,7 +150,7 @@ struct route_list *
new_route_list (const int max_routes, struct gc_arena *a)
{
struct route_list *ret;
- ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_list, struct route, max_routes, a);
+ ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_list, struct route_ipv4, max_routes, a);
ret->capacity = max_routes;
return ret;
}
@@ -165,7 +165,7 @@ new_route_ipv6_list (const int max_routes, struct gc_arena *a)
}
static const char *
-route_string (const struct route *r, struct gc_arena *gc)
+route_string (const struct route_ipv4 *r, struct gc_arena *gc)
{
struct buffer out = alloc_buf_gc (256, gc);
buf_printf (&out, "ROUTE network %s netmask %s gateway %s",
@@ -267,7 +267,7 @@ is_special_addr (const char *addr_str)
}
static bool
-init_route (struct route *r,
+init_route (struct route_ipv4 *r,
struct addrinfo **network_list,
const struct route_option *ro,
const struct route_list *rl)
@@ -484,7 +484,7 @@ void
clear_route_list (struct route_list *rl)
{
const int capacity = rl->capacity;
- const size_t rl_size = array_mult_safe (sizeof(struct route), capacity, sizeof(struct route_list));
+ const size_t rl_size = array_mult_safe (sizeof(struct route_ipv4), capacity, sizeof(struct route_list));
memset(rl, 0, rl_size);
rl->capacity = capacity;
}
@@ -519,7 +519,7 @@ add_block_local_item (struct route_list *rl,
&& rl->rgi.gateway.netmask < 0xFFFFFFFF
&& (rl->n)+2 <= rl->capacity)
{
- struct route r;
+ struct route_ipv4 r;
unsigned int l2;
/* split a route into two smaller blocking routes, and direct them to target */
@@ -649,7 +649,7 @@ init_route_list (struct route_list *rl,
for (i = 0; i < opt->n; ++i)
{
struct addrinfo* netlist;
- struct route r;
+ struct route_ipv4 r;
if (!init_route (&r,
&netlist,
@@ -760,7 +760,7 @@ add_route3 (in_addr_t network,
const struct route_gateway_info *rgi,
const struct env_set *es)
{
- struct route r;
+ struct route_ipv4 r;
CLEAR (r);
r.flags = RT_DEFINED;
r.network = network;
@@ -778,7 +778,7 @@ del_route3 (in_addr_t network,
const struct route_gateway_info *rgi,
const struct env_set *es)
{
- struct route r;
+ struct route_ipv4 r;
CLEAR (r);
r.flags = RT_DEFINED|RT_ADDED;
r.network = network;
@@ -1028,7 +1028,7 @@ add_routes (struct route_list *rl, struct route_ipv6_list *rl6, const struct tun
for (i = 0; i < rl->n; ++i)
{
- struct route *r = &rl->routes[i];
+ struct route_ipv4 *r = &rl->routes[i];
check_subnet_conflict (r->network, r->netmask, "route");
if (flags & ROUTE_DELETE_FIRST)
delete_route (r, tt, flags, &rl->rgi, es);
@@ -1060,7 +1060,7 @@ delete_routes (struct route_list *rl, struct route_ipv6_list *rl6,
int i;
for (i = rl->n - 1; i >= 0; --i)
{
- struct route * r = &rl->routes[i];
+ struct route_ipv4 * r = &rl->routes[i];
delete_route (r, tt, flags, &rl->rgi, es);
}
rl->iflags &= ~RL_ROUTES_ADDED;
@@ -1154,7 +1154,7 @@ print_default_gateway(const int msglevel, const struct route_gateway_info *rgi)
#endif
static void
-print_route (const struct route *r, int level)
+print_route (const struct route_ipv4 *r, int level)
{
struct gc_arena gc = gc_new ();
if (r->flags & RT_DEFINED)
@@ -1171,7 +1171,7 @@ print_routes (const struct route_list *rl, int level)
}
static void
-setenv_route (struct env_set *es, const struct route *r, int i)
+setenv_route (struct env_set *es, const struct route_ipv4 *r, int i)
{
struct gc_arena gc = gc_new ();
if (r->flags & RT_DEFINED)
@@ -1288,7 +1288,7 @@ is_on_link (const int is_local_route, const unsigned int flags, const struct rou
}
void
-add_route (struct route *r,
+add_route (struct route_ipv4 *r,
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi, /* may be NULL */
@@ -1344,9 +1344,12 @@ add_route (struct route *r,
status = openvpn_execve_check (&argv, es, 0, "ERROR: Linux route add command failed");
#elif defined (TARGET_ANDROID)
- struct buffer out = alloc_buf_gc (64, &gc);
+ struct buffer out = alloc_buf_gc (128, &gc);
- buf_printf (&out, "%s %s", network, netmask);
+ if (rgi)
+ buf_printf (&out, "%s %s %s dev %s", network, netmask, gateway, rgi->iface);
+ else
+ buf_printf (&out, "%s %s %s", network, netmask, gateway);
management_android_control (management, "ROUTE", buf_bptr(&out));
#elif defined (WIN32)
@@ -1626,7 +1629,7 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla
#elif defined (TARGET_ANDROID)
struct buffer out = alloc_buf_gc (64, &gc);
- buf_printf (&out, "%s/%d", network, r6->netbits);
+ buf_printf (&out, "%s/%d %s", network, r6->netbits, device);
management_android_control (management, "ROUTE6", buf_bptr(&out));
@@ -1741,7 +1744,7 @@ add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int fla
}
static void
-delete_route (struct route *r,
+delete_route (struct route_ipv4 *r,
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi,
@@ -2246,7 +2249,7 @@ get_default_gateway (struct route_gateway_info *rgi)
}
static DWORD
-windows_route_find_if_index (const struct route *r, const struct tuntap *tt)
+windows_route_find_if_index (const struct route_ipv4 *r, const struct tuntap *tt)
{
struct gc_arena gc = gc_new ();
DWORD ret = TUN_ADAPTER_INDEX_INVALID;
@@ -2291,7 +2294,7 @@ windows_route_find_if_index (const struct route *r, const struct tuntap *tt)
}
bool
-add_route_ipapi (const struct route *r, const struct tuntap *tt, DWORD adapter_index)
+add_route_ipapi (const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index)
{
struct gc_arena gc = gc_new ();
bool ret = false;
@@ -2365,7 +2368,7 @@ add_route_ipapi (const struct route *r, const struct tuntap *tt, DWORD adapter_i
}
bool
-del_route_ipapi (const struct route *r, const struct tuntap *tt)
+del_route_ipapi (const struct route_ipv4 *r, const struct tuntap *tt)
{
struct gc_arena gc = gc_new ();
bool ret = false;
@@ -2611,53 +2614,7 @@ get_default_gateway (struct route_gateway_info *rgi)
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
-
-/* all of this is taken from <net/route.h> in FreeBSD */
-#define RTA_DST 0x1
-#define RTA_GATEWAY 0x2
-#define RTA_NETMASK 0x4
-
-#define RTM_GET 0x4
-#define RTM_VERSION 5
-
-#define RTF_UP 0x1
-#define RTF_GATEWAY 0x2
-
-/*
- * These numbers are used by reliable protocols for determining
- * retransmission behavior and are included in the routing structure.
- */
-struct rt_metrics {
- u_long rmx_locks; /* Kernel must leave these values alone */
- u_long rmx_mtu; /* MTU for this path */
- u_long rmx_hopcount; /* max hops expected */
- u_long rmx_expire; /* lifetime for route, e.g. redirect */
- u_long rmx_recvpipe; /* inbound delay-bandwidth product */
- u_long rmx_sendpipe; /* outbound delay-bandwidth product */
- u_long rmx_ssthresh; /* outbound gateway buffer limit */
- u_long rmx_rtt; /* estimated round trip time */
- u_long rmx_rttvar; /* estimated rtt variance */
- u_long rmx_pksent; /* packets sent using this route */
- u_long rmx_filler[4]; /* will be used for T/TCP later */
-};
-
-/*
- * Structures for routing messages.
- */
-struct rt_msghdr {
- u_short rtm_msglen; /* to skip over non-understood messages */
- u_char rtm_version; /* future binary compatibility */
- u_char rtm_type; /* message type */
- u_short rtm_index; /* index for associated ifp */
- int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
- int rtm_addrs; /* bitmask identifying sockaddrs in msg */
- pid_t rtm_pid; /* identify sender */
- int rtm_seq; /* for sender to identify action */
- int rtm_errno; /* why failed */
- int rtm_use; /* from rtentry */
- u_long rtm_inits; /* which metrics we are initializing */
- struct rt_metrics rtm_rmx; /* metrics themselves */
-};
+#include <net/route.h>
struct {
struct rt_msghdr m_rtm;
@@ -2976,52 +2933,7 @@ get_default_gateway (struct route_gateway_info *rgi)
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
-
-/* all of this is taken from <net/route.h> in OpenBSD 3.6 */
-#define RTA_DST 0x1 /* destination sockaddr present */
-#define RTA_GATEWAY 0x2 /* gateway sockaddr present */
-#define RTA_NETMASK 0x4 /* netmask sockaddr present */
-
-#define RTM_GET 0x4 /* Report Metrics */
-
-#define RTM_VERSION 3 /* Up the ante and ignore older versions */
-
-#define RTF_UP 0x1 /* route usable */
-#define RTF_GATEWAY 0x2 /* destination is a gateway */
-
-/*
- * Huge version for userland compatibility.
- */
-struct rt_metrics {
- u_long rmx_locks; /* Kernel must leave these values alone */
- u_long rmx_mtu; /* MTU for this path */
- u_long rmx_hopcount; /* max hops expected */
- u_long rmx_expire; /* lifetime for route, e.g. redirect */
- u_long rmx_recvpipe; /* inbound delay-bandwidth product */
- u_long rmx_sendpipe; /* outbound delay-bandwidth product */
- u_long rmx_ssthresh; /* outbound gateway buffer limit */
- u_long rmx_rtt; /* estimated round trip time */
- u_long rmx_rttvar; /* estimated rtt variance */
- u_long rmx_pksent; /* packets sent using this route */
-};
-
-/*
- * Structures for routing messages.
- */
-struct rt_msghdr {
- u_short rtm_msglen; /* to skip over non-understood messages */
- u_char rtm_version; /* future binary compatibility */
- u_char rtm_type; /* message type */
- u_short rtm_index; /* index for associated ifp */
- int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
- int rtm_addrs; /* bitmask identifying sockaddrs in msg */
- pid_t rtm_pid; /* identify sender */
- int rtm_seq; /* for sender to identify action */
- int rtm_errno; /* why failed */
- int rtm_use; /* from rtentry */
- u_long rtm_inits; /* which metrics we are initializing */
- struct rt_metrics rtm_rmx; /* metrics themselves */
-};
+#include <net/route.h>
struct {
struct rt_msghdr m_rtm;
diff --git a/openvpn/src/openvpn/route.h b/openvpn/src/openvpn/route.h
index a40de32f..fe9b4616 100644
--- a/openvpn/src/openvpn/route.h
+++ b/openvpn/src/openvpn/route.h
@@ -110,7 +110,7 @@ struct route_ipv6_option_list {
struct route_ipv6_option routes_ipv6[EMPTY_ARRAY_SIZE];
};
-struct route {
+struct route_ipv4 {
# define RT_DEFINED (1<<0)
# define RT_ADDED (1<<1)
# define RT_METRIC_DEFINED (1<<2)
@@ -190,7 +190,7 @@ struct route_list {
unsigned int flags; /* RG_x flags */
int capacity;
int n;
- struct route routes[EMPTY_ARRAY_SIZE];
+ struct route_ipv4 routes[EMPTY_ARRAY_SIZE];
};
#if P2MP
@@ -223,7 +223,7 @@ struct route_ipv6_list *new_route_ipv6_list (const int max_routes, struct gc_are
void add_route_ipv6 (struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es);
void delete_route_ipv6 (const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es);
-void add_route (struct route *r,
+void add_route (struct route_ipv4 *r,
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi,
@@ -301,8 +301,8 @@ void print_routes (const struct route_list *rl, int level);
void show_routes (int msglev);
bool test_routes (const struct route_list *rl, const struct tuntap *tt);
-bool add_route_ipapi (const struct route *r, const struct tuntap *tt, DWORD adapter_index);
-bool del_route_ipapi (const struct route *r, const struct tuntap *tt);
+bool add_route_ipapi (const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index);
+bool del_route_ipapi (const struct route_ipv4 *r, const struct tuntap *tt);
#else
static inline bool test_routes (const struct route_list *rl, const struct tuntap *tt) { return true; }
diff --git a/openvpn/src/openvpn/socket.c b/openvpn/src/openvpn/socket.c
index 716512df..97f67563 100644
--- a/openvpn/src/openvpn/socket.c
+++ b/openvpn/src/openvpn/socket.c
@@ -1981,7 +1981,8 @@ link_socket_init_phase2 (struct link_socket *sock,
#endif
}
#ifdef TARGET_ANDROID
- protect_fd_nonlocal (sock->sd, &sock->info.lsa->actual.dest.addr.sa);
+ if (sock->sd != -1)
+ protect_fd_nonlocal (sock->sd, &sock->info.lsa->actual.dest.addr.sa);
#endif
if (sig_info && sig_info->signal_received)
goto done;
diff --git a/openvpn/src/openvpn/ssl_polarssl.c b/openvpn/src/openvpn/ssl_polarssl.c
index 47fb62a5..9dc4e879 100644
--- a/openvpn/src/openvpn/ssl_polarssl.c
+++ b/openvpn/src/openvpn/ssl_polarssl.c
@@ -49,6 +49,7 @@
#include <polarssl/havege.h>
#include "ssl_verify_polarssl.h"
+#include <polarssl/error.h>
#include <polarssl/pem.h>
void
@@ -284,7 +285,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file,
pem_password_callback(passbuf, 512, 0, NULL);
status = x509parse_key(ctx->priv_key,
priv_key_file_inline, strlen(priv_key_file_inline),
- passbuf, strlen(passbuf));
+ (unsigned char *) passbuf, strlen(passbuf));
}
}
else
@@ -481,7 +482,8 @@ void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
if (ca_file && !strcmp (ca_file, INLINE_FILE_TAG) && ca_file_inline)
{
- if (0 != x509parse_crt(ctx->ca_chain, ca_file_inline, strlen(ca_file_inline)))
+ if (0 != x509parse_crt(ctx->ca_chain, (unsigned char *) ca_file_inline,
+ strlen(ca_file_inline)))
msg (M_FATAL, "Cannot load inline CA certificates");
}
else
@@ -501,8 +503,9 @@ tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file
if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
{
- if (0 != x509parse_crt(ctx->crt_chain, extra_certs_file_inline,
- strlen(extra_certs_file_inline)))
+ if (0 != x509parse_crt(ctx->crt_chain,
+ (unsigned char *) extra_certs_file_inline,
+ strlen(extra_certs_file_inline)))
msg (M_FATAL, "Cannot load inline extra-certs file");
}
else
@@ -625,7 +628,7 @@ static void my_debug( void *ctx, int level, const char *str )
void tls_ctx_personalise_random(struct tls_root_ctx *ctx)
{
static char old_sha256_hash[32] = {0};
- char sha256_hash[32] = {0};
+ unsigned char sha256_hash[32] = {0};
ctr_drbg_context *cd_ctx = rand_ctx_get();
if (NULL != ctx->crt_chain)
diff --git a/openvpn/src/openvpn/ssl_verify_polarssl.c b/openvpn/src/openvpn/ssl_verify_polarssl.c
index 5db4f027..e5ccd904 100644
--- a/openvpn/src/openvpn/ssl_verify_polarssl.c
+++ b/openvpn/src/openvpn/ssl_verify_polarssl.c
@@ -125,8 +125,6 @@ x509_get_username (char *cn, int cn_len,
char *
x509_get_serial (x509_cert *cert, struct gc_arena *gc)
{
- int ret = 0;
- int i = 0;
char *buf = NULL;
size_t len = cert->serial.len * 3 + 1;
diff --git a/openvpn/src/openvpn/syshead.h b/openvpn/src/openvpn/syshead.h
index ab6fa01f..4050d548 100644
--- a/openvpn/src/openvpn/syshead.h
+++ b/openvpn/src/openvpn/syshead.h
@@ -426,6 +426,13 @@
#endif
/*
+ * Define type sa_family_t if it isn't defined in the socket headers
+ */
+#ifndef HAVE_SA_FAMILY_T
+typedef unsigned short sa_family_t;
+#endif
+
+/*
* Disable ESEC
*/
#if 0
diff --git a/openvpn/src/openvpn/tun.c b/openvpn/src/openvpn/tun.c
index 6460a369..4df271d5 100644
--- a/openvpn/src/openvpn/tun.c
+++ b/openvpn/src/openvpn/tun.c
@@ -909,7 +909,7 @@ do_ifconfig (struct tuntap *tt,
if (!tun && tt->topology == TOP_SUBNET)
{
/* Add a network route for the local tun interface */
- struct route r;
+ struct route_ipv4 r;
CLEAR (r);
r.flags = RT_DEFINED | RT_METRIC_DEFINED;
r.network = tt->local & tt->remote_netmask;
@@ -1106,7 +1106,7 @@ do_ifconfig (struct tuntap *tt,
/* Add a network route for the local tun interface */
if (!tun && tt->topology == TOP_SUBNET)
{
- struct route r;
+ struct route_ipv4 r;
CLEAR (r);
r.flags = RT_DEFINED;
r.network = tt->local & tt->remote_netmask;
@@ -1172,7 +1172,7 @@ do_ifconfig (struct tuntap *tt,
/* Add a network route for the local tun interface */
if (!tun && tt->topology == TOP_SUBNET)
{
- struct route r;
+ struct route_ipv4 r;
CLEAR (r);
r.flags = RT_DEFINED;
r.network = tt->local & tt->remote_netmask;
diff --git a/openvpn/src/openvpn/win32.c b/openvpn/src/openvpn/win32.c
index f35c96be..7c89a5a9 100644
--- a/openvpn/src/openvpn/win32.c
+++ b/openvpn/src/openvpn/win32.c
@@ -517,7 +517,7 @@ win32_signal_get (struct win32_signal *ws)
if (ret)
{
siginfo_static.signal_received = ret;
- siginfo_static.hard = true;
+ siginfo_static.source = SIG_SOURCE_HARD;
}
}
return ret;