The compat.h include file cannot be loaded when ./configure runs,
as many of the HAVE_* declarations are not set. This makes test
compilations when looking for features fail.
As ./configure will load syshead.h, it pulls in compat.h this way.
Looking more carefully at syshead.h, there's a #ifndef PACKAGE_NAME
check if config.h should be included. This looks like a check if
syshead.h is loaded via ./configure or if it is a more normal
compilation. Moving the compat.h inclusion into this #ifndef block.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
When trying to compile OpenVPN on RHEL5/CentOS5, it would fail
due to missing declaration of SO_MARK. SO_MARK is a feature which
first arrived in 2.6.26, and was never backported to RHEL5's 2.6.18
kernel base.
This patch adds a check at configure time, to see if SO_MARK is
available or not.
Signed-off-by: David Sommerseth <davids@redhat.com>
compat.c: In basename() a typo had gone undetected through the review process,
and also that the declaration was a little bit different from what's defined in
compat.h
misc.c: commit 9449e6a9eb adds #include <unistd.h>.
This breaks building on Windows. As unistd.h is already loaded via syshead.h on
systems where unistd.h exists, we don't need it here.
Signed-off-by: David Sommerseth <davids@redhat.com>
Tested-by: Samuli Seppänen <samuli@openvpn.net>
Visual Studio does not enable certiain standard Unix functions,
such as access(). By defining _CRT_NONSTDC_NO_WARNINGS and
_CRT_SECURE_NO_WARNINGS, these functions are enabled.
This patch also adds a ./configure check for access() as well,
in case this needs to be implemented on other platforms lacking
this feature. Which is why HAVE_ACCESS is defined in win/config.h.in
Thanks to Alon Bar-Lev for helping solving this.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
URL: http://thread.gmane.org/gmane.network.openvpn.devel/5179/focus=5200
This kicks out the openvpn_basename() function from misc.[ch] and puts
glibc equivalents into compat.[ch]. This is to provide the same
functionality on platforms not having a native basename() function
available.
In addition this patch adds dirname() which commit 0f2bc0dd92
depends. Without dirname(), openvpn won't build in Visual Studio.
v2: Move all functions from compat.h to compat.c
v3: Use glibc versions of basename() and dirname() instead
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Alon Bar-Lev <alon.barlev@gmail.com>
URL: http://thread.gmane.org/gmane.network.openvpn.devel/5178/focus=5215
If openvpn_execve() is not able to fork(), it would not make any noise
about it. So this patch adds a log notification if this happens.
In addition, if openvpn_execve() is called with an empty argv array,
it should exit instantly. This is not expected to happen at all and
might indicate a much more serious issue (or programming error)
somewhere else in the code. Thus, abort execution to get these issues
flushed out as quickly as possible.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Systemd requires console query to be forwarded using its own
tool.
Signed-off-by: Frederic Crozat <fcrozat@suse.com>
Acked-by: David Sommerseth <davids@redhat.com>
URL: http://thread.gmane.org/gmane.network.openvpn.devel/5073/focus=5277
Signed-off-by: David Sommerseth <davids@redhat.com>
The old code checks how many items are in use(!) in the source
list, but then copies the full list over the destination memory
arena. Check the source list *capacity*.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
options.c: extend pre_pull_save() and pre_pull_restore() to
save/restore options->routes_ipv6 as well
options.h: add routes_ipv6 to "struct options_pre_pull"
route.h, route.c: add clone_route_ipv6_option_list() and
copy_route_ipv6_option_list() helper functions
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
The checks introduced in commit 0f2bc0dd92
didn't properly remove checks if crypto or SSL was disabled at compile time.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
using layer 2 with DHCP proxy:
* Extract/delete Router option from both DHCPOFFER and DHCPACK
messages. Prevously we only considered DHCPACK messages.
With DHCPACK messages, we extract the Router IP for
use as the vpn_gateway, as well as delete the Router option from
the DHCP message. For DHCPOFFER, we only delete the Router
message.
* Monitor all DHCPOFFER and DHCPACK messages for possible Router
options needing to be extracted/deleted. Previously, we turned
off monitoring after the first successful extraction/deletion
from a DHCPACK message.
* Previously, we deleted Router options by padding them with DHCP
PAD options. This has proven not to work with some DHCP clients,
so we now delete the message entirely, and add PADs to the end of
the message so as not to change its length.
* In some cases, UDP checksum was not being correctly updated for
modified DHCP packets.
To properly use this feature on Linux, after tunnel comes up,
run these commands:
ifconfig tap0 up
dhclient tap0
Version 2.1.17
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7682 e7ae566f-a301-0410-adde-c780ea21d3b5
This argument allows the keyword 'stdin' to indicate that the input
is to be read from the stdin. Don't check for file existence if the
file name is set to 'stdin'
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
In commit ce637abdaf the Linux 2.2 support
was removed. When this happened an extra error check was avoided which
would normally kicked in if the tun/tap device would not be available.
Instead the following line was filling the log continously:
Thu Nov 24 22:33:15 2011 read from TUN/TAP : File descriptor in bad state (code=77)
This patch changes the msg() declarations to use the M_FATAL *) flag,
which will halt the execution of the program in these error sitauations.
As the program will really halt, the return declarations was also removed.
*) #define M_ERR (M_FATAL | M_ERRNO) (from error.h)
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
always use our built-in replacement functions now, even if building
on Win7 (which has inet_ntop/inet_pton in the system libraries) because
the resulting binary will then fail on WinXP.
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
OpenVPN can handle over 30 different files and directories, and it is easy
to misconfigure some of them. In many situations OpenVPN will even start
running, even with a wrong file path or without the proper permissions, and
then it will complain much later on. In some cases the error being seen at
this late point might even be difficult to relate to a configuration option.
This patch tries to catch as many of these files as soon as possible, kind of
to "smoke-test" the files and directories to avoid the most likely errors.
Trac-ticket: 73
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
(driver is known-buggy for small IPv4 packets in tun mode)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
(bugfixed tapdrvr.c regarding small IPv4 packets)
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Without this patch, the default path used by OpenVPN is hard coded
to C:\WINDOWS. As users might install Windows in a different directory,
this approach will cause OpenVPN to malfunction in some configurations.
OpenVPN have supported using the system path, by adding --win-sys env.
This patch removes the hard coded approach and uses the --win-sys env
approach by default instead.
Trac-ticket: 66
URL: http://thread.gmane.org/gmane.network.openvpn.user/32508
Signed-off-by: David Sommerseth <davids@redhat.com>
Tested-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
On these platforms (including DragonFly), get_default_gateway() would in some
cases return false. As get_default_gateway() is defined as a void function, and
none of the callers expect a return value -> just return without any value.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Patch "Added options to switch between OpenSSL and PolarSSL and PKCS11" caused a
regression when building OpenVPN with Visual Studio 2008/Python build system.
The underlying cause was a wrong path to lzo2.lib.
Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Changed int32_t to size_t
- Removed some unused variables
- Added missing include files
- changed ordering to ensure variable declarations are before asserts
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Tested-by: Samuli Seppänen <samuli@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
at compile time. Also included the option to enable/disable PKCS11.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Samuli Seppänen <samuli@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Since prng_uninit is SSL-library agnostic, but crypto_uninit_lib isn't,
the function was moved up a level.
Also removed one unused variable (j) in tls1_P_hash().
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
minimum-size for IPv6 being applied to IPv4 packets, subsequently
leading to drop of small-sized IPv4 packets.
Bug found & fixed by Christian Niessner.
Signed-off-by: Christian Niessner <bug-report@secadm.de>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
PolarSSL does not support PKCS#12 certificate/key bundles, but had a
typo where #ifdef USE_POLARSSL was used, and it should have been #ifndef
instead.
Also added a few extra exclusions of PKCS#12 messages where appropriate,
to avoid confusing users.
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Fixed a bug where the wrong value was being passed to plugin_call_ssl, due to a missing comma.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Replaced des_set_key_unchecked and des_ecb_encrypt functions in cipher_des_encrypt_ecb
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
This is to allow building on NetBSD which does not install <des_old.h> anymore
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Reversed des_key_check_weak output check, as the library changed this
- Changed POLARSSL_MODE_CFB to POLARSSL_MODE_CFB128
- Changed the bio write function to accept const input
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Now return either SUCCESS or FAILURE.
- SUCCESS is defined as 0.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
As a safety measure against future modifications
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
It is now in bits again.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
- Renamed struct entries to explicitly show them as disabled
- Added a warning if USE_SSL is enabled, but neither ssl_verify_openssl.h or ssl_verify_polarssl.h is included
- If neither of those files is included, disable ssl support for a plugin including openvpn-plugin.h
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>