clievent : distinguish between 3 event categories

(instead of 2):

(a) ordinary events such as CONNECTING, CONNECTED,
(b) nonfatal errors such as TRANSPORT_ERROR that will
    automatically trigger a reconnect, and
(c) fatal errors such as AUTH_FAILED, that will be followed
    by a DISCONNECT

In ClientAPI::Event, added a new "fatal" boolean to indicate
when errors are fatal.

Added a new non-fatal event TUN_ERROR that triggers a
reconnect when errors are indicated in tunio.hpp.

client/ovpncli.cpp

@@ -203,6 +203,7 @@ namespace openvpn {
 	    ev.name = event->name();
 	    ev.info = Unicode::utf8_printable(event->render(), 256);
 	    ev.error = event->is_error();
+	    ev.fatal = event->is_fatal();
 
 	    // save connected event
 	    if (event->id() == ClientEvent::CONNECTED)

client/ovpncli.hpp

@@ -257,7 +257,8 @@ namespace openvpn {
     // (client reads)
     struct Event
     {
-      bool error = false;    // true if error
+      bool error = false;    // true if error (fatal or nonfatal)
+      bool fatal = false;    // true if fatal error (will disconnect)
       std::string name;      // event name
       std::string info;      // additional event info
     };

openvpn/client/cliconnect.hpp

@@ -499,6 +499,14 @@ namespace openvpn {
 		    queue_restart(5); // use a larger timeout to allow preemption from higher levels
 		  }
 		  break;
+		case Error::TUN_ERROR:
+		  {
+		    ClientEvent::Base::Ptr ev = new ClientEvent::TunError(client->fatal_reason());
+		    client_options->events().add_event(ev);
+		    client_options->stats().error(Error::TUN_ERROR);
+		    queue_restart(5);
+		  }
+		  break;
 		default:
 		  throw client_connect_unhandled_exception();
 		}

openvpn/client/clievent.hpp

@@ -51,15 +51,18 @@ namespace openvpn {
       PAUSE,
       RESUME,
 
-      // start of errors, must be marked by ERROR_START below
+      // start of nonfatal errors, must be marked by NONFATAL_ERROR_START below
+      TRANSPORT_ERROR,
+      TUN_ERROR,
+      CLIENT_RESTART,
+
+      // start of errors, must be marked by FATAL_ERROR_START below
       AUTH_FAILED,
       CERT_VERIFY_FAIL,
       TLS_VERSION_MIN,
       CLIENT_HALT,
-      CLIENT_RESTART,
       CONNECTION_TIMEOUT,
       INACTIVE_TIMEOUT,
-      TRANSPORT_ERROR,
       DYNAMIC_CHALLENGE,
       PROXY_NEED_CREDS,
       PROXY_ERROR,
@@ -73,7 +76,8 @@ namespace openvpn {
     };
 
     enum {
-      ERROR_START=AUTH_FAILED, // start of error events
+      NONFATAL_ERROR_START = TRANSPORT_ERROR, // start of nonfatal errors that automatically reconnect
+      FATAL_ERROR_START    = AUTH_FAILED,     // start of fatal errors
     };
 
     inline const char *event_name(const Type type)
@@ -92,14 +96,19 @@ namespace openvpn {
 	"ECHO",
 	"PAUSE",
 	"RESUME",
+
+	// nonfatal errors
+	"TRANSPORT_ERROR",
+	"TUN_ERROR",
+	"CLIENT_RESTART",
+
+	// fatal errors
 	"AUTH_FAILED",
 	"CERT_VERIFY_FAIL",
 	"TLS_VERSION_MIN",
 	"CLIENT_HALT",
-	"CLIENT_RESTART",
 	"CONNECTION_TIMEOUT",
 	"INACTIVE_TIMEOUT",
-	"TRANSPORT_ERROR",
 	"DYNAMIC_CHALLENGE",
 	"PROXY_NEED_CREDS",
 	"PROXY_ERROR",
@@ -135,7 +144,12 @@ namespace openvpn {
 
       bool is_error() const
       {
-	return int(id_) >= ERROR_START;
+	return int(id_) >= NONFATAL_ERROR_START;
+      }
+
+      bool is_fatal() const
+      {
+	return int(id_) >= FATAL_ERROR_START;
       }
 
       virtual std::string render() const
@@ -330,6 +344,11 @@ namespace openvpn {
       TunIfaceDisabled(const std::string& reason) : ReasonBase(TUN_IFACE_DISABLED, reason) {}
     };
 
+    struct TunError : public ReasonBase
+    {
+      TunError(const std::string& reason) : ReasonBase(TUN_ERROR, reason) {}
+    };
+
     struct EpkiError : public ReasonBase
     {
       EpkiError(const std::string& reason) : ReasonBase(EPKI_ERROR, reason) {}

openvpn/error/error.hpp

@@ -50,6 +50,7 @@ namespace openvpn {
       TUN_SETUP_FAILED,    // error setting up tun/tap interface
       TUN_IFACE_CREATE,    // error creating tun/tap interface
       TUN_IFACE_DISABLED,  // tun/tap interface is disabled
+      TUN_ERROR,           // general tun error
       TAP_NOT_SUPPORTED,   // dev tap is present in profile but not supported
       REROUTE_GW_NO_DNS,   // redirect-gateway specified without alt DNS servers
       TRANSPORT_ERROR,     // general transport error
@@ -119,6 +120,7 @@ namespace openvpn {
 	"TUN_SETUP_FAILED",
 	"TUN_IFACE_CREATE",
 	"TUN_IFACE_DISABLED",
+	"TUN_ERROR",
 	"TAP_NOT_SUPPORTED",
 	"REROUTE_GW_NO_DNS",
 	"TRANSPORT_ERROR",

openvpn/tun/mac/client/tuncli.hpp

@@ -326,6 +326,7 @@ namespace openvpn {
       void tun_error_handler(const Error::Type errtype, // called by TunImpl
 			     const asio::error_code* error)
       {
+	parent.tun_error(Error::TUN_ERROR, "TUN I/O error");
       }
 
       void stop_()

openvpn/tun/win/client/tuncli.hpp

@@ -301,6 +301,8 @@ namespace openvpn {
       {
 	if (errtype == Error::TUN_READ_ERROR && error && error->value() == 995)
 	  parent.tun_error(Error::TUN_IFACE_DISABLED, "TAP adapter is disabled");
+	else
+	  parent.tun_error(Error::TUN_ERROR, "TUN I/O error");
       }
 
       void stop_()

test/ovpncli/cli.cpp

@@ -95,7 +95,9 @@ private:
     std::cout << date_time() << " EVENT: " << ev.name;
     if (!ev.info.empty())
       std::cout << ' ' << ev.info;
-    if (ev.error)
+    if (ev.fatal)
+      std::cout << " [FATAL-ERR]";
+    else if (ev.error)
       std::cout << " [ERR]";
     std::cout << std::endl;
     if (ev.name == "DYNAMIC_CHALLENGE")