Added SocketProtect abstraction for Android.

openvpn/common/platform.hpp

@@ -19,4 +19,8 @@
 # define OPENVPN_PLATFORM_LINUX
 #endif
 
+#if !defined(_WIN32)
+#define OPENVPN_PLATFORM_TYPE_UNIX
+#endif
+
 #endif // OPENVPN_COMMON_PLATFORM_H

openvpn/transport/client/tcpcli.hpp

@@ -8,6 +8,7 @@
 #include <openvpn/transport/tcplink.hpp>
 #include <openvpn/transport/endpoint_cache.hpp>
 #include <openvpn/transport/client/transbase.hpp>
+#include <openvpn/transport/socket_protect.hpp>
 
 namespace openvpn {
   namespace TCPTransport {
@@ -27,6 +28,8 @@ namespace openvpn {
       Frame::Ptr frame;
       SessionStats::Ptr stats;
 
+      SocketProtect* socket_protect;
+
       static Ptr new_obj()
       {
 	return new ClientConfig;
@@ -40,7 +43,8 @@ namespace openvpn {
     private:
       ClientConfig()
 	: send_queue_max_size(64),
-	  free_list_max_size(8)
+	  free_list_max_size(8),
+	  socket_protect(NULL)
       {}
     };
 
@@ -191,6 +195,10 @@ namespace openvpn {
       void start_connect_()
       {
 	socket.open(server_endpoint.protocol());
+#ifdef OPENVPN_PLATFORM_TYPE_UNIX
+	if (config->socket_protect)
+	  config->socket_protect->socket_protect(socket.native_handle());
+#endif
 	socket.set_option(boost::asio::ip::tcp::no_delay(true));
 	socket.async_connect(server_endpoint, asio_dispatch_connect(&Client::start_impl_, this));
       }

openvpn/transport/client/udpcli.hpp

@@ -8,6 +8,7 @@
 #include <openvpn/transport/udplink.hpp>
 #include <openvpn/transport/endpoint_cache.hpp>
 #include <openvpn/transport/client/transbase.hpp>
+#include <openvpn/transport/socket_protect.hpp>
 
 namespace openvpn {
   namespace UDPTransport {
@@ -26,6 +27,8 @@ namespace openvpn {
       Frame::Ptr frame;
       SessionStats::Ptr stats;
 
+      SocketProtect* socket_protect;
+
       static Ptr new_obj()
       {
 	return new ClientConfig;
@@ -38,7 +41,10 @@ namespace openvpn {
 
     private:
       ClientConfig()
-	: server_addr_float(false), n_parallel(8) {}
+	: server_addr_float(false),
+	  n_parallel(8),
+	  socket_protect(NULL)
+      {}
     };
 
     class Client : public TransportClient
@@ -106,6 +112,7 @@ namespace openvpn {
 	     ClientConfig* config_arg,
 	     TransportClientParent& parent_arg)
 	:  io_service(io_service_arg),
+	   socket(io_service_arg),
 	   config(config_arg),
 	   parent(parent_arg),
 	   resolver(io_service_arg),
@@ -137,6 +144,7 @@ namespace openvpn {
 	    if (impl)
 	      impl->stop();
 
+	    socket.close();
 	    resolver.cancel();
 	  }
       }
@@ -167,11 +175,14 @@ namespace openvpn {
       void start_impl_()
       {
 	config->endpoint_cache.set_endpoint(server_endpoint);
-	impl.reset(new LinkImpl(io_service,
-				this,
-				server_endpoint,
-				REMOTE_CONNECT,
-				false,
+	socket.open(server_endpoint.protocol());
+#ifdef OPENVPN_PLATFORM_TYPE_UNIX
+	if (config->socket_protect)
+	  config->socket_protect->socket_protect(socket.native_handle());
+#endif
+	socket.connect(server_endpoint);
+	impl.reset(new LinkImpl(this,
+				socket,
 				config->frame,
 				config->stats));
 	impl->start(config->n_parallel);
@@ -179,6 +190,7 @@ namespace openvpn {
       }
 
       boost::asio::io_service& io_service;
+      boost::asio::ip::udp::socket socket;
       ClientConfig::Ptr config;
       TransportClientParent& parent;
       LinkImpl::Ptr impl;

openvpn/transport/socket_protect.hpp

@@ -0,0 +1,15 @@
+#ifndef OPENVPN_TRANSPORT_SOCKET_PROTECT_H
+#define OPENVPN_TRANSPORT_SOCKET_PROTECT_H
+
+namespace openvpn {
+  // Used as an interface in cases where the high-level controlling app
+  // needs early access to newly created transport sockets for making
+  // property changes.  For example, on Android, we need to "protect"
+  // the socket from being routed into the VPN tunnel.
+  class SocketProtect {
+  public:
+    virtual bool socket_protect(int socket) = 0;
+  };
+}
+
+#endif

openvpn/transport/tcplink.hpp

@@ -100,11 +100,7 @@ namespace openvpn {
 
       void stop()
       {
-	if (!halt)
-	  {
-	    halt = true;
-	    socket.close();
-	  }
+	halt = true;
       }
 
       ~Link() { stop(); }

openvpn/transport/udplink.hpp

@@ -34,43 +34,23 @@ namespace openvpn {
       Endpoint sender_endpoint;
     };
 
-    enum BindType {
-      LOCAL_BIND,       // (server) bind locally
-      REMOTE_CONNECT,   // (client) don't bind locally, connect to explicit remote endpoint
-    };
-
     template <typename ReadHandler>
     class Link : public RC<thread_unsafe_refcount>
     {
     public:
       typedef boost::intrusive_ptr<Link> Ptr;
 
-      Link(boost::asio::io_service& io_service,
-	   ReadHandler read_handler_arg,
-	   const Endpoint& endpoint,
-	   BindType bind_type,
-	   const bool reuse_addr,
+      Link(ReadHandler read_handler_arg,
+	   boost::asio::ip::udp::socket& socket_arg,
 	   const Frame::Ptr& frame_arg,
 	   const SessionStats::Ptr& stats_arg)
-	: socket(io_service),
+	: socket(socket_arg),
 	  halt(false),
 	  read_handler(read_handler_arg),
 	  frame(frame_arg),
 	  frame_context((*frame_arg)[Frame::READ_LINK_UDP]),
 	  stats(stats_arg)
       {
-	if (bind_type == LOCAL_BIND)
-	  {
-	    socket.open(endpoint.protocol());
-	    if (reuse_addr)
-	      socket.set_option(boost::asio::ip::udp::socket::reuse_address(true));
-	    socket.bind(endpoint);
-	  }
-	else if (bind_type == REMOTE_CONNECT)
-	  {
-	    socket.open(endpoint.protocol());
-	    socket.connect(endpoint);
-	  }
       }
 
       bool send(const Buffer& buf, Endpoint* endpoint)
@@ -112,11 +92,7 @@ namespace openvpn {
       }
 
       void stop() {
-	if (!halt)
-	  {
-	    halt = true;
-	    socket.close();
-	  }
+	halt = true;
       }
 
       ~Link() { stop(); }
@@ -158,7 +134,7 @@ namespace openvpn {
 	  }
       }
 
-      boost::asio::ip::udp::socket socket;
+      boost::asio::ip::udp::socket& socket;
       bool halt;
       ReadHandler read_handler;
       Frame::Ptr frame;