Preserve tun and routes across reconnects. Store tun descriptor in
TunPersist object, which is member of TunClientFactory. Handle
add/remove commands inside TunBuilderSetup::Base instance, which is
owned by TunPersist.
Tunnel is recreated if new tunnel options are different from previous
ones.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Found some cases where raw pointers embedded in closures and
passed via asio async methods could potentially leak if the
io_context is destroyed before the run() method is called.
With C++14 and higher supporting generalized lambda capture,
we can now wrap these pointers in a std::unique_ptr for
minimal cost.
Signed-off-by: James Yonan <james@openvpn.net>
* Put all methods in the LZ4 namespace.
* Throw errors instead of returning null BufferPtr().
* For decompress(), make sure that max_decompressed_size
doesn't exceed LZ4_MAX_INPUT_SIZE.
This commit only affects the standalone LZ4 helper functions,
not the LZ4 module that is part of the OpenVPN protocol.
Signed-off-by: James Yonan <james@openvpn.net>
It probably makes more sense for debug logging to be handled
by the caller.
Also removed OPENVPN_GZIP_VERBOSE.
Signed-off-by: James Yonan <james@openvpn.net>
SSL_MODE_RELEASE_BUFFERS will free buffers that are fully drained
and re-allocate them as needed. Testing with proto.cpp suggests
that this doesn't negatively affect performance.
Signed-off-by: James Yonan <james@openvpn.net>
compress_lz4() and decompress_lz4() are intended for users
that want to do simple LZ4 compression/decompression on
a Buffer without involving the OpenVPN protocol compression
modules.
Signed-off-by: James Yonan <james@openvpn.net>
Fixed regression in:
template <typename T_>
BufferAllocatedType(const BufferType<T_>& other, const unsigned int flags)
That was introduced by commit b48a1682a7e9c666e1b6605747d3d561f2fbb5c4
BufferAllocated: improve movability
Added BufferAllocated move constructor for foreign
BufferAllocated template classes.
Basically the source of the memcpy was not taking into account
the offset.
Signed-off-by: James Yonan <james@openvpn.net>
This will ensure that mbedtls is still passing all its
unit test before building it.
It is important to run the checks because we backport patches
on our own and they may break during the process.
Checks are perfomed only when building for linux or for osx.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Please check the commit messages of the new patches for a better
description.
In a nutshell, this change allows mbedTLS to properly decrypt
keys created by OpenSSL using PKCS#5v2 with PRF different from
SHA1.
This change also add their related unit-tests.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Due to a typ0 in the validate_tls_crypt() function,
ack_skip() is invoked with the not-yet decrypted packet
as argument instead of the decrypted one.
This leads to buffer exceptions, becuse ack_skip() will
read a bogus ACK array length instead of the proper value.
This bug may lead to renegotiations issues on clients
due to a forced rejection of soft-reset packets in
proto.hpp:control_net_recv().
Fix the issue by passing the proper packet buffer to
ack_skip().
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This branch is targeted for consumers of the library, where we will do
release handling. This branch should contain reasonably well tested and
stable code only. Features under development and testing should only be
worked on outside of this branch until it is ready and can be merged
into stable.
Since it has been quite some time since the version.hpp file was
updated, this change will now set version to 3.2 - to start this new
versioning regime.
The version numbering and release process is further described in
VersionNumbering.rst
Signed-off-by: David Sommerseth <davids@openvpn.net>
// If true, consider AUTH_FAILED to be a non-fatal error,
// and retry the connection after a pause.
bool retryOnAuthFailed = false;
Signed-off-by: James Yonan <james@openvpn.net>
The OpenVPN 3 config file parser allows an embedded server list,
given as:
setenv SERVER <HOST1>/<FRIENDLY_NAME1>
setenv SERVER <HOST2>/<FRIENDLY_NAME2>
. . .
This patch allows the -s server override to specify
a friendly name and will substitute the host or IP
address given in the server list.
Signed-off-by: James Yonan <james@openvpn.net>
Using LinuxGW46 instead of the obsolete get_default_gateway_v4()
allows us to correctly implement the bypass route for
redirect-gateway ipv6.
Signed-off-by: James Yonan <james@openvpn.net>
Added BufferAllocated move constructor for foreign
BufferAllocated template classes.
In order to make this work, we need to:
(a) generally friend BufferType and BufferAllocatedType
to all BufferAllocatedType template classes, and
(b) require typename R (thread_unsafe_refcount or
thread_safe_refcount) to be specified for
BufferAllocatedType (previously it was optional
and defaulted to thread_unsafe_refcount).
Signed-off-by: James Yonan <james@openvpn.net>
* Added native_handle() virtual method
* Use AltRouting abstract socket when
OPENVPN_POLYSOCK_SUPPORTS_ALT_ROUTING is defined
Signed-off-by: James Yonan <james@openvpn.net>
