This avoids all the manual deps building and instead
uses vcpkg directly.
Note: need to remove gtest from VCPKG manifest for now:
- it only builds with -posix variant of mingw compiler
- vcpkg uses the non-posix variant and can't be trivially
reconfigured
- we build gtest from unittests anyway and that one uses
the compiler we specify
Using the posix variant of mingw compiler will require
setting up a custom triplet and toolchain. That will be
done in a later commit.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This is important since it allows us to avoid
the JsonCPP dependency on non-Win/non-Apple
systems.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Use add_library to define a target so that we do not
need to apply all the setting manually.
Use find_package_message() to avoid printing the
message more than once.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Fixes problems when calling find_package on asio multiple
times.
Originally fixed by commit cba75f1aa08374733dcc79abebeca262ae94118a
in vcpkg#28299.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
- Increase required version to 3.10. That is the version in
Ubuntu Bionic and currently the oldest one we still want
to support.
- Enable CTest for test target
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This also eliminates the undefined behaviour when rekey_type_defined
was false and rekey_type was not defined but copied
Reported-By: Trail of Bits (TOB-OVPN3-11)
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This commit adds two useful numeric limiting functions in
two headers plus a third supporting header and unit tests.
The unit tests cover all code paths and many conditions
but may not be 100% complete from a viewpoint of
covering all edge cases.
Signed-off-by: Charlie Vigue <charlie.vigue@openvpn.net>
Rewrote Win32 conversion routines to use Win32 native
conversion MultiByteToWideChar and WideCharToMultiByte.
When we go to a C++ version that supplies a non-
deprecated replacement we could revisit this.
When enabling this pre-commit hook, clang-format will be run before the
commit can be completed. If the changes about to be committed does not
adhere to the defined code style, the current commit will not be completed.
To install this pre-commit hook, run:
$ ./scripts/git-pre-commit-clangformat.sh install
This script is a slightly modified version of what is used in the
OpenVPN 2.x project, slightly modified to use clang-format instead of
uncrustify and to extend the file change filter check to include C++ source
and header files.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This function were something doing 64 bit shifts on 64 bit integers
which is not defined. Ensure that all our shifts are between 0 and
63 and restructure the function to flatten the if conditions and
use recursion for the two shift instead of repeating the same logic
for the two shifts.
Reported-By: Trail of Bits (TOB-OVPN3-6)
The current mixing of signed and unsigned is undefined behaviour. Avoid
it by explicitly only using unsiged integers.
Also fix the same issue in the test_prefixlen unit test
Reported-By: Trail of Bits (TOB-OVPN3-5)
This allows an easy way to build with llvm address sanitiser feature using
CXX=clang++ CC=clang cmake -DCMAKE_BUILD_TYPE=asan
Reported-By: Trail of Bits (TOB-OVPN3-4)
When agent-enabled client disconnects, it signals
destroy_tun event, which signals to agent that tun
has to be teared down. For dco-win, event handle is passed
to agent with /tun-open request.
Before sending /establish request, client closes previous
tun instance. Closing tun involves signaling destroy_tun event.
Event handle is closed after signaling, and here we have a problem:
- client calls /tun-open and passes event handle to agent
- client calls /establish, and before that it signals destroy_tun
event, which handle is now closed
- at some point client disconnects and signals tun_destroy event
Since event was already signaled and its handle is closed, nothing
happens and agent doesn't tear tun down. As a consequence, DNS
resolution might not work if DNS is overriden by VPN.
When client exits, agent tears tun down by failsafe logic. This doesn't
work for Connect client, which obviously doesn't exit on disconnect.
Fix this problem by avoiding signaling event between /tun-open
and /establish requests. This is done by not adding tun_setup
destructor (which signals event) to tun_persist right after /tun-open
call. There is nothing to tear down at that point yet since tun is
opened later by /establish call.
As a downside of this approach, we lose callback in client code
if agent process dies in between /tun-setup and /establish. This is
not a big problem IMO and can be fixed later.
In addition to that, send destroy_tun event also in /establish
request when using dco. This is needed to cover persist-tun case
when we reconnect and get new tun options. In this case we instantiate
new tun_setup instance, but don't call /tun-open since we keep tun
handle. Hence we have to pass destroy_tun event via /establish request.
Fixes https://github.com/OpenVPN/openvpn3/issues/257
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Previously, ConstBuffer was simply a BufferType with a const
data type. However this model, and the fact that BufferType
has a vtable, makes it difficult to efficiently cast Buffer
to ConstBuffer via static_cast without introducing an unsafe
downcast.
This commit tries a different approach by factoring out const
BufferType operations into a new base class ConstBufferType.
In the new model, BufferType inherits from ConstBufferType.
Member functions that treat the underlying data buffer as
const have been moved to ConstBufferType while member
functions that treat it as mutable remain in BufferType.
This makes casting BufferType to ConstBufferType a trivial
upcast while also greatly simplifying const_buffer_ref().
Signed-off-by: James Yonan <james@openvpn.net>
This file will help reading through git blame and similar outputs, as
listed commit references will be ignored/skipped. This file will
typically contain commits related to code style changes and similar
changes. This way the code style commits will not add confusion to who
did a certain change.
Signed-off-by: David Sommerseth <davids@openvpn.net>
This is the result after running 'clang-format -i' on all C++ files and
headers, with the defined formatting rules in .clang-format.
Only the openvpn/common/unicode-impl.hpp has been excluded, as that is
mostly a copy of an external project.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Adds a library method C2os:cast() that converts an iterable container,
i.e., one that can be a range-expression in a range-based for loop,
into a type that can be inserted into an ostream. This only addresses
the container semantics in the ostream insertion. The underlying
contained type T (if the container were stl, the value_type) must work
with ostream<<.
The result of the operator<< insertion is a square bracket enclosed,
comma delimited string of the items in the container. Note that the
commit includes ideas on expanding choices of container rendering
details.
Attribution to James Yonan. Made significant contribution to
expanding the scope of collections. And reduced code complexity.
Also to Charlie Vigue; eliminated the "first" test inside the loop.
Signed-off-by: Mark Deric <jmark@openvpn.net>
The crypto library function from OpenSSL uses custom assembler code
and should be safe. Also the code has been excersised already by the
Android/iOS builds.
Signed-off-by: Arne Schwabe <arne@openvpn.net>