Wintun documentation clearly states that we must use auto-reset events in ring buffers.
Auto-reset sets event back to non-signalled state after calling WaitForSingleObject.
Without auto-reset and explicit ResetEvent call we got a busy loop.
To avoid confusion move event.hpp from common/ to win/, since it is
Windows-specific code.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This allows to run openvpn under normal user account,
in which case ring buffers registration is performed
by a separate privileged process.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Command output can be in any encoding, for example cp866
in Russian edition of Windows and cp850 in English one.
This ensures that output is always utf8 encoded.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
This uses Windows-specific wchar_t override of std::ifstream
to make it work with UNICODE paths. It is assumed that caller
passes UTF8-encoded string.
To support passing non-ASCII chars via command line, we
read it as wstring and then convert to UTF-8 encoded string.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Set proxy settings in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
If process is running under SYSTEM account, we impersonate to
logged-in user to access HKEY_CURRENT_USER.
After modifying proxy setting we need to tell Windows to refresh those,
we do it if process is running under user account. Unfortunately WinInet API
we use is not available for services, even with impersonation, so
user application should take care of refreshing settings.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Created a lightweight abstraction layer so that another i/o
reactor can be dropped in place of asio.
The basic approach is to rename all references to asio::xxx
types to openvpn_io::xxx and then make openvpn_io a
preprocessor variable that points to the top-level namespace
of the i/o reactor implementation.
All of the source files that currently include <asio.hpp> now
include <openvpn/io/io.hpp> instead:
This gives us a lightweight abstraction layer that allows us
to define openvpn_io to be something other than asio.
Other changes:
* Inclusion of asio by scripts/build is now optional, and is
enabled by passing ASIO=1 or ASIO_DIR=<dir>.
* Refactored openvpn/common/socktypes.hpp to no longer
require asio.
* Refactored openvpn/log/logthread.hpp to no longer require
asio.
* Added openvpn::get_hostname() method as alternative to
calling asio directly.
* openvpn/openssl/util/init.hpp will now #error
if USE_ASIO is undefined.
Signed-off-by: James Yonan <james@openvpn.net>
preventing DNS leakage.
Filter #1 -- permit IPv4 DNS requests from OpenVPN app
Filter #2 -- permit IPv6 DNS requests from OpenVPN app
Filter #3 -- block IPv4 DNS requests from other apps
Filter #4 -- block IPv6 DNS requests from other apps
Filter #5 -- allow IPv4 traffic from TAP
Filter #6 -- allow IPv6 traffic from TAP
This change has the unfortunate side-effect of causing
lags in DNS resolution, so for now the capability is
disabled in tunsetup.hpp, pending evaluation of
NRPT-based approaches.
* Where unicode/ansi versions of a method exist, always
explicitly call one of unicode or ansi methods by
appending a 'W' or 'A' to the end of the method name.
Never omit the 'W' or 'A' because that will cause the
default method to be used which may vary according to
build flags.
* Prepend all Windows API method references with "::" to
indicate that the method names should be resolved from
the top-level namespace.
* Work with new polymorphic ActionList objects.
* Implemented TAP setup code for pre-Vista Windows
(when _WIN32_WINNT < 0x0600).
* Still to do: sanity check input to from_json_untrusted()
methods.
executed asynchronously in a worker thread.
Needed to make some changes to logthread as well
to allow log context to be made available to
the worker thread.
Implemented full TunClient class for Windows with TAP driver
support. For now, we use netsh (rather than TAP driver DHCP)
to set all tunnel adapter properties, as this appears to work
great on Windows 7.
IPv6 is fully supported.
Known isues:
* netsh doesn't have a command for adding DNS search domains, so
we don't support them yet.
* While we always try to remove routes and added properties from
TAP adapter instance when we close out the session, for robustness,
when we bring up TAP adapter, we should try to delete any stale
routes on interface left over from previous session.
* Right now we call netsh with system(). For security and
compatibility with Windows apps (not only console apps),
we should use CreateProcess instead.
