diff options
| author | Bertrand Jacquin <beber@meleeweb.net> | 2013-05-29 01:54:32 +0200 |
|---|---|---|
| committer | Bertrand Jacquin <beber@meleeweb.net> | 2013-05-29 01:54:32 +0200 |
| commit | 756ecb031477bf2df68d5268e9d7efb548881e73 (patch) | |
| tree | a8c1b96487ebf886e118eda332fa0db4d3b8fdad /net-misc | |
| parent | sys-boot/grub: remove prepalldocs (diff) | |
| download | portage-756ecb031477bf2df68d5268e9d7efb548881e73.tar.xz | |
net-misc/openvpn: remove 2.1
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/openvpn/Manifest | 5 | ||||
| -rw-r--r-- | net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch | 10 | ||||
| -rw-r--r-- | net-misc/openvpn/files/openvpn-2.1_rc6-udp6.patch | 2521 | ||||
| -rw-r--r-- | net-misc/openvpn/files/openvpn-2.1_rc7-tap.patch | 57 | ||||
| -rw-r--r-- | net-misc/openvpn/openvpn-2.1_rc7.ebuild | 146 |
5 files changed, 0 insertions, 2739 deletions
diff --git a/net-misc/openvpn/Manifest b/net-misc/openvpn/Manifest index 7c99c5e1..d7f9caf5 100644 --- a/net-misc/openvpn/Manifest +++ b/net-misc/openvpn/Manifest @@ -2,18 +2,13 @@ AUX 65openvpn 45 SHA256 d5758e39fdc75dcbb5a788b1afa743c3c1f08c63c535aa32c300b965 AUX down.sh 943 SHA256 39debebcd8c899f20e6d355cbc8eaab46e28b83a9f6c33a94c065688a4f3d2c7 WHIRLPOOL c66fd1e016656fe83d7f55b77bf232058397f9cd3054abe13ec006c227afe6746ee4ada310ff43761ec95510f736b8e542f136711d648642eecafe055975c57e AUX openvpn-2.1.conf 892 SHA256 330149a83684ddabe413d134d4c8efad4c88b18c2ab67165014deff5f7fffad2 WHIRLPOOL 6ef644826e1e9e2a100e0fa20b5c9190e92c9e08a366dee28dccf3f70fa0593f3c4d271e42db3920630f03704aa2aef8e84d9efbb2b4b6a0d08e74bb340fb0a5 AUX openvpn-2.1.init 4186 SHA256 d1b1f8a00935d77521bceb62535350444df3470fa45f4d33c3934051a1bb595b WHIRLPOOL 9d34c438b7d9e45678e2aa48ab42a68b9e2801423688c6280cbb4934a8ef04cbf8a7953a061659f57fb02adf535596ac9313268c29e2dc18cffbf7315681da82 -AUX openvpn-2.1_rc13-peercred.patch 251 SHA256 e7c2025ec49d3a5c2d95d80ee3c26ed9ccd0587d1664860b3a1eceb2bb7c778f WHIRLPOOL 37002b1772693607925b5ade910d5cab8addf74206ed118706412eae6fc5f6549569c9bf53263ded39e491be621968b633e0d37aed8d4774106b555bc6f3253c AUX openvpn-2.1_rc20-pkcs11.patch 622 SHA256 f972c473645f880c27b3c72379c49183f1e27d352f401d5ea7e734fad99f2d6c WHIRLPOOL 27b419cb24b44fee8164bc25f6bba10a8212e4f407cb8635168cae39e5c1620b8443eece66f0bea04ee1456caa4f72bb72fb73c797fb68066e5f552c89e2e41f -AUX openvpn-2.1_rc6-udp6.patch 76842 SHA256 0886a848f7fe52d0394bf51da814f9772ada6c14c682396a8e36085c1cd99c48 WHIRLPOOL e29a8a689aebf386333d12cea71bdd6d108a14668119aad254630b95ddca12d79426dcaf67168955eed8dcba4093b4114dc7de075aab68c2d15b05a4b3865ca3 -AUX openvpn-2.1_rc7-tap.patch 1474 SHA256 f26a2ccad67a23c863241ca64c110c36601d70a0e6e0d6d626c02d176c36a2db WHIRLPOOL 1cb590bb5be4058b3e9f1a93062c74be12e37579ea237df58c44383cb5d875ccbd5dd5593fb2490800704970495d1b811b99f63f653f714a85c6c3d6d6c01533 AUX openvpn-2.2.0-BJA-win-ipv6.diff 462 SHA256 560ea9753c05a1472b98ebee945b983d9040a92229318396645fef6a68d26df1 WHIRLPOOL 269c2622c9b3526925093fc7146485632e76f8138d111b1d8cb5afd4b070fcf78e078588b860fef9aad89535450a24f7f7491bf61858f73ae50de29b7b4e3902 AUX openvpn-2.2.0-BJA-win.diff 226 SHA256 946449ae548c7a4b05214b063db5a6c3ee7e004f76a95c472e805a18106b9daa WHIRLPOOL a761e1af07cffaf3276db48d07375fb6127e797f36965eaa2e39a594479818222de40f831787d153f62ff59e4e2b30d7b6eb65a24200776e1bfdd38a8ba7ee6a AUX openvpn-windres.diff 2522 SHA256 70a5f548074b96bcded005036afe18d293aeba04651d4991aa03c3f11a4fb0aa WHIRLPOOL 1a76e2753d768d53241e5b2685b8e0f58811f7ad50e055b4033be30d7b1916ac164b583d6fbdbfbd9e44ca4ae9b1d2b769206f9313c984d95b281b6c12ae6748 AUX openvpn.init 1486 SHA256 c4b9e0899fa5ee0b90c5100da7711dc7a6a5658f10042b0feda9e7efb90a11cf WHIRLPOOL e549221283b4b92c9ada312a746c4ad4c645493c1c844ddaddefecee4c31e17bd4bd8555618408e065c83143e157aaf7e75b44f01abe43f507835df2aa1149d3 AUX up.sh 2594 SHA256 848da0929c37b2112769232fbbdf61961b6107c6726d4b74d1ceb034b39ad5dd WHIRLPOOL 6ca78403ac7019d4e85d05465e5188d4ca2891bc947e1021f2b8497e83ffd9126544dbf82a5e368b9583c69bf6c42a682f1a7912503f862ae2c3dd5e46f0fdcc -DIST openvpn-2.1_rc7.tar.gz 787379 SHA256 c07fcbc41465bf508caff70dcc4238b8c95e9b2f35bec7bf891f7164027ecbf8 DIST openvpn-2.2.0.tar.gz 898381 SHA256 71ebeaaba1641e6d1454ae0f10f986002e5c6afdcd09da659122e3e5c74a2567 DIST openvpn-2.2RC2-ipv6-20110424-2.patch.gz 35519 SHA256 e2bf528771412f2aaf96cf87f07bf0d6cba5e3bf0565f8bc082be1cbeae64d21 -EBUILD openvpn-2.1_rc7.ebuild 4235 SHA256 fc1db57e0d0336267dabc75249586e1775b2764b7667fa3b0cf8b9271a32d10d WHIRLPOOL ffa4d2d27873e8b6ba6a6a6755be1b6419f587efdf5c3b02bd09926eb0b5cec4978724f81a782784b7db25bfe81855578f651d6afae8921325c17a191ae19c06 EBUILD openvpn-2.2.0-r1.ebuild 5743 SHA256 0e543a2fffb76b6a8b5d78db98b97fa62213d8d08649180078489fc687dff106 WHIRLPOOL 23905e13ab19c4d95643a0e5bd9a12358db0b551a2f166d1b7d17df9f314bd82cda9d30b487259653550074259136e280b6c14dcab0df84f6ac86817d536ea96 MISC metadata.xml 362 SHA256 1ae041177bbb0f807aa5dc56f5462fd266260ff2e723af95cfe71f5b1892f371 WHIRLPOOL 15759e50603a6f775537a91844f42978da1331ae9e143b72ab296de10a014b8add0b6a8f63989a1b996297b8ceb021d6a147e132b542a5276d0cf0a3ad5af43d diff --git a/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch b/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch deleted file mode 100644 index 6592cf19..00000000 --- a/net-misc/openvpn/files/openvpn-2.1_rc13-peercred.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- socket.c~ 2008-11-02 01:39:00.406009999 +0100 -+++ socket.c 2008-11-02 01:39:00.406009999 +0100 -@@ -22,6 +22,7 @@ - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -+#define _GNU_SOURCE - #include "syshead.h" - - #include "socket.h" diff --git a/net-misc/openvpn/files/openvpn-2.1_rc6-udp6.patch b/net-misc/openvpn/files/openvpn-2.1_rc6-udp6.patch deleted file mode 100644 index 842839e5..00000000 --- a/net-misc/openvpn/files/openvpn-2.1_rc6-udp6.patch +++ /dev/null @@ -1,2521 +0,0 @@ -diff --git a/jjo-tests/libtest.sh b/jjo-tests/libtest.sh -new file mode 100755 -index 0000000..ab0d4b5 ---- /dev/null -+++ b/jjo-tests/libtest.sh -@@ -0,0 +1,115 @@ -+#!/bin/bash -+ -+typeset -i test_num=0 # increments w/each test_define -+typeset test_msg # prefix: "test nr#" for msgs -+typeset test_name # test name given -+typeset test_sanename # test name with all whitespace (and alike) replaced by '_' -+ -+TEST_CLEANUP=":" -+ -+say () { -+ echo "$@" >&3 -+} -+err () { -+ echo "$@" >&4 -+} -+debug () { -+ echo "$@" >&4 -+} -+test_define() { -+ test_name="$*" -+ test_sanename="$(echo -n $test_name| tr -c '[A-Za-z0-9._]' _ )" -+ test_num=test_num+1 -+ test_msg="test $test_num" -+ test_bg_cleanup -+} -+test_expect_success () { -+ local msg="$1" -+ test $# -ge 2 || { err "usage error: test_expect_failure msg cmd args ..."; return 1; } -+ say -n "$test_msg: -- $msg (expecting success) " -+ shift -+ (eval "$@" 4>&1) && { say -e "\n$test_msg: OK %%% $test_sanename" ; return 0 ; } -+ say -e "\n$test_msg: FAILED %%% $test_sanename" -+ return 1 -+} -+ -+test_expect_failure () { -+ local msg="$1" -+ test $# -ge 2 || { err "usage error: test_expect_failure msg cmd args ..."; return 1;} -+ say -n "$test_msg: -- $msg (expecting failure) " -+ shift -+ (eval "$@") && { say -e "\n$test_msg: FAILED %%% $test_sanename" >&3 ; return 0 ; } -+ say -e "\n$test_msg: OK %%% $test_sanename" -+ return 1 -+} -+ -+test_bg_egrep() { -+ local nsecs="$1" -+ local txt="$2" -+ local ret -+ shift 2 -+ test_expect_success "$test_name" \ -+ "set -m ; $@ &> $t/out-$test_sanename & -+ s=1; -+ for i in \$(seq 1 $nsecs);do -+ say -n '.' -+ kill -0 %1 || { egrep failed $t/out-$test_sanename >&4; break; } -+ o=\$(egrep \"$txt\" $t/out-$test_sanename ) && { debug \$o; s=0; break; } -+ sleep 1; -+ done; -+ kill %1 -+ wait -+ exit \$s -+ " 2>/dev/null 4>$t/err -+ ret=$? -+ test $ret -eq 0 && return 0 -+ say "$test_msg: see: $t/out-$test_sanename*" -+ return $ret -+} -+# run command in *current* shell ignoring stderr, evals args passed -+quiet2() { -+ #backup fd=2 -+ exec 250>&2 -+ exec 2>/dev/null -+ eval "$@" -+ #close auxfd -+ exec 2>&250 -+ exec 250>&- -+} -+test_bg_prev(){ local out=$t/out-$test_sanename-prev; $@ >& $out & } -+test_bg_cleanup() { quiet2 "$TEST_CLEANUP;${@:-:};kill % 2>/dev/null;wait" ;} -+test_set_cleanup () { TEST_CLEANUP="${*:-:}" ;} -+ -+t=/tmp -+exec 3>&1 -+exec 4>&2 -+ -+#========= -+ -+ln -sf $PWD/openvpn $t/openvpn-test -+export OPENVPN=$t/openvpn-test -+ -+test_set_cleanup "killall $OPENVPN" -+ -+trap 'test_bg_cleanup;exit' 0 2 15 -+ -+test_define "UDP6 loopback" -+test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp6-0-loopback-self.sh -+ -+test_define "UDP6 loopback byname" -+test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp6-0-loopback-byname.sh -+ -+test_define "TCP6 loopback" -+test_bg_prev ../jjo-tests/run-tcp6-0-loopback-server.sh -+test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp6-0-loopback-client.sh -+ -+test_define "TCP6 loopback byname" -+test_bg_prev ../jjo-tests/run-tcp6-0-loopback-server-byname.sh -+test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp6-0-loopback-client-byname.sh -+ -+test_define "UDP4 loopback" -+test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-udp4-0-loopback-self.sh -+ -+test_define "TCP4 loopback" -+test_bg_prev ../jjo-tests/run-tcp4-0-loopback-server.sh -+test_bg_egrep 30 "Initialization Sequence Completed" ../jjo-tests/run-tcp4-0-loopback-client.sh -diff --git a/jjo-tests/qemu-ifup-2.jjo.sh b/jjo-tests/qemu-ifup-2.jjo.sh -new file mode 100755 -index 0000000..60418ad ---- /dev/null -+++ b/jjo-tests/qemu-ifup-2.jjo.sh -@@ -0,0 +1,12 @@ -+#!/bin/sh -x -+#sudo sh -c "/sbin/ifconfig $1 hw ether 00:00:00:00:00:01; /sbin/ifconfig $1 192.168.254.1" -+export PATH=/sbin:/usr/sbin:$PATH -+NUM=2 -+DEV=qemutun$NUM -+sudo sh -x <<EOF -+ip li set $1 name $DEV -+ip li set $DEV address 00:00:00:00:00:01 -+ip li set $DEV up -+ip ad add 192.168.254.1 dev $DEV -+ip ro add 192.168.254.$NUM dev $DEV -+EOF -diff --git a/jjo-tests/qemu-ifup-3.jjo.sh b/jjo-tests/qemu-ifup-3.jjo.sh -new file mode 100755 -index 0000000..56c2f33 ---- /dev/null -+++ b/jjo-tests/qemu-ifup-3.jjo.sh -@@ -0,0 +1,12 @@ -+#!/bin/sh -x -+#sudo sh -c "/sbin/ifconfig $1 hw ether 00:00:00:00:00:01; /sbin/ifconfig $1 192.168.254.1" -+export PATH=/sbin:/usr/sbin:$PATH -+NUM=3 -+DEV=qemutun$NUM -+sudo sh -x <<EOF -+ip li set $1 name $DEV -+ip li set $DEV address 00:00:00:00:00:01 -+ip li set $DEV up -+ip ad add 192.168.254.1 dev $DEV -+ip ro add 192.168.254.$NUM dev $DEV -+EOF -diff --git a/jjo-tests/run-afunix-0-loop.sh b/jjo-tests/run-afunix-0-loop.sh -new file mode 100755 -index 0000000..ed50691 ---- /dev/null -+++ b/jjo-tests/run-afunix-0-loop.sh -@@ -0,0 +1,4 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+rm -fv /tmp/o.s -+${OPENVPN} --proto unix-dgram --local /tmp/o.s --remote /tmp/o.s --dev tun --ifconfig 1.1.1.1 1.1.1.2 --secret ../openvpn.key $* -diff --git a/jjo-tests/run-afunix-1-o1.sh b/jjo-tests/run-afunix-1-o1.sh -new file mode 100755 -index 0000000..3f1df0f ---- /dev/null -+++ b/jjo-tests/run-afunix-1-o1.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --proto unix-dgram --local /tmp/o1.s --remote /tmp/o2.s --dev tun --ifconfig 1.1.1.1 1.1.1.2 --secret ../openvpn.key $* -diff --git a/jjo-tests/run-afunix-1-o2.sh b/jjo-tests/run-afunix-1-o2.sh -new file mode 100755 -index 0000000..6e94213 ---- /dev/null -+++ b/jjo-tests/run-afunix-1-o2.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --proto unix-dgram --local /tmp/o2.s --remote /tmp/o1.s --dev tun --ifconfig 1.1.1.2 1.1.1.1 --secret ../openvpn.key $* -diff --git a/jjo-tests/run-oxg-1.sh b/jjo-tests/run-oxg-1.sh -new file mode 100755 -index 0000000..21fd02f ---- /dev/null -+++ b/jjo-tests/run-oxg-1.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --dev tun --proto udp --remote localhost --lport 5020 --rport 1194 --secret ../openvpn.key --ifconfig 1.1.1.1 1.1.1.2 "$@" -diff --git a/jjo-tests/run-oxg-2.sh b/jjo-tests/run-oxg-2.sh -new file mode 100755 -index 0000000..aea6345 ---- /dev/null -+++ b/jjo-tests/run-oxg-2.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --dev tun --proto udp --remote localhost --lport 5020 --rport 1194 --secret ../openvpn.key --ifconfig 1.1.1.2 1.1.1.1 "$@" -diff --git a/jjo-tests/run-tcp4-0-loopback-client.sh b/jjo-tests/run-tcp4-0-loopback-client.sh -new file mode 100755 -index 0000000..956d437 ---- /dev/null -+++ b/jjo-tests/run-tcp4-0-loopback-client.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --dev null --proto tcp-client --remote localhost --rport 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-tcp4-0-loopback-server.sh b/jjo-tests/run-tcp4-0-loopback-server.sh -new file mode 100755 -index 0000000..0cab380 ---- /dev/null -+++ b/jjo-tests/run-tcp4-0-loopback-server.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --dev null --proto tcp-server --remote localhost --lport 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-tcp6-0-loopback-client-byname.sh b/jjo-tests/run-tcp6-0-loopback-client-byname.sh -new file mode 100755 -index 0000000..f8b2cdd ---- /dev/null -+++ b/jjo-tests/run-tcp6-0-loopback-client-byname.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --dev null --proto tcp6-client --remote ip6-localhost --rport 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-tcp6-0-loopback-client.sh b/jjo-tests/run-tcp6-0-loopback-client.sh -new file mode 100755 -index 0000000..09851c5 ---- /dev/null -+++ b/jjo-tests/run-tcp6-0-loopback-client.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --dev null --proto tcp6-client --remote ::1 --rport 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-tcp6-0-loopback-server-byname.sh b/jjo-tests/run-tcp6-0-loopback-server-byname.sh -new file mode 100755 -index 0000000..8fead3c ---- /dev/null -+++ b/jjo-tests/run-tcp6-0-loopback-server-byname.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --dev null --proto tcp6-server --local ip6-localhost --lport 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-tcp6-0-loopback-server.sh b/jjo-tests/run-tcp6-0-loopback-server.sh -new file mode 100755 -index 0000000..ad36555 ---- /dev/null -+++ b/jjo-tests/run-tcp6-0-loopback-server.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${OPENVPN} --dev null --proto tcp6-server --local :: --lport 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-udp4-0-loopback-self.sh b/jjo-tests/run-udp4-0-loopback-self.sh -new file mode 100755 -index 0000000..7a29a3d ---- /dev/null -+++ b/jjo-tests/run-udp4-0-loopback-self.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${GDB} ${OPENVPN} --dev null --proto udp --remote localhost --port 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-udp4-1-qemu-guest.sh b/jjo-tests/run-udp4-1-qemu-guest.sh -new file mode 100755 -index 0000000..adcb641 ---- /dev/null -+++ b/jjo-tests/run-udp4-1-qemu-guest.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${GDB} ${OPENVPN} --dev tun --proto udp --remote 10.0.2.2 --port 5011 --secret ../openvpn.key --ifconfig 1.1.1.253 1.1.1.1 -diff --git a/jjo-tests/run-udp4-1-qemu-host.sh b/jjo-tests/run-udp4-1-qemu-host.sh -new file mode 100755 -index 0000000..8db45f2 ---- /dev/null -+++ b/jjo-tests/run-udp4-1-qemu-host.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${GDB} ${OPENVPN} --dev tun --proto udp --float --port 5011 --secret ../openvpn.key --ifconfig 1.1.1.1 1.1.1.253 -diff --git a/jjo-tests/run-udp4-2-MH.sh b/jjo-tests/run-udp4-2-MH.sh -new file mode 100755 -index 0000000..5358fbc ---- /dev/null -+++ b/jjo-tests/run-udp4-2-MH.sh -@@ -0,0 +1,4 @@ -+#!/bin/sh -x -+#pass --local ADDR --remote ADDR -+: ${OPENVPN:=./openvpn} -+${GDB} ${OPENVPN} --dev tun --proto udp --port 5011 --secret ../openvpn.key --ifconfig-noexec "$@" -diff --git a/jjo-tests/run-udp6-0-loopback-byname.sh b/jjo-tests/run-udp6-0-loopback-byname.sh -new file mode 100755 -index 0000000..993eec9 ---- /dev/null -+++ b/jjo-tests/run-udp6-0-loopback-byname.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${GDB} ${OPENVPN} --dev null --proto udp6 --remote ip6-localhost --port 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-udp6-0-loopback-self.sh b/jjo-tests/run-udp6-0-loopback-self.sh -new file mode 100755 -index 0000000..469bc39 ---- /dev/null -+++ b/jjo-tests/run-udp6-0-loopback-self.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${GDB} ${OPENVPN} --dev null --proto udp6 --remote ::1 --port 5011 --secret ../openvpn.key "$@" -diff --git a/jjo-tests/run-udp6-1-carpediem.sh b/jjo-tests/run-udp6-1-carpediem.sh -new file mode 100755 -index 0000000..bcce35e ---- /dev/null -+++ b/jjo-tests/run-udp6-1-carpediem.sh -@@ -0,0 +1,4 @@ -+#!/bin/sh -x -+REM6="fe80::2e0:7dff:fee3:ef17" -+: ${OPENVPN:=./openvpn} -+${GDB} ${OPENVPN} --dev tun --proto udp6 --remote "$REM6" --port 5010 --secret ../openvpn.key --ifconfig 1.1.1.253 1.1.1.1 -diff --git a/jjo-tests/run-udp6-1-cx.sh b/jjo-tests/run-udp6-1-cx.sh -new file mode 100755 -index 0000000..ab69ea8 ---- /dev/null -+++ b/jjo-tests/run-udp6-1-cx.sh -@@ -0,0 +1,3 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+${GDB} ${OPENVPN} --verb 5 --dev tun --proto udp6 --port 5010 --secret /home/jjo/src/juanjo/openvpn/openvpn.key --float --ifconfig 1.1.1.1 1.1.1.253 -diff --git a/jjo-tests/run-udp6-2-qemu-guest.sh b/jjo-tests/run-udp6-2-qemu-guest.sh -new file mode 100755 -index 0000000..0e280a7 ---- /dev/null -+++ b/jjo-tests/run-udp6-2-qemu-guest.sh -@@ -0,0 +1,8 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+case "$1" in -+--freebsd) shift;set -- ed0 "$@";; -+--openbsd) shift;set -- ne3 --dev tun0 "$@";; -+esac -+DEV=${1:?missing devname};shift -+${GDB} ${OPENVPN} --dev tun --proto udp6 --remote fe80::200:ff:fe00:1%$DEV --port 5010 --secret ../openvpn.key "$@" --ifconfig 1.1.1.253 1.1.1.1 -diff --git a/jjo-tests/run-udp6-2-qemu-host.sh b/jjo-tests/run-udp6-2-qemu-host.sh -new file mode 100755 -index 0000000..500f0d3 ---- /dev/null -+++ b/jjo-tests/run-udp6-2-qemu-host.sh -@@ -0,0 +1,4 @@ -+#!/bin/sh -x -+: ${OPENVPN:=./openvpn} -+DEV=${1:?missing devname};shift -+${GDB} ${OPENVPN} --dev tun --proto udp6 --remote fe80::5054:ff:fe12:3456%$DEV --port 5010 --secret ../openvpn.key --ifconfig 1.1.1.1 1.1.1.253 "$@" -diff --git a/openvpn/buffer.c b/openvpn/buffer.c -index 64307ef..0650745 100644 ---- a/openvpn/buffer.c -+++ b/openvpn/buffer.c -@@ -198,6 +198,19 @@ buf_printf (struct buffer *buf, const ch - } - } - -+void buf_puts(struct buffer *buf, const char *str) -+{ -+ uint8_t *ptr = BEND (buf); -+ int cap = buf_forward_capacity (buf); -+ if (cap > 0) -+ { -+ strncpynt ((char *)ptr,str, cap); -+ *(buf->data + buf->capacity - 1) = 0; /* windows vsnprintf needs this */ -+ buf->len += (int) strlen ((char *)ptr); -+ } -+} -+ -+ - /* - * This is necessary due to certain buggy implementations of snprintf, - * that don't guarantee null termination for size > 0. -diff --git a/openvpn/configure.ac b/openvpn/configure.ac -index 8843a2c..8cea204 100644 ---- a/openvpn/configure.ac -+++ b/openvpn/configure.ac -@@ -101,6 +101,12 @@ AC_ARG_ENABLE(multihome, - [MULTIHOME="yes"] - ) - -+AC_ARG_ENABLE(ipv6, -+ [ --disable-ipv6 Disable UDP/IPv6 support], -+ [PF_INET6="$enableval"], -+ [PF_INET6="yes"] -+) -+ - AC_ARG_ENABLE(port-share, - [ --disable-port-share Disable TCP server port-share support (--port-share)], - [PORT_SHARE="$enableval"], -@@ -406,6 +412,16 @@ LDFLAGS="$LDFLAGS -Wl,--fatal-warnings" - AC_CHECK_FUNCS(epoll_create, AC_DEFINE([HAVE_EPOLL_CREATE], 1, [])) - LDFLAGS="$OLDLDFLAGS" - -+dnl ipv6 support -+if test "$PF_INET6" = "yes"; then -+ AC_CHECKING([for struct sockaddr_in6 for IPv6 support]) -+ AC_CHECK_TYPE( -+ [struct sockaddr_in6], -+ [AC_DEFINE(USE_PF_INET6, 1, [struct sockaddr_in6 is needed for IPv6 peer support])], -+ [], -+ [#include "syshead.h"]) -+fi -+ - dnl - dnl check for valgrind tool - dnl -diff --git a/openvpn/helper.c b/openvpn/helper.c -index d2b3d6f..459f00d 100644 ---- a/openvpn/helper.c -+++ b/openvpn/helper.c -@@ -358,6 +358,10 @@ #endif /* P2MP_SERVER */ - - if (o->proto == PROTO_TCPv4) - o->proto = PROTO_TCPv4_CLIENT; -+#ifdef USE_PF_INET6 -+ else if (o->proto == PROTO_TCPv6) -+ o->proto = PROTO_TCPv6_CLIENT; -+#endif - } - - #endif /* P2MP */ -diff --git a/openvpn/init.c b/openvpn/init.c -index 244f03c..0d929e4 100644 ---- a/openvpn/init.c -+++ b/openvpn/init.c -@@ -703,7 +703,7 @@ #ifdef ENABLE_MANAGEMENT - const char *detail = "SUCCESS"; - if (c->c1.tuntap) - tun_local = c->c1.tuntap->local; -- tun_remote = htonl (c->c1.link_socket_addr.actual.dest.sa.sin_addr.s_addr); -+ tun_remote = htonl (c->c1.link_socket_addr.actual.dest.addr.in4.sin_addr.s_addr); - if (flags & ISC_ERRORS) - detail = "ERROR"; - management_set_state (management, -@@ -1105,7 +1105,7 @@ do_deferred_options (struct context *c, - #ifdef ENABLE_OCC - if (found & OPT_P_EXPLICIT_NOTIFY) - { -- if (c->options.proto != PROTO_UDPv4 && c->options.explicit_exit_notification) -+ if (!proto_is_udp(c->options.proto) && c->options.explicit_exit_notification) - { - msg (D_PUSH, "OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp"); - c->options.explicit_exit_notification = 0; -@@ -1200,12 +1200,21 @@ #endif - switch (c->options.proto) - { - case PROTO_UDPv4: -+#ifdef USE_PF_INET6 -+ case PROTO_UDPv6: -+#endif - if (proxy) - sec = c->options.connect_retry_seconds; - break; -+#ifdef USE_PF_INET6 -+ case PROTO_TCPv6_SERVER: -+#endif - case PROTO_TCPv4_SERVER: - sec = 1; - break; -+#ifdef USE_PF_INET6 -+ case PROTO_TCPv6_CLIENT: -+#endif - case PROTO_TCPv4_CLIENT: - sec = c->options.connect_retry_seconds; - break; -@@ -2292,7 +2301,7 @@ do_setup_fast_io (struct context *c) - #ifdef WIN32 - msg (M_INFO, "NOTE: --fast-io is disabled since we are running on Windows"); - #else -- if (c->options.proto != PROTO_UDPv4) -+ if (!proto_is_udp(c->options.proto)) - msg (M_INFO, "NOTE: --fast-io is disabled since we are not using UDP"); - else - { -@@ -2549,7 +2558,11 @@ init_instance (struct context *c, const - /* link_socket_mode allows CM_CHILD_TCP - instances to inherit acceptable fds - from a top-level parent */ -+#ifdef USE_PF_INET6 -+ if (c->options.proto == PROTO_TCPv4_SERVER || c->options.proto == PROTO_TCPv6_SERVER) -+#else - if (c->options.proto == PROTO_TCPv4_SERVER) -+#endif - { - if (c->mode == CM_TOP) - link_socket_mode = LS_MODE_TCP_LISTEN; -@@ -2809,17 +2822,7 @@ inherit_context_child (struct context *d - { - CLEAR (*dest); - -- switch (src->options.proto) -- { -- case PROTO_UDPv4: -- dest->mode = CM_CHILD_UDP; -- break; -- case PROTO_TCPv4_SERVER: -- dest->mode = CM_CHILD_TCP; -- break; -- default: -- ASSERT (0); -- } -+ dest->mode = proto_is_dgram(src->options.proto)? CM_CHILD_UDP : CM_CHILD_TCP; - - dest->gc = gc_new (); - -@@ -2924,7 +2927,7 @@ #endif - dest->c2.buffers_owned = false; - - dest->c2.event_set = NULL; -- if (src->options.proto == PROTO_UDPv4) -+ if (proto_is_dgram(src->options.proto)) - do_event_set_init (dest, false); - } - -diff --git a/openvpn/manage.c b/openvpn/manage.c -index 993afa2..2615137 100644 ---- a/openvpn/manage.c -+++ b/openvpn/manage.c -@@ -1351,9 +1351,9 @@ man_settings_init (struct man_settings * - /* - * Initialize socket address - */ -- ms->local.sa.sin_family = AF_INET; -- ms->local.sa.sin_addr.s_addr = 0; -- ms->local.sa.sin_port = htons (port); -+ ms->local.addr.in4.sin_family = AF_INET; -+ ms->local.addr.in4.sin_addr.s_addr = 0; -+ ms->local.addr.in4.sin_port = htons (port); - - /* - * Run management over tunnel, or -@@ -1365,7 +1365,7 @@ man_settings_init (struct man_settings * - } - else - { -- ms->local.sa.sin_addr.s_addr = getaddr -+ ms->local.addr.in4.sin_addr.s_addr = getaddr - (GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL, addr, 0, NULL, NULL); - } - -@@ -1634,7 +1634,7 @@ management_post_tunnel_open (struct mana - && man->connection.state == MS_INITIAL) - { - /* listen on our local TUN/TAP IP address */ -- man->settings.local.sa.sin_addr.s_addr = htonl (tun_local_ip); -+ man->settings.local.addr.in4.sin_addr.s_addr = htonl (tun_local_ip); - man_connection_init (man); - } - -diff --git a/openvpn/mroute.c b/openvpn/mroute.c -index a7d1215..8d85518 100644 ---- a/openvpn/mroute.c -+++ b/openvpn/mroute.c -@@ -175,25 +175,47 @@ bool mroute_extract_openvpn_sockaddr (st - const struct openvpn_sockaddr *osaddr, - bool use_port) - { -- if (osaddr->sa.sin_family == AF_INET) -+ switch (osaddr->addr.sa.sa_family) -+ { -+ case AF_INET: - { - if (use_port) - { - addr->type = MR_ADDR_IPV4 | MR_WITH_PORT; - addr->netbits = 0; - addr->len = 6; -- memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4); -- memcpy (addr->addr + 4, &osaddr->sa.sin_port, 2); -+ memcpy (addr->addr, &osaddr->addr.in4.sin_addr.s_addr, 4); -+ memcpy (addr->addr + 4, &osaddr->addr.in4.sin_port, 2); - } - else - { - addr->type = MR_ADDR_IPV4; - addr->netbits = 0; - addr->len = 4; -- memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4); -+ memcpy (addr->addr, &osaddr->addr.in4.sin_addr.s_addr, 4); - } - return true; - } -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ if (use_port) -+ { -+ addr->type = MR_ADDR_IPV6 | MR_WITH_PORT; -+ addr->netbits = 0; -+ addr->len = 18; -+ memcpy (addr->addr, &osaddr->addr.in6.sin6_addr, 16); -+ memcpy (addr->addr + 16, &osaddr->addr.in6.sin6_port, 2); -+ } -+ else -+ { -+ addr->type = MR_ADDR_IPV6; -+ addr->netbits = 0; -+ addr->len = 16; -+ memcpy (addr->addr, &osaddr->addr.in6.sin6_addr, 16); -+ } -+ return true; -+#endif -+ } - return false; - } - -@@ -268,7 +290,37 @@ mroute_addr_print (const struct mroute_a - } - break; - case MR_ADDR_IPV6: -+#ifdef USE_PF_INET6 -+ { -+ struct buffer buf; -+ struct sockaddr_in6 sin6; -+ int port; -+ char buf6[INET6_ADDRSTRLEN] = ""; -+ memset(&sin6, 0, sizeof sin6); -+ sin6.sin6_family = AF_INET6; -+ buf_set_read (&buf, maddr.addr, maddr.len); -+ if (buf_read(&buf, &sin6.sin6_addr, sizeof (sin6.sin6_addr))) -+ { -+ if (getnameinfo((struct sockaddr *)&sin6, sizeof (struct sockaddr_in6), -+ buf6, sizeof (buf6), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ buf_printf (&out, "MR_ADDR_IPV6 getnameinfo() err"); -+ break; -+ } -+ buf_puts (&out, buf6); -+ if (maddr.type & MR_WITH_NETBITS) -+ buf_printf (&out, "/%d", maddr.netbits); -+ if (maddr.type & MR_WITH_PORT) -+ { -+ port = buf_read_u16 (&buf); -+ if (port >= 0) -+ buf_printf (&out, ":%d", port); -+ } -+ } -+ } -+#else /* old pre IPV6 1-line code: */ - buf_printf (&out, "IPV6"); -+#endif - break; - default: - buf_printf (&out, "UNKNOWN"); -diff --git a/openvpn/mtcp.c b/openvpn/mtcp.c -index 6ec9974..5011688 100644 ---- a/openvpn/mtcp.c -+++ b/openvpn/mtcp.c -@@ -159,6 +159,7 @@ multi_tcp_instance_specific_init (struct - ASSERT (mi->context.c2.link_socket); - ASSERT (mi->context.c2.link_socket->info.lsa); - ASSERT (mi->context.c2.link_socket->mode == LS_MODE_TCP_ACCEPT_FROM); -+ ASSERT (mi->context.c2.link_socket->info.lsa->actual.dest.addr.sa.sa_family == AF_INET); - if (!mroute_extract_openvpn_sockaddr (&mi->real, &mi->context.c2.link_socket->info.lsa->actual.dest, true)) - { - msg (D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined"); -diff --git a/openvpn/multi.c b/openvpn/multi.c -index ee74a46..bfd79b3 100644 ---- a/openvpn/multi.c -+++ b/openvpn/multi.c -@@ -990,8 +990,8 @@ multi_learn_in_addr_t (struct multi_cont - struct mroute_addr addr; - - CLEAR (remote_si); -- remote_si.sa.sin_family = AF_INET; -- remote_si.sa.sin_addr.s_addr = htonl (a); -+ remote_si.addr.in4.sin_family = AF_INET; -+ remote_si.addr.in4.sin_addr.s_addr = htonl (a); - ASSERT (mroute_extract_openvpn_sockaddr (&addr, &remote_si, false)); - - if (netbits >= 0) -@@ -2224,9 +2224,9 @@ management_callback_kill_by_addr (void * - int count = 0; - - CLEAR (saddr); -- saddr.sa.sin_family = AF_INET; -- saddr.sa.sin_addr.s_addr = htonl (addr); -- saddr.sa.sin_port = htons (port); -+ saddr.addr.in4.sin_family = AF_INET; -+ saddr.addr.in4.sin_addr.s_addr = htonl (addr); -+ saddr.addr.in4.sin_port = htons (port); - if (mroute_extract_openvpn_sockaddr (&maddr, &saddr, true)) - { - hash_iterator_init (m->iter, &hi, true); -@@ -2287,18 +2287,13 @@ tunnel_server (struct context *top) - { - ASSERT (top->options.mode == MODE_SERVER); - -- switch (top->options.proto) { -- case PROTO_UDPv4: -- tunnel_server_udp (top); -- break; -- case PROTO_TCPv4_SERVER: -- tunnel_server_tcp (top); -- break; -- default: -- ASSERT (0); -- } -+ if (proto_is_dgram(top->options.proto)) -+ tunnel_server_udp(top); -+ else -+ tunnel_server_tcp(top); - } - -+ - #else - static void dummy(void) {} - #endif /* P2MP_SERVER */ -diff --git a/openvpn/occ.c b/openvpn/occ.c -index 6b136dc..3ec7784 100644 ---- a/openvpn/occ.c -+++ b/openvpn/occ.c -@@ -375,7 +375,7 @@ process_received_occ_msg (struct context - c->c2.max_send_size_remote, - c->c2.max_recv_size_local); - if (!c->options.fragment -- && c->options.proto == PROTO_UDPv4 -+ && (proto_is_dgram(c->options.proto)) - && c->c2.max_send_size_local > TUN_MTU_MIN - && (c->c2.max_recv_size_remote < c->c2.max_send_size_local - || c->c2.max_recv_size_local < c->c2.max_send_size_remote)) -diff --git a/openvpn/options.c b/openvpn/options.c -index 94da98e..1490009 100644 ---- a/openvpn/options.c -+++ b/openvpn/options.c -@@ -73,6 +73,12 @@ #endif - #ifdef USE_PTHREAD - " [PTHREAD]" - #endif -+#ifdef ENABLE_IP_PKTINFO -+ " [MH]" -+#endif -+#ifdef USE_PF_INET6 -+ " [PF_INET6]" -+#endif - " built on " __DATE__ - ; - -@@ -93,6 +99,9 @@ static const char usage_message[] = - "--mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'.\n" - "--proto p : Use protocol p for communicating with peer.\n" - " p = udp (default), tcp-server, or tcp-client\n" -+#ifdef USE_PF_INET6 -+ " p = udp6, tcp6-server, or tcp6-client (IPv6)\n" -+#endif - "--connect-retry n : For --proto tcp-client, number of seconds to wait\n" - " between connection retries (default=%d).\n" - "--connect-timeout n : For --proto tcp-client, connection timeout (in seconds).\n" -@@ -1421,10 +1430,10 @@ #endif - * Sanity check on TCP mode options - */ - -- if (options->connect_retry_defined && options->proto != PROTO_TCPv4_CLIENT) -+ if (options->connect_retry_defined && options->proto != PROTO_TCPv4_CLIENT && options->proto != PROTO_TCPv6_CLIENT) - msg (M_USAGE, "--connect-retry doesn't make sense unless also used with --proto tcp-client"); - -- if (options->connect_timeout_defined && options->proto != PROTO_TCPv4_CLIENT) -+ if (options->connect_timeout_defined && options->proto != PROTO_TCPv4_CLIENT && options->proto != PROTO_TCPv6_CLIENT) - msg (M_USAGE, "--connect-timeout doesn't make sense unless also used with --proto tcp-client"); - - /* -@@ -1434,7 +1443,7 @@ #endif - msg (M_USAGE, "only one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)", LINK_MTU_DEFAULT); - - #ifdef ENABLE_OCC -- if (options->proto != PROTO_UDPv4 && options->mtu_test) -+ if (!proto_is_udp(options->proto) && options->mtu_test) - msg (M_USAGE, "--mtu-test only makes sense with --proto udp"); - #endif - -@@ -1479,7 +1488,8 @@ #endif - const char *remote = l->array[i].hostname; - const int remote_port = l->array[i].port; - -- if (string_defined_equal (options->local, remote) -+ if (proto_is_net(options->proto) -+ && string_defined_equal (options->local, remote) - && options->local_port == remote_port) - msg (M_USAGE, "--remote and --local addresses are the same"); - -@@ -1508,7 +1518,7 @@ #endif - if (!options->remote_list && !options->bind_local) - msg (M_USAGE, "--nobind doesn't make sense unless used with --remote"); - -- if (options->proto == PROTO_TCPv4_CLIENT && !options->local && !options->local_port_defined && !options->bind_defined) -+ if ((options->proto == PROTO_TCPv4_CLIENT||options->proto == PROTO_TCPv6_CLIENT) && !options->local && !options->local_port_defined && !options->bind_defined) - options->bind_local = false; - - #ifdef ENABLE_SOCKS -@@ -1565,16 +1575,16 @@ #endif - */ - - #ifdef ENABLE_FRAGMENT -- if (options->proto != PROTO_UDPv4 && options->fragment) -+ if (!proto_is_udp(options->proto) && options->fragment) - msg (M_USAGE, "--fragment can only be used with --proto udp"); - #endif - - #ifdef ENABLE_OCC -- if (options->proto != PROTO_UDPv4 && options->explicit_exit_notification) -+ if (!proto_is_udp(options->proto) && options->explicit_exit_notification) - msg (M_USAGE, "--explicit-exit-notify can only be used with --proto udp"); - #endif - -- if (!options->remote_list && options->proto == PROTO_TCPv4_CLIENT) -+ if (!options->remote_list && (options->proto == PROTO_TCPv4_CLIENT||options->proto == PROTO_TCPv6_CLIENT)) - msg (M_USAGE, "--remote MUST be used in TCP Client mode"); - - #ifdef ENABLE_HTTP_PROXY -@@ -1592,7 +1602,8 @@ #ifdef ENABLE_SOCKS - msg (M_USAGE, "--socks-proxy can not be used in TCP Server mode"); - #endif - -- if (options->proto == PROTO_TCPv4_SERVER && remote_list_len (options->remote_list) > 1) -+ if ((options->proto == PROTO_TCPv4_SERVER||options->proto == PROTO_TCPv6_SERVER) -+ && remote_list_len (options->remote_list) > 1) - msg (M_USAGE, "TCP server mode allows at most one --remote address"); - - #if P2MP_SERVER -@@ -1617,7 +1628,7 @@ #endif - msg (M_USAGE, "--mode server only works with --dev tun or --dev tap"); - if (options->pull) - msg (M_USAGE, "--pull cannot be used with --mode server"); -- if (!(options->proto == PROTO_UDPv4 || options->proto == PROTO_TCPv4_SERVER)) -+ if (!(proto_is_udp(options->proto) || options->proto == PROTO_TCPv4_SERVER || options->proto == PROTO_TCPv6_SERVER)) - msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server"); - #if PORT_SHARE - if ((options->port_share_host || options->port_share_port) && options->proto != PROTO_TCPv4_SERVER) -@@ -1645,9 +1656,9 @@ #endif - msg (M_USAGE, "--inetd cannot be used with --mode server"); - if (options->ipchange) - msg (M_USAGE, "--ipchange cannot be used with --mode server (use --client-connect instead)"); -- if (!(options->proto == PROTO_UDPv4 || options->proto == PROTO_TCPv4_SERVER)) -- msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server"); -- if (options->proto != PROTO_UDPv4 && (options->cf_max || options->cf_per)) -+ if (!(proto_is_dgram(options->proto) || options->proto == PROTO_TCPv4_SERVER || options->proto == PROTO_TCPv6_SERVER )) -+ msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server (also udp6/tcp6)"); -+ if (!proto_is_udp(options->proto) && (options->cf_max || options->cf_per)) - msg (M_USAGE, "--connect-freq only works with --mode server --proto udp. Try --max-clients instead."); - if (!(dev == DEV_TYPE_TAP || (dev == DEV_TYPE_TUN && options->topology == TOP_SUBNET)) && options->ifconfig_pool_netmask) - msg (M_USAGE, "The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode"); -@@ -1724,7 +1735,7 @@ #ifdef USE_CRYPTO - /* - * Check consistency of replay options - */ -- if ((options->proto != PROTO_UDPv4) -+ if ((!proto_is_udp(options->proto)) - && (options->replay_window != defaults.replay_window - || options->replay_time != defaults.replay_time)) - msg (M_USAGE, "--replay-window only makes sense with --proto udp"); -@@ -1913,7 +1924,7 @@ #if P2MP - */ - if (options->pull - && options->ping_rec_timeout_action == PING_UNDEF -- && options->proto == PROTO_UDPv4) -+ && proto_is_udp(options->proto)) - { - options->ping_rec_timeout = PRE_PULL_INITIAL_PING_RESTART; - options->ping_rec_timeout_action = PING_RESTART; -diff --git a/openvpn/ps.c b/openvpn/ps.c -index 49b1a2c..472c626 100644 ---- a/openvpn/ps.c -+++ b/openvpn/ps.c -@@ -337,9 +337,9 @@ sock_addr_set (struct openvpn_sockaddr * - const int port) - { - CLEAR (*osaddr); -- osaddr->sa.sin_family = AF_INET; -- osaddr->sa.sin_addr.s_addr = htonl (addr); -- osaddr->sa.sin_port = htons (port); -+ osaddr->addr.in4.sin_family = AF_INET; -+ osaddr->addr.in4.sin_addr.s_addr = htonl (addr); -+ osaddr->addr.in4.sin_port = htons (port); - } - - static inline void -diff --git a/openvpn/socket.c b/openvpn/socket.c -index 70d8ffd..3074267 100644 ---- a/openvpn/socket.c -+++ b/openvpn/socket.c -@@ -42,10 +42,16 @@ - #include "memdbg.h" - - const int proto_overhead[] = { /* indexed by PROTO_x */ -- IPv4_UDP_HEADER_SIZE, -+ 0, -+ IPv4_UDP_HEADER_SIZE, /* IPv4 */ - IPv4_TCP_HEADER_SIZE, - IPv4_TCP_HEADER_SIZE, -- IPv4_TCP_HEADER_SIZE -+#ifdef USE_PF_INET6 -+ IPv6_UDP_HEADER_SIZE, /* IPv6 */ -+ IPv6_TCP_HEADER_SIZE, -+ IPv6_TCP_HEADER_SIZE, -+ IPv6_TCP_HEADER_SIZE, -+#endif - }; - - /* -@@ -260,20 +266,49 @@ - struct openvpn_sockaddr *addr, - bool *changed) - { -- if (host && addr) -- { -- const in_addr_t new_addr = getaddr ( -- GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE, -- host, -- 1, -- NULL, -- NULL); -- if (new_addr && addr->sa.sin_addr.s_addr != new_addr) -+ switch(addr->addr.sa.sa_family) { -+ case AF_INET: -+ if (host && addr) -+ { -+ const in_addr_t new_addr = getaddr ( -+ GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE, -+ host, -+ 1, -+ NULL, -+ NULL); -+ if (new_addr && addr->addr.in4.sin_addr.s_addr != new_addr) - { -- addr->sa.sin_addr.s_addr = new_addr; -+ addr->addr.in4.sin_addr.s_addr = new_addr; - *changed = true; - } -- } -+ } -+ break; -+#ifdef USE_PF_INET6 -+ case AF_INET6: /* jjoFIXME: should adapt getaddr() for AF_INET6 */ -+ if (host && addr) -+ { -+ struct addrinfo hints , *ai; -+ int err; -+ memset(&hints, 0, sizeof hints); -+ hints.ai_flags=AI_PASSIVE; -+ hints.ai_family=AF_INET6; -+ if ((err=getaddrinfo(host, NULL, &hints, &ai))==0) -+ { -+ struct sockaddr_in6 *sin6=(struct sockaddr_in6*)ai->ai_addr; -+ if (IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &addr->addr.in6.sin6_addr)) -+ { -+ int port=addr->addr.in6.sin6_port; /* backup current port for easier copy, restore later */ -+ addr->addr.in6=*sin6; /* ipv6 requires also eg. sin6_scope_id => easy to full copy*/ -+ addr->addr.in6.sin6_port=port; -+ } -+ freeaddrinfo(ai); -+ } -+ } -+ break; -+#endif -+ default: -+ ASSERT(0); -+ } - } - - static int -@@ -531,6 +566,44 @@ - return sd; - } - -+#ifdef USE_PF_INET6 -+static socket_descriptor_t -+create_socket_udp6 (const unsigned int flags) -+{ -+ socket_descriptor_t sd; -+ -+ if ((sd = socket (PF_INET6, SOCK_DGRAM, IPPROTO_UDP)) < 0) -+ msg (M_SOCKERR, "UDP: Cannot create UDP6 socket"); -+#if ENABLE_IP_PKTINFO -+ else if (flags & SF_USE_IP_PKTINFO) -+ { -+ int pad = 1; -+ setsockopt (sd, IPPROTO_IPV6, IPV6_PKTINFO, (void*)&pad, sizeof(pad)); -+ } -+#endif -+ return sd; -+} -+ -+static socket_descriptor_t -+create_socket_tcp6 (void) -+{ -+ socket_descriptor_t sd; -+ -+ if ((sd = socket (PF_INET6, SOCK_STREAM, IPPROTO_TCP)) < 0) -+ msg (M_SOCKERR, "Cannot create TCP6 socket"); -+ -+ /* set SO_REUSEADDR on socket */ -+ { -+ int on = 1; -+ if (setsockopt (sd, SOL_SOCKET, SO_REUSEADDR, -+ (void *) &on, sizeof (on)) < 0) -+ msg (M_SOCKERR, "TCP: Cannot setsockopt SO_REUSEADDR on TCP6 socket"); -+ } -+ -+ return sd; -+} -+ -+#endif - static void - create_socket (struct link_socket *sock) - { -@@ -549,6 +622,17 @@ - { - sock->sd = create_socket_tcp (); - } -+#ifdef USE_PF_INET6 -+ else if (sock->info.proto == PROTO_TCPv6_SERVER -+ || sock->info.proto == PROTO_TCPv6_CLIENT) -+ { -+ sock->sd = create_socket_tcp6 (); -+ } -+ else if (sock->info.proto == PROTO_UDPv6) -+ { -+ sock->sd = create_socket_udp6 (sock->sockflags); -+ } -+#endif - else - { - ASSERT (0); -@@ -586,7 +670,12 @@ - struct link_socket_actual *act, - const bool nowait) - { -- socklen_t remote_len = sizeof (act->dest.sa); -+ /* af_addr_size WILL return 0 in this case if AFs other than AF_INET -+ * are compiled because act is empty here. -+ * could use getsockname() to support later remote_len check -+ */ -+ socklen_t remote_len_af = af_addr_size(act->dest.addr.sa.sa_family); -+ socklen_t remote_len = sizeof(act->dest.addr); - socket_descriptor_t new_sd = SOCKET_UNDEFINED; - - CLEAR (*act); -@@ -594,7 +683,7 @@ - #ifdef HAVE_GETPEERNAME - if (nowait) - { -- new_sd = getpeername (sd, (struct sockaddr *) &act->dest.sa, &remote_len); -+ new_sd = getpeername (sd, &act->dest.addr.sa, &remote_len); - - if (!socket_defined (new_sd)) - msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed"); -@@ -607,7 +696,7 @@ - #endif - else - { -- new_sd = accept (sd, (struct sockaddr *) &act->dest.sa, &remote_len); -+ new_sd = accept (sd, &act->dest.addr.sa, &remote_len); - } - - #if 0 /* For debugging only, test the effect of accept() failures */ -@@ -623,7 +712,8 @@ - { - msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd); - } -- else if (remote_len != sizeof (act->dest.sa)) -+ /* only valid if we have remote_len_af!=0 */ -+ else if (remote_len_af && remote_len != remote_len_af) - { - msg (D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len); - openvpn_close_socket (new_sd); -@@ -724,7 +814,7 @@ - { - struct gc_arena gc = gc_new (); - -- if (bind (sd, (struct sockaddr *) &local->sa, sizeof (local->sa))) -+ if (bind (sd, &local->addr.sa, af_addr_size(local->addr.sa.sa_family))) - { - const int errnum = openvpn_errno_socket (); - msg (M_FATAL, "%s: Socket bind failed on local address %s: %s", -@@ -745,7 +835,7 @@ - - #ifdef CONNECT_NONBLOCK - set_nonblock (sd); -- status = connect (sd, (struct sockaddr *) &remote->sa, sizeof (remote->sa)); -+ status = connect (sd, &remote->addr.sa, af_addr_size(remote->addr.sa.sa_family)); - if (status) - status = openvpn_errno_socket (); - if (status == EINPROGRESS) -@@ -828,76 +918,99 @@ - int retry = 0; - - #ifdef CONNECT_NONBLOCK -- msg (M_INFO, "Attempting to establish TCP connection with %s [nonblock]", -- print_sockaddr (remote, &gc)); -+ msg (M_INFO, "Attempting to establish TCP connection with %s [nonblock]", -+ print_sockaddr (remote, &gc)); - #else -- msg (M_INFO, "Attempting to establish TCP connection with %s", -- print_sockaddr (remote, &gc)); -+ msg (M_INFO, "Attempting to establish TCP connection with %s", -+ print_sockaddr (remote, &gc)); - #endif - - while (true) -- { -- int status; -+ { -+ int status; - - #ifdef ENABLE_MANAGEMENT -- if (management) -- management_set_state (management, -- OPENVPN_STATE_TCP_CONNECT, -- NULL, -- (in_addr_t)0, -- (in_addr_t)0); -+ if (management) -+ management_set_state (management, -+ OPENVPN_STATE_TCP_CONNECT, -+ NULL, -+ (in_addr_t)0, -+ (in_addr_t)0); - #endif - -- status = openvpn_connect (*sd, remote, connect_timeout, signal_received); -+ status = openvpn_connect (*sd, remote, connect_timeout, signal_received); - -- get_signal (signal_received); -- if (*signal_received) -- goto done; -- -- if (!status) -- break; -- -- msg (D_LINK_ERRORS, -- "TCP: connect to %s failed, will try again in %d seconds: %s", -- print_sockaddr (remote, &gc), -- connect_retry_seconds, -- strerror_ts (status, &gc)); -- -- gc_reset (&gc); -- -- openvpn_close_socket (*sd); -- *sd = SOCKET_UNDEFINED; -- -- if (connect_retry_max > 0 && ++retry >= connect_retry_max) -- { -- *signal_received = SIGUSR1; -- goto done; -- } -- -- openvpn_sleep (connect_retry_seconds); -- -- get_signal (signal_received); -- if (*signal_received) -- goto done; -+ get_signal (signal_received); -+ if (*signal_received) -+ goto done; - -- if (remote_list) -- { -- remote_list_next (remote_list); -- remote_dynamic = remote_list_host (remote_list); -- remote->sa.sin_port = htons (remote_list_port (remote_list)); -- *remote_changed = true; -- } -+ if (!status) -+ break; - -- *sd = create_socket_tcp (); -- if (bind_local) -- socket_bind (*sd, local, "TCP Client"); -- update_remote (remote_dynamic, remote, remote_changed); -- } -+ msg (D_LINK_ERRORS, -+ "TCP: connect to %s failed, will try again in %d seconds: %s", -+ print_sockaddr (remote, &gc), -+ connect_retry_seconds, -+ strerror_ts (status, &gc)); -+ -+ -+ gc_reset (&gc); -+ -+ openvpn_close_socket (*sd); -+ *sd = SOCKET_UNDEFINED; -+ -+ if (connect_retry_max > 0 && ++retry >= connect_retry_max) -+ { -+ *signal_received = SIGUSR1; -+ goto done; -+ } -+ -+ openvpn_sleep (connect_retry_seconds); -+ -+ get_signal (signal_received); -+ if (*signal_received) -+ goto done; -+ -+ switch(remote->addr.sa.sa_family) { -+ case AF_INET: -+ if (remote_list) -+ { -+ remote_list_next (remote_list); -+ remote_dynamic = remote_list_host (remote_list); -+ remote->addr.in4.sin_port = htons (remote_list_port (remote_list)); -+ *remote_changed = true; -+ } -+ -+ *sd = create_socket_tcp (); -+ if (bind_local) -+ socket_bind (*sd, local, "TCP Client"); -+ update_remote (remote_dynamic, remote, remote_changed); -+ break; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ if (remote_list) -+ { -+ remote_list_next (remote_list); -+ remote_dynamic = remote_list_host (remote_list); -+ remote->addr.in6.sin6_port = htons (remote_list_port (remote_list)); -+ *remote_changed = true; -+ } -+ *sd = create_socket_tcp6 (); -+ if (bind_local) -+ socket_bind (*sd, local, "TCP6 Client"); -+ update_remote (remote_dynamic, remote, remote_changed); -+ break; -+#endif -+ default: -+ msg(M_FATAL, "Only TCP is supported for connection oriented, sa_family=%d", -+ remote->addr.sa.sa_family); -+ } -+ } - -- msg (M_INFO, "TCP connection established with %s", -- print_sockaddr (remote, &gc)); -+ msg (M_INFO, "TCP connection established with %s", -+ print_sockaddr (remote, &gc)); - -- done: -+done: - gc_free (&gc); - } - -@@ -952,17 +1065,44 @@ - - /* resolve local address if undefined */ - if (!addr_defined (&sock->info.lsa->local)) -- { -- sock->info.lsa->local.sa.sin_family = AF_INET; -- sock->info.lsa->local.sa.sin_addr.s_addr = -- (sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL, -- sock->local_host, -- 0, -- NULL, -- NULL) -- : htonl (INADDR_ANY)); -- sock->info.lsa->local.sa.sin_port = htons (sock->local_port); -+ { -+ /* may return AF_{INET|INET6} guessed from local_host */ -+ switch(addr_guess_family(sock->info.proto, sock->local_host)) { -+ case AF_INET: -+ sock->info.lsa->local.addr.in4.sin_family = AF_INET; -+ sock->info.lsa->local.addr.in4.sin_addr.s_addr = -+ (sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL, -+ sock->local_host, -+ 0, -+ NULL, -+ NULL) -+ : htonl (INADDR_ANY)); -+ sock->info.lsa->local.addr.in4.sin_port = htons (sock->local_port); -+ break; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ { -+ struct addrinfo hints , *ai; -+ int err; -+ memset(&hints, 0, sizeof hints); -+ hints.ai_flags=AI_PASSIVE; -+ hints.ai_family=AF_INET6; -+ /* if no local_host provided, ask for IN6ADDR_ANY ... */ -+ if ((err=getaddrinfo(sock->local_host? sock->local_host : "::", -+ NULL, &hints, &ai))==0) { -+ sock->info.lsa->local.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr)); -+ freeaddrinfo(ai); -+ } else { -+ msg (M_FATAL, "getaddrinfo() failed for local \"%s\": %s", -+ sock->local_host, -+ gai_strerror(err)); -+ } -+ sock->info.lsa->local.addr.in6.sin6_port = htons (sock->local_port); -+ } -+ break; -+#endif - } -+ } - - /* bind to local address/port */ - if (sock->bind_local) -@@ -986,103 +1126,128 @@ - struct gc_arena gc = gc_new (); - - if (!sock->did_resolve_remote) -+ { -+ /* resolve remote address if undefined */ -+ if (!addr_defined (&sock->info.lsa->remote)) - { -- /* resolve remote address if undefined */ -- if (!addr_defined (&sock->info.lsa->remote)) -- { -- sock->info.lsa->remote.sa.sin_family = AF_INET; -- sock->info.lsa->remote.sa.sin_addr.s_addr = 0; -+ switch(addr_guess_family(sock->info.proto, sock->remote_host)) -+ { -+ case AF_INET: -+ sock->info.lsa->remote.addr.in4.sin_family = AF_INET; -+ sock->info.lsa->remote.addr.in4.sin_addr.s_addr = 0; - - if (sock->remote_host) -- { -- unsigned int flags = GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE; -- int retry = 0; -- bool status = false; -+ { -+ unsigned int flags = GETADDR_RESOLVE|GETADDR_UPDATE_MANAGEMENT_STATE; -+ int retry = 0; -+ bool status = false; - -- if (remote_list_len (sock->remote_list) > 1 && sock->resolve_retry_seconds == RESOLV_RETRY_INFINITE) -- { -- if (phase == 2) -- flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL); -- retry = 0; -- } -- else if (phase == 1) -- { -- if (sock->resolve_retry_seconds) -- { -- retry = 0; -- } -- else -- { -- flags |= (GETADDR_FATAL | GETADDR_MENTION_RESOLVE_RETRY); -- retry = 0; -- } -- } -- else if (phase == 2) -- { -- if (sock->resolve_retry_seconds) -- { -- flags |= GETADDR_FATAL; -- retry = sock->resolve_retry_seconds; -- } -- else -- { -- ASSERT (0); -- } -- } -+ if (remote_list_len (sock->remote_list) > 1 && sock->resolve_retry_seconds == RESOLV_RETRY_INFINITE) -+ { -+ if (phase == 2) -+ flags |= (GETADDR_TRY_ONCE | GETADDR_FATAL); -+ retry = 0; -+ } -+ else if (phase == 1) -+ { -+ if (sock->resolve_retry_seconds) -+ { -+ retry = 0; -+ } - else -- { -- ASSERT (0); -- } -+ { -+ flags |= (GETADDR_FATAL | GETADDR_MENTION_RESOLVE_RETRY); -+ retry = 0; -+ } -+ } -+ else if (phase == 2) -+ { -+ if (sock->resolve_retry_seconds) -+ { -+ flags |= GETADDR_FATAL; -+ retry = sock->resolve_retry_seconds; -+ } -+ else -+ { -+ ASSERT (0); -+ } -+ } -+ else -+ { -+ ASSERT (0); -+ } - -- sock->info.lsa->remote.sa.sin_addr.s_addr = getaddr ( -- flags, -- sock->remote_host, -- retry, -- &status, -- signal_received); -- -- dmsg (D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d", -- flags, -- phase, -- retry, -- signal_received ? *signal_received : -1, -- status); -+ sock->info.lsa->remote.addr.in4.sin_addr.s_addr = getaddr ( -+ flags, -+ sock->remote_host, -+ retry, -+ &status, -+ signal_received); -+ -+ dmsg (D_SOCKET_DEBUG, "RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%d", -+ flags, -+ phase, -+ retry, -+ signal_received ? *signal_received : -1, -+ status); - -+ if (signal_received) -+ { -+ if (*signal_received) -+ goto done; -+ } -+ if (!status) -+ { - if (signal_received) -- { -- if (*signal_received) -- goto done; -- } -- if (!status) -- { -- if (signal_received) -- *signal_received = SIGUSR1; -- goto done; -- } -+ *signal_received = SIGUSR1; -+ goto done; - } -+ } - -- sock->info.lsa->remote.sa.sin_port = htons (sock->remote_port); -- } -- -- /* should we re-use previous active remote address? */ -- if (link_socket_actual_defined (&sock->info.lsa->actual)) -- { -- msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s", -- print_link_socket_actual (&sock->info.lsa->actual, &gc)); -- if (remote_dynamic) -- *remote_dynamic = NULL; -- } -- else -- { -- CLEAR (sock->info.lsa->actual); -- sock->info.lsa->actual.dest = sock->info.lsa->remote; -- } -+ sock->info.lsa->remote.addr.in4.sin_port = htons (sock->remote_port); -+ break; - -- /* remember that we finished */ -- sock->did_resolve_remote = true; -+#ifdef USE_PF_INET6 -+ case AF_INET6: /* jjoFIXME: ipv6 signal logic */ -+ { -+ struct addrinfo hints , *ai; -+ int err; -+ memset(&hints, 0, sizeof hints); -+ hints.ai_flags=0; -+ hints.ai_family=AF_INET6; -+ if ((err=getaddrinfo(sock->remote_host? sock->remote_host : "::" , NULL, &hints, &ai))==0) { -+ sock->info.lsa->remote.addr.in6 = *((struct sockaddr_in6*)(ai->ai_addr)); -+ freeaddrinfo(ai); -+ } else { -+ msg (M_FATAL, "getaddrinfo() failed for remote \"%s\": %s", -+ sock->remote_host, -+ gai_strerror(err)); -+ } -+ sock->info.lsa->remote.addr.in6.sin6_port = htons (sock->remote_port); -+ } -+ break; -+#endif -+ } -+ } -+ /* should we re-use previous active remote address? */ -+ if (link_socket_actual_defined (&sock->info.lsa->actual)) -+ { -+ msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s", -+ print_link_socket_actual (&sock->info.lsa->actual, &gc)); -+ if (remote_dynamic) -+ *remote_dynamic = NULL; -+ } -+ else -+ { -+ CLEAR (sock->info.lsa->actual); -+ sock->info.lsa->actual.dest = sock->info.lsa->remote; - } - -- done: -+ /* remember that we finished */ -+ sock->did_resolve_remote = true; -+ } -+ -+done: - gc_free (&gc); - } - -@@ -1312,7 +1477,11 @@ - goto done; - - /* TCP client/server */ -- if (sock->info.proto == PROTO_TCPv4_SERVER) -+ if (sock->info.proto == PROTO_TCPv4_SERVER -+#ifdef USE_PF_INET6 -+ ||sock->info.proto == PROTO_TCPv6_SERVER -+#endif -+ ) - { - switch (sock->mode) - { -@@ -1347,7 +1516,11 @@ - ASSERT (0); - } - } -- else if (sock->info.proto == PROTO_TCPv4_CLIENT) -+ else if (sock->info.proto == PROTO_TCPv4_CLIENT -+#ifdef USE_PF_INET6 -+ ||sock->info.proto == PROTO_TCPv6_CLIENT -+#endif -+ ) - { - - #ifdef GENERAL_PROXY_SUPPORT -@@ -1432,8 +1605,8 @@ - sock->remote_port = sock->proxy_dest_port; - sock->did_resolve_remote = false; - -- sock->info.lsa->actual.dest.sa.sin_addr.s_addr = 0; -- sock->info.lsa->remote.sa.sin_addr.s_addr = 0; -+ addr_zero_host(&sock->info.lsa->actual.dest); -+ addr_zero_host(&sock->info.lsa->remote); - - resolve_remote (sock, 1, NULL, signal_received); - -@@ -1448,7 +1621,7 @@ - if (remote_changed) - { - msg (M_INFO, "TCP/UDP: Dynamic remote address changed during TCP connection establishment"); -- sock->info.lsa->remote.sa.sin_addr.s_addr = sock->info.lsa->actual.dest.sa.sin_addr.s_addr; -+ addr_copy_host(&sock->info.lsa->remote, &sock->info.lsa->actual.dest); - } - } - -@@ -1620,13 +1793,20 @@ - { - struct gc_arena gc = gc_new (); - -- msg (D_LINK_ERRORS, -- "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)", -- print_link_socket_actual (from_addr, &gc), -- (int)from_addr->dest.sa.sin_family, -- print_sockaddr (&info->lsa->remote, &gc)); -+ switch(from_addr->dest.addr.sa.sa_family) -+ { -+ case AF_INET: -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+#endif -+ msg (D_LINK_ERRORS, -+ "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)", -+ print_link_socket_actual (from_addr, &gc), -+ (int)from_addr->dest.addr.sa.sa_family, -+ print_sockaddr (&info->lsa->remote, &gc)); -+ break; -+ } - buf->len = 0; -- - gc_free (&gc); - } - -@@ -1641,10 +1821,25 @@ - { - const struct link_socket_addr *lsa = info->lsa; - -+/* -+ * This logic supports "redirect-gateway" semantic, which -+ * makes sense only for PF_INET routes over PF_INET endpoints -+ * -+ * Maybe in the future consider PF_INET6 endpoints also ... -+ * by now just ignore it -+ * -+ */ -+#if defined ( USE_PF_INET6 ) -+ if(lsa->actual.dest.addr.sa.sa_family != AF_INET) -+ return 0; -+#else -+ ASSERT(lsa->actual.dest.addr.sa.sa_family == AF_INET); -+#endif -+ - if (link_socket_actual_defined (&lsa->actual)) -- return ntohl (lsa->actual.dest.sa.sin_addr.s_addr); -+ return ntohl (lsa->actual.dest.addr.in4.sin_addr.s_addr); - else if (addr_defined (&lsa->remote)) -- return ntohl (lsa->remote.sa.sin_addr.s_addr); -+ return ntohl (lsa->remote.addr.in4.sin_addr.s_addr); - else - return 0; - } -@@ -1871,27 +2066,58 @@ - const unsigned int flags, - struct gc_arena *gc) - { -- if (addr) -- { -- struct buffer out = alloc_buf_gc (64, gc); -- const int port = ntohs (addr->sa.sin_port); -- -- mutex_lock_static (L_INET_NTOA); -- buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->sa.sin_addr) : "[undef]")); -- mutex_unlock_static (L_INET_NTOA); -+ struct buffer out; -+ bool addr_is_defined; -+ if (!addr) { -+ return "[NULL]"; -+ } -+ addr_is_defined = addr_defined (addr); -+ switch(addr->addr.sa.sa_family) { -+ case AF_INET: -+ { -+ const int port= ntohs (addr->addr.in4.sin_port); -+ out = alloc_buf_gc (128, gc); -+ buf_puts (&out, "[AF_INET]"); -+ mutex_lock_static (L_INET_NTOA); -+ buf_puts (&out, (addr_is_defined ? inet_ntoa (addr->addr.in4.sin_addr) : "[undef]")); -+ mutex_unlock_static (L_INET_NTOA); - -- if (((flags & PS_SHOW_PORT) || (addr_defined (addr) && (flags & PS_SHOW_PORT_IF_DEFINED))) -- && port) -+ if (((flags & PS_SHOW_PORT) || (addr_is_defined && (flags & PS_SHOW_PORT_IF_DEFINED))) -+ && port) - { - if (separator) - buf_printf (&out, "%s", separator); - - buf_printf (&out, "%d", port); - } -- return BSTR (&out); -- } -- else -- return "[NULL]"; -+ } -+ break; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ { -+ const int port= ntohs (addr->addr.in6.sin6_port); -+ char buf[INET6_ADDRSTRLEN] = "[undef]"; -+ out = alloc_buf_gc (128, gc); -+ buf_puts (&out, "[AF_INET6]"); -+ if (addr_is_defined) -+ { -+ getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6), -+ buf, sizeof (buf), NULL, 0, NI_NUMERICHOST); -+ buf_puts (&out, buf); -+ } -+ if (((flags & PS_SHOW_PORT) || (addr_is_defined && (flags & PS_SHOW_PORT_IF_DEFINED))) -+ && port) -+ { -+ if (separator) -+ buf_puts (&out, separator); -+ -+ buf_printf (&out, "%d", port); -+ } -+ } -+ break; -+#endif -+ } -+ return BSTR (&out); - } - - const char * -@@ -1911,12 +2137,38 @@ - struct buffer out = alloc_buf_gc (128, gc); - buf_printf (&out, "%s", print_sockaddr_ex (&act->dest, separator, flags, gc)); - #if ENABLE_IP_PKTINFO -- if ((flags & PS_SHOW_PKTINFO) && act->pi.ipi_spec_dst.s_addr) -+ if ((flags & PS_SHOW_PKTINFO) && addr_defined_ipi(act)) - { -+ switch(act->dest.addr.sa.sa_family) -+ { -+ case AF_INET: -+ { - struct openvpn_sockaddr sa; - CLEAR (sa); -- sa.sa.sin_addr = act->pi.ipi_spec_dst; -+ sa.addr.in4.sin_addr = act->pi.in4.ipi_spec_dst; - buf_printf (&out, " (via %s)", print_sockaddr_ex (&sa, separator, 0, gc)); -+ } -+ break; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ { -+ struct sockaddr_in6 sin6; -+ char buf[INET6_ADDRSTRLEN] = "[undef]"; -+ memset(&sin6, 0, sizeof sin6); -+ sin6.sin6_family = AF_INET6; -+ sin6.sin6_addr = act->pi.in6.ipi6_addr; -+ { -+ if (getnameinfo((struct sockaddr *)&sin6, sizeof (struct sockaddr_in6), -+ buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) == 0) -+ buf_printf (&out, " (via %s)", buf); -+ else -+ buf_printf (&out, " (via [getnameinfo() err])"); -+ } -+ } -+ break; -+#endif -+ } -+ - } - #endif - return BSTR (&out); -@@ -1952,21 +2204,37 @@ - setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const bool flags) - { - char name_buf[256]; -+ char buf[128]; - -- if (flags & SA_IP_PORT) -- openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip", name_prefix); -- else -- openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix); -+ switch(addr->addr.sa.sa_family) { -+ case AF_INET: -+ if (flags & SA_IP_PORT) -+ openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip", name_prefix); -+ else -+ openvpn_snprintf (name_buf, sizeof (name_buf), "%s", name_prefix); - -- mutex_lock_static (L_INET_NTOA); -- setenv_str (es, name_buf, inet_ntoa (addr->sa.sin_addr)); -- mutex_unlock_static (L_INET_NTOA); -+ mutex_lock_static (L_INET_NTOA); -+ setenv_str (es, name_buf, inet_ntoa (addr->addr.in4.sin_addr)); -+ mutex_unlock_static (L_INET_NTOA); -+ -+ if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port) -+ { -+ openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix); -+ setenv_int (es, name_buf, ntohs (addr->addr.in4.sin_port)); -+ } -+ break; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ openvpn_snprintf (name_buf, sizeof (name_buf), "%s_ip6", name_prefix); -+ getnameinfo(&addr->addr.sa, sizeof (struct sockaddr_in6), -+ buf, sizeof(buf), NULL, 0, NI_NUMERICHOST); -+ setenv_str (es, name_buf, buf); - -- if ((flags & SA_IP_PORT) && addr->sa.sin_port) -- { - openvpn_snprintf (name_buf, sizeof (name_buf), "%s_port", name_prefix); -- setenv_int (es, name_buf, ntohs (addr->sa.sin_port)); -- } -+ setenv_int (es, name_buf, ntohs (addr->addr.in6.sin6_port)); -+ break; -+#endif -+ } - } - - void -@@ -1976,7 +2244,8 @@ - { - struct openvpn_sockaddr si; - CLEAR (si); -- si.sa.sin_addr.s_addr = htonl (addr); -+ si.addr.in4.sin_family = AF_INET; -+ si.addr.in4.sin_addr.s_addr = htonl (addr); - setenv_sockaddr (es, name_prefix, &si, flags); - } - } -@@ -1997,16 +2266,63 @@ - struct proto_names { - const char *short_form; - const char *display_form; -+ bool is_dgram; -+ bool is_net; -+ sa_family_t proto_af; - }; - - /* Indexed by PROTO_x */ --static const struct proto_names proto_names[] = { -- {"udp", "UDPv4"}, -- {"tcp-server", "TCPv4_SERVER"}, -- {"tcp-client", "TCPv4_CLIENT"}, -- {"tcp", "TCPv4"} -+static const struct proto_names proto_names[PROTO_N] = { -+ {"proto-uninitialized", "proto-NONE",0,0, AF_UNSPEC}, -+ {"udp", "UDPv4",1,1, AF_INET}, -+ {"tcp-server", "TCPv4_SERVER",0,1, AF_INET}, -+ {"tcp-client", "TCPv4_CLIENT",0,1, AF_INET}, -+ {"tcp", "TCPv4",0,1, AF_INET}, -+#ifdef USE_PF_INET6 -+ {"udp6" ,"UDPv6",1,1, AF_INET6}, -+ {"tcp6-server","TCPv6_SERVER",0,1, AF_INET6}, -+ {"tcp6-client","TCPv6_CLIENT",0,1, AF_INET6}, -+ {"tcp6" ,"TCPv6",0,1, AF_INET6}, -+#endif - }; - -+bool -+proto_is_net(int proto) -+{ -+ if (proto < 0 || proto >= PROTO_N) -+ ASSERT(0); -+ return proto_names[proto].is_net; -+} -+bool -+proto_is_dgram(int proto) -+{ -+ if (proto < 0 || proto >= PROTO_N) -+ ASSERT(0); -+ return proto_names[proto].is_dgram; -+} -+bool -+proto_is_udp(int proto) -+{ -+ if (proto < 0 || proto >= PROTO_N) -+ ASSERT(0); -+ return proto_names[proto].is_dgram&&proto_names[proto].is_net; -+} -+bool -+proto_is_tcp(int proto) -+{ -+ if (proto < 0 || proto >= PROTO_N) -+ ASSERT(0); -+ return (!proto_names[proto].is_dgram)&&proto_names[proto].is_net; -+} -+ -+sa_family_t -+proto_sa_family(int proto) -+{ -+ if (proto < 0 || proto >= PROTO_N) -+ ASSERT(0); -+ return proto_names[proto].proto_af; -+} -+ - int - ascii2proto (const char* proto_name) - { -@@ -2046,6 +2362,46 @@ - return BSTR (&out); - } - -+int -+addr_guess_family(int proto, const char *name) -+{ -+ sa_family_t ret; -+ if (proto) { -+ return proto_sa_family(proto); /* already stamped */ -+ } -+#ifdef USE_PF_UNIX -+ else if (name && name[0] == '/') { -+ return AF_UNIX; -+ } -+#endif -+#ifdef USE_PF_INET6 -+ else { -+ struct addrinfo hints , *ai; -+ int err; -+ memset(&hints, 0, sizeof hints); -+ hints.ai_flags=AI_NUMERICHOST; -+ if ((err=getaddrinfo(name, NULL, &hints, &ai))==0) { -+ ret=ai->ai_family; -+ freeaddrinfo(ai); -+ return ret; -+ } -+ } -+#endif -+ return AF_INET; /* default */ -+} -+const char * -+addr_family_name (int af) -+{ -+ switch (af) { -+ case AF_INET: return "AF_INET"; -+ case AF_INET6: return "AF_INET6"; -+#ifdef USE_PF_UNIX -+ case AF_UNIX: return "AF_UNIX"; -+#endif -+ } -+ return "AF_UNSPEC"; -+} -+ - /* - * Given a local proto, return local proto - * if !remote, or compatible remote proto -@@ -2060,10 +2416,15 @@ - ASSERT (proto >= 0 && proto < PROTO_N); - if (remote) - { -- if (proto == PROTO_TCPv4_SERVER) -- return PROTO_TCPv4_CLIENT; -- if (proto == PROTO_TCPv4_CLIENT) -- return PROTO_TCPv4_SERVER; -+ switch (proto) -+ { -+ case PROTO_TCPv4_SERVER: return PROTO_TCPv4_CLIENT; -+ case PROTO_TCPv4_CLIENT: return PROTO_TCPv4_SERVER; -+#ifdef USE_PF_INET6 -+ case PROTO_TCPv6_SERVER: return PROTO_TCPv6_CLIENT; -+ case PROTO_TCPv6_CLIENT: return PROTO_TCPv6_SERVER; -+#endif -+ } - } - return proto; - } -@@ -2121,12 +2482,27 @@ - - #if ENABLE_IP_PKTINFO - --struct openvpn_pktinfo -+struct openvpn_in4_pktinfo - { - struct cmsghdr cmsghdr; -- struct in_pktinfo in_pktinfo; -+ struct in_pktinfo pi; -+}; -+#ifdef USE_PF_INET6 -+struct openvpn_in6_pktinfo -+{ -+ struct cmsghdr cmsghdr; -+ struct in6_pktinfo pi6; -+}; -+#endif -+ -+union openvpn_pktinfo { -+ struct openvpn_in4_pktinfo cmsgpi; -+#ifdef USE_PF_INET6 -+ struct openvpn_in6_pktinfo cmsgpi6; -+#endif - }; - -+ - static socklen_t - link_socket_read_udp_posix_recvmsg (struct link_socket *sock, - struct buffer *buf, -@@ -2134,15 +2510,15 @@ - struct link_socket_actual *from) - { - struct iovec iov; -- struct openvpn_pktinfo opi; -+ union openvpn_pktinfo opi; - struct msghdr mesg; -- socklen_t fromlen = sizeof (from->dest.sa); -+ socklen_t fromlen = sizeof (from->dest.addr); - - iov.iov_base = BPTR (buf); - iov.iov_len = maxsize; - mesg.msg_iov = &iov; - mesg.msg_iovlen = 1; -- mesg.msg_name = &from->dest.sa; -+ mesg.msg_name = &from->dest.addr; - mesg.msg_namelen = fromlen; - mesg.msg_control = &opi; - mesg.msg_controllen = sizeof (opi); -@@ -2159,9 +2535,21 @@ - && cmsg->cmsg_len >= sizeof (opi)) - { - struct in_pktinfo *pkti = (struct in_pktinfo *) CMSG_DATA (cmsg); -- from->pi.ipi_ifindex = pkti->ipi_ifindex; -- from->pi.ipi_spec_dst = pkti->ipi_spec_dst; -+ from->pi.in4.ipi_ifindex = pkti->ipi_ifindex; -+ from->pi.in4.ipi_spec_dst = pkti->ipi_spec_dst; -+ } -+#ifdef USE_PF_INET6 -+ else if (cmsg != NULL -+ && CMSG_NXTHDR (&mesg, cmsg) == NULL -+ && cmsg->cmsg_level == IPPROTO_IPV6 -+ && cmsg->cmsg_type == IPV6_PKTINFO -+ && cmsg->cmsg_len >= sizeof (struct openvpn_in6_pktinfo)) -+ { -+ struct in6_pktinfo *pkti6 = (struct in6_pktinfo *) CMSG_DATA (cmsg); -+ from->pi.in6.ipi6_ifindex = pkti6->ipi6_ifindex; -+ from->pi.in6.ipi6_addr = pkti6->ipi6_addr; - } -+#endif - } - return fromlen; - } -@@ -2173,18 +2561,20 @@ - int maxsize, - struct link_socket_actual *from) - { -- socklen_t fromlen = sizeof (from->dest.sa); -- from->dest.sa.sin_addr.s_addr = 0; -+ socklen_t fromlen = sizeof (from->dest.addr); -+ socklen_t expectedlen = af_addr_size(proto_sa_family(sock->info.proto)); -+ addr_zero_host(&from->dest); - ASSERT (buf_safe (buf, maxsize)); - #if ENABLE_IP_PKTINFO -- if (sock->sockflags & SF_USE_IP_PKTINFO) -+ /* Both PROTO_UDPv4 and PROTO_UDPv6 */ -+ if (proto_is_udp(sock->info.proto) && sock->sockflags & SF_USE_IP_PKTINFO) - fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from); - else - #endif - buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0, -- (struct sockaddr *) &from->dest.sa, &fromlen); -- if (fromlen != sizeof (from->dest.sa)) -- bad_address_length (fromlen, sizeof (from->dest.sa)); -+ &from->dest.addr.sa, &fromlen); -+ if (buf->len >= 0 && expectedlen && fromlen != expectedlen) -+ bad_address_length (fromlen, expectedlen); - return buf->len; - } - -@@ -2221,26 +2611,52 @@ - struct iovec iov; - struct msghdr mesg; - struct cmsghdr *cmsg; -- struct in_pktinfo *pkti; -- struct openvpn_pktinfo opi; - - iov.iov_base = BPTR (buf); - iov.iov_len = BLEN (buf); - mesg.msg_iov = &iov; - mesg.msg_iovlen = 1; -- mesg.msg_name = &to->dest.sa; -- mesg.msg_namelen = sizeof (to->dest.sa); -- mesg.msg_control = &opi; -- mesg.msg_controllen = sizeof (opi); -- mesg.msg_flags = 0; -- cmsg = CMSG_FIRSTHDR (&mesg); -- cmsg->cmsg_len = sizeof (opi); -- cmsg->cmsg_level = SOL_IP; -- cmsg->cmsg_type = IP_PKTINFO; -- pkti = (struct in_pktinfo *) CMSG_DATA (cmsg); -- pkti->ipi_ifindex = to->pi.ipi_ifindex; -- pkti->ipi_spec_dst = to->pi.ipi_spec_dst; -- pkti->ipi_addr.s_addr = 0; -+ switch (sock->info.lsa->remote.addr.sa.sa_family) -+ { -+ case AF_INET: { -+ struct openvpn_in4_pktinfo opi; -+ struct in_pktinfo *pkti; -+ mesg.msg_name = &to->dest.addr.sa; -+ mesg.msg_namelen = sizeof (struct sockaddr_in); -+ mesg.msg_control = &opi; -+ mesg.msg_controllen = sizeof (opi); -+ mesg.msg_flags = 0; -+ cmsg = CMSG_FIRSTHDR (&mesg); -+ cmsg->cmsg_len = sizeof (opi); -+ cmsg->cmsg_level = SOL_IP; -+ cmsg->cmsg_type = IP_PKTINFO; -+ pkti = (struct in_pktinfo *) CMSG_DATA (cmsg); -+ pkti->ipi_ifindex = to->pi.in4.ipi_ifindex; -+ pkti->ipi_spec_dst = to->pi.in4.ipi_spec_dst; -+ pkti->ipi_addr.s_addr = 0; -+ break; -+ } -+#ifdef USE_PF_INET6 -+ case AF_INET6: { -+ struct openvpn_in6_pktinfo opi6; -+ struct in6_pktinfo *pkti6; -+ mesg.msg_name = &to->dest.addr.sa; -+ mesg.msg_namelen = sizeof (struct sockaddr_in6); -+ mesg.msg_control = &opi6; -+ mesg.msg_controllen = sizeof (opi6); -+ mesg.msg_flags = 0; -+ cmsg = CMSG_FIRSTHDR (&mesg); -+ cmsg->cmsg_len = sizeof (opi6); -+ cmsg->cmsg_level = IPPROTO_IPV6; -+ cmsg->cmsg_type = IPV6_PKTINFO; -+ pkti6 = (struct in6_pktinfo *) CMSG_DATA (cmsg); -+ pkti6->ipi6_ifindex = to->pi.in6.ipi6_ifindex; -+ pkti6->ipi6_addr = to->pi.in6.ipi6_addr; -+ break; -+ } -+#endif -+ default: ASSERT(0); -+ } - return sendmsg (sock->sd, &mesg, 0); - } - -@@ -2384,7 +2800,7 @@ - { - /* set destination address for UDP writes */ - sock->writes.addr_defined = true; -- sock->writes.addr = to->dest.sa; -+ sock->writes.addr = to->dest.addr.in4; - sock->writes.addrlen = sizeof (sock->writes.addr); - - status = WSASendTo( -@@ -2540,10 +2956,10 @@ - { - if (io->addrlen != sizeof (io->addr)) - bad_address_length (io->addrlen, sizeof (io->addr)); -- from->dest.sa = io->addr; -+ from->dest.addr.sa = io->addr; - } - else -- CLEAR (from->dest.sa); -+ CLEAR (from->dest.addr.sa); - } - - if (buf) -diff --git a/openvpn/socket.h b/openvpn/socket.h -index 28bf41f..435cf38 100644 ---- a/openvpn/socket.h -+++ b/openvpn/socket.h -@@ -81,7 +81,13 @@ #define ntohps(x) ntohs(x) - struct openvpn_sockaddr - { - /*int dummy;*/ /* add offset to force a bug if sa not explicitly dereferenced */ -- struct sockaddr_in sa; -+ union { -+ struct sockaddr sa; -+ struct sockaddr_in in4; -+#ifdef USE_PF_INET6 -+ struct sockaddr_in6 in6; -+#endif -+ } addr; - }; - - /* actual address of remote, based on source address of received packets */ -@@ -90,7 +96,12 @@ struct link_socket_actual - int dummy; /* JYFIXME -- add offset to force a bug if dest not explicitly dereferenced */ - struct openvpn_sockaddr dest; - #if ENABLE_IP_PKTINFO -- struct in_pktinfo pi; -+ union { -+ struct in_pktinfo in4; -+#ifdef USE_PF_INET6 -+ struct in6_pktinfo in6; -+#endif -+ } pi; - #endif - }; - -@@ -411,6 +422,14 @@ socket_descriptor_t create_socket_tcp (v - socket_descriptor_t socket_do_accept (socket_descriptor_t sd, - struct link_socket_actual *act, - const bool nowait); -+/* -+ * proto related -+ */ -+bool proto_is_net(int proto); -+bool proto_is_dgram(int proto); -+bool proto_is_udp(int proto); -+bool proto_is_tcp(int proto); -+ - - /* - * DNS resolution -@@ -436,23 +455,49 @@ in_addr_t getaddr (unsigned int flags, - * Transport protocol naming and other details. - */ - --#define PROTO_UDPv4 0 --#define PROTO_TCPv4_SERVER 1 --#define PROTO_TCPv4_CLIENT 2 --#define PROTO_TCPv4 3 --#define PROTO_N 4 -+#if 0 /* PRE UDPv6/TCPv6 code */ -+#define PROTO_NONE 0 /* catch for uninitialized */ -+#define PROTO_UDPv4 1 -+#define PROTO_TCPv4_SERVER 2 -+#define PROTO_TCPv4_CLIENT 3 -+#define PROTO_TCPv4 4 -+#define PROTO_UDPv6 5 -+#define PROTO_TCPv6_SERVER 6 -+#define PROTO_TCPv6_CLIENT 7 -+#define PROTO_TCPv6 8 -+#define PROTO_N 9 -+#endif /* if 0 */ -+ -+/* -+ * Use enum's instead of #define to allow for easier -+ * optional proto support -+ */ -+enum proto_num { -+ PROTO_NONE, /* catch for uninitialized */ -+ PROTO_UDPv4, -+ PROTO_TCPv4_SERVER, -+ PROTO_TCPv4_CLIENT, -+ PROTO_TCPv4, -+ PROTO_UDPv6, -+ PROTO_TCPv6_SERVER, -+ PROTO_TCPv6_CLIENT, -+ PROTO_TCPv6, -+ PROTO_N -+}; - - int ascii2proto (const char* proto_name); - const char *proto2ascii (int proto, bool display_form); - const char *proto2ascii_all (struct gc_arena *gc); - int proto_remote (int proto, bool remote); -+const char *addr_family_name(int af); - - /* - * Overhead added to packets by various protocols. - */ - #define IPv4_UDP_HEADER_SIZE 28 - #define IPv4_TCP_HEADER_SIZE 40 --#define IPv6_UDP_HEADER_SIZE 40 -+#define IPv6_UDP_HEADER_SIZE 48 -+#define IPv6_TCP_HEADER_SIZE 60 - - extern const int proto_overhead[]; - -@@ -485,7 +530,7 @@ legal_ipv4_port (int port) - static inline bool - link_socket_proto_connection_oriented (int proto) - { -- return proto == PROTO_TCPv4_SERVER || proto == PROTO_TCPv4_CLIENT; -+ return !proto_is_dgram(proto); - } - - static inline bool -@@ -500,7 +545,30 @@ link_socket_connection_oriented (const s - static inline bool - addr_defined (const struct openvpn_sockaddr *addr) - { -- return addr->sa.sin_addr.s_addr != 0; -+ if (!addr) return 0; -+ switch (addr->addr.sa.sa_family) { -+ case AF_INET: return addr->addr.in4.sin_addr.s_addr != 0; -+#ifdef USE_PF_INET6 -+ case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&addr->addr.in6.sin6_addr); -+#endif -+ default: return 0; -+ } -+} -+static inline bool -+addr_defined_ipi (const struct link_socket_actual *lsa) -+{ -+#if ENABLE_IP_PKTINFO -+ if (!lsa) return 0; -+ switch (lsa->dest.addr.sa.sa_family) { -+ case AF_INET: return lsa->pi.in4.ipi_spec_dst.s_addr != 0; -+#ifdef USE_PF_INET6 -+ case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&lsa->pi.in6.ipi6_addr); -+#endif -+ default: return 0; -+ } -+#else -+ ASSERT(0); -+#endif - } - - static inline bool -@@ -512,20 +580,50 @@ link_socket_actual_defined (const struct - static inline bool - addr_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2) - { -- return a1->sa.sin_addr.s_addr == a2->sa.sin_addr.s_addr; -+ switch(a1->addr.sa.sa_family) { -+ case AF_INET: -+ return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr); -+#endif -+ } -+ ASSERT(0); -+ return false; - } - - static inline in_addr_t --addr_host (const struct openvpn_sockaddr *s) -+addr_host (const struct openvpn_sockaddr *addr) - { -- return ntohl (s->sa.sin_addr.s_addr); -+ /* -+ * "public" addr returned is checked against ifconfig for -+ * possible clash: non sense for now given -+ * that we do ifconfig only IPv4 -+ */ -+#if defined(USE_PF_INET6) -+ if(addr->addr.sa.sa_family != AF_INET) -+ return 0; -+#else -+ ASSERT(addr->addr.sa.sa_family == AF_INET); -+#endif -+ return ntohl (addr->addr.in4.sin_addr.s_addr); - } - - static inline bool - addr_port_match (const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2) - { -- return a1->sa.sin_addr.s_addr == a2->sa.sin_addr.s_addr -- && a1->sa.sin_port == a2->sa.sin_port; -+ switch(a1->addr.sa.sa_family) { -+ case AF_INET: -+ return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr -+ && a1->addr.in4.sin_port == a2->addr.in4.sin_port; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ return IN6_ARE_ADDR_EQUAL(&a1->addr.in6.sin6_addr, &a2->addr.in6.sin6_addr) -+ && a1->addr.in6.sin6_port == a2->addr.in6.sin6_port; -+#endif -+ } -+ ASSERT(0); -+ return false; - } - - static inline bool -@@ -538,6 +636,74 @@ addr_match_proto (const struct openvpn_s - : addr_port_match (a1, a2); - } - -+static inline void -+addr_zero_host(struct openvpn_sockaddr *addr) -+{ -+ switch(addr->addr.sa.sa_family) { -+ case AF_INET: -+ addr->addr.in4.sin_addr.s_addr = 0; -+ break; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ memset(&addr->addr.in6.sin6_addr, 0, sizeof (struct in6_addr)); -+ break; -+#endif -+ } -+} -+ -+static inline void -+addr_copy_sa(struct openvpn_sockaddr *dst, const struct openvpn_sockaddr *src) -+{ -+ dst->addr = src->addr; -+} -+ -+static inline void -+addr_copy_host(struct openvpn_sockaddr *dst, const struct openvpn_sockaddr *src) -+{ -+ switch(src->addr.sa.sa_family) { -+ case AF_INET: -+ dst->addr.in4.sin_addr.s_addr = src->addr.in4.sin_addr.s_addr; -+ break; -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+ dst->addr.in6.sin6_addr = src->addr.in6.sin6_addr; -+ break; -+#endif -+ } -+} -+ -+static inline bool -+addr_inet4or6(struct sockaddr *addr) -+{ -+ return addr->sa_family == AF_INET || addr->sa_family == AF_INET6; -+} -+ -+int addr_guess_family(int proto, const char *name); -+static inline int -+af_addr_size(sa_family_t af) -+{ -+#if defined(USE_PF_INET6) || defined (USE_PF_UNIX) -+ switch(af) { -+ case AF_INET: return sizeof (struct sockaddr_in); -+#ifdef USE_PF_UNIX -+ case AF_UNIX: return sizeof (struct sockaddr_un); -+#endif -+#ifdef USE_PF_INET6 -+ case AF_INET6: return sizeof (struct sockaddr_in6); -+#endif -+ default: -+#if 0 -+ /* could be called from socket_do_accept() with empty addr */ -+ msg (M_ERR, "Bad address family: %d\n", addr->sa_family); -+ ASSERT(0); -+#endif -+ return 0; -+ } -+#else /* only AF_INET */ -+ return sizeof(struct sockaddr_in); -+#endif -+} -+ - static inline bool - link_socket_actual_match (const struct link_socket_actual *a1, const struct link_socket_actual *a2) - { -@@ -594,14 +760,18 @@ link_socket_verify_incoming_addr (struct - { - if (buf->len > 0) - { -- if (from_addr->dest.sa.sin_family != AF_INET) -- return false; -- if (!link_socket_actual_defined (from_addr)) -- return false; -- if (info->remote_float || !addr_defined (&info->lsa->remote)) -- return true; -- if (addr_match_proto (&from_addr->dest, &info->lsa->remote, info->proto)) -- return true; -+ switch (from_addr->dest.addr.sa.sa_family) { -+#ifdef USE_PF_INET6 -+ case AF_INET6: -+#endif -+ case AF_INET: -+ if (!link_socket_actual_defined (from_addr)) -+ return false; -+ if (info->remote_float || !addr_defined (&info->lsa->remote)) -+ return true; -+ if (addr_match_proto (&from_addr->dest, &info->lsa->remote, info->proto)) -+ return true; -+ } - } - return false; - } -@@ -707,7 +877,7 @@ link_socket_read (struct link_socket *so - int maxsize, - struct link_socket_actual *from) - { -- if (sock->info.proto == PROTO_UDPv4) -+ if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ - { - int res; - -@@ -718,10 +888,10 @@ #else - #endif - return res; - } -- else if (sock->info.proto == PROTO_TCPv4_SERVER || sock->info.proto == PROTO_TCPv4_CLIENT) -+ else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */ - { - /* from address was returned by accept */ -- from->dest.sa = sock->info.lsa->actual.dest.sa; -+ addr_copy_sa(&from->dest, &sock->info.lsa->actual.dest); - return link_socket_read_tcp (sock, buf); - } - else -@@ -776,13 +946,14 @@ #if ENABLE_IP_PKTINFO - struct buffer *buf, - struct link_socket_actual *to); - -- if (sock->sockflags & SF_USE_IP_PKTINFO) -+ if (proto_is_udp(sock->info.proto) && (sock->sockflags & SF_USE_IP_PKTINFO) -+ && addr_defined_ipi(to)) - return link_socket_write_udp_posix_sendmsg (sock, buf, to); - else - #endif - return sendto (sock->sd, BPTR (buf), BLEN (buf), 0, -- (struct sockaddr *) &to->dest.sa, -- (socklen_t) sizeof (to->dest.sa)); -+ (struct sockaddr *) &to->dest.addr.sa, -+ (socklen_t) af_addr_size(to->dest.addr.sa.sa_family)); - } - - static inline int -@@ -813,11 +984,11 @@ link_socket_write (struct link_socket *s - struct buffer *buf, - struct link_socket_actual *to) - { -- if (sock->info.proto == PROTO_UDPv4) -+ if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ - { - return link_socket_write_udp (sock, buf, to); - } -- else if (sock->info.proto == PROTO_TCPv4_SERVER || sock->info.proto == PROTO_TCPv4_CLIENT) -+ else if (proto_is_tcp(sock->info.proto)) /* unified TCPv4 and TCPv6 */ - { - return link_socket_write_tcp (sock, buf, to); - } -diff --git a/openvpn/socks.c b/openvpn/socks.c -index cc9d82f..7ec9a3e 100644 ---- a/openvpn/socks.c -+++ b/openvpn/socks.c -@@ -175,9 +175,9 @@ recv_socks_reply (socket_descriptor_t sd - - if (addr != NULL) - { -- addr->sa.sin_family = AF_INET; -- addr->sa.sin_addr.s_addr = htonl (INADDR_ANY); -- addr->sa.sin_port = htons (0); -+ addr->addr.in4.sin_family = AF_INET; -+ addr->addr.in4.sin_addr.s_addr = htonl (INADDR_ANY); -+ addr->addr.in4.sin_port = htons (0); - } - - while (len < 4 + alen + 2) -@@ -264,8 +264,8 @@ recv_socks_reply (socket_descriptor_t sd - /* ATYP == 1 (IP V4 address) */ - if (atyp == '\x01' && addr != NULL) - { -- memcpy (&addr->sa.sin_addr, buf + 4, sizeof (addr->sa.sin_addr)); -- memcpy (&addr->sa.sin_port, buf + 8, sizeof (addr->sa.sin_port)); -+ memcpy (&addr->addr.in4.sin_addr, buf + 4, sizeof (addr->addr.in4.sin_addr)); -+ memcpy (&addr->addr.in4.sin_port, buf + 8, sizeof (addr->addr.in4.sin_port)); - } - - -@@ -383,8 +383,8 @@ socks_process_incoming_udp (struct buffe - if (atyp != 1) /* ATYP == 1 (IP V4) */ - goto error; - -- buf_read (buf, &from->dest.sa.sin_addr, sizeof (from->dest.sa.sin_addr)); -- buf_read (buf, &from->dest.sa.sin_port, sizeof (from->dest.sa.sin_port)); -+ buf_read (buf, &from->dest.addr.in4.sin_addr, sizeof (from->dest.addr.in4.sin_addr)); -+ buf_read (buf, &from->dest.addr.in4.sin_port, sizeof (from->dest.addr.in4.sin_port)); - - return; - -@@ -416,8 +416,8 @@ socks_process_outgoing_udp (struct buffe - buf_write_u16 (&head, 0); /* RSV = 0 */ - buf_write_u8 (&head, 0); /* FRAG = 0 */ - buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */ -- buf_write (&head, &to->dest.sa.sin_addr, sizeof (to->dest.sa.sin_addr)); -- buf_write (&head, &to->dest.sa.sin_port, sizeof (to->dest.sa.sin_port)); -+ buf_write (&head, &to->dest.addr.in4.sin_addr, sizeof (to->dest.addr.in4.sin_addr)); -+ buf_write (&head, &to->dest.addr.in4.sin_port, sizeof (to->dest.addr.in4.sin_port)); - - return 10; - } diff --git a/net-misc/openvpn/files/openvpn-2.1_rc7-tap.patch b/net-misc/openvpn/files/openvpn-2.1_rc7-tap.patch deleted file mode 100644 index 0220194a..00000000 --- a/net-misc/openvpn/files/openvpn-2.1_rc7-tap.patch +++ /dev/null @@ -1,57 +0,0 @@ -Index: tun.c -=================================================================== ---- tun.c (revision 2713) -+++ tun.c (revision 2715) -@@ -1220,26 +1220,44 @@ - { - if (tt) - { --#ifdef CONFIG_FEATURE_IPROUTE - if (tt->type != DEV_TYPE_NULL && tt->did_ifconfig) - { - char command_line[256]; - struct gc_arena gc = gc_new (); - -+#ifdef CONFIG_FEATURE_IPROUTE -+ if (is_tun_p2p (tt)) -+ { -+ openvpn_snprintf (command_line, sizeof (command_line), -+ "%s addr del dev %s local %s peer %s", -+ iproute_path, -+ tt->actual_name, -+ print_in_addr_t (tt->local, 0, &gc), -+ print_in_addr_t (tt->remote_netmask, 0, &gc) -+ ); -+ } -+ else -+ { -+ openvpn_snprintf (command_line, sizeof (command_line), -+ "%s addr del dev %s %s/%d", -+ iproute_path, -+ tt->actual_name, -+ print_in_addr_t (tt->local, 0, &gc), -+ count_netmask_bits(print_in_addr_t (tt->remote_netmask, 0, &gc)) -+ ); -+ } -+#else - openvpn_snprintf (command_line, sizeof (command_line), -- "%s addr del dev %s local %s peer %s", -- iproute_path, -- tt->actual_name, -- print_in_addr_t (tt->local, 0, &gc), -- print_in_addr_t (tt->remote_netmask, 0, &gc) -- ); -+ IFCONFIG_PATH "%s addr 0.0.0.0", -+ tt->actual_name -+ ); -+#endif - - msg (M_INFO, "%s", command_line); - system_check (command_line, NULL, S_FATAL, "Linux ip addr del failed"); - - gc_free (&gc); - } --#endif - close_tun_generic (tt); - free (tt); - } diff --git a/net-misc/openvpn/openvpn-2.1_rc7.ebuild b/net-misc/openvpn/openvpn-2.1_rc7.ebuild deleted file mode 100644 index 37576958..00000000 --- a/net-misc/openvpn/openvpn-2.1_rc7.ebuild +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/openvpn-2.1_rc7.ebuild,v 1.1 2008/02/09 16:20:56 alonbl Exp $ - -EAPI=4 -inherit eutils multilib - -DESCRIPTION="OpenVPN is a robust and highly flexible tunneling application compatible with many OSes." -SRC_URI="http://openvpn.net/release/${P}.tar.gz" -HOMEPAGE="http://openvpn.net/" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" -IUSE="examples iproute2 ipv6 minimal pam passwordsave selinux ssl static pkcs11 threads userland_BSD" - -DEPEND=">=dev-libs/lzo-1.07 - kernel_linux? ( - iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools ) - ) - !minimal? ( pam? ( virtual/pam ) ) - selinux? ( sec-policy/selinux-openvpn ) - ssl? ( >=dev-libs/openssl-0.9.6 ) - pkcs11? ( >=dev-libs/pkcs11-helper-1.05 )" -RDEPEND="${DEPEND}" - -src_prepare() { - use ipv6 && epatch "${FILESDIR}/${PN}"-2.1_rc6-udp6.patch - epatch "${FILESDIR}/${P}-tap.patch" -} - -src_configure() { - local myconf="" - - if use minimal ; then - myconf="${myconf} --disable-plugins" - myconf="${myconf} --disable-pkcs11" - else - myconf="$(use_enable pkcs11)" - fi - - econf ${myconf} \ - $(use_enable ipv6) \ - $(use_enable passwordsave password-save) \ - $(use_enable ssl) \ - $(use_enable ssl crypto) \ - $(use_enable threads pthread) \ - $(use_enable iproute2) \ - || die "configure failed" - - use static && sed -i -e '/^LIBS/s/LIBS = /LIBS = -static /' Makefile -} - -src_compile() { - emake || die "make failed" - - if ! use minimal ; then - cd plugin - for i in $( ls 2>/dev/null ); do - [[ ${i} == "README" || ${i} == "examples" ]] && continue - [[ ${i} == "auth-pam" ]] && ! use pam && continue - einfo "Building ${i} plugin" - cd "${i}" - emake || die "make failed" - cd .. - done - cd .. - fi -} - -src_install() { - make DESTDIR="${D}" install || die "make install failed" - - # install documentation - dodoc AUTHORS ChangeLog PORTS README - - # Empty dir - dodir /etc/openvpn - keepdir /etc/openvpn - - # Install some helper scripts - exeinto /etc/openvpn - doexe "${FILESDIR}/up.sh" - doexe "${FILESDIR}/down.sh" - - # Install the init script and config file - newinitd "${FILESDIR}/${PN}-2.1.init" openvpn - newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn - - # install examples, controlled by the respective useflag - if use examples ; then - # dodoc does not supportly support directory traversal, #15193 - insinto /usr/share/doc/${PF}/examples - doins -r sample-{config-files,keys,scripts} contrib - fi - - # Install plugins and easy-rsa - if ! use minimal ; then - cd easy-rsa/2.0 - make install "DESTDIR=${D}/usr/share/${PN}/easy-rsa" - cd ../.. - - exeinto "/usr/$(get_libdir)/${PN}" - doexe plugin/*/*.so - fi -} - -pkg_postinst() { - # Add openvpn user so openvpn servers can drop privs - # Clients should run as root so they can change ip addresses, - # dns information and other such things. - enewgroup openvpn - enewuser openvpn "" "" "" openvpn - - if [[ -n $(ls /etc/openvpn/*/local.conf 2>/dev/null) ]] ; then - ewarn "WARNING: The openvpn init script has changed" - ewarn "" - fi - - einfo "The openvpn init script expects to find the configuration file" - einfo "openvpn.conf in /etc/openvpn along with any extra files it may need." - einfo "" - einfo "To create more VPNs, simply create a new .conf file for it and" - einfo "then create a symlink to the openvpn init script from a link called" - einfo "openvpn.newconfname - like so" - einfo " cd /etc/openvpn" - einfo " ${EDITOR##*/} foo.conf" - einfo " cd /etc/init.d" - einfo " ln -s openvpn openvpn.foo" - einfo "" - einfo "You can then treat openvpn.foo as any other service, so you can" - einfo "stop one vpn and start another if you need to." - - if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then - ewarn "" - ewarn "WARNING: If you use the remote keyword then you are deemed to be" - ewarn "a client by our init script and as such we force up,down scripts." - ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" - ewarn "can move your scripts to." - fi - - if ! use minimal ; then - einfo "" - einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" - fi -} |