aboutsummaryrefslogtreecommitdiff
path: root/socket.c (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2010-11-14Clean-up: Remove pthread and mutex locking codeDavid Sommerseth1-7/+0
This code was not activated at all, and hard coded as disabled in syshead.h with this code snippet: /* * Pthread support is currently experimental (and quite unfinished). */ #if 1 /* JYFIXME -- if defined, disable pthread */ #undef USE_PTHREAD #endif So no matter if --enable-pthread when running ./configure or not, this feature was never enabled in reality. Further, by removing the blocker code above made OpenVPN uncompilable in the current state. As the threading part needs to be completely rewritten and pthreading will not be supported in OpenVPN 2.x, removing this code seems most reasonable. In addition, a lot of mutex locking code was also removed, as they were practically NOP functions, due to pthreading being forcefully disabled Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-10-21Revamped the script-security warning logging (version 2)David Sommerseth1-1/+1
The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING over and over again, in addition to not show this warning when it should not be a problem. This general warning should now only appear once, and only when --script-security is not set, 0 or 1. In all other cases this warning should not appear. In addition, this warning will come close to the script-hook which most probably will fail. It will also give a little bit more concrete hint on which script-hook which failed. If --script-security is 2 or 3, only the execve failure itself will be shown. This message will on the other hand be shown repeatedly. This is a new rewritten version which simplifies the implementaion of the new openvpn_run_script() function. It was considered to remove it completely, but due to code clearity and easy of use it was decided to make this function a static inline function instead. Anyhow, this function will enforce openvpn_execve_check() to be called with the S_SCRIPT flag. Patch ACKed on the developers meeting 2009-04-29. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-10-21Debian patch: Fix spelling in log messageAlberto Gonzalez Iniesta1-1/+1
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
2010-07-26Fixed typo: missing comment close.James Yonan1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6347 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-07-12Implemented multi-address DNS expansion on the network field of routeJames Yonan1-2/+32
commands. When only a single IP address is desired from a multi-address DNS expansion, use the first address rather than a random selection. Version 2.1.1l git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6291 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-05-09Fixed issue on Windows with MSVC compiler, where TCP_NODELAY supportJames Yonan1-1/+1
was not being compiled in. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5620 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-04-29Revamped the script-security warning logging (version 2)David Sommerseth1-1/+1
The main task of this patch is to avoid reporting the SCRIPT_SECURITY_WARNING over and over again, in addition to not show this warning when it should not be a problem. This general warning should now only appear once, and only when --script-security is not set, 0 or 1. In all other cases this warning should not appear. In addition, this warning will come close to the script-hook which most probably will fail. It will also give a little bit more concrete hint on which script-hook which failed. If --script-security is 2 or 3, only the execve failure itself will be shown. This message will on the other hand be shown repeatedly. This is a new rewritten version which simplifies the implementaion of the new openvpn_run_script() function. It was considered to remove it completely, but due to code clearity and easy of use it was decided to make this function a static inline function instead. Anyhow, this function will enforce openvpn_execve_check() to be called with the S_SCRIPT flag. Patch ACKed on the developers meeting 2009-04-29. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: James Yonan <james@openvpn.net>
2010-04-28Updated copyright date to 2010.James Yonan1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5599 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-03-30Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately afterJames Yonan1-3/+4
socket is created rather than waiting until after connect/listen. Version 2.1.1d git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5514 e7ae566f-a301-0410-adde-c780ea21d3b5
2010-02-18Do not randomize resolving of IP addresses in getaddr()David Sommerseth1-3/+2
Based on a discussion on the mailing list and in the IRC meeting Feb 18, it was decided to remove get_random() from the getaddr() function as that can conflict with round-robin/randomization done by DNS servers. This change must be documented in the release notes. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
2009-08-22Added --remote-random-hostname option.james1-5/+28
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4843 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-05-30Update copyright to 2009.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4477 e7ae566f-a301-0410-adde-c780ea21d3b5
2009-04-10Allow "management-client" directive to be usedjames1-0/+10
with unix domain sockets. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4128 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-10-06Copyright notice changed to reflect change in name ofjames1-1/+1
Telethra to OpenVPN Technologies. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3409 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-30Management interface can now listen on a unixjames1-0/+122
domain socket, for example: management /tmp/openvpn unix Also added management-client-user and management-client-group directives to control which processes are allowed to connect to the socket. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3396 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-19Fixed --lladdr bug introduced in 2.1-rc9 where input validation codejames1-0/+39
was incorrectly expecting the lladdr parameter to be an IP address when it is actually a MAC address (HoverHell). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3339 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-06Modified ip_or_dns_addr_safe, which validates pulled DNS names,james1-3/+15
to more closely conform to RFC 3696: * DNS name length must not exceed 255 characters * DNS name characters must be limited to alphanumeric, dash ('-'), and dot ('.') git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-062.1_rc8 and earlier did implicit shell expansion on scriptjames1-1/+1
arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls. The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded, so for example: client-connect "docc CLIENT-CONNECT" would fail to work because execve would try to execute a script called "docc CLIENT-CONNECT" instead of "docc" with "CLIENT-CONNECT" as the first argument. This patch fixes the issue, bringing the script argument semantics back to pre 2.1_rc9 behavior in order to preserve backward compatibility while still using execve or CreateProcess to execute the script/executable. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3311 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-09-04Added --allow-pull-fqdn option which allows client to pull DNS namesjames1-0/+11
from server (rather than only IP address) for --ifconfig, --route, and --route-gateway. OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3307 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Perform additional input validation on options pulledjames1-0/+42
by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-26Completely revamped the system for calling external programs and scripts:james1-8/+26
* All external programs and scripts are now called by execve() on unix and CreateProcess on Windows. * The system() function is no longer used. * Argument lists for external programs and scripts are now built by the new argv_printf function which natively outputs to string arrays (i.e. char *argv[] lists), never truncates its output, and eliminates the security issues inherent in formatting and parsing command lines, and dealing with argument quoting. * The --script-security directive has been added to offer policy controls on OpenVPN's execution of external programs and scripts. Also added a new plugin example (openvpn/plugin/examples/log.c) that logs information to stdout for every plugin method called by OpenVPN. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3122 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-16Added SOCKET_SND_RCV_BUF_MAX constant (set to 1000000) to limit thejames1-5/+11
maximum size passed to setsockopt SNDBUF/RCVBUF. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3062 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-07-14Copyright change OpenVPN Solutions LLC -> Telethra, Inc.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3048 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Updated copyright notice to 2008.james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2995 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-06-11Merged connection profiles fromjames1-100/+11
http://svn.openvpn.net/projects/openvpn/test/conn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2993 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-24Support asynchronous/deferred authentication injames1-1/+1
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin handler. See documentation in openvpn-plugin.h and example usage in plugin/defer/simple.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2969 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-05-12Moved branch into official BETA21 position.james1-6/+5
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2959 e7ae566f-a301-0410-adde-c780ea21d3b5
2008-01-21Fixed interim memory growth issue in TCP connect loop wherejames1-0/+2
"TCP: connect to %s failed, will try again in %d seconds: %s" is output. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2633 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-08PROTO_TCPv4 is never used as an index intojames1-0/+7
proto_overhead, however this should be fixed. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1434 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-11-01SO_REUSEADDR should not be set on Windows TCP sockets becausejames1-0/+2
it will cause bind to succeed on port conflicts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1428 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-06-29Added two new management states:james1-6/+26
OPENVPN_STATE_RESOLVE -- DNS lookup */ OPENVPN_STATE_TCP_CONNECT -- Connecting to TCP server Echo management state change to log. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1068 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-02-17Version 2.1_beta10 releasedjames1-5/+16
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@899 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-02-16Added --port-share option for allowing OpenVPN and HTTPSjames1-4/+27
server to share the same port number. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@893 e7ae566f-a301-0410-adde-c780ea21d3b5
2006-01-23Added --management-client option to connect as a client tojames1-2/+2
management GUI app rather than be connected to as a server. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@884 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-12-12Added --auto-proxy directive to auto-detect HTTP or SOCKSjames1-34/+47
proxy settings (currently Windows only). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@850 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-28Modified nonblocking connect code so that this works as it should:james1-3/+14
./openvpn --dev tap --proto tcp-client --verb 4 --remote [Black-Hole-IP-Addr] --connect-retry-max 1 --remap-usr1 SIGTERM git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@826 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-25Added --connect-timeout option to control the timeoutjames1-5/+89
on TCP client connection attempts (doesn't work on all OSes). This patch also makes OpenVPN signalable during TCP connection attempts. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@823 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-09Merged (with some changes) Alon'sjames1-0/+9
connect-retry-max option from /contrib/alon/BETA21@783. Added uninit_management_callback call to init_instance_handle_signals so that signals thrown during initialization can bring us back to a management hold. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@786 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-05svn merge -r 771:780 $SO/trunk/openvpnjames1-0/+9
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@781 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-11-01Merged 2.0.4 changes.james1-0/+12
svn merge -r 737:749 $SO/trunk/openvpn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-16Fixed bug introduced in 2.1-beta3 where managementjames1-6/+8
socket bind would fail. Pre-2.1-beta4 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@635 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-15Minor style cleanup for --enable-pedantic.james1-1/+1
Still need some pedantic cleanup in pkcs11.c. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@624 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-15svn merge -r 614:615 $SO/patches/openvpn-2-1_alpha3a-tcpbindjames1-12/+30
Added --bind option for TCP client connections (Ewan Bhamrah Harley). Pre-2.1-beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@623 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-15svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpnjames1-91/+246
Merged --multihome patch + aggregated sockflags. Pre-2.1_beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@622 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-10-12version 2.1_beta2james1-1/+60
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@601 e7ae566f-a301-0410-adde-c780ea21d3b5
2005-09-26version 2.1_beta1james1-1/+1
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@581 e7ae566f-a301-0410-adde-c780ea21d3b5
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 16:39:39 +0000