2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 * Only include if not during configure
33 #include "config-win32.h"
39 /* branch prediction hints */
41 # define likely(x) __builtin_expect((x),1)
42 # define unlikely(x) __builtin_expect((x),0)
44 # define likely(x) (x)
45 # define unlikely(x) (x)
48 #if defined(_WIN32) && !defined(WIN32)
54 #define sleep(x) Sleep((x)*1000)
59 #ifdef HAVE_SYS_TYPES_H
60 #include <sys/types.h>
63 #ifdef HAVE_SYS_WAIT_H
64 # include <sys/wait.h>
69 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
72 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
76 #ifdef TIME_WITH_SYS_TIME
77 # include <sys/time.h>
80 # ifdef HAVE_SYS_TIME_H
81 # include <sys/time.h>
87 #ifdef HAVE_SYS_SOCKET_H
88 #include <sys/socket.h>
95 #ifdef HAVE_SYS_IOCTL_H
96 #include <sys/ioctl.h>
99 #ifdef HAVE_SYS_STAT_H
100 #include <sys/stat.h>
107 #ifdef HAVE_SYS_FILE_H
108 #include <sys/file.h>
167 #ifdef HAVE_NETINET_IN_H
168 #include <netinet/in.h>
175 #ifdef HAVE_SYS_POLL_H
176 #include <sys/poll.h>
179 #ifdef HAVE_SYS_EPOLL_H
180 #include <sys/epoll.h>
184 #include <selinux/selinux.h>
187 #ifdef TARGET_SOLARIS
188 #ifdef HAVE_STRINGS_H
197 #ifdef HAVE_ARPA_INET_H
198 #include <arpa/inet.h>
207 #if defined(HAVE_NETINET_IF_ETHER_H)
208 #include <netinet/if_ether.h>
211 #ifdef HAVE_LINUX_IF_TUN_H
212 #include <linux/if_tun.h>
215 #ifdef HAVE_NETINET_IP_H
216 #include <netinet/ip.h>
219 #ifdef HAVE_LINUX_SOCKIOS_H
220 #include <linux/sockios.h>
223 #ifdef HAVE_LINUX_TYPES_H
224 #include <linux/types.h>
227 #ifdef HAVE_LINUX_ERRQUEUE_H
228 #include <linux/errqueue.h>
231 #ifdef HAVE_NETINET_TCP_H
232 #include <netinet/tcp.h>
235 #endif /* TARGET_LINUX */
237 #ifdef TARGET_SOLARIS
239 #ifdef HAVE_STROPTS_H
244 #ifdef HAVE_NET_IF_TUN_H
245 #include <net/if_tun.h>
248 #ifdef HAVE_SYS_SOCKIO_H
249 #include <sys/sockio.h>
252 #ifdef HAVE_NETINET_IN_SYSTM_H
253 #include <netinet/in_systm.h>
256 #ifdef HAVE_NETINET_IP_H
257 #include <netinet/ip.h>
260 #ifdef HAVE_NETINET_TCP_H
261 #include <netinet/tcp.h>
264 #endif /* TARGET_SOLARIS */
266 #ifdef TARGET_OPENBSD
268 #ifdef HAVE_SYS_UIO_H
272 #ifdef HAVE_NETINET_IN_SYSTM_H
273 #include <netinet/in_systm.h>
276 #ifdef HAVE_NETINET_IP_H
277 #include <netinet/ip.h>
280 #ifdef HAVE_NET_IF_TUN_H
281 #include <net/if_tun.h>
284 #endif /* TARGET_OPENBSD */
286 #ifdef TARGET_FREEBSD
288 #ifdef HAVE_SYS_UIO_H
292 #ifdef HAVE_NETINET_IN_SYSTM_H
293 #include <netinet/in_systm.h>
296 #ifdef HAVE_NETINET_IP_H
297 #include <netinet/ip.h>
300 #ifdef HAVE_NET_IF_TUN_H
301 #include <net/if_tun.h>
304 #endif /* TARGET_FREEBSD */
308 #ifdef HAVE_NET_IF_TUN_H
309 #include <net/if_tun.h>
312 #ifdef HAVE_NETINET_TCP_H
313 #include <netinet/tcp.h>
316 #endif /* TARGET_NETBSD */
318 #ifdef TARGET_DRAGONFLY
320 #ifdef HAVE_SYS_UIO_H
324 #ifdef HAVE_NETINET_IN_SYSTM_H
325 #include <netinet/in_systm.h>
328 #ifdef HAVE_NETINET_IP_H
329 #include <netinet/ip.h>
332 #ifdef HAVE_NET_TUN_IF_TUN_H
333 #include <net/tun/if_tun.h>
336 #endif /* TARGET_DRAGONFLY */
339 #include <iphlpapi.h>
343 #ifdef HAVE_SYS_MMAN_H
345 #define _P1003_1B_VISIBLE
346 #endif /* TARGET_DARWIN */
347 #include <sys/mman.h>
351 * Pedantic mode is meant to accomplish lint-style program checking,
352 * not to build a working executable.
354 #ifdef __STRICT_ANSI__
356 # undef HAVE_CPP_VARARG_MACRO_GCC
357 # undef HAVE_CPP_VARARG_MACRO_ISO
358 # undef EMPTY_ARRAY_SIZE
359 # define EMPTY_ARRAY_SIZE 1
367 * Do we have the capability to support the --passtos option?
369 #if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
370 #define PASSTOS_CAPABILITY 1
372 #define PASSTOS_CAPABILITY 0
376 * Do we have the capability to report extended socket errors?
378 #if defined(HAVE_LINUX_TYPES_H) && defined(HAVE_LINUX_ERRQUEUE_H) && defined(HAVE_SOCK_EXTENDED_ERR) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(IP_RECVERR) && defined(MSG_ERRQUEUE) && defined(SOL_IP) && defined(HAVE_IOVEC)
379 #define EXTENDED_SOCKET_ERROR_CAPABILITY 1
381 #define EXTENDED_SOCKET_ERROR_CAPABILITY 0
385 * Does this platform support linux-style IP_PKTINFO?
387 #if defined(ENABLE_MULTIHOME) && defined(HAVE_IN_PKTINFO) && defined(IP_PKTINFO) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG)
388 #define ENABLE_IP_PKTINFO 1
390 #define ENABLE_IP_PKTINFO 0
397 #undef EXTENDED_SOCKET_ERROR_CAPABILITY
398 #define EXTENDED_SOCKET_ERROR_CAPABILITY 0
402 * Do we have a syslog capability?
404 #if defined(HAVE_OPENLOG) && defined(HAVE_SYSLOG)
405 #define SYSLOG_CAPABILITY 1
407 #define SYSLOG_CAPABILITY 0
411 * Does this OS draw a distinction between binary and ascii files?
418 * Directory separation char
421 #define OS_SPECIFIC_DIRSEP '\\'
423 #define OS_SPECIFIC_DIRSEP '/'
427 * Define a boolean value based
437 * Our socket descriptor type.
440 #define SOCKET_UNDEFINED (INVALID_SOCKET)
441 typedef SOCKET socket_descriptor_t;
443 #define SOCKET_UNDEFINED (-1)
444 typedef int socket_descriptor_t;
448 socket_defined (const socket_descriptor_t sd)
450 return sd != SOCKET_UNDEFINED;
454 * Should statistics counters be 64 bits?
456 #define USE_64_BIT_COUNTERS
459 * Should we enable the use of execve() for calling subprocesses,
460 * instead of system()?
462 #if defined(HAVE_EXECVE) && defined(HAVE_FORK)
463 #define ENABLE_EXECVE
467 * Do we have point-to-multipoint capability?
470 #if defined(ENABLE_CLIENT_SERVER) && defined(USE_CRYPTO) && defined(USE_SSL) && defined(HAVE_GETTIMEOFDAY)
476 #if P2MP && !defined(ENABLE_CLIENT_ONLY)
477 #define P2MP_SERVER 1
479 #define P2MP_SERVER 0
483 * HTTPS port sharing capability
485 #if defined(ENABLE_PORT_SHARE) && P2MP_SERVER && defined(SCM_RIGHTS) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG)
492 * Do we have a plug-in capability?
494 #if defined(USE_LIBDL) || defined(USE_LOAD_LIBRARY)
495 #define ENABLE_PLUGIN
499 * Enable deferred authentication?
501 #if defined(CONFIGURE_DEF_AUTH) && P2MP_SERVER && defined(ENABLE_PLUGIN)
502 #define PLUGIN_DEF_AUTH
504 #if defined(CONFIGURE_DEF_AUTH) && P2MP_SERVER && defined(ENABLE_MANAGEMENT)
505 #define MANAGEMENT_DEF_AUTH
507 #if defined(PLUGIN_DEF_AUTH) || defined(MANAGEMENT_DEF_AUTH)
508 #define ENABLE_DEF_AUTH
512 * Enable packet filter?
514 #if defined(CONFIGURE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) && defined(HAVE_STAT)
517 #if defined(CONFIGURE_PF) && P2MP_SERVER && defined(MANAGEMENT_DEF_AUTH)
518 #define MANAGEMENT_PF
520 #if defined(PLUGIN_PF) || defined(MANAGEMENT_PF)
525 * Do we support Unix domain sockets?
527 #if defined(PF_UNIX) && !defined(WIN32)
528 #define UNIX_SOCK_SUPPORT 1
530 #define UNIX_SOCK_SUPPORT 0
534 * Don't compile the struct buffer_list code unless something needs it
536 #if defined(ENABLE_MANAGEMENT) || defined(ENABLE_PF)
537 #define ENABLE_BUFFER_LIST
541 * Do we have pthread capability?
544 #if defined(USE_CRYPTO) && defined(USE_SSL) && P2MP
552 * Pthread support is currently experimental (and quite unfinished).
554 #if 1 /* JYFIXME -- if defined, disable pthread */
559 * Should we include OCC (options consistency check) code?
566 * Should we include NTLM proxy functionality
568 #if defined(USE_CRYPTO) && defined(ENABLE_HTTP_PROXY)
575 * Should we include code common to all proxy methods?
577 #if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_SOCKS)
578 #define GENERAL_PROXY_SUPPORT
582 * Do we have PKCS11 capability?
584 #if defined(USE_PKCS11) && defined(USE_CRYPTO) && defined(USE_SSL)
585 #define ENABLE_PKCS11
589 * Is poll available on this platform?
591 #if defined(HAVE_POLL) && defined(HAVE_SYS_POLL_H)
598 * Is epoll available on this platform?
600 #if defined(HAVE_EPOLL_CREATE) && defined(HAVE_SYS_EPOLL_H)
613 * Should we allow ca/cert/key files to be
614 * included inline, in the configuration file?
616 #define ENABLE_INLINE_FILES 1
619 * Reduce sensitivity to system clock instability
622 #define TIME_BACKTRACK_PROTECTION 1
625 * Is non-blocking connect() supported?
627 #if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_ERROR) && defined(EINPROGRESS) && defined(ETIMEDOUT)
628 #define CONNECT_NONBLOCK
632 * Do we have the capability to support the AUTO_USERID feature?
634 #if defined(ENABLE_AUTO_USERID)
635 #define AUTO_USERID 1
637 #define AUTO_USERID 0
641 * Support "connection" directive
643 #if ENABLE_INLINE_FILES
644 #define ENABLE_CONNECTION 1