From patchwork Thu Apr 1 02:13:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1690 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id eOuWFD/HZWDOYQAAIUCqbw (envelope-from ) for ; Thu, 01 Apr 2021 09:14:39 -0400 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id SLphFD/HZWAwKAAAeJ7fFg (envelope-from ) for ; Thu, 01 Apr 2021 09:14:39 -0400 Received: from smtp3.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net with LMTPS id UImjHjTHZWB/UgAAgKDEHA (envelope-from ) for ; Thu, 01 Apr 2021 09:14:28 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp3.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 362e1d44-92ec-11eb-a110-5254006d4589-1-1 Received: from [216.105.38.7] ([216.105.38.7:52764] helo=lists.sourceforge.net) by smtp3.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 44/F4-12681-E37C5606; Thu, 01 Apr 2021 09:14:38 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lRx91-0000P2-61; Thu, 01 Apr 2021 13:13:55 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRx8w-0000Nt-8j for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 13:13:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=lFXPKIE6a5tyQ7YvfUIgrbXUW2YiFYKgfvwN9fUP/xA=; b=Hnoir5wy5a1PwMulE4GTVZxxTn /uVODX7TnuSfVa0ilFMShAkC23rvV8PcLIlMVNhbDdN7k5TIvoE1WPk1BtNS41MxwePM030AZGp++ SMzN5GcMmvmB0r3cgzpnhOsj6J9PwoJb0VY/Ub0+/YTyNZ906kLEJ5HFkRaSHzf6e5TY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=lFXPKIE6a5tyQ7YvfUIgrbXUW2YiFYKgfvwN9fUP/xA=; b=Vc4PWSY2a3qnbTMw3UNMXf3MJa BnXW0DHvEF69DrgHDpL7VIW635Ub9p3pCF3NdtryF355+b4RkG7Ghe7X4Lr9JrFacLUDUobmiIt9b szwnKLSekg1pZ8piXxDbydWUt2UjBITHp6OQe/yBxw9PihWKYvpCExsoiprljBfjyKVk=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lRx8r-0003Uo-PV for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 13:13:50 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lRx8k-000J8O-Iq for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 15:13:38 +0200 Received: (nullmailer pid 3764 invoked by uid 10006); Thu, 01 Apr 2021 13:13:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 1 Apr 2021 15:13:34 +0200 Message-Id: <20210401131337.3684-12-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210401131337.3684-1-arne@rfc2549.org> References: <20210401131337.3684-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lRx8r-0003Uo-PV Subject: [Openvpn-devel] [PATCH 11/14] Remove P2MP mode and check for gettimeofday X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Using OpenVPN without P2MP support (pull, TLS) is unrealistic and building a binary without it is not something we realistically want to support anyway. Signed-off-by: Arne Schwabe --- src/compat/compat-gettimeofday.c | 2 +- src/openvpn/forward.c | 23 ++----------- src/openvpn/forward.h | 6 ---- src/openvpn/helper.c | 3 -- src/openvpn/init.c | 29 +---------------- src/openvpn/manage.c | 4 --- src/openvpn/mbuf.c | 3 -- src/openvpn/mbuf.h | 3 -- src/openvpn/multi.c | 7 ++++ src/openvpn/openvpn.h | 7 ---- src/openvpn/options.c | 55 ++++---------------------------- src/openvpn/options.h | 49 ++++++++++++++++------------ src/openvpn/otime.c | 4 --- src/openvpn/pool.c | 4 --- src/openvpn/pool.h | 3 -- src/openvpn/push.c | 3 -- src/openvpn/push.h | 3 -- src/openvpn/pushlist.h | 4 +-- src/openvpn/route.h | 2 -- src/openvpn/shaper.c | 5 +-- src/openvpn/shaper.h | 4 --- src/openvpn/syshead.h | 32 ------------------- 22 files changed, 49 insertions(+), 206 deletions(-) diff --git a/src/compat/compat-gettimeofday.c b/src/compat/compat-gettimeofday.c index 117aee7d7..e63c8d7f8 100644 --- a/src/compat/compat-gettimeofday.c +++ b/src/compat/compat-gettimeofday.c @@ -93,7 +93,7 @@ gettimeofday(struct timeval *tv, void *tz) { /* We try to dampen out backtracks of less than backtrack_hold_seconds. * Larger backtracks will be passed through and dealt with by the - * TIME_BACKTRACK_PROTECTION code (if enabled) */ + * TIME_BACKTRACK_PROTECTION code */ if (sec > last_sec - backtrack_hold_seconds) { sec = last_sec; diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 98caf6651..01f3f3b9b 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -189,8 +189,6 @@ check_tls_errors_nco(struct context *c) register_signal(c, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */ } -#if P2MP - /* * Handle incoming configuration * messages on the control channel. @@ -269,8 +267,6 @@ check_push_request(struct context *c) event_timeout_modify_wakeup(&c->c2.push_request_interval, PUSH_REQUEST_INTERVAL); } -#endif /* P2MP */ - /* * Things that need to happen immediately after connection initiation should go here. * @@ -286,7 +282,6 @@ check_connection_established(struct context *c) if (CONNECTION_ESTABLISHED(c)) { -#if P2MP /* if --pull was specified, send a push request to server */ if (c->c2.tls_multi && c->options.pull) { @@ -313,7 +308,6 @@ check_connection_established(struct context *c) reset_coarse_timers(c); } else -#endif /* if P2MP */ { do_up(c, false, 0); } @@ -428,7 +422,6 @@ get_server_poll_remaining_time(struct event_timeout *server_poll_timeout) int remaining = event_timeout_remaining(server_poll_timeout); return max_int(0, remaining); } -#if P2MP void check_server_poll_timeout(struct context *c) @@ -466,8 +459,6 @@ check_scheduled_exit(struct context *c) register_signal(c, c->c2.scheduled_exit_signal, "delayed-exit"); } -#endif /* if P2MP */ - /* * Should we write timer-triggered status file. */ @@ -635,13 +626,12 @@ process_coarse_timers(struct context *c) { check_connection_established(c); } -#if P2MP + /* see if we should send a push_request (option --pull) */ if (event_timeout_trigger(&c->c2.push_request_interval, &c->c2.timeval, ETT_DEFAULT)) { check_push_request(c); } -#endif #ifdef PLUGIN_PF if (c->c2.pf.enabled @@ -676,7 +666,6 @@ process_coarse_timers(struct context *c) return; } -#if P2MP if (c->c2.tls_multi) { if (c->options.ce.connect_timeout @@ -697,7 +686,6 @@ process_coarse_timers(struct context *c) return; } } -#endif /* Should we send an OCC_REQUEST message? */ check_send_occ_req(c); @@ -1583,13 +1571,12 @@ process_outgoing_link(struct context *c) * Let the traffic shaper know how many bytes * we wrote. */ -#ifdef ENABLE_FEATURE_SHAPER if (c->options.shaper) { shaper_wrote_bytes(&c->c2.shaper, BLEN(&c->c2.to_link) + datagram_overhead(c->options.ce.proto)); } -#endif + /* * Let the pinger know that we sent a packet. */ @@ -1843,14 +1830,12 @@ pre_select(struct context *c) return; } -#if P2MP /* check for incoming control messages on the control channel like * push request/reply, or authentication failure and 2FA messages */ if (tls_test_payload_len(c->c2.tls_multi) > 0) { check_incoming_control_channel(c); } -#endif /* Should we send an OCC message? */ check_send_occ_msg(c); @@ -1920,7 +1905,6 @@ io_wait_dowork(struct context *c, const unsigned int flags) * quota, don't send -- instead compute the delay we must wait * until it will be OK to send the packet. */ -#ifdef ENABLE_FEATURE_SHAPER int delay = 0; /* set traffic shaping delay in microseconds */ @@ -1937,9 +1921,6 @@ io_wait_dowork(struct context *c, const unsigned int flags) { shaper_soonest_event(&c->c2.timeval, delay); } -#else /* ENABLE_FEATURE_SHAPER */ - socket |= EVENT_WRITE; -#endif /* ENABLE_FEATURE_SHAPER */ } else { diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index 9ce3bc1c7..2a67c1445 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -74,15 +74,12 @@ void check_tls_errors_co(struct context *c); void check_tls_errors_nco(struct context *c); -#if P2MP void check_incoming_control_channel(struct context *c); void check_scheduled_exit(struct context *c); void check_push_request(struct context *c); -#endif /* P2MP */ - #ifdef ENABLE_FRAGMENT void check_fragment(struct context *c); @@ -336,11 +333,8 @@ void reschedule_multi_process(struct context *c); void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf); -#if P2MP void schedule_exit(struct context *c, const int n_seconds, const int signal); -#endif - static inline struct link_socket_info * get_link_socket_info(struct context *c) { diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c index a1d030706..963578d43 100644 --- a/src/openvpn/helper.c +++ b/src/openvpn/helper.c @@ -149,7 +149,6 @@ helper_client_server(struct options *o) { struct gc_arena gc = gc_new(); -#if P2MP /* * Get tun/tap/null device type @@ -494,8 +493,6 @@ helper_client_server(struct options *o) o->tls_client = true; } -#endif /* P2MP */ - gc_free(&gc); } diff --git a/src/openvpn/init.c b/src/openvpn/init.c index f0ae0b7f1..98cc1ebe9 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -192,7 +192,6 @@ run_up_down(const char *command, static void update_options_ce_post(struct options *options) { -#if P2MP /* * In pull mode, we usually import --ping/--ping-restart parameters from * the server. However we should also set an initial default --ping-restart @@ -206,7 +205,6 @@ update_options_ce_post(struct options *options) options->ping_rec_timeout = PRE_PULL_INITIAL_PING_RESTART; options->ping_rec_timeout_action = PING_RESTART; } -#endif } #ifdef ENABLE_MANAGEMENT @@ -592,7 +590,6 @@ init_query_passwords(const struct context *c) pem_password_setup(c->options.key_pass_file); } -#if P2MP /* Auth user/pass input */ if (c->options.auth_user_pass_file) { @@ -602,7 +599,6 @@ init_query_passwords(const struct context *c) auth_user_pass_setup(c->options.auth_user_pass_file, NULL); #endif } -#endif } /* @@ -1446,14 +1442,12 @@ do_init_timers(struct context *c, bool deferred) static void do_init_traffic_shaper(struct context *c) { -#ifdef ENABLE_FEATURE_SHAPER /* initialize traffic shaper (i.e. transmit bandwidth limiter) */ if (c->options.shaper) { shaper_init(&c->c2.shaper, c->options.shaper); shaper_msg(&c->c2.shaper); } -#endif } /* @@ -1978,9 +1972,7 @@ do_close_tun_simple(struct context *c) c->c1.tuntap = NULL; } c->c1.tuntap_owned = false; -#if P2MP CLEAR(c->c1.pulled_options_digest_save); -#endif } static void @@ -2131,7 +2123,6 @@ tun_abort(void) * Handle delayed tun/tap interface bringup due to --up-delay or --pull */ -#if P2MP /** * Helper for do_up(). Take two option hashes and return true if they are not * equal, or either one is all-zeroes. @@ -2144,7 +2135,6 @@ options_hash_changed_or_zero(const struct sha256_digest *a, return memcmp(a, b, sizeof(struct sha256_digest)) || !memcmp(a, &zero, sizeof(struct sha256_digest)); } -#endif /* P2MP */ bool do_up(struct context *c, bool pulled_options, unsigned int option_types_found) @@ -2168,7 +2158,6 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found) c->c2.did_open_tun = do_open_tun(c); update_time(); -#if P2MP /* * Was tun interface object persisted from previous restart iteration, * and if so did pulled options string change from previous iteration? @@ -2186,14 +2175,11 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found) c->c2.did_open_tun = do_open_tun(c); update_time(); } -#endif } if (c->c2.did_open_tun) { -#if P2MP c->c1.pulled_options_digest_save = c->c2.pulled_options_digest; -#endif /* if --route-delay was specified, start timer */ if ((route_order() == ROUTE_AFTER_TUN) && c->options.route_delay_defined) @@ -2360,6 +2346,7 @@ do_deferred_options(struct context *c, const unsigned int found) /* process (potentially pushed) crypto options */ if (c->options.pull) { + if (!check_pull_client_ncp(c, found)) { return false; @@ -2432,12 +2419,10 @@ socket_restart_pause(struct context *c) } #endif -#if P2MP if (auth_retry_get() == AR_NOINTERACT) { sec = 10; } -#endif /* Slow down reconnection after 5 retries per remote -- for tcp only in client mode */ if (c->options.ce.proto != PROTO_TCP_SERVER) @@ -2721,7 +2706,6 @@ do_init_crypto_tls_c1(struct context *c) init_ssl(options, &(c->c1.ks.ssl_ctx)); if (!tls_ctx_initialised(&c->c1.ks.ssl_ctx)) { -#if P2MP switch (auth_retry_get()) { case AR_NONE: @@ -2740,9 +2724,6 @@ do_init_crypto_tls_c1(struct context *c) } c->sig->signal_text = "private-key-password-failure"; return; -#else /* if P2MP */ - msg(M_FATAL, "Error: private key password verification failed"); -#endif /* if P2MP */ } /* Do not warn if we only have BF-CBC in options->ciphername @@ -2938,11 +2919,9 @@ do_init_crypto_tls(struct context *c, const unsigned int flags) to.x509_track = options->x509_track; -#if P2MP #ifdef ENABLE_MANAGEMENT to.sci = &options->sc_info; #endif -#endif #ifdef USE_COMP to.comp_options = options->comp; @@ -3207,7 +3186,6 @@ do_option_warnings(struct context *c) msg(M_WARN, "WARNING: you are using chroot without specifying user and group -- this may cause the chroot jail to be insecure"); } -#if P2MP if (o->pull && o->ifconfig_local && c->first_time) { msg(M_WARN, "WARNING: using --pull/--client and --ifconfig together is probably not what you want"); @@ -3233,7 +3211,6 @@ do_option_warnings(struct context *c) msg(M_WARN, "WARNING: --keepalive option is missing from server config"); } } -#endif /* if P2MP */ if (!o->replay) { @@ -3771,13 +3748,11 @@ do_setup_fast_io(struct context *c) } else { -#ifdef ENABLE_FEATURE_SHAPER if (c->options.shaper) { msg(M_INFO, "NOTE: --fast-io is disabled since we are using --shaper"); } else -#endif { c->c2.fast_io = true; } @@ -4141,13 +4116,11 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f platform_mlockall(true); } -#if P2MP /* get passwords if undefined */ if (auth_retry_get() == AR_INTERACT) { init_query_passwords(c); } -#endif /* initialize context level 2 --verb/--mute parms */ init_verb_mute(c, IVM_LEVEL_2); diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index df987f53c..7e61061ab 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -1416,7 +1416,6 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha } else if (streq(p[0], "auth-retry")) { -#if P2MP if (p[1]) { if (auth_retry_set(M_CLIENT, p[1])) @@ -1432,9 +1431,6 @@ man_dispatch_command(struct management *man, struct status_output *so, const cha { msg(M_CLIENT, "SUCCESS: auth-retry=%s", auth_retry_print()); } -#else /* if P2MP */ - msg(M_CLIENT, "ERROR: auth-retry feature is unavailable"); -#endif } else if (streq(p[0], "state")) { diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c index 76f478b8c..6b7db6501 100644 --- a/src/openvpn/mbuf.c +++ b/src/openvpn/mbuf.c @@ -29,8 +29,6 @@ #include "syshead.h" -#if P2MP - #include "buffer.h" #include "error.h" #include "integer.h" @@ -171,4 +169,3 @@ mbuf_dereference_instance(struct mbuf_set *ms, struct multi_instance *mi) } } } -#endif /* P2MP */ diff --git a/src/openvpn/mbuf.h b/src/openvpn/mbuf.h index f37563dff..759546c6c 100644 --- a/src/openvpn/mbuf.h +++ b/src/openvpn/mbuf.h @@ -28,8 +28,6 @@ * Handle both multicast and broadcast functions. */ -#if P2MP - /* define this to enable special test mode */ /*#define MBUF_TEST*/ @@ -111,5 +109,4 @@ mbuf_peek(struct mbuf_set *ms) } } -#endif /* if P2MP */ #endif /* ifndef MBUF_H */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 9b4a3383f..071bd5b61 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2642,6 +2642,13 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi) (*cur_handler_index)++; } + /* Check if we have forbidding options in the current mode */ + if (dco_enabled( &mi->context.options) + && check_option_conflict_dco(D_MULTI_ERRORS, &mi->context.options)) + { + msg(D_MULTI_ERRORS, "MULTI: client has been reject due to incompatible options"); + cc_succeeded = false; + } if (cc_succeeded) { diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 322ab3ee1..c30ffacb7 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -189,7 +189,6 @@ struct context_1 struct socks_proxy_info *socks_proxy; bool socks_proxy_owned; -#if P2MP /* persist --ifconfig-pool db to file */ struct ifconfig_pool_persist *ifconfig_pool_persist; bool ifconfig_pool_persist_owned; @@ -203,7 +202,6 @@ struct context_1 struct user_pass *auth_user_pass; /**< Username and password for * authentication. */ -#endif }; @@ -288,12 +286,10 @@ struct context_2 struct frame frame_fragment_omit; #endif -#ifdef ENABLE_FEATURE_SHAPER /* * Traffic shaper object. */ struct shaper shaper; -#endif /* * Statistics @@ -445,8 +441,6 @@ struct context_2 /* don't wait for TUN/TAP/UDP to be ready to accept write */ bool fast_io; -#if P2MP - /* --ifconfig endpoints to be pushed to client */ bool push_request_received; bool push_ifconfig_defined; @@ -473,7 +467,6 @@ struct context_2 struct event_timeout scheduled_exit; int scheduled_exit_signal; -#endif /* if P2MP */ /* packet filter */ #ifdef ENABLE_PF diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 51bd56c2b..88721b0da 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -403,7 +403,6 @@ static const char usage_message[] = "--vlan-tagging : Enable 802.1Q-based VLAN tagging.\n" "--vlan-accept tagged|untagged|all : Set VLAN tagging mode. Default is 'all'.\n" "--vlan-pvid v : Sets the Port VLAN Identifier. Defaults to 1.\n" -#if P2MP "\n" "Multi-Client Server options (when --mode server is used):\n" "--server network netmask : Helper option to easily configure server mode.\n" @@ -508,7 +507,6 @@ static const char usage_message[] = " waiting for a response before trying the next server.\n" "--allow-recursive-routing : When this option is set, OpenVPN will not drop\n" " incoming tun packets with same destination as host.\n" -#endif /* if P2MP */ "--explicit-exit-notify [n] : On exit/restart, send exit signal to\n" " server/remote. n = # of retries, default=1.\n" "\n" @@ -848,9 +846,7 @@ init_options(struct options *o, const bool init_gc) o->max_routes_per_client = 256; o->stale_routes_check_interval = 0; o->ifconfig_pool_persist_refresh_freq = 600; -#if P2MP o->scheduled_exit_interval = 5; -#endif o->ncp_enabled = true; o->ncp_ciphers = "AES-256-GCM:AES-128-GCM"; o->authname = "SHA1"; @@ -1293,8 +1289,6 @@ print_vlan_accept(enum vlan_acceptable_frames mode) return NULL; } -#if P2MP - #ifndef ENABLE_SMALL static void @@ -1422,7 +1416,6 @@ option_iroute_ipv6(struct options *o, ir->next = o->iroutes_ipv6; o->iroutes_ipv6 = ir; } -#endif /* P2MP */ #ifndef ENABLE_SMALL static void @@ -1616,9 +1609,7 @@ show_settings(const struct options *o) SHOW_INT(ifconfig_ipv6_netbits); SHOW_STR(ifconfig_ipv6_remote); -#ifdef ENABLE_FEATURE_SHAPER SHOW_INT(shaper); -#endif SHOW_INT(mtu_test); SHOW_BOOL(mlock); @@ -1844,9 +1835,7 @@ show_settings(const struct options *o) SHOW_BOOL(pkcs11_id_management); #endif /* ENABLE_PKCS11 */ -#if P2MP show_p2mp_parms(o); -#endif #ifdef _WIN32 SHOW_BOOL(show_net_up); @@ -2106,9 +2095,7 @@ options_postprocess_verify_ce(const struct options *options, } /* will we be pulling options from server? */ -#if P2MP pull = options->pull; -#endif /* * Sanity check on --local, --remote, and --ifconfig @@ -2743,10 +2730,13 @@ options_postprocess_verify_ce(const struct options *options, if (sum == 0) { -#if P2MP if (!options->auth_user_pass_file) -#endif - msg(M_USAGE, "No client-side authentication method is specified. You must use either --cert/--key, --pkcs12, or --auth-user-pass"); + { + msg(M_USAGE, "No client-side authentication method is " + "specified. You must use either " + "--cert/--key, --pkcs12, or " + "--auth-user-pass"); + } } else if (sum == 2) { @@ -2834,12 +2824,10 @@ options_postprocess_verify_ce(const struct options *options, } #undef MUST_BE_UNDEF -#if P2MP if (options->auth_user_pass_file && !options->pull) { msg(M_USAGE, "--auth-user-pass requires --pull"); } -#endif uninit_options(&defaults); } @@ -2857,7 +2845,6 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) } } -#if P2MP if (o->client) { if (ce->proto == PROTO_TCP) @@ -2865,7 +2852,6 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce) ce->proto = PROTO_TCP_CLIENT; } } -#endif if (ce->proto == PROTO_TCP_CLIENT && !ce->local && !ce->local_port_defined && !ce->bind_defined) @@ -3131,6 +3117,7 @@ options_postprocess_cipher(struct options *o) } } + static void options_postprocess_mutate(struct options *o) { @@ -3218,12 +3205,10 @@ options_postprocess_mutate(struct options *o) o->verify_hash_no_ca = true; } -#if P2MP /* * Save certain parms before modifying options via --pull */ pre_pull_save(o); -#endif } /* @@ -3530,12 +3515,9 @@ options_postprocess_filechecks(struct options *options) options->management_user_pass, R_OK, "--management user/password file"); #endif /* ENABLE_MANAGEMENT */ -#if P2MP errs |= check_file_access(CHKACC_FILE|CHKACC_ACPTSTDIN|CHKACC_PRIVATE, options->auth_user_pass_file, R_OK, "--auth-user-pass"); -#endif /* P2MP */ - /* ** System related ** */ errs |= check_file_access(CHKACC_FILE, options->chroot_dir, R_OK|X_OK, "--chroot directory"); @@ -3576,8 +3558,6 @@ options_postprocess(struct options *options) #endif /* !ENABLE_SMALL */ } -#if P2MP - /* * Save/Restore certain option defaults before --pull is applied. */ @@ -3678,7 +3658,6 @@ pre_pull_restore(struct options *o, struct gc_arena *gc) o->data_channel_use_ekm = false; } -#endif /* if P2MP */ /** * Calculate the link-mtu to advertise to our peer. The actual value is not * relevant, because we will possibly perform data channel cipher negotiation @@ -4272,8 +4251,6 @@ print_topology(const int topology) } } -#if P2MP - /* * Manage auth-retry variable */ @@ -4328,8 +4305,6 @@ auth_retry_print(void) } } -#endif /* if P2MP */ - /* * Print the help message. */ @@ -5064,8 +5039,6 @@ options_string_import(struct options *options, read_config_string("[CONFIG-STRING]", options, config, msglevel, permission_mask, option_types_found, es); } -#if P2MP - #define VERIFY_PERMISSION(mask) { \ if (!verify_permission(p[0], file, line, (mask), permission_mask, \ option_types_found, msglevel, options, is_inline)) \ @@ -5127,12 +5100,6 @@ verify_permission(const char *name, return true; } -#else /* if P2MP */ - -#define VERIFY_PERMISSION(mask) - -#endif /* if P2MP */ - /* * Check that an option doesn't have too * many parameters. @@ -6137,7 +6104,6 @@ add_option(struct options *options, } else if (streq(p[0], "shaper") && p[1] && !p[2]) { -#ifdef ENABLE_FEATURE_SHAPER int shaper; VERIFY_PERMISSION(OPT_P_SHAPER); @@ -6149,11 +6115,6 @@ add_option(struct options *options, goto err; } options->shaper = shaper; -#else /* ENABLE_FEATURE_SHAPER */ - VERIFY_PERMISSION(OPT_P_GENERAL); - msg(msglevel, "--shaper requires the gettimeofday() function which is missing"); - goto err; -#endif /* ENABLE_FEATURE_SHAPER */ } else if (streq(p[0], "port") && p[1] && !p[2]) { @@ -6731,7 +6692,6 @@ add_option(struct options *options, VERIFY_PERMISSION(OPT_P_GENERAL); options->occ = false; } -#if P2MP else if (streq(p[0], "server") && p[1] && p[2] && !p[4]) { const int lev = M_WARN; @@ -7321,7 +7281,6 @@ add_option(struct options *options, } } #endif -#endif /* if P2MP */ else if (streq(p[0], "msg-channel") && p[1]) { #ifdef _WIN32 diff --git a/src/openvpn/options.h b/src/openvpn/options.h index f3208c719..85ebd2aed 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -58,8 +58,6 @@ extern const char title_string[]; -#if P2MP - /* certain options are saved before --pull modifications are applied */ struct options_pre_pull { @@ -86,7 +84,6 @@ struct options_pre_pull int foreign_option_index; }; -#endif #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS) #error "At least one of OpenSSL or mbed TLS needs to be defined." #endif @@ -272,9 +269,7 @@ struct options const char *ifconfig_ipv6_remote; bool ifconfig_noexec; bool ifconfig_nowarn; -#ifdef ENABLE_FEATURE_SHAPER int shaper; -#endif int proto_force; @@ -410,10 +405,6 @@ struct options struct plugin_option_list *plugin_list; #endif - - -#if P2MP - /* the tmp dir is for now only used in the P2P server context */ const char *tmp_dir; bool server_defined; @@ -509,8 +500,6 @@ struct options #ifdef ENABLE_MANAGEMENT struct static_challenge_info sc_info; #endif -#endif /* if P2MP */ - /* Cipher parms */ const char *shared_secret_file; bool shared_secret_file_inline; @@ -706,10 +695,8 @@ struct options #define OPT_P_DEFAULT (~(OPT_P_INSTANCE|OPT_P_PULL_MODE)) -#if P2MP #define PULL_DEFINED(opt) ((opt)->pull) #define PUSH_DEFINED(opt) ((opt)->push_list) -#endif #ifndef PULL_DEFINED #define PULL_DEFINED(opt) (false) @@ -725,11 +712,8 @@ struct options #define ROUTE_OPTION_FLAGS(o) (0) #endif -#ifdef ENABLE_FEATURE_SHAPER + #define SHAPER_DEFINED(opt) ((opt)->shaper) -#else -#define SHAPER_DEFINED(opt) (false) -#endif #ifdef ENABLE_PLUGIN #define PLUGIN_OPTION_LIST(opt) ((opt)->plugin_list) @@ -848,8 +832,6 @@ const char *print_topology(const int topology); * Manage auth-retry variable */ -#if P2MP - #define AR_NONE 0 #define AR_INTERACT 1 #define AR_NOINTERACT 2 @@ -860,8 +842,6 @@ bool auth_retry_set(const int msglevel, const char *option); const char *auth_retry_print(void); -#endif - void options_string_import(struct options *options, const char *config, const int msglevel, @@ -869,4 +849,31 @@ void options_string_import(struct options *options, unsigned int *option_types_found, struct env_set *es); +/** + * Returns whether the current configuration has dco enabled. + */ +#ifdef ENABLE_LINUXDCO +static inline bool +dco_enabled(struct options *o) { return !o->tuntap_options.disable_dco; } + +/** + * Checks wether the optiosn struct has any option that is not supported by + * our current dco implementation. If so it prints a warning at warning level + * for the first conflicting option found and returns false + * @param msglevel the msg level to use to print the warnings + * @param o the optiions struct that hold the options + * @return true if a conflict with dco is detected. + */ +bool +check_option_conflict_dco(int msglevel, struct options *o) +#else +/* Dummy functions to avoid ifdefs in the other code */ + +static inline bool +dco_enabled(struct options *o) { return false; } + +static inline bool +check_option_conflict_dco(int msglevel, struct options *o) { return false; } +#endif + #endif /* ifndef OPTIONS_H */ diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 640168a97..a3ca3e59d 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -35,8 +35,6 @@ time_t now = 0; /* GLOBAL */ -#if TIME_BACKTRACK_PROTECTION - static time_t now_adj = 0; /* GLOBAL */ time_t now_usec = 0; /* GLOBAL */ @@ -79,8 +77,6 @@ update_now_usec(struct timeval *tv) } } -#endif /* TIME_BACKTRACK_PROTECTION */ - /* * Return a numerical string describing a struct timeval. */ diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c index ece0784ff..4a300abbc 100644 --- a/src/openvpn/pool.c +++ b/src/openvpn/pool.c @@ -37,8 +37,6 @@ #include "memdbg.h" -#if P2MP - static void ifconfig_pool_entry_free(struct ifconfig_pool_entry *ipe, bool hard) { @@ -835,5 +833,3 @@ ifconfig_pool_test(in_addr_t start, in_addr_t end) } #endif /* ifdef IFCONFIG_POOL_TEST */ - -#endif /* if P2MP */ diff --git a/src/openvpn/pool.h b/src/openvpn/pool.h index b06424c95..0e3055969 100644 --- a/src/openvpn/pool.h +++ b/src/openvpn/pool.h @@ -24,8 +24,6 @@ #ifndef POOL_H #define POOL_H -#if P2MP - /*#define IFCONFIG_POOL_TEST*/ #include "basic.h" @@ -102,5 +100,4 @@ void ifconfig_pool_test(in_addr_t start, in_addr_t end); #endif -#endif /* if P2MP */ #endif /* ifndef POOL_H */ diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 18d7c1e00..47a67e503 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -39,8 +39,6 @@ #include "memdbg.h" #include "ssl_util.h" -#if P2MP - static char push_reply_cmd[] = "PUSH_REPLY"; /* @@ -1053,4 +1051,3 @@ remove_iroutes_from_push_route_list(struct options *o) gc_free(&gc); } } -#endif /* if P2MP */ diff --git a/src/openvpn/push.h b/src/openvpn/push.h index bb787a62a..b6388fcd7 100644 --- a/src/openvpn/push.h +++ b/src/openvpn/push.h @@ -24,8 +24,6 @@ #ifndef PUSH_H #define PUSH_H -#if P2MP - #include "forward.h" #define PUSH_MSG_ERROR 0 @@ -100,5 +98,4 @@ void send_push_reply_auth_token(struct tls_multi *multi); void receive_auth_pending(struct context *c, const struct buffer *buffer); -#endif /* if P2MP */ #endif /* ifndef PUSH_H */ diff --git a/src/openvpn/pushlist.h b/src/openvpn/pushlist.h index 967eda22a..6e682684d 100644 --- a/src/openvpn/pushlist.h +++ b/src/openvpn/pushlist.h @@ -21,7 +21,7 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#if !defined(PUSHLIST_H) && P2MP +#if !defined(PUSHLIST_H) #define PUSHLIST_H /* parameters to be pushed to peer */ @@ -37,4 +37,4 @@ struct push_list { struct push_entry *tail; }; -#endif /* if !defined(PUSHLIST_H) && P2MP */ +#endif /* if !defined(PUSHLIST_H) */ diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 7dd960914..935e14713 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -230,7 +230,6 @@ struct route_ipv6_list { struct gc_arena gc; }; -#if P2MP /* internal OpenVPN route */ struct iroute { in_addr_t network; @@ -243,7 +242,6 @@ struct iroute_ipv6 { unsigned int netbits; struct iroute_ipv6 *next; }; -#endif struct route_option_list *new_route_option_list(struct gc_arena *a); diff --git a/src/openvpn/shaper.c b/src/openvpn/shaper.c index 57a242416..d29b3b3ae 100644 --- a/src/openvpn/shaper.c +++ b/src/openvpn/shaper.c @@ -31,8 +31,6 @@ #include "shaper.h" #include "memdbg.h" -#ifdef ENABLE_FEATURE_SHAPER - /* * We want to wake up in delay microseconds. If timeval is larger * than delay, set timeval to delay. @@ -93,5 +91,4 @@ shaper_msg(struct shaper *s) { msg(M_INFO, "Output Traffic Shaping initialized at %d bytes per second", s->bytes_per_second); -} -#endif /* ENABLE_FEATURE_SHAPER */ +} \ No newline at end of file diff --git a/src/openvpn/shaper.h b/src/openvpn/shaper.h index bcdb5e365..d9b9daf57 100644 --- a/src/openvpn/shaper.h +++ b/src/openvpn/shaper.h @@ -26,8 +26,6 @@ /*#define SHAPER_DEBUG*/ -#ifdef ENABLE_FEATURE_SHAPER - #include "basic.h" #include "integer.h" #include "misc.h" @@ -173,6 +171,4 @@ shaper_change_pct(struct shaper *s, int pct) } #endif -#endif /* ENABLE_FEATURE_SHAPER */ - #endif /* ifndef SHAPER_H */ diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index cf9714593..de4fbbf94 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -405,13 +405,6 @@ typedef int MIB_TCP_STATE; #define PASSTOS_CAPABILITY 0 #endif -/* - * Do we have nanoseconds gettimeofday? - */ -#if defined(HAVE_GETTIMEOFDAY) || defined(_WIN32) -#define HAVE_GETTIMEOFDAY_NANOSECONDS 1 -#endif - /* * Do we have the capability to report extended socket errors? */ @@ -509,16 +502,6 @@ socket_defined(const socket_descriptor_t sd) #define ENABLE_FEATURE_EXECVE #endif -/* - * Do we have point-to-multipoint capability? - */ - -#if defined(HAVE_GETTIMEOFDAY_NANOSECONDS) -#define P2MP 1 -#else -#define P2MP 0 -#endif - /* * HTTPS port sharing capability */ @@ -596,21 +579,6 @@ socket_defined(const socket_descriptor_t sd) #define EPOLL 0 #endif -/* - * Reduce sensitivity to system clock instability - * and backtracks. - */ -#if defined(HAVE_GETTIMEOFDAY_NANOSECONDS) -#define TIME_BACKTRACK_PROTECTION 1 -#endif - -/* - * Enable traffic shaper. - */ -#if defined(HAVE_GETTIMEOFDAY_NANOSECONDS) -#define ENABLE_FEATURE_SHAPER 1 -#endif - /* * Is non-blocking connect() supported? */