openvpn/dns_8c_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2022-2025 OpenVPN Inc <sales@openvpn.net>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, see <https://www.gnu.org/licenses/>.

 */


#ifdef HAVE_CONFIG_H

#include "config.h"

#endif


#include "syshead.h"


#include "dns.h"

#include "socket_util.h"

#include "options.h"

#include "run_command.h"

#include "domain_helper.h"


#ifdef _WIN32

#include "win32.h"

#include "openvpn-msg.h"

#endif


static bool


dns_server_port_parse(in_port_t *port, char *port_str)

{

    char *endptr;

    errno = 0;

    unsigned long tmp = strtoul(port_str, &endptr, 10);

    if (errno || *endptr != '\0' || tmp == 0 || tmp > UINT16_MAX)

    {

        return false;

    }

    *port = (in_port_t)tmp;

    return true;

}


bool


dns_server_addr_parse(struct dns_server *server, const char *addr)

{

    if (!addr)

    {

        return false;

    }


    char addrcopy[INET6_ADDRSTRLEN] = { 0 };

    size_t copylen = 0;

    in_port_t port = 0;

    sa_family_t af;


    char *first_colon = strchr(addr, ':');

    char *last_colon = strrchr(addr, ':');


    if (!first_colon || first_colon == last_colon)

    {

        /* IPv4 address with optional port, e.g. 1.2.3.4 or 1.2.3.4:853 */

        if (last_colon)

        {

            if (last_colon == addr || !dns_server_port_parse(&port, last_colon + 1))

            {

                return false;

            }

            copylen = first_colon - addr;

        }

        af = AF_INET;

    }

    else

    {

        /* IPv6 address with optional port, e.g. ab::cd or [ab::cd]:853 */

        if (addr[0] == '[')

        {

            addr += 1;

            char *bracket = last_colon - 1;

            if (*bracket != ']' || bracket == addr || !dns_server_port_parse(&port, last_colon + 1))

            {

                return false;

            }

            copylen = bracket - addr;

        }

        af = AF_INET6;

    }


    /* Copy the address part into a temporary buffer and use that */

    if (copylen)

    {

        if (copylen >= sizeof(addrcopy))

        {

            return false;

        }

        strncpy(addrcopy, addr, copylen);

        addr = addrcopy;

    }


    struct addrinfo *ai = NULL;

    if (openvpn_getaddrinfo(0, addr, NULL, 0, NULL, af, &ai) != 0)

    {

        return false;

    }


    if (server->addr_count >= SIZE(server->addr))

    {

        return false;

    }


    if (ai->ai_family == AF_INET)

    {

        struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr;

        server->addr[server->addr_count].in.a4.s_addr = sin->sin_addr.s_addr;

    }

    else

    {

        struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ai->ai_addr;

        server->addr[server->addr_count].in.a6 = sin6->sin6_addr;

    }


    server->addr[server->addr_count].family = af;

    server->addr[server->addr_count].port = port;

    server->addr_count += 1;


    freeaddrinfo(ai);

    return true;

}


bool


dns_domain_list_append(struct dns_domain **entry, char **domains, struct gc_arena *gc)

{

    /* Fast forward to the end of the list */

    while (*entry)

    {

        entry = &((*entry)->next);

    }


    /* Append all domains to the end of the list */

    while (*domains)

    {

        char *domain = *domains++;

        if (!validate_domain(domain))

        {

            return false;

        }


        ALLOC_OBJ_CLEAR_GC(*entry, struct dns_domain, gc);

        struct dns_domain *new = *entry;

        new->name = domain;

        entry = &new->next;

    }


    return true;

}


bool


dns_server_priority_parse(long *priority, const char *str, bool pulled)

{

    char *endptr;

    const long min = pulled ? 0 : INT8_MIN;

    const long max = INT8_MAX;

    long prio = strtol(str, &endptr, 10);

    if (*endptr != '\0' || prio < min || prio > max)

    {

        return false;

    }

    *priority = prio;

    return true;

}


struct dns_server *


dns_server_get(struct dns_server **entry, long priority, struct gc_arena *gc)

{

    struct dns_server *obj = *entry;

    while (true)

    {

        if (!obj || obj->priority > priority)

        {

            ALLOC_OBJ_CLEAR_GC(*entry, struct dns_server, gc);

            (*entry)->next = obj;

            (*entry)->priority = priority;

            return *entry;

        }

        else if (obj->priority == priority)

        {

            return obj;

        }

        entry = &obj->next;

        obj = *entry;

    }

}


bool


dns_options_verify(msglvl_t msglevel, const struct dns_options *o)

{

    const struct dns_server *server = o->servers ? o->servers : o->servers_prepull;

    while (server)

    {

        if (server->addr_count == 0)

        {

            msg(msglevel, "ERROR: dns server %ld does not have an address assigned",

                server->priority);

            return false;

        }

        server = server->next;

    }

    return true;

}


static struct dns_domain *


clone_dns_domains(const struct dns_domain *domain, struct gc_arena *gc)

{

    struct dns_domain *new_list = NULL;

    struct dns_domain **new_entry = &new_list;


    while (domain)

    {

        ALLOC_OBJ_CLEAR_GC(*new_entry, struct dns_domain, gc);

        struct dns_domain *new_domain = *new_entry;

        *new_domain = *domain;

        new_entry = &new_domain->next;

        domain = domain->next;

    }


    return new_list;

}


static struct dns_server *


clone_dns_servers(const struct dns_server *server, struct gc_arena *gc)

{

    struct dns_server *new_list = NULL;

    struct dns_server **new_entry = &new_list;


    while (server)

    {

        ALLOC_OBJ_CLEAR_GC(*new_entry, struct dns_server, gc);

        struct dns_server *new_server = *new_entry;

        *new_server = *server;

        new_server->domains = clone_dns_domains(server->domains, gc);

        new_entry = &new_server->next;

        server = server->next;

    }


    return new_list;

}


struct dns_options


clone_dns_options(const struct dns_options *o, struct gc_arena *gc)

{

    struct dns_options clone;


    memset(&clone, 0, sizeof(clone));

    clone.search_domains = clone_dns_domains(o->search_domains, gc);

    clone.servers = clone_dns_servers(o->servers, gc);

    clone.servers_prepull = clone_dns_servers(o->servers_prepull, gc);

    clone.updown = o->updown;

    clone.updown_flags = o->updown_flags;

    clone.from_dhcp = o->from_dhcp;


    return clone;

}


void


dns_options_preprocess_pull(struct dns_options *o)

{

    o->servers_prepull = o->servers;

    o->servers = NULL;

}


void


dns_options_postprocess_pull(struct dns_options *o)

{

    struct dns_server **entry = &o->servers;

    struct dns_server *server = *entry;

    struct dns_server *server_pp = o->servers_prepull;


    while (server && server_pp)

    {

        if (server->priority > server_pp->priority)

        {

            /* Merge static server in front of pulled one */

            struct dns_server *next_pp = server_pp->next;

            server_pp->next = server;

            *entry = server_pp;

            server = *entry;

            server_pp = next_pp;

        }

        else if (server->priority == server_pp->priority)

        {

            /* Pulled server overrides static one */

            server_pp = server_pp->next;

        }

        entry = &server->next;

        server = *entry;

    }


    /* Append remaining local servers */

    if (server_pp)

    {

        *entry = server_pp;

    }


    o->servers_prepull = NULL;

}


static const char *


dnssec_value(const enum dns_security dnssec)

{

    switch (dnssec)

    {

        case DNS_SECURITY_YES:

            return "yes";


        case DNS_SECURITY_OPTIONAL:

            return "optional";


        case DNS_SECURITY_NO:

            return "no";


        default:

            return "unset";

    }

}


static const char *


transport_value(const enum dns_server_transport transport)

{

    switch (transport)

    {

        case DNS_TRANSPORT_HTTPS:

            return "DoH";


        case DNS_TRANSPORT_TLS:

            return "DoT";


        case DNS_TRANSPORT_PLAIN:

            return "plain";


        default:

            return "unset";

    }

}


#ifdef _WIN32


static void


make_domain_list(const char *what, const struct dns_domain *src, bool nrpt_domains, char *dst,

                 size_t dst_size)

{

    /* NRPT domains need two \0 at the end for REG_MULTI_SZ

     * and a leading '.' added in front of the domain name */

    size_t term_size = nrpt_domains ? 2 : 1;

    size_t leading_dot = nrpt_domains ? 1 : 0;

    size_t offset = 0;


    memset(dst, 0, dst_size);


    while (src)

    {

        size_t len = strlen(src->name);

        if (offset + leading_dot + len + term_size > dst_size)

        {

            msg(M_WARN, "WARNING: %s truncated", what);

            if (offset)

            {

                /* Remove trailing comma */

                *(dst + offset - 1) = '\0';

            }

            break;

        }


        if (leading_dot)

        {

            *(dst + offset++) = '.';

        }

        strncpy(dst + offset, src->name, len);

        offset += len;


        src = src->next;

        if (src)

        {

            *(dst + offset++) = ',';

        }

    }

}


static void


run_up_down_service(bool add, const struct options *o, const struct tuntap *tt)

{

    const struct dns_server *server = o->dns_options.servers;

    const struct dns_domain *search_domains = o->dns_options.search_domains;


    while (true)

    {

        if (!server)

        {

            if (add)

            {

                msg(M_WARN, "WARNING: setting DNS failed, no compatible server profile");

            }

            return;

        }


        bool only_standard_server_ports = true;

        for (size_t i = 0; i < NRPT_ADDR_NUM; ++i)

        {

            if (server->addr[i].port && server->addr[i].port != 53)

            {

                only_standard_server_ports = false;

                break;

            }

        }

        if ((server->transport == DNS_TRANSPORT_UNSET || server->transport == DNS_TRANSPORT_PLAIN)

            && only_standard_server_ports)

        {

            break; /* found compatible server */

        }


        server = server->next;

    }


    ack_message_t ack;

    nrpt_dns_cfg_message_t nrpt = {

        .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t),

                    0 },

        .iface = { .index = tt->adapter_index, .name = "" },

        .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec,

    };

    strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name));


    for (size_t i = 0; i < NRPT_ADDR_NUM; ++i)

    {

        if (server->addr[i].family == AF_UNSPEC)

        {

            /* No more addresses */

            break;

        }


        if (inet_ntop(server->addr[i].family, &server->addr[i].in, nrpt.addresses[i],

                      NRPT_ADDR_SIZE)

            == NULL)

        {

            msg(M_WARN, "WARNING: could not convert dns server address");

        }

    }


    make_domain_list("dns server resolve domains", server->domains, true, nrpt.resolve_domains,

                     sizeof(nrpt.resolve_domains));


    make_domain_list("dns search domains", search_domains, false, nrpt.search_domains,

                     sizeof(nrpt.search_domains));


    msg(D_LOW, "%s NRPT DNS%s%s on '%s' (if_index = %d) using service",

        (add ? "Setting" : "Deleting"), nrpt.resolve_domains[0] != 0 ? ", resolve domains" : "",

        nrpt.search_domains[0] != 0 ? ", search domains" : "", nrpt.iface.name, nrpt.iface.index);


    send_msg_iservice(o->msg_channel, &nrpt, sizeof(nrpt), &ack, "DNS");

}


#else  /* ifdef _WIN32 */


static void

setenv_dns_option(struct env_set *es, const char *format, int i, int j, const char *value)

{

    char name[64];

    bool name_ok = false;


    if (j < 0)

    {

        const int ret = snprintf(name, sizeof(name), format, i);

        name_ok = (ret > 0 && ret < sizeof(name));

    }

    else

    {

        const int ret = snprintf(name, sizeof(name), format, i, j);

        name_ok = (ret > 0 && ret < sizeof(name));

    }


    if (!name_ok)

    {

        msg(M_WARN, "WARNING: dns option setenv name buffer overflow");

    }


    setenv_str(es, name, value);

}


static void

setenv_dns_options(const struct dns_options *o, struct env_set *es)

{

    struct gc_arena gc = gc_new();

    const struct dns_server *s;

    const struct dns_domain *d;

    int i, j;


    for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next)

    {

        setenv_dns_option(es, "dns_search_domain_%d", i, -1, d->name);

    }


    for (i = 1, s = o->servers; s != NULL; i++, s = s->next)

    {

        for (j = 0; j < s->addr_count; ++j)

        {

            if (s->addr[j].family == AF_INET)

            {

                setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1,

                                  print_in_addr_t(s->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc));

            }

            else

            {

                setenv_dns_option(es, "dns_server_%d_address_%d", i, j + 1,

                                  print_in6_addr(s->addr[j].in.a6, 0, &gc));

            }

            if (s->addr[j].port)

            {

                setenv_dns_option(es, "dns_server_%d_port_%d", i, j + 1,

                                  print_in_port_t(s->addr[j].port, &gc));

            }

        }


        if (s->domains)

        {

            for (j = 1, d = s->domains; d != NULL; j++, d = d->next)

            {

                setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j, d->name);

            }

        }


        if (s->dnssec)

        {

            setenv_dns_option(es, "dns_server_%d_dnssec", i, -1, dnssec_value(s->dnssec));

        }


        if (s->transport)

        {

            setenv_dns_option(es, "dns_server_%d_transport", i, -1, transport_value(s->transport));

        }

        if (s->sni)

        {

            setenv_dns_option(es, "dns_server_%d_sni", i, -1, s->sni);

        }

    }


    gc_free(&gc);

}


static void

updown_env_set(bool up, const struct dns_options *o, const struct tuntap *tt, struct env_set *es)

{

    setenv_str(es, "dev", tt->actual_name);

    setenv_str(es, "script_type", up ? "dns-up" : "dns-down");

    setenv_dns_options(o, es);

}


static int

do_run_up_down_command(bool up, const char *vars_file, const struct dns_options *o,

                       const struct tuntap *tt)

{

    struct gc_arena gc = gc_new();

    struct argv argv = argv_new();

    struct env_set *es = env_set_create(&gc);


    if (vars_file)

    {

        setenv_str(es, "dns_vars_file", vars_file);

    }

    else

    {

        updown_env_set(up, o, tt, es);

    }


    argv_printf(&argv, "%s", o->updown);

    argv_msg(M_INFO, &argv);

    int res;

    if (dns_updown_user_set(o))

    {

        res = openvpn_run_script(&argv, es, S_EXITCODE, "dns updown");

    }

    else

    {

        res = openvpn_execve_check(&argv, es, S_EXITCODE, "WARNING: Failed running dns updown");

    }

    argv_free(&argv);

    gc_free(&gc);

    return res;

}


static bool

run_updown_runner(bool up, struct options *o, const struct tuntap *tt,

                  struct dns_updown_runner_info *updown_runner)

{

    int dns_pipe_fd[2];

    int ack_pipe_fd[2];

    if (pipe(dns_pipe_fd) != 0 || pipe(ack_pipe_fd) != 0)

    {

        msg(M_ERR | M_ERRNO, "run_dns_up_down: unable to create pipes");

        return false;

    }

    updown_runner->pid = fork();

    if (updown_runner->pid == -1)

    {

        msg(M_ERR | M_ERRNO, "run_dns_up_down: unable to fork");

        close(dns_pipe_fd[0]);

        close(dns_pipe_fd[1]);

        close(ack_pipe_fd[0]);

        close(ack_pipe_fd[1]);

        return false;

    }

    else if (updown_runner->pid > 0)

    {

        /* Parent process */

        close(dns_pipe_fd[0]);

        close(ack_pipe_fd[1]);

        updown_runner->fds[0] = ack_pipe_fd[0];

        updown_runner->fds[1] = dns_pipe_fd[1];

    }

    else

    {

        /* Script runner process, close unused FDs */

        for (int fd = 3; fd < 100; ++fd)

        {

            if (fd != dns_pipe_fd[0] && fd != ack_pipe_fd[1])

            {

                close(fd);

            }

        }


        /* Ignore signals */

        signal(SIGINT, SIG_IGN);

        signal(SIGHUP, SIG_IGN);

        signal(SIGTERM, SIG_IGN);

        signal(SIGUSR1, SIG_IGN);

        signal(SIGUSR2, SIG_IGN);

        signal(SIGPIPE, SIG_IGN);


        while (1)

        {

            char path[PATH_MAX];


            /* Block here until parent sends a path */

            ssize_t rlen = read(dns_pipe_fd[0], &path, sizeof(path));

            if (rlen < 1)

            {

                if (rlen == -1 && errno == EINTR)

                {

                    continue;

                }

                close(dns_pipe_fd[0]);

                close(ack_pipe_fd[1]);

                exit(0);

            }


            path[sizeof(path) - 1] = '\0';

            int res = do_run_up_down_command(up, path, &o->dns_options, tt);

            platform_unlink(path);


            /* Unblock parent process */

            while (1)

            {

                ssize_t wlen = write(ack_pipe_fd[1], &res, sizeof(res));

                if ((wlen == -1 && errno != EINTR) || wlen < (ssize_t)sizeof(res))

                {

                    /* Not much we can do about errors but exit */

                    close(dns_pipe_fd[0]);

                    close(ack_pipe_fd[1]);

                    exit(0);

                }

                else if (wlen == sizeof(res))

                {

                    break;

                }

            }


            up = !up; /* do the opposite next time */

        }

    }


    return true;

}


static void

run_up_down_command(bool up, struct options *o, const struct tuntap *tt,

                    struct dns_updown_runner_info *updown_runner)

{

    struct dns_options *dns = &o->dns_options;

    if (!dns->updown || (o->up_script && !dns_updown_user_set(dns) && !dns_updown_forced(dns)))

    {

        return;

    }


    int status = -1;


    if (!updown_runner->required)

    {

        /* Run dns updown directly */

        status = do_run_up_down_command(up, NULL, dns, tt);

    }

    else

    {

        if (updown_runner->pid < 1)

        {

            /* Need to set up privilege preserving child first */

            if (!run_updown_runner(up, o, tt, updown_runner))

            {

                return;

            }

        }


        struct gc_arena gc = gc_new();

        const char *dvf = platform_create_temp_file(o->tmp_dir, "dvf", &gc);

        if (!dvf)

        {

            msg(M_ERR, "could not create dns vars file");

            goto out_free;

        }


        struct env_set *es = env_set_create(&gc);

        updown_env_set(up, &o->dns_options, tt, es);

        env_set_write_file(dvf, es);


        int wfd = updown_runner->fds[1];

        ssize_t dvf_size = strlen(dvf) + 1;

        while (1)

        {

            ssize_t len = write(wfd, dvf, dvf_size);

            if (len < dvf_size)

            {

                if (len == -1 && errno == EINTR)

                {

                    continue;

                }

                msg(M_ERR | M_ERRNO, "could not send dns vars filename");

            }

            break;

        }


        int rfd = updown_runner->fds[0];

        while (1)

        {

            ssize_t len = read(rfd, &status, sizeof(status));

            if (len < (ssize_t)sizeof(status))

            {

                if (len == -1 && errno == EINTR)

                {

                    continue;

                }

                msg(M_ERR | M_ERRNO, "could not receive dns updown status");

            }

            break;

        }


out_free:

        gc_free(&gc);

    }


    msg(M_INFO, "dns %s command exited with status %d", up ? "up" : "down", status);

}


#endif /* _WIN32 */


void


show_dns_options(const struct dns_options *o)

{

    struct gc_arena gc = gc_new();


    int i = 1;

    struct dns_server *server = o->servers_prepull ? o->servers_prepull : o->servers;

    while (server)

    {

        msg(D_SHOW_PARMS, "  DNS server #%d:", i++);


        for (int j = 0; j < server->addr_count; ++j)

        {

            const char *addr;

            const char *fmt_port;

            if (server->addr[j].family == AF_INET)

            {

                addr = print_in_addr_t(server->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc);

                fmt_port = "    address = %s:%s";

            }

            else

            {

                addr = print_in6_addr(server->addr[j].in.a6, 0, &gc);

                fmt_port = "    address = [%s]:%s";

            }


            if (server->addr[j].port)

            {

                const char *port = print_in_port_t(server->addr[j].port, &gc);

                msg(D_SHOW_PARMS, fmt_port, addr, port);

            }

            else

            {

                msg(D_SHOW_PARMS, "    address = %s", addr);

            }

        }


        if (server->dnssec)

        {

            msg(D_SHOW_PARMS, "    dnssec = %s", dnssec_value(server->dnssec));

        }


        if (server->transport)

        {

            msg(D_SHOW_PARMS, "    transport = %s", transport_value(server->transport));

        }

        if (server->sni)

        {

            msg(D_SHOW_PARMS, "    sni = %s", server->sni);

        }


        struct dns_domain *domain = server->domains;

        if (domain)

        {

            msg(D_SHOW_PARMS, "    resolve domains:");

            while (domain)

            {

                msg(D_SHOW_PARMS, "      %s", domain->name);

                domain = domain->next;

            }

        }


        server = server->next;

    }


    struct dns_domain *search_domain = o->search_domains;

    if (search_domain)

    {

        msg(D_SHOW_PARMS, "  DNS search domains:");

        while (search_domain)

        {

            msg(D_SHOW_PARMS, "    %s", search_domain->name);

            search_domain = search_domain->next;

        }

    }


    gc_free(&gc);

}


void


run_dns_up_down(bool up, struct options *o, const struct tuntap *tt,

                struct dns_updown_runner_info *duri)

{

    if (!o->dns_options.servers)

    {

        return;

    }

#ifdef _WIN32

    /* Don't use iservice in DHCP mode */

    struct tuntap_options *tto = &o->tuntap_options;

    if (tto->ip_win32_type == IPW32_SET_DHCP_MASQ || tto->ip_win32_type == IPW32_SET_ADAPTIVE)

    {

        return;

    }

#endif


    /* Warn about adding servers of unsupported AF */

    const struct dns_server *s = o->dns_options.servers;

    while (up && s)

    {

        size_t bad_count = 0;

        for (size_t i = 0; i < s->addr_count; ++i)

        {

            if ((s->addr[i].family == AF_INET6 && !tt->did_ifconfig_ipv6_setup)

                || (s->addr[i].family == AF_INET && !tt->did_ifconfig_setup))

            {

                ++bad_count;

            }

        }

        if (bad_count == s->addr_count)

        {

            msg(M_WARN,

                "DNS server %ld only has address(es) from a family "

                "the tunnel is not configured for - it will not be reachable",

                s->priority);

        }

        else if (bad_count)

        {

            msg(M_WARN,

                "DNS server %ld has address(es) from a family "

                "the tunnel is not configured for",

                s->priority);

        }

        s = s->next;

    }


#ifdef _WIN32

    run_up_down_service(up, o, tt);

#else

    run_up_down_command(up, o, tt, duri);

#endif /* ifdef _WIN32 */

}


argv_msg
void argv_msg(const msglvl_t msglevel, const struct argv *a)
Write the arguments stored in a struct argv via the msg() command.
Definition argv.c:242

argv_free
void argv_free(struct argv *a)
Frees all memory allocations allocated by the struct argv related functions.
Definition argv.c:101

argv_printf
bool argv_printf(struct argv *argres, const char *format,...)
printf() variant which populates a struct argv.
Definition argv.c:438

argv_new
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
Definition argv.c:87

ALLOC_OBJ_CLEAR_GC
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition buffer.h:1101

strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:361

gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1025

gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1017

dns_options_verify
bool dns_options_verify(msglvl_t msglevel, const struct dns_options *o)
Checks validity of DNS options.
Definition dns.c:212

dnssec_value
static const char * dnssec_value(const enum dns_security dnssec)
Definition dns.c:325

run_dns_up_down
void run_dns_up_down(bool up, struct options *o, const struct tuntap *tt, struct dns_updown_runner_info *duri)
Invokes the action associated with bringing DNS up or down.
Definition dns.c:859

dns_options_postprocess_pull
void dns_options_postprocess_pull(struct dns_options *o)
Merges pulled DNS servers with static ones into an ordered list.
Definition dns.c:289

dns_server_addr_parse
bool dns_server_addr_parse(struct dns_server *server, const char *addr)
Parses a string IPv4 or IPv6 address and optional colon separated port, into a in_addr or in6_addr re...
Definition dns.c:62

dns_domain_list_append
bool dns_domain_list_append(struct dns_domain **entry, char **domains, struct gc_arena *gc)
Appends safe DNS domain parameters to a linked list.
Definition dns.c:148

dns_server_get
struct dns_server * dns_server_get(struct dns_server **entry, long priority, struct gc_arena *gc)
Find or create DNS server with priority in a linked list.
Definition dns.c:190

run_up_down_service
static void run_up_down_service(bool add, const struct options *o, const struct tuntap *tt)
Definition dns.c:406

make_domain_list
static void make_domain_list(const char *what, const struct dns_domain *src, bool nrpt_domains, char *dst, size_t dst_size)
Definition dns.c:365

clone_dns_servers
static struct dns_server * clone_dns_servers(const struct dns_server *server, struct gc_arena *gc)
Definition dns.c:247

clone_dns_domains
static struct dns_domain * clone_dns_domains(const struct dns_domain *domain, struct gc_arena *gc)
Definition dns.c:229

transport_value
static const char * transport_value(const enum dns_server_transport transport)
Definition dns.c:344

dns_server_priority_parse
bool dns_server_priority_parse(long *priority, const char *str, bool pulled)
Parses a string DNS server priority and validates it.
Definition dns.c:175

clone_dns_options
struct dns_options clone_dns_options(const struct dns_options *o, struct gc_arena *gc)
Makes a deep copy of the passed DNS options.
Definition dns.c:266

show_dns_options
void show_dns_options(const struct dns_options *o)
Prints configured DNS options.
Definition dns.c:780

dns_server_port_parse
static bool dns_server_port_parse(in_port_t *port, char *port_str)
Parses a string as port and stores it.
Definition dns.c:48

dns_options_preprocess_pull
void dns_options_preprocess_pull(struct dns_options *o)
Saves and resets the server options, so that pulled ones don't mix in.
Definition dns.c:282

dns.h

dns_updown_user_set
static bool dns_updown_user_set(const struct dns_options *o)
Returns whether dns-updown is user defined.
Definition dns.h:218

dns_security
dns_security
Definition dns.h:31

DNS_SECURITY_NO
@ DNS_SECURITY_NO
Definition dns.h:33

DNS_SECURITY_YES
@ DNS_SECURITY_YES
Definition dns.h:34

DNS_SECURITY_OPTIONAL
@ DNS_SECURITY_OPTIONAL
Definition dns.h:35

dns_updown_forced
static bool dns_updown_forced(const struct dns_options *o)
Returns whether dns-updown is forced to run.
Definition dns.h:229

dns_server_transport
dns_server_transport
Definition dns.h:39

DNS_TRANSPORT_PLAIN
@ DNS_TRANSPORT_PLAIN
Definition dns.h:41

DNS_TRANSPORT_UNSET
@ DNS_TRANSPORT_UNSET
Definition dns.h:40

DNS_TRANSPORT_TLS
@ DNS_TRANSPORT_TLS
Definition dns.h:43

DNS_TRANSPORT_HTTPS
@ DNS_TRANSPORT_HTTPS
Definition dns.h:42

domain_helper.h

validate_domain
static bool validate_domain(const char *domain)
Definition domain_helper.h:34

env_set_write_file
void env_set_write_file(const char *path, const struct env_set *es)
Write a struct env_set to a file.
Definition env_set.c:238

setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition env_set.c:307

env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156

D_SHOW_PARMS
#define D_SHOW_PARMS
Definition errlevel.h:95

D_LOW
#define D_LOW
Definition errlevel.h:96

M_INFO
#define M_INFO
Definition errlevel.h:54

status
static SERVICE_STATUS status
Definition interactive.c:51

write
@ write
Definition interactive.c:213

read
@ read
Definition interactive.c:212

openvpn-msg.h

nrpt_dnssec
@ nrpt_dnssec
Definition openvpn-msg.h:112

msg_add_nrpt_cfg
@ msg_add_nrpt_cfg
Definition openvpn-msg.h:38

msg_del_nrpt_cfg
@ msg_del_nrpt_cfg
Definition openvpn-msg.h:39

NRPT_ADDR_SIZE
#define NRPT_ADDR_SIZE
Definition openvpn-msg.h:116

NRPT_ADDR_NUM
#define NRPT_ADDR_NUM
Definition openvpn-msg.h:115

SIZE
#define SIZE(x)
Definition basic.h:29

M_ERR
#define M_ERR
Definition error.h:106

msg
#define msg(flags,...)
Definition error.h:152

msglvl_t
unsigned int msglvl_t
Definition error.h:77

M_WARN
#define M_WARN
Definition error.h:92

M_ERRNO
#define M_ERRNO
Definition error.h:95

options.h

platform_create_temp_file
const char * platform_create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
Create a temporary file in directory, returns the filename of the created file.
Definition platform.c:540

platform_unlink
bool platform_unlink(const char *filename)
Definition platform.c:487

openvpn_execve_check
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition run_command.c:233

run_command.h

S_EXITCODE
#define S_EXITCODE
Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise.
Definition run_command.h:53

openvpn_run_script
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition run_command.h:89

openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537

print_in_port_t
const char * print_in_port_t(in_port_t port, struct gc_arena *gc)
Definition socket_util.c:231

print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:216

print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:196

socket_util.h

IA_NET_ORDER
#define IA_NET_ORDER
Definition socket_util.h:90

ack_message_t
Definition openvpn-msg.h:157

argv
Definition argv.h:35

dns_domain
Definition dns.h:54

dns_domain::next
struct dns_domain * next
Definition dns.h:55

dns_domain::name
const char * name
Definition dns.h:56

dns_options
Definition dns.h:113

dns_options::servers
struct dns_server * servers
Definition dns.h:117

dns_options::updown
const char * updown
Definition dns.h:119

dns_options::from_dhcp
struct dhcp_options from_dhcp
Definition dns.h:114

dns_options::servers_prepull
struct dns_server * servers_prepull
Definition dns.h:116

dns_options::updown_flags
enum dns_updown_flags updown_flags
Definition dns.h:120

dns_options::search_domains
struct dns_domain * search_domains
Definition dns.h:115

dns_server_addr::a4
struct in_addr a4
Definition dns.h:63

dns_server_addr::in
union dns_server_addr::@0 in

dns_server_addr::family
sa_family_t family
Definition dns.h:66

dns_server_addr::a6
struct in6_addr a6
Definition dns.h:64

dns_server_addr::port
in_port_t port
Definition dns.h:67

dns_server
Definition dns.h:71

dns_server::addr
struct dns_server_addr addr[8]
Definition dns.h:75

dns_server::dnssec
enum dns_security dnssec
Definition dns.h:77

dns_server::next
struct dns_server * next
Definition dns.h:72

dns_server::priority
long priority
Definition dns.h:73

dns_server::addr_count
size_t addr_count
Definition dns.h:74

dns_server::domains
struct dns_domain * domains
Definition dns.h:76

dns_server::transport
enum dns_server_transport transport
Definition dns.h:78

dns_server::sni
const char * sni
Definition dns.h:79

dns_updown_runner_info
Definition dns.h:83

dns_updown_runner_info::required
bool required
Definition dns.h:84

dns_updown_runner_info::fds
int fds[2]
Definition dns.h:85

env_set
Definition env_set.h:43

gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116

interface_t::name
char name[256]
Definition openvpn-msg.h:70

interface_t::index
int index
Definition openvpn-msg.h:69

nrpt_dns_cfg_message_t
Definition openvpn-msg.h:119

nrpt_dns_cfg_message_t::search_domains
char search_domains[512]
Definition openvpn-msg.h:124

nrpt_dns_cfg_message_t::resolve_domains
char resolve_domains[512]
Definition openvpn-msg.h:123

nrpt_dns_cfg_message_t::iface
interface_t iface
Definition openvpn-msg.h:121

nrpt_dns_cfg_message_t::header
message_header_t header
Definition openvpn-msg.h:120

nrpt_dns_cfg_message_t::addresses
nrpt_address_t addresses[NRPT_ADDR_NUM]
Definition openvpn-msg.h:122

options
Definition options.h:255

options::tmp_dir
const char * tmp_dir
Definition options.h:465

options::up_script
const char * up_script
Definition options.h:384

options::msg_channel
HANDLE msg_channel
Definition options.h:694

options::tuntap_options
struct tuntap_options tuntap_options
Definition options.h:370

options::dns_options
struct dns_options dns_options
Definition options.h:317

tuntap_options
Definition tun.h:75

tuntap_options::ip_win32_type
int ip_win32_type
Definition tun.h:85

tuntap
Definition tun.h:183

tuntap::adapter_index
DWORD adapter_index
Definition tun.h:234

tuntap::did_ifconfig_ipv6_setup
bool did_ifconfig_ipv6_setup
if the internal variables related to ifconfig-ipv6 of this struct have been set up.
Definition tun.h:201

tuntap::did_ifconfig_setup
bool did_ifconfig_setup
if the internal variables related to ifconfig of this struct have been set up.
Definition tun.h:197

tuntap::actual_name
char * actual_name
Definition tun.h:207

syshead.h

SIGHUP
#define SIGHUP
Definition syshead.h:55

sa_family_t
unsigned short sa_family_t
Definition syshead.h:409

SIGINT
#define SIGINT
Definition syshead.h:56

SIGTERM
#define SIGTERM
Definition syshead.h:59

SIGUSR1
#define SIGUSR1
Definition syshead.h:57

in_port_t
uint16_t in_port_t
Definition syshead.h:53

SIGUSR2
#define SIGUSR2
Definition syshead.h:58

es
struct env_set * es
Definition test_pkcs11.c:138

gc
struct gc_arena gc
Definition test_ssl.c:131

IPW32_SET_ADAPTIVE
#define IPW32_SET_ADAPTIVE
Definition tun.h:83

IPW32_SET_DHCP_MASQ
#define IPW32_SET_DHCP_MASQ
Definition tun.h:82

send_msg_iservice
bool send_msg_iservice(HANDLE pipe, const void *data, DWORD size, ack_message_t *ack, const char *context)
Send the size bytes in buffer data to the interactive service pipe and read the result in ack.
Definition win32.c:1423

win32.h