OpenVPN
dns.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2022-2026 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include "dns.h"
30#include "socket_util.h"
31#include "options.h"
32#include "run_command.h"
33#include "domain_helper.h"
34
35#ifdef _WIN32
36#include "win32.h"
37#include "openvpn-msg.h"
38#endif
39
47static bool
48dns_server_port_parse(in_port_t *port, const char *port_str)
49{
50 char *endptr;
51 errno = 0;
52 unsigned long tmp = strtoul(port_str, &endptr, 10);
53 if (errno || *endptr != '\0' || tmp == 0 || tmp > UINT16_MAX)
54 {
55 return false;
56 }
57 *port = (in_port_t)tmp;
58 return true;
59}
60
61bool
62dns_server_addr_parse(struct dns_server *server, const char *addr)
63{
64 if (!addr)
65 {
66 return false;
67 }
68
69 char addrcopy[INET6_ADDRSTRLEN] = { 0 };
70 size_t copylen = 0;
71 in_port_t port = 0;
72 sa_family_t af;
73
74 const char *first_colon = strchr(addr, ':');
75 const char *last_colon = strrchr(addr, ':');
76
77 if (!first_colon || first_colon == last_colon)
78 {
79 /* IPv4 address with optional port, e.g. 1.2.3.4 or 1.2.3.4:853 */
80 if (last_colon)
81 {
82 if (last_colon == addr || !dns_server_port_parse(&port, last_colon + 1))
83 {
84 return false;
85 }
86 copylen = first_colon - addr;
87 }
88 af = AF_INET;
89 }
90 else
91 {
92 /* IPv6 address with optional port, e.g. ab::cd or [ab::cd]:853 */
93 if (addr[0] == '[')
94 {
95 addr += 1;
96 const char *bracket = last_colon - 1;
97 if (*bracket != ']' || bracket == addr || !dns_server_port_parse(&port, last_colon + 1))
98 {
99 return false;
100 }
101 copylen = bracket - addr;
102 }
103 af = AF_INET6;
104 }
105
106 /* Copy the address part into a temporary buffer and use that */
107 if (copylen)
108 {
109 if (copylen >= sizeof(addrcopy))
110 {
111 return false;
112 }
113 strncpy(addrcopy, addr, copylen);
114 addr = addrcopy;
115 }
116
117 struct addrinfo *ai = NULL;
118 if (openvpn_getaddrinfo(0, addr, NULL, 0, NULL, af, &ai) != 0)
119 {
120 return false;
121 }
122
123 if (server->addr_count >= SIZE(server->addr))
124 {
125 return false;
126 }
127
128 if (ai->ai_family == AF_INET)
129 {
130 struct sockaddr_in *sin = (struct sockaddr_in *)ai->ai_addr;
131 server->addr[server->addr_count].in.a4.s_addr = sin->sin_addr.s_addr;
132 }
133 else
134 {
135 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)ai->ai_addr;
136 server->addr[server->addr_count].in.a6 = sin6->sin6_addr;
137 }
138
139 server->addr[server->addr_count].family = af;
140 server->addr[server->addr_count].port = port;
141 server->addr_count += 1;
142
143 freeaddrinfo(ai);
144 return true;
145}
146
147bool
148dns_domain_list_append(struct dns_domain **entry, char **domains, struct gc_arena *gc)
149{
150 /* Fast forward to the end of the list */
151 while (*entry)
152 {
153 entry = &((*entry)->next);
154 }
155
156 /* Append all domains to the end of the list */
157 while (*domains)
158 {
159 char *domain = *domains++;
160 if (!validate_domain(domain))
161 {
162 return false;
163 }
164
165 ALLOC_OBJ_CLEAR_GC(*entry, struct dns_domain, gc);
166 struct dns_domain *new = *entry;
167 new->name = domain;
168 entry = &new->next;
169 }
170
171 return true;
172}
173
174bool
175dns_server_priority_parse(long *priority, const char *str, bool pulled)
176{
177 char *endptr;
178 const long min = pulled ? 0 : INT8_MIN;
179 const long max = INT8_MAX;
180 long prio = strtol(str, &endptr, 10);
181 if (*endptr != '\0' || prio < min || prio > max)
182 {
183 return false;
184 }
185 *priority = prio;
186 return true;
187}
188
189struct dns_server *
190dns_server_get(struct dns_server **entry, long priority, struct gc_arena *gc)
191{
192 struct dns_server *obj = *entry;
193 while (true)
194 {
195 if (!obj || obj->priority > priority)
196 {
197 ALLOC_OBJ_CLEAR_GC(*entry, struct dns_server, gc);
198 (*entry)->next = obj;
199 (*entry)->priority = priority;
200 return *entry;
201 }
202 else if (obj->priority == priority)
203 {
204 return obj;
205 }
206 entry = &obj->next;
207 obj = *entry;
208 }
209}
210
211bool
212dns_options_verify(msglvl_t msglevel, const struct dns_options *o)
213{
214 const struct dns_server *server = o->servers ? o->servers : o->servers_prepull;
215 while (server)
216 {
217 if (server->addr_count == 0)
218 {
219 msg(msglevel, "ERROR: dns server %ld does not have an address assigned",
220 server->priority);
221 return false;
222 }
223 server = server->next;
224 }
225 return true;
226}
227
228static struct dns_domain *
229clone_dns_domains(const struct dns_domain *domain, struct gc_arena *gc)
230{
231 struct dns_domain *new_list = NULL;
232 struct dns_domain **new_entry = &new_list;
233
234 while (domain)
235 {
236 ALLOC_OBJ_CLEAR_GC(*new_entry, struct dns_domain, gc);
237 struct dns_domain *new_domain = *new_entry;
238 *new_domain = *domain;
239 new_entry = &new_domain->next;
240 domain = domain->next;
241 }
242
243 return new_list;
244}
245
246static struct dns_server *
247clone_dns_servers(const struct dns_server *server, struct gc_arena *gc)
248{
249 struct dns_server *new_list = NULL;
250 struct dns_server **new_entry = &new_list;
251
252 while (server)
253 {
254 ALLOC_OBJ_CLEAR_GC(*new_entry, struct dns_server, gc);
255 struct dns_server *new_server = *new_entry;
256 *new_server = *server;
257 new_server->domains = clone_dns_domains(server->domains, gc);
258 new_entry = &new_server->next;
259 server = server->next;
260 }
261
262 return new_list;
263}
264
265struct dns_options
266clone_dns_options(const struct dns_options *o, struct gc_arena *gc)
267{
268 struct dns_options clone;
269
270 memset(&clone, 0, sizeof(clone));
271 clone.search_domains = clone_dns_domains(o->search_domains, gc);
272 clone.servers = clone_dns_servers(o->servers, gc);
273 clone.servers_prepull = clone_dns_servers(o->servers_prepull, gc);
274 clone.updown = o->updown;
275 clone.updown_flags = o->updown_flags;
276 clone.from_dhcp = o->from_dhcp;
277
278 return clone;
279}
280
281void
282dns_options_preprocess_pull(struct dns_options *o)
283{
284 o->servers_prepull = o->servers;
285 o->servers = NULL;
286}
287
288void
289dns_options_postprocess_pull(struct dns_options *o)
290{
291 struct dns_server **entry = &o->servers;
292 struct dns_server *server = *entry;
293 struct dns_server *server_pp = o->servers_prepull;
294
295 while (server && server_pp)
296 {
297 if (server->priority > server_pp->priority)
298 {
299 /* Merge static server in front of pulled one */
300 struct dns_server *next_pp = server_pp->next;
301 server_pp->next = server;
302 *entry = server_pp;
303 server = *entry;
304 server_pp = next_pp;
305 }
306 else if (server->priority == server_pp->priority)
307 {
308 /* Pulled server overrides static one */
309 server_pp = server_pp->next;
310 }
311 entry = &server->next;
312 server = *entry;
313 }
314
315 /* Append remaining local servers */
316 if (server_pp)
317 {
318 *entry = server_pp;
319 }
320
321 o->servers_prepull = NULL;
322}
323
324static const char *
325dnssec_value(const enum dns_security dnssec)
326{
327 switch (dnssec)
328 {
329 case DNS_SECURITY_YES:
330 return "yes";
331
332 case DNS_SECURITY_OPTIONAL:
333 return "optional";
334
335 case DNS_SECURITY_NO:
336 return "no";
337
338 default:
339 return "unset";
340 }
341}
342
343static const char *
344transport_value(const enum dns_server_transport transport)
345{
346 switch (transport)
347 {
348 case DNS_TRANSPORT_HTTPS:
349 return "DoH";
350
351 case DNS_TRANSPORT_TLS:
352 return "DoT";
353
354 case DNS_TRANSPORT_PLAIN:
355 return "plain";
356
357 default:
358 return "unset";
359 }
360}
361
362#ifdef _WIN32
363
364static void
365make_domain_list(const char *what, const struct dns_domain *src, bool nrpt_domains, char *dst,
366 size_t dst_size)
367{
368 /* NRPT domains need two \0 at the end for REG_MULTI_SZ
369 * and a leading '.' added in front of the domain name */
370 size_t term_size = nrpt_domains ? 2 : 1;
371 size_t leading_dot = nrpt_domains ? 1 : 0;
372 size_t offset = 0;
373
374 memset(dst, 0, dst_size);
375
376 while (src)
377 {
378 size_t len = strlen(src->name);
379 if (offset + leading_dot + len + term_size > dst_size)
380 {
381 msg(M_WARN, "WARNING: %s truncated", what);
382 if (offset)
383 {
384 /* Remove trailing comma */
385 *(dst + offset - 1) = '\0';
386 }
387 break;
388 }
389
390 if (leading_dot)
391 {
392 *(dst + offset++) = '.';
393 }
394 strncpy(dst + offset, src->name, len);
395 offset += len;
396
397 src = src->next;
398 if (src)
399 {
400 *(dst + offset++) = ',';
401 }
402 }
403}
404
405static void
406run_up_down_service(bool add, const struct options *o, const struct tuntap *tt)
407{
408 const struct dns_server *server = o->dns_options.servers;
409 const struct dns_domain *search_domains = o->dns_options.search_domains;
410
411 while (true)
412 {
413 if (!server)
414 {
415 if (add)
416 {
417 msg(M_WARN, "WARNING: setting DNS failed, no compatible server profile");
418 }
419 return;
420 }
421
422 bool only_standard_server_ports = true;
423 for (size_t i = 0; i < NRPT_ADDR_NUM; ++i)
424 {
425 if (server->addr[i].port && server->addr[i].port != 53)
426 {
427 only_standard_server_ports = false;
428 break;
429 }
430 }
431 if ((server->transport == DNS_TRANSPORT_UNSET || server->transport == DNS_TRANSPORT_PLAIN)
432 && only_standard_server_ports)
433 {
434 break; /* found compatible server */
435 }
436
437 server = server->next;
438 }
439
440 ack_message_t ack;
441 nrpt_dns_cfg_message_t nrpt = {
442 .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t),
443 0 },
444 .iface = { .index = tt->adapter_index, .name = "" },
445 .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec,
446 };
447 strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name));
448
449 for (size_t i = 0; i < NRPT_ADDR_NUM; ++i)
450 {
451 if (server->addr[i].family == AF_UNSPEC)
452 {
453 /* No more addresses */
454 break;
455 }
456
457 if (inet_ntop(server->addr[i].family, &server->addr[i].in, nrpt.addresses[i],
458 NRPT_ADDR_SIZE)
459 == NULL)
460 {
461 msg(M_WARN, "WARNING: could not convert dns server address");
462 }
463 }
464
465 make_domain_list("dns server resolve domains", server->domains, true, nrpt.resolve_domains,
466 sizeof(nrpt.resolve_domains));
467
468 make_domain_list("dns search domains", search_domains, false, nrpt.search_domains,
469 sizeof(nrpt.search_domains));
470
471 msg(D_LOW, "%s NRPT DNS%s%s on '%s' (if_index = %lu) using service",
472 (add ? "Setting" : "Deleting"), nrpt.resolve_domains[0] != 0 ? ", resolve domains" : "",
473 nrpt.search_domains[0] != 0 ? ", search domains" : "",
474 nrpt.iface.name, nrpt.iface.index);
475
476 send_msg_iservice(o->msg_channel, &nrpt, sizeof(nrpt), &ack, "DNS");
477}
478
479#else /* ifdef _WIN32 */
480
481static void
482setenv_dns_option(struct env_set *es, const char *format, size_t i, size_t j, const char *value)
483{
484 char name[64];
485 bool name_ok = false;
486
487 if (j == 0)
488 {
489 name_ok = checked_snprintf(name, sizeof(name), format, i);
490 }
491 else
492 {
493 name_ok = checked_snprintf(name, sizeof(name), format, i, j);
494 }
495
496 if (!name_ok)
497 {
498 msg(M_WARN, "WARNING: dns option setenv name buffer overflow");
499 }
500
501 setenv_str(es, name, value);
502}
503
504static void
505setenv_dns_options(const struct dns_options *o, struct env_set *es)
506{
507 struct gc_arena gc = gc_new();
508 const struct dns_server *s;
509 const struct dns_domain *d;
510 size_t i, j;
511
512 for (i = 1, d = o->search_domains; d != NULL; i++, d = d->next)
513 {
514 setenv_dns_option(es, "dns_search_domain_%zu", i, 0, d->name);
515 }
516
517 for (i = 1, s = o->servers; s != NULL; i++, s = s->next)
518 {
519 for (j = 0; j < s->addr_count; ++j)
520 {
521 if (s->addr[j].family == AF_INET)
522 {
523 setenv_dns_option(es, "dns_server_%zu_address_%zu", i, j + 1,
524 print_in_addr_t(s->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc));
525 }
526 else
527 {
528 setenv_dns_option(es, "dns_server_%zu_address_%zu", i, j + 1,
529 print_in6_addr(s->addr[j].in.a6, 0, &gc));
530 }
531 if (s->addr[j].port)
532 {
533 setenv_dns_option(es, "dns_server_%zu_port_%zu", i, j + 1,
534 print_in_port_t(s->addr[j].port, &gc));
535 }
536 }
537
538 if (s->domains)
539 {
540 for (j = 1, d = s->domains; d != NULL; j++, d = d->next)
541 {
542 setenv_dns_option(es, "dns_server_%zu_resolve_domain_%zu", i, j, d->name);
543 }
544 }
545
546 if (s->dnssec)
547 {
548 setenv_dns_option(es, "dns_server_%zu_dnssec", i, 0, dnssec_value(s->dnssec));
549 }
550
551 if (s->transport)
552 {
553 setenv_dns_option(es, "dns_server_%zu_transport", i, 0, transport_value(s->transport));
554 }
555 if (s->sni)
556 {
557 setenv_dns_option(es, "dns_server_%zu_sni", i, 0, s->sni);
558 }
559 }
560
561 gc_free(&gc);
562}
563
564static void
565updown_env_set(bool up, const struct dns_options *o, const struct tuntap *tt, struct env_set *es)
566{
567 setenv_str(es, "dev", tt->actual_name);
568 setenv_str(es, "script_type", up ? "dns-up" : "dns-down");
569 setenv_dns_options(o, es);
570}
571
572static int
573do_run_up_down_command(bool up, const char *vars_file, const struct dns_options *o,
574 const struct tuntap *tt)
575{
576 struct gc_arena gc = gc_new();
577 struct argv argv = argv_new();
578 struct env_set *es = env_set_create(&gc);
579
580 if (vars_file)
581 {
582 setenv_str(es, "dns_vars_file", vars_file);
583 }
584 else
585 {
586 updown_env_set(up, o, tt, es);
587 }
588
589 argv_printf(&argv, "%s", o->updown);
590 argv_msg(M_INFO, &argv);
591 int res;
592 if (dns_updown_user_set(o))
593 {
594 res = openvpn_run_script(&argv, es, S_EXITCODE, "dns updown");
595 }
596 else
597 {
598 res = openvpn_execve_check(&argv, es, S_EXITCODE, "WARNING: Failed running dns updown");
599 }
600 argv_free(&argv);
601 gc_free(&gc);
602 return res;
603}
604
605static bool
606run_updown_runner(bool up, struct options *o, const struct tuntap *tt,
607 struct dns_updown_runner_info *updown_runner)
608{
609 int dns_pipe_fd[2];
610 int ack_pipe_fd[2];
611 if (pipe(dns_pipe_fd) != 0 || pipe(ack_pipe_fd) != 0)
612 {
613 msg(M_WARN | M_ERRNO, "run_dns_up_down: unable to create pipes");
614 return false;
615 }
616 updown_runner->pid = fork();
617 if (updown_runner->pid == -1)
618 {
619 msg(M_WARN | M_ERRNO, "run_dns_up_down: unable to fork");
620 close(dns_pipe_fd[0]);
621 close(dns_pipe_fd[1]);
622 close(ack_pipe_fd[0]);
623 close(ack_pipe_fd[1]);
624 return false;
625 }
626 else if (updown_runner->pid > 0)
627 {
628 /* Parent process */
629 close(dns_pipe_fd[0]);
630 close(ack_pipe_fd[1]);
631 updown_runner->fds[0] = ack_pipe_fd[0];
632 updown_runner->fds[1] = dns_pipe_fd[1];
633 }
634 else
635 {
636 /* Script runner process, close unused FDs */
637 for (int fd = 3; fd < 100; ++fd)
638 {
639 if (fd != dns_pipe_fd[0] && fd != ack_pipe_fd[1])
640 {
641 close(fd);
642 }
643 }
644
645 /* Ignore signals */
646 signal(SIGINT, SIG_IGN);
647 signal(SIGHUP, SIG_IGN);
648 signal(SIGTERM, SIG_IGN);
649 signal(SIGUSR1, SIG_IGN);
650 signal(SIGUSR2, SIG_IGN);
651 signal(SIGPIPE, SIG_IGN);
652
653 while (1)
654 {
655 char path[PATH_MAX];
656
657 /* Block here until parent sends a path */
658 ssize_t rlen = read(dns_pipe_fd[0], &path, sizeof(path));
659 if (rlen < 1)
660 {
661 if (rlen == -1 && errno == EINTR)
662 {
663 continue;
664 }
665 close(dns_pipe_fd[0]);
666 close(ack_pipe_fd[1]);
667 exit(0);
668 }
669
670 path[sizeof(path) - 1] = '\0';
671 int res = do_run_up_down_command(up, path, &o->dns_options, tt);
672 platform_unlink(path);
673
674 /* Unblock parent process */
675 while (1)
676 {
677 ssize_t wlen = write(ack_pipe_fd[1], &res, sizeof(res));
678 if ((wlen == -1 && errno != EINTR) || wlen < (ssize_t)sizeof(res))
679 {
680 /* Not much we can do about errors but exit */
681 close(dns_pipe_fd[0]);
682 close(ack_pipe_fd[1]);
683 exit(0);
684 }
685 else if (wlen == sizeof(res))
686 {
687 break;
688 }
689 }
690
691 up = !up; /* do the opposite next time */
692 }
693 }
694
695 return true;
696}
697
698static void
699run_up_down_command(bool up, struct options *o, const struct tuntap *tt,
700 struct dns_updown_runner_info *updown_runner)
701{
702 struct dns_options *dns = &o->dns_options;
703 if (!dns->updown || (o->up_script && !dns_updown_user_set(dns) && !dns_updown_forced(dns)))
704 {
705 return;
706 }
707
708 int status = -1;
709
710 if (!updown_runner->required)
711 {
712 /* Run dns updown directly */
713 status = do_run_up_down_command(up, NULL, dns, tt);
714 }
715 else
716 {
717 if (updown_runner->pid < 1)
718 {
719 /* Need to set up privilege preserving child first */
720 if (!run_updown_runner(up, o, tt, updown_runner))
721 {
722 return;
723 }
724 }
725
726 struct gc_arena gc = gc_new();
727 const char *dvf = platform_create_temp_file(o->tmp_dir, "dvf", &gc);
728 if (!dvf)
729 {
730 msg(M_ERR, "could not create dns vars file");
731 goto out_free;
732 }
733
734 struct env_set *es = env_set_create(&gc);
735 updown_env_set(up, &o->dns_options, tt, es);
736 env_set_write_file(dvf, es);
737
738 int wfd = updown_runner->fds[1];
739 ssize_t dvf_size = strlen(dvf) + 1;
740 while (1)
741 {
742 ssize_t len = write(wfd, dvf, dvf_size);
743 if (len < dvf_size)
744 {
745 if (len == -1 && errno == EINTR)
746 {
747 continue;
748 }
749 msg(M_WARN | M_ERRNO, "could not send dns vars filename");
750 }
751 break;
752 }
753
754 int rfd = updown_runner->fds[0];
755 while (1)
756 {
757 ssize_t len = read(rfd, &status, sizeof(status));
758 if (len < (ssize_t)sizeof(status))
759 {
760 if (len == -1 && errno == EINTR)
761 {
762 continue;
763 }
764 msg(M_WARN | M_ERRNO, "could not receive dns updown status");
765 }
766 break;
767 }
768
769out_free:
770 gc_free(&gc);
771 }
772
773 msg(M_INFO, "dns %s command exited with status %d", up ? "up" : "down", status);
774}
775
776#endif /* _WIN32 */
777
778void
779show_dns_options(const struct dns_options *o)
780{
781 struct gc_arena gc = gc_new();
782
783 int i = 1;
784 struct dns_server *server = o->servers_prepull ? o->servers_prepull : o->servers;
785 while (server)
786 {
787 msg(D_SHOW_PARMS, " DNS server #%d:", i++);
788
789 for (size_t j = 0; j < server->addr_count; ++j)
790 {
791 const char *addr;
792 const char *fmt_port;
793 if (server->addr[j].family == AF_INET)
794 {
795 addr = print_in_addr_t(server->addr[j].in.a4.s_addr, IA_NET_ORDER, &gc);
796 fmt_port = " address = %s:%s";
797 }
798 else
799 {
800 addr = print_in6_addr(server->addr[j].in.a6, 0, &gc);
801 fmt_port = " address = [%s]:%s";
802 }
803
804 if (server->addr[j].port)
805 {
806 const char *port = print_in_port_t(server->addr[j].port, &gc);
807 msg(D_SHOW_PARMS, fmt_port, addr, port);
808 }
809 else
810 {
811 msg(D_SHOW_PARMS, " address = %s", addr);
812 }
813 }
814
815 if (server->dnssec)
816 {
817 msg(D_SHOW_PARMS, " dnssec = %s", dnssec_value(server->dnssec));
818 }
819
820 if (server->transport)
821 {
822 msg(D_SHOW_PARMS, " transport = %s", transport_value(server->transport));
823 }
824 if (server->sni)
825 {
826 msg(D_SHOW_PARMS, " sni = %s", server->sni);
827 }
828
829 struct dns_domain *domain = server->domains;
830 if (domain)
831 {
832 msg(D_SHOW_PARMS, " resolve domains:");
833 while (domain)
834 {
835 msg(D_SHOW_PARMS, " %s", domain->name);
836 domain = domain->next;
837 }
838 }
839
840 server = server->next;
841 }
842
843 struct dns_domain *search_domain = o->search_domains;
844 if (search_domain)
845 {
846 msg(D_SHOW_PARMS, " DNS search domains:");
847 while (search_domain)
848 {
849 msg(D_SHOW_PARMS, " %s", search_domain->name);
850 search_domain = search_domain->next;
851 }
852 }
853
854 gc_free(&gc);
855}
856
857void
858run_dns_up_down(bool up, struct options *o, const struct tuntap *tt,
859 struct dns_updown_runner_info *duri)
860{
861 if (!o->dns_options.servers)
862 {
863 return;
864 }
865#ifdef _WIN32
866 /* Don't use iservice in DHCP mode */
867 struct tuntap_options *tto = &o->tuntap_options;
868 if (tto->ip_win32_type == IPW32_SET_DHCP_MASQ || tto->ip_win32_type == IPW32_SET_ADAPTIVE)
869 {
870 return;
871 }
872#endif
873
874 /* Warn about adding servers of unsupported AF */
875 const struct dns_server *s = o->dns_options.servers;
876 while (up && s)
877 {
878 size_t bad_count = 0;
879 for (size_t i = 0; i < s->addr_count; ++i)
880 {
881 if ((s->addr[i].family == AF_INET6 && !tt->did_ifconfig_ipv6_setup)
882 || (s->addr[i].family == AF_INET && !tt->did_ifconfig_setup))
883 {
884 ++bad_count;
885 }
886 }
887 if (bad_count == s->addr_count)
888 {
889 msg(M_WARN,
890 "DNS server %ld only has address(es) from a family "
891 "the tunnel is not configured for - it will not be reachable",
892 s->priority);
893 }
894 else if (bad_count)
895 {
896 msg(M_WARN,
897 "DNS server %ld has address(es) from a family "
898 "the tunnel is not configured for",
899 s->priority);
900 }
901 s = s->next;
902 }
903
904#ifdef _WIN32
905 run_up_down_service(up, o, tt);
906#else
907 run_up_down_command(up, o, tt, duri);
908#endif /* ifdef _WIN32 */
909}
argv_msg
void argv_msg(const msglvl_t msglevel, const struct argv *a)
Write the arguments stored in a struct argv via the msg() command.
Definition argv.c:242
argv_free
void argv_free(struct argv *a)
Frees all memory allocations allocated by the struct argv related functions.
Definition argv.c:101
argv_printf
bool argv_printf(struct argv *argres, const char *format,...)
printf() variant which populates a struct argv.
Definition argv.c:438
argv_new
struct argv argv_new(void)
Allocates a new struct argv and ensures it is initialised.
Definition argv.c:87
checked_snprintf
bool checked_snprintf(char *str, size_t size, const char *format,...)
Like snprintf() but returns an boolean.
Definition buffer.c:1138
ALLOC_OBJ_CLEAR_GC
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition buffer.h:1125
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:362
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1049
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1041
dns_options_verify
bool dns_options_verify(msglvl_t msglevel, const struct dns_options *o)
Checks validity of DNS options.
Definition dns.c:212
dnssec_value
static const char * dnssec_value(const enum dns_security dnssec)
Definition dns.c:325
run_dns_up_down
void run_dns_up_down(bool up, struct options *o, const struct tuntap *tt, struct dns_updown_runner_info *duri)
Invokes the action associated with bringing DNS up or down.
Definition dns.c:858
dns_options_postprocess_pull
void dns_options_postprocess_pull(struct dns_options *o)
Merges pulled DNS servers with static ones into an ordered list.
Definition dns.c:289
dns_server_addr_parse
bool dns_server_addr_parse(struct dns_server *server, const char *addr)
Parses a string IPv4 or IPv6 address and optional colon separated port, into a in_addr or in6_addr re...
Definition dns.c:62
dns_domain_list_append
bool dns_domain_list_append(struct dns_domain **entry, char **domains, struct gc_arena *gc)
Appends safe DNS domain parameters to a linked list.
Definition dns.c:148
dns_server_get
struct dns_server * dns_server_get(struct dns_server **entry, long priority, struct gc_arena *gc)
Find or create DNS server with priority in a linked list.
Definition dns.c:190
run_up_down_service
static void run_up_down_service(bool add, const struct options *o, const struct tuntap *tt)
Definition dns.c:406
make_domain_list
static void make_domain_list(const char *what, const struct dns_domain *src, bool nrpt_domains, char *dst, size_t dst_size)
Definition dns.c:365
dns_server_port_parse
static bool dns_server_port_parse(in_port_t *port, const char *port_str)
Parses a string as port and stores it.
Definition dns.c:48
clone_dns_servers
static struct dns_server * clone_dns_servers(const struct dns_server *server, struct gc_arena *gc)
Definition dns.c:247
clone_dns_domains
static struct dns_domain * clone_dns_domains(const struct dns_domain *domain, struct gc_arena *gc)
Definition dns.c:229
transport_value
static const char * transport_value(const enum dns_server_transport transport)
Definition dns.c:344
dns_server_priority_parse
bool dns_server_priority_parse(long *priority, const char *str, bool pulled)
Parses a string DNS server priority and validates it.
Definition dns.c:175
clone_dns_options
struct dns_options clone_dns_options(const struct dns_options *o, struct gc_arena *gc)
Makes a deep copy of the passed DNS options.
Definition dns.c:266
show_dns_options
void show_dns_options(const struct dns_options *o)
Prints configured DNS options.
Definition dns.c:779
dns_options_preprocess_pull
void dns_options_preprocess_pull(struct dns_options *o)
Saves and resets the server options, so that pulled ones don't mix in.
Definition dns.c:282
dns_updown_user_set
static bool dns_updown_user_set(const struct dns_options *o)
Returns whether dns-updown is user defined.
Definition dns.h:218
dns_security
dns_security
Definition dns.h:31
DNS_SECURITY_NO
@ DNS_SECURITY_NO
Definition dns.h:33
DNS_SECURITY_YES
@ DNS_SECURITY_YES
Definition dns.h:34
DNS_SECURITY_OPTIONAL
@ DNS_SECURITY_OPTIONAL
Definition dns.h:35
dns_updown_forced
static bool dns_updown_forced(const struct dns_options *o)
Returns whether dns-updown is forced to run.
Definition dns.h:229
dns_server_transport
dns_server_transport
Definition dns.h:39
DNS_TRANSPORT_PLAIN
@ DNS_TRANSPORT_PLAIN
Definition dns.h:41
DNS_TRANSPORT_UNSET
@ DNS_TRANSPORT_UNSET
Definition dns.h:40
DNS_TRANSPORT_TLS
@ DNS_TRANSPORT_TLS
Definition dns.h:43
DNS_TRANSPORT_HTTPS
@ DNS_TRANSPORT_HTTPS
Definition dns.h:42
domain_helper.h
validate_domain
static bool validate_domain(const char *domain)
Definition domain_helper.h:34
env_set_write_file
void env_set_write_file(const char *path, const struct env_set *es)
Write a struct env_set to a file.
Definition env_set.c:238
setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition env_set.c:307
env_set_create
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
D_SHOW_PARMS
#define D_SHOW_PARMS
Definition errlevel.h:95
D_LOW
#define D_LOW
Definition errlevel.h:96
M_INFO
#define M_INFO
Definition errlevel.h:54
status
static SERVICE_STATUS status
Definition interactive.c:51
write
@ write
Definition interactive.c:213
read
@ read
Definition interactive.c:212
nrpt_dnssec
@ nrpt_dnssec
Definition openvpn-msg.h:113
msg_add_nrpt_cfg
@ msg_add_nrpt_cfg
Definition openvpn-msg.h:38
msg_del_nrpt_cfg
@ msg_del_nrpt_cfg
Definition openvpn-msg.h:39
NRPT_ADDR_SIZE
#define NRPT_ADDR_SIZE
Definition openvpn-msg.h:117
NRPT_ADDR_NUM
#define NRPT_ADDR_NUM
Definition openvpn-msg.h:116
SIZE
#define SIZE(x)
Definition basic.h:29
M_ERR
#define M_ERR
Definition error.h:106
msg
#define msg(flags,...)
Definition error.h:152
msglvl_t
unsigned int msglvl_t
Definition error.h:77
M_WARN
#define M_WARN
Definition error.h:92
M_ERRNO
#define M_ERRNO
Definition error.h:95
platform_create_temp_file
const char * platform_create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
Create a temporary file in directory, returns the filename of the created file.
Definition platform.c:540
platform_unlink
bool platform_unlink(const char *filename)
Definition platform.c:487
openvpn_execve_check
int openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition run_command.c:233
run_command.h
S_EXITCODE
#define S_EXITCODE
Instead of returning 1/0 for success/fail, return exit code when between 0 and 255 and -1 otherwise.
Definition run_command.h:53
openvpn_run_script
static int openvpn_run_script(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *hook)
Will run a script and return the exit code of the script if between 0 and 255, -1 otherwise.
Definition run_command.h:89
openvpn_getaddrinfo
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, struct signal_info *sig_info, int ai_family, struct addrinfo **res)
Definition socket_util.c:537
print_in_port_t
const char * print_in_port_t(in_port_t port, struct gc_arena *gc)
Definition socket_util.c:231
print_in6_addr
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:216
print_in_addr_t
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition socket_util.c:196
socket_util.h
IA_NET_ORDER
#define IA_NET_ORDER
Definition socket_util.h:90
ack_message_t
Definition openvpn-msg.h:158
argv
Definition argv.h:35
dns_domain
Definition dns.h:54
dns_domain::next
struct dns_domain * next
Definition dns.h:55
dns_domain::name
const char * name
Definition dns.h:56
dns_options
Definition dns.h:113
dns_options::servers
struct dns_server * servers
Definition dns.h:117
dns_options::updown
const char * updown
Definition dns.h:119
dns_options::from_dhcp
struct dhcp_options from_dhcp
Definition dns.h:114
dns_options::servers_prepull
struct dns_server * servers_prepull
Definition dns.h:116
dns_options::updown_flags
enum dns_updown_flags updown_flags
Definition dns.h:120
dns_options::search_domains
struct dns_domain * search_domains
Definition dns.h:115
dns_server_addr::a4
struct in_addr a4
Definition dns.h:63
dns_server_addr::in
union dns_server_addr::@0 in
dns_server_addr::family
sa_family_t family
Definition dns.h:66
dns_server_addr::a6
struct in6_addr a6
Definition dns.h:64
dns_server_addr::port
in_port_t port
Definition dns.h:67
dns_server
Definition dns.h:71
dns_server::addr
struct dns_server_addr addr[8]
Definition dns.h:75
dns_server::dnssec
enum dns_security dnssec
Definition dns.h:77
dns_server::next
struct dns_server * next
Definition dns.h:72
dns_server::priority
long priority
Definition dns.h:73
dns_server::addr_count
size_t addr_count
Definition dns.h:74
dns_server::domains
struct dns_domain * domains
Definition dns.h:76
dns_server::transport
enum dns_server_transport transport
Definition dns.h:78
dns_server::sni
const char * sni
Definition dns.h:79
dns_updown_runner_info
Definition dns.h:83
dns_updown_runner_info::required
bool required
Definition dns.h:84
dns_updown_runner_info::fds
int fds[2]
Definition dns.h:85
env_set
Definition env_set.h:43
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
interface_t::name
char name[256]
Definition openvpn-msg.h:71
interface_t::index
DWORD index
Definition openvpn-msg.h:70
nrpt_dns_cfg_message_t
Definition openvpn-msg.h:120
nrpt_dns_cfg_message_t::search_domains
char search_domains[512]
Definition openvpn-msg.h:125
nrpt_dns_cfg_message_t::resolve_domains
char resolve_domains[512]
Definition openvpn-msg.h:124
nrpt_dns_cfg_message_t::iface
interface_t iface
Definition openvpn-msg.h:122
nrpt_dns_cfg_message_t::header
message_header_t header
Definition openvpn-msg.h:121
nrpt_dns_cfg_message_t::addresses
nrpt_address_t addresses[NRPT_ADDR_NUM]
Definition openvpn-msg.h:123
options::tmp_dir
const char * tmp_dir
Definition options.h:464
options::up_script
const char * up_script
Definition options.h:383
options::msg_channel
HANDLE msg_channel
Definition options.h:689
options::tuntap_options
struct tuntap_options tuntap_options
Definition options.h:369
options::dns_options
struct dns_options dns_options
Definition options.h:316
tuntap_options
Definition tun.h:73
tuntap_options::ip_win32_type
int ip_win32_type
Definition tun.h:83
tuntap
Definition tun.h:181
tuntap::adapter_index
DWORD adapter_index
Definition tun.h:232
tuntap::did_ifconfig_ipv6_setup
bool did_ifconfig_ipv6_setup
if the internal variables related to ifconfig-ipv6 of this struct have been set up.
Definition tun.h:199
tuntap::did_ifconfig_setup
bool did_ifconfig_setup
if the internal variables related to ifconfig of this struct have been set up.
Definition tun.h:195
tuntap::actual_name
char * actual_name
Definition tun.h:205
SIGHUP
#define SIGHUP
Definition syshead.h:55
sa_family_t
unsigned short sa_family_t
Definition syshead.h:409
SIGINT
#define SIGINT
Definition syshead.h:56
SIGTERM
#define SIGTERM
Definition syshead.h:59
SIGUSR1
#define SIGUSR1
Definition syshead.h:57
in_port_t
uint16_t in_port_t
Definition syshead.h:53
SIGUSR2
#define SIGUSR2
Definition syshead.h:58
es
struct env_set * es
Definition test_pkcs11.c:138
gc
struct gc_arena gc
Definition test_ssl.c:133
IPW32_SET_ADAPTIVE
#define IPW32_SET_ADAPTIVE
Definition tun.h:81
IPW32_SET_DHCP_MASQ
#define IPW32_SET_DHCP_MASQ
Definition tun.h:80
send_msg_iservice
bool send_msg_iservice(HANDLE pipe, const void *data, DWORD size, ack_message_t *ack, const char *context)
Send the size bytes in buffer data to the interactive service pipe and read the result in ack.
Definition win32.c:1422
Generated by doxygen 1.9.8