OpenVPN
openvpn.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include "init.h"
30#include "forward.h"
31#include "multi.h"
32#include "win32.h"
33#include "platform.h"
34#include "string.h"
35
36#include "memdbg.h"
37
38#define P2P_CHECK_SIG() EVENT_LOOP_CHECK_SIGNAL(c, process_signal_p2p, c);
39
40static bool
42{
43 remap_signal(c);
44 return process_signal(c);
45}
46
47
48/**************************************************************************/
56static void
58{
60
61 /* set point-to-point mode */
62 c->mode = CM_P2P;
63 /* initialize tunnel instance, avoid SIGHUP when config is stdin since
64 * re-reading the config from stdin will not work */
65 bool stdin_config = c->options.config && (strcmp(c->options.config, "stdin") == 0);
66 init_instance_handle_signals(c, c->es, stdin_config ? 0 : CC_HARD_USR1_TO_HUP);
67 if (IS_SIG(c))
68 {
69 return;
70 }
71
72 /* main event loop */
73 while (true)
74 {
76
77 /* process timers, TLS, etc. */
78 pre_select(c);
80
81 /* set up and do the I/O wait */
84
85 /* timeout? */
87 {
88 perf_pop();
89 continue;
90 }
91
92 /* process the I/O which triggered select */
93 process_io(c, c->c2.link_sockets[0]);
95
96 perf_pop();
97 }
98
100
102
103 /* tear down tunnel instance (unless --persist-tun) */
105}
106
107#undef PROCESS_SIGNAL_P2P
108
109void
111{
112 net_ctx_init(c, &c->net_ctx);
113
114 /* init verbosity and mute levels */
116
117 /* Initialise OpenSSL provider, this needs to be initialised this
118 * early since option post-processing and also openssl info
119 * printing depends on it */
120 for (int j = 1; j < MAX_PARMS && c->options.providers.names[j]; j++)
121 {
123 }
124}
125
126static void
128{
129 for (int j = 1; j < MAX_PARMS && c->options.providers.providers[j]; j++)
130 {
132 }
134}
135
136
137/**************************************************************************/
157static int
158openvpn_main(int argc, char *argv[])
159{
160 struct context c;
161
162#if PEDANTIC
163 fprintf(stderr, "Sorry, I was built with --enable-pedantic and I am incapable of doing any real work!\n");
164 return 1;
165#endif
166
167#ifdef _WIN32
168 SetConsoleOutputCP(CP_UTF8);
169#endif
170
171 CLEAR(c);
172
173 /* signify first time for components which can
174 * only be initialized once per program instantiation. */
175 c.first_time = true;
176
177 /* initialize program-wide statics */
178 if (init_static())
179 {
180 /*
181 * This loop is initially executed on startup and then
182 * once per SIGHUP.
183 */
184 do
185 {
186 /* enter pre-initialization mode with regard to signal handling */
188
189 /* zero context struct but leave first_time member alone */
191
192 /* static signal info object */
193 c.sig = &siginfo_static;
194
195 /* initialize garbage collector scoped to context object */
196 gc_init(&c.gc);
197
198 /* initialize environmental variable store */
199 c.es = env_set_create(NULL);
200#ifdef _WIN32
202#endif
203
204#ifdef ENABLE_MANAGEMENT
205 /* initialize management subsystem */
207#endif
208
209 /* initialize options to default state */
210 init_options(&c.options, true);
211
212 /* parse command line options, and read configuration file */
213 parse_argv(&c.options, argc, argv, M_USAGE, OPT_P_DEFAULT, NULL, c.es);
214
215#ifdef ENABLE_PLUGIN
216 /* plugins may contribute options configuration */
218 init_plugins(&c);
219 open_plugins(&c, true, OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE);
220#endif
221
222 /* Early initialisation that need to happen before option
223 * post processing and other early startup but after parsing */
224 init_early(&c);
225
226 /* set dev options */
228
229 /* openssl print info? */
231 {
232 break;
233 }
234
235 /* --genkey mode? */
236 if (do_genkey(&c.options))
237 {
238 break;
239 }
240
241 /* tun/tap persist command? */
243 {
244 break;
245 }
246
247 /* sanity check on options */
249
250 /* show all option settings */
252
253 /* print version number */
254 msg(M_INFO, "%s", title_string);
255#ifdef _WIN32
257#endif
259
261
262 /* misc stuff */
263 pre_setup(&c.options);
264
265 /* test crypto? */
266 if (do_test_crypto(&c.options))
267 {
268 break;
269 }
270
271 /* Query passwords before becoming a daemon if we don't use the
272 * management interface to get them. */
274 {
276 }
277
278 /* become a daemon if --daemon */
279 if (c.first_time)
280 {
283 }
284
285#ifdef ENABLE_MANAGEMENT
286 /* open management subsystem */
287 if (!open_management(&c))
288 {
289 break;
290 }
291 /* query for passwords through management interface, if needed */
293 {
295 }
296#endif
297
298 /* set certain options as environmental variables */
300
301 /* finish context init */
302 context_init_1(&c);
303
304 do
305 {
306 /* run tunnel depending on mode */
307 switch (c.options.mode)
308 {
311 break;
312
313 case MODE_SERVER:
314 tunnel_server(&c);
315 break;
316
317 default:
318 ASSERT(0);
319 }
320
321 /* indicates first iteration -- has program-wide scope */
322 c.first_time = false;
323
324 /* any signals received? */
325 if (IS_SIG(&c))
326 {
327 print_signal(c.sig, NULL, M_INFO);
328 }
329
330 /* pass restart status to management subsystem */
332 } while (signal_reset(c.sig, SIGUSR1) == SIGUSR1);
333
336 gc_reset(&c.gc);
337 uninit_early(&c);
338 } while (signal_reset(c.sig, SIGHUP) == SIGHUP);
339 }
340
341 context_gc_free(&c);
342
343#ifdef ENABLE_MANAGEMENT
344 /* close management interface */
346#endif
347
348 /* uninitialize program-wide statics */
350
351 openvpn_exit(OPENVPN_EXIT_STATUS_GOOD); /* exit point */
352 return 0; /* NOTREACHED */
353}
354
355#ifdef _WIN32
356int
357wmain(int argc, wchar_t *wargv[])
358{
359 char **argv;
360 int ret;
361 int i;
362
363 if ((argv = calloc(argc + 1, sizeof(char *))) == NULL)
364 {
365 return 1;
366 }
367
368 for (i = 0; i < argc; i++)
369 {
370 int n = WideCharToMultiByte(CP_UTF8, 0, wargv[i], -1, NULL, 0, NULL, NULL);
371 argv[i] = malloc(n);
372 WideCharToMultiByte(CP_UTF8, 0, wargv[i], -1, argv[i], n, NULL, NULL);
373 }
374
375 ret = openvpn_main(argc, argv);
376
377 for (i = 0; i < argc; i++)
378 {
379 free(argv[i]);
380 }
381 free(argv);
382
383 return ret;
384}
385#else /* ifdef _WIN32 */
386int
387main(int argc, char *argv[])
388{
389 return openvpn_main(argc, argv);
390}
391#endif /* ifdef _WIN32 */
static void gc_init(struct gc_arena *a)
Definition buffer.h:994
static void gc_reset(struct gc_arena *a)
Definition buffer.h:1028
void crypto_unload_provider(const char *provname, provider_t *provider)
Unloads the given (OpenSSL) provider.
provider_t * crypto_load_provider(const char *provider)
Load the given (OpenSSL) providers.
void env_set_destroy(struct env_set *es)
Definition env_set.c:166
struct env_set * env_set_create(struct gc_arena *gc)
Definition env_set.c:156
#define M_INFO
Definition errlevel.h:54
#define ES_TIMEOUT
Definition event.h:68
void process_io(struct context *c, struct link_socket *sock)
Definition forward.c:2322
void pre_select(struct context *c)
Definition forward.c:1969
Interface functions to the internal and external multiplexers.
static unsigned int p2p_iow_flags(const struct context *c)
Definition forward.h:363
static void io_wait(struct context *c, const unsigned int flags)
Definition forward.h:382
static int openvpn_main(int argc, char *argv[])
OpenVPN's main init-run-cleanup loop.
Definition openvpn.c:158
void tunnel_server(struct context *top)
Main event loop for OpenVPN in server mode.
Definition multi.c:4214
static void tunnel_point_to_point(struct context *c)
Main event loop for OpenVPN in client mode, where only one VPN tunnel is active.
Definition openvpn.c:57
void uninit_management_callback(void)
Definition init.c:4426
bool open_management(struct context *c)
Definition init.c:4373
bool do_genkey(const struct options *options)
Definition init.c:1016
void open_plugins(struct context *c, const bool import_options, int init_point)
Definition init.c:4210
void init_verb_mute(struct context *c, unsigned int flags)
Definition init.c:944
void close_instance(struct context *c)
Definition init.c:4766
void persist_client_stats(struct context *c)
Definition init.c:4437
bool do_test_crypto(const struct options *o)
Definition init.c:5076
void init_plugins(struct context *c)
Definition init.c:4200
void context_init_1(struct context *c)
Definition init.c:735
void pre_setup(const struct options *options)
Definition init.c:1292
void init_management(void)
Definition init.c:4364
void uninit_static(void)
Definition init.c:926
void init_instance_handle_signals(struct context *c, const struct env_set *env, const unsigned int flags)
Definition init.c:4452
void write_pid_file(const char *filename, const char *chroot_dir)
Definition init.c:5005
void context_gc_free(struct context *c)
Definition init.c:786
void init_options_dev(struct options *options)
Definition init.c:967
void init_query_passwords(const struct context *c)
Query for private key and auth-user-pass username/passwords.
Definition init.c:640
void context_clear_2(struct context *c)
Definition init.c:88
bool print_openssl_info(const struct options *options)
Definition init.c:978
bool do_persist_tuntap(struct options *options, openvpn_net_ctx_t *ctx)
Definition init.c:1097
bool init_static(void)
Definition init.c:824
bool possibly_become_daemon(const struct options *options)
Definition init.c:1156
void context_clear_all_except_first_time(struct context *c)
Definition init.c:94
void close_management(void)
Definition init.c:4413
#define IVM_LEVEL_1
Definition init.h:48
#define CC_HARD_USR1_TO_HUP
Definition init.h:117
#define MF_QUERY_PASSWORDS
Definition manage.h:28
Header file for server-mode related structures and functions.
static int net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx)
Definition networking.h:47
static void net_ctx_free(openvpn_net_ctx_t *ctx)
Definition networking.h:62
int main(void)
#define CLEAR(x)
Definition basic.h:32
void openvpn_exit(const int status)
Definition error.c:705
#define M_USAGE
Definition error.h:105
#define OPENVPN_EXIT_STATUS_GOOD
Definition error.h:52
#define msg(flags,...)
Definition error.h:150
#define ASSERT(x)
Definition error.h:217
static void uninit_early(struct context *c)
Definition openvpn.c:127
int wmain(int argc, wchar_t *wargv[])
Definition openvpn.c:357
static bool process_signal_p2p(struct context *c)
Definition openvpn.c:41
#define P2P_CHECK_SIG()
Definition openvpn.c:38
void init_early(struct context *c)
Definition openvpn.c:110
#define CM_P2P
Definition openvpn.h:482
void uninit_options(struct options *o)
Definition options.c:934
void show_windows_version(const unsigned int flags)
Definition options.c:4867
void show_dco_version(const unsigned int flags)
Definition options.c:4876
void show_settings(const struct options *o)
Definition options.c:1690
void parse_argv(struct options *options, const int argc, char *argv[], const int msglevel, const unsigned int permission_mask, unsigned int *option_types_found, struct env_set *es)
Definition options.c:5391
void options_postprocess(struct options *options, struct env_set *es)
Definition options.c:4271
void show_library_versions(const unsigned int flags)
Definition options.c:4886
void setenv_settings(struct env_set *es, const struct options *o)
Definition options.c:1013
void init_options(struct options *o, const bool init_gc)
Definition options.c:806
const char title_string[]
Definition options.c:70
#define MODE_POINT_TO_POINT
Definition options.h:260
#define MODE_SERVER
Definition options.h:261
#define OPT_P_DEFAULT
Definition options.h:765
#define MAX_PARMS
Definition options.h:51
static void perf_push(int type)
Definition perf.h:77
#define PERF_EVENT_LOOP
Definition perf.h:43
static void perf_pop(void)
Definition perf.h:81
bool process_signal(struct context *c)
Definition sig.c:636
void signal_restart_status(const struct signal_info *si)
Definition sig.c:345
int signal_reset(struct signal_info *si, int signum)
Clear the signal if its current value equals signum.
Definition sig.c:262
void pre_init_signal_catch(void)
Definition sig.c:392
void remap_signal(struct context *c)
Definition sig.c:588
struct signal_info siginfo_static
Definition sig.c:44
void print_signal(const struct signal_info *si, const char *title, int msglevel)
Definition sig.c:290
#define IS_SIG(c)
Definition sig.h:47
Definition argv.h:35
unsigned int event_set_status
Definition openvpn.h:235
struct link_socket ** link_sockets
Definition openvpn.h:237
Contains all state information for one tunnel.
Definition openvpn.h:474
int mode
Role of this context within the OpenVPN process.
Definition openvpn.h:487
bool did_we_daemonize
Whether demonization has already taken place.
Definition openvpn.h:510
bool first_time
True on the first iteration of OpenVPN's main loop.
Definition openvpn.h:478
struct signal_info * sig
Internal error signaling object.
Definition openvpn.h:503
openvpn_net_ctx_t net_ctx
Networking API opaque context.
Definition openvpn.h:501
struct context_2 c2
Level 2 context.
Definition openvpn.h:517
struct env_set * es
Set of environment variables.
Definition openvpn.h:499
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:475
struct gc_arena gc
Garbage collection arena for allocations done in the scope of this context structure.
Definition openvpn.h:495
struct provider_list providers
Definition options.h:584
const char * writepid
Definition options.h:384
unsigned int management_flags
Definition options.h:462
int mode
Definition options.h:262
const char * config
Definition options.h:257
const char * chroot_dir
Definition options.h:379
provider_t * providers[MAX_PARMS]
Definition options.h:216
const char * names[MAX_PARMS]
Definition options.h:214
void set_win_sys_path_via_env(struct env_set *es)
Definition win32.c:1123