OpenVPN 3 Core Library
Loading...
Searching...
No Matches
error.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// Define OpenVPN error codes and a method to convert them to a string representation
13
14#ifndef OPENVPN_ERROR_ERROR_H
15#define OPENVPN_ERROR_ERROR_H
16
17#include <openvpn/common/arraysize.hpp>
18
19namespace openvpn::Error {
20
21enum Type
22{
23 SUCCESS = 0, // no error
24 NETWORK_RECV_ERROR, // errors receiving on network socket
25 NETWORK_EOF_ERROR, // EOF received on TCP network socket
26 NETWORK_SEND_ERROR, // errors sending on network socket
27 NETWORK_UNAVAILABLE, // network unavailable
28 DECRYPT_ERROR, // data channel encrypt/decrypt error
29 HMAC_ERROR, // HMAC verification failure
30 REPLAY_ERROR, // error from PacketIDReceive
31 BUFFER_ERROR, // exception thrown in Buffer methods
32 CC_ERROR, // general control channel errors
33 BAD_SRC_ADDR, // packet from unknown source address
34 COMPRESS_ERROR, // compress/decompress errors on data channel
35 RESOLVE_ERROR, // DNS resolution error
36 SOCKET_PROTECT_ERROR, // Error calling protect() method on socket
37 TUN_READ_ERROR, // read errors on tun/tap interface
38 TUN_WRITE_ERROR, // write errors on tun/tap interface
39 TUN_FRAMING_ERROR, // error with tun PF_INET/PF_INET6 prefix
40 TUN_SETUP_FAILED, // error setting up tun/tap interface
41 TUN_IFACE_CREATE, // error creating tun/tap interface
42 TUN_IFACE_DISABLED, // tun/tap interface is disabled
43 TUN_ERROR, // general tun error
44 TUN_REGISTER_RINGS_ERROR, // error registering ring buffers with wintun
45 TAP_NOT_SUPPORTED, // dev tap is present in profile but not supported
46 REROUTE_GW_NO_DNS, // redirect-gateway specified without alt DNS servers
47 TRANSPORT_ERROR, // general transport error
48 TCP_OVERFLOW, // TCP output queue overflow
49 TCP_SIZE_ERROR, // bad embedded uint16_t TCP packet size
50 TCP_CONNECT_ERROR, // client error on TCP connect
51 UDP_CONNECT_ERROR, // client error on UDP connect
52 SSL_ERROR, // errors resulting from read/write on SSL object
53 SSL_PARTIAL_WRITE, // SSL object did not process all written cleartext
54 SSL_CA_MD_TOO_WEAK, // CA message digest is too weak
55 SSL_CA_KEY_TOO_SMALL, // CA key is too small
56 SSL_DH_KEY_TOO_SMALL, // DH key is too small
57 ENCAPSULATION_ERROR, // exceptions thrown during packet encapsulation
58 EPKI_CERT_ERROR, // error obtaining certificate from External PKI provider
59 EPKI_SIGN_ERROR, // error obtaining RSA signature from External PKI provider
60 HANDSHAKE_TIMEOUT, // handshake failed to complete within given time frame
61 KEEPALIVE_TIMEOUT, // lost contact with peer
62 INACTIVE_TIMEOUT, // disconnected due to inactive timer
63 CONNECTION_TIMEOUT, // connection failed to establish within given time
64 PRIMARY_EXPIRE, // primary key context expired
65 TLS_VERSION_MIN, // peer cannot handshake at our minimum required TLS version
66 CERT_VERIFY_FAIL, // peer certificate verification failure
67 TLS_SIGALG_DISALLOWED_OR_UNSUPPORTED, // signature algorithm required by TLS peer is not supported
68 TLS_ALERT_PROTOCOL_VERSION, // TLS Alert: No common TLS version between server and client
69 TLS_ALERT_UNKNOWN_CA, // TLS Alert: Unknown CA (client certificate verify failed or peer-fingerprint failed)
70 TLS_ALERT_HANDSHAKE_FAILURE, // TLS Alert: Generic handshake failure from the other side
71 TLS_ALERT_CERTIFICATE_REQUIRED, // TLS Alert: certificate is required
72 TLS_ALERT_CERTIFICATE_EXPIRED, // TLS Alert: certificate has expired
73 TLS_ALERT_CERTIFICATE_REVOKED, // TLS Alert: certificate is revoked
74 TLS_ALERT_BAD_CERTIFICATE, // TLS Alert: bad/rejected certificate
75 TLS_ALERT_UNSUPPORTED_CERTIFICATE, // TLS Alert: unsupported certificate (X509 key usage)
76 TLS_ALERT_MISC, // Any TLS Alert that is in any of the previous TLS alerts
77 TLS_AUTH_FAIL, // tls-auth HMAC verification failed
78 TLS_CRYPT_META_FAIL, // tls-crypt-v2 metadata verification failed
79 PEM_PASSWORD_FAIL, // incorrect or missing PEM private key decryption password
80 AUTH_FAILED, // general authentication failure
81 CLIENT_HALT, // HALT message from server received
82 CLIENT_RESTART, // RESTART message from server received
83 TUN_HALT, // halt command from tun interface
84 RELAY, // RELAY message from server received
85 RELAY_ERROR, // RELAY error
86 N_PAUSE, // Number of transitions to Pause state
87 N_RECONNECT, // Number of reconnections
88 N_KEY_LIMIT_RENEG, // Number of renegotiations triggered by per-key limits such as data or packet limits
89 KEY_STATE_ERROR, // Received packet didn't match expected key state
90 PROXY_ERROR, // HTTP proxy error
91 PROXY_NEED_CREDS, // HTTP proxy needs credentials
92 EARLY_NEG_INVALID, // Early protoctol negotiation information invalid/parse error
93 NTLM_MISSING_CRYPTO, // crypto primitives requires for NTLM are unavailable
94 UNUSED_OPTIONS, // unused/unknown options found in configuration
95 SESSION_EXPIRED, // authentication error when using session-id and password is not cache
96 NEED_CREDS, // credentials are required but are missing (likely due to auth-nocache)
97
98 // key event errors
99 KEV_NEGOTIATE_ERROR,
100 KEV_PENDING_ERROR,
101 N_KEV_EXPIRE,
102 KEY_EXPANSION_ERROR,
103
104 // Packet ID error detail
105 PKTID_INVALID,
106 PKTID_BACKTRACK,
107 PKTID_EXPIRE,
108 PKTID_REPLAY,
109 PKTID_TIME_BACKTRACK,
110
111 N_ERRORS,
112
113 // undefined error
114 UNDEF = SUCCESS,
115};
116
117inline const char *name(const size_t type)
118{
119 static const char *names[] = {
120 "SUCCESS",
121 "NETWORK_RECV_ERROR",
122 "NETWORK_EOF_ERROR",
123 "NETWORK_SEND_ERROR",
124 "NETWORK_UNAVAILABLE",
125 "DECRYPT_ERROR",
126 "HMAC_ERROR",
127 "REPLAY_ERROR",
128 "BUFFER_ERROR",
129 "CC_ERROR",
130 "BAD_SRC_ADDR",
131 "COMPRESS_ERROR",
132 "RESOLVE_ERROR",
133 "SOCKET_PROTECT_ERROR",
134 "TUN_READ_ERROR",
135 "TUN_WRITE_ERROR",
136 "TUN_FRAMING_ERROR",
137 "TUN_SETUP_FAILED",
138 "TUN_IFACE_CREATE",
139 "TUN_IFACE_DISABLED",
140 "TUN_ERROR",
141 "TUN_REGISTER_RINGS_ERROR",
142 "TAP_NOT_SUPPORTED",
143 "REROUTE_GW_NO_DNS",
144 "TRANSPORT_ERROR",
145 "TCP_OVERFLOW",
146 "TCP_SIZE_ERROR",
147 "TCP_CONNECT_ERROR",
148 "UDP_CONNECT_ERROR",
149 "SSL_ERROR",
150 "SSL_PARTIAL_WRITE",
151 "SSL_CA_MD_TOO_WEAK",
152 "SSL_CA_KEY_TOO_SMALL",
153 "SSL_DH_KEY_TOO_SMALL",
154 "ENCAPSULATION_ERROR",
155 "EPKI_CERT_ERROR",
156 "EPKI_SIGN_ERROR",
157 "HANDSHAKE_TIMEOUT",
158 "KEEPALIVE_TIMEOUT",
159 "INACTIVE_TIMEOUT",
160 "CONNECTION_TIMEOUT",
161 "PRIMARY_EXPIRE",
162 "TLS_VERSION_MIN",
163 "CERT_VERIFY_FAIL",
164 "TLS_SIGALG_DISALLOWED_OR_UNSUPPORTED",
165 "TLS_ALERT_PROTOCOL_VERSION",
166 "TLS_ALERT_UNKNOWN_CA",
167 "TLS_ALERT_HANDSHAKE_FAILURE",
168 "TLS_ALERT_CERTIFICATE_REQUIRED",
169 "TLS_ALERT_CERTIFICATE_EXPIRED",
170 "TLS_ALERT_CERTIFICATE_REVOKED",
171 "TLS_ALERT_BAD_CERTIFICATE",
172 "TLS_ALERT_UNSUPPORTED_CERTIFICATE",
173 "TLS_ALERT_MISC",
174 "TLS_AUTH_FAIL",
175 "TLS_CRYPT_META_FAIL",
176 "PEM_PASSWORD_FAIL",
177 "AUTH_FAILED",
178 "CLIENT_HALT",
179 "CLIENT_RESTART",
180 "TUN_HALT",
181 "RELAY",
182 "RELAY_ERROR",
183 "N_PAUSE",
184 "N_RECONNECT",
185 "N_KEY_LIMIT_RENEG",
186 "KEY_STATE_ERROR",
187 "PROXY_ERROR",
188 "PROXY_NEED_CREDS",
189 "EARLY_NEG_INVALID",
190 "NTLM_MISSING_CRYPTO",
191 "UNUSED_OPTIONS_ERROR",
192 "SESSION_EXPIRED",
193 "NEED_CREDS",
194 "KEV_NEGOTIATE_ERROR",
195 "KEV_PENDING_ERROR",
196 "N_KEV_EXPIRE",
197 "KEV_EXPANSION_ERROR",
198 "PKTID_INVALID",
199 "PKTID_BACKTRACK",
200 "PKTID_EXPIRE",
201 "PKTID_REPLAY",
202 "PKTID_TIME_BACKTRACK",
203 };
204
205 static_assert(N_ERRORS == array_size(names), "error names array inconsistency");
206 if (type < N_ERRORS)
207 return names[type];
208 else
209 return "UNKNOWN_ERROR_TYPE";
210}
211} // namespace openvpn::Error
212
213#endif // OPENVPN_ERROR_ERROR_H
openvpn::Error::TLS_ALERT_CERTIFICATE_REVOKED
@ TLS_ALERT_CERTIFICATE_REVOKED
Definition error.hpp:73
openvpn::Error::PEM_PASSWORD_FAIL
@ PEM_PASSWORD_FAIL
Definition error.hpp:79
openvpn::Error::KEY_EXPANSION_ERROR
@ KEY_EXPANSION_ERROR
Definition error.hpp:102
openvpn::Error::UDP_CONNECT_ERROR
@ UDP_CONNECT_ERROR
Definition error.hpp:51
openvpn::Error::REROUTE_GW_NO_DNS
@ REROUTE_GW_NO_DNS
Definition error.hpp:46
openvpn::Error::NETWORK_EOF_ERROR
@ NETWORK_EOF_ERROR
Definition error.hpp:25
openvpn::Error::TUN_FRAMING_ERROR
@ TUN_FRAMING_ERROR
Definition error.hpp:39
openvpn::Error::NTLM_MISSING_CRYPTO
@ NTLM_MISSING_CRYPTO
Definition error.hpp:93
openvpn::Error::CONNECTION_TIMEOUT
@ CONNECTION_TIMEOUT
Definition error.hpp:63
openvpn::Error::TCP_CONNECT_ERROR
@ TCP_CONNECT_ERROR
Definition error.hpp:50
openvpn::Error::KEV_NEGOTIATE_ERROR
@ KEV_NEGOTIATE_ERROR
Definition error.hpp:99
openvpn::Error::SSL_PARTIAL_WRITE
@ SSL_PARTIAL_WRITE
Definition error.hpp:53
openvpn::Error::TLS_ALERT_BAD_CERTIFICATE
@ TLS_ALERT_BAD_CERTIFICATE
Definition error.hpp:74
openvpn::Error::SSL_DH_KEY_TOO_SMALL
@ SSL_DH_KEY_TOO_SMALL
Definition error.hpp:56
openvpn::Error::TLS_ALERT_CERTIFICATE_EXPIRED
@ TLS_ALERT_CERTIFICATE_EXPIRED
Definition error.hpp:72
openvpn::Error::SOCKET_PROTECT_ERROR
@ SOCKET_PROTECT_ERROR
Definition error.hpp:36
openvpn::Error::NETWORK_SEND_ERROR
@ NETWORK_SEND_ERROR
Definition error.hpp:26
openvpn::Error::TAP_NOT_SUPPORTED
@ TAP_NOT_SUPPORTED
Definition error.hpp:45
openvpn::Error::TLS_ALERT_UNSUPPORTED_CERTIFICATE
@ TLS_ALERT_UNSUPPORTED_CERTIFICATE
Definition error.hpp:75
openvpn::Error::KEEPALIVE_TIMEOUT
@ KEEPALIVE_TIMEOUT
Definition error.hpp:61
openvpn::Error::SSL_CA_MD_TOO_WEAK
@ SSL_CA_MD_TOO_WEAK
Definition error.hpp:54
openvpn::Error::N_KEY_LIMIT_RENEG
@ N_KEY_LIMIT_RENEG
Definition error.hpp:88
openvpn::Error::PKTID_TIME_BACKTRACK
@ PKTID_TIME_BACKTRACK
Definition error.hpp:109
openvpn::Error::HANDSHAKE_TIMEOUT
@ HANDSHAKE_TIMEOUT
Definition error.hpp:60
openvpn::Error::TLS_CRYPT_META_FAIL
@ TLS_CRYPT_META_FAIL
Definition error.hpp:78
openvpn::Error::ENCAPSULATION_ERROR
@ ENCAPSULATION_ERROR
Definition error.hpp:57
openvpn::Error::TUN_REGISTER_RINGS_ERROR
@ TUN_REGISTER_RINGS_ERROR
Definition error.hpp:44
openvpn::Error::NETWORK_UNAVAILABLE
@ NETWORK_UNAVAILABLE
Definition error.hpp:27
openvpn::Error::EARLY_NEG_INVALID
@ EARLY_NEG_INVALID
Definition error.hpp:92
openvpn::Error::TUN_IFACE_DISABLED
@ TUN_IFACE_DISABLED
Definition error.hpp:42
openvpn::Error::TLS_ALERT_PROTOCOL_VERSION
@ TLS_ALERT_PROTOCOL_VERSION
Definition error.hpp:68
openvpn::Error::TLS_ALERT_HANDSHAKE_FAILURE
@ TLS_ALERT_HANDSHAKE_FAILURE
Definition error.hpp:70
openvpn::Error::SSL_CA_KEY_TOO_SMALL
@ SSL_CA_KEY_TOO_SMALL
Definition error.hpp:55
openvpn::Error::TLS_SIGALG_DISALLOWED_OR_UNSUPPORTED
@ TLS_SIGALG_DISALLOWED_OR_UNSUPPORTED
Definition error.hpp:67
openvpn::Error::NETWORK_RECV_ERROR
@ NETWORK_RECV_ERROR
Definition error.hpp:24
openvpn::Error::TLS_ALERT_UNKNOWN_CA
@ TLS_ALERT_UNKNOWN_CA
Definition error.hpp:69
openvpn::Error::TLS_ALERT_CERTIFICATE_REQUIRED
@ TLS_ALERT_CERTIFICATE_REQUIRED
Definition error.hpp:71
openvpn::Error::name
const char * name(const size_t type)
Definition error.hpp:117
openvpn::array_size
constexpr std::size_t array_size(T(&)[N])
Definition arraysize.hpp:19