svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn

Merged --multihome patch + aggregated sockflags.
Pre-2.1_beta3


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@622 e7ae566f-a301-0410-adde-c780ea21d3b5

1 files changed, 53 insertions, 39 deletions

diff --git a/ssl.c b/ssl.c
index 60516a8..2d65d82 100644
--- a/ssl.c
+++ b/ssl.c
@@ -374,7 +374,7 @@ extract_x509_field (const char *x509, const char *field_name, char *out, int siz
 static void
 setenv_untrusted (struct tls_session *session)
 {
-  setenv_sockaddr (session->opt->es, "untrusted", &session->untrusted_sockaddr, SA_IP_PORT);
+  setenv_link_socket_actual (session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT);
 }
 
 static void
@@ -1860,7 +1860,7 @@ static void
 write_control_auth (struct tls_session *session,
 		    struct key_state *ks,
 		    struct buffer *buf,
-		    struct sockaddr_in *to_link_addr,
+		    struct link_socket_actual **to_link_addr,
 		    int opcode,
 		    int max_ack,
 		    bool prepend_ack)
@@ -1868,7 +1868,7 @@ write_control_auth (struct tls_session *session,
   uint8_t *header;
   struct buffer null = clear_buf ();
 
-  ASSERT (addr_defined (&ks->remote_addr));
+  ASSERT (link_socket_actual_defined (&ks->remote_addr));
   ASSERT (reliable_ack_write
 	  (ks->rec_ack, buf, &ks->session_id_remote, max_ack, prepend_ack));
   ASSERT (session_id_write_prepend (&session->session_id, buf));
@@ -1880,7 +1880,7 @@ write_control_auth (struct tls_session *session,
       openvpn_encrypt (buf, null, &session->tls_auth, NULL);
       ASSERT (swap_hmac (buf, &session->tls_auth, false));
     }
-  *to_link_addr = ks->remote_addr;
+  *to_link_addr = &ks->remote_addr;
 }
 
 /*
@@ -1889,7 +1889,7 @@ write_control_auth (struct tls_session *session,
 static bool
 read_control_auth (struct buffer *buf,
 		   const struct crypto_options *co,
-		   const struct sockaddr_in *from)
+		   const struct link_socket_actual *from)
 {
   struct gc_arena gc = gc_new ();
 
@@ -1902,7 +1902,7 @@ read_control_auth (struct buffer *buf,
 	{
 	  msg (D_TLS_ERRORS,
 	       "TLS Error: cannot locate HMAC in incoming packet from %s",
-	       print_sockaddr (from, &gc));
+	       print_link_socket_actual (from, &gc));
 	  gc_free (&gc);
 	  return false;
 	}
@@ -1914,7 +1914,7 @@ read_control_auth (struct buffer *buf,
 	{
 	  msg (D_TLS_ERRORS,
 	       "TLS Error: incoming packet authentication failed from %s",
-	       print_sockaddr (from, &gc));
+	       print_link_socket_actual (from, &gc));
 	  gc_free (&gc);
 	  return false;
 	}
@@ -2803,7 +2803,7 @@ static bool
 tls_process (struct tls_multi *multi,
 	     struct tls_session *session,
 	     struct buffer *to_link,
-	     struct sockaddr_in *to_link_addr,
+	     struct link_socket_actual **to_link_addr,
 	     struct link_socket_info *to_link_socket_info,
 	     interval_t *wakeup)
 {
@@ -3197,7 +3197,7 @@ error:
 bool
 tls_multi_process (struct tls_multi *multi,
 		   struct buffer *to_link,
-		   struct sockaddr_in *to_link_addr,
+		   struct link_socket_actual **to_link_addr,
 		   struct link_socket_info *to_link_socket_info,
 		   interval_t *wakeup)
 {
@@ -3223,7 +3223,7 @@ tls_multi_process (struct tls_multi *multi,
 
       /* set initial remote address */
       if (i == TM_ACTIVE && ks->state == S_INITIAL &&
-	  addr_defined (&to_link_socket_info->lsa->actual))
+	  link_socket_actual_defined (&to_link_socket_info->lsa->actual))
 	ks->remote_addr = to_link_socket_info->lsa->actual;
 
       dmsg (D_TLS_DEBUG,
@@ -3232,17 +3232,30 @@ tls_multi_process (struct tls_multi *multi,
 	   state_name (ks->state),
 	   session_id_print (&session->session_id, &gc),
 	   session_id_print (&ks->session_id_remote, &gc),
-	   print_sockaddr (&ks->remote_addr, &gc));
+	   print_link_socket_actual (&ks->remote_addr, &gc));
 
-      if (ks->state >= S_INITIAL && addr_defined (&ks->remote_addr))
+      if (ks->state >= S_INITIAL && link_socket_actual_defined (&ks->remote_addr))
 	{
+	  struct link_socket_actual *tla = NULL;
+
 	  update_time ();
 
-	  if (tls_process (multi, session, to_link, to_link_addr,
+	  if (tls_process (multi, session, to_link, &tla,
 			   to_link_socket_info, wakeup))
 	    active = true;
 
 	  /*
+	   * If tls_process produced an outgoing packet,
+	   * return the link_socket_actual object (which
+	   * contains the outgoing address).
+	   */
+	  if (tla)
+	    {
+	      multi->to_link_addr = *tla;
+	      *to_link_addr = &multi->to_link_addr;
+	    }
+
+	  /*
 	   * If tls_process hits an error:
 	   * (1) If the session has an unexpired lame duck key, preserve it.
 	   * (2) Reinitialize the session.
@@ -3361,7 +3374,7 @@ tls_multi_process (struct tls_multi *multi,
 
 bool
 tls_pre_decrypt (struct tls_multi *multi,
-		 struct sockaddr_in *from,
+		 const struct link_socket_actual *from,
 		 struct buffer *buf,
 		 struct crypto_options *opt)
 {
@@ -3403,7 +3416,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 	      if (DECRYPT_KEY_ENABLED (multi, ks)
 		  && key_id == ks->key_id
 		  && ks->authenticated
-		  && addr_port_match(from, &ks->remote_addr))
+		  && link_socket_actual_match (from, &ks->remote_addr))
 		{
 		  /* return appropriate data channel decrypt key in opt */
 		  opt->key_ctx_bi = &ks->key;
@@ -3416,7 +3429,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 		  ks->n_bytes += buf->len;
 		  dmsg (D_TLS_DEBUG,
 		       "TLS: data channel, key_id=%d, IP=%s",
-		       key_id, print_sockaddr (from, &gc));
+		       key_id, print_link_socket_actual (from, &gc));
 		  gc_free (&gc);
 		  return ret;
 		}
@@ -3429,14 +3442,14 @@ tls_pre_decrypt (struct tls_multi *multi,
 		       key_id,
 		       ks->key_id,
 		       ks->authenticated,
-		       addr_port_match (from, &ks->remote_addr));
+		       link_socket_actual_match (from, &ks->remote_addr));
 		}
 #endif
 	    }
 
 	  msg (D_TLS_ERRORS,
 	       "TLS Error: local/remote TLS keys are out of sync: %s [%d]",
-	       print_sockaddr (from, &gc), key_id);
+	       print_link_socket_actual (from, &gc), key_id);
 	  goto error;
 	}
       else			  /* control channel packet */
@@ -3450,7 +3463,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 	    {
 	      msg (D_TLS_ERRORS,
 		   "TLS Error: unknown opcode received from %s op=%d",
-		   print_sockaddr (from, &gc), op);
+		   print_link_socket_actual (from, &gc), op);
 	      goto error;
 	    }
 
@@ -3465,7 +3478,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 		{
 		  msg (D_TLS_ERRORS,
 		       "TLS Error: client->client or server->server connection attempted from %s",
-		       print_sockaddr (from, &gc));
+		       print_link_socket_actual (from, &gc));
 		  goto error;
 		}
 	    }
@@ -3474,7 +3487,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 	   * Authenticate Packet
 	   */
 	  dmsg (D_TLS_DEBUG, "TLS: control channel, op=%s, IP=%s",
-	       packet_opcode_name (op), print_sockaddr (from, &gc));
+	       packet_opcode_name (op), print_link_socket_actual (from, &gc));
 
 	  /* get remote session-id */
 	  {
@@ -3484,7 +3497,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 	      {
 		msg (D_TLS_ERRORS,
 		     "TLS Error: session-id not found in packet from %s",
-		     print_sockaddr (from, &gc));
+		     print_link_socket_actual (from, &gc));
 		goto error;
 	      }
 	  }
@@ -3501,9 +3514,9 @@ tls_pre_decrypt (struct tls_multi *multi,
 		   state_name (ks->state),
 		   session_id_print (&session->session_id, &gc),
 		   session_id_print (&sid, &gc),
-		   print_sockaddr (from, &gc),
+		   print_link_socket_actual (from, &gc),
 		   session_id_print (&ks->session_id_remote, &gc),
-		   print_sockaddr (&ks->remote_addr, &gc));
+		   print_link_socket_actual (&ks->remote_addr, &gc));
 
 	      if (session_id_equal (&ks->session_id_remote, &sid))
 		/* found a match */
@@ -3548,7 +3561,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 		    {
 		      msg (D_TLS_ERRORS,
 			   "TLS Error: Cannot accept new session request from %s due to --single-session [1]",
-			   print_sockaddr (from, &gc));
+			   print_link_socket_actual (from, &gc));
 		      goto error;
 		    }
 
@@ -3564,13 +3577,13 @@ tls_pre_decrypt (struct tls_multi *multi,
 
 		  msg (D_TLS_DEBUG_LOW,
 		       "TLS: Initial packet from %s, sid=%s",
-		       print_sockaddr (from, &gc),
+		       print_link_socket_actual (from, &gc),
 		       session_id_print (&sid, &gc));
 
 		  do_burst = true;
 		  new_link = true;
 		  i = TM_ACTIVE;
-		  session->untrusted_sockaddr = *from;
+		  session->untrusted_addr = *from;
 		}
 	    }
 
@@ -3590,7 +3603,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 		{
 		  msg (D_TLS_ERRORS,
 		       "TLS Error: Cannot accept new session request from %s due to --single-session [2]",
-		       print_sockaddr (from, &gc));
+		       print_link_socket_actual (from, &gc));
 		  goto error;
 		}
 	      
@@ -3613,11 +3626,11 @@ tls_pre_decrypt (struct tls_multi *multi,
 	       */
 	      msg (D_TLS_DEBUG_LOW,
 		   "TLS: new session incoming connection from %s",
-		   print_sockaddr (from, &gc));
+		   print_link_socket_actual (from, &gc));
 
 	      new_link = true;
 	      i = TM_UNTRUSTED;
-	      session->untrusted_sockaddr = *from;
+	      session->untrusted_addr = *from;
 	    }
 	  else
 	    {
@@ -3631,7 +3644,7 @@ tls_pre_decrypt (struct tls_multi *multi,
 		{
 		  msg (D_TLS_ERRORS,
 		       "TLS Error: Unroutable control packet received from %s (si=%d op=%s)",
-		       print_sockaddr (from, &gc),
+		       print_link_socket_actual (from, &gc),
 		       i,
 		       packet_opcode_name (op));
 		  goto error;
@@ -3640,10 +3653,10 @@ tls_pre_decrypt (struct tls_multi *multi,
 	      /*
 	       * Verify remote IP address
 	       */
-	      if (!new_link && !addr_port_match (&ks->remote_addr, from))
+	      if (!new_link && !link_socket_actual_match (&ks->remote_addr, from))
 		{
 		  msg (D_TLS_ERRORS, "TLS Error: Received control packet from unexpected IP addr: %s",
-		      print_sockaddr (from, &gc));
+		      print_link_socket_actual (from, &gc));
 		  goto error;
 		}
 
@@ -3705,11 +3718,11 @@ tls_pre_decrypt (struct tls_multi *multi,
 		ks->remote_addr = *from;
 		++multi->n_sessions;
 	      }
-	    else if (!addr_port_match (&ks->remote_addr, from))
+	    else if (!link_socket_actual_match (&ks->remote_addr, from))
 	      {
 		msg (D_TLS_ERRORS,
 		     "TLS Error: Existing session control channel packet from unknown IP address: %s",
-		     print_sockaddr (from, &gc));
+		     print_link_socket_actual (from, &gc));
 		goto error;
 	      }
 
@@ -3807,8 +3820,9 @@ tls_pre_decrypt (struct tls_multi *multi,
  */
 bool
 tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
-		      const struct sockaddr_in *from,
+		      const struct link_socket_actual *from,
 		      const struct buffer *buf)
+
 {
   struct gc_arena gc = gc_new ();
   bool ret = false;
@@ -3835,7 +3849,7 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
 	   */
 	  dmsg (D_TLS_STATE_ERRORS,
 	       "TLS State Error: No TLS state for client %s, opcode=%d",
-	       print_sockaddr (from, &gc),
+	       print_link_socket_actual (from, &gc),
 	       op);
 	  goto error;
 	}
@@ -3845,7 +3859,7 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
 	  dmsg (D_TLS_STATE_ERRORS,
 	       "TLS State Error: Unknown key ID (%d) received from %s -- 0 was expected",
 	       key_id,
-	       print_sockaddr (from, &gc));
+	       print_link_socket_actual (from, &gc));
 	  goto error;
 	}
 
@@ -3854,7 +3868,7 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
 	  dmsg (D_TLS_STATE_ERRORS,
 	       "TLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expected",
 	       buf->len,
-	       print_sockaddr (from, &gc),
+	       print_link_socket_actual (from, &gc),
 	       EXPANDED_SIZE_DYNAMIC (&tas->frame));
 	  goto error;
 	}