1/* 2 * OpenVPN -- An application to securely tunnel IP networks 3 * over a single UDP port, with support for SSL/TLS-based 4 * session authentication and key exchange, 5 * packet encryption, packet authentication, and 6 * packet compression. 7 * 8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program (see the file COPYING included with this 21 * distribution); if not, write to the Free Software Foundation, Inc., 22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23 */ 24 25#ifndef SYSHEAD_H 26#define SYSHEAD_H 27 28#include "compat.h" 29#include "compat-stdbool.h" 30 31/* branch prediction hints */ 32#if defined(__GNUC__) 33# define likely(x) __builtin_expect((x),1) 34# define unlikely(x) __builtin_expect((x),0) 35#else 36# define likely(x) (x) 37# define unlikely(x) (x) 38#endif 39 40#ifdef WIN32 41#include <windows.h> 42#include <winsock2.h> 43#define sleep(x) Sleep((x)*1000) 44#define random rand 45#define srandom srand 46#endif 47 48#if defined(__APPLE__) 49#if __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ >= 1070 50#define __APPLE_USE_RFC_3542 1 51#endif 52#endif 53 54#ifdef HAVE_SYS_TYPES_H 55#include <sys/types.h> 56#endif 57 58#ifdef HAVE_SYS_WAIT_H 59# include <sys/wait.h> 60#endif 61 62#ifndef WIN32 63#ifndef WEXITSTATUS 64# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) 65#endif 66#ifndef WIFEXITED 67# define WIFEXITED(stat_val) (((stat_val) & 255) == 0) 68#endif 69#endif 70 71#ifdef HAVE_SYS_TIME_H 72#include <sys/time.h> 73#endif 74 75#ifdef HAVE_TIME_H 76#include <time.h> 77#endif 78 79#ifdef HAVE_SYS_SOCKET_H 80#include <sys/socket.h> 81#endif 82 83#ifdef HAVE_SYS_UN_H 84#include <sys/un.h> 85#endif 86 87#ifdef HAVE_SYS_IOCTL_H 88#include <sys/ioctl.h> 89#endif 90 91#ifdef HAVE_SYS_STAT_H 92#include <sys/stat.h> 93#endif 94 95#ifdef HAVE_FCNTL_H 96#include <fcntl.h> 97#endif 98 99#ifdef HAVE_DIRECT_H 100#include <direct.h> 101#endif 102 103#ifdef HAVE_IO_H 104#include <io.h> 105#endif 106 107#ifdef HAVE_SYS_FILE_H 108#include <sys/file.h> 109#endif 110 111#ifdef HAVE_STDLIB_H 112#include <stdlib.h> 113#endif 114 115#ifdef HAVE_INTTYPES_H 116#include <inttypes.h> 117#elif defined(HAVE_STDINT_H) 118#include <stdint.h> 119#endif 120 121#ifdef HAVE_STDARG_H 122#include <stdarg.h> 123#endif 124 125#ifdef HAVE_UNISTD_H 126#include <unistd.h> 127#endif 128 129#ifdef HAVE_SIGNAL_H 130#include <signal.h> 131#endif 132 133#ifdef HAVE_LIMITS_H 134#include <limits.h> 135#endif 136 137#ifdef HAVE_STDIO_H 138#include <stdio.h> 139#endif 140 141#ifdef HAVE_CTYPE_H 142#include <ctype.h> 143#endif 144 145#ifdef HAVE_ERRNO_H 146#include <errno.h> 147#endif 148 149#ifdef HAVE_ERR_H 150#include <err.h> 151#endif 152 153#ifdef HAVE_SYSLOG_H 154#include <syslog.h> 155#endif 156 157#ifdef HAVE_PWD_H 158#include <pwd.h> 159#endif 160 161#ifdef HAVE_GRP_H 162#include <grp.h> 163#endif 164 165#ifdef HAVE_NETDB_H 166#include <netdb.h> 167#endif 168 169#ifdef HAVE_NETINET_IN_H 170#include <netinet/in.h> 171#endif 172 173#ifdef HAVE_RESOLV_H 174#include <resolv.h> 175#endif 176 177#ifdef HAVE_SYS_POLL_H 178#include <sys/poll.h> 179#endif 180 181#ifdef HAVE_SYS_EPOLL_H 182#include <sys/epoll.h> 183#endif 184 185#ifdef ENABLE_SELINUX 186#include <selinux/selinux.h> 187#endif 188 189#if defined(HAVE_LIBGEN_H) 190#include <libgen.h> 191#endif 192 193#ifdef TARGET_SOLARIS 194#ifdef HAVE_STRINGS_H 195#include <strings.h> 196#endif 197#else 198#ifdef HAVE_STRING_H 199#include <string.h> 200#endif 201#endif 202 203#ifdef HAVE_ARPA_INET_H 204#include <arpa/inet.h> 205#endif 206 207#ifdef HAVE_NET_IF_H 208#include <net/if.h> 209#endif 210 211#ifdef TARGET_NETBSD 212#include <net/if_tap.h> 213#endif 214 215#ifdef TARGET_LINUX 216 217#if defined(HAVE_NETINET_IF_ETHER_H) 218#include <netinet/if_ether.h> 219#endif 220 221#ifdef HAVE_LINUX_IF_TUN_H 222#include <linux/if_tun.h> 223#endif 224 225#ifdef HAVE_NETINET_IP_H 226#include <netinet/ip.h> 227#endif 228 229#ifdef HAVE_LINUX_SOCKIOS_H 230#include <linux/sockios.h> 231#endif 232 233#ifdef HAVE_LINUX_TYPES_H 234#include <linux/types.h> 235#endif 236 237#ifdef HAVE_LINUX_ERRQUEUE_H 238#include <linux/errqueue.h> 239#endif 240 241#ifdef HAVE_NETINET_TCP_H 242#include <netinet/tcp.h> 243#endif 244 245#endif /* TARGET_LINUX */ 246 247#ifdef TARGET_SOLARIS 248 249#ifdef HAVE_STROPTS_H 250#include <stropts.h> 251#undef S_ERROR 252#endif 253 254#ifdef HAVE_NET_IF_TUN_H 255#include <net/if_tun.h> 256#endif 257 258#ifdef HAVE_SYS_SOCKIO_H 259#include <sys/sockio.h> 260#endif 261 262#ifdef HAVE_NETINET_IN_SYSTM_H 263#include <netinet/in_systm.h> 264#endif 265 266#ifdef HAVE_NETINET_IP_H 267#include <netinet/ip.h> 268#endif 269 270#ifdef HAVE_NETINET_TCP_H 271#include <netinet/tcp.h> 272#endif 273 274#endif /* TARGET_SOLARIS */ 275 276#ifdef TARGET_OPENBSD 277 278#ifdef HAVE_SYS_UIO_H 279#include <sys/uio.h> 280#endif 281 282#ifdef HAVE_NETINET_IN_SYSTM_H 283#include <netinet/in_systm.h> 284#endif 285 286#ifdef HAVE_NETINET_IP_H 287#include <netinet/ip.h> 288#endif 289 290#ifdef HAVE_NET_IF_TUN_H 291#include <net/if_tun.h> 292#endif 293 294#endif /* TARGET_OPENBSD */ 295 296#ifdef TARGET_FREEBSD 297 298#ifdef HAVE_SYS_UIO_H 299#include <sys/uio.h> 300#endif 301 302#ifdef HAVE_NETINET_IN_SYSTM_H 303#include <netinet/in_systm.h> 304#endif 305 306#ifdef HAVE_NETINET_IP_H 307#include <netinet/ip.h> 308#endif 309 310#ifdef HAVE_NETINET_TCP_H 311#include <netinet/tcp.h> 312#endif 313 314#ifdef HAVE_NET_IF_TUN_H 315#include <net/if_tun.h> 316#endif 317 318#endif /* TARGET_FREEBSD */ 319 320#ifdef TARGET_NETBSD 321 322#ifdef HAVE_NET_IF_TUN_H 323#include <net/if_tun.h> 324#endif 325 326#ifdef HAVE_NETINET_TCP_H 327#include <netinet/tcp.h> 328#endif 329 330#endif /* TARGET_NETBSD */ 331 332#ifdef TARGET_DRAGONFLY 333 334#ifdef HAVE_SYS_UIO_H 335#include <sys/uio.h> 336#endif 337 338#ifdef HAVE_NETINET_IN_SYSTM_H 339#include <netinet/in_systm.h> 340#endif 341 342#ifdef HAVE_NETINET_IP_H 343#include <netinet/ip.h> 344#endif 345 346#ifdef HAVE_NET_TUN_IF_TUN_H 347#include <net/tun/if_tun.h> 348#endif 349 350#endif /* TARGET_DRAGONFLY */ 351 352#ifdef WIN32 353#include <iphlpapi.h> 354#include <ntddndis.h> 355#include <wininet.h> 356#include <shellapi.h> 357/* The following two headers are needed of PF_INET6 */ 358#include <winsock2.h> 359#include <ws2tcpip.h> 360#endif 361 362#ifdef HAVE_SYS_MMAN_H 363#ifdef TARGET_DARWIN 364#define _P1003_1B_VISIBLE 365#endif /* TARGET_DARWIN */ 366#include <sys/mman.h> 367#endif 368 369/* 370 * Pedantic mode is meant to accomplish lint-style program checking, 371 * not to build a working executable. 372 */ 373#ifdef __STRICT_ANSI__ 374# define PEDANTIC 1 375# undef HAVE_CPP_VARARG_MACRO_GCC 376# undef HAVE_CPP_VARARG_MACRO_ISO 377# undef EMPTY_ARRAY_SIZE 378# define EMPTY_ARRAY_SIZE 1 379# undef inline 380# define inline 381#else 382# define PEDANTIC 0 383#endif 384 385/* 386 * Do we have the capability to support the --passtos option? 387 */ 388#if defined(IPPROTO_IP) && defined(IP_TOS) && defined(HAVE_SETSOCKOPT) 389#define PASSTOS_CAPABILITY 1 390#else 391#define PASSTOS_CAPABILITY 0 392#endif 393 394/* 395 * Do we have nanoseconds gettimeofday? 396 */ 397#if defined(HAVE_GETTIMEOFDAY) || defined(WIN32) 398#define HAVE_GETTIMEOFDAY_NANOSECONDS 1 399#endif 400 401/* 402 * do we have the MIN() macro? 403 */ 404#ifndef MIN 405#define MIN(a,b) (((a)<(b))?(a):(b)) 406#endif 407 408/* 409 * Do we have the capability to report extended socket errors? 410 */ 411#if defined(HAVE_LINUX_TYPES_H) && defined(HAVE_LINUX_ERRQUEUE_H) && defined(HAVE_SOCK_EXTENDED_ERR) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(IP_RECVERR) && defined(MSG_ERRQUEUE) && defined(SOL_IP) && defined(HAVE_IOVEC) 412#define EXTENDED_SOCKET_ERROR_CAPABILITY 1 413#else 414#define EXTENDED_SOCKET_ERROR_CAPABILITY 0 415#endif 416 417/* 418 * Does this platform support linux-style IP_PKTINFO 419 * or bsd-style IP_RECVDSTADDR ? 420 */ 421#if defined(ENABLE_MULTIHOME) && ((defined(HAVE_IN_PKTINFO)&&defined(IP_PKTINFO)) || defined(IP_RECVDSTADDR)) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG) 422#define ENABLE_IP_PKTINFO 1 423#else 424#define ENABLE_IP_PKTINFO 0 425#endif 426 427/* 428 * Does this platform define SOL_IP 429 * or only bsd-style IPPROTO_IP ? 430 */ 431#ifndef SOL_IP 432#define SOL_IP IPPROTO_IP 433#endif 434 435/* 436 * Disable ESEC 437 */ 438#if 0 439#undef EXTENDED_SOCKET_ERROR_CAPABILITY 440#define EXTENDED_SOCKET_ERROR_CAPABILITY 0 441#endif 442 443/* 444 * Do we have a syslog capability? 445 */ 446#if defined(HAVE_OPENLOG) && defined(HAVE_SYSLOG) 447#define SYSLOG_CAPABILITY 1 448#else 449#define SYSLOG_CAPABILITY 0 450#endif 451 452/* 453 * Does this OS draw a distinction between binary and ascii files? 454 */ 455#ifndef O_BINARY 456#define O_BINARY 0 457#endif 458 459/* 460 * Directory separation char 461 */ 462#ifdef WIN32 463#define OS_SPECIFIC_DIRSEP '\\' 464#else 465#define OS_SPECIFIC_DIRSEP '/' 466#endif 467 468/* 469 * Define a boolean value based 470 * on Win32 status. 471 */ 472#ifdef WIN32 473#define WIN32_0_1 1 474#else 475#define WIN32_0_1 0 476#endif 477 478/* 479 * Our socket descriptor type. 480 */ 481#ifdef WIN32 482#define SOCKET_UNDEFINED (INVALID_SOCKET) 483typedef SOCKET socket_descriptor_t; 484#else 485#define SOCKET_UNDEFINED (-1) 486typedef int socket_descriptor_t; 487#endif 488 489static inline int 490socket_defined (const socket_descriptor_t sd) 491{ 492 return sd != SOCKET_UNDEFINED; 493} 494 495/* 496 * Should statistics counters be 64 bits? 497 */ 498#define USE_64_BIT_COUNTERS 499 500/* 501 * Should we enable the use of execve() for calling subprocesses, 502 * instead of system()? 503 */ 504#if defined(HAVE_EXECVE) && defined(HAVE_FORK) 505#define ENABLE_FEATURE_EXECVE 506#endif 507 508/* 509 * Do we have point-to-multipoint capability? 510 */ 511 512#if defined(ENABLE_CLIENT_SERVER) && defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined(HAVE_GETTIMEOFDAY_NANOSECONDS) 513#define P2MP 1 514#else 515#define P2MP 0 516#endif 517 518#if P2MP && !defined(ENABLE_CLIENT_ONLY) 519#define P2MP_SERVER 1 520#else 521#define P2MP_SERVER 0 522#endif 523 524/* 525 * HTTPS port sharing capability 526 */ 527#if defined(ENABLE_PORT_SHARE) && P2MP_SERVER && defined(SCM_RIGHTS) && defined(HAVE_MSGHDR) && defined(HAVE_CMSGHDR) && defined(HAVE_IOVEC) && defined(CMSG_FIRSTHDR) && defined(CMSG_NXTHDR) && defined(HAVE_RECVMSG) && defined(HAVE_SENDMSG) 528#define PORT_SHARE 1 529#else 530#define PORT_SHARE 0 531#endif 532 533/* 534 * Enable deferred authentication? 535 */ 536#if defined(ENABLE_DEF_AUTH) && P2MP_SERVER && defined(ENABLE_PLUGIN) 537#define PLUGIN_DEF_AUTH 538#endif 539#if defined(ENABLE_DEF_AUTH) && P2MP_SERVER && defined(ENABLE_MANAGEMENT) 540#define MANAGEMENT_DEF_AUTH 541#endif 542#if !defined(PLUGIN_DEF_AUTH) && !defined(MANAGEMENT_DEF_AUTH) 543#undef ENABLE_DEF_AUTH 544#endif 545 546/* 547 * Enable external private key 548 */ 549#if defined(ENABLE_MANAGEMENT) && defined(ENABLE_SSL) && !defined(ENABLE_CRYPTO_POLARSSL) 550#define MANAGMENT_EXTERNAL_KEY 551#endif 552 553/* Enable PolarSSL RNG prediction resistance support */ 554#ifdef ENABLE_CRYPTO_POLARSSL 555#define ENABLE_PREDICTION_RESISTANCE 556#endif /* ENABLE_CRYPTO_POLARSSL */ 557 558/* 559 * MANAGEMENT_IN_EXTRA allows the management interface to 560 * read multi-line inputs from clients. 561 */ 562#if defined(MANAGEMENT_DEF_AUTH) || defined(MANAGMENT_EXTERNAL_KEY) 563#define MANAGEMENT_IN_EXTRA 564#endif 565 566/* 567 * Enable packet filter? 568 */ 569#if defined(ENABLE_PF) && P2MP_SERVER && defined(ENABLE_PLUGIN) && defined(HAVE_STAT) 570#define PLUGIN_PF 571#endif 572#if defined(ENABLE_PF) && P2MP_SERVER && defined(MANAGEMENT_DEF_AUTH) 573#define MANAGEMENT_PF 574#endif 575#if !defined(PLUGIN_PF) && !defined(MANAGEMENT_PF) 576#undef ENABLE_PF 577#endif 578 579/* 580 * Do we support Unix domain sockets? 581 */ 582#if defined(PF_UNIX) && !defined(WIN32) 583#define UNIX_SOCK_SUPPORT 1 584#else 585#define UNIX_SOCK_SUPPORT 0 586#endif 587 588/* 589 * Compile the struct buffer_list code 590 */ 591#define ENABLE_BUFFER_LIST 592 593/* 594 * Should we include OCC (options consistency check) code? 595 */ 596#ifndef ENABLE_SMALL 597#define ENABLE_OCC 598#endif 599 600/* 601 * Should we include NTLM proxy functionality 602 */ 603#if defined(ENABLE_CRYPTO) && defined(ENABLE_HTTP_PROXY) 604#define NTLM 1 605#else 606#define NTLM 0 607#endif 608 609/* 610 * Should we include proxy digest auth functionality 611 */ 612#if defined(ENABLE_CRYPTO) && defined(ENABLE_HTTP_PROXY) 613#define PROXY_DIGEST_AUTH 1 614#else 615#define PROXY_DIGEST_AUTH 0 616#endif 617 618/* 619 * Should we include code common to all proxy methods? 620 */ 621#if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_SOCKS) 622#define GENERAL_PROXY_SUPPORT 623#endif 624 625/* 626 * Do we have CryptoAPI capability? 627 */ 628#if defined(WIN32) && defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) 629#define ENABLE_CRYPTOAPI 630#endif 631 632/* 633 * Enable x509-track feature? 634 */ 635#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined (ENABLE_CRYPTO_OPENSSL) 636#define ENABLE_X509_TRACK 637#endif 638 639/* 640 * Is poll available on this platform? 641 */ 642#if defined(HAVE_POLL) && defined(HAVE_SYS_POLL_H) 643#define POLL 1 644#else 645#define POLL 0 646#endif 647 648/* 649 * Is epoll available on this platform? 650 */ 651#if defined(HAVE_EPOLL_CREATE) && defined(HAVE_SYS_EPOLL_H) 652#define EPOLL 1 653#else 654#define EPOLL 0 655#endif 656 657/* Disable EPOLL */ 658#if 0 659#undef EPOLL 660#define EPOLL 0 661#endif 662 663/* 664 * Should we include http proxy override functionality 665 */ 666#if defined(ENABLE_MANAGEMENT) && defined(ENABLE_HTTP_PROXY) 667#define HTTP_PROXY_OVERRIDE 1 668#else 669#define HTTP_PROXY_OVERRIDE 0 670#endif 671 672/* 673 * Reduce sensitivity to system clock instability 674 * and backtracks. 675 */ 676#if defined(HAVE_GETTIMEOFDAY_NANOSECONDS) 677#define TIME_BACKTRACK_PROTECTION 1 678#endif 679 680/* 681 * Enable traffic shaper. 682 */ 683#if defined(HAVE_GETTIMEOFDAY_NANOSECONDS) 684#define ENABLE_FEATURE_SHAPER 1 685#endif 686 687/* 688 * Is non-blocking connect() supported? 689 */ 690#if defined(HAVE_GETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_ERROR) && defined(EINPROGRESS) && defined(ETIMEDOUT) 691#define CONNECT_NONBLOCK 692#endif 693 694/* 695 * Do we have the capability to support the AUTO_USERID feature? 696 */ 697#if defined(ENABLE_AUTO_USERID) 698#define AUTO_USERID 1 699#else 700#define AUTO_USERID 0 701#endif 702 703/* 704 * Do we support challenge/response authentication as client? 705 */ 706#if defined(ENABLE_MANAGEMENT) 707#define ENABLE_CLIENT_CR 708#endif 709 710/* 711 * Do we support pushing peer info? 712 */ 713#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) 714#define ENABLE_PUSH_PEER_INFO 715#endif 716 717/* 718 * Do we support internal client-side NAT? 719 */ 720#define ENABLE_CLIENT_NAT 721 722/* 723 * Enable --memstats option 724 */ 725#ifdef TARGET_LINUX 726#define ENABLE_MEMSTATS 727#endif 728 729extern int ambitWriteLog(char *pcLog, int iLen);//allenwen add for openvpn log 730 731#endif 732