@@ -3,8 +3,10 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>

 $Id$

-2006.xx.xx -- Version 2.1-beta9

+2006.02.16 -- Version 2.1-beta9

+* Added --port-share option for allowing OpenVPN and HTTPS

+  server to share the same port number.

 * Added --management-client option to connect as a client

   to management GUI app rather than be connected to as a

   server.

@@ -79,6 +79,7 @@ openvpn_SOURCES = \

 	pool.c pool.h \

 	proto.c proto.h \

 	proxy.c proxy.h \

+        ps.c ps.h \

 	push.c push.h \

 	reliable.c reliable.h \

 	route.c route.h \

@@ -25,7 +25,7 @@ dnl Process this file with autoconf to produce a configure script.

 AC_PREREQ(2.50)

-AC_INIT([OpenVPN], [2.1_beta8b], [openvpn-users@lists.sourceforge.net], [openvpn])

+AC_INIT([OpenVPN], [2.1_beta8c], [openvpn-users@lists.sourceforge.net], [openvpn])

 AM_CONFIG_HEADER(config.h)

 AC_CONFIG_SRCDIR(syshead.h)

@@ -101,6 +101,12 @@ AC_ARG_ENABLE(multihome,

    [MULTIHOME="yes"]

 )

+AC_ARG_ENABLE(port-share,

+   [  --disable-port-share    Disable TCP server port-share support (--port-share)],

+   [PORT_SHARE="$enableval"],

+   [PORT_SHARE="yes"]

+)

+

 AC_ARG_ENABLE(debug,

    [  --disable-debug         Disable debugging support (disable gremlin and verb 7+ messages)],

    [DEBUG="$enableval"],

@@ -636,6 +642,11 @@ if test "$FRAGMENT" = "yes"; then

    AC_DEFINE(ENABLE_FRAGMENT, 1, [Enable internal fragmentation support])

 fi

+dnl enable --port-share

+if test "$PORT_SHARE" = "yes"; then

+   AC_DEFINE(ENABLE_PORT_SHARE, 1, [Enable TCP Server port sharing])

+fi

+

 dnl enable strict compiler warnings

 if test "$STRICT" = "yes"; then

    CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wsign-compare -Wno-unused-parameter -Wno-unused-function"

@@ -93,6 +93,7 @@

 #define D_SCHED_EXIT         LOGLEV(3, 42, 0)        /* show arming of scheduled exit */

 #define D_ROUTE_QUOTA        LOGLEV(3, 43, 0)        /* show route quota exceeded messages */

 #define D_OSBUF              LOGLEV(3, 44, 0)        /* show socket/tun/tap buffer sizes */

+#define D_PS_PROXY           LOGLEV(3, 45, 0)        /* messages related to --port-share option */

 #define D_SHOW_PARMS         LOGLEV(4, 50, 0)        /* show all parameters on program initiation */

 #define D_SHOW_OCC           LOGLEV(4, 51, 0)        /* show options compatibility string */

@@ -132,6 +133,7 @@

 #define D_ALIGN_DEBUG        LOGLEV(7, 70, M_DEBUG)  /* show verbose struct alignment info */

 #define D_PACKET_TRUNC_DEBUG LOGLEV(7, 70, M_DEBUG)  /* PACKET_TRUNCATION_CHECK verbose */

 #define D_PING               LOGLEV(7, 70, M_DEBUG)  /* PING send/receive messages */

+#define D_PS_PROXY_DEBUG     LOGLEV(7, 70, M_DEBUG)  /* port share proxy debug */

 #define D_HANDSHAKE_VERBOSE  LOGLEV(8, 70, M_DEBUG)  /* show detailed description of each handshake */

 #define D_TLS_DEBUG_MED      LOGLEV(8, 70, M_DEBUG)  /* limited info from tls_session routines */

@@ -41,6 +41,7 @@

 #include "perf.h"

 #include "status.h"

 #include "integer.h"

+#include "ps.h"

 #ifdef USE_CRYPTO

 #include <openssl/err.h>

@@ -88,6 +89,15 @@ static char *pgmname_syslog;  /* GLOBAL */

 /* If non-null, messages should be written here (used for debugging only) */

 static FILE *msgfp;         /* GLOBAL */

+/* If true, we forked from main OpenVPN process */

+static bool forked;         /* GLOBAL */

+

+void

+msg_forked (void)

+{

+  forked = true;

+}

+

 bool

 set_debug_level (const int level, const unsigned int flags)

 {

@@ -270,21 +280,22 @@ void x_msg (const unsigned int flags, const char *format, ...)

     prefix_sep = prefix = "";

   /* virtual output capability used to copy output to management subsystem */

-  {

-    const struct virtual_output *vo = msg_get_virtual_output ();

-    if (vo)

-      {

-	openvpn_snprintf (m2, ERR_BUF_SIZE, "%s%s%s",

-			  prefix,

-			  prefix_sep,

-			  m1);

-	virtual_output_print (vo, flags, m2);

-      }

-  }

+  if (!forked)

+    {

+      const struct virtual_output *vo = msg_get_virtual_output ();

+      if (vo)

+	{

+	  openvpn_snprintf (m2, ERR_BUF_SIZE, "%s%s%s",

+			    prefix,

+			    prefix_sep,

+			    m1);

+	  virtual_output_print (vo, flags, m2);

+	}

+    }

   if (!(flags & M_MSG_VIRT_OUT))

     {

-      if (use_syslog && !std_redir)

+      if (use_syslog && !std_redir && !forked)

 	{

 #if SYSLOG_CAPABILITY

 	  syslog (level, "%s%s%s",

@@ -674,6 +685,11 @@ openvpn_exit (const int status)

   plugin_abort ();

 #endif

+#if PORT_SHARE

+  if (port_share)

+    port_share_abort (port_share);

+#endif

+

 #ifdef ABORT_ON_ERROR

   if (status == OPENVPN_EXIT_STATUS_ERROR)

     abort ();

@@ -196,7 +196,7 @@ FILE *msg_fp(void);

 void assert_failed (const char *filename, int line);

 #ifdef ENABLE_DEBUG

-void crash (void); // force a segfault (debugging only)

+void crash (void); /* force a segfault (debugging only) */

 #endif

 /* Inline functions */

@@ -207,6 +207,9 @@ check_debug_level (unsigned int level)

   return (level & M_DEBUG_LEVEL) <= x_debug_level;

 }

+/* Call if we forked */

+void msg_forked (void);

+

 /* syslog output */

 void open_syslog (const char *pgmname, bool stdio_to_null);

@@ -33,9 +33,9 @@

  * rwflags passed to event_ctl and returned by

  * struct event_set_return.

  */

+#define EVENT_UNDEF    4

 #define EVENT_READ     (1<<0)

 #define EVENT_WRITE    (1<<1)

-

 /*

  * Initialization flags passed to event_set_init

  */

@@ -98,7 +98,8 @@ struct event_set *event_set_init (int *maxevents, unsigned int flags);

 static inline void

 event_free (struct event_set *es)

 {

-  (*es->func.free)(es);

+  if (es)

+    (*es->func.free)(es);

 }

 static inline void

@@ -36,25 +36,43 @@

 #include "memdbg.h"

 /* Set a file descriptor to non-blocking */

-void

-set_nonblock (int fd)

+bool

+set_nonblock_action (int fd)

 {

 #ifdef WIN32

   u_long arg = 1;

   if (ioctlsocket (fd, FIONBIO, &arg))

-    msg (M_SOCKERR, "Set socket to non-blocking mode failed");

+    return false;

 #else

   if (fcntl (fd, F_SETFL, O_NONBLOCK) < 0)

-    msg (M_ERR, "Set file descriptor to non-blocking mode failed");

+    return false;

 #endif

+  return true;

 }

 /* Set a file descriptor to not be passed across execs */

-void

-set_cloexec (int fd)

+bool

+set_cloexec_action (int fd)

 {

 #ifndef WIN32

   if (fcntl (fd, F_SETFD, FD_CLOEXEC) < 0)

-    msg (M_ERR, "Set FD_CLOEXEC flag on file descriptor failed");

+    return false;

 #endif

+  return true;

+}

+

+/* Set a file descriptor to non-blocking */

+void

+set_nonblock (int fd)

+{

+  if (!set_nonblock_action (fd))

+    msg (M_SOCKERR, "Set socket to non-blocking mode failed");

+}

+

+/* Set a file descriptor to not be passed across execs */

+void

+set_cloexec (int fd)

+{

+  if (!set_cloexec_action (fd))

+    msg (M_ERR, "Set FD_CLOEXEC flag on file descriptor failed");

 }

@@ -22,5 +22,10 @@

  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

  */

+#include "basic.h"

+

+bool set_nonblock_action (int fd);

+bool set_cloexec_action (int fd);

+

 void set_nonblock (int fd);

 void set_cloexec (int fd);

@@ -36,6 +36,7 @@

 #include "gremlin.h"

 #include "mss.h"

 #include "event.h"

+#include "ps.h"

 #include "memdbg.h"

@@ -640,18 +641,31 @@ read_incoming_link (struct context *c)

   if (socket_connection_reset (c->c2.link_socket, status))

     {

-      /* received a disconnect from a connection-oriented protocol */

-      if (c->options.inetd)

+#if PORT_SHARE

+      if (port_share && socket_foreign_protocol_detected (c->c2.link_socket))

 	{

+	  const struct buffer *fbuf = socket_foreign_protocol_head (c->c2.link_socket);

+	  const int sd = socket_foreign_protocol_sd (c->c2.link_socket);

+	  port_share_redirect (port_share, fbuf, sd);

 	  c->sig->signal_received = SIGTERM;

-	  msg (D_STREAM_ERRORS, "Connection reset, inetd/xinetd exit [%d]", status);

+	  c->sig->signal_text = "port-share-redirect";

 	}

       else

-	{

-	  c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- TCP connection reset */

-	  msg (D_STREAM_ERRORS, "Connection reset, restarting [%d]", status);

-	}

-      c->sig->signal_text = "connection-reset";

+#endif

+      {

+	/* received a disconnect from a connection-oriented protocol */

+	if (c->options.inetd)

+	  {

+	    c->sig->signal_received = SIGTERM;

+	    msg (D_STREAM_ERRORS, "Connection reset, inetd/xinetd exit [%d]", status);

+	  }

+	else

+	  {

+	    c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- TCP connection reset */

+	    msg (D_STREAM_ERRORS, "Connection reset, restarting [%d]", status);

+	  }

+	c->sig->signal_text = "connection-reset";

+      }

       perf_pop ();

       return;

     }

@@ -39,6 +39,7 @@

 #include "pool.h"

 #include "gremlin.h"

 #include "pkcs11.h"

+#include "ps.h"

 #include "memdbg.h"

@@ -191,6 +192,32 @@ context_gc_free (struct context *c)

   gc_free (&c->gc);

 }

+#if PORT_SHARE

+

+static void

+close_port_share (void)

+{

+  if (port_share)

+    {

+      port_share_close (port_share);

+      port_share = NULL;

+    }

+}

+

+static void

+init_port_share (struct context *c)

+{

+  if (!port_share && (c->options.port_share_host && c->options.port_share_port))

+    {

+      port_share = port_share_open (c->options.port_share_host,

+				    c->options.port_share_port);

+      if (port_share == NULL)

+	msg (M_FATAL, "Fatal error: Port sharing failed");

+    }

+}

+

+#endif

+

 bool

 init_static (void)

 {

@@ -274,6 +301,10 @@ uninit_static (void)

   pkcs11_terminate ();

 #endif

+#if PORT_SHARE

+  close_port_share ();

+#endif

+

 #if defined(MEASURE_TLS_HANDSHAKE_STATS) && defined(USE_CRYPTO) && defined(USE_SSL)

   show_tls_performance_stats ();

 #endif

@@ -1490,6 +1521,11 @@ do_init_crypto_tls (struct context *c, const unsigned int flags)

   to.renegotiate_seconds = options->renegotiate_seconds;

   to.single_session = options->single_session;

+  /* should we not xmit any packets until we get an initial

+     response from client? */

+  if (to.server && options->proto == PROTO_TCPv4_SERVER)

+    to.xmit_hold = true;

+

 #ifdef ENABLE_OCC

   to.disable_occ = !options->occ;

 #endif

@@ -2659,6 +2695,12 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int

     open_plugins (c, false, OPENVPN_PLUGIN_INIT_POST_UID_CHANGE);

 #endif

+#if PORT_SHARE

+  /* share OpenVPN port with foreign (such as HTTPS) server */

+  if (c->first_time && (c->mode == CM_P2P || c->mode == CM_TOP))

+    init_port_share (c);

+#endif

+	  

   /* Check for signals */

   if (IS_SIG (c))

     goto sig;

@@ -217,6 +217,7 @@ openvpn \- secure IP tunnel daemon.

 [\ \fB\-\-pkcs12\fR\ \fIfile\fR\ ]

 [\ \fB\-\-plugin\fR\ \fImodule\-pathname\ init\-string\fR\ ]

 [\ \fB\-\-port\fR\ \fIport\fR\ ]

+[\ \fB\-\-port\-share\fR\ \fIhost\ port\fR\ ]

 [\ \fB\-\-proto\fR\ \fIp\fR\ ]

 [\ \fB\-\-pull\fR\ ]

 [\ \fB\-\-push\-reset\fR\ ]

@@ -2971,6 +2972,23 @@ authentication, use

 the authenticated username as the common name,

 rather than the common name from the client cert.

 .\"*********************************************************

+.TP

+.B --port-share host port

+When run in TCP server mode, share the OpenVPN port with

+another application, such as an HTTPS server.  If OpenVPN

+senses a connection to its port which is using a non-OpenVPN

+protocol, it will proxy the connection to the server at

+.B host:port.

+Currently only designed to work with HTTPS,

+though it would be theoretically possible to extend to

+other protocols such as ssh.

+

+Currently only implemented

+on Linux, though porting to BSDs should be straightforward.

+The reason for the non-portability is that the current implementation

+uses sendmsg and recvmsg for passing file descriptors between

+processes.

+.\"*********************************************************

 .SS Client Mode

 Use client mode when connecting to an OpenVPN server

 which has

@@ -192,7 +192,7 @@ main (int argc, char *argv[])

 	  if (!open_management (&c))

 	    break;

 #endif

-	  

+

 	  /* set certain options as environmental variables */

 	  setenv_settings (c.es, &c.options);

@@ -363,6 +363,10 @@ static const char usage_message[] =

   "--connect-freq n s : Allow a maximum of n new connections per s seconds.\n"

   "--max-clients n : Allow a maximum of n simultaneously connected clients.\n"

   "--max-routes-per-client n : Allow a maximum of n internal routes per client.\n"

+#if PORT_SHARE

+  "--port-share host port : When run in TCP mode, proxy incoming HTTPS sessions\n"

+  "                  to a web server at host:port.\n"

+#endif

 #endif

   "\n"

   "Client options (when connecting to a multi-client server):\n"

@@ -918,6 +922,10 @@ show_p2mp_parms (const struct options *o)

   SHOW_BOOL (username_as_common_name)

   SHOW_STR (auth_user_pass_verify_script);

   SHOW_BOOL (auth_user_pass_verify_script_via_file);

+#if PORT_SHARE

+  SHOW_STR (port_share_host);

+  SHOW_INT (port_share_port);

+#endif

 #endif /* P2MP_SERVER */

   SHOW_BOOL (client);

@@ -1594,6 +1602,10 @@ options_postprocess (struct options *options, bool first_time)

 	msg (M_USAGE, "--pull cannot be used with --mode server");

       if (!(options->proto == PROTO_UDPv4 || options->proto == PROTO_TCPv4_SERVER))

 	msg (M_USAGE, "--mode server currently only supports --proto udp or --proto tcp-server");

+#if PORT_SHARE

+      if ((options->port_share_host || options->port_share_port) && options->proto != PROTO_TCPv4_SERVER)

+	msg (M_USAGE, "--port-share only works in TCP server mode (--proto tcp-server)");

+#endif

       if (!options->tls_server)

 	msg (M_USAGE, "--mode server requires --tls-server");

       if (options->remote_list)

@@ -1682,6 +1694,11 @@ options_postprocess (struct options *options, bool first_time)

 	msg (M_USAGE, "--username-as-common-name requires --mode server");

       if (options->auth_user_pass_verify_script)

 	msg (M_USAGE, "--auth-user-pass-verify requires --mode server");

+#if PORT_SHARE

+      if (options->port_share_host || options->port_share_port)

+	msg (M_USAGE, "--port-share requires TCP server mode (--mode server --proto tcp-server)");

+#endif

+

     }

 #endif /* P2MP_SERVER */

@@ -4234,6 +4251,23 @@ add_option (struct options *options,

 	msg (msglevel, "--tcp-queue-limit parameter must be > 0");

       options->tcp_queue_limit = tcp_queue_limit;

     }

+#if PORT_SHARE

+  else if (streq (p[0], "port-share") && p[1] && p[2])

+    {

+      int port;

+

+      VERIFY_PERMISSION (OPT_P_GENERAL);

+      port = atoi (p[2]);

+      if (!legal_ipv4_port (port))

+	{

+	  msg (msglevel, "port number associated with --port-share directive is out of range");

+	  goto err;

+	}

+

+      options->port_share_host = p[1];

+      options->port_share_port = port;

+    }

+#endif

   else if (streq (p[0], "client-to-client"))

     {

       VERIFY_PERMISSION (OPT_P_GENERAL);

@@ -344,6 +344,10 @@ struct options

   bool username_as_common_name;

   const char *auth_user_pass_verify_script;

   bool auth_user_pass_verify_script_via_file;

+#if PORT_SHARE

+  char *port_share_host;

+  int port_share_port;

+#endif

 #endif

   bool client;

new file mode 100644

@@ -0,0 +1,783 @@

+/*

+ *  OpenVPN -- An application to securely tunnel IP networks

+ *             over a single UDP port, with support for SSL/TLS-based

+ *             session authentication and key exchange,

+ *             packet encryption, packet authentication, and

+ *             packet compression.

+ *

+ *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2

+ *  as published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program (see the file COPYING included with this

+ *  distribution); if not, write to the Free Software Foundation, Inc.,

+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

+ */

+

+#ifdef WIN32

+#include "config-win32.h"

+#else

+#include "config.h"

+#endif

+

+#include "syshead.h"

+

+#if PORT_SHARE

+

+#include "event.h"

+#include "socket.h"

+#include "fdmisc.h"

+#include "ps.h"

+

+#include "memdbg.h"

+

+struct port_share *port_share = NULL; /* GLOBAL */

+

+/* size of i/o buffers */

+#define PROXY_CONNECTION_BUFFER_SIZE 1500

+

+/* Command codes for foreground -> background communication */

+#define COMMAND_REDIRECT 10

+#define COMMAND_EXIT     11

+

+/* Response codes for background -> foreground communication */

+#define RESPONSE_INIT_SUCCEEDED   20

+#define RESPONSE_INIT_FAILED      21

+

+/* A foreign (non-OpenVPN) connection we are proxying,

+   usually HTTPS */

+struct proxy_connection {

+  bool defined;

+  struct proxy_connection *next;

+  struct proxy_connection *counterpart;

+  struct buffer buf;

+  bool buffer_initial;

+  int rwflags;

+  int sd;

+};

+

+/* used for passing fds between processes */

+union fdmsg {

+  struct cmsghdr h;

+  char buf[CMSG_SPACE(sizeof(socket_descriptor_t))];

+};

+

+#if 0

+static const char *

+headc (const struct buffer *buf)

+{

+  static char foo[16];

+  strncpy (foo, BSTR(buf), 15);

+  foo[15] = 0;

+  return foo;

+}

+#endif

+

+static void

+close_socket_if_defined (const socket_descriptor_t sd)

+{

+  if (socket_defined (sd))

+    openvpn_close_socket (sd);

+}

+

+/*

+ * Close most of parent's fds.

+ * Keep stdin/stdout/stderr, plus one

+ * other fd which is presumed to be

+ * our pipe back to parent.

+ * Admittedly, a bit of a kludge,

+ * but posix doesn't give us a kind

+ * of FD_CLOEXEC which will stop

+ * fds from crossing a fork().

+ */

+static void

+close_fds_except (int keep)

+{

+  socket_descriptor_t i;

+  closelog ();

+  for (i = 3; i <= 100; ++i)

+    {

+      if (i != keep)

+	openvpn_close_socket (i);

+    }

+}

+

+/*

+ * Usually we ignore signals, because our parent will

+ * deal with them.

+ */

+static void

+set_signals (void)

+{

+  signal (SIGTERM, SIG_DFL);

+

+  signal (SIGINT, SIG_IGN);

+  signal (SIGHUP, SIG_IGN);

+  signal (SIGUSR1, SIG_IGN);

+  signal (SIGUSR2, SIG_IGN);

+  signal (SIGPIPE, SIG_IGN);

+}

+

+/*

+ * Socket read/write functions.

+ */

+

+static int

+recv_control (const socket_descriptor_t fd)

+{

+  unsigned char c;

+  const ssize_t size = read (fd, &c, sizeof (c));

+  if (size == sizeof (c))

+    return c;

+  else

+    {

+      return -1;

+    }

+}

+

+static int

+send_control (const socket_descriptor_t fd, int code)

+{

+  unsigned char c = (unsigned char) code;

+  const ssize_t size = write (fd, &c, sizeof (c));

+  if (size == sizeof (c))

+    return (int) size;

+  else

+    return -1;

+}

+

+static void

+port_share_sendmsg (const socket_descriptor_t sd,

+		    const char command,

+		    const struct buffer *head,

+		    const socket_descriptor_t sd_send)

+{

+  if (socket_defined (sd))

+    {

+      struct msghdr mesg;

+      union fdmsg cmsg;

+      struct cmsghdr* h;

+      struct iovec iov[2];

+      socket_descriptor_t sd_null[2] = { SOCKET_UNDEFINED, SOCKET_UNDEFINED };

+      char cmd;

+      ssize_t status;

+

+      dmsg (D_PS_PROXY_DEBUG, "PORT SHARE: sendmsg sd=%d len=%d",

+	    sd_send,

+	    head ? BLEN(head) : -1);

+

+      CLEAR (mesg);

+

+      cmd = command;

+

+      iov[0].iov_base = &cmd;

+      iov[0].iov_len = sizeof (cmd);

+      mesg.msg_iovlen = 1;

+

+      if (head)

+	{

+	  iov[1].iov_base = BPTR (head);

+	  iov[1].iov_len = BLEN (head);

+	  mesg.msg_iovlen = 2;

+	}

+

+      mesg.msg_iov = iov;

+

+      mesg.msg_control = cmsg.buf;

+      mesg.msg_controllen = sizeof (union fdmsg);

+      mesg.msg_flags = 0;

+

+      h = CMSG_FIRSTHDR(&mesg);

+      h->cmsg_level = SOL_SOCKET;

+      h->cmsg_type = SCM_RIGHTS;

+      h->cmsg_len = CMSG_LEN(sizeof(socket_descriptor_t));

+

+      if (socket_defined (sd_send))

+	{

+	  *((socket_descriptor_t*)CMSG_DATA(h)) = sd_send;

+	}

+      else

+	{

+	  socketpair (PF_UNIX, SOCK_DGRAM, 0, sd_null);

+	  *((socket_descriptor_t*)CMSG_DATA(h)) = sd_null[0];

+	}

+

+      status = sendmsg (sd, &mesg, MSG_NOSIGNAL);

+      if (status == -1)

+	msg (M_WARN, "PORT SHARE: sendmsg failed (unable to communicate with background process)");

+

+      close_socket_if_defined (sd_null[0]);

+      close_socket_if_defined (sd_null[1]);

+    }

+}

+

+static int

+pc_list_len (struct proxy_connection *pc)

+{

+  int count = 0;

+  while (pc)

+    {

+      ++count;

+      pc = pc->next;

+    }

+  return count;

+}

+

+/* mark a proxy entry and its counterpart for close */

+static void

+proxy_entry_mark_for_close (struct proxy_connection *pc, struct event_set *es)

+{

+  if (pc->defined)

+    {

+      struct proxy_connection *cp = pc->counterpart;

+      dmsg (D_PS_PROXY_DEBUG, "PORT SHARE PROXY: delete sd=%d", pc->sd);

+      if (socket_defined (pc->sd))

+	{

+	  if (es)

+	    event_del (es, pc->sd);

+	  openvpn_close_socket (pc->sd);

+	  pc->sd = SOCKET_UNDEFINED;

+	}

+      free_buf (&pc->buf);

+      pc->buffer_initial = false;

+      pc->rwflags = 0;

+      pc->counterpart = NULL;

+      pc->defined = false;

+      if (cp && cp->defined && cp->counterpart == pc)

+	proxy_entry_mark_for_close (cp, es);

+    }

+}

+

+static void

+proxy_list_housekeeping (struct proxy_connection **list)

+{

+  if (list)

+    {

+      struct proxy_connection *prev = NULL;

+      struct proxy_connection *pc = *list;

+

+      while (pc)

+	{

+	  struct proxy_connection *next = pc->next;

+	  if (!pc->defined)

+	    {

+	      free (pc);

+	      if (prev)

+		prev->next = next;

+	      else

+		*list = next;

+	    }

+	  else

+	    prev = pc;

+	  pc = next;

+	}

+    }

+}

+

+static void

+proxy_list_close (struct proxy_connection **list)

+{

+  if (list)

+    {

+      struct proxy_connection *pc = *list;

+      while (pc)

+	{

+	  proxy_entry_mark_for_close (pc, NULL);

+	  pc = pc->next;

+	}

+      proxy_list_housekeeping (list);

+    }

+}

+

+static void

+sock_addr_set (struct openvpn_sockaddr *osaddr,

+	       const in_addr_t addr,

+	       const int port)

+{

+  CLEAR (*osaddr);

+  osaddr->sa.sin_family = AF_INET;

+  osaddr->sa.sin_addr.s_addr = htonl (addr);

+  osaddr->sa.sin_port = htons (port);

+}

+

+static inline void

+proxy_connection_io_requeue (struct proxy_connection *pc, const int rwflags_new, struct event_set *es)

+{

+  if (pc->rwflags != rwflags_new)

+    {

+      event_ctl (es, pc->sd, rwflags_new, (void*)pc);

+      pc->rwflags = rwflags_new;

+    }

+}

+

+static bool

+proxy_entry_new (struct proxy_connection **list,

+		 struct event_set *es,

+		 const in_addr_t server_addr,

+		 const int server_port,

+		 const socket_descriptor_t sd_client,

+		 struct buffer *initial_data)

+{

+  struct openvpn_sockaddr osaddr;

+  socket_descriptor_t sd_server;

+  int status;

+  struct proxy_connection *pc;

+  struct proxy_connection *cp;

+

+  /* connect to port share server */

+  sock_addr_set (&osaddr, server_addr, server_port);

+  sd_server = create_socket_tcp ();

+  status = openvpn_connect (sd_server, &osaddr, 5, NULL);

+  if (status)

+    {

+      msg (M_WARN, "PORT SHARE PROXY: connect to port-share server failed");

+      openvpn_close_socket (sd_server);

+      return false;

+    }

+  dmsg (D_PS_PROXY_DEBUG, "PORT SHARE PROXY: connect to port-share server succeeded");

+

+  set_nonblock (sd_client);

+  set_nonblock (sd_server);

+

+  /* allocate 2 new proxy_connection objects */

+  ALLOC_OBJ_CLEAR (pc, struct proxy_connection);

+  ALLOC_OBJ_CLEAR (cp, struct proxy_connection);

+

+  /* client object */

+  pc->defined = true;

+  pc->next = cp;

+  pc->counterpart = cp;

+  pc->buf = *initial_data;

+  pc->buffer_initial = true;

+  pc->rwflags = EVENT_UNDEF;

+  pc->sd = sd_client;

+

+  /* server object */

+  cp->defined = true;

+  cp->next = *list;

+  cp->counterpart = pc;

+  cp->buf = alloc_buf (PROXY_CONNECTION_BUFFER_SIZE);

+  cp->buffer_initial = false;

+  cp->rwflags = EVENT_UNDEF;

+  cp->sd = sd_server;

+

+  /* add to list */

+  *list = pc;