@@ -11,12 +11,11 @@ $Id$

   from the file specified by --ca regardless if the pkcs12 file

   contains a CA cert or not (Mathias Sundman).

 * Merged --capath patch (Thomas Noel).

-* NOTE TO PACKAGE MAINTAINERS: Moved "plugin"

-  directory to "plugins".  This is

-  to work around a strange problem with the

-  "make dist" target in the automake-generated

-  makefile, where the target tries to do a

-  rather bogus "gcc -g -O2 -I. plugin.c -o plugin".

+* Merged --multihome patch.

+* NOTE TO PACKAGE MAINTAINERS: Moved "plugin" directory to "plugins".

+  This is to work around a strange problem with the "make dist"

+  target in the automake-generated makefile, where the target tries to

+  do a rather bogus "gcc -g -O2 -I. plugin.c -o plugin".

 2005.10.13 -- Version 2.1-beta2

@@ -95,6 +95,12 @@ AC_ARG_ENABLE(fragment,

    [FRAGMENT="yes"]

 )

+AC_ARG_ENABLE(multihome,

+   [  --disable-multihome     Disable multi-homed UDP server support (--multihome)],

+   [MULTIHOME="$enableval"],

+   [MULTIHOME="yes"]

+)

+

 AC_ARG_ENABLE(debug,

    [  --disable-debug         Disable debugging support (disable gremlin and verb 7+ messages)],

    [DEBUG="$enableval"],

@@ -342,6 +348,11 @@ AC_CHECK_TYPE(

 	[AC_DEFINE(HAVE_CMSGHDR, 1, [struct cmsghdr needed for extended socket error support])],

 	[],

 	[#include "syshead.h"])

+AC_CHECK_TYPE(

+	[struct in_pktinfo],

+	[AC_DEFINE(HAVE_IN_PKTINFO, 1, [struct in_pktinfo needed for IP_PKTINFO support])],

+	[],

+	[#include "syshead.h"])

 AC_CHECK_SIZEOF(unsigned int)

 AC_CHECK_SIZEOF(unsigned long)

@@ -367,7 +378,7 @@ AC_CHECK_FUNCS(daemon chroot getpwnam setuid nice system getpid dup dup2 dnl

 	       getpass strerror syslog openlog mlockall getgrnam setgid dnl

 	       setgroups stat flock readv writev setsockopt getsockopt dnl

 	       setsid chdir gettimeofday putenv getpeername unlink dnl

-               poll chsize ftruncate)

+               poll chsize ftruncate sendmsg recvmsg)

 AC_CACHE_SAVE

 dnl Required library functions

@@ -605,6 +616,11 @@ if test "$HTTP_PROXY" = "yes"; then

    AC_DEFINE(ENABLE_HTTP_PROXY, 1, [Enable HTTP proxy support])

 fi

+dnl compile --multihome option

+if test "$MULTIHOME" = "yes"; then

+   AC_DEFINE(ENABLE_MULTIHOME, 1, [Enable multi-homed UDP server capability])

+fi

+

 dnl enable debugging

 if test "$DEBUG" = "yes"; then

    AC_DEFINE(ENABLE_DEBUG, 1, [Enable debugging support])

@@ -571,12 +571,12 @@ socks_postprocess_incoming_link (struct context *c)

 static inline void

 socks_preprocess_outgoing_link (struct context *c,

-				struct sockaddr_in **to_addr,

+				struct link_socket_actual **to_addr,

 				int *size_delta)

 {

   if (c->c2.link_socket->socks_proxy && c->c2.link_socket->info.proto == PROTO_UDPv4)

     {

-      *size_delta += socks_process_outgoing_udp (&c->c2.to_link, &c->c2.to_link_addr);

+      *size_delta += socks_process_outgoing_udp (&c->c2.to_link, c->c2.to_link_addr);

       *to_addr = &c->c2.link_socket->socks_relay;

     }

 }

@@ -616,7 +616,10 @@ read_incoming_link (struct context *c)

   c->c2.buf = c->c2.buffers->read_link_buf;

   ASSERT (buf_init (&c->c2.buf, FRAME_HEADROOM_ADJ (&c->c2.frame, FRAME_HEADROOM_MARKER_READ_LINK)));

-  status = link_socket_read (c->c2.link_socket, &c->c2.buf, MAX_RW_SIZE_LINK (&c->c2.frame), &c->c2.from);

+  status = link_socket_read (c->c2.link_socket,

+			     &c->c2.buf,

+			     MAX_RW_SIZE_LINK (&c->c2.frame),

+			     &c->c2.from);

   if (socket_connection_reset (c->c2.link_socket, status))

     {

@@ -687,7 +690,7 @@ process_incoming_link (struct context *c)

   msg (D_LINK_RW, "%s READ [%d] from %s: %s",

        proto2ascii (lsi->proto, true),

        BLEN (&c->c2.buf),

-       print_sockaddr (&c->c2.from, &gc),

+       print_link_socket_actual (&c->c2.from, &gc),

        PROTO_DUMP (&c->c2.buf, &gc));

   /*

@@ -985,7 +988,7 @@ process_outgoing_link (struct context *c)

        * packet to remote over the TCP/UDP port.

        */

       int size = 0;

-      ASSERT (addr_defined (&c->c2.to_link_addr));

+      ASSERT (link_socket_actual_defined (c->c2.to_link_addr));

 #ifdef ENABLE_DEBUG

       /* In gremlin-test mode, we may choose to drop this packet */

@@ -1020,12 +1023,12 @@ process_outgoing_link (struct context *c)

 	  msg (D_LINK_RW, "%s WRITE [%d] to %s: %s",

 	       proto2ascii (c->c2.link_socket->info.proto, true),

 	       BLEN (&c->c2.to_link),

-	       print_sockaddr (&c->c2.to_link_addr, &gc),

+	       print_link_socket_actual (c->c2.to_link_addr, &gc),

 	       PROTO_DUMP (&c->c2.to_link, &gc));

 	  /* Packet send complexified by possible Socks5 usage */

 	  {

-	    struct sockaddr_in *to_addr = &c->c2.to_link_addr;

+	    struct link_socket_actual *to_addr = c->c2.to_link_addr;

 #ifdef ENABLE_SOCKS

 	    int size_delta = 0;

 #endif

@@ -1035,7 +1038,9 @@ process_outgoing_link (struct context *c)

 	    socks_preprocess_outgoing_link (c, &to_addr, &size_delta);

 #endif

 	    /* Send packet */

-	    size = link_socket_write (c->c2.link_socket, &c->c2.to_link, to_addr);

+	    size = link_socket_write (c->c2.link_socket,

+				      &c->c2.to_link,

+				      to_addr);

 #ifdef ENABLE_SOCKS

 	    /* Undo effect of prepend */

@@ -1059,7 +1064,7 @@ process_outgoing_link (struct context *c)

 	  if (size != BLEN (&c->c2.to_link))

 	    msg (D_LINK_ERRORS,

 		 "TCP/UDP packet was truncated/expanded on write to %s (tried=%d,actual=%d)",

-		 print_sockaddr (&c->c2.to_link_addr, &gc),

+		 print_link_socket_actual (c->c2.to_link_addr, &gc),

 		 BLEN (&c->c2.to_link),

 		 size);

 	}

@@ -1068,7 +1073,7 @@ process_outgoing_link (struct context *c)

     {

       if (c->c2.to_link.len > 0)

 	msg (D_LINK_ERRORS, "TCP/UDP packet too large on write to %s (tried=%d,max=%d)",

-	     print_sockaddr (&c->c2.to_link_addr, &gc),

+	     print_link_socket_actual (c->c2.to_link_addr, &gc),

 	     c->c2.to_link.len,

 	     EXPANDED_SIZE (&c->c2.frame));

     }

@@ -770,13 +770,16 @@ static void

 man_accept (struct management *man)

 {

   struct gc_arena gc = gc_new ();

+  struct link_socket_actual act;

   /*

    * Accept the TCP client.

    */

-  man->connection.sd_cli = socket_do_accept (man->connection.sd_top, &man->connection.remote, false);

+  man->connection.sd_cli = socket_do_accept (man->connection.sd_top, &act, false);

   if (socket_defined (man->connection.sd_cli))

     {

+      man->connection.remote = act.dest;

+

       if (socket_defined (man->connection.sd_top))

 	{

 #ifdef WIN32

@@ -1145,9 +1148,9 @@ man_settings_init (struct man_settings *ms,

       /*

        * Initialize socket address

        */

-      ms->local.sin_family = AF_INET;

-      ms->local.sin_addr.s_addr = 0;

-      ms->local.sin_port = htons (port);

+      ms->local.sa.sin_family = AF_INET;

+      ms->local.sa.sin_addr.s_addr = 0;

+      ms->local.sa.sin_port = htons (port);

       /*

        * Run management over tunnel, or

@@ -1159,7 +1162,7 @@ man_settings_init (struct man_settings *ms,

 	}

       else

 	{

-	  ms->local.sin_addr.s_addr = getaddr

+	  ms->local.sa.sin_addr.s_addr = getaddr

 	    (GETADDR_RESOLVE|GETADDR_WARN_ON_SIGNAL|GETADDR_FATAL, addr, 0, NULL, NULL);

 	}

@@ -1406,7 +1409,7 @@ management_post_tunnel_open (struct management *man, const in_addr_t tun_local_i

       && man->connection.state == MS_INITIAL)

     {

       /* listen on our local TUN/TAP IP address */

-      man->settings.local.sin_addr.s_addr = htonl (tun_local_ip);

+      man->settings.local.sa.sin_addr.s_addr = htonl (tun_local_ip);

       man_connection_init (man);

     }

@@ -188,7 +188,7 @@ struct man_persist {

 struct man_settings {

   bool defined;

-  struct sockaddr_in local;

+  struct openvpn_sockaddr local;

   bool up_query_passwords;

   bool management_over_tunnel;

   struct user_pass up;

@@ -215,7 +215,7 @@ struct man_connection {

   socket_descriptor_t sd_top;

   socket_descriptor_t sd_cli;

-  struct sockaddr_in remote;

+  struct openvpn_sockaddr remote;

 #ifdef WIN32

   struct net_event_win32 ne32;

@@ -168,28 +168,29 @@ mroute_extract_addr_from_packet (struct mroute_addr *src,

 }

 /*

- * Translate a struct sockaddr_in (saddr)

+ * Translate a struct openvpn_sockaddr (osaddr)

  * to a struct mroute_addr (addr).

  */

-bool

-mroute_extract_sockaddr_in (struct mroute_addr *addr, const struct sockaddr_in *saddr, bool use_port)

+bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr,

+				      const struct openvpn_sockaddr *osaddr,

+				      bool use_port)

 {

-  if (saddr->sin_family == AF_INET)

+  if (osaddr->sa.sin_family == AF_INET)

     {

       if (use_port)

 	{

 	  addr->type = MR_ADDR_IPV4 | MR_WITH_PORT;

 	  addr->netbits = 0;

 	  addr->len = 6;

-	  memcpy (addr->addr, &saddr->sin_addr.s_addr, 4);

-	  memcpy (addr->addr + 4, &saddr->sin_port, 2);

+	  memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4);

+	  memcpy (addr->addr + 4, &osaddr->sa.sin_port, 2);

 	}

       else

 	{

 	  addr->type = MR_ADDR_IPV4;

 	  addr->netbits = 0;

 	  addr->len = 4;

-	  memcpy (addr->addr, &saddr->sin_addr.s_addr, 4);

+	  memcpy (addr->addr, &osaddr->sa.sin_addr.s_addr, 4);

 	}

       return true;

     }

@@ -94,9 +94,11 @@ unsigned int mroute_extract_addr_from_packet (struct mroute_addr *src,

 					      struct buffer *buf,

 					      int tunnel_type);

-bool mroute_extract_sockaddr_in (struct mroute_addr *addr,

-				 const struct sockaddr_in *saddr,

-				 bool use_port);

+struct openvpn_sockaddr;

+

+bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr,

+				      const struct openvpn_sockaddr *osaddr,

+				      bool use_port);

 bool mroute_learnable_address (const struct mroute_addr *addr);

@@ -159,7 +159,7 @@ multi_tcp_instance_specific_init (struct multi_context *m, struct multi_instance

   ASSERT (mi->context.c2.link_socket);

   ASSERT (mi->context.c2.link_socket->info.lsa);

   ASSERT (mi->context.c2.link_socket->mode == LS_MODE_TCP_ACCEPT_FROM);

-  if (!mroute_extract_sockaddr_in (&mi->real, &mi->context.c2.link_socket->info.lsa->actual, true))

+  if (!mroute_extract_openvpn_sockaddr (&mi->real, &mi->context.c2.link_socket->info.lsa->actual.dest, true))

     {

       msg (D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined");

       return false;

@@ -51,7 +51,7 @@ multi_get_create_instance_udp (struct multi_context *m)

   struct multi_instance *mi = NULL;

   struct hash *hash = m->hash;

-  if (mroute_extract_sockaddr_in (&real, &m->top.c2.from, true))

+  if (mroute_extract_openvpn_sockaddr (&real, &m->top.c2.from.dest, true))

     {

       struct hash_element *he;

       const uint32_t hv = hash_value (hash, &real);

@@ -982,13 +982,13 @@ multi_learn_in_addr_t (struct multi_context *m,

 		       in_addr_t a,

 		       int netbits) /* -1 if host route, otherwise # of network bits in address */

 {

-  struct sockaddr_in remote_si;

+  struct openvpn_sockaddr remote_si;

   struct mroute_addr addr;

   CLEAR (remote_si);

-  remote_si.sin_family = AF_INET;

-  remote_si.sin_addr.s_addr = htonl (a);

-  ASSERT (mroute_extract_sockaddr_in (&addr, &remote_si, false));

+  remote_si.sa.sin_family = AF_INET;

+  remote_si.sa.sin_addr.s_addr = htonl (a);

+  ASSERT (mroute_extract_openvpn_sockaddr (&addr, &remote_si, false));

   if (netbits >= 0)

     {

@@ -2180,15 +2180,15 @@ management_callback_kill_by_addr (void *arg, const in_addr_t addr, const int por

   struct multi_context *m = (struct multi_context *) arg;

   struct hash_iterator hi;

   struct hash_element *he;

-  struct sockaddr_in saddr;

+  struct openvpn_sockaddr saddr;

   struct mroute_addr maddr;

   int count = 0;

   CLEAR (saddr);

-  saddr.sin_family = AF_INET;

-  saddr.sin_addr.s_addr = htonl (addr);

-  saddr.sin_port = htons (port);

-  if (mroute_extract_sockaddr_in (&maddr, &saddr, true))

+  saddr.sa.sin_family = AF_INET;

+  saddr.sa.sin_addr.s_addr = htonl (addr);

+  saddr.sa.sin_port = htons (port);

+  if (mroute_extract_openvpn_sockaddr (&maddr, &saddr, true))

     {

       hash_iterator_init (m->iter, &hi, true);

       while ((he = hash_iterator_next (&hi)))

@@ -205,8 +205,8 @@ struct context_2

   struct link_socket_info *link_socket_info;

   const struct link_socket *accept_from; /* possibly do accept() on a parent link_socket */

-  struct sockaddr_in to_link_addr;	 /* IP address of remote */

-  struct sockaddr_in from;               /* address of incoming datagram */

+  struct link_socket_actual *to_link_addr;	/* IP address of remote */

+  struct link_socket_actual from;               /* address of incoming datagram */

   /* MTU frame parameters */

   struct frame frame;

@@ -175,6 +175,9 @@ static const char usage_message[] =

   "--ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a\n"

   "                  remote address.\n"

   "--ping n        : Ping remote once every n seconds over TCP/UDP port.\n"

+#if ENABLE_IP_PKTINFO

+  "--multihome     : Configure a multi-homed UDP server.\n"

+#endif

   "--fast-io       : (experimental) Optimize TUN/TAP/UDP writes.\n"

   "--remap-usr1 s  : On SIGUSR1 signals, remap signal (s='SIGHUP' or 'SIGTERM').\n"

   "--persist-tun   : Keep tun/tap device open across SIGUSR1 or --ping-restart.\n"

@@ -3281,6 +3284,13 @@ add_option (struct options *options,

       VERIFY_PERMISSION (OPT_P_GENERAL);

       options->mlock = true;

     }

+#if ENABLE_IP_PKTINFO

+  else if (streq (p[0], "multihome"))

+    {

+      VERIFY_PERMISSION (OPT_P_GENERAL);

+      options->sockflags |= SF_USE_IP_PKTINFO;

+    }

+#endif

   else if (streq (p[0], "verb") && p[1])

     {

       ++i;

@@ -37,7 +37,7 @@ check_ping_restart (struct context *c)

       && event_timeout_trigger (&c->c2.ping_rec_interval,

 				&c->c2.timeval,

 				(!c->options.ping_timer_remote

-				 || addr_defined (&c->c1.link_socket_addr.actual))

+				 || link_socket_actual_defined (&c->c1.link_socket_addr.actual))

 				? ETT_DEFAULT : 15))

     check_ping_restart_dowork (c);

 }

@@ -236,7 +236,7 @@ openvpn_inet_aton (const char *dotted_quad, struct in_addr *addr)

 static void

 update_remote (const char* host,

-	       struct sockaddr_in *addr,

+	       struct openvpn_sockaddr *addr,

 	       bool *changed)

 {

   if (host && addr)

@@ -247,9 +247,9 @@ update_remote (const char* host,

 					  1,

 					  NULL,

 					  NULL);

-      if (new_addr && addr->sin_addr.s_addr != new_addr)

+      if (new_addr && addr->sa.sin_addr.s_addr != new_addr)

 	{

-	  addr->sin_addr.s_addr = new_addr;

+	  addr->sa.sin_addr.s_addr = new_addr;

 	  *changed = true;

 	}

     }

@@ -492,12 +492,19 @@ create_socket_tcp (void)

 }

 static socket_descriptor_t

-create_socket_udp (void)

+create_socket_udp (const unsigned int flags)

 {

   socket_descriptor_t sd;

   if ((sd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0)

     msg (M_SOCKERR, "UDP: Cannot create UDP socket");

+#if ENABLE_IP_PKTINFO

+  else if (flags & SF_USE_IP_PKTINFO)

+    {

+      int pad = 1;

+      setsockopt (sd, SOL_IP, IP_PKTINFO, (void*)&pad, sizeof(pad));

+    }

+#endif

   return sd;

 }

@@ -507,7 +514,7 @@ create_socket (struct link_socket *sock)

   /* create socket */

   if (sock->info.proto == PROTO_UDPv4)

     {

-      sock->sd = create_socket_udp ();

+      sock->sd = create_socket_udp (sock->sockflags);

 #ifdef ENABLE_SOCKS

       if (sock->socks_proxy)

@@ -531,7 +538,7 @@ create_socket (struct link_socket *sock)

 static void

 socket_do_listen (socket_descriptor_t sd,

-		  const struct sockaddr_in *local,

+		  const struct openvpn_sockaddr *local,

 		  bool do_listen,

 		  bool do_set_nonblock)

 {

@@ -553,16 +560,18 @@ socket_do_listen (socket_descriptor_t sd,

 socket_descriptor_t

 socket_do_accept (socket_descriptor_t sd,

-		  struct sockaddr_in *remote,

+		  struct link_socket_actual *act,

 		  const bool nowait)

 {

-  socklen_t remote_len = sizeof (*remote);

+  socklen_t remote_len = sizeof (act->dest.sa);

   socket_descriptor_t new_sd = SOCKET_UNDEFINED;

+  CLEAR (*act);

+

 #ifdef HAVE_GETPEERNAME

   if (nowait)

     {

-      new_sd = getpeername (sd, (struct sockaddr *) remote, &remote_len);

+      new_sd = getpeername (sd, (struct sockaddr *) &act->dest.sa, &remote_len);

       if (!socket_defined (new_sd))

 	msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: getpeername() failed");

@@ -575,14 +584,14 @@ socket_do_accept (socket_descriptor_t sd,

 #endif

   else

     {

-      new_sd = accept (sd, (struct sockaddr *) remote, &remote_len);

+      new_sd = accept (sd, (struct sockaddr *) &act->dest.sa, &remote_len);

     }

   if (!socket_defined (new_sd))

     {

       msg (D_LINK_ERRORS | M_ERRNO_SOCK, "TCP: accept(%d) failed", sd);

     }

-  else if (remote_len != sizeof (*remote))

+  else if (remote_len != sizeof (act->dest.sa))

     {

       msg (D_LINK_ERRORS, "TCP: Received strange incoming connection with unknown address length=%d", remote_len);

       openvpn_close_socket (new_sd);

@@ -592,28 +601,30 @@ socket_do_accept (socket_descriptor_t sd,

 }

 static void

-tcp_connection_established (const struct sockaddr_in *remote)

+tcp_connection_established (const struct link_socket_actual *act)

 {

   struct gc_arena gc = gc_new ();

   msg (M_INFO, "TCP connection established with %s", 

-       print_sockaddr (remote, &gc));

+       print_link_socket_actual (act, &gc));

   gc_free (&gc);

 }

 static int

 socket_listen_accept (socket_descriptor_t sd,

-		      struct sockaddr_in *remote,

+		      struct link_socket_actual *act,

 		      const char *remote_dynamic,

 		      bool *remote_changed,

-		      const struct sockaddr_in *local,

+		      const struct openvpn_sockaddr *local,

 		      bool do_listen,

 		      bool nowait,

 		      volatile int *signal_received)

 {

   struct gc_arena gc = gc_new ();

-  struct sockaddr_in remote_verify = *remote;

+  //struct openvpn_sockaddr *remote = &act->dest;

+  struct openvpn_sockaddr remote_verify = act->dest;

   int new_sd = SOCKET_UNDEFINED;

+  CLEAR (*act);

   socket_do_listen (sd, local, do_listen, true);

   while (true)

@@ -645,17 +656,17 @@ socket_listen_accept (socket_descriptor_t sd,

 	  continue;

 	}

-      new_sd = socket_do_accept (sd, remote, nowait);

+      new_sd = socket_do_accept (sd, act, nowait);

       if (socket_defined (new_sd))

 	{

 	  update_remote (remote_dynamic, &remote_verify, remote_changed);

 	  if (addr_defined (&remote_verify)

-	      && !addr_match (&remote_verify, remote))

+	      && !addr_match (&remote_verify, &act->dest))

 	    {

 	      msg (M_WARN,

 		   "TCP NOTE: Rejected connection attempt from %s due to --remote setting",

-		   print_sockaddr (remote, &gc));

+		   print_link_socket_actual (act, &gc));

 	      if (openvpn_close_socket (new_sd))

 		msg (M_SOCKERR, "TCP: close socket failed (new_sd)");

 	    }

@@ -668,7 +679,7 @@ socket_listen_accept (socket_descriptor_t sd,

   if (!nowait && openvpn_close_socket (sd))

     msg (M_SOCKERR, "TCP: close socket failed (sd)");

-  tcp_connection_established (remote);

+  tcp_connection_established (act);

   gc_free (&gc);

   return new_sd;

@@ -676,7 +687,7 @@ socket_listen_accept (socket_descriptor_t sd,

 static void

 socket_connect (socket_descriptor_t *sd,

-		struct sockaddr_in *remote,

+		struct openvpn_sockaddr *remote,

 		struct remote_list *remote_list,

 		const char *remote_dynamic,

 		bool *remote_changed,

@@ -689,8 +700,8 @@ socket_connect (socket_descriptor_t *sd,

        print_sockaddr (remote, &gc));

   while (true)

     {

-      const int status = connect (*sd, (struct sockaddr *) remote,

-				  sizeof (*remote));

+      const int status = connect (*sd, (struct sockaddr *) &remote->sa,

+				  sizeof (remote->sa));

       get_signal (signal_received);

       if (*signal_received)

@@ -711,7 +722,7 @@ socket_connect (socket_descriptor_t *sd,

 	{

 	  remote_list_next (remote_list);

 	  remote_dynamic = remote_list_host (remote_list);

-	  remote->sin_port = htons (remote_list_port (remote_list));

+	  remote->sa.sin_port = htons (remote_list_port (remote_list));

 	  *remote_changed = true;

 	}

@@ -771,22 +782,22 @@ resolve_bind_local (struct link_socket *sock)

   /* resolve local address if undefined */

   if (!addr_defined (&sock->info.lsa->local))

     {

-      sock->info.lsa->local.sin_family = AF_INET;

-      sock->info.lsa->local.sin_addr.s_addr =

+      sock->info.lsa->local.sa.sin_family = AF_INET;

+      sock->info.lsa->local.sa.sin_addr.s_addr =

 	(sock->local_host ? getaddr (GETADDR_RESOLVE | GETADDR_WARN_ON_SIGNAL | GETADDR_FATAL,

 				     sock->local_host,

 				     0,

 				     NULL,

 				     NULL)

 	 : htonl (INADDR_ANY));

-      sock->info.lsa->local.sin_port = htons (sock->local_port);

+      sock->info.lsa->local.sa.sin_port = htons (sock->local_port);

     }

   /* bind to local address/port */

   if (sock->bind_local)

     {

-      if (bind (sock->sd, (struct sockaddr *) &sock->info.lsa->local,

-		sizeof (sock->info.lsa->local)))

+      if (bind (sock->sd, (struct sockaddr *) &sock->info.lsa->local.sa,

+		sizeof (sock->info.lsa->local.sa)))

 	{

 	  const int errnum = openvpn_errno_socket ();

 	  msg (M_FATAL, "TCP/UDP: Socket bind failed on local address %s: %s",

@@ -810,8 +821,8 @@ resolve_remote (struct link_socket *sock,

       /* resolve remote address if undefined */

       if (!addr_defined (&sock->info.lsa->remote))

 	{

-	  sock->info.lsa->remote.sin_family = AF_INET;

-	  sock->info.lsa->remote.sin_addr.s_addr = 0;

+	  sock->info.lsa->remote.sa.sin_family = AF_INET;

+	  sock->info.lsa->remote.sa.sin_addr.s_addr = 0;

 	  if (sock->remote_host)

 	    {

@@ -856,7 +867,7 @@ resolve_remote (struct link_socket *sock,

 		  ASSERT (0);

 		}

-	      sock->info.lsa->remote.sin_addr.s_addr = getaddr (

+	      sock->info.lsa->remote.sa.sin_addr.s_addr = getaddr (

 		    flags,

 		    sock->remote_host,

 		    retry,

@@ -883,19 +894,22 @@ resolve_remote (struct link_socket *sock,

 		}

 	    }

-	  sock->info.lsa->remote.sin_port = htons (sock->remote_port);

+	  sock->info.lsa->remote.sa.sin_port = htons (sock->remote_port);

 	}

       /* should we re-use previous active remote address? */

-      if (addr_defined (&sock->info.lsa->actual))

+      if (link_socket_actual_defined (&sock->info.lsa->actual))

 	{

 	  msg (M_INFO, "TCP/UDP: Preserving recently used remote address: %s",

-	       print_sockaddr (&sock->info.lsa->actual, &gc));

+	       print_link_socket_actual (&sock->info.lsa->actual, &gc));

 	  if (remote_dynamic)

 	    *remote_dynamic = NULL;

 	}

       else

-	sock->info.lsa->actual = sock->info.lsa->remote;

+	{

+	  CLEAR (sock->info.lsa->actual);

+	  sock->info.lsa->actual.dest = sock->info.lsa->remote;

+	}

       /* remember that we finished */

       sock->did_resolve_remote = true;

@@ -1162,7 +1176,7 @@ link_socket_init_phase2 (struct link_socket *sock,

       else if (sock->info.proto == PROTO_TCPv4_CLIENT)

 	{

 	  socket_connect (&sock->sd,

-			  &sock->info.lsa->actual,

+			  &sock->info.lsa->actual.dest,

 			  sock->remote_list,

 			  remote_dynamic,

 			  &remote_changed,

@@ -1200,7 +1214,7 @@ link_socket_init_phase2 (struct link_socket *sock,

       else if (sock->info.proto == PROTO_UDPv4 && sock->socks_proxy)

 	{

 	  socket_connect (&sock->ctrl_sd,

-			  &sock->info.lsa->actual,

+			  &sock->info.lsa->actual.dest,

 			  NULL,

 			  remote_dynamic,

 			  &remote_changed,

@@ -1212,7 +1226,8 @@ link_socket_init_phase2 (struct link_socket *sock,

 	  establish_socks_proxy_udpassoc (sock->socks_proxy,

 					  sock->ctrl_sd,

-					  sock->sd, &sock->socks_relay,

+					  sock->sd,

+					  &sock->socks_relay.dest,

 					  signal_received);

 	  if (*signal_received)

@@ -1221,8 +1236,9 @@ link_socket_init_phase2 (struct link_socket *sock,

 	  sock->remote_host = sock->proxy_dest_host;

 	  sock->remote_port = sock->proxy_dest_port;

 	  sock->did_resolve_remote = false;

-	  sock->info.lsa->actual.sin_addr.s_addr = 0;

-	  sock->info.lsa->remote.sin_addr.s_addr = 0;

+

+	  sock->info.lsa->actual.dest.sa.sin_addr.s_addr = 0;

+	  sock->info.lsa->remote.sa.sin_addr.s_addr = 0;

 	  resolve_remote (sock, 1, NULL, signal_received);

@@ -1237,7 +1253,7 @@ link_socket_init_phase2 (struct link_socket *sock,

       if (remote_changed)

 	{

 	  msg (M_INFO, "TCP/UDP: Dynamic remote address changed during TCP connection establishment");

-	  sock->info.lsa->remote.sin_addr.s_addr = sock->info.lsa->actual.sin_addr.s_addr;

+	  sock->info.lsa->remote.sa.sin_addr.s_addr = sock->info.lsa->actual.dest.sa.sin_addr.s_addr;

 	}

     }

@@ -1274,12 +1290,15 @@ link_socket_init_phase2 (struct link_socket *sock,

     msg (M_INFO, "%s link local%s: %s",

 	 proto2ascii (sock->info.proto, true),

 	 (sock->bind_local ? " (bound)" : ""),

-	 print_sockaddr_ex (&sock->info.lsa->local, sock->bind_local, ":", &gc));

+	 print_sockaddr_ex (&sock->info.lsa->local, ":", sock->bind_local ? PS_SHOW_PORT : 0, &gc));

   /* print active remote address */

   msg (M_INFO, "%s link remote: %s",

        proto2ascii (sock->info.proto, true),

-       print_sockaddr_ex (&sock->info.lsa->actual, addr_defined (&sock->info.lsa->actual), ":", &gc));

+       print_link_socket_actual_ex (&sock->info.lsa->actual,

+				    ":",

+				    PS_SHOW_PORT_IF_DEFINED,

+				    &gc));

  done:

   gc_free (&gc);

@@ -1344,19 +1363,19 @@ socket_adjust_frame_parameters (struct frame *frame, int proto)

 void

 setenv_trusted (struct env_set *es, const struct link_socket_info *info)

 {

-  setenv_sockaddr (es, "trusted", &info->lsa->actual, SA_IP_PORT);

+  setenv_link_socket_actual (es, "trusted", &info->lsa->actual, SA_IP_PORT);

 }

 void

 link_socket_connection_initiated (const struct buffer *buf,

 				  struct link_socket_info *info,

-				  const struct sockaddr_in *addr,

+				  const struct link_socket_actual *act,

 				  const char *common_name,

 				  struct env_set *es)

 {

   struct gc_arena gc = gc_new ();

-  info->lsa->actual = *addr; /* Note: skip this line for --force-dest */

+  info->lsa->actual = *act; /* Note: skip this line for --force-dest */

   setenv_trusted (es, info);

   info->connection_established = true;

@@ -1365,7 +1384,7 @@ link_socket_connection_initiated (const struct buffer *buf,

     struct buffer out = alloc_buf_gc (256, &gc);

     if (common_name)

       buf_printf (&out, "[%s] ", common_name);

-    buf_printf (&out, "Peer Connection Initiated with %s", print_sockaddr (&info->lsa->actual, &gc));

+    buf_printf (&out, "Peer Connection Initiated with %s", print_link_socket_actual (&info->lsa->actual, &gc));

     msg (M_INFO, "%s", BSTR (&out));

   }

@@ -1375,7 +1394,7 @@ link_socket_connection_initiated (const struct buffer *buf,

   /* Process --ipchange plugin */

   if (plugin_defined (info->plugins, OPENVPN_PLUGIN_IPCHANGE))

     {

-      const char *addr_ascii = print_sockaddr_ex (&info->lsa->actual, true, " ", &gc);

+      const char *addr_ascii = print_sockaddr_ex (&info->lsa->actual.dest, " ", PS_SHOW_PORT, &gc);

       if (plugin_call (info->plugins, OPENVPN_PLUGIN_IPCHANGE, addr_ascii, NULL, es))

 	msg (M_WARN, "WARNING: ipchange plugin call failed");

     }

@@ -1387,7 +1406,7 @@ link_socket_connection_initiated (const struct buffer *buf,

       setenv_str (es, "script_type", "ipchange");

       buf_printf (&out, "%s %s",

 		  info->ipchange_command,

-		  print_sockaddr_ex (&info->lsa->actual, true, " ", &gc));

+		  print_sockaddr_ex (&info->lsa->actual.dest, " ", PS_SHOW_PORT, &gc));

       system_check (BSTR (&out), es, S_SCRIPT, "ip-change command failed");

     }

@@ -1397,14 +1416,14 @@ link_socket_connection_initiated (const struct buffer *buf,

 void

 link_socket_bad_incoming_addr (struct buffer *buf,

 			       const struct link_socket_info *info,

-			       const struct sockaddr_in *from_addr)

+			       const struct link_socket_actual *from_addr)

 {

   struct gc_arena gc = gc_new ();

   msg (D_LINK_ERRORS,

        "TCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)",

-       print_sockaddr (from_addr, &gc),

-       (int)from_addr->sin_family,

+       print_link_socket_actual (from_addr, &gc),

+       (int)from_addr->dest.sa.sin_family,

        print_sockaddr (&info->lsa->remote, &gc));

   buf->len = 0;

@@ -1422,10 +1441,10 @@ link_socket_current_remote (const struct link_socket_info *info)

 {

   const struct link_socket_addr *lsa = info->lsa;

-  if (addr_defined (&lsa->actual))

-    return ntohl (lsa->actual.sin_addr.s_addr);

+  if (link_socket_actual_defined (&lsa->actual))

+    return ntohl (lsa->actual.dest.sa.sin_addr.s_addr);

   else if (addr_defined (&lsa->remote))

-    return ntohl (lsa->remote.sin_addr.s_addr);

+    return ntohl (lsa->remote.sa.sin_addr.s_addr);

   else

     return 0;

 }

@@ -1618,29 +1637,69 @@ socket_listen_event_handle (struct link_socket *s)

  */

 const char *

-print_sockaddr (const struct sockaddr_in *addr, struct gc_arena *gc)

+print_sockaddr (const struct openvpn_sockaddr *addr, struct gc_arena *gc)

 {

-  return print_sockaddr_ex(addr, true, ":", gc);

+  return print_sockaddr_ex (addr, ":", PS_SHOW_PORT, gc);

 }

 const char *

-print_sockaddr_ex (const struct sockaddr_in *addr, bool do_port, const char* separator, struct gc_arena *gc)

+print_sockaddr_ex (const struct openvpn_sockaddr *addr,

+		   const char* separator,

+		   const unsigned int flags,

+		   struct gc_arena *gc)

 {

-  struct buffer out = alloc_buf_gc (64, gc);

-  const int port = ntohs (addr->sin_port);

+  if (addr)

+    {

+      struct buffer out = alloc_buf_gc (64, gc);

+      const int port = ntohs (addr->sa.sin_port);

-  mutex_lock_static (L_INET_NTOA);

-  buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->sin_addr) : "[undef]"));

-  mutex_unlock_static (L_INET_NTOA);

+      mutex_lock_static (L_INET_NTOA);

+      buf_printf (&out, "%s", (addr_defined (addr) ? inet_ntoa (addr->sa.sin_addr) : "[undef]"));

+      mutex_unlock_static (L_INET_NTOA);

-  if (do_port && port)

-    {

-      if (separator)

-	buf_printf (&out, "%s", separator);

+      if (((flags & PS_SHOW_PORT) || (addr_defined (addr) && (flags & PS_SHOW_PORT_IF_DEFINED)))

+	  && port)

+	{

+	  if (separator)

+	    buf_printf (&out, "%s", separator);

-      buf_printf (&out, "%d", port);

+	  buf_printf (&out, "%d", port);

+	}

+      return BSTR (&out);

     }

-  return BSTR (&out);

+  else

+    return "[NULL]";

+}

+

+const char *

+print_link_socket_actual (const struct link_socket_actual *act, struct gc_arena *gc)

+{

+  return print_link_socket_actual_ex (act, ":", PS_SHOW_PORT|PS_SHOW_PKTINFO, gc);

+}

+

+const char *

+print_link_socket_actual_ex (const struct link_socket_actual *act,

+			     const char *separator,

+			     const unsigned int flags,

+			     struct gc_arena *gc)

+{

+  if (act)

+    {

+      struct buffer out = alloc_buf_gc (128, gc);

+      buf_printf (&out, "%s", print_sockaddr_ex (&act->dest, separator, flags, gc));

+#if ENABLE_IP_PKTINFO

+      if ((flags & PS_SHOW_PKTINFO) && act->pi.ipi_spec_dst.s_addr)

+	{

+	  struct openvpn_sockaddr sa;

+	  CLEAR (sa);

+	  sa.sa.sin_addr = act->pi.ipi_spec_dst;

+	  buf_printf (&out, " (via %s)", print_sockaddr_ex (&sa, separator, 0, gc));

+	}

+#endif

+      return BSTR (&out);

+    }

+  else

+    return "[NULL]";

 }

 /*

@@ -1667,7 +1726,7 @@ print_in_addr_t (in_addr_t addr, unsigned int flags, struct gc_arena *gc)

 /* set environmental variables for ip/port in *addr */

 void

-setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct sockaddr_in *addr, const bool flags)

+setenv_sockaddr (struct env_set *es, const char *name_prefix, const struct openvpn_sockaddr *addr, const bool flags)