Merge commit '86cc97e55fe346502462284d2e636a2b3708163e' as 'Sources/OpenVPN3'

Sources/OpenVPN3/openvpn/linux/core.hpp

@@ -0,0 +1,64 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2017 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+// Linux method for binding a thread to a particular core.
+
+#ifndef OPENVPN_LINUX_CORE_H
+#define OPENVPN_LINUX_CORE_H
+
+#include <pthread.h>
+
+#include <openvpn/common/core.hpp>
+
+namespace openvpn {
+
+  inline int bind_to_core(const int core_id)
+  {
+    const int num_cores = n_cores();
+    if (core_id >= num_cores)
+      return EINVAL;
+
+    cpu_set_t cpuset;
+    CPU_ZERO(&cpuset);
+    CPU_SET(core_id, &cpuset);
+
+    pthread_t current_thread = pthread_self();
+    return pthread_setaffinity_np(current_thread, sizeof(cpu_set_t), &cpuset);
+  }
+
+  inline int exclude_from_core(const int core_id)
+  {
+    const int num_cores = n_cores();
+    if (num_cores <= 1 || core_id >= num_cores)
+      return EINVAL;
+
+    cpu_set_t cpuset;
+    CPU_ZERO(&cpuset);
+    for (int i = 0; i < num_cores; ++i)
+      if (i != core_id)
+	CPU_SET(i, &cpuset);
+
+    pthread_t current_thread = pthread_self();
+    return pthread_setaffinity_np(current_thread, sizeof(cpu_set_t), &cpuset);
+  }
+}
+
+#endif

Sources/OpenVPN3/openvpn/linux/cputime.hpp

@@ -0,0 +1,72 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2017 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#pragma once
+
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <unistd.h>
+
+#include <string>
+
+#include <openvpn/common/file.hpp>
+#include <openvpn/common/string.hpp>
+#include <openvpn/common/number.hpp>
+#include <openvpn/common/exception.hpp>
+
+namespace openvpn {
+  /**
+   * Retrieve the time (in seconds) the current process or thread
+   * has been running.  Runing time includes both system and user
+   * times.
+   *
+   * @param thread  Boolean flag controlling if process or thread
+   *                runtime should be returned
+   *
+   * @return Returns a double containing number of seconds the
+   *         current process (PID) or thread has been running.
+   *         On errors -1.0 is returned.
+   *
+   */
+  inline double cpu_time(const bool thread=false)
+  {
+    try
+      {
+        struct rusage usage;
+
+        if (getrusage((thread ? RUSAGE_THREAD : RUSAGE_SELF), &usage) != 0)
+          {
+            throw Exception("getrusage() call failed: " + std::string(strerror(errno)));
+          }
+        double utime = usage.ru_utime.tv_sec + ((double)usage.ru_utime.tv_usec / 1000000);
+        double stime = usage.ru_stime.tv_sec + ((double)usage.ru_stime.tv_usec / 1000000);
+
+        return utime + stime;
+      }
+    catch (const std::exception& e)
+      {
+	//OPENVPN_LOG("cpu_time exception: " << e.what());
+	return -1.0;
+      }
+  }
+}

Sources/OpenVPN3/openvpn/linux/daemon_alive.hpp

@@ -0,0 +1,59 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2017 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef OPENVPN_LINUX_DAEMON_ALIVE_H
+#define OPENVPN_LINUX_DAEMON_ALIVE_H
+
+#include <openvpn/common/file.hpp>
+#include <openvpn/common/string.hpp>
+#include <openvpn/common/number.hpp>
+
+namespace openvpn {
+  inline int daemon_pid(const std::string& cmd,
+			const std::string& pidfile)
+  {
+    try {
+      std::string pidstr = read_text(pidfile);
+      string::trim_crlf(pidstr);
+      const std::string cmdline_fn = "/proc/" + pidstr + "/cmdline";
+      BufferPtr cmdbuf = read_binary_linear(cmdline_fn);
+      const size_t len = ::strnlen((const char *)cmdbuf->c_data(), cmdbuf->size());
+      if (cmd == std::string((const char *)cmdbuf->c_data(), len))
+	{
+	  int ret;
+	  if (parse_number(pidstr, ret))
+	    return ret;
+	}
+    }
+    catch (const std::exception& e)
+      {
+      }
+    return -1;
+  }
+
+  inline bool is_daemon_alive(const std::string& cmd,
+			      const std::string& pidfile)
+  {
+    return daemon_pid(cmd, pidfile) >= 0;
+  }
+}
+
+#endif

Sources/OpenVPN3/openvpn/linux/procfs.hpp

@@ -0,0 +1,108 @@
+// Private Gateway
+// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
+// All rights reserved
+
+#ifndef OPENVPN_LINUX_PROCFS_H
+#define OPENVPN_LINUX_PROCFS_H
+
+#include <string>
+
+#include <openvpn/common/exception.hpp>
+#include <openvpn/common/file.hpp>
+#include <openvpn/common/sleep.hpp>
+#include <openvpn/common/stat.hpp>
+#include <openvpn/common/format.hpp>
+#include <openvpn/common/action.hpp>
+#include <openvpn/common/stop.hpp>
+
+namespace openvpn {
+
+  class ProcFS : public Action
+  {
+  public:
+    OPENVPN_EXCEPTION(procfs_error);
+
+    ProcFS(std::string fn_arg, std::string text_arg)
+      : fn(std::move(fn_arg)),
+	text(std::move(text_arg))
+    {
+    }
+
+    virtual void execute(std::ostream& os) override
+    {
+      os << to_string() << std::endl;
+      try {
+	write_sys(fn, text);
+      }
+      catch (const std::exception& e)
+	{
+	  os << "ProcFS exception: " << e.what() << std::endl;
+	}
+    }
+
+    virtual std::string to_string() const override
+    {
+      return to_string(fn, text);
+    }
+
+    static std::string to_string(const std::string& fn, const std::string& text)
+    {
+      return "ProcFS: " + fn + " -> " + string::trim_crlf_copy(text);
+    }
+
+    static void write_sys(const std::string& fn, const std::string& text, Stop* async_stop=nullptr)
+    {
+      //OPENVPN_LOG(to_string(fn, text));
+
+      const unsigned int n_retries = 200;
+      const unsigned int milliseconds_per_retry = 100;
+      volatile bool stop = false;
+
+      // allow asynchronous stop
+      Stop::Scope stop_scope(async_stop, [&stop]() {
+	  stop = true;
+	});
+
+      for (unsigned int i = 0; i < n_retries && !stop; ++i)
+	{
+	  if (file_exists(fn))
+	    {
+	      write_string(fn, text);
+	      return;
+	    }
+	  sleep_milliseconds(milliseconds_per_retry);
+	}
+      if (stop)
+	OPENVPN_THROW(procfs_error, "file " << fn << " : aborting write attempt due to stop signal");
+      else
+	OPENVPN_THROW(procfs_error, "file " << fn << " failed to exist within " << (n_retries * milliseconds_per_retry / 1000) << " seconds");
+    }
+
+  private:
+    std::string fn;
+    std::string text;
+  };
+
+  class IPv4ReversePathFilter : public ProcFS
+  {
+  public:
+    IPv4ReversePathFilter(const std::string& dev, const unsigned int value)
+      : ProcFS(key_fn(dev), openvpn::to_string(value))
+    {
+      OPENVPN_LOG("IPv4ReversePathFilter " << dev << " -> " << value);
+    }
+
+    static void write(const std::string& dev, const unsigned int value, Stop* stop=nullptr)
+    {
+      ProcFS::write_sys(key_fn(dev), openvpn::to_string(value), stop);
+    }
+
+  private:
+    static std::string key_fn(const std::string& dev)
+    {
+      return printfmt("/proc/sys/net/ipv4/conf/%s/rp_filter", dev);
+    }
+  };
+}
+
+#endif