+int setup_listen_socket(const sockaddr_t *sa) {
+ int nfd;
+ char *addrstr;
+ int option;
+ char *iface;
+
+ nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
+
+ if(nfd < 0) {
+ logger(DEBUG_STATUS, LOG_ERR, "Creating metasocket failed: %s", sockstrerror(sockerrno));
+ return -1;
+ }
+
+#ifdef FD_CLOEXEC
+ fcntl(nfd, F_SETFD, FD_CLOEXEC);
+#endif
+
+ /* Optimize TCP settings */
+
+ option = 1;
+ setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
+
+#if defined(IPV6_V6ONLY)
+
+ if(sa->sa.sa_family == AF_INET6) {
+ setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
+ }
+
+#else
+#warning IPV6_V6ONLY not defined
+#endif
+
+#if defined(SO_MARK)
+
+ if(fwmark) {
+ setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+ }
+
+#endif
+
+ if(get_config_string
+ (lookup_config(config_tree, "BindToInterface"), &iface)) {
+#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE)
+ struct ifreq ifr;
+
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
+ ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
+
+ if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
+ closesocket(nfd);
+ logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to interface %s: %s", iface,
+ sockstrerror(sockerrno));
+ return -1;
+ }
+
+#else
+ logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
+#endif
+ }
+
+ if(bind(nfd, &sa->sa, SALEN(sa->sa))) {
+ closesocket(nfd);
+ addrstr = sockaddr2hostname(sa);
+ logger(DEBUG_ALWAYS, LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
+ free(addrstr);
+ return -1;
+ }
+
+ if(listen(nfd, 3)) {
+ closesocket(nfd);
+ logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "listen", sockstrerror(sockerrno));
+ return -1;
+ }
+
+ return nfd;
+}
+
+int setup_vpn_in_socket(const sockaddr_t *sa) {
+ int nfd;
+ char *addrstr;
+ int option;
+
+ nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
+
+ if(nfd < 0) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Creating UDP socket failed: %s", sockstrerror(sockerrno));
+ return -1;
+ }
+
+#ifdef FD_CLOEXEC
+ fcntl(nfd, F_SETFD, FD_CLOEXEC);
+#endif
+
+#ifdef O_NONBLOCK
+ {
+ int flags = fcntl(nfd, F_GETFL);
+
+ if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) {
+ closesocket(nfd);
+ logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "fcntl",
+ strerror(errno));
+ return -1;
+ }
+ }
+#elif defined(WIN32)
+ {
+ unsigned long arg = 1;
+
+ if(ioctlsocket(nfd, FIONBIO, &arg) != 0) {
+ closesocket(nfd);
+ logger(DEBUG_ALWAYS, LOG_ERR, "Call to `%s' failed: %s", "ioctlsocket", sockstrerror(sockerrno));
+ return -1;
+ }
+ }
+#endif
+
+ option = 1;
+ setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
+ setsockopt(nfd, SOL_SOCKET, SO_BROADCAST, (void *)&option, sizeof(option));
+
+ if(udp_rcvbuf && setsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf, sizeof(udp_rcvbuf))) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, sockstrerror(sockerrno));
+ }
+
+ if(udp_sndbuf && setsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf, sizeof(udp_sndbuf))) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, sockstrerror(sockerrno));
+ }
+
+#if defined(IPV6_V6ONLY)
+
+ if(sa->sa.sa_family == AF_INET6) {
+ setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
+ }
+
+#endif
+
+#if defined(IP_DONTFRAG) && !defined(IP_DONTFRAGMENT)
+#define IP_DONTFRAGMENT IP_DONTFRAG
+#endif
+
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
+
+ if(myself->options & OPTION_PMTU_DISCOVERY) {
+ option = IP_PMTUDISC_DO;
+ setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
+ }
+
+#elif defined(IP_DONTFRAGMENT)
+
+ if(myself->options & OPTION_PMTU_DISCOVERY) {
+ option = 1;
+ setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
+ }
+
+#endif