diff --git a/repos/ports/ports/openvpn.hash b/repos/ports/ports/openvpn.hash
new file mode 100644
index 0000000000..10be9e3b71
--- /dev/null
+++ b/repos/ports/ports/openvpn.hash
@@ -0,0 +1 @@
+eecbd9a568c8749cf084e3db5a0a34219af88ada
diff --git a/repos/ports/ports/openvpn.port b/repos/ports/ports/openvpn.port
new file mode 100644
index 0000000000..ea4561c4a3
--- /dev/null
+++ b/repos/ports/ports/openvpn.port
@@ -0,0 +1,10 @@
+LICENSE := GPLv2
+VERSION := 2.3.4
+DOWNLOADS := openvpn.git
+
+URL(openvpn) := git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git
+REV(openvpn) := 024454a068a0dad1d0d872a91a5bdd7bee21a93f
+DIR(openvpn) := src/app/openvpn
+
+PATCHES := src/app/openvpn/patches/*.patch
+PATCH_OPT := -N -p1 -d ${DIR(openvpn)}
diff --git a/repos/ports/src/app/openvpn/32bit/config_sizeof_long.h b/repos/ports/src/app/openvpn/32bit/config_sizeof_long.h
new file mode 100644
index 0000000000..930e9879b5
--- /dev/null
+++ b/repos/ports/src/app/openvpn/32bit/config_sizeof_long.h
@@ -0,0 +1,6 @@
+#ifndef _32BIT_CONFIG_SIZEOF_LONG_H_
+#define _32BIT_CONFIG_SIZEOF_LONG_H_
+
+#define SIZEOF_UNSIGNED_LONG 4
+
+#endif /* _32BIT_CONFIG_SIZEOF_LONG_H_ */
diff --git a/repos/ports/src/app/openvpn/64bit/config_sizeof_long.h b/repos/ports/src/app/openvpn/64bit/config_sizeof_long.h
new file mode 100644
index 0000000000..b8a38d26d8
--- /dev/null
+++ b/repos/ports/src/app/openvpn/64bit/config_sizeof_long.h
@@ -0,0 +1,6 @@
+#ifndef _32BIT_CONFIG_SIZEOF_LONG_H_
+#define _32BIT_CONFIG_SIZEOF_LONG_H_
+
+#define SIZEOF_UNSIGNED_LONG 8
+
+#endif /* _32BIT_CONFIG_SIZEOF_LONG_H_ */
diff --git a/repos/ports/src/app/openvpn/config.h b/repos/ports/src/app/openvpn/config.h
new file mode 100644
index 0000000000..13d009ceae
--- /dev/null
+++ b/repos/ports/src/app/openvpn/config.h
@@ -0,0 +1,796 @@
+/* config.h. Generated from config.h.in by configure. */
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* Configuration settings */
+#define CONFIGURE_DEFINES "enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no"
+
+/* special build string */
+/* #undef CONFIGURE_SPECIAL_BUILD */
+
+/* Use memory debugging function in OpenSSL */
+/* #undef CRYPTO_MDEBUG */
+
+/* Use dmalloc memory debugging library */
+/* #undef DMALLOC */
+
+/* Dimension to use for empty array declaration */
+#define EMPTY_ARRAY_SIZE 0
+
+/* Enable client capability only */
+#define ENABLE_CLIENT_ONLY 1
+
+/* Enable client/server capability */
+#define ENABLE_CLIENT_SERVER 1
+
+/* Enable crypto library */
+#define ENABLE_CRYPTO 1
+
+/* Use OpenSSL library */
+#define ENABLE_CRYPTO_OPENSSL 1
+
+/* Use PolarSSL library */
+/* #undef ENABLE_CRYPTO_POLARSSL */
+
+/* Enable debugging support */
+#define ENABLE_DEBUG 1
+
+/* Enable deferred authentication */
+#define ENABLE_DEF_AUTH 1
+
+/* We have persist tun capability */
+#define ENABLE_FEATURE_TUN_PERSIST 1
+
+/* Enable internal fragmentation support */
+#define ENABLE_FRAGMENT 1
+
+/* Enable HTTP proxy support */
+#define ENABLE_HTTP_PROXY 1
+
+/* enable iproute2 support */
+/* #undef ENABLE_IPROUTE */
+
+/* Enable LZO compression library */
+/* #undef ENABLE_LZO */
+
+/* Enable LZO stub capability */
+/* #undef ENABLE_LZO_STUB */
+
+/* Enable management server capability */
+#define ENABLE_MANAGEMENT 1
+
+/* Enable multi-homed UDP server capability */
+#define ENABLE_MULTIHOME 1
+
+/* Allow --askpass and --auth-user-pass passwords to be read from a file */
+/* #undef ENABLE_PASSWORD_SAVE */
+
+/* Enable internal packet filter */
+#define ENABLE_PF 1
+
+/* Enable PKCS11 */
+/* #undef ENABLE_PKCS11 */
+
+/* Enable plug-in support */
+#define ENABLE_PLUGIN 1
+
+/* Enable TCP Server port sharing */
+#define ENABLE_PORT_SHARE 1
+
+/* SELinux support */
+/* #undef ENABLE_SELINUX */
+
+/* Enable smaller executable size */
+/* #undef ENABLE_SMALL */
+
+/* Enable Socks proxy support */
+#define ENABLE_SOCKS 1
+
+/* Enable ssl library */
+#define ENABLE_SSL 1
+
+/* Enable strict options check between peers */
+/* #undef ENABLE_STRICT_OPTIONS_CHECK */
+
+/* Enable systemd support */
+/* #undef ENABLE_SYSTEMD */
+
+/* Enable --x509-username-field feature */
+/* #undef ENABLE_X509ALTUSERNAME */
+
+/* Define to 1 if you have the `accept' function. */
+#define HAVE_ACCEPT 1
+
+/* Define to 1 if you have the `access' function. */
+#define HAVE_ACCESS 1
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#define HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the `basename' function. */
+#define HAVE_BASENAME 1
+
+/* Define to 1 if you have the `bind' function. */
+#define HAVE_BIND 1
+
+/* Define to 1 if you have the `chdir' function. */
+#define HAVE_CHDIR 1
+
+/* Define to 1 if you have the `chroot' function. */
+#define HAVE_CHROOT 1
+
+/* Define to 1 if you have the `chsize' function. */
+/* #undef HAVE_CHSIZE */
+
+/* struct cmsghdr needed for extended socket error support */
+#define HAVE_CMSGHDR 1
+
+/* extra version available in config-version.h */
+/* #undef HAVE_CONFIG_VERSION_H */
+
+/* Define to 1 if you have the `connect' function. */
+#define HAVE_CONNECT 1
+
+/* Define to 1 if your compiler supports GNU GCC-style variadic macros */
+#define HAVE_CPP_VARARG_MACRO_GCC 1
+
+/* Define to 1 if your compiler supports ISO C99 variadic macros */
+#define HAVE_CPP_VARARG_MACRO_ISO 1
+
+/* Define to 1 if you have the `ctime' function. */
+#define HAVE_CTIME 1
+
+/* Define to 1 if you have the <ctype.h> header file. */
+#define HAVE_CTYPE_H 1
+
+/* Define to 1 if you have the `daemon' function. */
+#define HAVE_DAEMON 1
+
+/* Define to 1 if you have the declaration of `SIGHUP', and to 0 if you don't.
+ */
+#define HAVE_DECL_SIGHUP 1
+
+/* Define to 1 if you have the declaration of `SIGINT', and to 0 if you don't.
+ */
+#define HAVE_DECL_SIGINT 1
+
+/* Define to 1 if you have the declaration of `SIGTERM', and to 0 if you
+ don't. */
+#define HAVE_DECL_SIGTERM 1
+
+/* Define to 1 if you have the declaration of `SIGUSR1', and to 0 if you
+ don't. */
+#define HAVE_DECL_SIGUSR1 1
+
+/* Define to 1 if you have the declaration of `SIGUSR2', and to 0 if you
+ don't. */
+#define HAVE_DECL_SIGUSR2 1
+
+/* Define to 1 if you have the declaration of `SO_MARK', and to 0 if you
+ don't. */
+#define HAVE_DECL_SO_MARK 1
+
+/* Define to 1 if you have the declaration of `TUNSETPERSIST', and to 0 if you
+ don't. */
+#define HAVE_DECL_TUNSETPERSIST 1
+
+/* Define to 1 if you have the <direct.h> header file. */
+/* #undef HAVE_DIRECT_H */
+
+/* Define to 1 if you have the `dirname' function. */
+#define HAVE_DIRNAME 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the `dup' function. */
+#define HAVE_DUP 1
+
+/* Define to 1 if you have the `dup2' function. */
+#define HAVE_DUP2 1
+
+/* Define to 1 if you have the `ENGINE_cleanup' function. */
+#define HAVE_ENGINE_CLEANUP 1
+
+/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
+#define HAVE_ENGINE_LOAD_BUILTIN_ENGINES 1
+
+/* Define to 1 if you have the `ENGINE_register_all_complete' function. */
+#define HAVE_ENGINE_REGISTER_ALL_COMPLETE 1
+
+/* Define to 1 if you have the `epoll_create' function. */
+/* #undef HAVE_EPOLL_CREATE */
+
+/* Define to 1 if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H 1
+
+/* Define to 1 if you have the <err.h> header file. */
+#define HAVE_ERR_H 1
+
+/* Define to 1 if you have the `EVP_CIPHER_CTX_set_key_length' function. */
+#define HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH 1
+
+/* Define to 1 if you have the `execve' function. */
+#define HAVE_EXECVE 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define to 1 if you have the `flock' function. */
+#define HAVE_FLOCK 1
+
+/* Define to 1 if you have the `fork' function. */
+#define HAVE_FORK 1
+
+/* Define to 1 if you have the `ftruncate' function. */
+#define HAVE_FTRUNCATE 1
+
+/* Define to 1 if you have the `getgrnam' function. */
+#define HAVE_GETGRNAM 1
+
+/* Define to 1 if you have the `gethostbyname' function. */
+#define HAVE_GETHOSTBYNAME 1
+
+/* Define to 1 if you have the `getpass' function. */
+#define HAVE_GETPASS 1
+
+/* Define to 1 if you have the `getpeereid' function. */
+/* #undef HAVE_GETPEEREID */
+
+/* Define to 1 if you have the `getpeername' function. */
+#define HAVE_GETPEERNAME 1
+
+/* Define to 1 if you have the `getpid' function. */
+#define HAVE_GETPID 1
+
+/* Define to 1 if you have the `getpwnam' function. */
+#define HAVE_GETPWNAM 1
+
+/* Define to 1 if you have the `getsockname' function. */
+#define HAVE_GETSOCKNAME 1
+
+/* Define to 1 if you have the `getsockopt' function. */
+#define HAVE_GETSOCKOPT 1
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#define HAVE_GETTIMEOFDAY 1
+
+/* Define to 1 if you have the <grp.h> header file. */
+#define HAVE_GRP_H 1
+
+/* Define to 1 if you have the `inet_ntoa' function. */
+#define HAVE_INET_NTOA 1
+
+/* Define to 1 if you have the `inet_ntop' function. */
+#define HAVE_INET_NTOP 1
+
+/* Define to 1 if you have the `inet_pton' function. */
+#define HAVE_INET_PTON 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Define to 1 if the system has the type `in_addr_t'. */
+#define HAVE_IN_ADDR_T 1
+
+/* struct in_pktinfo needed for IP_PKTINFO support */
+/* #undef HAVE_IN_PKTINFO */
+
+/* struct iovec needed for IPv6 support */
+#define HAVE_IOVEC 1
+
+/* Define to 1 if you have the <io.h> header file. */
+/* #undef HAVE_IO_H */
+
+/* struct iphdr needed for IPv6 support */
+#define HAVE_IPHDR 1
+
+/* Define to 1 if you have the <libgen.h> header file. */
+#define HAVE_LIBGEN_H 1
+
+/* Define to 1 if you have the `polarssl' library (-lpolarssl). */
+/* #undef HAVE_LIBPOLARSSL */
+
+/* Define to 1 if you have the <limits.h> header file. */
+#define HAVE_LIMITS_H 1
+
+/* Define to 1 if you have the <linux/if_tun.h> header file. */
+#define HAVE_LINUX_IF_TUN_H 1
+
+/* Define to 1 if you have the <linux/sockios.h> header file. */
+#define HAVE_LINUX_SOCKIOS_H 1
+
+/* Define to 1 if you have the <linux/types.h> header file. */
+#define HAVE_LINUX_TYPES_H 1
+
+/* Define to 1 if you have the `listen' function. */
+#define HAVE_LISTEN 1
+
+/* Define to 1 if you have the <lzo1x.h> header file. */
+/* #undef HAVE_LZO1X_H */
+
+/* Define to 1 if you have the <lzoutil.h> header file. */
+/* #undef HAVE_LZOUTIL_H */
+
+/* Define to 1 if you have the <lzo/lzo1x.h> header file. */
+/* #undef HAVE_LZO_LZO1X_H */
+
+/* Define to 1 if you have the <lzo/lzoutil.h> header file. */
+/* #undef HAVE_LZO_LZOUTIL_H */
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the `memset' function. */
+#define HAVE_MEMSET 1
+
+/* Define to 1 if you have the `mlockall' function. */
+#define HAVE_MLOCKALL 1
+
+/* struct msghdr needed for extended socket error support */
+#define HAVE_MSGHDR 1
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netinet/if_ether.h> header file. */
+#define HAVE_NETINET_IF_ETHER_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#define HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <netinet/in_systm.h> header file. */
+#define HAVE_NETINET_IN_SYSTM_H 1
+
+/* Define to 1 if you have the <netinet/ip.h> header file. */
+#define HAVE_NETINET_IP_H 1
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#define HAVE_NETINET_TCP_H 1
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#define HAVE_NET_IF_H 1
+
+/* Define to 1 if you have the <net/if_tun.h> header file. */
+/* #undef HAVE_NET_IF_TUN_H */
+
+/* Define to 1 if you have the <net/if_utun.h> header file. */
+/* #undef HAVE_NET_IF_UTUN_H */
+
+/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
+/* #undef HAVE_NET_TUN_IF_TUN_H */
+
+/* Define to 1 if you have the `nice' function. */
+#define HAVE_NICE 1
+
+/* Define to 1 if you have the `openlog' function. */
+#define HAVE_OPENLOG 1
+
+/* Use crypto library */
+#define HAVE_OPENSSL_ENGINE 1
+
+/* Define to 1 if you have the `poll' function. */
+#define HAVE_POLL 1
+
+/* Define to 1 if you have the `putenv' function. */
+#define HAVE_PUTENV 1
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#define HAVE_PWD_H 1
+
+/* Define to 1 if you have the `readv' function. */
+#define HAVE_READV 1
+
+/* Define to 1 if you have the `recv' function. */
+#define HAVE_RECV 1
+
+/* Define to 1 if you have the `recvfrom' function. */
+#define HAVE_RECVFROM 1
+
+/* Define to 1 if you have the `recvmsg' function. */
+#define HAVE_RECVMSG 1
+
+/* Define to 1 if you have the <resolv.h> header file. */
+#define HAVE_RESOLV_H 1
+
+/* Define to 1 if you have the `res_init' function. */
+/* #undef HAVE_RES_INIT */
+
+/* Define to 1 if you have the `select' function. */
+#define HAVE_SELECT 1
+
+/* Define to 1 if you have the `send' function. */
+#define HAVE_SEND 1
+
+/* Define to 1 if you have the `sendmsg' function. */
+#define HAVE_SENDMSG 1
+
+/* Define to 1 if you have the `sendto' function. */
+#define HAVE_SENDTO 1
+
+/* Define to 1 if you have the `setgid' function. */
+#define HAVE_SETGID 1
+
+/* Define to 1 if you have the `setgroups' function. */
+#define HAVE_SETGROUPS 1
+
+/* Define to 1 if you have the `setsid' function. */
+#define HAVE_SETSID 1
+
+/* Define to 1 if you have the `setsockopt' function. */
+#define HAVE_SETSOCKOPT 1
+
+/* Define to 1 if you have the `setuid' function. */
+#define HAVE_SETUID 1
+
+/* Define to 1 if you have the <signal.h> header file. */
+#define HAVE_SIGNAL_H 1
+
+/* Define to 1 if you have the `socket' function. */
+#define HAVE_SOCKET 1
+
+/* struct sock_extended_err needed for extended socket error support */
+/* #undef HAVE_SOCK_EXTENDED_ERR */
+
+/* Define to 1 if you have the `stat' function. */
+#define HAVE_STAT 1
+
+/* Define to 1 if you have the <stdarg.h> header file. */
+#define HAVE_STDARG_H 1
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#define HAVE_STDBOOL_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#define HAVE_STDIO_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the `strdup' function. */
+#define HAVE_STRDUP 1
+
+/* Define to 1 if you have the `strerror' function. */
+#define HAVE_STRERROR 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <stropts.h> header file. */
+#define HAVE_STROPTS_H 1
+
+/* Define to 1 if you have the `syslog' function. */
+#define HAVE_SYSLOG 1
+
+/* Define to 1 if you have the <syslog.h> header file. */
+#define HAVE_SYSLOG_H 1
+
+/* Define to 1 if you have the `system' function. */
+#define HAVE_SYSTEM 1
+
+/* Define to 1 if you have the <sys/epoll.h> header file. */
+/* #undef HAVE_SYS_EPOLL_H */
+
+/* Define to 1 if you have the <sys/file.h> header file. */
+#define HAVE_SYS_FILE_H 1
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#define HAVE_SYS_IOCTL_H 1
+
+/* Define to 1 if you have the <sys/kern_control.h> header file. */
+/* #undef HAVE_SYS_KERN_CONTROL_H */
+
+/* Define to 1 if you have the <sys/mman.h> header file. */
+#define HAVE_SYS_MMAN_H 1
+
+/* Define to 1 if you have the <sys/poll.h> header file. */
+#define HAVE_SYS_POLL_H 1
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#define HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+/* #undef HAVE_SYS_SOCKIO_H */
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#define HAVE_SYS_UIO_H 1
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#define HAVE_SYS_UN_H 1
+
+/* Define to 1 if you have the <sys/wait.h> header file. */
+#define HAVE_SYS_WAIT_H 1
+
+/* Define to 1 if you have the <tap-windows.h> header file. */
+/* #undef HAVE_TAP_WINDOWS_H */
+
+/* Define to 1 if you have the `time' function. */
+#define HAVE_TIME 1
+
+/* Define to 1 if you have the <time.h> header file. */
+#define HAVE_TIME_H 1
+
+/* Define to 1 if you have the `umask' function. */
+#define HAVE_UMASK 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `unlink' function. */
+#define HAVE_UNLINK 1
+
+/* Define to 1 if you have the `vfork' function. */
+#define HAVE_VFORK 1
+
+/* Define to 1 if you have the <vfork.h> header file. */
+/* #undef HAVE_VFORK_H */
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#define HAVE_VSNPRINTF 1
+
+/* Define to 1 if you have the <windows.h> header file. */
+/* #undef HAVE_WINDOWS_H */
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+/* #undef HAVE_WINSOCK2_H */
+
+/* Define to 1 if `fork' works. */
+#define HAVE_WORKING_FORK 1
+
+/* Define to 1 if `vfork' works. */
+/* #undef HAVE_WORKING_VFORK */
+
+/* Define to 1 if you have the `writev' function. */
+#define HAVE_WRITEV 1
+
+/* Define to 1 if you have the <ws2tcpip.h> header file. */
+/* #undef HAVE_WS2TCPIP_H */
+
+/* Path to ifconfig tool */
+#define IFCONFIG_PATH "/sbin/ifconfig"
+
+/* Path to iproute tool */
+#define IPROUTE_PATH "/bin/ip"
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#define LT_OBJDIR ".libs/"
+
+/* Version in windows resource format */
+#define OPENVPN_VERSION_RESOURCE 2,3,4,0
+
+/* Name of package */
+#define PACKAGE "openvpn"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "openvpn-users@lists.sourceforge.net"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "OpenVPN"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "OpenVPN 2.3.4"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "openvpn"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "2.3.4"
+
+/* Path separator */
+#define PATH_SEPARATOR '/'
+
+/* Path separator */
+#define PATH_SEPARATOR_STR "/"
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#define RETSIGTYPE void
+
+/* Path to route tool */
+#define ROUTE_PATH "/sbin/route"
+
+/* SIGHUP replacement */
+/* #undef SIGHUP */
+
+/* SIGINT replacement */
+/* #undef SIGINT */
+
+/* SIGTERM replacement */
+/* #undef SIGTERM */
+
+/* SIGUSR1 replacement */
+/* #undef SIGUSR1 */
+
+/* SIGUSR2 replacement */
+/* #undef SIGUSR2 */
+
+/* The size of `unsigned int', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_INT 4
+
+/* The size of `unsigned long', as computed by sizeof. */
+/* #undef SIZEOF_UNSIGNED_LONG */
+#include "config_sizeof_long.h"
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* The tap-windows id */
+#define TAP_WIN_COMPONENT_ID "tap0901"
+
+/* The tap-windows version number is required for OpenVPN */
+#define TAP_WIN_MIN_MAJOR 9
+
+/* The tap-windows version number is required for OpenVPN */
+#define TAP_WIN_MIN_MINOR 9
+
+/* A string representing our host */
+#define TARGET_ALIAS "unknown-unknown-genode"
+
+/* Are we running on Mac OS X? */
+/* #undef TARGET_DARWIN */
+
+/* Are we running on DragonFlyBSD? */
+/* #undef TARGET_DRAGONFLY */
+
+/* Are we running on FreeBSD? */
+#define TARGET_FREEBSD 1
+
+/* Are we running on Linux? */
+/* #undef TARGET_LINUX */
+
+/* Are we running NetBSD? */
+/* #undef TARGET_NETBSD */
+
+/* Are we running on OpenBSD? */
+/* #undef TARGET_OPENBSD */
+
+/* Target prefix */
+#define TARGET_PREFIX "F"
+
+/* Are we running on Solaris? */
+/* #undef TARGET_SOLARIS */
+
+/* Are we running WIN32? */
+/* #undef TARGET_WIN32 */
+
+/* dlopen libpam */
+/* #undef USE_PAM_DLOPEN */
+
+/* Enable extensions on AIX 3, Interix. */
+#ifndef _ALL_SOURCE
+# define _ALL_SOURCE 1
+#endif
+/* Enable GNU extensions on systems that have them. */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE 1
+#endif
+/* Enable threading extensions on Solaris. */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# define _POSIX_PTHREAD_SEMANTICS 1
+#endif
+/* Enable extensions on HP NonStop. */
+#ifndef _TANDEM_SOURCE
+# define _TANDEM_SOURCE 1
+#endif
+/* Enable general extensions on Solaris. */
+#ifndef __EXTENSIONS__
+# define __EXTENSIONS__ 1
+#endif
+
+
+/* Use valgrind memory debugging library */
+/* #undef USE_VALGRIND */
+
+/* Version number of package */
+#define VERSION "2.3.4"
+
+/* Define to 1 if on MINIX. */
+/* #undef _MINIX */
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+ this defined. */
+/* #undef _POSIX_1_SOURCE */
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+/* #undef _POSIX_SOURCE */
+
+/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
+ <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+ #define below would cause a syntax error. */
+/* #undef _UINT32_T */
+
+/* Define for Solaris 2.5.1 so the uint64_t typedef from <sys/synch.h>,
+ <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+ #define below would cause a syntax error. */
+/* #undef _UINT64_T */
+
+/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
+ <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+ #define below would cause a syntax error. */
+/* #undef _UINT8_T */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+/* #undef gid_t */
+
+/* Workaround missing in_addr_t */
+/* #undef in_addr_t */
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+/* #undef inline */
+#endif
+
+/* Define to the type of a signed integer type of width exactly 16 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef int16_t */
+
+/* Define to the type of a signed integer type of width exactly 32 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef int32_t */
+
+/* Define to the type of a signed integer type of width exactly 64 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef int64_t */
+
+/* Define to the type of a signed integer type of width exactly 8 bits if such
+ a type exists and the standard includes do not define it. */
+/* #undef int8_t */
+
+/* Define to `long int' if <sys/types.h> does not define. */
+/* #undef off_t */
+
+/* Define to `int' if <sys/types.h> does not define. */
+/* #undef pid_t */
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+/* type to use in place of socklen_t if not defined */
+/* #undef socklen_t */
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+/* #undef uid_t */
+
+/* Define to the type of an unsigned integer type of width exactly 16 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint16_t */
+
+/* Define to the type of an unsigned integer type of width exactly 32 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint32_t */
+
+/* Define to the type of an unsigned integer type of width exactly 64 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint64_t */
+
+/* Define to the type of an unsigned integer type of width exactly 8 bits if
+ such a type exists and the standard includes do not define it. */
+/* #undef uint8_t */
+
+/* Define as `fork' if `vfork' does not work. */
+/* #undef vfork */
+
+/* Define to empty if the keyword `volatile' does not work. Warning: valid
+ code using `volatile' can become incorrect without. Disable with care. */
+/* #undef volatile */
diff --git a/repos/ports/src/app/openvpn/dummies.c b/repos/ports/src/app/openvpn/dummies.c
new file mode 100644
index 0000000000..f92d0412e2
--- /dev/null
+++ b/repos/ports/src/app/openvpn/dummies.c
@@ -0,0 +1,33 @@
+/**
+ * \brief Dummy functions
+ * \author Josef Soentgen
+ * \date 2014-05-19
+ */
+
+/*
+ * Copyright (C) 2014 Genode Labs GmbH
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU General Public License version 2.
+ */
+
+/* Genode includes */
+#include <stdio.h>
+
+typedef long DUMMY;
+
+enum {
+ SHOW_DUMMY = 0,
+};
+
+#define DUMMY(retval, name) \
+DUMMY name(void) { \
+ if (SHOW_DUMMY) \
+ fprintf(stderr, #name " called (from %p) not implemented", __builtin_return_address(0)); \
+ return retval; \
+}
+
+DUMMY(-1, mlockall)
+DUMMY(-1, if_indextoname)
+DUMMY(-1, if_nametoindex)
+DUMMY(-1, sendmsg)
diff --git a/repos/ports/src/app/openvpn/main.cc b/repos/ports/src/app/openvpn/main.cc
new file mode 100644
index 0000000000..050466cef7
--- /dev/null
+++ b/repos/ports/src/app/openvpn/main.cc
@@ -0,0 +1,244 @@
+/**
+ * \brief TUN/TAP to Nic_session interface
+ * \author Josef Soentgen
+ * \date 2014-06-05
+ */
+
+/*
+ * Copyright (C) 2014 Genode Labs GmbH
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU General Public License version 2.
+ */
+
+/* Genode includes */
+#include <os/server.h>
+#include <os/config.h>
+#include <os/static_root.h>
+#include <cap_session/connection.h>
+#include <nic/component.h>
+#include <root/component.h>
+
+/* libc includes */
+#include <unistd.h>
+
+/* local includes */
+#include "tuntap.h"
+
+
+static int const verbose = false;
+#define PDBGV(...) if (verbose) PDBG(__VA_ARGS__)
+
+
+/* external symbols provided by Genode's startup code */
+extern char **genode_argv;
+extern int genode_argc;
+
+
+/*********************************
+ ** OpenVPN main thread wrapper **
+ *********************************/
+
+extern "C" int openvpn_main(int, char*[]);
+
+
+class Openvpn_thread : public Genode::Thread<16UL * 1024 * sizeof (long)>
+{
+ private:
+
+ int _argc;
+ char **_argv;
+ int _exitcode;
+
+ public:
+
+ Openvpn_thread(int argc, char *argv[])
+ :
+ Thread("openvpn_main"),
+ _argc(argc), _argv(argv),
+ _exitcode(-1)
+ {
+ //for (int i = 0; i < _argc; i++)
+ // PINF("_argv[%i]: '%s'", i, _argv[i]);
+ }
+
+ void entry()
+ {
+ _exitcode = ::openvpn_main(_argc, _argv);
+ };
+};
+
+
+static Tuntap_device* _tuntap_dev;
+
+
+Tuntap_device *tuntap_dev()
+{
+ return _tuntap_dev;
+}
+
+
+/***************************************
+ ** Implementation of the Nic service **
+ ***************************************/
+
+class Nic_driver : public Tuntap_device,
+ public Nic::Driver
+{
+ private:
+
+ Nic::Mac_address _mac_addr {{ 0x02, 0x00, 0x00, 0x00, 0x00, 0x01 }};
+ Nic::Rx_buffer_alloc &_alloc;
+
+ char const *_packet;
+
+ enum { READ = 0, WRITE = 1 };
+
+ int _pipefd[2];
+ Genode::Semaphore _startup_lock;
+ Genode::Semaphore _tx_lock;
+
+
+ public:
+
+ Nic_driver(Nic::Rx_buffer_alloc &alloc)
+ :
+ _alloc(alloc),
+ _packet(0)
+ {
+ if (pipe(_pipefd)) {
+ PERR("could not create pipe");
+ throw Genode::Exception();
+ }
+ }
+
+ ~Nic_driver() { PDBG("should probably be implemented"); }
+
+
+ /***************************
+ ** Nic::Driver interface **
+ ***************************/
+
+ Nic::Mac_address mac_address() { return _mac_addr; }
+
+ void tx(char const *packet, Genode::size_t size)
+ {
+ PDBGV("packet:0x%p size:%zu", packet, size);
+
+ _packet = packet;
+
+ /* notify openvpn */
+ ::write(_pipefd[WRITE], "1", 1);
+
+ /* block while openvpn handles the packet */
+ _tx_lock.down();
+ }
+
+ /******************************
+ ** Irq_activation interface **
+ ******************************/
+
+ void handle_irq(int) { }
+
+ /***********************
+ ** TUN/TAP interface **
+ ***********************/
+
+ int fd() { return _pipefd[READ]; }
+
+ /* tx */
+ int read(char *buf, Genode::size_t len)
+ {
+ PDBGV("buf:0x%p len:%zu", len);
+
+ Genode::memcpy(buf, _packet, len);
+ _packet = 0;
+
+ /* unblock nic client */
+ _tx_lock.up();
+
+ return len;
+ }
+
+ /* rx */
+ int write(char const *buf, Genode::size_t len)
+ {
+ PDBGV("buf:0x%p len:%zu", len);
+
+ void *buffer = _alloc.alloc(len);
+ Genode::memcpy(buffer, buf, len);
+ _alloc.submit();
+
+ return len;
+ }
+
+ void up() { _startup_lock.up(); }
+
+ void down() { _startup_lock.down(); }
+};
+
+
+struct Main
+{
+ struct Nic_driver_factory : Nic::Driver_factory
+ {
+ Nic_driver *drv { 0 };
+ Openvpn_thread *openvpn { 0 };
+
+ Nic::Driver *create(Nic::Rx_buffer_alloc &alloc)
+ {
+ /* there can be only one */
+ if (!drv) {
+ drv = new (Genode::env()->heap()) Nic_driver(alloc);
+
+ /**
+ * Setting the pointer in this manner is quite hackish but it has
+ * to be valid before OpenVPN calls open_tun(), which unfortunatly
+ * is early.
+ */
+ _tuntap_dev = drv;
+
+ PDBGV("start OpenVPN main thread");
+ Openvpn_thread *openvpn = new (Genode::env()->heap()) Openvpn_thread(genode_argc,
+ genode_argv);
+
+ openvpn->start();
+
+ /* wait until OpenVPN configured the TUN/TAP device for the first time */
+ _tuntap_dev->down();
+
+ return drv;
+ }
+
+ return 0;
+ }
+
+ void destroy(Nic::Driver *driver)
+ {
+ Genode::destroy(Genode::env()->heap(), static_cast<Nic_driver *>(driver));
+ drv = 0;
+ Genode::destroy(Genode::env()->heap(), openvpn);
+ openvpn = 0;
+ }
+ } driver_factory;
+
+ Server::Entrypoint &ep;
+
+ Main(Server::Entrypoint &ep) : ep(ep)
+ {
+ static Nic::Root nic_root(&ep.rpc_ep(), Genode::env()->heap(), driver_factory);
+
+ Genode::env()->parent()->announce(ep.manage(nic_root));
+ }
+};
+
+
+/**********************
+ ** Server framework **
+ **********************/
+
+namespace Server {
+ char const *name() { return "openvpn_ep"; }
+ size_t stack_size() { return 8 * 1024 * sizeof (addr_t); }
+ void construct(Entrypoint &ep) { static Main server(ep); }
+}
diff --git a/repos/ports/src/app/openvpn/patches/fdmisc.c.patch b/repos/ports/src/app/openvpn/patches/fdmisc.c.patch
new file mode 100644
index 0000000000..aa06679ce3
--- /dev/null
+++ b/repos/ports/src/app/openvpn/patches/fdmisc.c.patch
@@ -0,0 +1,11 @@
+--- a/src/openvpn/fdmisc.c 2014-06-04 12:19:22.428224954 +0200
++++ b/src/openvpn/fdmisc.c 2014-06-04 15:14:38.660582474 +0200
+@@ -54,7 +54,7 @@
+ bool
+ set_cloexec_action (int fd)
+ {
+-#ifndef WIN32
++#if 0
+ if (fcntl (fd, F_SETFD, FD_CLOEXEC) < 0)
+ return false;
+ #endif
diff --git a/repos/ports/src/app/openvpn/patches/openvpn.c.patch b/repos/ports/src/app/openvpn/patches/openvpn.c.patch
new file mode 100644
index 0000000000..126c76c6ec
--- /dev/null
+++ b/repos/ports/src/app/openvpn/patches/openvpn.c.patch
@@ -0,0 +1,23 @@
+--- a/src/openvpn/openvpn.c 2013-11-07 13:55:13.000000000 +0100
++++ b/src/openvpn/openvpn.c 2014-06-06 15:44:09.912735591 +0200
+@@ -127,7 +127,6 @@
+ * @param argc - Commandline argument count.
+ * @param argv - Commandline argument values.
+ */
+-static
+ int
+ openvpn_main (int argc, char *argv[])
+ {
+@@ -319,8 +318,8 @@
+ return ret;
+ }
+ #else
+-int
+-main (int argc, char *argv[]) {
+- return openvpn_main(argc, argv);
+-}
++//int
++//main (int argc, char *argv[]) {
++// return openvpn_main(argc, argv);
++//}
+ #endif
diff --git a/repos/ports/src/app/openvpn/patches/platform.c.patch b/repos/ports/src/app/openvpn/patches/platform.c.patch
new file mode 100644
index 0000000000..d43e94e8d8
--- /dev/null
+++ b/repos/ports/src/app/openvpn/patches/platform.c.patch
@@ -0,0 +1,13 @@
+Since the VFS is process-local on Genode, we have all the rights we
+need.
+--- a/src/openvpn/platform.c 2014-06-03 16:47:45.892653524 +0200
++++ b/src/openvpn/platform.c 2014-06-03 16:47:53.896653798 +0200
+@@ -226,7 +226,7 @@
+ gc_free (&gc);
+ return ret;
+ #else
+- return access (path, mode);
++ return 0;
+ #endif
+ }
+
diff --git a/repos/ports/src/app/openvpn/patches/syshead.h.patch b/repos/ports/src/app/openvpn/patches/syshead.h.patch
new file mode 100644
index 0000000000..e51286ab21
--- /dev/null
+++ b/repos/ports/src/app/openvpn/patches/syshead.h.patch
@@ -0,0 +1,11 @@
+--- a/src/openvpn/syshead.h 2014-05-16 17:22:04.000000000 +0200
++++ b/src/openvpn/syshead.h 2014-05-16 17:22:52.000000000 +0200
+@@ -714,7 +714,7 @@
+ /*
+ * Do we support pushing peer info?
+ */
+-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL)
++#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && !defined(ENABLE_CLIENT_ONLY)
+ #define ENABLE_PUSH_PEER_INFO
+ #endif
+
diff --git a/repos/ports/src/app/openvpn/target.mk b/repos/ports/src/app/openvpn/target.mk
new file mode 100644
index 0000000000..25587678d7
--- /dev/null
+++ b/repos/ports/src/app/openvpn/target.mk
@@ -0,0 +1,106 @@
+TARGET = openvpn
+
+LIBS += libc libc_lock_pipe libc_lwip_nic_dhcp \
+ vfs_jitterentropy \
+ libcrypto libssl config_args server
+
+OPENVPN_PORT_DIR := $(call select_from_ports,openvpn)
+OPENVPN_DIR := $(OPENVPN_PORT_DIR)/src/app/openvpn
+
+SRC_C_compat := compat-dirname.c \
+ compat-basename.c \
+ compat-gettimeofday.c \
+ compat-daemon.c \
+ compat-inet_ntop.c \
+ compat-inet_pton.c
+
+SRC_C_openvpn := base64.c \
+ buffer.c \
+ clinat.c \
+ console.c \
+ crypto.c \
+ crypto_openssl.c \
+ cryptoapi.c \
+ dhcp.c \
+ error.c \
+ event.c \
+ fdmisc.c \
+ forward.c \
+ fragment.c \
+ gremlin.c \
+ helper.c \
+ httpdigest.c \
+ init.c \
+ interval.c \
+ list.c \
+ lladdr.c \
+ lzo.c \
+ manage.c \
+ mbuf.c \
+ misc.c \
+ mroute.c \
+ mss.c \
+ mstats.c \
+ mtcp.c \
+ mtu.c \
+ mudp.c \
+ multi.c \
+ ntlm.c \
+ occ.c \
+ openvpn.c \
+ options.c \
+ otime.c \
+ packet_id.c \
+ perf.c \
+ pf.c \
+ ping.c \
+ pkcs11.c \
+ pkcs11_openssl.c \
+ platform.c \
+ plugin.c \
+ pool.c \
+ proto.c \
+ proxy.c \
+ ps.c \
+ push.c \
+ reliable.c \
+ route.c \
+ schedule.c \
+ session_id.c \
+ shaper.c \
+ sig.c \
+ socket.c \
+ socks.c \
+ ssl.c \
+ ssl_openssl.c \
+ ssl_verify.c \
+ ssl_verify_openssl.c \
+ status.c
+
+SRC_CC = main.cc tun_genode.cc
+
+CC_CXX_OPT += -fpermissive
+
+# too much to cope with...
+CC_WARN =
+
+SRC_C := $(SRC_C_compat) $(SRC_C_openvpn) dummies.c
+
+CC_OPT += -DHAVE_CONFIG_H -DSELECT_PREFERRED_OVER_POLL
+
+INC_DIR += $(OPENVPN_DIR)/include
+INC_DIR += $(OPENVPN_DIR)/src/compat
+INC_DIR += $(OPENVPN_DIR)/src/openvpn
+
+# find 'config.h'
+ifeq ($(filter-out $(SPECS),32bit),)
+ TARGET_CPUBIT=32bit
+else ifeq ($(filter-out $(SPECS),64bit),)
+ TARGET_CPUBIT=64bit
+endif
+INC_DIR += $(REP_DIR)/src/app/openvpn/$(TARGET_CPUBIT)
+INC_DIR += $(REP_DIR)/src/app/openvpn/
+
+vpath compat-%.c $(OPENVPN_DIR)/src/compat
+vpath %.c $(OPENVPN_DIR)/src/openvpn
+vpath %.cc $(REP_DIR)/src/app/openvpn
diff --git a/repos/ports/src/app/openvpn/tun_genode.cc b/repos/ports/src/app/openvpn/tun_genode.cc
new file mode 100644
index 0000000000..1b62470cbf
--- /dev/null
+++ b/repos/ports/src/app/openvpn/tun_genode.cc
@@ -0,0 +1,303 @@
+/**
+ * \brief TUN/TAP to Nic_session interface
+ * \author Josef Soentgen
+ * \date 2014-06-05
+ */
+
+/*
+ * Copyright (C) 2014 Genode Labs GmbH
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU General Public License version 2.
+ */
+
+
+/* Genode includes */
+#include <base/printf.h>
+#include <base/snprintf.h>
+#include <cap_session/connection.h>
+#include <nic_session/rpc_object.h>
+#include <os/server.h>
+#include <root/component.h>
+#include <util/string.h>
+
+/* local includes */
+#include "tuntap.h"
+
+/* OpenVPN includes */
+extern "C" {
+#include "config.h"
+#include "syshead.h"
+#include "socket.h"
+#include "tun.h"
+}
+
+
+static bool verbose = false;
+#define PDBGV(...) if (verbose) PDBG(__VA_ARGS__)
+#define TRACE do { PDBGV("%s: called", __func__); } while (0)
+
+
+extern Tuntap_device *tuntap_dev();
+
+
+static in_addr_t gen_broadcast_addr(in_addr_t local, in_addr_t netmask) {
+ return local | ~netmask; }
+
+
+extern "C" void open_tun(char const *dev, char const *dev_type,
+ char const *dev_node, struct tuntap *tt)
+{
+ /* start with a failed attempt to open tun/tap device */
+ tt->fd = -1;
+
+ if (tt->ipv6) {
+ PERR("IPv6 is currently not supported!");
+ return;
+ }
+
+ if (tt->type == DEV_TYPE_NULL) {
+ PERR("null device not supported");
+ return;
+ }
+
+ char name[256];
+ Genode::snprintf(name, sizeof (name), "/dev/%s", dev);
+
+ tt->actual_name = string_alloc(name, NULL);
+ tt->fd = tuntap_dev()->fd();
+ PDBGV("tt->fd:%d", tuntap_dev()->fd());
+}
+
+
+extern "C" void close_tun(struct tuntap *tt)
+{
+ free(tt->actual_name);
+ free(tt);
+}
+
+
+extern "C" int write_tun(struct tuntap *tt, uint8_t *buf, int len)
+{
+ PDBGV("tt->fd:%d buf:0x%p len: %d", tt->fd, buf, len);
+
+ if (len <= 0)
+ return -1;
+
+ switch (tt->type) {
+ case DEV_TYPE_TAP:
+ return tuntap_dev()->write(reinterpret_cast<char const*>(buf), len);
+ break;
+ case DEV_TYPE_TUN:
+ break;
+ }
+
+ return -1;
+}
+
+
+extern "C" int read_tun(struct tuntap *tt, uint8_t *buf, int len)
+{
+ PDBGV("tt->fd:%d buf:0x%p len: %d", tt->fd, buf, len);
+
+ if (len <= 0)
+ return -1;
+
+ {
+ /* read from fd to prevent select() from triggering more than once */
+ char tmp[1];
+ ::read(tt->fd, tmp, sizeof (tmp));
+ }
+
+ switch (tt->type) {
+ case DEV_TYPE_TAP:
+ return tuntap_dev()->read(reinterpret_cast<char*>(buf), len);
+ break;
+ case DEV_TYPE_TUN:
+ break;
+ }
+
+ return -1;
+}
+
+
+extern "C" void tuncfg(char const *dev, char const *dev_type,
+ char const *dev_node, int persist_mode,
+ char const *username, char const *groupname,
+ struct tuntap_options const *options)
+{
+ PDBGV("dev:'%s' dev_type:'%s' dev_node:'%s' persist_mode:%d"
+ "username:'%s' groupname:'%s' options:0x%p",
+ dev, dev_type, dev_node, persist_mode, username, groupname, options);
+}
+
+
+extern "C" char const *guess_tuntap_dev(char const *dev, char const *dev_type,
+ char const *dev_node, struct gc_arena *gc)
+{
+ return dev;
+}
+
+
+extern "C" struct tuntap *init_tun(char const *dev, char const *dev_type,
+ int topology, char const *ifconfig_local_parm,
+ char const *ifconfig_remote_netmask_parm,
+ char const *ifconfig_ipv6_local_parm,
+ int ifconfig_ipv6_netbits_parm,
+ char const *ifconfig_ipv6_remote_parm,
+ in_addr_t local_public, in_addr_t remote_public,
+ bool const strict_warn, struct env_set *es)
+{
+ PDBGV("dev:'%s' dev_type:'%s' topology:%d ifconfig_local_parm:'%s'"
+ "ifconfig_remote_netmask_parm:'%s' es:0x%p", dev, dev_type,
+ topology, ifconfig_local_parm, ifconfig_remote_netmask_parm, es);
+
+ struct tuntap *tt;
+
+ ALLOC_OBJ(tt, struct tuntap);
+ Genode::memset(tt, 0, sizeof (struct tuntap));
+
+ tt->fd = -1;
+ tt->ipv6 = false;
+ tt->type = dev_type_enum(dev, dev_type);
+ tt->topology = topology;
+
+ if (ifconfig_local_parm && ifconfig_remote_netmask_parm) {
+ bool tun = is_tun_p2p(tt);
+
+ tt->local = getaddr(GETADDR_RESOLVE | GETADDR_HOST_ORDER |
+ GETADDR_FATAL_ON_SIGNAL | GETADDR_FATAL,
+ ifconfig_local_parm, 0, NULL, NULL);
+
+ tt->remote_netmask = getaddr((tun ? GETADDR_RESOLVE : 0) |
+ GETADDR_HOST_ORDER | GETADDR_FATAL_ON_SIGNAL |
+ GETADDR_FATAL, ifconfig_remote_netmask_parm,
+ 0, NULL, NULL);
+
+ if (!tun) {
+ tt->broadcast = gen_broadcast_addr(tt->local, tt->remote_netmask);
+ }
+
+ tt->did_ifconfig_setup = true;
+ }
+
+ return tt;
+}
+
+
+extern "C" void init_tun_post(struct tuntap *tt, struct frame const *frame,
+ struct tuntap_options const *options)
+{
+ TRACE;
+}
+
+
+extern "C" void do_ifconfig(struct tuntap *tt, char const *actual_name,
+ int tun_mtu, struct env_set const *es)
+{
+ TRACE;
+
+ /**
+ * After OpenVPN has received a PUSH_REPLY it will configure
+ * the TUN/TAP device by calling this function. At this point
+ * it is save to actually announce the Nic_session. Therefore,
+ * we release the lock.
+ */
+ tuntap_dev()->up();
+}
+
+
+extern "C" bool is_dev_type(char const *dev, char const *dev_type,
+ char const *match_type)
+
+{
+ if (!dev)
+ return false;
+
+ if (dev_type)
+ return !Genode::strcmp(dev_type, match_type);
+ else
+ return !Genode::strcmp(dev, match_type, Genode::strlen(match_type));
+}
+
+
+extern "C" int dev_type_enum(char const *dev, char const *dev_type)
+{
+ if (is_dev_type(dev, dev_type, "tap"))
+ return DEV_TYPE_TAP;
+
+ if (is_dev_type(dev, dev_type, "tun"))
+ return DEV_TYPE_TUN;
+
+ if (is_dev_type(dev, dev_type, "null"))
+ return DEV_TYPE_NULL;
+
+ return DEV_TYPE_UNDEF;
+}
+
+
+extern "C" char const *dev_type_string(char const *dev, char const *dev_type)
+{
+ switch (dev_type_enum(dev, dev_type)) {
+ case DEV_TYPE_TAP:
+ return "tap";
+ case DEV_TYPE_TUN:
+ return "tun";
+ case DEV_TYPE_NULL:
+ return "null";
+ default:
+ return "[unknown-dev-type]";
+ }
+}
+
+
+extern "C" char const *ifconfig_options_string(struct tuntap const* tt,
+ bool remote, bool disable,
+ struct gc_arena *gc)
+{
+ TRACE;
+
+ return 0;
+}
+
+
+extern "C" bool is_tun_p2p(struct tuntap const *tt)
+{
+ bool tun = false;
+
+ if (tt->type == DEV_TYPE_TAP ||
+ (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
+ tun = false;
+ else if (tt->type == DEV_TYPE_TUN)
+ tun = true;
+ else
+ PERR("problem with tun vs. tap setting");
+
+ return tun;
+}
+
+
+extern "C" void check_subnet_conflict(const in_addr_t, const in_addr_t,
+ char const *) { TRACE; }
+
+
+extern "C" void warn_on_use_of_common_subnets(void) { TRACE; }
+
+
+extern "C" char const *tun_stat(struct tuntap const *tt, unsigned rwflags,
+ struct gc_arena *gc)
+{
+ struct buffer out = alloc_buf_gc(64, gc);
+ if (tt) {
+ if (rwflags & EVENT_READ) {
+ buf_printf(&out, "T%s", (tt->rwflags_debug & EVENT_READ) ? "R" : "r");
+ }
+ if (rwflags & EVENT_WRITE) {
+ buf_printf(&out, "T%s", (tt->rwflags_debug & EVENT_WRITE) ? "W" : "w");
+ }
+ }
+ else
+ buf_printf(&out, "T?");
+
+ return buf_str(&out);
+}
diff --git a/repos/ports/src/app/openvpn/tuntap.h b/repos/ports/src/app/openvpn/tuntap.h
new file mode 100644
index 0000000000..2c07f777d1
--- /dev/null
+++ b/repos/ports/src/app/openvpn/tuntap.h
@@ -0,0 +1,53 @@
+/**
+ * \brief TUN/TAP to Nic_session interface
+ * \author Josef Soentgen
+ * \date 2014-06-05
+ */
+
+/*
+ * Copyright (C) 2014 Genode Labs GmbH
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU General Public License version 2.
+ */
+
+
+#ifndef _TUNTAP_H_
+#define _TUNTAP_H_
+
+#include <base/stdint.h>
+
+
+/**
+ * This class handles the TUN/TAP access from OpenVPN's side
+ */
+
+struct Tuntap_device
+{
+ /**
+ * Read from TUN/TAP device
+ */
+ virtual int read(char *buf, Genode::size_t len) = 0;
+
+ /**
+ * Write to TUN/TAP device
+ */
+ virtual int write(char const *buf, Genode::size_t len) = 0;
+
+ /**
+ * Get file descriptor used to notify OpenVPN about incoming packets
+ */
+ virtual int fd() = 0;
+
+ /**
+ * Start-up lock up
+ */
+ virtual void up() = 0;
+
+ /**
+ * Start-up lock down
+ */
+ virtual void down() = 0;
+};
+
+#endif /* _TUNTAP_H_ */