OpenVPN
forward.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #include "forward.h"
33 #include "init.h"
34 #include "push.h"
35 #include "gremlin.h"
36 #include "mss.h"
37 #include "event.h"
38 #include "ps.h"
39 #include "dhcp.h"
40 #include "common.h"
41 #include "ssl_verify.h"
42 
43 #include "memdbg.h"
44 
45 #include "forward-inline.h"
46 #include "occ-inline.h"
47 #include "ping-inline.h"
48 #include "mstats.h"
49 
52 
53 /* show event wait debugging info */
54 
55 #ifdef ENABLE_DEBUG
56 
57 const char *
58 wait_status_string(struct context *c, struct gc_arena *gc)
59 {
60  struct buffer out = alloc_buf_gc(64, gc);
61  buf_printf(&out, "I/O WAIT %s|%s|%s|%s %s",
62  tun_stat(c->c1.tuntap, EVENT_READ, gc),
63  tun_stat(c->c1.tuntap, EVENT_WRITE, gc),
66  tv_string(&c->c2.timeval, gc));
67  return BSTR(&out);
68 }
69 
70 void
71 show_wait_status(struct context *c)
72 {
73  struct gc_arena gc = gc_new();
74  dmsg(D_EVENT_WAIT, "%s", wait_status_string(c, &gc));
75  gc_free(&gc);
76 }
77 
78 #endif /* ifdef ENABLE_DEBUG */
79 
80 /*
81  * In TLS mode, let TLS level respond to any control-channel
82  * packets which were received, or prepare any packets for
83  * transmission.
84  *
85  * tmp_int is purely an optimization that allows us to call
86  * tls_multi_process less frequently when there's not much
87  * traffic on the control-channel.
88  *
89  */
90 void
92 {
93  interval_t wakeup = BIG_TIMEOUT;
94 
95  if (interval_test(&c->c2.tmp_int))
96  {
97  const int tmp_status = tls_multi_process
98  (c->c2.tls_multi, &c->c2.to_link, &c->c2.to_link_addr,
99  get_link_socket_info(c), &wakeup);
100  if (tmp_status == TLSMP_ACTIVE)
101  {
102  update_time();
104  }
105  else if (tmp_status == TLSMP_KILL)
106  {
107  register_signal(c, SIGTERM, "auth-control-exit");
108  }
109 
110  interval_future_trigger(&c->c2.tmp_int, wakeup);
111  }
112 
113  interval_schedule_wakeup(&c->c2.tmp_int, &wakeup);
114 
115  if (wakeup)
116  {
117  context_reschedule_sec(c, wakeup);
118  }
119 }
120 
121 void
123 {
124  msg(D_STREAM_ERRORS, "Fatal TLS error (check_tls_errors_co), restarting");
125  register_signal(c, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */
126 }
127 
128 void
130 {
131  register_signal(c, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */
132 }
133 
134 #if P2MP
135 
136 /*
137  * Handle incoming configuration
138  * messages on the control channel.
139  */
140 void
142 {
143  const int len = tls_test_payload_len(c->c2.tls_multi);
144  if (len)
145  {
146  struct gc_arena gc = gc_new();
147  struct buffer buf = alloc_buf_gc(len, &gc);
148  if (tls_rec_payload(c->c2.tls_multi, &buf))
149  {
150  /* force null termination of message */
151  buf_null_terminate(&buf);
152 
153  /* enforce character class restrictions */
154  string_mod(BSTR(&buf), CC_PRINT, CC_CRLF, 0);
155 
156  if (buf_string_match_head_str(&buf, "AUTH_FAILED"))
157  {
158  receive_auth_failed(c, &buf);
159  }
160  else if (buf_string_match_head_str(&buf, "PUSH_"))
161  {
162  incoming_push_message(c, &buf);
163  }
164  else if (buf_string_match_head_str(&buf, "RESTART"))
165  {
166  server_pushed_signal(c, &buf, true, 7);
167  }
168  else if (buf_string_match_head_str(&buf, "HALT"))
169  {
170  server_pushed_signal(c, &buf, false, 4);
171  }
172  else
173  {
174  msg(D_PUSH_ERRORS, "WARNING: Received unknown control message: %s", BSTR(&buf));
175  }
176  }
177  else
178  {
179  msg(D_PUSH_ERRORS, "WARNING: Receive control message failed");
180  }
181 
182  gc_free(&gc);
183  }
184 }
185 
186 /*
187  * Periodically resend PUSH_REQUEST until PUSH message received
188  */
189 void
191 {
193 
194  /* if no response to first push_request, retry at PUSH_REQUEST_INTERVAL second intervals */
196 }
197 
198 #endif /* P2MP */
199 
200 /*
201  * Things that need to happen immediately after connection initiation should go here.
202  */
203 void
205 {
207  {
208  if (CONNECTION_ESTABLISHED(c))
209  {
210 #if P2MP
211  /* if --pull was specified, send a push request to server */
212  if (c->c2.tls_multi && c->options.pull)
213  {
214 #ifdef ENABLE_MANAGEMENT
215  if (management)
216  {
219  NULL,
220  NULL,
221  NULL,
222  NULL,
223  NULL);
224  }
225 #endif
226  /* fire up push request right away (already 1s delayed) */
229  }
230  else
231 #endif /* if P2MP */
232  {
233  do_up(c, false, 0);
234  }
235 
237  }
238  }
239 }
240 
241 /*
242  * Send a string to remote over the TLS control channel.
243  * Used for push/pull messages, passing username/password,
244  * etc.
245  */
246 bool
247 send_control_channel_string(struct context *c, const char *str, int msglevel)
248 {
249  if (c->c2.tls_multi)
250  {
251  struct gc_arena gc = gc_new();
252  bool stat;
253 
254  /* buffered cleartext write onto TLS control channel */
255  stat = tls_send_payload(c->c2.tls_multi, (uint8_t *) str, strlen(str) + 1);
256 
257  /*
258  * Reschedule tls_multi_process.
259  * NOTE: in multi-client mode, usually the below two statements are
260  * insufficient to reschedule the client instance object unless
261  * multi_schedule_context_wakeup(m, mi) is also called.
262  */
264  context_immediate_reschedule(c); /* ZERO-TIMEOUT */
265 
266  msg(msglevel, "SENT CONTROL [%s]: '%s' (status=%d)",
267  tls_common_name(c->c2.tls_multi, false),
268  sanitize_control_message(str, &gc),
269  (int) stat);
270 
271  gc_free(&gc);
272  return stat;
273  }
274  return true;
275 }
276 
277 /*
278  * Add routes.
279  */
280 
281 static void
282 check_add_routes_action(struct context *c, const bool errors)
283 {
285  c->c1.tuntap, c->plugins, c->c2.es);
286  update_time();
289  initialization_sequence_completed(c, errors ? ISC_ERRORS : 0); /* client/p2p --route-delay was defined */
290 }
291 
292 void
294 {
295  if (test_routes(c->c1.route_list, c->c1.tuntap))
296  {
297  check_add_routes_action(c, false);
298  }
300  {
301  check_add_routes_action(c, true);
302  }
303  else
304  {
305  msg(D_ROUTE, "Route: Waiting for TUN/TAP interface to come up...");
306  if (c->c1.tuntap)
307  {
308  if (!tun_standby(c->c1.tuntap))
309  {
310  register_signal(c, SIGHUP, "ip-fail");
312 #ifdef _WIN32
315 #endif
316  }
317  }
318  update_time();
319  if (c->c2.route_wakeup.n != 1)
320  {
322  }
324  }
325 }
326 
327 /*
328  * Should we exit due to inactivity timeout?
329  */
330 void
332 {
333  msg(M_INFO, "Inactivity timeout (--inactive), exiting");
334  register_signal(c, SIGTERM, "inactive");
335 }
336 
337 int
338 get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
339 {
340  update_time();
341  int remaining = event_timeout_remaining(server_poll_timeout);
342  return max_int(0, remaining);
343 }
344 #if P2MP
345 
346 void
348 {
350  ASSERT(c->c2.tls_multi);
352  {
353  msg(M_INFO, "Server poll timeout, restarting");
354  register_signal(c, SIGUSR1, "server_poll");
356  }
357 }
358 
359 /*
360  * Schedule a signal n_seconds from now.
361  */
362 void
363 schedule_exit(struct context *c, const int n_seconds, const int signal)
364 {
366  update_time();
368  event_timeout_init(&c->c2.scheduled_exit, n_seconds, now);
369  c->c2.scheduled_exit_signal = signal;
370  msg(D_SCHED_EXIT, "Delayed exit in %d seconds", n_seconds);
371 }
372 
373 /*
374  * Scheduled exit?
375  */
376 void
378 {
379  register_signal(c, c->c2.scheduled_exit_signal, "delayed-exit");
380 }
381 
382 #endif /* if P2MP */
383 
384 /*
385  * Should we write timer-triggered status file.
386  */
387 void
389 {
390  if (c->c1.status_output)
391  {
393  }
394 }
395 
396 #ifdef ENABLE_FRAGMENT
397 /*
398  * Should we deliver a datagram fragment to remote?
399  */
400 void
402 {
403  struct link_socket_info *lsi = get_link_socket_info(c);
404 
405  /* OS MTU Hint? */
406  if (lsi->mtu_changed)
407  {
409  c->options.ce.proto);
410  lsi->mtu_changed = false;
411  }
412 
414  {
415  if (!c->c2.to_link.len)
416  {
417  /* encrypt a fragment for output to TCP/UDP port */
419  encrypt_sign(c, false);
420  }
421  }
422 
424 }
425 #endif /* ifdef ENABLE_FRAGMENT */
426 
427 /*
428  * Buffer reallocation, for use with null encryption.
429  */
430 static inline void
431 buffer_turnover(const uint8_t *orig_buf, struct buffer *dest_stub, struct buffer *src_stub, struct buffer *storage)
432 {
433  if (orig_buf == src_stub->data && src_stub->data != storage->data)
434  {
435  buf_assign(storage, src_stub);
436  *dest_stub = *storage;
437  }
438  else
439  {
440  *dest_stub = *src_stub;
441  }
442 }
443 
444 /*
445  * Compress, fragment, encrypt and HMAC-sign an outgoing packet.
446  * Input: c->c2.buf
447  * Output: c->c2.to_link
448  */
449 void
450 encrypt_sign(struct context *c, bool comp_frag)
451 {
452  struct context_buffers *b = c->c2.buffers;
453  const uint8_t *orig_buf = c->c2.buf.data;
454  struct crypto_options *co = NULL;
455 
456 #if P2MP_SERVER
457  /*
458  * Drop non-TLS outgoing packet if client-connect script/plugin
459  * has not yet succeeded.
460  */
461  if (c->c2.context_auth != CAS_SUCCEEDED)
462  {
463  c->c2.buf.len = 0;
464  }
465 #endif
466 
467  if (comp_frag)
468  {
469 #ifdef USE_COMP
470  /* Compress the packet. */
471  if (c->c2.comp_context)
472  {
473  (*c->c2.comp_context->alg.compress)(&c->c2.buf, b->compress_buf, c->c2.comp_context, &c->c2.frame);
474  }
475 #endif
476 #ifdef ENABLE_FRAGMENT
477  if (c->c2.fragment)
478  {
480  }
481 #endif
482  }
483 
484  /* initialize work buffer with FRAME_HEADROOM bytes of prepend capacity */
486 
487  if (c->c2.tls_multi)
488  {
489  /* Get the key we will use to encrypt the packet. */
490  tls_pre_encrypt(c->c2.tls_multi, &c->c2.buf, &co);
491  /* If using P_DATA_V2, prepend the 1-byte opcode and 3-byte peer-id to the
492  * packet before openvpn_encrypt(), so we can authenticate the opcode too.
493  */
494  if (c->c2.buf.len > 0 && c->c2.tls_multi->use_peer_id)
495  {
497  }
498  }
499  else
500  {
501  co = &c->c2.crypto_options;
502  }
503 
504  /* Encrypt and authenticate the packet */
505  openvpn_encrypt(&c->c2.buf, b->encrypt_buf, co);
506 
507  /* Do packet administration */
508  if (c->c2.tls_multi)
509  {
510  if (c->c2.buf.len > 0 && !c->c2.tls_multi->use_peer_id)
511  {
513  }
515  }
516 
517  /*
518  * Get the address we will be sending the packet to.
519  */
521  &c->c2.to_link_addr);
522 
523  /* if null encryption, copy result to read_tun_buf */
524  buffer_turnover(orig_buf, &c->c2.to_link, &c->c2.buf, &b->read_tun_buf);
525 }
526 
527 /*
528  * Coarse timers work to 1 second resolution.
529  */
530 static void
532 {
533  /* flush current packet-id to file once per 60
534  * seconds if --replay-persist was specified */
536 
537  /* should we update status file? */
539 
540  /* process connection establishment items */
542 
543 #if P2MP
544  /* see if we should send a push_request in response to --pull */
546 #endif
547 
548 #ifdef PLUGIN_PF
549  pf_check_reload(c);
550 #endif
551 
552  /* process --route options */
553  check_add_routes(c);
554 
555  /* possibly exit due to --inactive */
557  if (c->sig->signal_received)
558  {
559  return;
560  }
561 
562  /* restart if ping not received */
564  if (c->sig->signal_received)
565  {
566  return;
567  }
568 
569 #if P2MP
570  if (c->c2.tls_multi)
571  {
573  if (c->sig->signal_received)
574  {
575  return;
576  }
577 
579  if (c->sig->signal_received)
580  {
581  return;
582  }
583  }
584 #endif
585 
586 #ifdef ENABLE_OCC
587  /* Should we send an OCC_REQUEST message? */
589 
590  /* Should we send an MTU load test? */
592 
593  /* Should we send an OCC_EXIT message to remote? */
595  {
597  }
598 #endif
599 
600  /* Should we ping the remote? */
601  check_ping_send(c);
602 }
603 
604 static void
606 {
607  const struct timeval save = c->c2.timeval;
608  c->c2.timeval.tv_sec = BIG_TIMEOUT;
609  c->c2.timeval.tv_usec = 0;
611  c->c2.coarse_timer_wakeup = now + c->c2.timeval.tv_sec;
612 
613  dmsg(D_INTERVAL, "TIMER: coarse timer wakeup %"PRIi64" seconds", (int64_t)c->c2.timeval.tv_sec);
614 
615  /* Is the coarse timeout NOT the earliest one? */
616  if (c->c2.timeval.tv_sec > save.tv_sec)
617  {
618  c->c2.timeval = save;
619  }
620 }
621 
622 static inline void
624 {
625  const time_t local_now = now;
626  if (local_now >= c->c2.coarse_timer_wakeup)
627  {
629  }
630  else
631  {
632  context_reschedule_sec(c, c->c2.coarse_timer_wakeup - local_now);
633  }
634 }
635 
636 static void
638 {
639  const int update_interval = 10; /* seconds */
640  c->c2.update_timeout_random_component = now + update_interval;
641  c->c2.timeout_random_component.tv_usec = (time_t) get_random() & 0x0003FFFF;
642  c->c2.timeout_random_component.tv_sec = 0;
643 
644  dmsg(D_INTERVAL, "RANDOM USEC=%ld", (long) c->c2.timeout_random_component.tv_usec);
645 }
646 
647 static inline void
649 {
651  {
653  }
654  if (c->c2.timeval.tv_sec >= 1)
655  {
657  }
658 }
659 
660 /*
661  * Handle addition and removal of the 10-byte Socks5 header
662  * in UDP packets.
663  */
664 
665 static inline void
667 {
669  {
671  }
672 }
673 
674 static inline void
676  struct link_socket_actual **to_addr,
677  int *size_delta)
678 {
680  {
681  *size_delta += socks_process_outgoing_udp(&c->c2.to_link, c->c2.to_link_addr);
682  *to_addr = &c->c2.link_socket->socks_relay;
683  }
684 }
685 
686 /* undo effect of socks_preprocess_outgoing_link */
687 static inline void
689  int size_delta,
690  struct buffer *buf)
691 {
692  if (size_delta > 0 && *size > size_delta)
693  {
694  *size -= size_delta;
695  if (!buf_advance(buf, size_delta))
696  {
697  *size = 0;
698  }
699  }
700 }
701 
702 /*
703  * Output: c->c2.buf
704  */
705 
706 void
708 {
709  /*
710  * Set up for recvfrom call to read datagram
711  * sent to our TCP/UDP port.
712  */
713  int status;
714 
715  /*ASSERT (!c->c2.to_tun.len);*/
716 
718 
719  c->c2.buf = c->c2.buffers->read_link_buf;
721 
722  status = link_socket_read(c->c2.link_socket,
723  &c->c2.buf,
724  &c->c2.from);
725 
726  if (socket_connection_reset(c->c2.link_socket, status))
727  {
728 #if PORT_SHARE
729  if (port_share && socket_foreign_protocol_detected(c->c2.link_socket))
730  {
731  const struct buffer *fbuf = socket_foreign_protocol_head(c->c2.link_socket);
732  const int sd = socket_foreign_protocol_sd(c->c2.link_socket);
733  port_share_redirect(port_share, fbuf, sd);
734  register_signal(c, SIGTERM, "port-share-redirect");
735  }
736  else
737 #endif
738  {
739  /* received a disconnect from a connection-oriented protocol */
740  if (c->options.inetd)
741  {
742  register_signal(c, SIGTERM, "connection-reset-inetd");
743  msg(D_STREAM_ERRORS, "Connection reset, inetd/xinetd exit [%d]", status);
744  }
745  else
746  {
747 #ifdef ENABLE_OCC
749  {
750  msg(D_STREAM_ERRORS, "Connection reset during exit notification period, ignoring [%d]", status);
751  management_sleep(1);
752  }
753  else
754 #endif
755  {
756  register_signal(c, SIGUSR1, "connection-reset"); /* SOFT-SIGUSR1 -- TCP connection reset */
757  msg(D_STREAM_ERRORS, "Connection reset, restarting [%d]", status);
758  }
759  }
760  }
761  perf_pop();
762  return;
763  }
764 
765  /* check recvfrom status */
766  check_status(status, "read", c->c2.link_socket, NULL);
767 
768  /* Remove socks header if applicable */
770 
771  perf_pop();
772 }
773 
774 bool
775 process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated)
776 {
777  struct gc_arena gc = gc_new();
778  bool decrypt_status = false;
779 
780  if (c->c2.buf.len > 0)
781  {
782  c->c2.link_read_bytes += c->c2.buf.len;
784 #ifdef ENABLE_MEMSTATS
785  if (mmap_stats)
786  {
787  mmap_stats->link_read_bytes = link_read_bytes_global;
788  }
789 #endif
790  c->c2.original_recv_size = c->c2.buf.len;
791 #ifdef ENABLE_MANAGEMENT
792  if (management)
793  {
795 #ifdef MANAGEMENT_DEF_AUTH
796  management_bytes_server(management, &c->c2.link_read_bytes, &c->c2.link_write_bytes, &c->c2.mda_context);
797 #endif
798  }
799 #endif
800  }
801  else
802  {
803  c->c2.original_recv_size = 0;
804  }
805 
806 #ifdef ENABLE_DEBUG
807  /* take action to corrupt packet if we are in gremlin test mode */
808  if (c->options.gremlin)
809  {
810  if (!ask_gremlin(c->options.gremlin))
811  {
812  c->c2.buf.len = 0;
813  }
814  corrupt_gremlin(&c->c2.buf, c->options.gremlin);
815  }
816 #endif
817 
818  /* log incoming packet */
819 #ifdef LOG_RW
820  if (c->c2.log_rw && c->c2.buf.len > 0)
821  {
822  fprintf(stderr, "R");
823  }
824 #endif
825  msg(D_LINK_RW, "%s READ [%d] from %s: %s",
826  proto2ascii(lsi->proto, lsi->af, true),
827  BLEN(&c->c2.buf),
828  print_link_socket_actual(&c->c2.from, &gc),
829  PROTO_DUMP(&c->c2.buf, &gc));
830 
831  /*
832  * Good, non-zero length packet received.
833  * Commence multi-stage processing of packet,
834  * such as authenticate, decrypt, decompress.
835  * If any stage fails, it sets buf.len to 0 or -1,
836  * telling downstream stages to ignore the packet.
837  */
838  if (c->c2.buf.len > 0)
839  {
840  struct crypto_options *co = NULL;
841  const uint8_t *ad_start = NULL;
842  if (!link_socket_verify_incoming_addr(&c->c2.buf, lsi, &c->c2.from))
843  {
844  link_socket_bad_incoming_addr(&c->c2.buf, lsi, &c->c2.from);
845  }
846 
847  if (c->c2.tls_multi)
848  {
849  /*
850  * If tls_pre_decrypt returns true, it means the incoming
851  * packet was a good TLS control channel packet. If so, TLS code
852  * will deal with the packet and set buf.len to 0 so downstream
853  * stages ignore it.
854  *
855  * If the packet is a data channel packet, tls_pre_decrypt
856  * will load crypto_options with the correct encryption key
857  * and return false.
858  */
859  uint8_t opcode = *BPTR(&c->c2.buf) >> P_OPCODE_SHIFT;
860  if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co,
861  floated, &ad_start))
862  {
863  /* Restore pre-NCP frame parameters */
864  if (is_hard_reset(opcode, c->options.key_method))
865  {
866  c->c2.frame = c->c2.frame_initial;
867  }
868 
870 
871  /* reset packet received timer if TLS packet */
872  if (c->options.ping_rec_timeout)
873  {
875  }
876  }
877  }
878  else
879  {
880  co = &c->c2.crypto_options;
881  }
882 #if P2MP_SERVER
883  /*
884  * Drop non-TLS packet if client-connect script/plugin has not
885  * yet succeeded.
886  */
887  if (c->c2.context_auth != CAS_SUCCEEDED)
888  {
889  c->c2.buf.len = 0;
890  }
891 #endif
892 
893  /* authenticate and decrypt the incoming packet */
894  decrypt_status = openvpn_decrypt(&c->c2.buf, c->c2.buffers->decrypt_buf,
895  co, &c->c2.frame, ad_start);
896 
897  if (!decrypt_status && link_socket_connection_oriented(c->c2.link_socket))
898  {
899  /* decryption errors are fatal in TCP mode */
900  register_signal(c, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */
901  msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting");
902  }
903  }
904  else
905  {
906  buf_reset(&c->c2.to_tun);
907  }
908  gc_free(&gc);
909 
910  return decrypt_status;
911 }
912 
913 void
914 process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf)
915 {
916  if (c->c2.buf.len > 0)
917  {
918 #ifdef ENABLE_FRAGMENT
919  if (c->c2.fragment)
920  {
922  }
923 #endif
924 
925 #ifdef USE_COMP
926  /* decompress the incoming packet */
927  if (c->c2.comp_context)
928  {
929  (*c->c2.comp_context->alg.decompress)(&c->c2.buf, c->c2.buffers->decompress_buf, c->c2.comp_context, &c->c2.frame);
930  }
931 #endif
932 
933 #ifdef PACKET_TRUNCATION_CHECK
934  /* if (c->c2.buf.len > 1) --c->c2.buf.len; */
935  ipv4_packet_size_verify(BPTR(&c->c2.buf),
936  BLEN(&c->c2.buf),
937  TUNNEL_TYPE(c->c1.tuntap),
938  "POST_DECRYPT",
939  &c->c2.n_trunc_post_decrypt);
940 #endif
941 
942  /*
943  * Set our "official" outgoing address, since
944  * if buf.len is non-zero, we know the packet
945  * authenticated. In TLS mode we do nothing
946  * because TLS mode takes care of source address
947  * authentication.
948  *
949  * Also, update the persisted version of our packet-id.
950  */
951  if (!TLS_MODE(c))
952  {
953  link_socket_set_outgoing_addr(&c->c2.buf, lsi, &c->c2.from, NULL, c->c2.es);
954  }
955 
956  /* reset packet received timer */
957  if (c->options.ping_rec_timeout && c->c2.buf.len > 0)
958  {
960  }
961 
962  /* increment authenticated receive byte count */
963  if (c->c2.buf.len > 0)
964  {
965  c->c2.link_read_bytes_auth += c->c2.buf.len;
967  }
968 
969  /* Did we just receive an openvpn ping packet? */
970  if (is_ping_msg(&c->c2.buf))
971  {
972  dmsg(D_PING, "RECEIVED PING PACKET");
973  c->c2.buf.len = 0; /* drop packet */
974  }
975 
976 #ifdef ENABLE_OCC
977  /* Did we just receive an OCC packet? */
978  if (is_occ_msg(&c->c2.buf))
979  {
981  }
982 #endif
983 
984  buffer_turnover(orig_buf, &c->c2.to_tun, &c->c2.buf, &c->c2.buffers->read_link_buf);
985 
986  /* to_tun defined + unopened tuntap can cause deadlock */
987  if (!tuntap_defined(c->c1.tuntap))
988  {
989  c->c2.to_tun.len = 0;
990  }
991  }
992  else
993  {
994  buf_reset(&c->c2.to_tun);
995  }
996 }
997 
998 static void
1000 {
1002 
1003  struct link_socket_info *lsi = get_link_socket_info(c);
1004  const uint8_t *orig_buf = c->c2.buf.data;
1005 
1006  process_incoming_link_part1(c, lsi, false);
1007  process_incoming_link_part2(c, lsi, orig_buf);
1008 
1009  perf_pop();
1010 }
1011 
1012 /*
1013  * Output: c->c2.buf
1014  */
1015 
1016 void
1018 {
1019  /*
1020  * Setup for read() call on TUN/TAP device.
1021  */
1022  /*ASSERT (!c->c2.to_link.len);*/
1023 
1025 
1026  c->c2.buf = c->c2.buffers->read_tun_buf;
1027 #ifdef TUN_PASS_BUFFER
1029 #else
1030  ASSERT(buf_init(&c->c2.buf, FRAME_HEADROOM(&c->c2.frame)));
1032  c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(&c->c2.buf), MAX_RW_SIZE_TUN(&c->c2.frame));
1033 #endif
1034 
1035 #ifdef PACKET_TRUNCATION_CHECK
1036  ipv4_packet_size_verify(BPTR(&c->c2.buf),
1037  BLEN(&c->c2.buf),
1038  TUNNEL_TYPE(c->c1.tuntap),
1039  "READ_TUN",
1040  &c->c2.n_trunc_tun_read);
1041 #endif
1042 
1043  /* Was TUN/TAP interface stopped? */
1044  if (tuntap_stop(c->c2.buf.len))
1045  {
1046  register_signal(c, SIGTERM, "tun-stop");
1047  msg(M_INFO, "TUN/TAP interface has been stopped, exiting");
1048  perf_pop();
1049  return;
1050  }
1051 
1052  /* Was TUN/TAP I/O operation aborted? */
1053  if (tuntap_abort(c->c2.buf.len))
1054  {
1055  register_signal(c, SIGHUP, "tun-abort");
1057  msg(M_INFO, "TUN/TAP I/O operation aborted, restarting");
1058  perf_pop();
1059  return;
1060  }
1061 
1062  /* Check the status return from read() */
1063  check_status(c->c2.buf.len, "read from TUN/TAP", NULL, c->c1.tuntap);
1064 
1065  perf_pop();
1066 }
1067 
1076 static void
1078 {
1079  bool drop = false;
1080  struct openvpn_sockaddr tun_sa;
1081  int ip_hdr_offset = 0;
1082 
1083  if (c->c2.to_link_addr == NULL) /* no remote addr known */
1084  {
1085  return;
1086  }
1087 
1088  tun_sa = c->c2.to_link_addr->dest;
1089 
1090  int proto_ver = get_tun_ip_ver(TUNNEL_TYPE(c->c1.tuntap), &c->c2.buf, &ip_hdr_offset);
1091 
1092  if (proto_ver == 4)
1093  {
1094  const struct openvpn_iphdr *pip;
1095 
1096  /* make sure we got whole IP header */
1097  if (BLEN(buf) < ((int) sizeof(struct openvpn_iphdr) + ip_hdr_offset))
1098  {
1099  return;
1100  }
1101 
1102  /* skip ipv4 packets for ipv6 tun */
1103  if (tun_sa.addr.sa.sa_family != AF_INET)
1104  {
1105  return;
1106  }
1107 
1108  pip = (struct openvpn_iphdr *) (BPTR(buf) + ip_hdr_offset);
1109 
1110  /* drop packets with same dest addr as gateway */
1111  if (tun_sa.addr.in4.sin_addr.s_addr == pip->daddr)
1112  {
1113  drop = true;
1114  }
1115  }
1116  else if (proto_ver == 6)
1117  {
1118  const struct openvpn_ipv6hdr *pip6;
1119 
1120  /* make sure we got whole IPv6 header */
1121  if (BLEN(buf) < ((int) sizeof(struct openvpn_ipv6hdr) + ip_hdr_offset))
1122  {
1123  return;
1124  }
1125 
1126  /* skip ipv6 packets for ipv4 tun */
1127  if (tun_sa.addr.sa.sa_family != AF_INET6)
1128  {
1129  return;
1130  }
1131 
1132  /* drop packets with same dest addr as gateway */
1133  pip6 = (struct openvpn_ipv6hdr *) (BPTR(buf) + ip_hdr_offset);
1134  if (IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6->daddr))
1135  {
1136  drop = true;
1137  }
1138  }
1139 
1140  if (drop)
1141  {
1142  struct gc_arena gc = gc_new();
1143 
1144  c->c2.buf.len = 0;
1145 
1146  msg(D_LOW, "Recursive routing detected, drop tun packet to %s",
1148  gc_free(&gc);
1149  }
1150 }
1151 
1152 /*
1153  * Input: c->c2.buf
1154  * Output: c->c2.to_link
1155  */
1156 
1157 void
1159 {
1160  struct gc_arena gc = gc_new();
1161 
1163 
1164  if (c->c2.buf.len > 0)
1165  {
1166  c->c2.tun_read_bytes += c->c2.buf.len;
1167  }
1168 
1169 #ifdef LOG_RW
1170  if (c->c2.log_rw && c->c2.buf.len > 0)
1171  {
1172  fprintf(stderr, "r");
1173  }
1174 #endif
1175 
1176  /* Show packet content */
1177  dmsg(D_TUN_RW, "TUN READ [%d]", BLEN(&c->c2.buf));
1178 
1179  if (c->c2.buf.len > 0)
1180  {
1182  {
1184  }
1185  /*
1186  * The --passtos and --mssfix options require
1187  * us to examine the IP header (IPv4 or IPv6).
1188  */
1190 
1191 #ifdef PACKET_TRUNCATION_CHECK
1192  /* if (c->c2.buf.len > 1) --c->c2.buf.len; */
1193  ipv4_packet_size_verify(BPTR(&c->c2.buf),
1194  BLEN(&c->c2.buf),
1195  TUNNEL_TYPE(c->c1.tuntap),
1196  "PRE_ENCRYPT",
1197  &c->c2.n_trunc_pre_encrypt);
1198 #endif
1199 
1200  encrypt_sign(c, true);
1201  }
1202  else
1203  {
1204  buf_reset(&c->c2.to_link);
1205  }
1206  perf_pop();
1207  gc_free(&gc);
1208 }
1209 
1210 void
1211 process_ip_header(struct context *c, unsigned int flags, struct buffer *buf)
1212 {
1213  if (!c->options.ce.mssfix)
1214  {
1215  flags &= ~PIP_MSSFIX;
1216  }
1217 #if PASSTOS_CAPABILITY
1218  if (!c->options.passtos)
1219  {
1220  flags &= ~PIPV4_PASSTOS;
1221  }
1222 #endif
1223  if (!c->options.client_nat)
1224  {
1225  flags &= ~PIPV4_CLIENT_NAT;
1226  }
1228  {
1229  flags &= ~PIPV4_EXTRACT_DHCP_ROUTER;
1230  }
1231 
1232  if (buf->len > 0)
1233  {
1234  /*
1235  * The --passtos and --mssfix options require
1236  * us to examine the IPv4 header.
1237  */
1238 
1239  if (flags & (PIP_MSSFIX
1241  | PIPV4_PASSTOS
1242 #endif
1244  ))
1245  {
1246  struct buffer ipbuf = *buf;
1247  if (is_ipv4(TUNNEL_TYPE(c->c1.tuntap), &ipbuf))
1248  {
1249 #if PASSTOS_CAPABILITY
1250  /* extract TOS from IP header */
1251  if (flags & PIPV4_PASSTOS)
1252  {
1253  link_socket_extract_tos(c->c2.link_socket, &ipbuf);
1254  }
1255 #endif
1256 
1257  /* possibly alter the TCP MSS */
1258  if (flags & PIP_MSSFIX)
1259  {
1261  }
1262 
1263  /* possibly do NAT on packet */
1264  if ((flags & PIPV4_CLIENT_NAT) && c->options.client_nat)
1265  {
1266  const int direction = (flags & PIPV4_OUTGOING) ? CN_INCOMING : CN_OUTGOING;
1267  client_nat_transform(c->options.client_nat, &ipbuf, direction);
1268  }
1269  /* possibly extract a DHCP router message */
1270  if (flags & PIPV4_EXTRACT_DHCP_ROUTER)
1271  {
1272  const in_addr_t dhcp_router = dhcp_extract_router_msg(&ipbuf);
1273  if (dhcp_router)
1274  {
1275  route_list_add_vpn_gateway(c->c1.route_list, c->c2.es, dhcp_router);
1276  }
1277  }
1278  }
1279  else if (is_ipv6(TUNNEL_TYPE(c->c1.tuntap), &ipbuf))
1280  {
1281  /* possibly alter the TCP MSS */
1282  if (flags & PIP_MSSFIX)
1283  {
1285  }
1286  }
1287  }
1288  }
1289 }
1290 
1291 /*
1292  * Input: c->c2.to_link
1293  */
1294 
1295 void
1297 {
1298  struct gc_arena gc = gc_new();
1299  int error_code = 0;
1300 
1302 
1303  if (c->c2.to_link.len > 0 && c->c2.to_link.len <= EXPANDED_SIZE(&c->c2.frame))
1304  {
1305  /*
1306  * Setup for call to send/sendto which will send
1307  * packet to remote over the TCP/UDP port.
1308  */
1309  int size = 0;
1311 
1312 #ifdef ENABLE_DEBUG
1313  /* In gremlin-test mode, we may choose to drop this packet */
1314  if (!c->options.gremlin || ask_gremlin(c->options.gremlin))
1315 #endif
1316  {
1317  /*
1318  * Let the traffic shaper know how many bytes
1319  * we wrote.
1320  */
1321 #ifdef ENABLE_FEATURE_SHAPER
1322  if (c->options.shaper)
1323  {
1324  shaper_wrote_bytes(&c->c2.shaper, BLEN(&c->c2.to_link)
1326  }
1327 #endif
1328  /*
1329  * Let the pinger know that we sent a packet.
1330  */
1331  if (c->options.ping_send_timeout)
1332  {
1334  }
1335 
1336 #if PASSTOS_CAPABILITY
1337  /* Set TOS */
1338  link_socket_set_tos(c->c2.link_socket);
1339 #endif
1340 
1341  /* Log packet send */
1342 #ifdef LOG_RW
1343  if (c->c2.log_rw)
1344  {
1345  fprintf(stderr, "W");
1346  }
1347 #endif
1348  msg(D_LINK_RW, "%s WRITE [%d] to %s: %s",
1350  BLEN(&c->c2.to_link),
1352  PROTO_DUMP(&c->c2.to_link, &gc));
1353 
1354  /* Packet send complexified by possible Socks5 usage */
1355  {
1356  struct link_socket_actual *to_addr = c->c2.to_link_addr;
1357  int size_delta = 0;
1358 
1359  /* If Socks5 over UDP, prepend header */
1360  socks_preprocess_outgoing_link(c, &to_addr, &size_delta);
1361 
1362  /* Send packet */
1363  size = link_socket_write(c->c2.link_socket,
1364  &c->c2.to_link,
1365  to_addr);
1366 
1367  /* Undo effect of prepend */
1368  link_socket_write_post_size_adjust(&size, size_delta, &c->c2.to_link);
1369  }
1370 
1371  if (size > 0)
1372  {
1374  c->c2.link_write_bytes += size;
1375  link_write_bytes_global += size;
1376 #ifdef ENABLE_MEMSTATS
1377  if (mmap_stats)
1378  {
1379  mmap_stats->link_write_bytes = link_write_bytes_global;
1380  }
1381 #endif
1382 #ifdef ENABLE_MANAGEMENT
1383  if (management)
1384  {
1386 #ifdef MANAGEMENT_DEF_AUTH
1387  management_bytes_server(management, &c->c2.link_read_bytes, &c->c2.link_write_bytes, &c->c2.mda_context);
1388 #endif
1389  }
1390 #endif
1391  }
1392  }
1393 
1394  /* Check return status */
1395  error_code = openvpn_errno();
1396  check_status(size, "write", c->c2.link_socket, NULL);
1397 
1398  if (size > 0)
1399  {
1400  /* Did we write a different size packet than we intended? */
1401  if (size != BLEN(&c->c2.to_link))
1402  {
1404  "TCP/UDP packet was truncated/expanded on write to %s (tried=%d,actual=%d)",
1406  BLEN(&c->c2.to_link),
1407  size);
1408  }
1409  }
1410 
1411  /* if not a ping/control message, indicate activity regarding --inactive parameter */
1412  if (c->c2.buf.len > 0)
1413  {
1414  register_activity(c, size);
1415  }
1416 
1417  /* for unreachable network and "connecting" state switch to the next host */
1418  if (size < 0 && ENETUNREACH == error_code && c->c2.tls_multi
1420  {
1421  msg(M_INFO, "Network unreachable, restarting");
1422  register_signal(c, SIGUSR1, "network-unreachable");
1423  }
1424  }
1425  else
1426  {
1427  if (c->c2.to_link.len > 0)
1428  {
1429  msg(D_LINK_ERRORS, "TCP/UDP packet too large on write to %s (tried=%d,max=%d)",
1431  c->c2.to_link.len,
1432  EXPANDED_SIZE(&c->c2.frame));
1433  }
1434  }
1435 
1436  buf_reset(&c->c2.to_link);
1437 
1438  perf_pop();
1439  gc_free(&gc);
1440 }
1441 
1442 /*
1443  * Input: c->c2.to_tun
1444  */
1445 
1446 void
1448 {
1449  struct gc_arena gc = gc_new();
1450 
1451  /*
1452  * Set up for write() call to TUN/TAP
1453  * device.
1454  */
1455  if (c->c2.to_tun.len <= 0)
1456  {
1457  return;
1458  }
1459 
1461 
1462  /*
1463  * The --mssfix option requires
1464  * us to examine the IP header (IPv4 or IPv6).
1465  */
1467 
1468  if (c->c2.to_tun.len <= MAX_RW_SIZE_TUN(&c->c2.frame))
1469  {
1470  /*
1471  * Write to TUN/TAP device.
1472  */
1473  int size;
1474 
1475 #ifdef LOG_RW
1476  if (c->c2.log_rw)
1477  {
1478  fprintf(stderr, "w");
1479  }
1480 #endif
1481  dmsg(D_TUN_RW, "TUN WRITE [%d]", BLEN(&c->c2.to_tun));
1482 
1483 #ifdef PACKET_TRUNCATION_CHECK
1484  ipv4_packet_size_verify(BPTR(&c->c2.to_tun),
1485  BLEN(&c->c2.to_tun),
1486  TUNNEL_TYPE(c->c1.tuntap),
1487  "WRITE_TUN",
1488  &c->c2.n_trunc_tun_write);
1489 #endif
1490 
1491 #ifdef TUN_PASS_BUFFER
1492  size = write_tun_buffered(c->c1.tuntap, &c->c2.to_tun);
1493 #else
1494  size = write_tun(c->c1.tuntap, BPTR(&c->c2.to_tun), BLEN(&c->c2.to_tun));
1495 #endif
1496 
1497  if (size > 0)
1498  {
1499  c->c2.tun_write_bytes += size;
1500  }
1501  check_status(size, "write to TUN/TAP", NULL, c->c1.tuntap);
1502 
1503  /* check written packet size */
1504  if (size > 0)
1505  {
1506  /* Did we write a different size packet than we intended? */
1507  if (size != BLEN(&c->c2.to_tun))
1508  {
1510  "TUN/TAP packet was destructively fragmented on write to %s (tried=%d,actual=%d)",
1511  c->c1.tuntap->actual_name,
1512  BLEN(&c->c2.to_tun),
1513  size);
1514  }
1515 
1516  /* indicate activity regarding --inactive parameter */
1517  register_activity(c, size);
1518  }
1519  }
1520  else
1521  {
1522  /*
1523  * This should never happen, probably indicates some kind
1524  * of MTU mismatch.
1525  */
1526  msg(D_LINK_ERRORS, "tun packet too large on write (tried=%d,max=%d)",
1527  c->c2.to_tun.len,
1528  MAX_RW_SIZE_TUN(&c->c2.frame));
1529  }
1530 
1531  buf_reset(&c->c2.to_tun);
1532 
1533  perf_pop();
1534  gc_free(&gc);
1535 }
1536 
1537 void
1539 {
1540  /* make sure current time (now) is updated on function entry */
1541 
1542  /*
1543  * Start with an effectively infinite timeout, then let it
1544  * reduce to a timeout that reflects the component which
1545  * needs the earliest service.
1546  */
1547  c->c2.timeval.tv_sec = BIG_TIMEOUT;
1548  c->c2.timeval.tv_usec = 0;
1549 
1550 #if defined(_WIN32)
1552  {
1553  c->c2.timeval.tv_sec = 1;
1554  if (tuntap_defined(c->c1.tuntap))
1555  {
1556  tun_show_debug(c->c1.tuntap);
1557  }
1558  }
1559 #endif
1560 
1561  /* check coarse timers? */
1563  if (c->sig->signal_received)
1564  {
1565  return;
1566  }
1567 
1568  /* Does TLS need service? */
1569  check_tls(c);
1570 
1571  /* In certain cases, TLS errors will require a restart */
1572  check_tls_errors(c);
1573  if (c->sig->signal_received)
1574  {
1575  return;
1576  }
1577 
1578  /* check for incoming configuration info on the control channel */
1580 
1581 #ifdef ENABLE_OCC
1582  /* Should we send an OCC message? */
1583  check_send_occ_msg(c);
1584 #endif
1585 
1586 #ifdef ENABLE_FRAGMENT
1587  /* Should we deliver a datagram fragment to remote? */
1588  check_fragment(c);
1589 #endif
1590 
1591  /* Update random component of timeout */
1593 }
1594 
1595 /*
1596  * Wait for I/O events. Used for both TCP & UDP sockets
1597  * in point-to-point mode and for UDP sockets in
1598  * point-to-multipoint mode.
1599  */
1600 
1601 void
1602 io_wait_dowork(struct context *c, const unsigned int flags)
1603 {
1604  unsigned int socket = 0;
1605  unsigned int tuntap = 0;
1606  struct event_set_return esr[4];
1607 
1608  /* These shifts all depend on EVENT_READ and EVENT_WRITE */
1609  static int socket_shift = 0; /* depends on SOCKET_READ and SOCKET_WRITE */
1610  static int tun_shift = 2; /* depends on TUN_READ and TUN_WRITE */
1611  static int err_shift = 4; /* depends on ES_ERROR */
1612 #ifdef ENABLE_MANAGEMENT
1613  static int management_shift = 6; /* depends on MANAGEMENT_READ and MANAGEMENT_WRITE */
1614 #endif
1615 #ifdef ENABLE_ASYNC_PUSH
1616  static int file_shift = 8; /* listening inotify events */
1617 #endif
1618 
1619  /*
1620  * Decide what kind of events we want to wait for.
1621  */
1622  event_reset(c->c2.event_set);
1623 
1624  /*
1625  * On win32 we use the keyboard or an event object as a source
1626  * of asynchronous signals.
1627  */
1628  if (flags & IOW_WAIT_SIGNAL)
1629  {
1630  wait_signal(c->c2.event_set, (void *)&err_shift);
1631  }
1632 
1633  /*
1634  * If outgoing data (for TCP/UDP port) pending, wait for ready-to-send
1635  * status from TCP/UDP port. Otherwise, wait for incoming data on
1636  * TUN/TAP device.
1637  */
1638  if (flags & IOW_TO_LINK)
1639  {
1640  if (flags & IOW_SHAPER)
1641  {
1642  /*
1643  * If sending this packet would put us over our traffic shaping
1644  * quota, don't send -- instead compute the delay we must wait
1645  * until it will be OK to send the packet.
1646  */
1647 #ifdef ENABLE_FEATURE_SHAPER
1648  int delay = 0;
1649 
1650  /* set traffic shaping delay in microseconds */
1651  if (c->options.shaper)
1652  {
1653  delay = max_int(delay, shaper_delay(&c->c2.shaper));
1654  }
1655 
1656  if (delay < 1000)
1657  {
1658  socket |= EVENT_WRITE;
1659  }
1660  else
1661  {
1662  shaper_soonest_event(&c->c2.timeval, delay);
1663  }
1664 #else /* ENABLE_FEATURE_SHAPER */
1665  socket |= EVENT_WRITE;
1666 #endif /* ENABLE_FEATURE_SHAPER */
1667  }
1668  else
1669  {
1670  socket |= EVENT_WRITE;
1671  }
1672  }
1673  else if (!((flags & IOW_FRAG) && TO_LINK_FRAG(c)))
1674  {
1675  if (flags & IOW_READ_TUN)
1676  {
1677  tuntap |= EVENT_READ;
1678  }
1679  }
1680 
1681  /*
1682  * If outgoing data (for TUN/TAP device) pending, wait for ready-to-send status
1683  * from device. Otherwise, wait for incoming data on TCP/UDP port.
1684  */
1685  if (flags & IOW_TO_TUN)
1686  {
1687  tuntap |= EVENT_WRITE;
1688  }
1689  else
1690  {
1691  if (flags & IOW_READ_LINK)
1692  {
1693  socket |= EVENT_READ;
1694  }
1695  }
1696 
1697  /*
1698  * outgoing bcast buffer waiting to be sent?
1699  */
1700  if (flags & IOW_MBUF)
1701  {
1702  socket |= EVENT_WRITE;
1703  }
1704 
1705  /*
1706  * Force wait on TUN input, even if also waiting on TCP/UDP output
1707  */
1708  if (flags & IOW_READ_TUN_FORCE)
1709  {
1710  tuntap |= EVENT_READ;
1711  }
1712 
1713  /*
1714  * Configure event wait based on socket, tuntap flags.
1715  */
1716  socket_set(c->c2.link_socket, c->c2.event_set, socket, (void *)&socket_shift, NULL);
1717  tun_set(c->c1.tuntap, c->c2.event_set, tuntap, (void *)&tun_shift, NULL);
1718 
1719 #ifdef ENABLE_MANAGEMENT
1720  if (management)
1721  {
1722  management_socket_set(management, c->c2.event_set, (void *)&management_shift, NULL);
1723  }
1724 #endif
1725 
1726 #ifdef ENABLE_ASYNC_PUSH
1727  /* arm inotify watcher */
1728  if (c->options.mode == MODE_SERVER)
1729  {
1730  event_ctl(c->c2.event_set, c->c2.inotify_fd, EVENT_READ, (void *)&file_shift);
1731  }
1732 #endif
1733 
1734  /*
1735  * Possible scenarios:
1736  * (1) tcp/udp port has data available to read
1737  * (2) tcp/udp port is ready to accept more data to write
1738  * (3) tun dev has data available to read
1739  * (4) tun dev is ready to accept more data to write
1740  * (5) we received a signal (handler sets signal_received)
1741  * (6) timeout (tv) expired
1742  */
1743 
1745 
1746  if (!c->sig->signal_received)
1747  {
1748  if (!(flags & IOW_CHECK_RESIDUAL) || !socket_read_residual(c->c2.link_socket))
1749  {
1750  int status;
1751 
1752 #ifdef ENABLE_DEBUG
1754  {
1755  show_wait_status(c);
1756  }
1757 #endif
1758 
1759  /*
1760  * Wait for something to happen.
1761  */
1762  status = event_wait(c->c2.event_set, &c->c2.timeval, esr, SIZE(esr));
1763 
1764  check_status(status, "event_wait", NULL, NULL);
1765 
1766  if (status > 0)
1767  {
1768  int i;
1769  c->c2.event_set_status = 0;
1770  for (i = 0; i < status; ++i)
1771  {
1772  const struct event_set_return *e = &esr[i];
1773  c->c2.event_set_status |= ((e->rwflags & 3) << *((int *)e->arg));
1774  }
1775  }
1776  else if (status == 0)
1777  {
1779  }
1780  }
1781  else
1782  {
1784  }
1785  }
1786 
1787  /* 'now' should always be a reasonably up-to-date timestamp */
1788  update_time();
1789 
1790  /* set signal_received if a signal was received */
1791  if (c->c2.event_set_status & ES_ERROR)
1792  {
1794  }
1795 
1796  dmsg(D_EVENT_WAIT, "I/O WAIT status=0x%04x", c->c2.event_set_status);
1797 }
1798 
1799 void
1801 {
1802  const unsigned int status = c->c2.event_set_status;
1803 
1804 #ifdef ENABLE_MANAGEMENT
1805  if (status & (MANAGEMENT_READ|MANAGEMENT_WRITE))
1806  {
1807  ASSERT(management);
1809  }
1810 #endif
1811 
1812  /* TCP/UDP port ready to accept write */
1813  if (status & SOCKET_WRITE)
1814  {
1816  }
1817  /* TUN device ready to accept write */
1818  else if (status & TUN_WRITE)
1819  {
1821  }
1822  /* Incoming data on TCP/UDP port */
1823  else if (status & SOCKET_READ)
1824  {
1825  read_incoming_link(c);
1826  if (!IS_SIG(c))
1827  {
1829  }
1830  }
1831  /* Incoming data on TUN device */
1832  else if (status & TUN_READ)
1833  {
1834  read_incoming_tun(c);
1835  if (!IS_SIG(c))
1836  {
1838  }
1839  }
1840 }
struct env_set * es
Definition: openvpn.h:425
#define TLSMP_ACTIVE
Definition: ssl.h:228
void io_wait_dowork(struct context *c, const unsigned int flags)
Definition: forward.c:1602
static void link_socket_get_outgoing_addr(struct buffer *buf, const struct link_socket_info *info, struct link_socket_actual **act)
Definition: socket.h:950
void receive_auth_failed(struct context *c, const struct buffer *buffer)
Definition: push.c:51
#define ES_ERROR
Definition: openvpn.h:238
counter_type tun_read_bytes
Definition: openvpn.h:279
void check_server_poll_timeout_dowork(struct context *c)
Definition: forward.c:347
struct buffer to_link
Definition: openvpn.h:382
#define ETT_DEFAULT
Definition: interval.h:213
Security parameter state for processing data channel packets.
Definition: crypto.h:232
bool log_rw
Definition: openvpn.h:385
uint32_t daddr
Definition: proto.h:105
struct event_timeout route_wakeup
Definition: openvpn.h:388
#define TO_LINK_FRAG(c)
Definition: forward.h:43
Definition: tun.h:131
struct client_nat_option_list * client_nat
Definition: options.h:351
static bool tuntap_abort(int status)
Definition: tun.h:422
struct buffer read_tun_buf
Definition: openvpn.h:109
struct event_timeout ping_rec_interval
Definition: openvpn.h:297
void check_tls_dowork(struct context *c)
Definition: forward.c:91
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:500
#define BIG_TIMEOUT
Definition: common.h:50
struct event_timeout route_wakeup_expire
Definition: openvpn.h:389
#define D_ROUTE
Definition: errlevel.h:80
counter_type link_write_bytes
Definition: openvpn.h:283
struct interval tmp_int
Definition: openvpn.h:349
static bool buf_advance(struct buffer *buf, int size)
Definition: buffer.h:622
bool do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
Definition: init.c:2029
int inetd
Definition: options.h:303
#define M_INFO
Definition: errlevel.h:55
Contains all state information for one tunnel.
Definition: openvpn.h:498
void tun_show_debug(struct tuntap *tt)
Definition: tun.c:6019
in_addr_t dhcp_extract_router_msg(struct buffer *ipbuf)
Definition: dhcp.c:194
static void check_send_occ_load_test(struct context *c)
Definition: occ-inline.h:60
#define SIZE(x)
Definition: basic.h:30
static void link_socket_set_outgoing_addr(const struct buffer *buf, struct link_socket_info *info, const struct link_socket_actual *act, const char *common_name, struct env_set *es)
Definition: socket.h:971
static void check_timeout_random_component_dowork(struct context *c)
Definition: forward.c:637
bool tun_standby(struct tuntap *tt)
Definition: tun.c:5257
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
Definition: socket.c:2772
static void gc_free(struct gc_arena *a)
Definition: buffer.h:999
static bool check_debug_level(unsigned int level)
Definition: error.h:245
#define D_EVENT_WAIT
Definition: errlevel.h:157
void mss_fixup_ipv6(struct buffer *buf, int maxmss)
Definition: mss.c:86
void tls_post_encrypt(struct tls_multi *multi, struct buffer *buf)
Perform some accounting for the key state used.
Definition: ssl.c:3970
#define MTU_TO_MSS(mtu)
Definition: proto.h:217
#define PERF_PROC_OUT_LINK
Definition: perf.h:55
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
Definition: forward.c:247
#define IOW_READ_LINK
Definition: forward.h:53
union openvpn_sockaddr::@8 addr
bool buf_assign(struct buffer *dest, const struct buffer *src)
Definition: buffer.c:173
static void context_reschedule_sec(struct context *c, int sec)
static void check_timeout_random_component(struct context *c)
Definition: forward.c:648
#define CC_PRINT
Definition: buffer.h:891
struct buffer buf
Definition: openvpn.h:380
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf)
Definition: forward.c:1211
static bool buf_safe(const struct buffer *buf, int len)
Definition: buffer.h:524
#define ASSERT(x)
Definition: error.h:221
static int tls_test_payload_len(const struct tls_multi *multi)
Definition: ssl.h:545
#define SIGUSR1
Definition: config-msvc.h:115
static int link_socket_read(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *from)
Definition: socket.h:1039
struct context_buffers * buffers
Definition: openvpn.h:372
struct event_timeout wait_for_connect
Definition: openvpn.h:295
static void check_send_occ_req(struct context *c)
Definition: occ-inline.h:43
static bool is_occ_msg(const struct buffer *buf)
Definition: occ.h:86
static void check_ping_send(struct context *c)
Definition: ping-inline.h:51
int read_tun(struct tuntap *tt, uint8_t *buf, int len)
static void perf_pop(void)
Definition: perf.h:82
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:243
void process_received_occ_msg(struct context *c)
Definition: occ.c:355
static void perf_push(int type)
Definition: perf.h:78
void tls_prepend_opcode_v2(const struct tls_multi *multi, struct buffer *buf)
Prepend an OpenVPN data channel P_DATA_V2 header to the packet.
Definition: ssl.c:3955
#define PERF_READ_IN_LINK
Definition: perf.h:51
void do_route(const struct options *options, struct route_list *route_list, struct route_ipv6_list *route_ipv6_list, const struct tuntap *tt, const struct plugin_list *plugins, struct env_set *es)
Definition: init.c:1585
static void event_timeout_clear(struct event_timeout *et)
Definition: interval.h:150
#define in_addr_t
Definition: config-msvc.h:103
static void process_coarse_timers(struct context *c)
Definition: forward.c:531
#define TUN_READ
Definition: openvpn.h:236
struct signal_info * sig
Internal error signaling object.
Definition: openvpn.h:523
static void interval_future_trigger(struct interval *top, interval_t wakeup)
Definition: interval.h:108
#define IOW_SHAPER
Definition: forward.h:54
struct frame frame_initial
Definition: openvpn.h:260
static bool fragment_outgoing_defined(struct fragment_master *f)
Check whether a fragment_master structure contains fragments ready to be sent.
Definition: fragment.h:448
void pre_select(struct context *c)
Definition: forward.c:1538
#define SOCKET_READ
Definition: openvpn.h:234
int max_recv_size_local
Definition: openvpn.h:318
static void check_packet_id_persist_flush(struct context *c)
#define SIGTERM
Definition: config-msvc.h:117
#define TLS_MODE(c)
Definition: openvpn.h:559
void check_status_file_dowork(struct context *c)
Definition: forward.c:388
static void get_signal(volatile int *sig)
Definition: sig.h:92
#define SIGHUP
Definition: config-msvc.h:113
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition: openvpn.h:165
static void check_scheduled_exit(struct context *c)
static int event_wait(struct event_set *es, const struct timeval *tv, struct event_set_return *out, int outlen)
Definition: event.h:125
bool test_routes(const struct route_list *rl, const struct tuntap *tt)
Definition: route.c:2629
void socks_process_incoming_udp(struct buffer *buf, struct link_socket_actual *from)
Definition: socks.c:556
bool allow_recursive_routing
Definition: options.h:613
bool fragment_ready_to_send(struct fragment_master *f, struct buffer *buf, const struct frame *frame)
Check whether outgoing fragments are ready to be send, and if so make one available.
Definition: fragment.c:380
#define IOW_TO_LINK
Definition: forward.h:51
void read_incoming_link(struct context *c)
Read a packet from the external network interface.
Definition: forward.c:707
static bool link_socket_verify_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.h:922
void * arg
Definition: event.h:80
static bool tuntap_defined(const struct tuntap *tt)
Definition: tun.h:198
static unsigned int tun_set(struct tuntap *tt, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition: tun.h:513
static bool link_socket_connection_oriented(const struct link_socket *sock)
Definition: socket.h:606
#define openvpn_errno()
Definition: error.h:74
int ping_rec_timeout
Definition: options.h:260
#define D_LOW
Definition: errlevel.h:97
int context_auth
Definition: openvpn.h:456
int write_tun(struct tuntap *tt, uint8_t *buf, int len)
#define ES_TIMEOUT
Definition: openvpn.h:239
static bool interval_test(struct interval *top)
Definition: interval.h:66
struct in6_addr daddr
Definition: proto.h:120
counter_type link_read_bytes_global
Definition: forward.c:50
static void check_incoming_control_channel(struct context *c)
void encrypt_sign(struct context *c, bool comp_frag)
Process a data channel packet that will be sent through a VPN tunnel.
Definition: forward.c:450
void fragment_outgoing(struct fragment_master *f, struct buffer *buf, const struct frame *frame)
Process an outgoing packet, which may or may not need to be fragmented.
Definition: fragment.c:325
bool is_hard_reset(int op, int key_method)
Given a key_method, return true if opcode represents the required form of hard_reset.
Definition: ssl.c:855
#define MODE_SERVER
Definition: options.h:186
bool send_push_request(struct context *c)
Definition: push.c:297
bool use_peer_id
Definition: ssl_common.h:555
void tls_pre_encrypt(struct tls_multi *multi, struct buffer *buf, struct crypto_options **opt)
Choose the appropriate security parameters with which to process an outgoing packet.
Definition: ssl.c:3889
struct event_timeout ping_send_interval
Definition: openvpn.h:296
#define D_PING
Definition: errlevel.h:140
#define D_LINK_RW
Definition: errlevel.h:112
#define PIP_MSSFIX
Definition: forward.h:253
#define FRAME_HEADROOM_ADJ(f, fm)
Definition: mtu.h:188
struct sockaddr_in6 in6
Definition: socket.h:70
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
static void check_send_occ_msg(struct context *c)
Definition: occ-inline.h:77
time_t explicit_exit_notification_time_wait
Definition: openvpn.h:420
#define PIPV4_CLIENT_NAT
Definition: forward.h:256
void link_socket_bad_incoming_addr(struct buffer *buf, const struct link_socket_info *info, const struct link_socket_actual *from_addr)
Definition: socket.c:2371
struct context_1 c1
Level 1 context.
Definition: openvpn.h:536
static void tls_set_single_session(struct tls_multi *multi)
Definition: ssl.h:559
#define IOW_TO_TUN
Definition: forward.h:50
#define PIPV4_PASSTOS
Definition: forward.h:252
struct context_persist persist
Persistent context.
Definition: openvpn.h:533
struct buffer decrypt_buf
Definition: openvpn.h:96
#define D_INTERVAL
Definition: errlevel.h:153
#define BPTR(buf)
Definition: buffer.h:124
struct frame frame_fragment
Definition: openvpn.h:265
#define PIPV4_OUTGOING
Definition: forward.h:254
static void fragment_housekeeping(struct fragment_master *f, struct frame *frame, struct timeval *tv)
Perform housekeeping of a fragment_master structure.
Definition: fragment.h:475
void tls_prepend_opcode_v1(const struct tls_multi *multi, struct buffer *buf)
Prepend a one-byte OpenVPN data channel P_DATA_V1 opcode to the packet.
Definition: ssl.c:3941
const char * tv_string(const struct timeval *tv, struct gc_arena *gc)
Definition: otime.c:88
static void event_timeout_reset(struct event_timeout *et)
Definition: interval.h:174
counter_type tun_write_bytes
Definition: openvpn.h:280
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
Definition: interval.c:45
int proto
Definition: options.h:88
#define IOW_READ_TUN_FORCE
Definition: forward.h:58
void client_nat_transform(const struct client_nat_option_list *list, struct buffer *ipbuf, const int direction)
Definition: clinat.c:195
counter_type link_read_bytes
Definition: openvpn.h:281
static void process_incoming_link(struct context *c)
Definition: forward.c:999
int mode
Definition: options.h:187
static void check_coarse_timers(struct context *c)
Definition: forward.c:623
#define PROTO_DUMP(buf, gc)
Definition: openvpn.h:561
static struct gc_arena gc_new(void)
Definition: buffer.h:991
void show_wait_status(struct context *c)
time_t now
Definition: otime.c:36
struct link_socket_actual * to_link_addr
Definition: openvpn.h:255
void buf_null_terminate(struct buffer *buf)
Definition: buffer.c:547
static void interval_action(struct interval *top)
Definition: interval.h:124
struct route_list * route_list
List of routing information.
Definition: openvpn.h:170
#define IOW_MBUF
Definition: forward.h:57
void management_socket_set(struct management *man, struct event_set *es, void *arg, unsigned int *persistent)
Definition: manage.c:3040
void process_explicit_exit_notification_timer_wakeup(struct context *c)
Definition: sig.c:348
void check_add_routes_dowork(struct context *c)
Definition: forward.c:293
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition: forward.c:338
static void management_bytes_in(struct management *man, const int size)
Definition: manage.h:575
#define FRAME_HEADROOM(f)
Definition: mtu.h:187
static bool event_timeout_defined(const struct event_timeout *et)
Definition: interval.h:144
int mssfix
Definition: options.h:118
struct frame frame
Definition: openvpn.h:259
static bool tls_initial_packet_received(const struct tls_multi *multi)
Definition: ssl.h:528
struct timeval timeval
Definition: openvpn.h:399
struct sockaddr_in in4
Definition: socket.h:69
static int write_tun_buffered(struct tuntap *tt, struct buffer *buf)
Definition: tun.h:466
interval_t n
Definition: interval.h:139
#define D_TAP_WIN_DEBUG
Definition: errlevel.h:114
static bool link_socket_actual_defined(const struct link_socket_actual *act)
Definition: socket.h:684
static void buffer_turnover(const uint8_t *orig_buf, struct buffer *dest_stub, struct buffer *src_stub, struct buffer *storage)
Definition: forward.c:431
static void check_add_routes(struct context *c)
static void check_inactivity_timeout(struct context *c)
static int link_socket_write(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to)
Definition: socket.h:1152
#define IOW_FRAG
Definition: forward.h:56
static void tv_add(struct timeval *dest, const struct timeval *src)
Definition: otime.h:165
static SERVICE_STATUS status
Definition: automatic.c:47
#define D_SCHED_EXIT
Definition: errlevel.h:89
static void register_activity(struct context *c, const int size)
static void event_reset(struct event_set *es)
Definition: event.h:107
static int get_tun_ip_ver(int tunnel_type, struct buffer *buf, int *ip_hdr_offset)
Definition: proto.h:225
#define EXPANDED_SIZE(f)
Definition: mtu.h:172
#define PERF_PROC_IN_TUN
Definition: perf.h:54
struct event_timeout scheduled_exit
Definition: openvpn.h:468
static void event_ctl(struct event_set *es, event_t event, unsigned int rwflags, void *arg)
Definition: event.h:119
const char * sanitize_control_message(const char *src, struct gc_arena *gc)
Definition: misc.c:657
void process_outgoing_link(struct context *c)
Write a packet to the external network interface.
Definition: forward.c:1296
void route_list_add_vpn_gateway(struct route_list *rl, struct env_set *es, const in_addr_t addr)
Definition: route.c:536
int restart_sleep_seconds
Definition: openvpn.h:117
unsigned int counter_type
Definition: common.h:38
struct link_socket * link_socket
Definition: openvpn.h:250
static bool socket_connection_reset(const struct link_socket *sock, int status)
Definition: socket.h:900
void process_io(struct context *c)
Definition: forward.c:1800
#define CN_OUTGOING
Definition: clinat.h:31
void initialization_sequence_completed(struct context *c, const unsigned int flags)
Definition: init.c:1466
const char * socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena *gc)
Definition: socket.c:2474
void check_fragment_dowork(struct context *c)
Definition: forward.c:401
void reset_coarse_timers(struct context *c)
Definition: init.c:1258
counter_type link_write_bytes_global
Definition: forward.c:51
Interface functions to the internal and external multiplexers.
#define IS_SIG(c)
Definition: sig.h:50
static void check_status_file(struct context *c)
int ping_send_timeout
Definition: options.h:259
void incoming_push_message(struct context *c, const struct buffer *buffer)
Definition: push.c:240
static int read_tun_buffered(struct tuntap *tt, struct buffer *buf, int maxsize)
Definition: tun.h:460
bool tls_rec_payload(struct tls_multi *multi, struct buffer *buf)
Definition: ssl.c:4029
struct connection_entry ce
Definition: options.h:208
#define D_TUN_RW
Definition: errlevel.h:113
struct route_ipv6_list * route_ipv6_list
Definition: openvpn.h:175
struct context_2 c2
Level 2 context.
Definition: openvpn.h:537
uint8_t * data
Pointer to the allocated memory.
Definition: buffer.h:68
#define dmsg
Definition: error.h:174
void read_incoming_tun(struct context *c)
Read a packet from the virtual tun/tap network interface.
Definition: forward.c:1017
#define MANAGEMENT_WRITE
Definition: openvpn.h:242
void print_status(const struct context *c, struct status_output *so)
Definition: sig.c:292
#define TUN_MTU_SIZE_DYNAMIC(f)
Definition: mtu.h:157
void check_push_request_dowork(struct context *c)
Definition: forward.c:190
void openvpn_encrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt)
Encrypt and HMAC sign a packet so that it can be sent as a data channel VPN tunnel packet to a remote...
Definition: crypto.c:303
#define IOW_WAIT_SIGNAL
Definition: forward.h:59
int socks_process_outgoing_udp(struct buffer *buf, const struct link_socket_actual *to)
Definition: socks.c:595
#define EVENT_READ
Definition: event.h:36
time_t update_timeout_random_component
Definition: openvpn.h:406
#define BLEN(buf)
Definition: buffer.h:127
#define ISC_ERRORS
Definition: init.h:116
#define CN_INCOMING
Definition: clinat.h:32
const char * tun_stat(const struct tuntap *tt, unsigned int rwflags, struct gc_arena *gc)
Definition: tun.c:524
bool shaper_soonest_event(struct timeval *tv, int delay)
Definition: shaper.c:41
#define P_OPCODE_SHIFT
Definition: ssl.h:51
void show_adapters(int msglev)
Definition: tun.c:4621
struct event_set * event_set
Definition: openvpn.h:229
struct buffer read_link_buf
Definition: openvpn.h:108
bool openvpn_decrypt(struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame, const uint8_t *ad_start)
HMAC verify and decrypt a data channel packet received from a remote OpenVPN peer.
Definition: crypto.c:672
static int max_int(int x, int y)
Definition: integer.h:34
struct event_timeout push_request_interval
Definition: openvpn.h:459
#define CAS_SUCCEEDED
Definition: openvpn.h:451
__int64 int64_t
Definition: config-msvc.h:123
#define TLSMP_KILL
Definition: ssl.h:229
unsigned __int8 uint8_t
Definition: config-msvc.h:122
static void check_tls_errors(struct context *c)
#define MODE_POINT_TO_POINT
Definition: options.h:185
static void event_timeout_modify_wakeup(struct event_timeout *et, interval_t n)
Definition: interval.h:183
bool tls_pre_decrypt(struct tls_multi *multi, const struct link_socket_actual *from, struct buffer *buf, struct crypto_options **opt, bool floated, const uint8_t **ad_start)
Determine whether an incoming packet is a data channel or control channel packet, and process accordi...
Definition: ssl.c:3314
bool string_mod(char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace)
Definition: buffer.c:1056
static void drop_if_recursive_routing(struct context *c, struct buffer *buf)
Drops UDP packets which OS decided to route via tun.
Definition: forward.c:1077
int scheduled_exit_signal
Definition: openvpn.h:469
#define PERF_READ_IN_TUN
Definition: perf.h:53
unsigned int socket_set(struct link_socket *s, struct event_set *es, unsigned int rwflags, void *arg, unsigned int *persistent)
Definition: socket.c:3811
volatile int signal_received
Definition: sig.h:45
bool is_ipv6(int tunnel_type, struct buffer *buf)
Definition: proto.c:96
#define PUSH_REQUEST_INTERVAL
Definition: common.h:89
static void interval_schedule_wakeup(struct interval *top, interval_t *wakeup)
Definition: interval.h:94
void check_scheduled_exit_dowork(struct context *c)
Definition: forward.c:377
static bool is_ping_msg(const struct buffer *buf)
Definition: ping.h:41
#define IN6_ARE_ADDR_EQUAL(a, b)
Definition: win32.h:44
void register_signal(struct context *c, int sig, const char *text)
Definition: sig.c:460
void check_incoming_control_channel_dowork(struct context *c)
Definition: forward.c:141
#define MANAGEMENT_READ
Definition: openvpn.h:241
static void check_ping_restart(struct context *c)
Definition: ping-inline.h:32
#define OPENVPN_STATE_GET_CONFIG
Definition: manage.h:503
#define M_NOPREFIX
Definition: error.h:102
#define msg
Definition: error.h:173
struct timeval timeout_random_component
Definition: openvpn.h:407
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void show_routes(int msglev)
Definition: route.c:3149
struct event_timeout explicit_exit_notification_interval
Definition: openvpn.h:421
void server_pushed_signal(struct context *c, const struct buffer *buffer, const bool restart, const int adv)
Definition: push.c:107
static void check_push_request(struct context *c)
void frame_adjust_path_mtu(struct frame *frame, int pmtu, int proto)
Definition: socket.c:1550
static void check_fragment(struct context *c)
#define buf_init(buf, offset)
Definition: buffer.h:196
bool tls_send_payload(struct tls_multi *multi, const uint8_t *data, int size)
Definition: ssl.c:3990
struct fragment_master * fragment
Definition: openvpn.h:264
#define IOW_CHECK_RESIDUAL
Definition: forward.h:55
void check_tls_errors_co(struct context *c)
Definition: forward.c:122
struct status_output * status_output
Definition: openvpn.h:178
struct plugin_list * plugins
List of plug-ins.
Definition: openvpn.h:525
void management_io(struct management *man)
Definition: manage.c:3080
static void management_bytes_out(struct management *man, const int size)
Definition: manage.h:566
#define MAX_RW_SIZE_TUN(f)
Definition: mtu.h:180
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2685
bool is_ipv4(int tunnel_type, struct buffer *buf)
Definition: proto.c:91
struct event_timeout server_poll_interval
Definition: openvpn.h:411
static void context_immediate_reschedule(struct context *c)
static void wait_signal(struct event_set *es, void *arg)
Definition: event.h:144
#define TUN_WRITE
Definition: openvpn.h:237
static void check_add_routes_action(struct context *c, const bool errors)
Definition: forward.c:282
#define FRAME_HEADROOM_MARKER_READ_LINK
Definition: mtu.h:131
const char * tls_common_name(const struct tls_multi *multi, const bool null)
Returns the common name field for the given tunnel.
Definition: ssl_verify.c:161
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
#define PERF_PROC_IN_LINK
Definition: perf.h:52
static void buf_reset(struct buffer *buf)
Definition: buffer.h:290
#define EVENT_WRITE
Definition: event.h:37
#define PIPV4_EXTRACT_DHCP_ROUTER
Definition: forward.h:255
#define SOCKET_WRITE
Definition: openvpn.h:235
#define TUNNEL_TYPE(tt)
Definition: tun.h:133
static bool socket_read_residual(const struct link_socket *s)
Definition: socket.h:1207
void check_connection_established_dowork(struct context *c)
Definition: forward.c:204
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
#define IOW_READ_TUN
Definition: forward.h:52
int original_recv_size
Definition: openvpn.h:317
int interval_t
Definition: common.h:45
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf)
Continues processing a packet read from the external network interface.
Definition: forward.c:914
void management_sleep(const int n)
A sleep function that services the management layer for n seconds rather than doing nothing...
Definition: manage.c:4027
#define PERF_PROC_OUT_TUN
Definition: perf.h:56
struct link_socket_actual from
Definition: openvpn.h:256
static void socks_postprocess_incoming_link(struct context *c)
Definition: forward.c:666
#define D_STREAM_ERRORS
Definition: errlevel.h:63
bool pull
Definition: options.h:464
#define BSTR(buf)
Definition: buffer.h:129
long int get_random(void)
Definition: crypto.c:1761
static void check_connection_established(struct context *c)
void fragment_incoming(struct fragment_master *f, struct buffer *buf, const struct frame *frame)
Process an incoming packet, which may or may not be fragmented.
Definition: fragment.c:140
static void socks_preprocess_outgoing_link(struct context *c, struct link_socket_actual **to_addr, int *size_delta)
Definition: forward.c:675
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated)
Starts processing a packet read from the external network interface.
Definition: forward.c:775
static interval_t event_timeout_remaining(struct event_timeout *et)
Definition: interval.h:197
static int datagram_overhead(int proto)
Definition: socket.h:589
void check_inactivity_timeout_dowork(struct context *c)
Definition: forward.c:331
char * actual_name
Definition: tun.h:146
const char * proto2ascii(int proto, sa_family_t af, bool display_form)
Definition: socket.c:3102
struct buffer to_tun
Definition: openvpn.h:381
void check_tls_errors_nco(struct context *c)
Definition: forward.c:129
static void update_time(void)
Definition: otime.h:93
static bool tuntap_stop(int status)
Definition: tun.h:408
#define CC_CRLF
Definition: buffer.h:920
static void check_tls(struct context *c)
static void link_socket_write_post_size_adjust(int *size, int size_delta, struct buffer *buf)
Definition: forward.c:688
struct sockaddr sa
Definition: socket.h:68
unsigned int event_set_status
Definition: openvpn.h:248
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
Definition: openvpn.h:334
void mss_fixup_ipv4(struct buffer *buf, int maxmss)
Definition: mss.c:46
struct buffer encrypt_buf
Definition: openvpn.h:95
void process_incoming_tun(struct context *c)
Process a packet read from the virtual tun/tap network interface.
Definition: forward.c:1158
unsigned int rwflags
Definition: event.h:79
int max_send_size_local
Definition: openvpn.h:320
void schedule_exit(struct context *c, const int n_seconds, const int signal)
Definition: forward.c:363
static void check_server_poll_timeout(struct context *c)
static void check_status(int status, const char *description, struct link_socket *sock, struct tuntap *tt)
Definition: error.h:302
struct crypto_options crypto_options
Security parameters and crypto state used by the Data Channel Crypto module to process data channel p...
Definition: openvpn.h:354
#define CONNECTION_ESTABLISHED(c)
bool buf_string_match_head_str(const struct buffer *src, const char *match)
Definition: buffer.c:793
const char * wait_status_string(struct context *c, struct gc_arena *gc)
static struct link_socket_info * get_link_socket_info(struct context *c)
static void event_timeout_init(struct event_timeout *et, interval_t n, const time_t local_now)
Definition: interval.h:166
void process_outgoing_tun(struct context *c)
Write a packet to the virtual tun/tap network interface.
Definition: forward.c:1447
int key_method
Definition: options.h:548
int tls_exit_signal
Definition: openvpn.h:352
#define D_LINK_ERRORS
Definition: errlevel.h:57
time_t coarse_timer_wakeup
Definition: openvpn.h:402
#define PASSTOS_CAPABILITY
Definition: syshead.h:405
static void check_coarse_timers_dowork(struct context *c)
Definition: forward.c:605
bool route_gateway_via_dhcp
Definition: options.h:349
counter_type link_read_bytes_auth
Definition: openvpn.h:282
int tls_multi_process(struct tls_multi *multi, struct buffer *to_link, struct link_socket_actual **to_link_addr, struct link_socket_info *to_link_socket_info, interval_t *wakeup)
Definition: ssl.c:3119
#define D_PUSH_ERRORS
Definition: errlevel.h:67