OpenVPN
forward.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 
31 #ifndef FORWARD_H
32 #define FORWARD_H
33 
34 /* the following macros must be defined before including any other header
35  * file
36  */
37 
38 #define TUN_OUT(c) (BLEN(&(c)->c2.to_tun) > 0)
39 #define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0)
40 #define ANY_OUT(c) (TUN_OUT(c) || LINK_OUT(c))
41 
42 #ifdef ENABLE_FRAGMENT
43 #define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))
44 #else
45 #define TO_LINK_FRAG(c) (false)
46 #endif
47 
48 #define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c))
49 
50 #include "openvpn.h"
51 #include "occ.h"
52 #include "ping.h"
53 
54 #define IOW_TO_TUN (1<<0)
55 #define IOW_TO_LINK (1<<1)
56 #define IOW_READ_TUN (1<<2)
57 #define IOW_READ_LINK (1<<3)
58 #define IOW_SHAPER (1<<4)
59 #define IOW_CHECK_RESIDUAL (1<<5)
60 #define IOW_FRAG (1<<6)
61 #define IOW_MBUF (1<<7)
62 #define IOW_READ_TUN_FORCE (1<<8)
63 #define IOW_WAIT_SIGNAL (1<<9)
64 
65 #define IOW_READ (IOW_READ_TUN|IOW_READ_LINK)
66 
68 
70 
71 void check_tls_dowork(struct context *c);
72 
73 void check_tls_errors_co(struct context *c);
74 
75 void check_tls_errors_nco(struct context *c);
76 
77 #if P2MP
79 
80 void check_scheduled_exit_dowork(struct context *c);
81 
82 void check_push_request_dowork(struct context *c);
83 
84 #endif /* P2MP */
85 
86 #ifdef ENABLE_FRAGMENT
87 void check_fragment_dowork(struct context *c);
88 
89 #endif /* ENABLE_FRAGMENT */
90 
92 
93 void check_add_routes_dowork(struct context *c);
94 
96 
98 
99 void check_status_file_dowork(struct context *c);
100 
101 void io_wait_dowork(struct context *c, const unsigned int flags);
102 
103 void pre_select(struct context *c);
104 
105 void process_io(struct context *c);
106 
107 const char *wait_status_string(struct context *c, struct gc_arena *gc);
108 
109 void show_wait_status(struct context *c);
110 
111 
112 /**********************************************************************/
145 void encrypt_sign(struct context *c, bool comp_frag);
146 
147 int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);
148 
149 /**********************************************************************/
169 void read_incoming_link(struct context *c);
170 
197 bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);
198 
224 void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf);
225 
238 void process_outgoing_link(struct context *c);
239 
240 
241 /**************************************************************************/
254 void read_incoming_tun(struct context *c);
255 
256 
269 void process_incoming_tun(struct context *c);
270 
271 
284 void process_outgoing_tun(struct context *c);
285 
286 
287 /**************************************************************************/
288 
289 /*
290  * Send a string to remote over the TLS control channel.
291  * Used for push/pull messages, passing username/password,
292  * etc.
293  * @param c - The context structure of the VPN tunnel associated with
294  * the packet.
295  * @param str - The message to be sent
296  * @param msglevel - Message level to use for logging
297  */
298 bool
299 send_control_channel_string(struct context *c, const char *str, int msglevel);
300 
301 /*
302  * Send a string to remote over the TLS control channel.
303  * Used for push/pull messages, passing username/password,
304  * etc.
305  *
306  * This variant does not schedule the actual sending of the message
307  * The caller needs to ensure that it is scheduled or call
308  * send_control_channel_string
309  *
310  * @param multi - The tls_multi structure of the VPN tunnel associated
311  * with the packet.
312  * @param str - The message to be sent
313  * @param msglevel - Message level to use for logging
314  */
315 
316 bool
318  const char *str, int msglevel);
319 
320 #define PIPV4_PASSTOS (1<<0)
321 #define PIP_MSSFIX (1<<1) /* v4 and v6 */
322 #define PIP_OUTGOING (1<<2)
323 #define PIPV4_EXTRACT_DHCP_ROUTER (1<<3)
324 #define PIPV4_CLIENT_NAT (1<<4)
325 #define PIPV6_IMCP_NOHOST_CLIENT (1<<5)
326 #define PIPV6_IMCP_NOHOST_SERVER (1<<6)
327 
328 void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf);
329 
330 #if P2MP
331 void schedule_exit(struct context *c, const int n_seconds, const int signal);
332 
333 #endif
334 
335 static inline struct link_socket_info *
337 {
338  if (c->c2.link_socket_info)
339  {
340  return c->c2.link_socket_info;
341  }
342  else
343  {
344  return &c->c2.link_socket->info;
345  }
346 }
347 
348 static inline void
349 register_activity(struct context *c, const int size)
350 {
352  {
353  c->c2.inactivity_bytes += size;
355  {
356  c->c2.inactivity_bytes = 0;
358  }
359  }
360 }
361 
362 /*
363  * Return the io_wait() flags appropriate for
364  * a point-to-point tunnel.
365  */
366 static inline unsigned int
367 p2p_iow_flags(const struct context *c)
368 {
370  if (c->c2.to_link.len > 0)
371  {
372  flags |= IOW_TO_LINK;
373  }
374  if (c->c2.to_tun.len > 0)
375  {
376  flags |= IOW_TO_TUN;
377  }
378  return flags;
379 }
380 
381 /*
382  * This is the core I/O wait function, used for all I/O waits except
383  * for TCP in server mode.
384  */
385 static inline void
386 io_wait(struct context *c, const unsigned int flags)
387 {
388  void io_wait_dowork(struct context *c, const unsigned int flags);
389 
390  if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF)))
391  {
392  /* fast path -- only for TUN/TAP/UDP writes */
393  unsigned int ret = 0;
394  if (flags & IOW_TO_TUN)
395  {
396  ret |= TUN_WRITE;
397  }
398  if (flags & (IOW_TO_LINK|IOW_MBUF))
399  {
400  ret |= SOCKET_WRITE;
401  }
402  c->c2.event_set_status = ret;
403  }
404  else
405  {
406  /* slow path */
407  io_wait_dowork(c, flags);
408  }
409 }
410 
411 #define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established)
412 
413 #endif /* FORWARD_H */
void check_tls_dowork(struct context *c)
Definition: forward.c:317
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
Definition: forward.c:487
static void register_activity(struct context *c, const int size)
Definition: forward.h:349
struct buffer to_link
Definition: openvpn.h:384
void check_add_routes_dowork(struct context *c)
Definition: forward.c:522
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:502
Contains all state information for one tunnel.
Definition: openvpn.h:500
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:503
int inactivity_minimum_bytes
Definition: options.h:262
struct link_socket_info * link_socket_info
Definition: openvpn.h:254
#define IOW_SHAPER
Definition: forward.h:58
#define IOW_TO_LINK
Definition: forward.h:55
void read_incoming_link(struct context *c)
Read a packet from the external network interface.
Definition: forward.c:936
void encrypt_sign(struct context *c, bool comp_frag)
Process a data channel packet that will be sent through a VPN tunnel.
Definition: forward.c:679
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void process_io(struct context *c)
Definition: forward.c:2186
#define IOW_TO_TUN
Definition: forward.h:54
struct event_timeout inactivity_interval
Definition: openvpn.h:302
void pre_select(struct context *c)
Definition: forward.c:1924
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf)
Definition: forward.c:1581
static struct link_socket_info * get_link_socket_info(struct context *c)
Definition: forward.h:336
static void event_timeout_reset(struct event_timeout *et)
Definition: interval.h:174
void io_wait_dowork(struct context *c, const unsigned int flags)
Definition: forward.c:1988
void show_wait_status(struct context *c)
int inactivity_bytes
Definition: openvpn.h:303
#define IOW_MBUF
Definition: forward.h:61
void check_inactivity_timeout_dowork(struct context *c)
Definition: forward.c:560
void check_incoming_control_channel_dowork(struct context *c)
Definition: forward.c:367
#define IOW_FRAG
Definition: forward.h:60
void check_fragment_dowork(struct context *c)
Definition: forward.c:630
static void io_wait(struct context *c, const unsigned int flags)
Definition: forward.h:386
void process_outgoing_link(struct context *c)
Write a packet to the external network interface.
Definition: forward.c:1680
unsigned int counter_type
Definition: common.h:38
struct link_socket * link_socket
Definition: openvpn.h:252
void check_push_request_dowork(struct context *c)
Definition: forward.c:416
struct context_2 c2
Level 2 context.
Definition: openvpn.h:539
void read_incoming_tun(struct context *c)
Read a packet from the virtual tun/tap network interface.
Definition: forward.c:1246
#define IOW_WAIT_SIGNAL
Definition: forward.h:63
int inactivity_timeout
Definition: options.h:261
unsigned __int8 uint8_t
Definition: config-msvc.h:123
counter_type link_read_bytes_global
Definition: forward.c:50
void check_tls_errors_co(struct context *c)
Definition: forward.c:348
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define IOW_CHECK_RESIDUAL
Definition: forward.h:59
void check_server_poll_timeout_dowork(struct context *c)
Definition: forward.c:576
void check_connection_established_dowork(struct context *c)
Definition: forward.c:430
#define TUN_WRITE
Definition: openvpn.h:239
bool fast_io
Definition: openvpn.h:431
#define SOCKET_WRITE
Definition: openvpn.h:237
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
void check_status_file_dowork(struct context *c)
Definition: forward.c:617
void check_scheduled_exit_dowork(struct context *c)
Definition: forward.c:606
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf)
Continues processing a packet read from the external network interface.
Definition: forward.c:1143
void check_tls_errors_nco(struct context *c)
Definition: forward.c:355
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition: forward.c:567
static unsigned int p2p_iow_flags(const struct context *c)
Definition: forward.h:367
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated)
Starts processing a packet read from the external network interface.
Definition: forward.c:1004
struct buffer to_tun
Definition: openvpn.h:383
bool send_control_channel_string_dowork(struct tls_multi *multi, const char *str, int msglevel)
Definition: forward.c:468
unsigned int event_set_status
Definition: openvpn.h:250
void process_incoming_tun(struct context *c)
Process a packet read from the virtual tun/tap network interface.
Definition: forward.c:1387
const char * wait_status_string(struct context *c, struct gc_arena *gc)
void process_outgoing_tun(struct context *c)
Write a packet to the virtual tun/tap network interface.
Definition: forward.c:1831
#define IOW_READ
Definition: forward.h:65
void schedule_exit(struct context *c, const int n_seconds, const int signal)
Definition: forward.c:592
counter_type link_write_bytes_global
Definition: forward.c:51