forward.h

Go to the documentation of this file.

/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */


#ifndef FORWARD_H
#define FORWARD_H

/* the following macros must be defined before including any other header
 * file
 */

#define TUN_OUT(c)      (BLEN(&(c)->c2.to_tun) > 0)
#define LINK_OUT(c)     (BLEN(&(c)->c2.to_link) > 0)
#define ANY_OUT(c)      (TUN_OUT(c) || LINK_OUT(c))

#ifdef ENABLE_FRAGMENT
#define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))
#else
#define TO_LINK_FRAG(c) (false)
#endif

#define TO_LINK_DEF(c)  (LINK_OUT(c) || TO_LINK_FRAG(c))

#include "openvpn.h"
#include "occ.h"
#include "ping.h"

#define IOW_TO_TUN          (1<<0)
#define IOW_TO_LINK         (1<<1)
#define IOW_READ_TUN        (1<<2)
#define IOW_READ_LINK       (1<<3)
#define IOW_SHAPER          (1<<4)
#define IOW_CHECK_RESIDUAL  (1<<5)
#define IOW_FRAG            (1<<6)
#define IOW_MBUF            (1<<7)
#define IOW_READ_TUN_FORCE  (1<<8)
#define IOW_WAIT_SIGNAL     (1<<9)

#define IOW_READ            (IOW_READ_TUN|IOW_READ_LINK)

extern counter_type link_read_bytes_global;

extern counter_type link_write_bytes_global;

void check_tls_dowork(struct context *c);

void check_tls_errors_co(struct context *c);

void check_tls_errors_nco(struct context *c);

#if P2MP
void check_incoming_control_channel_dowork(struct context *c);

void check_scheduled_exit_dowork(struct context *c);

void check_push_request_dowork(struct context *c);

#endif /* P2MP */

#ifdef ENABLE_FRAGMENT
void check_fragment_dowork(struct context *c);

#endif /* ENABLE_FRAGMENT */

void check_connection_established_dowork(struct context *c);

void check_add_routes_dowork(struct context *c);

void check_inactivity_timeout_dowork(struct context *c);

void check_server_poll_timeout_dowork(struct context *c);

void check_status_file_dowork(struct context *c);

void io_wait_dowork(struct context *c, const unsigned int flags);

void pre_select(struct context *c);

void process_io(struct context *c);

const char *wait_status_string(struct context *c, struct gc_arena *gc);

void show_wait_status(struct context *c);


/**********************************************************************/
void encrypt_sign(struct context *c, bool comp_frag);

int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);

/**********************************************************************/
void read_incoming_link(struct context *c);

bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);

void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf);

void process_outgoing_link(struct context *c);


/**************************************************************************/
void read_incoming_tun(struct context *c);


void process_incoming_tun(struct context *c);


void process_outgoing_tun(struct context *c);


/**************************************************************************/

/*
 * Send a string to remote over the TLS control channel.
 * Used for push/pull messages, passing username/password,
 * etc.
 * @param c          - The context structure of the VPN tunnel associated with
 *                     the packet.
 * @param str        - The message to be sent
 * @param msglevel   - Message level to use for logging
 */
bool
send_control_channel_string(struct context *c, const char *str, int msglevel);

/*
 * Send a string to remote over the TLS control channel.
 * Used for push/pull messages, passing username/password,
 * etc.
 *
 * This variant does not schedule the actual sending of the message
 * The caller needs to ensure that it is scheduled or call
 * send_control_channel_string
 *
 * @param multi      - The tls_multi structure of the VPN tunnel associated
 *                     with the packet.
 * @param str        - The message to be sent
 * @param msglevel   - Message level to use for logging
 */

bool
send_control_channel_string_dowork(struct tls_multi *multi,
                                   const char *str, int msglevel);

#define PIPV4_PASSTOS                   (1<<0)
#define PIP_MSSFIX                      (1<<1)         /* v4 and v6 */
#define PIP_OUTGOING                    (1<<2)
#define PIPV4_EXTRACT_DHCP_ROUTER       (1<<3)
#define PIPV4_CLIENT_NAT                (1<<4)
#define PIPV6_IMCP_NOHOST_CLIENT        (1<<5)
#define PIPV6_IMCP_NOHOST_SERVER        (1<<6)

void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf);

#if P2MP
void schedule_exit(struct context *c, const int n_seconds, const int signal);

#endif

static inline struct link_socket_info *
get_link_socket_info(struct context *c)
{
    if (c->c2.link_socket_info)
    {
        return c->c2.link_socket_info;
    }
    else
    {
        return &c->c2.link_socket->info;
    }
}

static inline void
register_activity(struct context *c, const int size)
{
    if (c->options.inactivity_timeout)
    {
        c->c2.inactivity_bytes += size;
        if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes)
        {
            c->c2.inactivity_bytes = 0;
            event_timeout_reset(&c->c2.inactivity_interval);
        }
    }
}

/*
 * Return the io_wait() flags appropriate for
 * a point-to-point tunnel.
 */
static inline unsigned int
p2p_iow_flags(const struct context *c)
{
    unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL);
    if (c->c2.to_link.len > 0)
    {
        flags |= IOW_TO_LINK;
    }
    if (c->c2.to_tun.len > 0)
    {
        flags |= IOW_TO_TUN;
    }
    return flags;
}

/*
 * This is the core I/O wait function, used for all I/O waits except
 * for TCP in server mode.
 */
static inline void
io_wait(struct context *c, const unsigned int flags)
{
    void io_wait_dowork(struct context *c, const unsigned int flags);

    if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF)))
    {
        /* fast path -- only for TUN/TAP/UDP writes */
        unsigned int ret = 0;
        if (flags & IOW_TO_TUN)
        {
            ret |= TUN_WRITE;
        }
        if (flags & (IOW_TO_LINK|IOW_MBUF))
        {
            ret |= SOCKET_WRITE;
        }
        c->c2.event_set_status = ret;
    }
    else
    {
        /* slow path */
        io_wait_dowork(c, flags);
    }
}

#define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established)

#endif /* FORWARD_H */