OpenVPN
mroute.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifndef MROUTE_H
25 #define MROUTE_H
26 
27 #include "buffer.h"
28 #include "list.h"
29 #include "route.h"
30 
31 #include <stddef.h>
32 
33 #define IP_MCAST_SUBNET_MASK ((in_addr_t)240<<24)
34 #define IP_MCAST_NETWORK ((in_addr_t)224<<24)
35 
36 /* Return status values for mroute_extract_addr_from_packet */
37 
38 #define MROUTE_EXTRACT_SUCCEEDED (1<<0)
39 #define MROUTE_EXTRACT_BCAST (1<<1)
40 #define MROUTE_EXTRACT_MCAST (1<<2)
41 #define MROUTE_EXTRACT_IGMP (1<<3)
42 
43 #define MROUTE_SEC_EXTRACT_SUCCEEDED (1<<(0+MROUTE_SEC_SHIFT))
44 #define MROUTE_SEC_EXTRACT_BCAST (1<<(1+MROUTE_SEC_SHIFT))
45 #define MROUTE_SEC_EXTRACT_MCAST (1<<(2+MROUTE_SEC_SHIFT))
46 #define MROUTE_SEC_EXTRACT_IGMP (1<<(3+MROUTE_SEC_SHIFT))
47 
48 #define MROUTE_SEC_SHIFT 4
49 
50 /*
51  * Choose the largest address possible with
52  * any of our supported types, which is IPv6
53  * with port number.
54  */
55 #define MR_MAX_ADDR_LEN 20
56 
57 /*
58  * Address Types
59  */
60 #define MR_ADDR_NONE 0
61 #define MR_ADDR_ETHER 1
62 #define MR_ADDR_IPV4 2
63 #define MR_ADDR_IPV6 3
64 #define MR_ADDR_MASK 3
65 
66 /* Address type mask indicating that port # is part of address */
67 #define MR_WITH_PORT 4
68 
69 /* Address type mask indicating that netbits is part of address */
70 #define MR_WITH_NETBITS 8
71 
72 /* Indicates than IPv4 addr was extracted from ARP packet */
73 #define MR_ARP 16
74 
75 struct mroute_addr {
76  uint8_t len; /* length of address */
77  uint8_t unused;
78  uint8_t type; /* MR_ADDR/MR_WITH flags */
79  uint8_t netbits; /* number of bits in network part of address,
80  * valid if MR_WITH_NETBITS is set */
81  union {
82  uint8_t raw_addr[MR_MAX_ADDR_LEN]; /* actual address */
83  struct {
85  uint16_t vid;
86  } ether;
87  struct {
88  in_addr_t addr; /* _network order_ IPv4 address */
89  in_port_t port; /* _network order_ TCP/UDP port */
90  } v4;
91  struct {
92  struct in6_addr addr;
93  in_port_t port; /* _network order_ TCP/UDP port */
94  } v6;
95  struct {
96  uint8_t prefix[12];
97  in_addr_t addr; /* _network order_ IPv4 address */
98  } v4mappedv6;
99  }
100 #ifndef HAVE_ANONYMOUS_UNION_SUPPORT
101 /* Wrappers to support compilers that do not grok anonymous unions */
102  mroute_union
103 #define raw_addr mroute_union.raw_addr
104 #define ether mroute_union.ether
105 #define v4 mroute_union.v4
106 #define v6 mroute_union.v6
107 #define v4mappedv6 mroute_union.v4mappedv6
108 #endif
109  ;
110 };
111 
112 /* Double-check that struct packing works as expected */
113 static_assert(offsetof(struct mroute_addr, v4.port) ==
114  offsetof(struct mroute_addr, v4) + 4,
115  "Unexpected struct packing of v4");
116 static_assert(offsetof(struct mroute_addr, v6.port) ==
117  offsetof(struct mroute_addr, v6) + 16,
118  "Unexpected struct packing of v6");
119 static_assert(offsetof(struct mroute_addr, v4mappedv6.addr) ==
120  offsetof(struct mroute_addr, v4mappedv6) + 12,
121  "Unexpected struct packing of v4mappedv6");
122 
123 /*
124  * Number of bits in an address. Should be raised for IPv6.
125  */
126 #define MR_HELPER_NET_LEN 129
127 
128 /*
129  * Used to help maintain CIDR routing table.
130  */
132  unsigned int cache_generation; /* incremented when route added */
133  int ageable_ttl_secs; /* host route cache entry time-to-live*/
134  int n_net_len; /* length of net_len array */
135  uint8_t net_len[MR_HELPER_NET_LEN]; /* CIDR netlengths in descending order */
136  int net_len_refcount[MR_HELPER_NET_LEN]; /* refcount of each netlength */
137 };
138 
139 struct openvpn_sockaddr;
140 
142  const struct openvpn_sockaddr *osaddr,
143  bool use_port);
144 
145 bool mroute_learnable_address(const struct mroute_addr *addr,
146  struct gc_arena *gc);
147 
148 uint32_t mroute_addr_hash_function(const void *key, uint32_t iv);
149 
150 bool mroute_addr_compare_function(const void *key1, const void *key2);
151 
152 void mroute_addr_init(struct mroute_addr *addr);
153 
154 const char *mroute_addr_print(const struct mroute_addr *ma,
155  struct gc_arena *gc);
156 
157 #define MAPF_SUBNET (1<<0)
158 #define MAPF_IA_EMPTY_IF_UNDEF (1<<1)
159 #define MAPF_SHOW_ARP (1<<2)
160 const char *mroute_addr_print_ex(const struct mroute_addr *ma,
161  const unsigned int flags,
162  struct gc_arena *gc);
163 
164 void mroute_addr_mask_host_bits(struct mroute_addr *ma);
165 
167 
168 void mroute_helper_free(struct mroute_helper *mh);
169 
170 void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits);
171 
172 void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits);
173 
174 unsigned int mroute_extract_addr_ip(struct mroute_addr *src,
175  struct mroute_addr *dest,
176  const struct buffer *buf);
177 
178 unsigned int mroute_extract_addr_ether(struct mroute_addr *src,
179  struct mroute_addr *dest,
180  uint16_t vid,
181  const struct buffer *buf);
182 
183 /*
184  * Given a raw packet in buf, return the src and dest
185  * addresses of the packet.
186  */
187 static inline unsigned int
189  struct mroute_addr *dest,
190  uint16_t vid,
191  const struct buffer *buf,
192  int tunnel_type)
193 {
194  unsigned int ret = 0;
195  verify_align_4(buf);
196  if (tunnel_type == DEV_TYPE_TUN)
197  {
198  ret = mroute_extract_addr_ip(src, dest, buf);
199  }
200  else if (tunnel_type == DEV_TYPE_TAP)
201  {
202  ret = mroute_extract_addr_ether(src, dest, vid, buf);
203  }
204  return ret;
205 }
206 
207 static inline bool
208 mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)
209 {
210  if (a1->type != a2->type)
211  {
212  return false;
213  }
214  if (a1->netbits != a2->netbits)
215  {
216  return false;
217  }
218  if (a1->len != a2->len)
219  {
220  return false;
221  }
222  return memcmp(a1->raw_addr, a2->raw_addr, a1->len) == 0;
223 }
224 
225 static inline const uint8_t *
227 {
228  /* NOTE: depends on ordering of struct mroute_addr */
229  return (uint8_t *) &a->type;
230 }
231 
232 static inline uint32_t
234 {
235  return (uint32_t) a->len + 2;
236 }
237 
238 static inline void
239 mroute_extract_in_addr_t(struct mroute_addr *dest, const in_addr_t src)
240 {
241  dest->type = MR_ADDR_IPV4;
242  dest->netbits = 0;
243  dest->len = 4;
244  dest->v4.addr = htonl(src);
245 }
246 
247 static inline in_addr_t
249 {
250  if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4)
251  {
252  return ntohl(addr->v4.addr);
253  }
254  else
255  {
256  return 0;
257  }
258 }
259 
260 static inline void
262 {
263  ma->len = 0;
264  ma->type = MR_ADDR_NONE;
265 }
266 
267 #endif /* MROUTE_H */
MR_ADDR_MASK
#define MR_ADDR_MASK
Definition: mroute.h:64
mroute_addr_init
void mroute_addr_init(struct mroute_addr *addr)
Definition: mroute.c:39
mroute_addr_hash_function
uint32_t mroute_addr_hash_function(const void *key, uint32_t iv)
Definition: mroute.c:361
openvpn_sockaddr::addr
union openvpn_sockaddr::@14 addr
v4
#define v4
DEV_TYPE_TUN
#define DEV_TYPE_TUN
Definition: proto.h:37
mroute_addr_reset
static void mroute_addr_reset(struct mroute_addr *ma)
Definition: mroute.h:261
static_assert
#define static_assert(expr, diagnostic)
Definition: error.h:218
key1
static const char *const key1
Definition: cert_data.h:56
mroute_helper::net_len_refcount
int net_len_refcount[MR_HELPER_NET_LEN]
Definition: mroute.h:136
mroute_extract_addr_ip
unsigned int mroute_extract_addr_ip(struct mroute_addr *src, struct mroute_addr *dest, const struct buffer *buf)
Definition: mroute.c:151
MR_MAX_ADDR_LEN
#define MR_MAX_ADDR_LEN
Definition: mroute.h:55
mroute_learnable_address
bool mroute_learnable_address(const struct mroute_addr *addr, struct gc_arena *gc)
Definition: mroute.c:65
openvpn_sockaddr
Definition: socket.h:65
mroute_helper_init
struct mroute_helper * mroute_helper_init(int ageable_ttl_secs)
Definition: mroute.c:471
mroute_addr_print
const char * mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc)
Definition: mroute.c:376
mroute_addr::ether
struct mroute_addr::@1::@2 ether
mroute_addr::netbits
uint8_t netbits
Definition: mroute.h:79
mroute_helper::net_len
uint8_t net_len[MR_HELPER_NET_LEN]
Definition: mroute.h:135
mroute_addr_mask_host_bits
void mroute_addr_mask_host_bits(struct mroute_addr *ma)
Definition: mroute.c:321
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
mroute_helper_add_iroute46
void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits)
Definition: mroute.c:509
MR_HELPER_NET_LEN
#define MR_HELPER_NET_LEN
Definition: mroute.h:126
mroute_addr::v4
struct mroute_addr::@1::@3 v4
MR_ADDR_NONE
#define MR_ADDR_NONE
Definition: mroute.h:60
mroute_addr_hash_len
static uint32_t mroute_addr_hash_len(const struct mroute_addr *a)
Definition: mroute.h:233
mroute_addr::addr
uint8_t addr[OPENVPN_ETH_ALEN]
Definition: mroute.h:84
mroute_addr::unused
uint8_t unused
Definition: mroute.h:77
mroute_addr::prefix
uint8_t prefix[12]
Definition: mroute.h:96
route.h
mroute_addr::port
in_port_t port
Definition: mroute.h:89
MR_ADDR_IPV4
#define MR_ADDR_IPV4
Definition: mroute.h:62
mroute_addr::len
uint8_t len
Definition: mroute.h:76
mroute_helper::cache_generation
unsigned int cache_generation
Definition: mroute.h:132
verify_align_4
#define verify_align_4(ptr)
Definition: buffer.h:997
mroute_addr::v4mappedv6
struct mroute_addr::@1::@5 v4mappedv6
DEV_TYPE_TAP
#define DEV_TYPE_TAP
Definition: proto.h:38
mroute_addr_compare_function
bool mroute_addr_compare_function(const void *key1, const void *key2)
Definition: mroute.c:369
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
mroute_addr::vid
uint16_t vid
Definition: mroute.h:85
buffer.h
mroute_addr
Definition: mroute.h:75
mroute_helper::ageable_ttl_secs
int ageable_ttl_secs
Definition: mroute.h:133
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
mroute_extract_addr_ether
unsigned int mroute_extract_addr_ether(struct mroute_addr *src, struct mroute_addr *dest, uint16_t vid, const struct buffer *buf)
Definition: mroute.c:229
v6
#define v6
in_addr_t_from_mroute_addr
static in_addr_t in_addr_t_from_mroute_addr(const struct mroute_addr *addr)
Definition: mroute.h:248
mroute_addr::v6
struct mroute_addr::@1::@4 v6
mroute_addr::addr
in_addr_t addr
Definition: mroute.h:88
OPENVPN_ETH_ALEN
#define OPENVPN_ETH_ALEN
Definition: proto.h:54
mroute_helper
Definition: mroute.h:131
mroute_addr::type
uint8_t type
Definition: mroute.h:78
v4mappedv6
#define v4mappedv6
key2
Container for bidirectional cipher and HMAC key material.
Definition: crypto.h:179
mroute_extract_addr_from_packet
static unsigned int mroute_extract_addr_from_packet(struct mroute_addr *src, struct mroute_addr *dest, uint16_t vid, const struct buffer *buf, int tunnel_type)
Definition: mroute.h:188
list.h
mroute_addr::raw_addr
uint8_t raw_addr[MR_MAX_ADDR_LEN]
Definition: mroute.h:82
mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition: mroute.c:383
mroute_helper_free
void mroute_helper_free(struct mroute_helper *mh)
Definition: mroute.c:540
mroute_helper_del_iroute46
void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits)
Definition: mroute.c:524
mroute_addr_hash_ptr
static const uint8_t * mroute_addr_hash_ptr(const struct mroute_addr *a)
Definition: mroute.h:226
mroute_extract_openvpn_sockaddr
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr, const struct openvpn_sockaddr *osaddr, bool use_port)
Definition: mroute.c:264
mroute_extract_in_addr_t
static void mroute_extract_in_addr_t(struct mroute_addr *dest, const in_addr_t src)
Definition: mroute.h:239
mroute_helper::n_net_len
int n_net_len
Definition: mroute.h:134
mroute_addr_equal
static bool mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)
Definition: mroute.h:208