OpenVPN
mroute.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifndef MROUTE_H
25 #define MROUTE_H
26 
27 #if P2MP_SERVER
28 
29 #include "buffer.h"
30 #include "list.h"
31 #include "route.h"
32 
33 #include <stddef.h>
34 
35 #define IP_MCAST_SUBNET_MASK ((in_addr_t)240<<24)
36 #define IP_MCAST_NETWORK ((in_addr_t)224<<24)
37 
38 /* Return status values for mroute_extract_addr_from_packet */
39 
40 #define MROUTE_EXTRACT_SUCCEEDED (1<<0)
41 #define MROUTE_EXTRACT_BCAST (1<<1)
42 #define MROUTE_EXTRACT_MCAST (1<<2)
43 #define MROUTE_EXTRACT_IGMP (1<<3)
44 
45 #define MROUTE_SEC_EXTRACT_SUCCEEDED (1<<(0+MROUTE_SEC_SHIFT))
46 #define MROUTE_SEC_EXTRACT_BCAST (1<<(1+MROUTE_SEC_SHIFT))
47 #define MROUTE_SEC_EXTRACT_MCAST (1<<(2+MROUTE_SEC_SHIFT))
48 #define MROUTE_SEC_EXTRACT_IGMP (1<<(3+MROUTE_SEC_SHIFT))
49 
50 #define MROUTE_SEC_SHIFT 4
51 
52 /*
53  * Choose the largest address possible with
54  * any of our supported types, which is IPv6
55  * with port number.
56  */
57 #define MR_MAX_ADDR_LEN 20
58 
59 /*
60  * Address Types
61  */
62 #define MR_ADDR_NONE 0
63 #define MR_ADDR_ETHER 1
64 #define MR_ADDR_IPV4 2
65 #define MR_ADDR_IPV6 3
66 #define MR_ADDR_MASK 3
67 
68 /* Address type mask indicating that port # is part of address */
69 #define MR_WITH_PORT 4
70 
71 /* Address type mask indicating that netbits is part of address */
72 #define MR_WITH_NETBITS 8
73 
74 /* Indicates than IPv4 addr was extracted from ARP packet */
75 #define MR_ARP 16
76 
77 struct mroute_addr {
78  uint8_t len; /* length of address */
80  uint8_t type; /* MR_ADDR/MR_WITH flags */
81  uint8_t netbits; /* number of bits in network part of address,
82  * valid if MR_WITH_NETBITS is set */
83  union {
84  uint8_t raw_addr[MR_MAX_ADDR_LEN]; /* actual address */
86  struct {
87  in_addr_t addr; /* _network order_ IPv4 address */
88  in_port_t port; /* _network order_ TCP/UDP port */
89  } v4;
90  struct {
91  struct in6_addr addr;
92  in_port_t port; /* _network order_ TCP/UDP port */
93  } v6;
94  struct {
96  in_addr_t addr; /* _network order_ IPv4 address */
97  } v4mappedv6;
98  }
99 #ifndef HAVE_ANONYMOUS_UNION_SUPPORT
100 /* Wrappers to support compilers that do not grok anonymous unions */
101  mroute_union
102 #define raw_addr mroute_union.raw_addr
103 #define eth_addr mroute_union.eth_addr
104 #define v4 mroute_union.v4
105 #define v6 mroute_union.v6
106 #define v4mappedv6 mroute_union.v4mappedv6
107 #endif
108  ;
109 };
110 
111 /* Double-check that struct packing works as expected */
112 static_assert(offsetof(struct mroute_addr, v4.port) ==
113  offsetof(struct mroute_addr, v4) + 4,
114  "Unexpected struct packing of v4");
115 static_assert(offsetof(struct mroute_addr, v6.port) ==
116  offsetof(struct mroute_addr, v6) + 16,
117  "Unexpected struct packing of v6");
118 static_assert(offsetof(struct mroute_addr, v4mappedv6.addr) ==
119  offsetof(struct mroute_addr, v4mappedv6) + 12,
120  "Unexpected struct packing of v4mappedv6");
121 
122 /*
123  * Number of bits in an address. Should be raised for IPv6.
124  */
125 #define MR_HELPER_NET_LEN 129
126 
127 /*
128  * Used to help maintain CIDR routing table.
129  */
131  unsigned int cache_generation; /* incremented when route added */
132  int ageable_ttl_secs; /* host route cache entry time-to-live*/
133  int n_net_len; /* length of net_len array */
134  uint8_t net_len[MR_HELPER_NET_LEN]; /* CIDR netlengths in descending order */
135  int net_len_refcount[MR_HELPER_NET_LEN]; /* refcount of each netlength */
136 };
137 
138 struct openvpn_sockaddr;
139 
141  const struct openvpn_sockaddr *osaddr,
142  bool use_port);
143 
144 bool mroute_learnable_address(const struct mroute_addr *addr,
145  struct gc_arena *gc);
146 
148 
149 bool mroute_addr_compare_function(const void *key1, const void *key2);
150 
151 void mroute_addr_init(struct mroute_addr *addr);
152 
153 const char *mroute_addr_print(const struct mroute_addr *ma,
154  struct gc_arena *gc);
155 
156 #define MAPF_SUBNET (1<<0)
157 #define MAPF_IA_EMPTY_IF_UNDEF (1<<1)
158 #define MAPF_SHOW_ARP (1<<2)
159 const char *mroute_addr_print_ex(const struct mroute_addr *ma,
160  const unsigned int flags,
161  struct gc_arena *gc);
162 
163 void mroute_addr_mask_host_bits(struct mroute_addr *ma);
164 
166 
167 void mroute_helper_free(struct mroute_helper *mh);
168 
169 void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits);
170 
171 void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits);
172 
173 unsigned int mroute_extract_addr_ip(struct mroute_addr *src,
174  struct mroute_addr *dest,
175  const struct buffer *buf);
176 
177 unsigned int mroute_extract_addr_ether(struct mroute_addr *src,
178  struct mroute_addr *dest,
179  struct mroute_addr *esrc,
180  struct mroute_addr *edest,
181  const struct buffer *buf);
182 
183 /*
184  * Given a raw packet in buf, return the src and dest
185  * addresses of the packet.
186  */
187 static inline unsigned int
189  struct mroute_addr *dest,
190  struct mroute_addr *esrc,
191  struct mroute_addr *edest,
192  const struct buffer *buf,
193  int tunnel_type)
194 {
195  unsigned int ret = 0;
196  verify_align_4(buf);
197  if (tunnel_type == DEV_TYPE_TUN)
198  {
199  ret = mroute_extract_addr_ip(src, dest, buf);
200  }
201  else if (tunnel_type == DEV_TYPE_TAP)
202  {
203  ret = mroute_extract_addr_ether(src, dest, esrc, edest, buf);
204  }
205  return ret;
206 }
207 
208 static inline bool
209 mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)
210 {
211  if (a1->type != a2->type)
212  {
213  return false;
214  }
215  if (a1->netbits != a2->netbits)
216  {
217  return false;
218  }
219  if (a1->len != a2->len)
220  {
221  return false;
222  }
223  return memcmp(a1->raw_addr, a2->raw_addr, a1->len) == 0;
224 }
225 
226 static inline const uint8_t *
228 {
229  /* NOTE: depends on ordering of struct mroute_addr */
230  return (uint8_t *) &a->type;
231 }
232 
233 static inline uint32_t
235 {
236  return (uint32_t) a->len + 2;
237 }
238 
239 static inline void
241 {
242  dest->type = MR_ADDR_IPV4;
243  dest->netbits = 0;
244  dest->len = 4;
245  dest->v4.addr = htonl(src);
246 }
247 
248 static inline in_addr_t
250 {
251  if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4)
252  {
253  return ntohl(addr->v4.addr);
254  }
255  else
256  {
257  return 0;
258  }
259 }
260 
261 static inline void
263 {
264  ma->len = 0;
265  ma->type = MR_ADDR_NONE;
266 }
267 
268 #endif /* P2MP_SERVER */
269 #endif /* MROUTE_H */
uint8_t type
Definition: mroute.h:80
const char * mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc)
Definition: mroute.c:424
unsigned int mroute_extract_addr_ether(struct mroute_addr *src, struct mroute_addr *dest, struct mroute_addr *esrc, struct mroute_addr *edest, const struct buffer *buf)
Definition: mroute.c:251
void mroute_helper_free(struct mroute_helper *mh)
Definition: mroute.c:580
in_port_t port
Definition: mroute.h:88
#define MR_MAX_ADDR_LEN
Definition: mroute.h:57
static uint32_t mroute_addr_hash_len(const struct mroute_addr *a)
Definition: mroute.h:234
#define MR_ADDR_MASK
Definition: mroute.h:66
#define in_addr_t
Definition: config-msvc.h:104
unsigned int cache_generation
Definition: mroute.h:131
struct mroute_addr::@0::@2 v6
unsigned int mroute_extract_addr_ip(struct mroute_addr *src, struct mroute_addr *dest, const struct buffer *buf)
Definition: mroute.c:186
in_addr_t addr
Definition: mroute.h:87
list flags
void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits)
Definition: mroute.c:549
uint8_t prefix[12]
Definition: mroute.h:95
bool mroute_learnable_address(const struct mroute_addr *addr, struct gc_arena *gc)
Definition: mroute.c:68
int ageable_ttl_secs
Definition: mroute.h:132
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition: mroute.c:431
#define DEV_TYPE_TUN
Definition: proto.h:37
unsigned __int32 uint32_t
Definition: config-msvc.h:121
void mroute_addr_mask_host_bits(struct mroute_addr *ma)
Definition: mroute.c:369
uint8_t len
Definition: mroute.h:78
static unsigned int mroute_extract_addr_from_packet(struct mroute_addr *src, struct mroute_addr *dest, struct mroute_addr *esrc, struct mroute_addr *edest, const struct buffer *buf, int tunnel_type)
Definition: mroute.h:188
#define MR_ADDR_NONE
Definition: mroute.h:62
#define MR_ADDR_IPV4
Definition: mroute.h:64
Container for bidirectional cipher and HMAC key material.
Definition: crypto.h:181
uint16_t in_port_t
Definition: config-msvc.h:128
uint8_t raw_addr[MR_MAX_ADDR_LEN]
Definition: mroute.h:84
unsigned __int8 uint8_t
Definition: config-msvc.h:123
static const uint8_t * mroute_addr_hash_ptr(const struct mroute_addr *a)
Definition: mroute.h:227
uint8_t unused
Definition: mroute.h:79
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits)
Definition: mroute.c:564
#define verify_align_4(ptr)
Definition: buffer.h:957
int n_net_len
Definition: mroute.h:133
static void mroute_extract_in_addr_t(struct mroute_addr *dest, const in_addr_t src)
Definition: mroute.h:240
uint8_t eth_addr[OPENVPN_ETH_ALEN]
Definition: mroute.h:85
static in_addr_t in_addr_t_from_mroute_addr(const struct mroute_addr *addr)
Definition: mroute.h:249
#define OPENVPN_ETH_ALEN
Definition: proto.h:54
#define static_assert(expr, diagnostic)
Definition: error.h:232
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static bool mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)
Definition: mroute.h:209
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr, const struct openvpn_sockaddr *osaddr, bool use_port)
Definition: mroute.c:312
void mroute_addr_init(struct mroute_addr *addr)
Definition: mroute.c:42
uint8_t netbits
Definition: mroute.h:81
bool mroute_addr_compare_function(const void *key1, const void *key2)
Definition: mroute.c:417
char * dest
Definition: compat-lz4.h:431
struct mroute_addr::@0::@3 v4mappedv6
static void mroute_addr_reset(struct mroute_addr *ma)
Definition: mroute.h:262
struct mroute_helper * mroute_helper_init(int ageable_ttl_secs)
Definition: mroute.c:511
uint32_t mroute_addr_hash_function(const void *key, uint32_t iv)
Definition: mroute.c:409
#define MR_HELPER_NET_LEN
Definition: mroute.h:125
struct mroute_addr::@0::@1 v4
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
#define DEV_TYPE_TAP
Definition: proto.h:38