OpenVPN
multi.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
28 #ifndef MULTI_H
29 #define MULTI_H
30 
31 #if P2MP_SERVER
32 
33 #include "init.h"
34 #include "forward.h"
35 #include "mroute.h"
36 #include "mbuf.h"
37 #include "list.h"
38 #include "schedule.h"
39 #include "pool.h"
40 #include "mudp.h"
41 #include "mtcp.h"
42 #include "perf.h"
43 
44 #define MULTI_PREFIX_MAX_LENGTH 256
45 
46 /*
47  * Walk (don't run) through the routing table,
48  * deleting old entries, and possibly multi_instance
49  * structs as well which have been marked for deletion.
50  */
51 struct multi_reap
52 {
55  time_t last_call;
56 };
57 
58 
60 {
61  struct schedule_entry se;
63  struct timeval wakeup;
64 };
65 
77  struct schedule_entry se; /* this must be the first element of the structure */
78  struct gc_arena gc;
79  bool defined;
80  bool halt;
81  int refcount;
82  int route_count; /* number of routes (including cached routes) owned by this instance */
83  time_t created;
87  struct timeval wakeup; /* absolute time */
88  struct mroute_addr real;
91  char msg_prefix[MULTI_PREFIX_MAX_LENGTH];
92 
93  /* queued outgoing data in Server/TCP mode */
94  unsigned int tcp_rwflags;
97 
98  in_addr_t reporting_addr; /* IP address shown in status listing */
99  struct in6_addr reporting_addr_ipv6; /* IPv6 address in status listing */
100 
103  bool did_iter;
104 #ifdef MANAGEMENT_DEF_AUTH
105  bool did_cid_hash;
106  struct buffer_list *cc_config;
107 #endif
110  int n_clients_delta; /* added to multi_context.n_clients when instance is closed */
111 
112  struct context context;
115 #ifdef ENABLE_ASYNC_PUSH
116  int inotify_watch; /* watch descriptor for acf */
117 #endif
118 };
119 
120 
132 #define MC_UNDEF 0
133 #define MC_SINGLE_THREADED (1<<0)
134 #define MC_MULTI_THREADED_MASTER (1<<1)
135 #define MC_MULTI_THREADED_WORKER (1<<2)
136 #define MC_MULTI_THREADED_SCHEDULER (1<<3)
137 #define MC_WORK_THREAD (MC_MULTI_THREADED_WORKER|MC_MULTI_THREADED_SCHEDULER)
139 
143  struct hash *hash;
145  struct hash *vhash;
147  struct hash *iter;
151  struct mbuf_set *mbuf;
154  struct multi_tcp *mtcp;
160  struct mroute_addr local;
165  int n_clients; /* current number of authenticated clients */
166 
167 #ifdef MANAGEMENT_DEF_AUTH
168  struct hash *cid_hash;
169  unsigned long cid_counter;
170 #endif
171 
177 
178  struct context top;
181  /*
182  * Timer object for stale route check
183  */
184  struct event_timeout stale_routes_check_et;
185 
186 #ifdef ENABLE_ASYNC_PUSH
187  /* mapping between inotify watch descriptors and multi_instances */
188  struct hash *inotify_watchers;
189 #endif
190 
191  struct deferred_signal_schedule_entry deferred_shutdown_signal;
192 };
193 
194 /*
195  * Host route
196  */
198 {
201 
202 #define MULTI_ROUTE_CACHE (1<<0)
203 #define MULTI_ROUTE_AGEABLE (1<<1)
204  unsigned int flags;
205 
206  unsigned int cache_generation;
208 };
209 
210 
211 /**************************************************************************/
223 void tunnel_server(struct context *top);
224 
225 
226 const char *multi_instance_string(const struct multi_instance *mi, bool null, struct gc_arena *gc);
227 
228 /*
229  * Called by mtcp.c, mudp.c, or other (to be written) protocol drivers
230  */
231 
232 void multi_init(struct multi_context *m, struct context *t, bool tcp_mode, int thread_mode);
233 
234 void multi_uninit(struct multi_context *m);
235 
236 void multi_top_init(struct multi_context *m, const struct context *top);
237 
238 void multi_top_free(struct multi_context *m);
239 
240 struct multi_instance *multi_create_instance(struct multi_context *m, const struct mroute_addr *real);
241 
242 void multi_close_instance(struct multi_context *m, struct multi_instance *mi, bool shutdown);
243 
244 bool multi_process_timeout(struct multi_context *m, const unsigned int mpp_flags);
245 
254 void multi_process_float(struct multi_context *m, struct multi_instance *mi);
255 
256 #define MPP_PRE_SELECT (1<<0)
257 #define MPP_CONDITIONAL_PRE_SELECT (1<<1)
258 #define MPP_CLOSE_ON_SIGNAL (1<<2)
259 #define MPP_RECORD_TOUCH (1<<3)
260 
261 
262 /**************************************************************************/
284 bool multi_process_post(struct multi_context *m, struct multi_instance *mi, const unsigned int flags);
285 
286 
287 /**************************************************************************/
310 bool multi_process_incoming_link(struct multi_context *m, struct multi_instance *instance, const unsigned int mpp_flags);
311 
312 
328 bool multi_process_incoming_tun(struct multi_context *m, const unsigned int mpp_flags);
329 
330 
331 void multi_process_drop_outgoing_tun(struct multi_context *m, const unsigned int mpp_flags);
332 
333 void multi_print_status(struct multi_context *m, struct status_output *so, const int version);
334 
335 struct multi_instance *multi_get_queue(struct mbuf_set *ms);
336 
337 void multi_add_mbuf(struct multi_context *m,
338  struct multi_instance *mi,
339  struct mbuf_buffer *mb);
340 
341 void multi_ifconfig_pool_persist(struct multi_context *m, bool force);
342 
343 bool multi_process_signal(struct multi_context *m);
344 
346 
348 
350 
351 
352 #ifdef ENABLE_ASYNC_PUSH
353 
360 void multi_process_file_closed(struct multi_context *m, const unsigned int mpp_flags);
361 
362 #endif
363 
364 /*
365  * Return true if our output queue is not full
366  */
367 static inline bool
369  const struct multi_instance *mi)
370 {
371  if (mi->tcp_link_out_deferred)
372  {
374  }
375  else
376  {
377  return true;
378  }
379 }
380 
381 /*
382  * Determine which instance has pending output
383  * and prepare the output for sending in
384  * the to_link buffer.
385  */
386 static inline struct multi_instance *
388 {
389  struct multi_instance *mi = NULL;
390 
391  if (m->pending)
392  {
393  mi = m->pending;
394  }
395  else if (mbuf_defined(m->mbuf))
396  {
397  mi = multi_get_queue(m->mbuf);
398  }
399  return mi;
400 }
401 
402 /*
403  * Per-client route quota management
404  */
405 
406 void route_quota_exceeded(const struct multi_context *m, const struct multi_instance *mi);
407 
408 static inline void
410 {
411  ++mi->route_count;
412 }
413 
414 static inline void
416 {
417  --mi->route_count;
418 }
419 
420 /* can we add a new route? */
421 static inline bool
422 route_quota_test(const struct multi_context *m, const struct multi_instance *mi)
423 {
425  {
426  route_quota_exceeded(m, mi);
427  return false;
428  }
429  else
430  {
431  return true;
432  }
433 }
434 
435 /*
436  * Instance reference counting
437  */
438 
439 static inline void
441 {
442  ++mi->refcount;
443 }
444 
445 static inline void
447 {
448  if (--mi->refcount <= 0)
449  {
450  gc_free(&mi->gc);
451  free(mi);
452  }
453 }
454 
455 static inline void
457 {
458  struct multi_instance *mi = route->instance;
459  route_quota_dec(mi);
461  free(route);
462 }
463 
464 static inline bool
466  const struct multi_route *r)
467 {
468  if (r->instance->halt)
469  {
470  return false;
471  }
472  else if ((r->flags & MULTI_ROUTE_CACHE)
474  {
475  return false;
476  }
477  else if ((r->flags & MULTI_ROUTE_AGEABLE)
479  {
480  return false;
481  }
482  else
483  {
484  return true;
485  }
486 }
487 
488 /*
489  * Takes prefix away from multi_instance.
490  */
491 void
493 
494 /*
495  * Set a msg() function prefix with our current client instance ID.
496  */
497 
498 static inline void
500 {
501 #ifdef MULTI_DEBUG_EVENT_LOOP
502  if (mi->msg_prefix[0])
503  {
504  printf("[%s]\n", mi->msg_prefix);
505  }
506 #endif
507  msg_set_prefix(mi->msg_prefix[0] ? mi->msg_prefix : NULL);
508 }
509 
510 static inline void
512 {
513 #ifdef MULTI_DEBUG_EVENT_LOOP
514  printf("[NULL]\n");
515 #endif
516  msg_set_prefix(NULL);
517 }
518 
519 /*
520  * Instance Reaper
521  *
522  * Reaper constants. The reaper is the process where the virtual address
523  * and virtual route hash table is scanned for dead entries which are
524  * then removed. The hash table could potentially be quite large, so we
525  * don't want to reap in a single pass.
526  */
527 
528 #define REAP_MAX_WAKEUP 10 /* Do reap pass at least once per n seconds */
529 #define REAP_DIVISOR 256 /* How many passes to cover whole hash table */
530 #define REAP_MIN 16 /* Minimum number of buckets per pass */
531 #define REAP_MAX 1024 /* Maximum number of buckets per pass */
532 
533 /*
534  * Mark a cached host route for deletion after this
535  * many seconds without any references.
536  */
537 #define MULTI_CACHE_ROUTE_TTL 60
538 
539 void multi_reap_process_dowork(const struct multi_context *m);
541 
542 static inline void
544 {
545  if (m->reaper->last_call != now)
546  {
548  }
549 }
550 
551 static inline void
553 {
554  if (m->per_second_trigger != now)
555  {
557  m->per_second_trigger = now;
558  }
559 }
560 
561 /*
562  * Compute earliest timeout expiry from the set of
563  * all instances. Output:
564  *
565  * m->earliest_wakeup : instance needing the earliest service.
566  * dest : earliest timeout as a delta in relation
567  * to current time.
568  */
569 static inline void
570 multi_get_timeout(struct multi_context *m, struct timeval *dest)
571 {
572  struct timeval tv, current;
573 
574  CLEAR(tv);
576  if (m->earliest_wakeup)
577  {
578  ASSERT(!openvpn_gettimeofday(&current, NULL));
579  tv_delta(dest, &current, &tv);
580  if (dest->tv_sec >= REAP_MAX_WAKEUP)
581  {
582  m->earliest_wakeup = NULL;
583  dest->tv_sec = REAP_MAX_WAKEUP;
584  dest->tv_usec = 0;
585  }
586  }
587  else
588  {
589  dest->tv_sec = REAP_MAX_WAKEUP;
590  dest->tv_usec = 0;
591  }
592 }
593 
594 
612 static inline bool
613 multi_process_outgoing_tun(struct multi_context *m, const unsigned int mpp_flags)
614 {
615  struct multi_instance *mi = m->pending;
616  bool ret = true;
617 
618  ASSERT(mi);
619 #ifdef MULTI_DEBUG_EVENT_LOOP
620  printf("%s -> TUN len=%d\n",
621  id(mi),
622  mi->context.c2.to_tun.len);
623 #endif
624  set_prefix(mi);
626  ret = multi_process_post(m, mi, mpp_flags);
627  clear_prefix();
628  return ret;
629 }
630 
631 
632 
633 static inline bool
634 multi_process_outgoing_link_dowork(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
635 {
636  bool ret = true;
637  set_prefix(mi);
639  ret = multi_process_post(m, mi, mpp_flags);
640  clear_prefix();
641  return ret;
642 }
643 
644 /*
645  * Check for signals.
646  */
647 #define MULTI_CHECK_SIG(m) EVENT_LOOP_CHECK_SIGNAL(&(m)->top, multi_process_signal, (m))
648 
649 static inline void
651 {
652  m->pending = mi;
653 }
654 
655 #endif /* P2MP_SERVER */
656 #endif /* MULTI_H */
struct multi_instance ** mpp_touched
Definition: multi.h:174
static void multi_instance_inc_refcount(struct multi_instance *mi)
Definition: multi.h:440
bool socket_set_called
Definition: multi.h:96
struct mroute_helper * route_helper
Definition: multi.h:158
time_t per_second_trigger
Definition: multi.h:176
struct multi_instance ** instances
Array of multi_instances.
Definition: multi.h:140
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:500
static void route_quota_inc(struct multi_instance *mi)
Definition: multi.h:409
#define MULTI_ROUTE_CACHE
Definition: multi.h:202
int signal_received
Definition: multi.h:62
void ungenerate_prefix(struct multi_instance *mi)
Definition: multi.c:508
bool connection_established_flag
Definition: multi.h:108
bool multi_process_timeout(struct multi_context *m, const unsigned int mpp_flags)
Definition: multi.c:2886
Contains all state information for one tunnel.
Definition: openvpn.h:498
static void gc_free(struct gc_arena *a)
Definition: buffer.h:999
void multi_reap_process_dowork(const struct multi_context *m)
Definition: multi.c:228
static void tv_delta(struct timeval *dest, const struct timeval *t1, const struct timeval *t2)
Definition: otime.h:253
void multi_top_init(struct multi_context *m, const struct context *top)
Definition: multi.c:3026
static struct multi_instance * multi_process_outgoing_link_pre(struct multi_context *m)
Definition: multi.h:387
time_t created
Time at which a VPN tunnel instance was created.
Definition: multi.h:83
#define ASSERT(x)
Definition: error.h:221
struct multi_reap * reaper
Definition: multi.h:159
struct multi_instance * instance
Definition: multi.h:200
#define MULTI_ROUTE_AGEABLE
Definition: multi.h:203
int status_file_version
Definition: multi.h:164
void multi_uninit(struct multi_context *m)
Definition: multi.c:712
#define CLEAR(x)
Definition: basic.h:33
#define in_addr_t
Definition: config-msvc.h:104
static bool route_quota_test(const struct multi_context *m, const struct multi_instance *mi)
Definition: multi.h:422
ifconfig_pool_handle vaddr_handle
Definition: multi.h:90
bool did_iter
Definition: multi.h:103
void multi_top_free(struct multi_context *m)
Definition: multi.c:3033
char msg_prefix[MULTI_PREFIX_MAX_LENGTH]
Definition: multi.h:91
static bool multi_route_defined(const struct multi_context *m, const struct multi_route *r)
Definition: multi.h:465
void multi_init(struct multi_context *m, struct context *t, bool tcp_mode, int thread_mode)
Definition: multi.c:295
unsigned int cache_generation
Definition: mroute.h:131
void init_management_callback_multi(struct multi_context *m)
Definition: multi.c:3347
bool did_open_context
Definition: multi.h:101
struct multi_instance * multi_get_queue(struct mbuf_set *ms)
Definition: multi.c:2852
bool multi_process_incoming_tun(struct multi_context *m, const unsigned int mpp_flags)
Determine the destination VPN tunnel of a packet received over the virtual tun/tap network interface ...
Definition: multi.c:2734
unsigned int flags
Definition: multi.h:204
int n_clients
Definition: multi.h:165
static void clear_prefix(void)
Definition: multi.h:511
bool did_real_hash
Definition: multi.h:102
struct mbuf_set * tcp_link_out_deferred
Definition: multi.h:95
in_addr_t addr
Definition: mroute.h:87
int ifconfig_pool_handle
Definition: pool.h:73
int n_clients_delta
Definition: multi.h:110
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void multi_process_per_second_timers_dowork(struct multi_context *m)
Definition: multi.c:2997
#define MULTI_PREFIX_MAX_LENGTH
Definition: multi.h:44
static bool multi_process_outgoing_tun(struct multi_context *m, const unsigned int mpp_flags)
Send a packet over the virtual tun/tap network interface to its locally reachable destination...
Definition: multi.h:613
Definition: mbuf.h:58
static void multi_route_del(struct multi_route *route)
Definition: multi.h:456
void multi_ifconfig_pool_persist(struct multi_context *m, bool force)
Definition: multi.c:166
bool multi_process_signal(struct multi_context *m)
Definition: multi.c:3086
time_t last_reference
Definition: multi.h:207
static void msg_set_prefix(const char *prefix)
Definition: error.h:330
static void route_quota_dec(struct multi_instance *mi)
Definition: multi.h:415
static bool multi_process_outgoing_link_dowork(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
Definition: multi.h:634
int refcount
Definition: multi.h:81
int ageable_ttl_secs
Definition: mroute.h:132
time_t now
Definition: otime.c:36
void multi_close_instance_on_signal(struct multi_context *m, struct multi_instance *mi)
Definition: multi.c:3112
static void set_prefix(struct multi_instance *mi)
Definition: multi.h:499
bool did_iroutes
Definition: multi.h:109
void uninit_management_callback_multi(struct multi_context *m)
Definition: multi.c:3376
struct hash * iter
VPN tunnel instances indexed by real address of the remote peer, optimized for iteration.
Definition: multi.h:147
static bool multi_output_queue_ready(const struct multi_context *m, const struct multi_instance *mi)
Definition: multi.h:368
static unsigned int mbuf_len(const struct mbuf_set *ms)
Definition: mbuf.h:88
unsigned int cache_generation
Definition: multi.h:206
struct context_buffers * context_buffers
Definition: multi.h:175
Definition: schedule.h:46
const char * multi_instance_string(const struct multi_instance *mi, bool null, struct gc_arena *gc)
Definition: multi.c:466
bool multi_process_post(struct multi_context *m, struct multi_instance *mi, const unsigned int flags)
Perform postprocessing of a VPN tunnel instance.
Definition: multi.c:2328
struct multi_instance * multi_create_instance(struct multi_context *m, const struct mroute_addr *real)
Definition: multi.c:768
struct context context
The context structure storing state for this VPN tunnel.
Definition: multi.h:112
struct multi_instance * pending
Definition: multi.h:172
int buckets_per_pass
Definition: multi.h:54
struct gc_arena gc
Definition: multi.h:78
static void multi_reap_process(const struct multi_context *m)
Definition: multi.h:543
int bucket_base
Definition: multi.h:53
in_addr_t reporting_addr
Definition: multi.h:98
int max_routes_per_client
Definition: options.h:448
struct schedule * schedule
Definition: multi.h:150
void multi_close_instance(struct multi_context *m, struct multi_instance *mi, bool shutdown)
Definition: multi.c:609
int max_clients
Definition: multi.h:162
void process_outgoing_link(struct context *c)
Write a packet to the external network interface.
Definition: forward.c:1522
struct hash * vhash
VPN tunnel instances indexed by virtual address of remote hosts.
Definition: multi.h:145
bool defined
Definition: multi.h:79
struct multi_instance * earliest_wakeup
Definition: multi.h:173
Interface functions to the internal and external multiplexers.
struct context_2 c2
Level 2 context.
Definition: openvpn.h:537
struct mbuf_set * mbuf
Set of buffers for passing data channel packets between VPN tunnel instances.
Definition: multi.h:151
struct ifconfig_pool * ifconfig_pool
Definition: multi.h:156
void multi_process_float(struct multi_context *m, struct multi_instance *mi)
Handles peer floating.
Definition: multi.c:2417
Definition: mtcp.h:38
static int openvpn_gettimeofday(struct timeval *tv, void *tz)
Definition: otime.h:115
static void multi_get_timeout(struct multi_context *m, struct timeval *dest)
Definition: multi.h:570
bool halt
Definition: multi.h:80
void tunnel_server(struct context *top)
Main event loop for OpenVPN in server mode.
Definition: multi.c:3385
struct multi_tcp * mtcp
State specific to OpenVPN using TCP as external transport.
Definition: multi.h:154
#define REAP_MAX_WAKEUP
Definition: multi.h:528
struct mroute_addr real
External network address of the remote peer.
Definition: multi.h:88
unsigned int tcp_rwflags
Definition: multi.h:94
Definition: multi.h:59
Main OpenVPN server state structure.
Definition: multi.h:131
time_t last_call
Definition: multi.h:55
static bool mbuf_defined(const struct mbuf_set *ms)
Definition: mbuf.h:82
int route_count
Definition: multi.h:82
static void multi_set_pending(struct multi_context *m, struct multi_instance *mi)
Definition: multi.h:650
int thread_mode
Definition: multi.h:138
void route_quota_exceeded(const struct multi_context *m, const struct multi_instance *mi)
Definition: multi.c:2939
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition: multi.h:143
bool multi_process_incoming_link(struct multi_context *m, struct multi_instance *instance, const unsigned int mpp_flags)
Demultiplex and process a packet received over the external network interface.
Definition: multi.c:2494
void multi_print_status(struct multi_context *m, struct status_output *so, const int version)
Definition: multi.c:861
bool enable_c2c
Definition: multi.h:161
struct frequency_limit * new_connection_limiter
Definition: multi.h:157
#define free
Definition: cmocka.c:1850
int tcp_queue_limit
Definition: multi.h:163
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
static struct schedule_entry * schedule_get_earliest_wakeup(struct schedule *s, struct timeval *wakeup)
Definition: schedule.h:120
void multi_add_mbuf(struct multi_context *m, struct multi_instance *mi, struct mbuf_buffer *mb)
Definition: multi.c:2170
static void multi_instance_dec_refcount(struct multi_instance *mi)
Definition: multi.h:446
Server-mode state structure for one single VPN tunnel.
Definition: multi.h:76
struct buffer to_tun
Definition: openvpn.h:381
char * dest
Definition: compat-lz4.h:431
Definition: list.h:60
static void multi_process_per_second_timers(struct multi_context *m)
Definition: multi.h:552
void process_outgoing_tun(struct context *c)
Write a packet to the virtual tun/tap network interface.
Definition: forward.c:1673
void multi_process_drop_outgoing_tun(struct multi_context *m, const unsigned int mpp_flags)
Definition: multi.c:2917