#include "syshead.h"#include "forward.h"#include "init.h"#include "push.h"#include "gremlin.h"#include "mss.h"#include "event.h"#include "occ.h"#include "ping.h"#include "ps.h"#include "dhcp.h"#include "common.h"#include "ssl_verify.h"#include "dco.h"#include "auth_token.h"#include "memdbg.h"#include "mstats.h"
Go to the source code of this file.
Macros | |
| #define | MAX_ICMPV6LEN 1280 |
Functions | |
| static void | check_tls_errors_co (struct context *c) |
| static void | check_tls_errors_nco (struct context *c) |
| static void | check_tls_errors (struct context *c) |
| static void | context_immediate_reschedule (struct context *c) |
| static void | context_reschedule_sec (struct context *c, int sec) |
| void | check_dco_key_status (struct context *c) |
| static void | check_tls (struct context *c) |
| static void | check_incoming_control_channel (struct context *c) |
| static void | check_push_request (struct context *c) |
| static void | check_connection_established (struct context *c) |
| bool | send_control_channel_string_dowork (struct tls_session *session, const char *str, int msglevel) |
| void | reschedule_multi_process (struct context *c) |
| Reschedule tls_multi_process. More... | |
| bool | send_control_channel_string (struct context *c, const char *str, int msglevel) |
| static void | check_add_routes_action (struct context *c, const bool errors) |
| static void | check_add_routes (struct context *c) |
| static void | check_inactivity_timeout (struct context *c) |
| int | get_server_poll_remaining_time (struct event_timeout *server_poll_timeout) |
| static void | check_server_poll_timeout (struct context *c) |
| void | schedule_exit (struct context *c, const int n_seconds, const int signal) |
| static void | check_scheduled_exit (struct context *c) |
| static void | check_status_file (struct context *c) |
| static void | check_fragment (struct context *c) |
| static void | buffer_turnover (const uint8_t *orig_buf, struct buffer *dest_stub, struct buffer *src_stub, struct buffer *storage) |
| void | encrypt_sign (struct context *c, bool comp_frag) |
| Process a data channel packet that will be sent through a VPN tunnel. More... | |
| static void | check_session_timeout (struct context *c) |
| static void | process_coarse_timers (struct context *c) |
| static void | check_coarse_timers (struct context *c) |
| static void | check_timeout_random_component_dowork (struct context *c) |
| static void | check_timeout_random_component (struct context *c) |
| static void | socks_postprocess_incoming_link (struct context *c) |
| static void | socks_preprocess_outgoing_link (struct context *c, struct link_socket_actual **to_addr, int *size_delta) |
| static void | link_socket_write_post_size_adjust (int *size, int size_delta, struct buffer *buf) |
| void | read_incoming_link (struct context *c) |
| Read a packet from the external network interface. More... | |
| bool | process_incoming_link_part1 (struct context *c, struct link_socket_info *lsi, bool floated) |
| Starts processing a packet read from the external network interface. More... | |
| void | process_incoming_link_part2 (struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf) |
| Continues processing a packet read from the external network interface. More... | |
| static void | process_incoming_link (struct context *c) |
| static void | process_incoming_dco (struct context *c) |
| void | read_incoming_tun (struct context *c) |
| Read a packet from the virtual tun/tap network interface. More... | |
| static void | drop_if_recursive_routing (struct context *c, struct buffer *buf) |
| Drops UDP packets which OS decided to route via tun. More... | |
| void | process_incoming_tun (struct context *c) |
| Process a packet read from the virtual tun/tap network interface. More... | |
| void | ipv6_send_icmp_unreachable (struct context *c, struct buffer *buf, bool client) |
| Forges a IPv6 ICMP packet with a no route to host error code from the IPv6 packet in buf and sends it directly back to the client via the tun device when used on a client and via the link if used on the server. More... | |
| void | process_ip_header (struct context *c, unsigned int flags, struct buffer *buf) |
| void | process_outgoing_link (struct context *c) |
| Write a packet to the external network interface. More... | |
| void | process_outgoing_tun (struct context *c) |
| Write a packet to the virtual tun/tap network interface. More... | |
| void | pre_select (struct context *c) |
| void | io_wait_dowork (struct context *c, const unsigned int flags) |
| void | process_io (struct context *c) |
Variables | |
| counter_type | link_read_bytes_global |
| counter_type | link_write_bytes_global |
Macro Definition Documentation
◆ MAX_ICMPV6LEN
| #define MAX_ICMPV6LEN 1280 |
Function Documentation
◆ buffer_turnover()
|
inlinestatic |
Definition at line 585 of file forward.c.
References buf_assign(), and buffer::data.
Referenced by encrypt_sign(), and process_incoming_link_part2().
◆ check_add_routes()
|
static |
Definition at line 428 of file forward.c.
References context::c1, context::c2, check_add_routes_action(), D_ROUTE, ETT_DEFAULT, event_timeout_init(), event_timeout_reset(), event_timeout_trigger(), M_INFO, M_NOPREFIX, msg, event_timeout::n, now, context::persist, context_2::ping_rec_interval, register_signal(), context_persist::restart_sleep_seconds, context_1::route_list, context_2::route_wakeup, context_2::route_wakeup_expire, show_adapters(), show_routes(), context::sig, test_routes(), context_2::timeval, tun_standby(), context_1::tuntap, and update_time().
Referenced by process_coarse_timers().
◆ check_add_routes_action()
|
static |
Definition at line 413 of file forward.c.
References context::c1, context::c2, do_route(), context_2::es, event_timeout_clear(), initialization_sequence_completed(), ISC_ERRORS, ISC_ROUTE_ERRORS, context::net_ctx, context::options, context::plugins, context_1::route_ipv6_list, context_1::route_list, context_2::route_wakeup, context_2::route_wakeup_expire, context_1::tuntap, and update_time().
Referenced by check_add_routes().
◆ check_coarse_timers()
|
static |
Definition at line 818 of file forward.c.
References BIG_TIMEOUT, context::c2, context_2::coarse_timer_wakeup, context_reschedule_sec(), D_INTERVAL, dmsg, now, process_coarse_timers(), and context_2::timeval.
Referenced by pre_select().
◆ check_connection_established()
|
static |
Definition at line 325 of file forward.c.
References context::c2, connection_established(), do_up(), event_timeout_clear(), event_timeout_init(), options::handshake_window, management_set_state(), now, OPENVPN_STATE_GET_CONFIG, context::options, options::pull, context_2::push_request_interval, context_2::push_request_timeout, register_signal(), reset_coarse_timers(), context::sig, context_2::tls_multi, and context_2::wait_for_connect.
Referenced by process_coarse_timers().
◆ check_dco_key_status()
| void check_dco_key_status | ( | struct context * | c | ) |
Definition at line 144 of file forward.c.
References context::c1, context::c2, tuntap::dco, dco_enabled(), tls_multi::dco_peer_id, dco_update_keys(), context::options, register_signal(), context::sig, context_2::tls_multi, and context_1::tuntap.
Referenced by check_tls().
◆ check_fragment()
|
static |
Definition at line 556 of file forward.c.
References ASSERT, context_2::buf, context::c2, encrypt_sign(), context_2::fragment, fragment_housekeeping(), fragment_outgoing_defined(), fragment_ready_to_send(), frame_adjust_path_mtu(), context_2::frame_fragment, get_link_socket_info(), buffer::len, link_socket_info::lsa, link_socket_info::mtu_changed, context_2::timeval, and context_2::to_link.
Referenced by pre_select().
◆ check_inactivity_timeout()
|
static |
Definition at line 475 of file forward.c.
References context::c2, dco_enabled(), dco_get_peer_stats(), event_timeout_reset(), context_2::inactivity_bytes, context_2::inactivity_interval, options::inactivity_minimum_bytes, M_INFO, msg, context::options, register_signal(), context::sig, context_2::tun_read_bytes, and context_2::tun_write_bytes.
Referenced by process_coarse_timers().
◆ check_incoming_control_channel()
|
static |
Definition at line 238 of file forward.c.
References alloc_buf_gc(), ASSERT, BSTR, buf_null_terminate(), buf_string_match_head_str(), context::c2, CC_CRLF, CC_PRINT, D_PUSH_ERRORS, gc_free(), gc_new(), incoming_push_message(), buffer::len, msg, receive_auth_failed(), receive_auth_pending(), receive_cr_response(), receive_exit_message(), server_pushed_info(), server_pushed_signal(), string_mod(), context_2::tls_multi, tls_rec_payload(), and tls_test_payload_len().
Referenced by pre_select().
◆ check_push_request()
|
static |
Definition at line 307 of file forward.c.
References context::c2, event_timeout_modify_wakeup(), PUSH_REQUEST_INTERVAL, context_2::push_request_interval, and send_push_request().
Referenced by process_coarse_timers().
◆ check_scheduled_exit()
|
static |
Definition at line 534 of file forward.c.
References context::c2, register_signal(), context_2::scheduled_exit_signal, and context::sig.
Referenced by process_coarse_timers().
◆ check_server_poll_timeout()
|
static |
Definition at line 504 of file forward.c.
References ASSERT, context::c2, event_timeout_reset(), M_INFO, msg, context::persist, register_signal(), context_persist::restart_sleep_seconds, context_2::server_poll_interval, context::sig, tls_initial_packet_received(), and context_2::tls_multi.
Referenced by process_coarse_timers().
◆ check_session_timeout()
|
static |
Definition at line 691 of file forward.c.
References context::c2, ETT_DEFAULT, event_timeout_trigger(), M_INFO, msg, context::options, register_signal(), context_2::session_interval, options::session_timeout, context::sig, and context_2::timeval.
Referenced by process_coarse_timers().
◆ check_status_file()
|
static |
Definition at line 543 of file forward.c.
References context::c1, print_status(), and context_1::status_output.
Referenced by process_coarse_timers().
◆ check_timeout_random_component()
|
inlinestatic |
Definition at line 853 of file forward.c.
References context::c2, check_timeout_random_component_dowork(), now, context_2::timeout_random_component, context_2::timeval, tv_add(), and context_2::update_timeout_random_component.
Referenced by pre_select().
◆ check_timeout_random_component_dowork()
|
static |
Definition at line 842 of file forward.c.
References context::c2, D_INTERVAL, dmsg, get_random(), now, context_2::timeout_random_component, and context_2::update_timeout_random_component.
Referenced by check_timeout_random_component().
◆ check_tls()
|
static |
Definition at line 177 of file forward.c.
References BIG_TIMEOUT, context::c2, check_dco_key_status(), tls_multi::client_reason, context_reschedule_sec(), event_timeout_init(), get_link_socket_info(), interval_action(), interval_future_trigger(), interval_schedule_wakeup(), interval_test(), options::mode, MODE_SERVER, now, context::options, register_signal(), reset_coarse_timers(), send_auth_failed(), context::sig, context_2::tls_multi, tls_multi_process(), TLSMP_ACTIVE, TLSMP_KILL, TLSMP_RECONNECT, context_2::tmp_int, context_2::to_link, context_2::to_link_addr, update_time(), and context_2::wait_for_connect.
Referenced by pre_select().
◆ check_tls_errors()
|
inlinestatic |
Definition at line 97 of file forward.c.
References context::c2, check_tls_errors_co(), check_tls_errors_nco(), context_2::link_socket, link_socket_connection_oriented(), tls_multi::n_hard_errors, tls_multi::n_soft_errors, context_2::tls_exit_signal, and context_2::tls_multi.
Referenced by pre_select().
◆ check_tls_errors_co()
|
static |
Definition at line 80 of file forward.c.
References context::c2, D_STREAM_ERRORS, msg, register_signal(), context::sig, and context_2::tls_exit_signal.
Referenced by check_tls_errors().
◆ check_tls_errors_nco()
|
static |
Definition at line 87 of file forward.c.
References context::c2, register_signal(), context::sig, and context_2::tls_exit_signal.
Referenced by check_tls_errors().
◆ context_immediate_reschedule()
|
inlinestatic |
Definition at line 123 of file forward.c.
References context::c2, and context_2::timeval.
Referenced by reschedule_multi_process().
◆ context_reschedule_sec()
|
inlinestatic |
Definition at line 130 of file forward.c.
References context::c2, and context_2::timeval.
Referenced by check_coarse_timers(), and check_tls().
◆ drop_if_recursive_routing()
Drops UDP packets which OS decided to route via tun.
On Windows and OS X when netwotk adapter is disabled or disconnected, platform starts to use tun as external interface. When packet is sent to tun, it comes to openvpn, encapsulated and sent to routing table, which sends it again to tun.
Definition at line 1342 of file forward.c.
References openvpn_sockaddr::addr, BLEN, BPTR, context_2::buf, context::c1, context::c2, D_LOW, openvpn_iphdr::daddr, openvpn_ipv6hdr::daddr, link_socket_actual::dest, gc_free(), gc_new(), get_tun_ip_ver(), openvpn_sockaddr::in4, openvpn_sockaddr::in6, IN6_ARE_ADDR_EQUAL, buffer::len, msg, print_link_socket_actual(), openvpn_sockaddr::sa, context_2::to_link_addr, TUNNEL_TYPE, and context_1::tuntap.
Referenced by process_incoming_tun().
◆ get_server_poll_remaining_time()
| int get_server_poll_remaining_time | ( | struct event_timeout * | server_poll_timeout | ) |
Definition at line 496 of file forward.c.
References event_timeout_remaining(), max_int(), and update_time().
Referenced by create_socket_dco_win(), establish_http_proxy_passthru(), phase2_socks_client(), and phase2_tcp_client().
◆ io_wait_dowork()
| void io_wait_dowork | ( | struct context * | c, |
| const unsigned int | flags | ||
| ) |
Definition at line 2032 of file forward.c.
References event_set_return::arg, context::c1, context::c2, check_debug_level(), check_status(), D_EVENT_WAIT, tuntap::dco, dco_event_set(), DCO_SHIFT, context_2::did_open_tun, dmsg, ERR_SHIFT, ES_ERROR, ES_TIMEOUT, event_ctl(), EVENT_READ, event_reset(), context_2::event_set, context_2::event_set_status, event_wait(), EVENT_WRITE, FILE_SHIFT, get_signal(), IOW_CHECK_RESIDUAL, IOW_FRAG, IOW_MBUF, IOW_READ_LINK, IOW_READ_TUN, IOW_READ_TUN_FORCE, IOW_SHAPER, IOW_TO_LINK, IOW_TO_TUN, IOW_WAIT_SIGNAL, context_2::link_socket, MANAGEMENT_SHIFT, management_socket_set(), max_int(), options::mode, MODE_SERVER, context::options, event_set_return::rwflags, context_2::shaper, options::shaper, shaper_delay(), shaper_soonest_event(), context::sig, signal_info::signal_received, SIZE, SOCKET_READ, socket_read_residual(), socket_set(), SOCKET_SHIFT, status, context_2::timeval, TO_LINK_FRAG, tun_set(), TUN_SHIFT, context_1::tuntap, tuntap_is_wintun(), update_time(), and wait_signal().
Referenced by io_wait().
◆ ipv6_send_icmp_unreachable()
Forges a IPv6 ICMP packet with a no route to host error code from the IPv6 packet in buf and sends it directly back to the client via the tun device when used on a client and via the link if used on the server.
- Parameters
-
buf - The buf containing the packet for which the icmp6 unreachable should be constructed. client - determines whether to the send packet back via tun or link
Definition at line 1491 of file forward.c.
References ASSERT, context_buffers::aux_buf, BLEN, BPTR, buf_copy_n(), buf_init, buf_safe(), buf_write_prepend(), context_2::buffers, context::c1, context::c2, CLEAR, openvpn_ipv6hdr::daddr, openvpn_ethhdr::dest, DEV_TYPE_TAP, context_2::frame, openvpn_icmp6hdr::icmp6_cksum, openvpn_icmp6hdr::icmp6_code, openvpn_icmp6hdr::icmp6_type, options::ifconfig_ipv6_remote, ip_checksum(), is_ipv6(), MAX_ICMPV6LEN, min_int(), openvpn_ipv6hdr::nexthdr, OPENVPN_ETH_ALEN, OPENVPN_ETH_P_IPV6, OPENVPN_ICMP6_DESTINATION_UNREACHABLE, OPENVPN_ICMP6_DU_NOROUTE, OPENVPN_IPPROTO_ICMPV6, context::options, openvpn_ipv6hdr::payload_len, openvpn_ethhdr::proto, openvpn_ipv6hdr::saddr, openvpn_ethhdr::source, context_2::to_link, context_2::to_tun, frame::tun_mtu, TUNNEL_TYPE, context_1::tuntap, and openvpn_ipv6hdr::version_prio.
Referenced by process_ip_header().
◆ link_socket_write_post_size_adjust()
|
inlinestatic |
Definition at line 893 of file forward.c.
References buf_advance().
Referenced by process_outgoing_link().
◆ pre_select()
| void pre_select | ( | struct context * | c | ) |
Definition at line 1960 of file forward.c.
References BIG_TIMEOUT, context::c1, context::c2, check_coarse_timers(), check_debug_level(), check_fragment(), check_incoming_control_channel(), check_send_occ_msg(), check_timeout_random_component(), check_tls(), check_tls_errors(), D_TAP_WIN_DEBUG, context_2::fragment, context::sig, signal_info::signal_received, context_2::timeval, context_2::tls_multi, tls_test_payload_len(), tun_show_debug(), context_1::tuntap, and tuntap_defined().
Referenced by multi_process_post(), and tunnel_point_to_point().
◆ process_coarse_timers()
|
static |
Definition at line 706 of file forward.c.
References context_2::auth_token_renewal_interval, context::c1, context::c2, options::ce, check_add_routes(), check_connection_established(), check_inactivity_timeout(), check_ping_restart(), check_ping_send(), check_push_request(), check_scheduled_exit(), check_send_auth_token(), check_send_occ_load_test(), check_send_occ_req(), check_server_poll_timeout(), check_session_timeout(), check_status_file(), connection_entry::connect_timeout, status_output::et, ETT_DEFAULT, event_timeout_trigger(), context_2::explicit_exit_notification_time_wait, context_2::inactivity_interval, options::inactivity_timeout, management_check_bytecount(), context::options, packet_id_persist_enabled(), context_2::packet_id_persist_interval, packet_id_persist_save(), context_1::pid_persist, process_explicit_exit_notification_timer_wakeup(), context_2::push_request_interval, context_2::route_wakeup, context_2::scheduled_exit, context_2::server_poll_interval, context::sig, signal_info::signal_received, context_1::status_output, context_2::timeval, context_2::tls_multi, and context_2::wait_for_connect.
Referenced by check_coarse_timers().
◆ process_incoming_dco()
|
static |
Definition at line 1215 of file forward.c.
References context::c1, context::c2, D_DCO_DEBUG, tuntap::dco, dco_do_read(), tls_multi::dco_peer_id, msg, OVPN_CMD_DEL_PEER, OVPN_CMD_SWAP_KEYS, OVPN_DEL_PEER_REASON_EXPIRED, context_2::tls_multi, tls_session_soft_reset(), trigger_ping_timeout_signal(), and context_1::tuntap.
Referenced by process_io().
◆ process_incoming_link()
|
static |
Definition at line 1201 of file forward.c.
References context_2::buf, context::c2, buffer::data, get_link_socket_info(), perf_pop(), PERF_PROC_IN_LINK, perf_push(), process_incoming_link_part1(), and process_incoming_link_part2().
Referenced by process_io().
◆ process_io()
| void process_io | ( | struct context * | c | ) |
Definition at line 2248 of file forward.c.
References ASSERT, context::c2, DCO_READ, context_2::event_set_status, IS_SIG, management_io(), MANAGEMENT_READ, MANAGEMENT_WRITE, process_incoming_dco(), process_incoming_link(), process_incoming_tun(), process_outgoing_link(), process_outgoing_tun(), read_incoming_link(), read_incoming_tun(), SOCKET_READ, SOCKET_WRITE, status, TUN_READ, and TUN_WRITE.
Referenced by tunnel_point_to_point().
◆ process_ip_header()
Definition at line 1617 of file forward.c.
References options::block_ipv6, context::c1, context::c2, options::ce, options::client_nat, client_nat_transform(), CN_INCOMING, CN_OUTGOING, dhcp_extract_router_msg(), context_2::es, context_2::frame, ipv6_send_icmp_unreachable(), is_ipv4(), is_ipv6(), buffer::len, context_2::link_socket, frame::mss_fix, mss_fixup_ipv4(), mss_fixup_ipv6(), connection_entry::mssfix, context::options, PASSTOS_CAPABILITY, PIP_MSSFIX, PIP_OUTGOING, PIPV4_CLIENT_NAT, PIPV4_EXTRACT_DHCP_ROUTER, PIPV4_PASSTOS, PIPV6_IMCP_NOHOST_CLIENT, PIPV6_IMCP_NOHOST_SERVER, options::route_gateway_via_dhcp, context_1::route_list, route_list_add_vpn_gateway(), TUNNEL_TYPE, and context_1::tuntap.
Referenced by multi_get_queue(), process_incoming_tun(), and process_outgoing_tun().
◆ reschedule_multi_process()
| void reschedule_multi_process | ( | struct context * | c | ) |
Reschedule tls_multi_process.
NOTE: in multi-client mode, usually calling the function is insufficient to reschedule the client instance object unless multi_schedule_context_wakeup(m, mi) is also called.
Definition at line 389 of file forward.c.
References context::c2, context_immediate_reschedule(), interval_action(), and context_2::tmp_int.
Referenced by management_client_pending_auth(), send_auth_failed(), and send_control_channel_string().
◆ schedule_exit()
| void schedule_exit | ( | struct context * | c, |
| const int | n_seconds, | ||
| const int | signal | ||
| ) |
Definition at line 520 of file forward.c.
References context::c2, D_SCHED_EXIT, event_timeout_init(), msg, now, reset_coarse_timers(), context_2::scheduled_exit, context_2::scheduled_exit_signal, context_2::tls_multi, tls_set_single_session(), and update_time().
Referenced by receive_exit_message(), send_auth_failed(), and send_restart().
◆ send_control_channel_string()
| bool send_control_channel_string | ( | struct context * | c, |
| const char * | str, | ||
| int | msglevel | ||
| ) |
Definition at line 396 of file forward.c.
References context::c2, reschedule_multi_process(), send_control_channel_string_dowork(), tls_multi::session, context_2::tls_multi, and TM_ACTIVE.
Referenced by management_callback_send_cc_message(), multi_push_restart_schedule_exit(), process_explicit_exit_notification_init(), send_push_options(), send_push_reply(), send_push_request(), and send_restart().
◆ send_control_channel_string_dowork()
| bool send_control_channel_string_dowork | ( | struct tls_session * | session, |
| const char * | str, | ||
| int | msglevel | ||
| ) |
Definition at line 367 of file forward.c.
References ASSERT, gc_free(), gc_new(), session::key, KS_PRIMARY, msg, sanitize_control_message(), and tls_send_payload().
Referenced by send_auth_failed(), send_auth_pending_messages(), send_control_channel_string(), and send_push_reply_auth_token().
◆ socks_postprocess_incoming_link()
|
inlinestatic |
Definition at line 871 of file forward.c.
References context_2::buf, context::c2, context_2::from, link_socket::info, context_2::link_socket, link_socket_info::proto, PROTO_UDP, socks_process_incoming_udp(), and link_socket::socks_proxy.
Referenced by read_incoming_link().
◆ socks_preprocess_outgoing_link()
|
inlinestatic |
Definition at line 880 of file forward.c.
References context::c2, link_socket::info, context_2::link_socket, link_socket_info::proto, PROTO_UDP, socks_process_outgoing_udp(), link_socket::socks_proxy, link_socket::socks_relay, context_2::to_link, and context_2::to_link_addr.
Referenced by process_outgoing_link().
Variable Documentation
◆ link_read_bytes_global
| counter_type link_read_bytes_global |
Definition at line 49 of file forward.c.
Referenced by man_load_stats(), and process_incoming_link_part1().
◆ link_write_bytes_global
| counter_type link_write_bytes_global |
Definition at line 50 of file forward.c.
Referenced by man_load_stats(), and process_outgoing_link().
