#include "syshead.h"#include "forward.h"#include "init.h"#include "push.h"#include "gremlin.h"#include "mss.h"#include "event.h"#include "occ.h"#include "ping.h"#include "ps.h"#include "dhcp.h"#include "common.h"#include "ssl_verify.h"#include "dco.h"#include "auth_token.h"#include "memdbg.h"#include "mstats.h"
Go to the source code of this file.
Macros | |
| #define | MAX_ICMPV6LEN 1280 |
Functions | |
| static void | check_tls_errors_co (struct context *c) |
| static void | check_tls_errors_nco (struct context *c) |
| static void | check_tls_errors (struct context *c) |
| static void | context_immediate_reschedule (struct context *c) |
| static void | context_reschedule_sec (struct context *c, int sec) |
| void | check_dco_key_status (struct context *c) |
| static void | check_tls (struct context *c) |
| static void | check_incoming_control_channel (struct context *c) |
| static void | check_push_request (struct context *c) |
| static void | check_connection_established (struct context *c) |
| bool | send_control_channel_string_dowork (struct tls_multi *multi, const char *str, int msglevel) |
| void | reschedule_multi_process (struct context *c) |
| Reschedule tls_multi_process. More... | |
| bool | send_control_channel_string (struct context *c, const char *str, int msglevel) |
| static void | check_add_routes_action (struct context *c, const bool errors) |
| static void | check_add_routes (struct context *c) |
| static void | check_inactivity_timeout (struct context *c) |
| int | get_server_poll_remaining_time (struct event_timeout *server_poll_timeout) |
| static void | check_server_poll_timeout (struct context *c) |
| void | schedule_exit (struct context *c, const int n_seconds, const int signal) |
| static void | check_scheduled_exit (struct context *c) |
| static void | check_status_file (struct context *c) |
| static void | check_fragment (struct context *c) |
| static void | buffer_turnover (const uint8_t *orig_buf, struct buffer *dest_stub, struct buffer *src_stub, struct buffer *storage) |
| void | encrypt_sign (struct context *c, bool comp_frag) |
| Process a data channel packet that will be sent through a VPN tunnel. More... | |
| static void | check_session_timeout (struct context *c) |
| static void | process_coarse_timers (struct context *c) |
| static void | check_coarse_timers (struct context *c) |
| static void | check_timeout_random_component_dowork (struct context *c) |
| static void | check_timeout_random_component (struct context *c) |
| static void | socks_postprocess_incoming_link (struct context *c) |
| static void | socks_preprocess_outgoing_link (struct context *c, struct link_socket_actual **to_addr, int *size_delta) |
| static void | link_socket_write_post_size_adjust (int *size, int size_delta, struct buffer *buf) |
| void | read_incoming_link (struct context *c) |
| Read a packet from the external network interface. More... | |
| bool | process_incoming_link_part1 (struct context *c, struct link_socket_info *lsi, bool floated) |
| Starts processing a packet read from the external network interface. More... | |
| void | process_incoming_link_part2 (struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf) |
| Continues processing a packet read from the external network interface. More... | |
| static void | process_incoming_link (struct context *c) |
| static void | process_incoming_dco (struct context *c) |
| void | read_incoming_tun (struct context *c) |
| Read a packet from the virtual tun/tap network interface. More... | |
| static void | drop_if_recursive_routing (struct context *c, struct buffer *buf) |
| Drops UDP packets which OS decided to route via tun. More... | |
| void | process_incoming_tun (struct context *c) |
| Process a packet read from the virtual tun/tap network interface. More... | |
| void | ipv6_send_icmp_unreachable (struct context *c, struct buffer *buf, bool client) |
| Forges a IPv6 ICMP packet with a no route to host error code from the IPv6 packet in buf and sends it directly back to the client via the tun device when used on a client and via the link if used on the server. More... | |
| void | process_ip_header (struct context *c, unsigned int flags, struct buffer *buf) |
| void | process_outgoing_link (struct context *c) |
| Write a packet to the external network interface. More... | |
| void | process_outgoing_tun (struct context *c) |
| Write a packet to the virtual tun/tap network interface. More... | |
| void | pre_select (struct context *c) |
| void | io_wait_dowork (struct context *c, const unsigned int flags) |
| void | process_io (struct context *c) |
Variables | |
| counter_type | link_read_bytes_global |
| counter_type | link_write_bytes_global |
Macro Definition Documentation
◆ MAX_ICMPV6LEN
| #define MAX_ICMPV6LEN 1280 |
Function Documentation
◆ buffer_turnover()
|
inlinestatic |
Definition at line 561 of file forward.c.
References buf_assign(), and buffer::data.
Referenced by encrypt_sign(), and process_incoming_link_part2().
◆ check_add_routes()
|
static |
Definition at line 427 of file forward.c.
References context::c1, context::c2, check_add_routes_action(), D_ROUTE, ETT_DEFAULT, event_timeout_init(), event_timeout_reset(), event_timeout_trigger(), M_INFO, M_NOPREFIX, msg, event_timeout::n, now, context::persist, context_2::ping_rec_interval, register_signal(), context_persist::restart_sleep_seconds, context_1::route_list, context_2::route_wakeup, context_2::route_wakeup_expire, show_adapters(), show_routes(), context::sig, SIGHUP, test_routes(), context_2::timeval, tun_standby(), context_1::tuntap, and update_time().
Referenced by process_coarse_timers().
◆ check_add_routes_action()
|
static |
Definition at line 412 of file forward.c.
References context::c1, context::c2, do_route(), context_2::es, event_timeout_clear(), initialization_sequence_completed(), ISC_ERRORS, ISC_ROUTE_ERRORS, context::net_ctx, context::options, context::plugins, context_1::route_ipv6_list, context_1::route_list, context_2::route_wakeup, context_2::route_wakeup_expire, context_1::tuntap, and update_time().
Referenced by check_add_routes().
◆ check_coarse_timers()
|
static |
Definition at line 794 of file forward.c.
References BIG_TIMEOUT, context::c2, context_2::coarse_timer_wakeup, context_reschedule_sec(), D_INTERVAL, dmsg, now, process_coarse_timers(), and context_2::timeval.
Referenced by pre_select().
◆ check_connection_established()
|
static |
Definition at line 327 of file forward.c.
References context::c2, connection_established(), do_up(), event_timeout_clear(), event_timeout_init(), options::handshake_window, management_set_state(), now, OPENVPN_STATE_GET_CONFIG, context::options, options::pull, context_2::push_request_interval, context_2::push_request_timeout, register_signal(), reset_coarse_timers(), context::sig, SIGUSR1, context_2::tls_multi, and context_2::wait_for_connect.
Referenced by process_coarse_timers().
◆ check_dco_key_status()
| void check_dco_key_status | ( | struct context * | c | ) |
Definition at line 146 of file forward.c.
References context::c1, context::c2, tuntap::dco, dco_enabled(), tls_multi::dco_peer_id, dco_update_keys(), context::options, register_signal(), context::sig, SIGUSR1, context_2::tls_multi, and context_1::tuntap.
Referenced by check_tls().
◆ check_fragment()
|
static |
Definition at line 532 of file forward.c.
References ASSERT, context_2::buf, context::c2, encrypt_sign(), context_2::fragment, fragment_housekeeping(), fragment_outgoing_defined(), fragment_ready_to_send(), frame_adjust_path_mtu(), context_2::frame_fragment, get_link_socket_info(), buffer::len, link_socket_info::lsa, link_socket_info::mtu_changed, context_2::timeval, and context_2::to_link.
Referenced by pre_select().
◆ check_inactivity_timeout()
|
static |
Definition at line 465 of file forward.c.
References M_INFO, msg, register_signal(), context::sig, and SIGTERM.
Referenced by process_coarse_timers().
◆ check_incoming_control_channel()
|
static |
Definition at line 240 of file forward.c.
References alloc_buf_gc(), ASSERT, BSTR, buf_null_terminate(), buf_string_match_head_str(), context::c2, CC_CRLF, CC_PRINT, D_PUSH_ERRORS, gc_free(), gc_new(), incoming_push_message(), buffer::len, msg, receive_auth_failed(), receive_auth_pending(), receive_cr_response(), receive_exit_message(), server_pushed_info(), server_pushed_signal(), string_mod(), context_2::tls_multi, tls_rec_payload(), and tls_test_payload_len().
Referenced by pre_select().
◆ check_push_request()
|
static |
Definition at line 309 of file forward.c.
References context::c2, event_timeout_modify_wakeup(), PUSH_REQUEST_INTERVAL, context_2::push_request_interval, and send_push_request().
Referenced by process_coarse_timers().
◆ check_scheduled_exit()
|
static |
Definition at line 510 of file forward.c.
References context::c2, register_signal(), context_2::scheduled_exit_signal, and context::sig.
Referenced by process_coarse_timers().
◆ check_server_poll_timeout()
|
static |
Definition at line 480 of file forward.c.
References ASSERT, context::c2, event_timeout_reset(), M_INFO, msg, context::persist, register_signal(), context_persist::restart_sleep_seconds, context_2::server_poll_interval, context::sig, SIGUSR1, tls_initial_packet_received(), and context_2::tls_multi.
Referenced by process_coarse_timers().
◆ check_session_timeout()
|
static |
Definition at line 667 of file forward.c.
References context::c2, ETT_DEFAULT, event_timeout_trigger(), M_INFO, msg, context::options, register_signal(), context_2::session_interval, options::session_timeout, context::sig, SIGTERM, and context_2::timeval.
Referenced by process_coarse_timers().
◆ check_status_file()
|
static |
Definition at line 519 of file forward.c.
References context::c1, print_status(), and context_1::status_output.
Referenced by process_coarse_timers().
◆ check_timeout_random_component()
|
inlinestatic |
Definition at line 829 of file forward.c.
References context::c2, check_timeout_random_component_dowork(), now, context_2::timeout_random_component, context_2::timeval, tv_add(), and context_2::update_timeout_random_component.
Referenced by pre_select().
◆ check_timeout_random_component_dowork()
|
static |
Definition at line 818 of file forward.c.
References context::c2, D_INTERVAL, dmsg, get_random(), now, context_2::timeout_random_component, and context_2::update_timeout_random_component.
Referenced by check_timeout_random_component().
◆ check_tls()
|
static |
Definition at line 179 of file forward.c.
References BIG_TIMEOUT, context::c2, check_dco_key_status(), tls_multi::client_reason, context_reschedule_sec(), event_timeout_init(), get_link_socket_info(), interval_action(), interval_future_trigger(), interval_schedule_wakeup(), interval_test(), options::mode, MODE_SERVER, now, context::options, register_signal(), reset_coarse_timers(), send_auth_failed(), context::sig, SIGTERM, context_2::tls_multi, tls_multi_process(), TLSMP_ACTIVE, TLSMP_KILL, TLSMP_RECONNECT, context_2::tmp_int, context_2::to_link, context_2::to_link_addr, update_time(), and context_2::wait_for_connect.
Referenced by pre_select().
◆ check_tls_errors()
|
inlinestatic |
Definition at line 99 of file forward.c.
References context::c2, check_tls_errors_co(), check_tls_errors_nco(), context_2::link_socket, link_socket_connection_oriented(), tls_multi::n_hard_errors, tls_multi::n_soft_errors, context_2::tls_exit_signal, and context_2::tls_multi.
Referenced by pre_select().
◆ check_tls_errors_co()
|
static |
Definition at line 82 of file forward.c.
References context::c2, D_STREAM_ERRORS, msg, register_signal(), context::sig, and context_2::tls_exit_signal.
Referenced by check_tls_errors().
◆ check_tls_errors_nco()
|
static |
Definition at line 89 of file forward.c.
References context::c2, register_signal(), context::sig, and context_2::tls_exit_signal.
Referenced by check_tls_errors().
◆ context_immediate_reschedule()
|
inlinestatic |
Definition at line 125 of file forward.c.
References context::c2, and context_2::timeval.
Referenced by reschedule_multi_process().
◆ context_reschedule_sec()
|
inlinestatic |
Definition at line 132 of file forward.c.
References context::c2, and context_2::timeval.
Referenced by check_coarse_timers(), and check_tls().
◆ drop_if_recursive_routing()
Drops UDP packets which OS decided to route via tun.
On Windows and OS X when netwotk adapter is disabled or disconnected, platform starts to use tun as external interface. When packet is sent to tun, it comes to openvpn, encapsulated and sent to routing table, which sends it again to tun.
Definition at line 1308 of file forward.c.
References openvpn_sockaddr::addr, BLEN, BPTR, context_2::buf, context::c1, context::c2, D_LOW, openvpn_iphdr::daddr, openvpn_ipv6hdr::daddr, link_socket_actual::dest, gc_free(), gc_new(), get_tun_ip_ver(), openvpn_sockaddr::in4, openvpn_sockaddr::in6, IN6_ARE_ADDR_EQUAL, buffer::len, msg, print_link_socket_actual(), openvpn_sockaddr::sa, context_2::to_link_addr, TUNNEL_TYPE, and context_1::tuntap.
Referenced by process_incoming_tun().
◆ get_server_poll_remaining_time()
| int get_server_poll_remaining_time | ( | struct event_timeout * | server_poll_timeout | ) |
Definition at line 472 of file forward.c.
References event_timeout_remaining(), max_int(), and update_time().
Referenced by create_socket_dco_win(), establish_http_proxy_passthru(), phase2_socks_client(), and phase2_tcp_client().
◆ io_wait_dowork()
| void io_wait_dowork | ( | struct context * | c, |
| const unsigned int | flags | ||
| ) |
Definition at line 1998 of file forward.c.
References event_set_return::arg, context::c1, context::c2, check_debug_level(), check_status(), D_EVENT_WAIT, tuntap::dco, dco_event_set(), DCO_SHIFT, context_2::did_open_tun, dmsg, ERR_SHIFT, ES_ERROR, ES_TIMEOUT, event_ctl(), EVENT_READ, event_reset(), context_2::event_set, context_2::event_set_status, event_wait(), EVENT_WRITE, FILE_SHIFT, get_signal(), IOW_CHECK_RESIDUAL, IOW_FRAG, IOW_MBUF, IOW_READ_LINK, IOW_READ_TUN, IOW_READ_TUN_FORCE, IOW_SHAPER, IOW_TO_LINK, IOW_TO_TUN, IOW_WAIT_SIGNAL, context_2::link_socket, MANAGEMENT_SHIFT, management_socket_set(), max_int(), options::mode, MODE_SERVER, context::options, event_set_return::rwflags, context_2::shaper, options::shaper, shaper_delay(), shaper_soonest_event(), context::sig, signal_info::signal_received, SIZE, SOCKET_READ, socket_read_residual(), socket_set(), SOCKET_SHIFT, status, context_2::timeval, TO_LINK_FRAG, tun_set(), TUN_SHIFT, context_1::tuntap, tuntap_is_wintun(), update_time(), and wait_signal().
Referenced by io_wait().
◆ ipv6_send_icmp_unreachable()
Forges a IPv6 ICMP packet with a no route to host error code from the IPv6 packet in buf and sends it directly back to the client via the tun device when used on a client and via the link if used on the server.
- Parameters
-
buf - The buf containing the packet for which the icmp6 unreachable should be constructed. client - determines whether to the send packet back via tun or link
Definition at line 1457 of file forward.c.
References ASSERT, context_buffers::aux_buf, BLEN, BPTR, buf_copy_n(), buf_init, buf_safe(), buf_write_prepend(), context_2::buffers, context::c1, context::c2, CLEAR, openvpn_ipv6hdr::daddr, openvpn_ethhdr::dest, DEV_TYPE_TAP, context_2::frame, openvpn_icmp6hdr::icmp6_cksum, openvpn_icmp6hdr::icmp6_code, openvpn_icmp6hdr::icmp6_type, options::ifconfig_ipv6_remote, ip_checksum(), is_ipv6(), MAX_ICMPV6LEN, min_int(), openvpn_ipv6hdr::nexthdr, OPENVPN_ETH_ALEN, OPENVPN_ETH_P_IPV6, OPENVPN_ICMP6_DESTINATION_UNREACHABLE, OPENVPN_ICMP6_DU_NOROUTE, OPENVPN_IPPROTO_ICMPV6, context::options, openvpn_ipv6hdr::payload_len, openvpn_ethhdr::proto, openvpn_ipv6hdr::saddr, openvpn_ethhdr::source, context_2::to_link, context_2::to_tun, frame::tun_mtu, TUNNEL_TYPE, context_1::tuntap, and openvpn_ipv6hdr::version_prio.
Referenced by process_ip_header().
◆ link_socket_write_post_size_adjust()
|
inlinestatic |
Definition at line 869 of file forward.c.
References buf_advance().
Referenced by process_outgoing_link().
◆ pre_select()
| void pre_select | ( | struct context * | c | ) |
Definition at line 1926 of file forward.c.
References BIG_TIMEOUT, context::c1, context::c2, check_coarse_timers(), check_debug_level(), check_fragment(), check_incoming_control_channel(), check_send_occ_msg(), check_timeout_random_component(), check_tls(), check_tls_errors(), D_TAP_WIN_DEBUG, context_2::fragment, context::sig, signal_info::signal_received, context_2::timeval, context_2::tls_multi, tls_test_payload_len(), tun_show_debug(), context_1::tuntap, and tuntap_defined().
Referenced by multi_process_post(), and tunnel_point_to_point().
◆ process_coarse_timers()
|
static |
Definition at line 682 of file forward.c.
References context_2::auth_token_renewal_interval, context::c1, context::c2, options::ce, check_add_routes(), check_connection_established(), check_inactivity_timeout(), check_ping_restart(), check_ping_send(), check_push_request(), check_scheduled_exit(), check_send_auth_token(), check_send_occ_load_test(), check_send_occ_req(), check_server_poll_timeout(), check_session_timeout(), check_status_file(), connection_entry::connect_timeout, status_output::et, ETT_DEFAULT, event_timeout_trigger(), context_2::explicit_exit_notification_time_wait, context_2::inactivity_interval, options::inactivity_timeout, management_check_bytecount(), context::options, packet_id_persist_enabled(), context_2::packet_id_persist_interval, packet_id_persist_save(), context_1::pid_persist, process_explicit_exit_notification_timer_wakeup(), context_2::push_request_interval, context_2::route_wakeup, context_2::scheduled_exit, context_2::server_poll_interval, context::sig, signal_info::signal_received, context_1::status_output, context_2::timeval, context_2::tls_multi, and context_2::wait_for_connect.
Referenced by check_coarse_timers().
◆ process_incoming_dco()
|
static |
Definition at line 1191 of file forward.c.
References context::c1, context::c2, D_DCO_DEBUG, tuntap::dco, dco_do_read(), tls_multi::dco_peer_id, msg, OVPN_CMD_DEL_PEER, OVPN_DEL_PEER_REASON_EXPIRED, context_2::tls_multi, trigger_ping_timeout_signal(), and context_1::tuntap.
Referenced by process_io().
◆ process_incoming_link()
|
static |
Definition at line 1177 of file forward.c.
References context_2::buf, context::c2, buffer::data, get_link_socket_info(), perf_pop(), PERF_PROC_IN_LINK, perf_push(), process_incoming_link_part1(), and process_incoming_link_part2().
Referenced by process_io().
◆ process_io()
| void process_io | ( | struct context * | c | ) |
Definition at line 2214 of file forward.c.
References ASSERT, context::c2, DCO_READ, context_2::event_set_status, IS_SIG, management_io(), MANAGEMENT_READ, MANAGEMENT_WRITE, process_incoming_dco(), process_incoming_link(), process_incoming_tun(), process_outgoing_link(), process_outgoing_tun(), read_incoming_link(), read_incoming_tun(), SOCKET_READ, SOCKET_WRITE, status, TUN_READ, and TUN_WRITE.
Referenced by tunnel_point_to_point().
◆ process_ip_header()
Definition at line 1583 of file forward.c.
References options::block_ipv6, context::c1, context::c2, options::ce, options::client_nat, client_nat_transform(), CN_INCOMING, CN_OUTGOING, dhcp_extract_router_msg(), context_2::es, context_2::frame, in_addr_t, ipv6_send_icmp_unreachable(), is_ipv4(), is_ipv6(), buffer::len, context_2::link_socket, frame::mss_fix, mss_fixup_ipv4(), mss_fixup_ipv6(), connection_entry::mssfix, context::options, PASSTOS_CAPABILITY, PIP_MSSFIX, PIP_OUTGOING, PIPV4_CLIENT_NAT, PIPV4_EXTRACT_DHCP_ROUTER, PIPV4_PASSTOS, PIPV6_IMCP_NOHOST_CLIENT, PIPV6_IMCP_NOHOST_SERVER, options::route_gateway_via_dhcp, context_1::route_list, route_list_add_vpn_gateway(), TUNNEL_TYPE, and context_1::tuntap.
Referenced by multi_get_queue(), process_incoming_tun(), and process_outgoing_tun().
◆ reschedule_multi_process()
| void reschedule_multi_process | ( | struct context * | c | ) |
Reschedule tls_multi_process.
NOTE: in multi-client mode, usually calling the function is insufficient to reschedule the client instance object unless multi_schedule_context_wakeup(m, mi) is also called.
Definition at line 388 of file forward.c.
References context::c2, context_immediate_reschedule(), interval_action(), and context_2::tmp_int.
Referenced by management_client_pending_auth(), and send_control_channel_string().
◆ schedule_exit()
| void schedule_exit | ( | struct context * | c, |
| const int | n_seconds, | ||
| const int | signal | ||
| ) |
Definition at line 496 of file forward.c.
References context::c2, D_SCHED_EXIT, event_timeout_init(), msg, now, reset_coarse_timers(), context_2::scheduled_exit, context_2::scheduled_exit_signal, context_2::tls_multi, tls_set_single_session(), and update_time().
Referenced by receive_exit_message(), send_auth_failed(), and send_restart().
◆ send_control_channel_string()
| bool send_control_channel_string | ( | struct context * | c, |
| const char * | str, | ||
| int | msglevel | ||
| ) |
Definition at line 395 of file forward.c.
References context::c2, reschedule_multi_process(), send_control_channel_string_dowork(), and context_2::tls_multi.
Referenced by management_callback_send_cc_message(), multi_push_restart_schedule_exit(), process_explicit_exit_notification_init(), send_auth_failed(), send_push_options(), send_push_reply(), send_push_request(), and send_restart().
◆ send_control_channel_string_dowork()
| bool send_control_channel_string_dowork | ( | struct tls_multi * | multi, |
| const char * | str, | ||
| int | msglevel | ||
| ) |
Definition at line 369 of file forward.c.
References gc_free(), gc_new(), msg, sanitize_control_message(), tls_common_name(), and tls_send_payload().
Referenced by send_auth_pending_messages(), send_control_channel_string(), and send_push_reply_auth_token().
◆ socks_postprocess_incoming_link()
|
inlinestatic |
Definition at line 847 of file forward.c.
References context_2::buf, context::c2, context_2::from, link_socket::info, context_2::link_socket, link_socket_info::proto, PROTO_UDP, socks_process_incoming_udp(), and link_socket::socks_proxy.
Referenced by read_incoming_link().
◆ socks_preprocess_outgoing_link()
|
inlinestatic |
Definition at line 856 of file forward.c.
References context::c2, link_socket::info, context_2::link_socket, link_socket_info::proto, PROTO_UDP, socks_process_outgoing_udp(), link_socket::socks_proxy, link_socket::socks_relay, context_2::to_link, and context_2::to_link_addr.
Referenced by process_outgoing_link().
Variable Documentation
◆ link_read_bytes_global
| counter_type link_read_bytes_global |
Definition at line 51 of file forward.c.
Referenced by man_load_stats(), and process_incoming_link_part1().
◆ link_write_bytes_global
| counter_type link_write_bytes_global |
Definition at line 52 of file forward.c.
Referenced by man_load_stats(), and process_outgoing_link().
