#include "syshead.h"#include "forward.h"#include "init.h"#include "push.h"#include "gremlin.h"#include "mss.h"#include "event.h"#include "occ.h"#include "ping.h"#include "ps.h"#include "dhcp.h"#include "common.h"#include "ssl_verify.h"#include "dco.h"#include "auth_token.h"#include "memdbg.h"#include "mstats.h"
Go to the source code of this file.
Macros | |
| #define | MAX_ICMPV6LEN 1280 |
Functions | |
| static void | check_tls_errors_co (struct context *c) |
| static void | check_tls_errors_nco (struct context *c) |
| static void | check_tls_errors (struct context *c) |
| static void | context_immediate_reschedule (struct context *c) |
| static void | context_reschedule_sec (struct context *c, int sec) |
| void | check_dco_key_status (struct context *c) |
| static void | check_tls (struct context *c) |
| static void | parse_incoming_control_channel_command (struct context *c, struct buffer *buf) |
| static void | check_incoming_control_channel (struct context *c) |
| static void | check_push_request (struct context *c) |
| static void | check_connection_established (struct context *c) |
| bool | send_control_channel_string_dowork (struct tls_session *session, const char *str, int msglevel) |
| void | reschedule_multi_process (struct context *c) |
| Reschedule tls_multi_process. More... | |
| bool | send_control_channel_string (struct context *c, const char *str, int msglevel) |
| static void | check_add_routes_action (struct context *c, const bool errors) |
| static void | check_add_routes (struct context *c) |
| static void | check_inactivity_timeout (struct context *c) |
| int | get_server_poll_remaining_time (struct event_timeout *server_poll_timeout) |
| static void | check_server_poll_timeout (struct context *c) |
| bool | schedule_exit (struct context *c) |
| static void | check_scheduled_exit (struct context *c) |
| static void | check_status_file (struct context *c) |
| static void | check_fragment (struct context *c) |
| static void | buffer_turnover (const uint8_t *orig_buf, struct buffer *dest_stub, struct buffer *src_stub, struct buffer *storage) |
| void | encrypt_sign (struct context *c, bool comp_frag) |
| Process a data channel packet that will be sent through a VPN tunnel. More... | |
| static void | check_session_timeout (struct context *c) |
| static void | process_coarse_timers (struct context *c) |
| static void | check_coarse_timers (struct context *c) |
| static void | check_timeout_random_component_dowork (struct context *c) |
| static void | check_timeout_random_component (struct context *c) |
| static void | socks_postprocess_incoming_link (struct context *c) |
| static void | socks_preprocess_outgoing_link (struct context *c, struct link_socket_actual **to_addr, int *size_delta) |
| static void | link_socket_write_post_size_adjust (int *size, int size_delta, struct buffer *buf) |
| void | read_incoming_link (struct context *c) |
| Read a packet from the external network interface. More... | |
| bool | process_incoming_link_part1 (struct context *c, struct link_socket_info *lsi, bool floated) |
| Starts processing a packet read from the external network interface. More... | |
| void | process_incoming_link_part2 (struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf) |
| Continues processing a packet read from the external network interface. More... | |
| static void | process_incoming_link (struct context *c) |
| static void | process_incoming_dco (struct context *c) |
| void | read_incoming_tun (struct context *c) |
| Read a packet from the virtual tun/tap network interface. More... | |
| static void | drop_if_recursive_routing (struct context *c, struct buffer *buf) |
| Drops UDP packets which OS decided to route via tun. More... | |
| void | process_incoming_tun (struct context *c) |
| Process a packet read from the virtual tun/tap network interface. More... | |
| void | ipv6_send_icmp_unreachable (struct context *c, struct buffer *buf, bool client) |
| Forges a IPv6 ICMP packet with a no route to host error code from the IPv6 packet in buf and sends it directly back to the client via the tun device when used on a client and via the link if used on the server. More... | |
| void | process_ip_header (struct context *c, unsigned int flags, struct buffer *buf) |
| void | process_outgoing_link (struct context *c) |
| Write a packet to the external network interface. More... | |
| void | process_outgoing_tun (struct context *c) |
| Write a packet to the virtual tun/tap network interface. More... | |
| void | pre_select (struct context *c) |
| void | io_wait_dowork (struct context *c, const unsigned int flags) |
| void | process_io (struct context *c) |
Variables | |
| counter_type | link_read_bytes_global |
| counter_type | link_write_bytes_global |
Macro Definition Documentation
◆ MAX_ICMPV6LEN
| #define MAX_ICMPV6LEN 1280 |
Function Documentation
◆ buffer_turnover()
|
inlinestatic |
Definition at line 627 of file forward.c.
References buf_assign(), and buffer::data.
Referenced by encrypt_sign(), and process_incoming_link_part2().
◆ check_add_routes()
|
static |
Definition at line 463 of file forward.c.
References context::c1, context::c2, check_add_routes_action(), D_ROUTE, ETT_DEFAULT, event_timeout_init(), event_timeout_reset(), event_timeout_trigger(), M_INFO, M_NOPREFIX, msg, event_timeout::n, now, context::persist, context_2::ping_rec_interval, register_signal(), context_persist::restart_sleep_seconds, context_1::route_list, context_2::route_wakeup, context_2::route_wakeup_expire, show_adapters(), show_routes(), context::sig, test_routes(), context_2::timeval, tun_standby(), context_1::tuntap, and update_time().
Referenced by process_coarse_timers().
◆ check_add_routes_action()
|
static |
Definition at line 448 of file forward.c.
References context::c1, context::c2, do_route(), context_2::es, event_timeout_clear(), initialization_sequence_completed(), ISC_ERRORS, ISC_ROUTE_ERRORS, context::net_ctx, context::options, context::plugins, context_1::route_ipv6_list, context_1::route_list, context_2::route_wakeup, context_2::route_wakeup_expire, context_1::tuntap, and update_time().
Referenced by check_add_routes().
◆ check_coarse_timers()
|
static |
Definition at line 860 of file forward.c.
References BIG_TIMEOUT, context::c2, context_2::coarse_timer_wakeup, context_reschedule_sec(), D_INTERVAL, dmsg, now, process_coarse_timers(), and context_2::timeval.
Referenced by pre_select().
◆ check_connection_established()
|
static |
Definition at line 360 of file forward.c.
References context::c2, connection_established(), do_up(), event_timeout_clear(), event_timeout_init(), options::handshake_window, management_set_state(), now, OPENVPN_STATE_GET_CONFIG, context::options, options::pull, context_2::push_request_interval, context_2::push_request_timeout, register_signal(), reset_coarse_timers(), context::sig, context_2::tls_multi, and context_2::wait_for_connect.
Referenced by process_coarse_timers().
◆ check_dco_key_status()
| void check_dco_key_status | ( | struct context * | c | ) |
Definition at line 144 of file forward.c.
References context::c1, context::c2, tuntap::dco, dco_enabled(), tls_multi::dco_peer_id, dco_update_keys(), context::options, register_signal(), context::sig, context_2::tls_multi, and context_1::tuntap.
Referenced by check_tls().
◆ check_fragment()
|
static |
Definition at line 598 of file forward.c.
References ASSERT, context_2::buf, context::c2, encrypt_sign(), context_2::fragment, fragment_housekeeping(), fragment_outgoing_defined(), fragment_ready_to_send(), frame_adjust_path_mtu(), context_2::frame_fragment, get_link_socket_info(), buffer::len, link_socket_info::lsa, link_socket_info::mtu_changed, context_2::timeval, and context_2::to_link.
Referenced by pre_select().
◆ check_inactivity_timeout()
|
static |
Definition at line 510 of file forward.c.
References context::c2, dco_enabled(), dco_get_peer_stats(), event_timeout_reset(), context_2::inactivity_bytes, context_2::inactivity_interval, options::inactivity_minimum_bytes, M_INFO, msg, context::options, register_signal(), context::sig, context_2::tun_read_bytes, and context_2::tun_write_bytes.
Referenced by process_coarse_timers().
◆ check_incoming_control_channel()
|
static |
Definition at line 283 of file forward.c.
References alloc_buf_gc(), ASSERT, BLEN, BPTR, BSTR, buf_advance(), buf_write(), context::c2, CC_CRLF, CC_NULL, CC_PRINT, D_PUSH_ERRORS, format_hex(), gc_free(), gc_new(), buffer::len, msg, parse_incoming_control_channel_command(), string_check_buf(), context_2::tls_multi, tls_rec_payload(), and tls_test_payload_len().
Referenced by pre_select().
◆ check_push_request()
|
static |
Definition at line 342 of file forward.c.
References context::c2, event_timeout_modify_wakeup(), PUSH_REQUEST_INTERVAL, context_2::push_request_interval, and send_push_request().
Referenced by process_coarse_timers().
◆ check_scheduled_exit()
|
static |
Definition at line 576 of file forward.c.
References context::c2, register_signal(), context_2::scheduled_exit_signal, and context::sig.
Referenced by process_coarse_timers().
◆ check_server_poll_timeout()
|
static |
Definition at line 539 of file forward.c.
References ASSERT, context::c2, event_timeout_reset(), M_INFO, msg, context::persist, register_signal(), context_persist::restart_sleep_seconds, context_2::server_poll_interval, context::sig, tls_initial_packet_received(), and context_2::tls_multi.
Referenced by process_coarse_timers().
◆ check_session_timeout()
|
static |
Definition at line 733 of file forward.c.
References context::c2, ETT_DEFAULT, event_timeout_trigger(), M_INFO, msg, context::options, register_signal(), context_2::session_interval, options::session_timeout, context::sig, and context_2::timeval.
Referenced by process_coarse_timers().
◆ check_status_file()
|
static |
Definition at line 585 of file forward.c.
References context::c1, print_status(), and context_1::status_output.
Referenced by process_coarse_timers().
◆ check_timeout_random_component()
|
inlinestatic |
Definition at line 895 of file forward.c.
References context::c2, check_timeout_random_component_dowork(), now, context_2::timeout_random_component, context_2::timeval, tv_add(), and context_2::update_timeout_random_component.
Referenced by pre_select().
◆ check_timeout_random_component_dowork()
|
static |
Definition at line 884 of file forward.c.
References context::c2, D_INTERVAL, dmsg, get_random(), now, context_2::timeout_random_component, and context_2::update_timeout_random_component.
Referenced by check_timeout_random_component().
◆ check_tls()
|
static |
Definition at line 177 of file forward.c.
References BIG_TIMEOUT, context::c2, check_dco_key_status(), tls_multi::client_reason, context_reschedule_sec(), event_timeout_init(), get_link_socket_info(), interval_action(), interval_future_trigger(), interval_schedule_wakeup(), interval_test(), options::mode, MODE_SERVER, now, context::options, register_signal(), reset_coarse_timers(), send_auth_failed(), context::sig, context_2::tls_multi, tls_multi_process(), TLSMP_ACTIVE, TLSMP_KILL, TLSMP_RECONNECT, context_2::tmp_int, context_2::to_link, context_2::to_link_addr, update_time(), and context_2::wait_for_connect.
Referenced by pre_select().
◆ check_tls_errors()
|
inlinestatic |
Definition at line 97 of file forward.c.
References context::c2, check_tls_errors_co(), check_tls_errors_nco(), context_2::link_socket, link_socket_connection_oriented(), tls_multi::n_hard_errors, tls_multi::n_soft_errors, context_2::tls_exit_signal, and context_2::tls_multi.
Referenced by pre_select().
◆ check_tls_errors_co()
|
static |
Definition at line 80 of file forward.c.
References context::c2, D_STREAM_ERRORS, msg, register_signal(), context::sig, and context_2::tls_exit_signal.
Referenced by check_tls_errors().
◆ check_tls_errors_nco()
|
static |
Definition at line 87 of file forward.c.
References context::c2, register_signal(), context::sig, and context_2::tls_exit_signal.
Referenced by check_tls_errors().
◆ context_immediate_reschedule()
|
inlinestatic |
Definition at line 123 of file forward.c.
References context::c2, and context_2::timeval.
Referenced by reschedule_multi_process().
◆ context_reschedule_sec()
|
inlinestatic |
Definition at line 130 of file forward.c.
References context::c2, and context_2::timeval.
Referenced by check_coarse_timers(), and check_tls().
◆ drop_if_recursive_routing()
Drops UDP packets which OS decided to route via tun.
On Windows and OS X when netwotk adapter is disabled or disconnected, platform starts to use tun as external interface. When packet is sent to tun, it comes to openvpn, encapsulated and sent to routing table, which sends it again to tun.
Definition at line 1392 of file forward.c.
References openvpn_sockaddr::addr, BLEN, BPTR, context_2::buf, context::c1, context::c2, D_LOW, openvpn_iphdr::daddr, openvpn_ipv6hdr::daddr, link_socket_actual::dest, gc_free(), gc_new(), get_tun_ip_ver(), openvpn_sockaddr::in4, openvpn_sockaddr::in6, IN6_ARE_ADDR_EQUAL, buffer::len, msg, print_link_socket_actual(), openvpn_sockaddr::sa, context_2::to_link_addr, TUNNEL_TYPE, and context_1::tuntap.
Referenced by process_incoming_tun().
◆ get_server_poll_remaining_time()
| int get_server_poll_remaining_time | ( | struct event_timeout * | server_poll_timeout | ) |
Definition at line 531 of file forward.c.
References event_timeout_remaining(), max_int(), and update_time().
Referenced by create_socket_dco_win(), establish_http_proxy_passthru(), phase2_socks_client(), phase2_tcp_client(), recv_socks_reply(), socks_handshake(), and socks_username_password_auth().
◆ io_wait_dowork()
| void io_wait_dowork | ( | struct context * | c, |
| const unsigned int | flags | ||
| ) |
Definition at line 2069 of file forward.c.
References event_set_return::arg, context::c1, context::c2, check_debug_level(), check_status(), D_EVENT_WAIT, tuntap::dco, dco_event_set(), DCO_SHIFT, context_2::did_open_tun, dmsg, ERR_SHIFT, ES_ERROR, ES_TIMEOUT, event_ctl(), EVENT_READ, event_reset(), context_2::event_set, context_2::event_set_status, event_wait(), EVENT_WRITE, FILE_SHIFT, get_signal(), IOW_CHECK_RESIDUAL, IOW_FRAG, IOW_MBUF, IOW_READ_LINK, IOW_READ_TUN, IOW_READ_TUN_FORCE, IOW_SHAPER, IOW_TO_LINK, IOW_TO_TUN, IOW_WAIT_SIGNAL, context_2::link_socket, MANAGEMENT_SHIFT, management_socket_set(), max_int(), options::mode, MODE_SERVER, context::options, event_set_return::rwflags, context_2::shaper, options::shaper, shaper_delay(), shaper_soonest_event(), context::sig, signal_info::signal_received, SIZE, SOCKET_READ, socket_read_residual(), socket_set(), SOCKET_SHIFT, status, context_2::timeval, TO_LINK_FRAG, tun_set(), TUN_SHIFT, context_1::tuntap, tuntap_is_wintun(), update_time(), and wait_signal().
Referenced by io_wait().
◆ ipv6_send_icmp_unreachable()
Forges a IPv6 ICMP packet with a no route to host error code from the IPv6 packet in buf and sends it directly back to the client via the tun device when used on a client and via the link if used on the server.
- Parameters
-
buf - The buf containing the packet for which the icmp6 unreachable should be constructed. client - determines whether to the send packet back via tun or link
Definition at line 1541 of file forward.c.
References ASSERT, context_buffers::aux_buf, BLEN, BPTR, buf_copy_n(), buf_init, buf_safe(), buf_write_prepend(), context_2::buffers, context::c1, context::c2, CLEAR, openvpn_ipv6hdr::daddr, openvpn_ethhdr::dest, DEV_TYPE_TAP, context_2::frame, openvpn_icmp6hdr::icmp6_cksum, openvpn_icmp6hdr::icmp6_code, openvpn_icmp6hdr::icmp6_type, options::ifconfig_ipv6_remote, ip_checksum(), is_ipv6(), MAX_ICMPV6LEN, min_int(), openvpn_ipv6hdr::nexthdr, OPENVPN_ETH_ALEN, OPENVPN_ETH_P_IPV6, OPENVPN_ICMP6_DESTINATION_UNREACHABLE, OPENVPN_ICMP6_DU_NOROUTE, OPENVPN_IPPROTO_ICMPV6, context::options, openvpn_ipv6hdr::payload_len, openvpn_ethhdr::proto, openvpn_ipv6hdr::saddr, openvpn_ethhdr::source, context_2::to_link, context_2::to_tun, frame::tun_mtu, TUNNEL_TYPE, context_1::tuntap, and openvpn_ipv6hdr::version_prio.
Referenced by process_ip_header().
◆ link_socket_write_post_size_adjust()
|
inlinestatic |
Definition at line 935 of file forward.c.
References buf_advance().
Referenced by process_outgoing_link().
◆ parse_incoming_control_channel_command()
|
static |
Definition at line 234 of file forward.c.
References BSTR, buf_string_match_head_str(), D_PUSH_ERRORS, incoming_push_message(), msg, receive_auth_failed(), receive_auth_pending(), receive_cr_response(), receive_exit_message(), server_pushed_info(), and server_pushed_signal().
Referenced by check_incoming_control_channel().
◆ pre_select()
| void pre_select | ( | struct context * | c | ) |
Definition at line 1997 of file forward.c.
References BIG_TIMEOUT, context::c1, context::c2, check_coarse_timers(), check_debug_level(), check_fragment(), check_incoming_control_channel(), check_send_occ_msg(), check_timeout_random_component(), check_tls(), check_tls_errors(), D_TAP_WIN_DEBUG, context_2::fragment, context::sig, signal_info::signal_received, context_2::timeval, context_2::tls_multi, tls_test_payload_len(), tun_show_debug(), context_1::tuntap, and tuntap_defined().
Referenced by multi_process_post(), and tunnel_point_to_point().
◆ process_coarse_timers()
|
static |
Definition at line 748 of file forward.c.
References context_2::auth_token_renewal_interval, context::c1, context::c2, options::ce, check_add_routes(), check_connection_established(), check_inactivity_timeout(), check_ping_restart(), check_ping_send(), check_push_request(), check_scheduled_exit(), check_send_auth_token(), check_send_occ_load_test(), check_send_occ_req(), check_server_poll_timeout(), check_session_timeout(), check_status_file(), connection_entry::connect_timeout, status_output::et, ETT_DEFAULT, event_timeout_trigger(), context_2::explicit_exit_notification_time_wait, context_2::inactivity_interval, options::inactivity_timeout, management_check_bytecount(), context::options, packet_id_persist_enabled(), context_2::packet_id_persist_interval, packet_id_persist_save(), context_1::pid_persist, process_explicit_exit_notification_timer_wakeup(), context_2::push_request_interval, context_2::route_wakeup, context_2::scheduled_exit, context_2::server_poll_interval, context::sig, signal_info::signal_received, context_1::status_output, context_2::timeval, context_2::tls_multi, and context_2::wait_for_connect.
Referenced by check_coarse_timers().
◆ process_incoming_dco()
|
static |
Definition at line 1265 of file forward.c.
References context::c1, context::c2, D_DCO_DEBUG, tuntap::dco, dco_do_read(), tls_multi::dco_peer_id, msg, OVPN_CMD_DEL_PEER, OVPN_CMD_SWAP_KEYS, OVPN_DEL_PEER_REASON_EXPIRED, context_2::tls_multi, tls_session_soft_reset(), trigger_ping_timeout_signal(), and context_1::tuntap.
Referenced by process_io().
◆ process_incoming_link()
|
static |
Definition at line 1251 of file forward.c.
References context_2::buf, context::c2, buffer::data, get_link_socket_info(), perf_pop(), PERF_PROC_IN_LINK, perf_push(), process_incoming_link_part1(), and process_incoming_link_part2().
Referenced by process_io().
◆ process_io()
| void process_io | ( | struct context * | c | ) |
Definition at line 2285 of file forward.c.
References ASSERT, context::c2, DCO_READ, context_2::event_set_status, IS_SIG, management_io(), MANAGEMENT_READ, MANAGEMENT_WRITE, process_incoming_dco(), process_incoming_link(), process_incoming_tun(), process_outgoing_link(), process_outgoing_tun(), read_incoming_link(), read_incoming_tun(), SOCKET_READ, SOCKET_WRITE, status, TUN_READ, and TUN_WRITE.
Referenced by tunnel_point_to_point().
◆ process_ip_header()
Definition at line 1667 of file forward.c.
References options::block_ipv6, context::c1, context::c2, options::ce, options::client_nat, client_nat_transform(), CN_INCOMING, CN_OUTGOING, dhcp_extract_router_msg(), context_2::es, context_2::frame, ipv6_send_icmp_unreachable(), is_ipv4(), is_ipv6(), buffer::len, context_2::link_socket, frame::mss_fix, mss_fixup_ipv4(), mss_fixup_ipv6(), connection_entry::mssfix, context::options, PIP_MSSFIX, PIP_OUTGOING, PIPV4_CLIENT_NAT, PIPV4_EXTRACT_DHCP_ROUTER, PIPV4_PASSTOS, PIPV6_ICMP_NOHOST_CLIENT, PIPV6_ICMP_NOHOST_SERVER, options::route_gateway_via_dhcp, context_1::route_list, route_list_add_vpn_gateway(), TUNNEL_TYPE, and context_1::tuntap.
Referenced by multi_get_queue(), process_incoming_tun(), and process_outgoing_tun().
◆ reschedule_multi_process()
| void reschedule_multi_process | ( | struct context * | c | ) |
Reschedule tls_multi_process.
NOTE: in multi-client mode, usually calling the function is insufficient to reschedule the client instance object unless multi_schedule_context_wakeup(m, mi) is also called.
Definition at line 424 of file forward.c.
References context::c2, context_immediate_reschedule(), interval_action(), and context_2::tmp_int.
Referenced by management_client_pending_auth(), send_auth_failed(), and send_control_channel_string().
◆ schedule_exit()
| bool schedule_exit | ( | struct context * | c | ) |
Definition at line 555 of file forward.c.
References context::c2, D_SCHED_EXIT, event_timeout_defined(), event_timeout_init(), msg, now, context::options, reset_coarse_timers(), context_2::scheduled_exit, options::scheduled_exit_interval, context_2::scheduled_exit_signal, context_2::tls_multi, tls_set_single_session(), and update_time().
Referenced by receive_exit_message(), send_auth_failed(), and send_restart().
◆ send_control_channel_string()
| bool send_control_channel_string | ( | struct context * | c, |
| const char * | str, | ||
| int | msglevel | ||
| ) |
Definition at line 431 of file forward.c.
References context::c2, reschedule_multi_process(), send_control_channel_string_dowork(), tls_multi::session, context_2::tls_multi, and TM_ACTIVE.
Referenced by management_callback_send_cc_message(), multi_push_restart_schedule_exit(), process_explicit_exit_notification_init(), send_push_options(), send_push_reply(), send_push_request(), and send_restart().
◆ send_control_channel_string_dowork()
| bool send_control_channel_string_dowork | ( | struct tls_session * | session, |
| const char * | str, | ||
| int | msglevel | ||
| ) |
Definition at line 402 of file forward.c.
References ASSERT, gc_free(), gc_new(), session::key, KS_PRIMARY, msg, sanitize_control_message(), and tls_send_payload().
Referenced by send_auth_failed(), send_auth_pending_messages(), send_control_channel_string(), and send_push_reply_auth_token().
◆ socks_postprocess_incoming_link()
|
inlinestatic |
Definition at line 913 of file forward.c.
References context_2::buf, context::c2, context_2::from, link_socket::info, context_2::link_socket, link_socket_info::proto, PROTO_UDP, socks_process_incoming_udp(), and link_socket::socks_proxy.
Referenced by read_incoming_link().
◆ socks_preprocess_outgoing_link()
|
inlinestatic |
Definition at line 922 of file forward.c.
References context::c2, link_socket::info, context_2::link_socket, link_socket_info::proto, PROTO_UDP, socks_process_outgoing_udp(), link_socket::socks_proxy, link_socket::socks_relay, context_2::to_link, and context_2::to_link_addr.
Referenced by process_outgoing_link().
Variable Documentation
◆ link_read_bytes_global
| counter_type link_read_bytes_global |
Definition at line 49 of file forward.c.
Referenced by man_load_stats(), and process_incoming_link_part1().
◆ link_write_bytes_global
| counter_type link_write_bytes_global |
Definition at line 50 of file forward.c.
Referenced by man_load_stats(), and process_outgoing_link().
