forward.h

Go to the documentation of this file.

/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
 
#ifndef FORWARD_H
#define FORWARD_H
 
/* the following macros must be defined before including any other header
 * file
 */
 
#define TUN_OUT(c)      (BLEN(&(c)->c2.to_tun) > 0)
#define LINK_OUT(c)     (BLEN(&(c)->c2.to_link) > 0)
#define ANY_OUT(c)      (TUN_OUT(c) || LINK_OUT(c))
 
#ifdef ENABLE_FRAGMENT
#define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))
#else
#define TO_LINK_FRAG(c) (false)
#endif
 
#define TO_LINK_DEF(c)  (LINK_OUT(c) || TO_LINK_FRAG(c))
 
#include "openvpn.h"
#include "occ.h"
#include "ping.h"
 
#define IOW_TO_TUN          (1<<0)
#define IOW_TO_LINK         (1<<1)
#define IOW_READ_TUN        (1<<2)
#define IOW_READ_LINK       (1<<3)
#define IOW_SHAPER          (1<<4)
#define IOW_CHECK_RESIDUAL  (1<<5)
#define IOW_FRAG            (1<<6)
#define IOW_MBUF            (1<<7)
#define IOW_READ_TUN_FORCE  (1<<8)
#define IOW_WAIT_SIGNAL     (1<<9)
 
#define IOW_READ            (IOW_READ_TUN|IOW_READ_LINK)
 
extern counter_type link_read_bytes_global;
 
extern counter_type link_write_bytes_global;
 
void io_wait_dowork(struct context *c, const unsigned int flags);
 
void pre_select(struct context *c);
 
void process_io(struct context *c);
 
/**********************************************************************/
void encrypt_sign(struct context *c, bool comp_frag);
 
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);
 
/**********************************************************************/
void read_incoming_link(struct context *c);
 
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);
 
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf);
 
void process_outgoing_link(struct context *c);
 
 
/**************************************************************************/
void read_incoming_tun(struct context *c);
 
 
void process_incoming_tun(struct context *c);
 
 
void process_outgoing_tun(struct context *c);
 
 
/**************************************************************************/
 
/*
 * Send a string to remote over the TLS control channel.
 * Used for push/pull messages, passing username/password,
 * etc.
 * @param c          - The context structure of the VPN tunnel associated with
 *                     the packet.
 * @param str        - The message to be sent
 * @param msglevel   - Message level to use for logging
 */
bool
send_control_channel_string(struct context *c, const char *str, int msglevel);
 
/*
 * Send a string to remote over the TLS control channel.
 * Used for push/pull messages, auth pending and other clear text
 * control messages.
 *
 * This variant does not schedule the actual sending of the message
 * The caller needs to ensure that it is scheduled or call
 * send_control_channel_string
 *
 * @param session    - The session structure of the VPN tunnel associated
 *                     with the packet. The method will always use the
 *                     primary key (KS_PRIMARY) for sending the message
 * @param str        - The message to be sent
 * @param msglevel   - Message level to use for logging
 */
 
bool
send_control_channel_string_dowork(struct tls_session *session,
                                   const char *str, int msglevel);
 
 
void reschedule_multi_process(struct context *c);
 
#define PIPV4_PASSTOS                   (1<<0)
#define PIP_MSSFIX                      (1<<1)         /* v4 and v6 */
#define PIP_OUTGOING                    (1<<2)
#define PIPV4_EXTRACT_DHCP_ROUTER       (1<<3)
#define PIPV4_CLIENT_NAT                (1<<4)
#define PIPV6_IMCP_NOHOST_CLIENT        (1<<5)
#define PIPV6_IMCP_NOHOST_SERVER        (1<<6)
 
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf);
 
void schedule_exit(struct context *c, const int n_seconds, const int signal);
 
static inline struct link_socket_info *
get_link_socket_info(struct context *c)
{
    if (c->c2.link_socket_info)
    {
        return c->c2.link_socket_info;
    }
    else
    {
        return &c->c2.link_socket->info;
    }
}
 
static inline void
register_activity(struct context *c, const int size)
{
    if (c->options.inactivity_timeout)
    {
        c->c2.inactivity_bytes += size;
        if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes)
        {
            c->c2.inactivity_bytes = 0;
            event_timeout_reset(&c->c2.inactivity_interval);
        }
    }
}
 
/*
 * Return the io_wait() flags appropriate for
 * a point-to-point tunnel.
 */
static inline unsigned int
p2p_iow_flags(const struct context *c)
{
    unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL);
    if (c->c2.to_link.len > 0)
    {
        flags |= IOW_TO_LINK;
    }
    if (c->c2.to_tun.len > 0)
    {
        flags |= IOW_TO_TUN;
    }
#ifdef _WIN32
    if (tuntap_ring_empty(c->c1.tuntap))
    {
        flags &= ~IOW_READ_TUN;
    }
#endif
    return flags;
}
 
/*
 * This is the core I/O wait function, used for all I/O waits except
 * for TCP in server mode.
 */
static inline void
io_wait(struct context *c, const unsigned int flags)
{
    if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF)))
    {
        /* fast path -- only for TUN/TAP/UDP writes */
        unsigned int ret = 0;
        if (flags & IOW_TO_TUN)
        {
            ret |= TUN_WRITE;
        }
        if (flags & (IOW_TO_LINK|IOW_MBUF))
        {
            ret |= SOCKET_WRITE;
        }
        c->c2.event_set_status = ret;
    }
    else
    {
#ifdef _WIN32
        bool skip_iowait = flags & IOW_TO_TUN;
        if (flags & IOW_READ_TUN)
        {
            /*
             * don't read from tun if we have pending write to link,
             * since every tun read overwrites to_link buffer filled
             * by previous tun read
             */
            skip_iowait = !(flags & IOW_TO_LINK);
        }
        if (tuntap_is_wintun(c->c1.tuntap) && skip_iowait)
        {
            unsigned int ret = 0;
            if (flags & IOW_TO_TUN)
            {
                ret |= TUN_WRITE;
            }
            if (flags & IOW_READ_TUN)
            {
                ret |= TUN_READ;
            }
            c->c2.event_set_status = ret;
        }
        else
#endif /* ifdef _WIN32 */
        {
            /* slow path */
            io_wait_dowork(c, flags);
        }
    }
}
 
static inline bool
connection_established(struct context *c)
{
    if (c->c2.tls_multi)
    {
        return c->c2.tls_multi->multi_state >= CAS_WAITING_OPTIONS_IMPORT;
    }
    else
    {
        return get_link_socket_info(c)->connection_established;
    }
}
 
#endif /* FORWARD_H */