OpenVPN
forward.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 
31 #ifndef FORWARD_H
32 #define FORWARD_H
33 
34 /* the following macros must be defined before including any other header
35  * file
36  */
37 
38 #define TUN_OUT(c) (BLEN(&(c)->c2.to_tun) > 0)
39 #define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0)
40 #define ANY_OUT(c) (TUN_OUT(c) || LINK_OUT(c))
41 
42 #ifdef ENABLE_FRAGMENT
43 #define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))
44 #else
45 #define TO_LINK_FRAG(c) (false)
46 #endif
47 
48 #define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c))
49 
50 #include "openvpn.h"
51 #include "occ.h"
52 #include "ping.h"
53 
54 #define IOW_TO_TUN (1<<0)
55 #define IOW_TO_LINK (1<<1)
56 #define IOW_READ_TUN (1<<2)
57 #define IOW_READ_LINK (1<<3)
58 #define IOW_SHAPER (1<<4)
59 #define IOW_CHECK_RESIDUAL (1<<5)
60 #define IOW_FRAG (1<<6)
61 #define IOW_MBUF (1<<7)
62 #define IOW_READ_TUN_FORCE (1<<8)
63 #define IOW_WAIT_SIGNAL (1<<9)
64 
65 #define IOW_READ (IOW_READ_TUN|IOW_READ_LINK)
66 
68 
70 
71 void io_wait_dowork(struct context *c, const unsigned int flags);
72 
73 void pre_select(struct context *c);
74 
75 void process_io(struct context *c);
76 
77 /**********************************************************************/
110 void encrypt_sign(struct context *c, bool comp_frag);
111 
112 int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);
113 
114 /**********************************************************************/
134 void read_incoming_link(struct context *c);
135 
162 bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);
163 
189 void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf);
190 
203 void process_outgoing_link(struct context *c);
204 
205 
206 /**************************************************************************/
219 void read_incoming_tun(struct context *c);
220 
221 
234 void process_incoming_tun(struct context *c);
235 
236 
249 void process_outgoing_tun(struct context *c);
250 
251 
252 /**************************************************************************/
253 
254 /*
255  * Send a string to remote over the TLS control channel.
256  * Used for push/pull messages, passing username/password,
257  * etc.
258  * @param c - The context structure of the VPN tunnel associated with
259  * the packet.
260  * @param str - The message to be sent
261  * @param msglevel - Message level to use for logging
262  */
263 bool
264 send_control_channel_string(struct context *c, const char *str, int msglevel);
265 
266 /*
267  * Send a string to remote over the TLS control channel.
268  * Used for push/pull messages, passing username/password,
269  * etc.
270  *
271  * This variant does not schedule the actual sending of the message
272  * The caller needs to ensure that it is scheduled or call
273  * send_control_channel_string
274  *
275  * @param multi - The tls_multi structure of the VPN tunnel associated
276  * with the packet.
277  * @param str - The message to be sent
278  * @param msglevel - Message level to use for logging
279  */
280 
281 bool
283  const char *str, int msglevel);
284 
285 
292 void reschedule_multi_process(struct context *c);
293 
294 #define PIPV4_PASSTOS (1<<0)
295 #define PIP_MSSFIX (1<<1) /* v4 and v6 */
296 #define PIP_OUTGOING (1<<2)
297 #define PIPV4_EXTRACT_DHCP_ROUTER (1<<3)
298 #define PIPV4_CLIENT_NAT (1<<4)
299 #define PIPV6_IMCP_NOHOST_CLIENT (1<<5)
300 #define PIPV6_IMCP_NOHOST_SERVER (1<<6)
301 
302 void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf);
303 
304 void schedule_exit(struct context *c, const int n_seconds, const int signal);
305 
306 static inline struct link_socket_info *
308 {
309  if (c->c2.link_socket_info)
310  {
311  return c->c2.link_socket_info;
312  }
313  else
314  {
315  return &c->c2.link_socket->info;
316  }
317 }
318 
319 static inline void
320 register_activity(struct context *c, const int size)
321 {
323  {
324  c->c2.inactivity_bytes += size;
326  {
327  c->c2.inactivity_bytes = 0;
329  }
330  }
331 }
332 
333 /*
334  * Return the io_wait() flags appropriate for
335  * a point-to-point tunnel.
336  */
337 static inline unsigned int
338 p2p_iow_flags(const struct context *c)
339 {
341  if (c->c2.to_link.len > 0)
342  {
343  flags |= IOW_TO_LINK;
344  }
345  if (c->c2.to_tun.len > 0)
346  {
347  flags |= IOW_TO_TUN;
348  }
349 #ifdef _WIN32
350  if (tuntap_ring_empty(c->c1.tuntap))
351  {
352  flags &= ~IOW_READ_TUN;
353  }
354 #endif
355  return flags;
356 }
357 
358 /*
359  * This is the core I/O wait function, used for all I/O waits except
360  * for TCP in server mode.
361  */
362 static inline void
363 io_wait(struct context *c, const unsigned int flags)
364 {
365  if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF)))
366  {
367  /* fast path -- only for TUN/TAP/UDP writes */
368  unsigned int ret = 0;
369  if (flags & IOW_TO_TUN)
370  {
371  ret |= TUN_WRITE;
372  }
373  if (flags & (IOW_TO_LINK|IOW_MBUF))
374  {
375  ret |= SOCKET_WRITE;
376  }
377  c->c2.event_set_status = ret;
378  }
379  else
380  {
381 #ifdef _WIN32
382  bool skip_iowait = flags & IOW_TO_TUN;
383  if (flags & IOW_READ_TUN)
384  {
385  /*
386  * don't read from tun if we have pending write to link,
387  * since every tun read overwrites to_link buffer filled
388  * by previous tun read
389  */
390  skip_iowait = !(flags & IOW_TO_LINK);
391  }
392  if (tuntap_is_wintun(c->c1.tuntap) && skip_iowait)
393  {
394  unsigned int ret = 0;
395  if (flags & IOW_TO_TUN)
396  {
397  ret |= TUN_WRITE;
398  }
399  if (flags & IOW_READ_TUN)
400  {
401  ret |= TUN_READ;
402  }
403  c->c2.event_set_status = ret;
404  }
405  else
406 #endif /* ifdef _WIN32 */
407  {
408  /* slow path */
409  io_wait_dowork(c, flags);
410  }
411  }
412 }
413 
414 static inline bool
416 {
417  if (c->c2.tls_multi)
418  {
420  }
421  else
422  {
424  }
425 }
426 
427 #endif /* FORWARD_H */
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
Definition: forward.c:345
static void register_activity(struct context *c, const int size)
Definition: forward.h:320
struct buffer to_link
Definition: openvpn.h:367
static bool connection_established(struct context *c)
Definition: forward.h:415
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:463
Contains all state information for one tunnel.
Definition: openvpn.h:461
client with pull or p2p waiting for first time options import
Definition: ssl_common.h:548
enum multi_status multi_state
Definition: ssl_common.h:588
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:566
int inactivity_minimum_bytes
Definition: options.h:297
struct link_socket_info * link_socket_info
This variable is used instead link_socket->info for P2MP UDP childs.
Definition: openvpn.h:241
#define IOW_SHAPER
Definition: forward.h:58
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition: openvpn.h:167
#define IOW_TO_LINK
Definition: forward.h:55
void read_incoming_link(struct context *c)
Read a packet from the external network interface.
Definition: forward.c:793
void encrypt_sign(struct context *c, bool comp_frag)
Process a data channel packet that will be sent through a VPN tunnel.
Definition: forward.c:527
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void process_io(struct context *c)
Definition: forward.c:2062
void reschedule_multi_process(struct context *c)
Reschedule tls_multi_process.
Definition: forward.c:338
struct context_1 c1
Level 1 context.
Definition: openvpn.h:501
#define IOW_TO_TUN
Definition: forward.h:54
struct event_timeout inactivity_interval
Definition: openvpn.h:288
void pre_select(struct context *c)
Definition: forward.c:1783
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf)
Definition: forward.c:1443
static struct link_socket_info * get_link_socket_info(struct context *c)
Definition: forward.h:307
static void event_timeout_reset(struct event_timeout *et)
Definition: interval.h:174
void io_wait_dowork(struct context *c, const unsigned int flags)
Definition: forward.c:1855
int inactivity_bytes
Definition: openvpn.h:289
#define IOW_MBUF
Definition: forward.h:61
#define TUN_WRITE
Definition: event.h:66
uint64_t counter_type
Definition: common.h:30
#define IOW_FRAG
Definition: forward.h:60
static void io_wait(struct context *c, const unsigned int flags)
Definition: forward.h:363
void process_outgoing_link(struct context *c)
Write a packet to the external network interface.
Definition: forward.c:1542
struct link_socket * link_socket
Definition: openvpn.h:237
struct context_2 c2
Level 2 context.
Definition: openvpn.h:502
void read_incoming_tun(struct context *c)
Read a packet from the virtual tun/tap network interface.
Definition: forward.c:1092
static bool tuntap_is_wintun(struct tuntap *tt)
Definition: tun.h:235
#define IOW_WAIT_SIGNAL
Definition: forward.h:63
int inactivity_timeout
Definition: options.h:296
static bool tuntap_ring_empty(struct tuntap *tt)
Definition: tun.h:241
counter_type link_read_bytes_global
Definition: forward.c:49
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define IOW_CHECK_RESIDUAL
Definition: forward.h:59
#define SOCKET_WRITE
Definition: event.h:63
bool fast_io
Definition: openvpn.h:412
#define IOW_READ_TUN
Definition: forward.h:56
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf)
Continues processing a packet read from the external network interface.
Definition: forward.c:991
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition: forward.c:418
static unsigned int p2p_iow_flags(const struct context *c)
Definition: forward.h:338
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated)
Starts processing a packet read from the external network interface.
Definition: forward.c:851
struct buffer to_tun
Definition: openvpn.h:366
bool send_control_channel_string_dowork(struct tls_multi *multi, const char *str, int msglevel)
Definition: forward.c:320
unsigned int event_set_status
Definition: openvpn.h:235
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
Definition: openvpn.h:319
void process_incoming_tun(struct context *c)
Process a packet read from the virtual tun/tap network interface.
Definition: forward.c:1249
#define TUN_READ
Definition: event.h:65
void process_outgoing_tun(struct context *c)
Write a packet to the virtual tun/tap network interface.
Definition: forward.c:1690
#define IOW_READ
Definition: forward.h:65
void schedule_exit(struct context *c, const int n_seconds, const int signal)
Definition: forward.c:442
counter_type link_write_bytes_global
Definition: forward.c:50