OpenVPN
forward.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 
31 #ifndef FORWARD_H
32 #define FORWARD_H
33 
34 /* the following macros must be defined before including any other header
35  * file
36  */
37 
38 #define TUN_OUT(c) (BLEN(&(c)->c2.to_tun) > 0)
39 #define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0)
40 #define ANY_OUT(c) (TUN_OUT(c) || LINK_OUT(c))
41 
42 #ifdef ENABLE_FRAGMENT
43 #define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))
44 #else
45 #define TO_LINK_FRAG(c) (false)
46 #endif
47 
48 #define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c))
49 
50 #include "openvpn.h"
51 #include "occ.h"
52 #include "ping.h"
53 
54 #define IOW_TO_TUN (1<<0)
55 #define IOW_TO_LINK (1<<1)
56 #define IOW_READ_TUN (1<<2)
57 #define IOW_READ_LINK (1<<3)
58 #define IOW_SHAPER (1<<4)
59 #define IOW_CHECK_RESIDUAL (1<<5)
60 #define IOW_FRAG (1<<6)
61 #define IOW_MBUF (1<<7)
62 #define IOW_READ_TUN_FORCE (1<<8)
63 #define IOW_WAIT_SIGNAL (1<<9)
64 
65 #define IOW_READ (IOW_READ_TUN|IOW_READ_LINK)
66 
68 
70 
71 void check_tls(struct context *c);
72 
73 void check_tls_errors_co(struct context *c);
74 
75 void check_tls_errors_nco(struct context *c);
76 
78 
79 void check_scheduled_exit(struct context *c);
80 
81 void check_push_request(struct context *c);
82 
83 #ifdef ENABLE_FRAGMENT
84 void check_fragment(struct context *c);
85 
86 #endif /* ENABLE_FRAGMENT */
87 
89 
90 void check_add_routes(struct context *c);
91 
92 void check_inactivity_timeout(struct context *c);
93 
94 void check_server_poll_timeout(struct context *c);
95 
96 void check_status_file(struct context *c);
97 
98 void io_wait_dowork(struct context *c, const unsigned int flags);
99 
100 void pre_select(struct context *c);
101 
102 void process_io(struct context *c);
103 
104 const char *wait_status_string(struct context *c, struct gc_arena *gc);
105 
106 void show_wait_status(struct context *c);
107 
108 
109 /**********************************************************************/
142 void encrypt_sign(struct context *c, bool comp_frag);
143 
144 int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);
145 
146 /**********************************************************************/
166 void read_incoming_link(struct context *c);
167 
194 bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);
195 
221 void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf);
222 
235 void process_outgoing_link(struct context *c);
236 
237 
238 /**************************************************************************/
251 void read_incoming_tun(struct context *c);
252 
253 
266 void process_incoming_tun(struct context *c);
267 
268 
281 void process_outgoing_tun(struct context *c);
282 
283 
284 /**************************************************************************/
285 
286 /*
287  * Send a string to remote over the TLS control channel.
288  * Used for push/pull messages, passing username/password,
289  * etc.
290  * @param c - The context structure of the VPN tunnel associated with
291  * the packet.
292  * @param str - The message to be sent
293  * @param msglevel - Message level to use for logging
294  */
295 bool
296 send_control_channel_string(struct context *c, const char *str, int msglevel);
297 
298 /*
299  * Send a string to remote over the TLS control channel.
300  * Used for push/pull messages, passing username/password,
301  * etc.
302  *
303  * This variant does not schedule the actual sending of the message
304  * The caller needs to ensure that it is scheduled or call
305  * send_control_channel_string
306  *
307  * @param multi - The tls_multi structure of the VPN tunnel associated
308  * with the packet.
309  * @param str - The message to be sent
310  * @param msglevel - Message level to use for logging
311  */
312 
313 bool
315  const char *str, int msglevel);
316 
317 
324 void reschedule_multi_process(struct context *c);
325 
326 #define PIPV4_PASSTOS (1<<0)
327 #define PIP_MSSFIX (1<<1) /* v4 and v6 */
328 #define PIP_OUTGOING (1<<2)
329 #define PIPV4_EXTRACT_DHCP_ROUTER (1<<3)
330 #define PIPV4_CLIENT_NAT (1<<4)
331 #define PIPV6_IMCP_NOHOST_CLIENT (1<<5)
332 #define PIPV6_IMCP_NOHOST_SERVER (1<<6)
333 
334 void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf);
335 
336 void schedule_exit(struct context *c, const int n_seconds, const int signal);
337 
338 static inline struct link_socket_info *
340 {
341  if (c->c2.link_socket_info)
342  {
343  return c->c2.link_socket_info;
344  }
345  else
346  {
347  return &c->c2.link_socket->info;
348  }
349 }
350 
351 static inline void
352 register_activity(struct context *c, const int size)
353 {
355  {
356  c->c2.inactivity_bytes += size;
358  {
359  c->c2.inactivity_bytes = 0;
361  }
362  }
363 }
364 
365 /*
366  * Return the io_wait() flags appropriate for
367  * a point-to-point tunnel.
368  */
369 static inline unsigned int
370 p2p_iow_flags(const struct context *c)
371 {
373  if (c->c2.to_link.len > 0)
374  {
375  flags |= IOW_TO_LINK;
376  }
377  if (c->c2.to_tun.len > 0)
378  {
379  flags |= IOW_TO_TUN;
380  }
381 #ifdef _WIN32
382  if (tuntap_ring_empty(c->c1.tuntap))
383  {
384  flags &= ~IOW_READ_TUN;
385  }
386 #endif
387  return flags;
388 }
389 
390 /*
391  * This is the core I/O wait function, used for all I/O waits except
392  * for TCP in server mode.
393  */
394 static inline void
395 io_wait(struct context *c, const unsigned int flags)
396 {
397  void io_wait_dowork(struct context *c, const unsigned int flags);
398 
399  if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF)))
400  {
401  /* fast path -- only for TUN/TAP/UDP writes */
402  unsigned int ret = 0;
403  if (flags & IOW_TO_TUN)
404  {
405  ret |= TUN_WRITE;
406  }
407  if (flags & (IOW_TO_LINK|IOW_MBUF))
408  {
409  ret |= SOCKET_WRITE;
410  }
411  c->c2.event_set_status = ret;
412  }
413  else
414  {
415 #ifdef _WIN32
416  bool skip_iowait = flags & IOW_TO_TUN;
417  if (flags & IOW_READ_TUN)
418  {
419  /*
420  * don't read from tun if we have pending write to link,
421  * since every tun read overwrites to_link buffer filled
422  * by previous tun read
423  */
424  skip_iowait = !(flags & IOW_TO_LINK);
425  }
426  if (tuntap_is_wintun(c->c1.tuntap) && skip_iowait)
427  {
428  unsigned int ret = 0;
429  if (flags & IOW_TO_TUN)
430  {
431  ret |= TUN_WRITE;
432  }
433  if (flags & IOW_READ_TUN)
434  {
435  ret |= TUN_READ;
436  }
437  c->c2.event_set_status = ret;
438  }
439  else
440 #endif /* ifdef _WIN32 */
441  {
442  /* slow path */
443  io_wait_dowork(c, flags);
444  }
445  }
446 }
447 
448 #define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established)
449 
450 #endif /* FORWARD_H */
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
Definition: forward.c:346
void check_push_request(struct context *c)
Definition: forward.c:262
static void register_activity(struct context *c, const int size)
Definition: forward.h:352
void check_server_poll_timeout(struct context *c)
Definition: forward.c:427
struct buffer to_link
Definition: openvpn.h:366
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:465
Contains all state information for one tunnel.
Definition: openvpn.h:463
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:533
int inactivity_minimum_bytes
Definition: options.h:293
struct link_socket_info * link_socket_info
Definition: openvpn.h:240
#define IOW_SHAPER
Definition: forward.h:58
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition: openvpn.h:168
#define IOW_TO_LINK
Definition: forward.h:55
void read_incoming_link(struct context *c)
Read a packet from the external network interface.
Definition: forward.c:802
void encrypt_sign(struct context *c, bool comp_frag)
Process a data channel packet that will be sent through a VPN tunnel.
Definition: forward.c:528
list flags
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void process_io(struct context *c)
Definition: forward.c:2071
void reschedule_multi_process(struct context *c)
Reschedule tls_multi_process.
Definition: forward.c:339
struct context_1 c1
Level 1 context.
Definition: openvpn.h:503
#define IOW_TO_TUN
Definition: forward.h:54
struct event_timeout inactivity_interval
Definition: openvpn.h:287
void pre_select(struct context *c)
Definition: forward.c:1792
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf)
Definition: forward.c:1452
static struct link_socket_info * get_link_socket_info(struct context *c)
Definition: forward.h:339
static void event_timeout_reset(struct event_timeout *et)
Definition: interval.h:174
void io_wait_dowork(struct context *c, const unsigned int flags)
Definition: forward.c:1864
void show_wait_status(struct context *c)
int inactivity_bytes
Definition: openvpn.h:288
#define IOW_MBUF
Definition: forward.h:61
void check_fragment(struct context *c)
Definition: forward.c:479
#define TUN_WRITE
Definition: event.h:66
uint64_t counter_type
Definition: common.h:30
#define IOW_FRAG
Definition: forward.h:60
static void io_wait(struct context *c, const unsigned int flags)
Definition: forward.h:395
void process_outgoing_link(struct context *c)
Write a packet to the external network interface.
Definition: forward.c:1551
struct link_socket * link_socket
Definition: openvpn.h:238
void check_inactivity_timeout(struct context *c)
Definition: forward.c:412
void check_connection_established(struct context *c)
Definition: forward.c:280
struct context_2 c2
Level 2 context.
Definition: openvpn.h:504
void read_incoming_tun(struct context *c)
Read a packet from the virtual tun/tap network interface.
Definition: forward.c:1101
static bool tuntap_is_wintun(struct tuntap *tt)
Definition: tun.h:235
#define IOW_WAIT_SIGNAL
Definition: forward.h:63
int inactivity_timeout
Definition: options.h:292
static bool tuntap_ring_empty(struct tuntap *tt)
Definition: tun.h:241
counter_type link_read_bytes_global
Definition: forward.c:50
void check_tls_errors_co(struct context *c)
Definition: forward.c:180
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define IOW_CHECK_RESIDUAL
Definition: forward.h:59
#define SOCKET_WRITE
Definition: event.h:63
void check_incoming_control_channel(struct context *c)
Definition: forward.c:197
bool fast_io
Definition: openvpn.h:411
void check_scheduled_exit(struct context *c)
Definition: forward.c:457
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
#define IOW_READ_TUN
Definition: forward.h:56
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf)
Continues processing a packet read from the external network interface.
Definition: forward.c:1000
void check_tls_errors_nco(struct context *c)
Definition: forward.c:187
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition: forward.c:419
static unsigned int p2p_iow_flags(const struct context *c)
Definition: forward.h:370
void check_tls(struct context *c)
Definition: forward.c:142
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated)
Starts processing a packet read from the external network interface.
Definition: forward.c:860
void check_add_routes(struct context *c)
Definition: forward.c:374
struct buffer to_tun
Definition: openvpn.h:365
bool send_control_channel_string_dowork(struct tls_multi *multi, const char *str, int msglevel)
Definition: forward.c:321
unsigned int event_set_status
Definition: openvpn.h:236
void process_incoming_tun(struct context *c)
Process a packet read from the virtual tun/tap network interface.
Definition: forward.c:1258
void check_status_file(struct context *c)
Definition: forward.c:466
#define TUN_READ
Definition: event.h:65
const char * wait_status_string(struct context *c, struct gc_arena *gc)
void process_outgoing_tun(struct context *c)
Write a packet to the virtual tun/tap network interface.
Definition: forward.c:1699
#define IOW_READ
Definition: forward.h:65
void schedule_exit(struct context *c, const int n_seconds, const int signal)
Definition: forward.c:443
counter_type link_write_bytes_global
Definition: forward.c:51