OpenVPN
gremlin.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23/*
24 * Test protocol robustness by simulating dropped packets and
25 * network outages when the --gremlin option is used.
26 */
27
28#ifdef HAVE_CONFIG_H
29#include "config.h"
30#endif
31
32#include "syshead.h"
33
34#ifdef ENABLE_DEBUG
35
36#include "error.h"
37#include "common.h"
38#include "crypto.h"
39#include "misc.h"
40#include "otime.h"
41#include "gremlin.h"
42
43#include "memdbg.h"
44
45/*
46 * Parameters for packet corruption and droppage.
47 * Each parameter has 4 possible levels, 0 = disabled,
48 * while 1, 2, and 3 are enumerated in the below arrays.
49 * The parameter is a 2-bit field within the --gremlin
50 * parameter.
51 */
52
53/*
54 * Probability that we will drop a packet is 1 / n
55 */
56static const int drop_freq[] = { 500, 100, 50 };
57
58/*
59 * Probability that we will corrupt a packet is 1 / n
60 */
61static const int corrupt_freq[] = { 500, 100, 50 };
62
63/*
64 * When network goes up, it will be up for between
65 * UP_LOW and UP_HIGH seconds.
66 */
67static const int up_low[] = { 60, 10, 5 };
68static const int up_high[] = { 600, 60, 10 };
69
70/*
71 * When network goes down, it will be down for between
72 * DOWN_LOW and DOWN_HIGH seconds.
73 */
74static const int down_low[] = { 5, 10, 10 };
75static const int down_high[] = { 10, 60, 120 };
76
77/*
78 * Packet flood levels:
79 * { number of packets, packet size }
80 */
81static const struct packet_flood_parms packet_flood_data[] = { { 10, 100 },
82 { 10, 1500 },
83 { 100, 1500 } };
84
85struct packet_flood_parms
86get_packet_flood_parms(int level)
87{
88 ASSERT(level > 0 && level < 4);
89 return packet_flood_data[level - 1];
90}
91
92/*
93 * Return true with probability 1/n
94 */
95static bool
96flip(int n)
97{
98 return (get_random() % n) == 0;
99}
100
101#if defined(__GNUC__) || defined(__clang__)
102#pragma GCC diagnostic push
103#pragma GCC diagnostic ignored "-Wconversion"
104#endif
105
106/*
107 * Return uniformly distributed random number between
108 * low and high.
109 */
110static int
111roll(int low, int high)
112{
113 int ret;
114 ASSERT(low <= high);
115 ret = low + (get_random() % (high - low + 1));
116 ASSERT(ret >= low && ret <= high);
117 return ret;
118}
119
120static bool initialized; /* GLOBAL */
121static bool up; /* GLOBAL */
122static time_t next; /* GLOBAL */
123
124/*
125 * Return false if we should drop a packet.
126 */
127bool
128ask_gremlin(int flags)
129{
130 const int up_down_level = GREMLIN_UP_DOWN_LEVEL(flags);
131 const int drop_level = GREMLIN_DROP_LEVEL(flags);
132
133 if (!initialized)
134 {
135 initialized = true;
136
137 if (up_down_level)
138 {
139 up = false;
140 }
141 else
142 {
143 up = true;
144 }
145
146 next = now;
147 }
148
149 if (up_down_level) /* change up/down state? */
150 {
151 if (now >= next)
152 {
153 int delta;
154 if (up)
155 {
156 delta = roll(down_low[up_down_level - 1], down_high[up_down_level - 1]);
157 up = false;
158 }
159 else
160 {
161 delta = roll(up_low[up_down_level - 1], up_high[up_down_level - 1]);
162 up = true;
163 }
164
165 msg(D_GREMLIN, "GREMLIN: CONNECTION GOING %s FOR %d SECONDS", (up ? "UP" : "DOWN"),
166 delta);
167 next = now + delta;
168 }
169 }
170
171 if (drop_level)
172 {
173 if (up && flip(drop_freq[drop_level - 1]))
174 {
175 dmsg(D_GREMLIN_VERBOSE, "GREMLIN: Random packet drop");
176 return false;
177 }
178 }
179
180 return up;
181}
182
183/*
184 * Possibly corrupt a packet.
185 */
186void
187corrupt_gremlin(struct buffer *buf, int flags)
188{
189 const int corrupt_level = GREMLIN_CORRUPT_LEVEL(flags);
190 if (corrupt_level)
191 {
192 if (flip(corrupt_freq[corrupt_level - 1]))
193 {
194 do
195 {
196 if (buf->len > 0)
197 {
198 uint8_t r = roll(0, 255);
199 int method = roll(0, 5);
200
201 switch (method)
202 {
203 case 0: /* corrupt the first byte */
204 *BPTR(buf) = r;
205 break;
206
207 case 1: /* corrupt the last byte */
208 *(BPTR(buf) + buf->len - 1) = r;
209 break;
210
211 case 2: /* corrupt a random byte */
212 *(BPTR(buf) + roll(0, buf->len - 1)) = r;
213 break;
214
215 case 3: /* append a random byte */
216 buf_write(buf, &r, 1);
217 break;
218
219 case 4: /* reduce length by 1 */
220 --buf->len;
221 break;
222
223 case 5: /* reduce length by a random amount */
224 buf->len -= roll(0, buf->len - 1);
225 break;
226 }
227 dmsg(D_GREMLIN_VERBOSE, "GREMLIN: Packet Corruption, method=%d", method);
228 }
229 else
230 {
231 break;
232 }
233 } while (flip(2)); /* a 50% chance we will corrupt again */
234 }
235 }
236}
237
238#if defined(__GNUC__) || defined(__clang__)
239#pragma GCC diagnostic pop
240#endif
241
242#endif /* ifdef ENABLE_DEBUG */
#define BPTR(buf)
Definition buffer.h:123
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
long int get_random(void)
Definition crypto.c:1725
Data Channel Cryptography Module.
#define D_GREMLIN_VERBOSE
Definition errlevel.h:159
#define D_GREMLIN
Definition errlevel.h:77
#define dmsg(flags,...)
Definition error.h:172
#define msg(flags,...)
Definition error.h:152
#define ASSERT(x)
Definition error.h:219
time_t now
Definition otime.c:33
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65