|
OpenVPN
|
This module controls the processing of packets as they pass through the data channel. More...
Functions | |
| void | encrypt_sign (struct context *c, bool comp_frag) |
| Process a data channel packet that will be sent through a VPN tunnel. More... | |
This module controls the processing of packets as they pass through the data channel.
The Data Channel Control module controls the processing of packets as they pass through the data channel. The processing includes packet compression, fragmentation, and the performing of security operations on the packets. This module does not do the processing itself, but passes the packet to other data channel modules to perform the appropriate actions.
Packets can travel in two directions through the data channel. They can be going to a remote destination which is reachable through a VPN tunnel, in which case this module prepares them to be sent out through a VPN tunnel. On the other hand, they can have been received through a VPN tunnel from a remote OpenVPN peer, in which case this module retrieves the packet in its original form as it was before entering the VPN tunnel on the remote OpenVPN peer. How this module processes packets traveling in the two directions is discussed in more detail below.
encrypt_sign(), which performs the following processing steps:encrypt_sign() documentation for details of these interactions.process_incoming_link(). That function, however, also performs some of the tasks required for the External Multiplexer and is therefore listed as part of that module, instead of here.process_incoming_link() function has determined that a received packet is a data channel packet, it performs the following processing steps:process_incoming_link() documentation for details of these interactions.| void encrypt_sign | ( | struct context * | c, |
| bool | comp_frag | ||
| ) |
Process a data channel packet that will be sent through a VPN tunnel.
This function controls the processing of a data channel packet which will be sent through a VPN tunnel to a remote OpenVPN peer. It's general structure is as follows:
lzo_compress() of the Channel Compression module to (possibly) compress the packet.fragment_outgoing() of the Channel Fragmentation module to (possibly) fragment the packet.tls_pre_encrypt() to choose the appropriate security parameters for this packet.openvpn_encrypt() to encrypt and HMAC signed the packet.tls_post_encrypt() to prepend the one-byte OpenVPN header and do some TLS accounting.c->c2.to_link so that it can be sent over the external network interface to its remote destination by the External Multiplexer.| c | - The context structure of the VPN tunnel associated with this packet. |
| comp_frag | - Whether to do packet compression and fragmentation. This flag is set to true the first time a packet is processed. If the packet then gets fragmented, this function will be called again once for each remaining fragment with this parameter set to false. |
Definition at line 646 of file forward.c.
References ASSERT, frame::buf, context_2::buf, buf_init, buffer_turnover(), context_2::buffers, context::c2, CAS_CONNECT_DONE, context_2::crypto_options, buffer::data, dco_enabled(), context_buffers::encrypt_buf, context_2::fragment, fragment_outgoing(), context_2::frame, context_2::frame_fragment, get_link_socket_info(), frame::headroom, buffer::len, link_socket_get_outgoing_addr(), M_WARN, msg, tls_multi::multi_state, openvpn_encrypt(), context::options, context_buffers::read_tun_buf, context_2::tls_multi, tls_post_encrypt(), tls_pre_encrypt(), tls_prepend_opcode_v1(), tls_prepend_opcode_v2(), context_2::to_link, context_2::to_link_addr, and tls_multi::use_peer_id.
Referenced by check_fragment(), check_ping_send_dowork(), check_send_occ_msg_dowork(), multi_get_queue(), and process_incoming_tun().
1.8.17