OpenVPN
Functions
Data Channel Control module

This module controls the processing of packets as they pass through the data channel. More...

Functions

void encrypt_sign (struct context *c, bool comp_frag)
 Process a data channel packet that will be sent through a VPN tunnel. More...
 

Detailed Description

This module controls the processing of packets as they pass through the data channel.

The Data Channel Control module controls the processing of packets as they pass through the data channel. The processing includes packet compression, fragmentation, and the performing of security operations on the packets. This module does not do the processing itself, but passes the packet to other data channel modules to perform the appropriate actions.

Packets can travel in two directions through the data channel. They can be going to a remote destination which is reachable through a VPN tunnel, in which case this module prepares them to be sent out through a VPN tunnel. On the other hand, they can have been received through a VPN tunnel from a remote OpenVPN peer, in which case this module retrieves the packet in its original form as it was before entering the VPN tunnel on the remote OpenVPN peer. How this module processes packets traveling in the two directions is discussed in more detail below.

Packets to be sent to a remote OpenVPN peer
This module's main function for processing packets traveling in this direction is encrypt_sign(), which performs the following processing steps:
See the encrypt_sign() documentation for details of these interactions.
After the above processing is complete, the packet is ready to be sent to a remote OpenVPN peer as a VPN tunnel packet. The actual sending of the packet is handled by the External Multiplexer.
Packets received from a remote OpenVPN peer
The function that controls how packets traveling in this direction are processed is process_incoming_link(). That function, however, also performs some of the tasks required for the External Multiplexer and is therefore listed as part of that module, instead of here.
After the process_incoming_link() function has determined that a received packet is a data channel packet, it performs the following processing steps:
See the process_incoming_link() documentation for details of these interactions.
After the above processing is complete, the packet is in its original form again as it was received by the remote OpenVPN peer. It can now be routed further to its final destination. If that destination is a locally reachable host, then the Internal Multiplexer will send it there.

Function Documentation

◆ encrypt_sign()

void encrypt_sign ( struct context c,
bool  comp_frag 
)

Process a data channel packet that will be sent through a VPN tunnel.

This function controls the processing of a data channel packet which will be sent through a VPN tunnel to a remote OpenVPN peer. It's general structure is as follows:

Parameters
c- The context structure of the VPN tunnel associated with this packet.
comp_frag- Whether to do packet compression and fragmentation. This flag is set to true the first time a packet is processed. If the packet then gets fragmented, this function will be called again once for each remaining fragment with this parameter set to false.

Definition at line 646 of file forward.c.

References ASSERT, frame::buf, context_2::buf, buf_init, buffer_turnover(), context_2::buffers, context::c2, CAS_CONNECT_DONE, context_2::crypto_options, buffer::data, dco_enabled(), context_buffers::encrypt_buf, context_2::fragment, fragment_outgoing(), context_2::frame, context_2::frame_fragment, get_link_socket_info(), frame::headroom, buffer::len, link_socket_get_outgoing_addr(), M_WARN, msg, tls_multi::multi_state, openvpn_encrypt(), context::options, context_buffers::read_tun_buf, context_2::tls_multi, tls_post_encrypt(), tls_pre_encrypt(), tls_prepend_opcode_v1(), tls_prepend_opcode_v2(), context_2::to_link, context_2::to_link_addr, and tls_multi::use_peer_id.

Referenced by check_fragment(), check_ping_send_dowork(), check_send_occ_msg_dowork(), multi_get_queue(), and process_incoming_tun().