OpenVPN
mtcp.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include "multi.h"
30#include "forward.h"
31#include "mtcp.h"
32#include "multi_io.h"
33
34#include "memdbg.h"
35
36#ifdef HAVE_SYS_INOTIFY_H
37#include <sys/inotify.h>
38#endif
39
40struct ta_iow_flags
41{
42 unsigned int flags;
43 unsigned int ret;
44 unsigned int tun;
45 unsigned int sock;
46};
47
48#if defined(__GNUC__) || defined(__clang__)
49#pragma GCC diagnostic push
50#pragma GCC diagnostic ignored "-Wconversion"
51#endif
52
53struct multi_instance *
54multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
55{
56 struct gc_arena gc = gc_new();
57 struct multi_instance *mi = NULL;
58 struct hash *hash = m->hash;
59
60 mi = multi_create_instance(m, NULL, sock);
61 if (mi)
62 {
63 mi->real.proto = sock->info.proto;
64 struct hash_element *he;
65 const uint32_t hv = hash_value(hash, &mi->real);
66 struct hash_bucket *bucket = hash_bucket(hash, hv);
67
68 multi_assign_peer_id(m, mi);
69
70 he = hash_lookup_fast(hash, bucket, &mi->real, hv);
71
72 if (he)
73 {
74 struct multi_instance *oldmi = (struct multi_instance *)he->value;
75 msg(D_MULTI_LOW,
76 "MULTI TCP: new incoming client address matches existing client address -- new client takes precedence");
77 oldmi->did_real_hash = false;
78 multi_close_instance(m, oldmi, false);
79 he->key = &mi->real;
80 he->value = mi;
81 }
82 else
83 {
84 hash_add_fast(hash, bucket, &mi->real, hv, mi);
85 }
86
87 mi->did_real_hash = true;
88 }
89
90#ifdef ENABLE_DEBUG
91 if (mi)
92 {
93 dmsg(D_MULTI_DEBUG, "MULTI TCP: instance added: %s", mroute_addr_print(&mi->real, &gc));
94 }
95 else
96 {
97 dmsg(D_MULTI_DEBUG, "MULTI TCP: new client instance failed");
98 }
99#endif
100
101 gc_free(&gc);
102 ASSERT(!(mi && mi->halt));
103 return mi;
104}
105
106bool
107multi_tcp_instance_specific_init(struct multi_context *m, struct multi_instance *mi)
108{
109 /* buffer for queued TCP socket output packets */
110 mi->tcp_link_out_deferred = mbuf_init(m->top.options.n_bcast_buf);
111
112 ASSERT(mi->context.c2.link_sockets);
113 ASSERT(mi->context.c2.link_sockets[0]);
114 ASSERT(mi->context.c2.link_sockets[0]->info.lsa);
115 ASSERT(mi->context.c2.link_sockets[0]->mode == LS_MODE_TCP_ACCEPT_FROM);
116 ASSERT(mi->context.c2.link_sockets[0]->info.lsa->actual.dest.addr.sa.sa_family == AF_INET
117 || mi->context.c2.link_sockets[0]->info.lsa->actual.dest.addr.sa.sa_family == AF_INET6);
118 mi->real.proto = mi->context.c2.link_sockets[0]->info.proto;
119 if (!mroute_extract_openvpn_sockaddr(
120 &mi->real, &mi->context.c2.link_sockets[0]->info.lsa->actual.dest, true))
121 {
122 msg(D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined");
123 return false;
124 }
125 return true;
126}
127
128#if defined(__GNUC__) || defined(__clang__)
129#pragma GCC diagnostic pop
130#endif
131
132void
137
138void
139multi_tcp_delete_event(struct multi_io *multi_io, event_t event)
140{
141 if (multi_io && multi_io->es)
142 {
143 event_del(multi_io->es, event);
144 }
145}
146
147void
148multi_tcp_dereference_instance(struct multi_io *multi_io, struct multi_instance *mi)
149{
150 struct link_socket *sock = mi->context.c2.link_sockets[0];
151 if (sock && mi->socket_set_called)
152 {
153 event_del(multi_io->es, socket_event_handle(sock));
154 mi->socket_set_called = false;
155 }
156 multi_io->n_esr = 0;
157}
158
159bool
160multi_tcp_process_outgoing_link_ready(struct multi_context *m, struct multi_instance *mi,
161 const unsigned int mpp_flags)
162{
163 struct mbuf_item item;
164 bool ret = true;
165 ASSERT(mi);
166
167 /* extract from queue */
168 if (mbuf_extract_item(mi->tcp_link_out_deferred, &item)) /* ciphertext IP packet */
169 {
170 dmsg(D_MULTI_TCP, "MULTI TCP: transmitting previously deferred packet");
171
172 ASSERT(mi == item.instance);
173 mi->context.c2.to_link = item.buffer->buf;
174 ret = multi_process_outgoing_link_dowork(m, mi, mpp_flags);
175 if (!ret)
176 {
177 mi = NULL;
178 }
179 mbuf_free_buf(item.buffer);
180 }
181 return ret;
182}
183
184bool
185multi_tcp_process_outgoing_link(struct multi_context *m, bool defer, const unsigned int mpp_flags)
186{
187 struct multi_instance *mi = multi_process_outgoing_link_pre(m);
188 bool ret = true;
189
190 if (mi)
191 {
192 if ((defer && !proto_is_dgram(mi->context.c2.link_sockets[0]->info.proto))
193 || mbuf_defined(mi->tcp_link_out_deferred))
194 {
195 /* save to queue */
196 struct buffer *buf = &mi->context.c2.to_link;
197 if (BLEN(buf) > 0)
198 {
199 struct mbuf_buffer *mb = mbuf_alloc_buf(buf);
200 struct mbuf_item item;
201
202 set_prefix(mi);
203 dmsg(D_MULTI_TCP, "MULTI TCP: queuing deferred packet");
204 item.buffer = mb;
205 item.instance = mi;
206 mbuf_add_item(mi->tcp_link_out_deferred, &item);
207 mbuf_free_buf(mb);
208 buf_reset(buf);
209 ret = multi_process_post(m, mi, mpp_flags);
210 if (!ret)
211 {
212 mi = NULL;
213 }
214 clear_prefix();
215 }
216 }
217 else
218 {
219 ret = multi_process_outgoing_link_dowork(m, mi, mpp_flags);
220 if (!ret)
221 {
222 mi = NULL;
223 }
224 }
225 }
226 return ret;
227}
buf_reset
static void buf_reset(struct buffer *buf)
Definition buffer.h:303
BLEN
#define BLEN(buf)
Definition buffer.h:126
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1007
D_MULTI_ERRORS
#define D_MULTI_ERRORS
Definition errlevel.h:64
D_MULTI_DEBUG
#define D_MULTI_DEBUG
Definition errlevel.h:126
D_MULTI_TCP
#define D_MULTI_TCP
Definition errlevel.h:162
D_MULTI_LOW
#define D_MULTI_LOW
Definition errlevel.h:85
event_del
static void event_del(struct event_set *es, event_t event)
Definition event.h:177
forward.h
Interface functions to the internal and external multiplexers.
hash_lookup_fast
struct hash_element * hash_lookup_fast(struct hash *hash, struct hash_bucket *bucket, const void *key, uint32_t hv)
Definition list.c:79
hash_value
static uint32_t hash_value(const struct hash *hash, const void *key)
Definition list.h:104
hash_add_fast
static void hash_add_fast(struct hash *hash, struct hash_bucket *bucket, const void *key, uint32_t hv, void *value)
Definition list.h:146
mbuf_add_item
void mbuf_add_item(struct mbuf_set *ms, const struct mbuf_item *item)
Definition mbuf.c:97
mbuf_alloc_buf
struct mbuf_buffer * mbuf_alloc_buf(const struct buffer *buf)
Definition mbuf.c:73
mbuf_free_buf
void mbuf_free_buf(struct mbuf_buffer *mb)
Definition mbuf.c:84
mbuf_extract_item
bool mbuf_extract_item(struct mbuf_set *ms, struct mbuf_item *item)
Definition mbuf.c:119
mbuf_free
void mbuf_free(struct mbuf_set *ms)
Definition mbuf.c:57
mbuf_init
struct mbuf_set * mbuf_init(unsigned int size)
Definition mbuf.c:43
mbuf_defined
static bool mbuf_defined(const struct mbuf_set *ms)
Definition mbuf.h:79
mroute_extract_openvpn_sockaddr
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr, const struct openvpn_sockaddr *osaddr, bool use_port)
Definition mroute.c:259
mroute_addr_print
const char * mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc)
Definition mroute.c:376
multi_tcp_instance_specific_free
void multi_tcp_instance_specific_free(struct multi_instance *mi)
Definition mtcp.c:133
multi_create_instance_tcp
struct multi_instance * multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
Definition mtcp.c:54
multi_tcp_delete_event
void multi_tcp_delete_event(struct multi_io *multi_io, event_t event)
Definition mtcp.c:139
multi_tcp_instance_specific_init
bool multi_tcp_instance_specific_init(struct multi_context *m, struct multi_instance *mi)
Definition mtcp.c:107
multi_tcp_process_outgoing_link
bool multi_tcp_process_outgoing_link(struct multi_context *m, bool defer, const unsigned int mpp_flags)
Definition mtcp.c:185
multi_tcp_process_outgoing_link_ready
bool multi_tcp_process_outgoing_link_ready(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
Definition mtcp.c:160
multi_tcp_dereference_instance
void multi_tcp_dereference_instance(struct multi_io *multi_io, struct multi_instance *mi)
Definition mtcp.c:148
multi_create_instance
struct multi_instance * multi_create_instance(struct multi_context *m, const struct mroute_addr *real, struct link_socket *sock)
Definition multi.c:731
multi_process_post
bool multi_process_post(struct multi_context *m, struct multi_instance *mi, const unsigned int flags)
Perform postprocessing of a VPN tunnel instance.
Definition multi.c:3012
multi_close_instance
void multi_close_instance(struct multi_context *m, struct multi_instance *mi, bool shutdown)
Definition multi.c:581
multi_assign_peer_id
void multi_assign_peer_id(struct multi_context *m, struct multi_instance *mi)
Assigns a peer-id to a a client and adds the instance to the the instances array of the multi_context...
Definition multi.c:4153
multi.h
Header file for server-mode related structures and functions.
set_prefix
static void set_prefix(struct multi_instance *mi)
Definition multi.h:521
clear_prefix
static void clear_prefix(void)
Definition multi.h:533
multi_process_outgoing_link_pre
static struct multi_instance * multi_process_outgoing_link_pre(struct multi_context *m)
Definition multi.h:411
multi_process_outgoing_link_dowork
static bool multi_process_outgoing_link_dowork(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
Definition multi.h:658
multi_io.h
dmsg
#define dmsg(flags,...)
Definition error.h:172
msg
#define msg(flags,...)
Definition error.h:152
ASSERT
#define ASSERT(x)
Definition error.h:219
socket_event_handle
static event_t socket_event_handle(const struct link_socket *sock)
Definition socket.h:738
LS_MODE_TCP_ACCEPT_FROM
#define LS_MODE_TCP_ACCEPT_FROM
Definition socket.h:181
proto_is_dgram
static bool proto_is_dgram(int proto)
Return if the protocol is datagram (UDP)
Definition socket_util.h:206
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
context_2::to_link
struct buffer to_link
Definition openvpn.h:377
context_2::link_sockets
struct link_socket ** link_sockets
Definition openvpn.h:237
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:517
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:475
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
hash_bucket
Definition list.h:48
hash_element
Definition list.h:40
hash_element::value
void * value
Definition list.h:41
hash_element::key
const void * key
Definition list.h:42
hash
Definition list.h:53
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket_util.h:53
link_socket_addr::actual
struct link_socket_actual actual
Definition socket.h:82
link_socket_info::lsa
struct link_socket_addr * lsa
Definition socket.h:87
link_socket_info::proto
int proto
Definition socket.h:92
link_socket
Definition socket.h:148
link_socket::info
struct link_socket_info info
Definition socket.h:149
link_socket::mode
int mode
Definition socket.h:182
mbuf_buffer
Definition mbuf.h:41
mbuf_buffer::buf
struct buffer buf
Definition mbuf.h:42
mbuf_item
Definition mbuf.h:50
mbuf_item::buffer
struct mbuf_buffer * buffer
Definition mbuf.h:51
mbuf_item::instance
struct multi_instance * instance
Definition mbuf.h:52
mroute_addr::proto
uint8_t proto
Definition mroute.h:80
multi_context
Main OpenVPN server state structure.
Definition multi.h:164
multi_context::hash
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition multi.h:168
multi_context::top
struct context top
Storage structure for process-wide configuration.
Definition multi.h:203
multi_instance
Server-mode state structure for one single VPN tunnel.
Definition multi.h:103
multi_instance::tcp_link_out_deferred
struct mbuf_set * tcp_link_out_deferred
Definition multi.h:129
multi_instance::real
struct mroute_addr real
External network address of the remote peer.
Definition multi.h:122
multi_instance::socket_set_called
bool socket_set_called
Definition multi.h:130
multi_instance::did_real_hash
bool did_real_hash
Definition multi.h:135
multi_instance::halt
bool halt
Definition multi.h:114
multi_instance::context
struct context context
The context structure storing state for this VPN tunnel.
Definition multi.h:144
multi_io
Definition multi_io.h:52
multi_io::es
struct event_set * es
Definition multi_io.h:53
multi_io::n_esr
int n_esr
Definition multi_io.h:55
openvpn_sockaddr::addr
union openvpn_sockaddr::@27 addr
openvpn_sockaddr::sa
struct sockaddr sa
Definition socket_util.h:42
options::n_bcast_buf
int n_bcast_buf
Definition options.h:512
rw_handle
Definition win32.h:80
ta_iow_flags
Definition mtcp.c:41
ta_iow_flags::flags
unsigned int flags
Definition mtcp.c:42
ta_iow_flags::ret
unsigned int ret
Definition mtcp.c:43
ta_iow_flags::tun
unsigned int tun
Definition mtcp.c:44
ta_iow_flags::sock
unsigned int sock
Definition mtcp.c:45
gc
struct gc_arena gc
Definition test_ssl.c:131
Generated by doxygen 1.9.8