OpenVPN
mtcp.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "syshead.h"
29 
30 #include "multi.h"
31 #include "forward.h"
32 #include "mtcp.h"
33 #include "multi_io.h"
34 
35 #include "memdbg.h"
36 
37 #ifdef HAVE_SYS_INOTIFY_H
38 #include <sys/inotify.h>
39 #endif
40 
41 struct ta_iow_flags
42 {
43  unsigned int flags;
44  unsigned int ret;
45  unsigned int tun;
46  unsigned int sock;
47 };
48 
49 struct multi_instance *
50 multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
51 {
52  struct gc_arena gc = gc_new();
53  struct multi_instance *mi = NULL;
54  struct hash *hash = m->hash;
55 
56  mi = multi_create_instance(m, NULL, sock);
57  if (mi)
58  {
59  mi->real.proto = sock->info.proto;
60  struct hash_element *he;
61  const uint32_t hv = hash_value(hash, &mi->real);
62  struct hash_bucket *bucket = hash_bucket(hash, hv);
63 
64  multi_assign_peer_id(m, mi);
65 
66  he = hash_lookup_fast(hash, bucket, &mi->real, hv);
67 
68  if (he)
69  {
70  struct multi_instance *oldmi = (struct multi_instance *) he->value;
71  msg(D_MULTI_LOW, "MULTI TCP: new incoming client address matches existing client address -- new client takes precedence");
72  oldmi->did_real_hash = false;
73  multi_close_instance(m, oldmi, false);
74  he->key = &mi->real;
75  he->value = mi;
76  }
77  else
78  {
79  hash_add_fast(hash, bucket, &mi->real, hv, mi);
80  }
81 
82  mi->did_real_hash = true;
83  }
84 
85 #ifdef ENABLE_DEBUG
86  if (mi)
87  {
88  dmsg(D_MULTI_DEBUG, "MULTI TCP: instance added: %s", mroute_addr_print(&mi->real, &gc));
89  }
90  else
91  {
92  dmsg(D_MULTI_DEBUG, "MULTI TCP: new client instance failed");
93  }
94 #endif
95 
96  gc_free(&gc);
97  ASSERT(!(mi && mi->halt));
98  return mi;
99 }
100 
101 bool
102 multi_tcp_instance_specific_init(struct multi_context *m, struct multi_instance *mi)
103 {
104  /* buffer for queued TCP socket output packets */
105  mi->tcp_link_out_deferred = mbuf_init(m->top.options.n_bcast_buf);
106 
107  ASSERT(mi->context.c2.link_sockets);
108  ASSERT(mi->context.c2.link_sockets[0]);
109  ASSERT(mi->context.c2.link_sockets[0]->info.lsa);
110  ASSERT(mi->context.c2.link_sockets[0]->mode == LS_MODE_TCP_ACCEPT_FROM);
111  ASSERT(mi->context.c2.link_sockets[0]->info.lsa->actual.dest.addr.sa.sa_family == AF_INET
112  || mi->context.c2.link_sockets[0]->info.lsa->actual.dest.addr.sa.sa_family == AF_INET6
113  );
114  mi->real.proto = mi->context.c2.link_sockets[0]->info.proto;
115  if (!mroute_extract_openvpn_sockaddr(&mi->real,
116  &mi->context.c2.link_sockets[0]->info.lsa->actual.dest,
117  true))
118  {
119  msg(D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined");
120  return false;
121  }
122  return true;
123 }
124 
125 void
126 multi_tcp_instance_specific_free(struct multi_instance *mi)
127 {
128  mbuf_free(mi->tcp_link_out_deferred);
129 }
130 
131 void
132 multi_tcp_delete_event(struct multi_io *multi_io, event_t event)
133 {
134  if (multi_io && multi_io->es)
135  {
136  event_del(multi_io->es, event);
137  }
138 }
139 
140 void
141 multi_tcp_dereference_instance(struct multi_io *multi_io, struct multi_instance *mi)
142 {
143  struct link_socket *sock = mi->context.c2.link_sockets[0];
144  if (sock && mi->socket_set_called)
145  {
146  event_del(multi_io->es, socket_event_handle(sock));
147  mi->socket_set_called = false;
148  }
149  multi_io->n_esr = 0;
150 }
151 
152 bool
153 multi_tcp_process_outgoing_link_ready(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
154 {
155  struct mbuf_item item;
156  bool ret = true;
157  ASSERT(mi);
158 
159  /* extract from queue */
160  if (mbuf_extract_item(mi->tcp_link_out_deferred, &item)) /* ciphertext IP packet */
161  {
162  dmsg(D_MULTI_TCP, "MULTI TCP: transmitting previously deferred packet");
163 
164  ASSERT(mi == item.instance);
165  mi->context.c2.to_link = item.buffer->buf;
166  ret = multi_process_outgoing_link_dowork(m, mi, mpp_flags);
167  if (!ret)
168  {
169  mi = NULL;
170  }
171  mbuf_free_buf(item.buffer);
172  }
173  return ret;
174 }
175 
176 bool
177 multi_tcp_process_outgoing_link(struct multi_context *m, bool defer, const unsigned int mpp_flags)
178 {
179  struct multi_instance *mi = multi_process_outgoing_link_pre(m);
180  bool ret = true;
181 
182  if (mi)
183  {
184  if (defer || mbuf_defined(mi->tcp_link_out_deferred))
185  {
186  /* save to queue */
187  struct buffer *buf = &mi->context.c2.to_link;
188  if (BLEN(buf) > 0)
189  {
190  struct mbuf_buffer *mb = mbuf_alloc_buf(buf);
191  struct mbuf_item item;
192 
193  set_prefix(mi);
194  dmsg(D_MULTI_TCP, "MULTI TCP: queuing deferred packet");
195  item.buffer = mb;
196  item.instance = mi;
197  mbuf_add_item(mi->tcp_link_out_deferred, &item);
198  mbuf_free_buf(mb);
199  buf_reset(buf);
200  ret = multi_process_post(m, mi, mpp_flags);
201  if (!ret)
202  {
203  mi = NULL;
204  }
205  clear_prefix();
206  }
207  }
208  else
209  {
210  ret = multi_process_outgoing_link_dowork(m, mi, mpp_flags);
211  if (!ret)
212  {
213  mi = NULL;
214  }
215  }
216  }
217  return ret;
218 }
mbuf_extract_item
bool mbuf_extract_item(struct mbuf_set *ms, struct mbuf_item *item)
Definition: mbuf.c:111
link_socket
Definition: socket.h:177
multi_tcp_process_outgoing_link
bool multi_tcp_process_outgoing_link(struct multi_context *m, bool defer, const unsigned int mpp_flags)
Definition: mtcp.c:177
multi_instance
Server-mode state structure for one single VPN tunnel.
Definition: multi.h:103
multi_instance::halt
bool halt
Definition: multi.h:114
mbuf_defined
static bool mbuf_defined(const struct mbuf_set *ms)
Definition: mbuf.h:80
hash_bucket
static struct hash_bucket * hash_bucket(struct hash *hash, uint32_t hv)
Definition: list.h:134
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1025
context_2::to_link
struct buffer to_link
Definition: openvpn.h:377
forward.h
buf_reset
static void buf_reset(struct buffer *buf)
Definition: buffer.h:303
hash
Definition: list.h:56
link_socket_info::lsa
struct link_socket_addr * lsa
Definition: socket.h:115
multi_instance::real
struct mroute_addr real
External network address of the remote peer.
Definition: multi.h:122
set_prefix
static void set_prefix(struct multi_instance *mi)
Definition: multi.h:544
D_MULTI_ERRORS
#define D_MULTI_ERRORS
Definition: errlevel.h:65
multi_io
Definition: multi_io.h:52
hash_element::value
void * value
Definition: list.h:45
multi_create_instance
struct multi_instance * multi_create_instance(struct multi_context *m, const struct mroute_addr *real, struct link_socket *sock)
Definition: multi.c:758
dmsg
#define dmsg(flags,...)
Definition: error.h:148
multi_tcp_dereference_instance
void multi_tcp_dereference_instance(struct multi_io *multi_io, struct multi_instance *mi)
Definition: mtcp.c:141
options::n_bcast_buf
int n_bcast_buf
Definition: options.h:509
multi_tcp_process_outgoing_link_ready
bool multi_tcp_process_outgoing_link_ready(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
Definition: mtcp.c:153
multi_tcp_delete_event
void multi_tcp_delete_event(struct multi_io *multi_io, event_t event)
Definition: mtcp.c:132
link_socket::mode
int mode
Definition: socket.h:212
clear_prefix
static void clear_prefix(void)
Definition: multi.h:556
context::c2
struct context_2 c2
Level 2 context.
Definition: openvpn.h:514
event_del
static void event_del(struct event_set *es, event_t event)
Definition: event.h:175
ASSERT
#define ASSERT(x)
Definition: error.h:195
multi_context::top
struct context top
Storage structure for process-wide configuration.
Definition: multi.h:202
mbuf_add_item
void mbuf_add_item(struct mbuf_set *ms, const struct mbuf_item *item)
Definition: mbuf.c:89
multi_instance::socket_set_called
bool socket_set_called
Definition: multi.h:130
openvpn_sockaddr::sa
struct sockaddr sa
Definition: socket.h:69
BLEN
#define BLEN(buf)
Definition: buffer.h:127
hash_add_fast
static void hash_add_fast(struct hash *hash, struct hash_bucket *bucket, const void *key, uint32_t hv, void *value)
Definition: list.h:158
multi_assign_peer_id
void multi_assign_peer_id(struct multi_context *m, struct multi_instance *mi)
Assigns a peer-id to a a client and adds the instance to the the instances array of the multi_context...
Definition: multi.c:4219
multi_io.h
multi_close_instance
void multi_close_instance(struct multi_context *m, struct multi_instance *mi, bool shutdown)
Definition: multi.c:606
socket_event_handle
static event_t socket_event_handle(const struct link_socket *sock)
Definition: socket.h:1259
hash_element::key
const void * key
Definition: list.h:46
multi_tcp_instance_specific_init
bool multi_tcp_instance_specific_init(struct multi_context *m, struct multi_instance *mi)
Definition: mtcp.c:102
multi_process_outgoing_link_dowork
static bool multi_process_outgoing_link_dowork(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
Definition: multi.h:683
mbuf_free
void mbuf_free(struct mbuf_set *ms)
Definition: mbuf.c:49
LS_MODE_TCP_ACCEPT_FROM
#define LS_MODE_TCP_ACCEPT_FROM
Definition: socket.h:211
hash_lookup_fast
struct hash_element * hash_lookup_fast(struct hash *hash, struct hash_bucket *bucket, const void *key, uint32_t hv)
Definition: list.c:83
context::options
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:475
D_MULTI_LOW
#define D_MULTI_LOW
Definition: errlevel.h:86
multi.h
D_MULTI_TCP
#define D_MULTI_TCP
Definition: errlevel.h:163
multi_context::hash
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition: multi.h:167
mbuf_item::instance
struct multi_instance * instance
Definition: mbuf.h:53
multi_process_post
bool multi_process_post(struct multi_context *m, struct multi_instance *mi, const unsigned int flags)
Perform postprocessing of a VPN tunnel instance.
Definition: multi.c:3112
mbuf_buffer::buf
struct buffer buf
Definition: mbuf.h:43
mroute_extract_openvpn_sockaddr
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr, const struct openvpn_sockaddr *osaddr, bool use_port)
Definition: mroute.c:264
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
multi_io::n_esr
int n_esr
Definition: multi_io.h:56
ta_iow_flags::flags
unsigned int flags
Definition: mtcp.c:43
link_socket::info
struct link_socket_info info
Definition: socket.h:179
link_socket_addr::actual
struct link_socket_actual actual
Definition: socket.h:110
mbuf_item
Definition: mbuf.h:50
ta_iow_flags::ret
unsigned int ret
Definition: mtcp.c:44
link_socket_info::proto
int proto
Definition: socket.h:120
syshead.h
mbuf_alloc_buf
struct mbuf_buffer * mbuf_alloc_buf(const struct buffer *buf)
Definition: mbuf.c:65
mroute_addr::proto
uint8_t proto
Definition: mroute.h:80
context_2::link_sockets
struct link_socket ** link_sockets
Definition: openvpn.h:237
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
mroute_addr_print
const char * mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc)
Definition: mroute.c:384
mbuf_buffer
Definition: mbuf.h:41
ta_iow_flags::tun
unsigned int tun
Definition: mtcp.c:45
multi_context
Main OpenVPN server state structure.
Definition: multi.h:163
ta_iow_flags
Definition: mtcp.c:41
mbuf_free_buf
void mbuf_free_buf(struct mbuf_buffer *mb)
Definition: mbuf.c:76
mtcp.h
hash_element
Definition: list.h:43
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1033
rw_handle
Definition: win32.h:79
hash_bucket
Definition: list.h:51
multi_create_instance_tcp
struct multi_instance * multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
Definition: mtcp.c:50
config.h
ta_iow_flags::sock
unsigned int sock
Definition: mtcp.c:46
mbuf_item::buffer
struct mbuf_buffer * buffer
Definition: mbuf.h:52
multi_instance::tcp_link_out_deferred
struct mbuf_set * tcp_link_out_deferred
Definition: multi.h:129
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition: socket.h:90
memdbg.h
mbuf_init
struct mbuf_set * mbuf_init(unsigned int size)
Definition: mbuf.c:39
multi_tcp_instance_specific_free
void multi_tcp_instance_specific_free(struct multi_instance *mi)
Definition: mtcp.c:126
msg
#define msg(flags,...)
Definition: error.h:144
multi_instance::did_real_hash
bool did_real_hash
Definition: multi.h:135
multi_instance::context
struct context context
The context structure storing state for this VPN tunnel.
Definition: multi.h:144
multi_io::es
struct event_set * es
Definition: multi_io.h:54
D_MULTI_DEBUG
#define D_MULTI_DEBUG
Definition: errlevel.h:127
multi_process_outgoing_link_pre
static struct multi_instance * multi_process_outgoing_link_pre(struct multi_context *m)
Definition: multi.h:432
hash_value
static uint32_t hash_value(const struct hash *hash, const void *key)
Definition: list.h:116
openvpn_sockaddr::addr
union openvpn_sockaddr::@20 addr
gc
struct gc_arena gc
Definition: test_ssl.c:155
Generated by   doxygen 1.8.17