OpenVPN
forward.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23
30#ifndef FORWARD_H
31#define FORWARD_H
32
33/* the following macros must be defined before including any other header
34 * file
35 */
36
37#define TUN_OUT(c) (BLEN(&(c)->c2.to_tun) > 0)
38#define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0)
39#define ANY_OUT(c) (TUN_OUT(c) || LINK_OUT(c))
40
41#ifdef ENABLE_FRAGMENT
42#define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))
43#else
44#define TO_LINK_FRAG(c) (false)
45#endif
46
47#define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c))
48
49#include "openvpn.h"
50#include "occ.h"
51#include "ping.h"
52#include "multi_io.h"
53
54#define IOW_TO_TUN (1 << 0)
55#define IOW_TO_LINK (1 << 1)
56#define IOW_READ_TUN (1 << 2)
57#define IOW_READ_LINK (1 << 3)
58#define IOW_SHAPER (1 << 4)
59#define IOW_CHECK_RESIDUAL (1 << 5)
60#define IOW_FRAG (1 << 6)
61#define IOW_MBUF (1 << 7)
62#define IOW_READ_TUN_FORCE (1 << 8)
63#define IOW_WAIT_SIGNAL (1 << 9)
64
65#define IOW_READ (IOW_READ_TUN | IOW_READ_LINK)
66
67extern counter_type link_read_bytes_global;
68
69extern counter_type link_write_bytes_global;
70
71void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags);
72
73void io_wait(struct context *c, const unsigned int flags);
74
75void pre_select(struct context *c);
76
77void process_io(struct context *c, struct link_socket *sock);
78
79
80/**********************************************************************/
113void encrypt_sign(struct context *c, bool comp_frag);
114
115int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);
116
117/**********************************************************************/
138void read_incoming_link(struct context *c, struct link_socket *sock);
139
166bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);
167
193void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi,
194 const uint8_t *orig_buf);
195
206void extract_dco_float_peer_addr(sa_family_t socket_family, struct openvpn_sockaddr *out_osaddr,
207 const struct sockaddr *float_sa);
208
214void process_incoming_dco(dco_context_t *dco);
215
229void process_outgoing_link(struct context *c, struct link_socket *sock);
230
231
232/**************************************************************************/
245void read_incoming_tun(struct context *c);
246
247
262void process_incoming_tun(struct context *c, struct link_socket *out_sock);
263
264
278void process_outgoing_tun(struct context *c, struct link_socket *in_sock);
279
280
281/**************************************************************************/
282
283/*
284 * Send a string to remote over the TLS control channel.
285 * Used for push/pull messages, passing username/password,
286 * etc.
287 * @param c - The context structure of the VPN tunnel associated with
288 * the packet.
289 * @param str - The message to be sent
290 * @param msglevel - Message level to use for logging
291 */
292bool send_control_channel_string(struct context *c, const char *str, msglvl_t msglevel);
293
294/*
295 * Send a string to remote over the TLS control channel.
296 * Used for push/pull messages, auth pending and other clear text
297 * control messages.
298 *
299 * This variant does not schedule the actual sending of the message
300 * The caller needs to ensure that it is scheduled or call
301 * send_control_channel_string
302 *
303 * @param session - The session structure of the VPN tunnel associated
304 * with the packet. The method will always use the
305 * primary key (KS_PRIMARY) for sending the message
306 * @param str - The message to be sent
307 * @param msglevel - Message level to use for logging
308 */
309
310bool send_control_channel_string_dowork(struct tls_session *session, const char *str,
311 msglvl_t msglevel);
312
313
320void reschedule_multi_process(struct context *c);
321
322#define PIPV4_PASSTOS (1u << 0)
323#define PIP_MSSFIX (1u << 1) /* v4 and v6 */
324#define PIP_OUTGOING (1u << 2)
325#define PIPV4_EXTRACT_DHCP_ROUTER (1u << 3)
326#define PIPV4_CLIENT_NAT (1u << 4)
327#define PIPV6_ICMP_NOHOST_CLIENT (1u << 5)
328#define PIPV6_ICMP_NOHOST_SERVER (1u << 6)
329
330
331void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf,
332 struct link_socket *sock);
333
334bool schedule_exit(struct context *c);
335
336static inline struct link_socket_info *
337get_link_socket_info(struct context *c)
338{
339 if (c->c2.link_socket_infos)
340 {
341 return c->c2.link_socket_infos[0];
342 }
343 else
344 {
345 return &c->c2.link_sockets[0]->info;
346 }
347}
348
349static inline void
350register_activity(struct context *c, const int64_t size)
351{
352 if (c->options.inactivity_timeout)
353 {
354 c->c2.inactivity_bytes += size;
355 if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes)
356 {
357 c->c2.inactivity_bytes = 0;
358 event_timeout_reset(&c->c2.inactivity_interval);
359 }
360 }
361}
362
363/*
364 * Return the io_wait() flags appropriate for
365 * a point-to-point tunnel.
366 */
367static inline unsigned int
368p2p_iow_flags(const struct context *c)
369{
370 unsigned int flags = (IOW_SHAPER | IOW_CHECK_RESIDUAL | IOW_FRAG | IOW_READ | IOW_WAIT_SIGNAL);
371 if (c->c2.to_link.len > 0)
372 {
373 flags |= IOW_TO_LINK;
374 }
375 if (c->c2.to_tun.len > 0)
376 {
377 flags |= IOW_TO_TUN;
378 }
379 return flags;
380}
381
382
383static inline bool
384connection_established(struct context *c)
385{
386 if (c->c2.tls_multi)
387 {
388 return c->c2.tls_multi->multi_state >= CAS_WAITING_OPTIONS_IMPORT;
389 }
390 else
391 {
392 return get_link_socket_info(c)->connection_established;
393 }
394}
395
396#endif /* FORWARD_H */
counter_type
uint64_t counter_type
Definition common.h:31
dco_context_t
void * dco_context_t
Definition dco.h:259
p2p_iow_flags
static unsigned int p2p_iow_flags(const struct context *c)
Definition forward.h:368
process_incoming_dco
void process_incoming_dco(dco_context_t *dco)
Process an incoming DCO message (from kernel space).
Definition forward.c:1247
link_write_bytes_global
counter_type link_write_bytes_global
Definition forward.c:49
reschedule_multi_process
void reschedule_multi_process(struct context *c)
Reschedule tls_multi_process.
Definition forward.c:391
get_server_poll_remaining_time
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition forward.c:504
send_control_channel_string
bool send_control_channel_string(struct context *c, const char *str, msglvl_t msglevel)
Definition forward.c:398
register_activity
static void register_activity(struct context *c, const int64_t size)
Definition forward.h:350
IOW_WAIT_SIGNAL
#define IOW_WAIT_SIGNAL
Definition forward.h:63
process_io
void process_io(struct context *c, struct link_socket *sock)
Definition forward.c:2298
IOW_SHAPER
#define IOW_SHAPER
Definition forward.h:58
IOW_FRAG
#define IOW_FRAG
Definition forward.h:60
schedule_exit
bool schedule_exit(struct context *c)
Definition forward.c:528
extract_dco_float_peer_addr
void extract_dco_float_peer_addr(sa_family_t socket_family, struct openvpn_sockaddr *out_osaddr, const struct sockaddr *float_sa)
Transfers float_sa data extracted from an incoming DCO PEER_FLOAT_NTF to out_osaddr for later process...
Definition forward.c:1213
get_link_socket_info
static struct link_socket_info * get_link_socket_info(struct context *c)
Definition forward.h:337
send_control_channel_string_dowork
bool send_control_channel_string_dowork(struct tls_session *session, const char *str, msglvl_t msglevel)
Definition forward.c:370
get_io_flags_udp
void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags)
Definition forward.c:2162
pre_select
void pre_select(struct context *c)
Definition forward.c:1977
IOW_CHECK_RESIDUAL
#define IOW_CHECK_RESIDUAL
Definition forward.h:59
io_wait
void io_wait(struct context *c, const unsigned int flags)
Definition forward.c:2175
connection_established
static bool connection_established(struct context *c)
Definition forward.h:384
IOW_TO_TUN
#define IOW_TO_TUN
Definition forward.h:54
link_read_bytes_global
counter_type link_read_bytes_global
Definition forward.c:48
process_ip_header
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf, struct link_socket *sock)
Definition forward.c:1673
IOW_READ
#define IOW_READ
Definition forward.h:65
IOW_TO_LINK
#define IOW_TO_LINK
Definition forward.h:55
encrypt_sign
void encrypt_sign(struct context *c, bool comp_frag)
Process a data channel packet that will be sent through a VPN tunnel.
Definition forward.c:621
process_incoming_link_part1
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated)
Starts processing a packet read from the external network interface.
Definition forward.c:987
process_incoming_link_part2
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf)
Continues processing a packet read from the external network interface.
Definition forward.c:1120
process_outgoing_link
void process_outgoing_link(struct context *c, struct link_socket *sock)
Write a packet to the external network interface.
Definition forward.c:1757
read_incoming_link
void read_incoming_link(struct context *c, struct link_socket *sock)
Read a packet from the external network interface.
Definition forward.c:926
read_incoming_tun
void read_incoming_tun(struct context *c)
Read a packet from the virtual tun/tap network interface.
Definition forward.c:1300
process_incoming_tun
void process_incoming_tun(struct context *c, struct link_socket *out_sock)
Process a packet read from the virtual tun/tap network interface.
Definition forward.c:1484
process_outgoing_tun
void process_outgoing_tun(struct context *c, struct link_socket *in_sock)
Write a packet to the virtual tun/tap network interface.
Definition forward.c:1891
event_timeout_reset
static void event_timeout_reset(struct event_timeout *et)
Resets a timer.
Definition interval.h:187
multi_io.h
msglvl_t
unsigned int msglvl_t
Definition error.h:77
CAS_WAITING_OPTIONS_IMPORT
@ CAS_WAITING_OPTIONS_IMPORT
client with pull or p2p waiting for first time options import
Definition ssl_common.h:590
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
context_2::tls_multi
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
Definition openvpn.h:323
context_2::to_link
struct buffer to_link
Definition openvpn.h:377
context_2::inactivity_bytes
int64_t inactivity_bytes
Definition openvpn.h:288
context_2::to_tun
struct buffer to_tun
Definition openvpn.h:376
context_2::link_sockets
struct link_socket ** link_sockets
Definition openvpn.h:237
context_2::link_socket_infos
struct link_socket_info ** link_socket_infos
Definition openvpn.h:238
context_2::inactivity_interval
struct event_timeout inactivity_interval
Definition openvpn.h:287
context
Contains all state information for one tunnel.
Definition openvpn.h:471
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:514
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:472
event_timeout
Definition interval.h:135
link_socket_info
Definition socket.h:86
link_socket_info::connection_established
bool connection_established
Definition socket.h:88
link_socket
Definition socket.h:148
link_socket::info
struct link_socket_info info
Definition socket.h:149
multi_io
Definition multi_io.h:52
openvpn_sockaddr
Definition socket_util.h:38
options::inactivity_minimum_bytes
int64_t inactivity_minimum_bytes
Definition options.h:345
options::inactivity_timeout
int inactivity_timeout
Definition options.h:344
tls_multi::multi_state
enum multi_status multi_state
Definition ssl_common.h:636
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:493
sa_family_t
unsigned short sa_family_t
Definition syshead.h:409
Generated by doxygen 1.9.8