forward.h

Go to the documentation of this file.

/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, see <https://www.gnu.org/licenses/>.
 */
 
 
#ifndef FORWARD_H
#define FORWARD_H
 
/* the following macros must be defined before including any other header
 * file
 */
 
#define TUN_OUT(c)  (BLEN(&(c)->c2.to_tun) > 0)
#define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0)
#define ANY_OUT(c)  (TUN_OUT(c) || LINK_OUT(c))
 
#ifdef ENABLE_FRAGMENT
#define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))
#else
#define TO_LINK_FRAG(c) (false)
#endif
 
#define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c))
 
#include "openvpn.h"
#include "occ.h"
#include "ping.h"
#include "multi_io.h"
 
#define IOW_TO_TUN         (1 << 0)
#define IOW_TO_LINK        (1 << 1)
#define IOW_READ_TUN       (1 << 2)
#define IOW_READ_LINK      (1 << 3)
#define IOW_SHAPER         (1 << 4)
#define IOW_CHECK_RESIDUAL (1 << 5)
#define IOW_FRAG           (1 << 6)
#define IOW_MBUF           (1 << 7)
#define IOW_READ_TUN_FORCE (1 << 8)
#define IOW_WAIT_SIGNAL    (1 << 9)
 
#define IOW_READ (IOW_READ_TUN | IOW_READ_LINK)
 
extern counter_type link_read_bytes_global;
 
extern counter_type link_write_bytes_global;
 
void get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io,
                             const unsigned int flags);
 
void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags);
 
void io_wait_dowork(struct context *c, const unsigned int flags);
 
void pre_select(struct context *c);
 
void process_io(struct context *c, struct link_socket *sock);
 
 
/**********************************************************************/
void encrypt_sign(struct context *c, bool comp_frag);
 
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);
 
/**********************************************************************/
void read_incoming_link(struct context *c, struct link_socket *sock);
 
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);
 
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi,
                                 const uint8_t *orig_buf);
 
void extract_dco_float_peer_addr(sa_family_t socket_family, struct openvpn_sockaddr *out_osaddr,
                                 const struct sockaddr *float_sa);
 
void process_incoming_dco(dco_context_t *dco);
 
void process_outgoing_link(struct context *c, struct link_socket *sock);
 
 
/**************************************************************************/
void read_incoming_tun(struct context *c);
 
 
void process_incoming_tun(struct context *c, struct link_socket *out_sock);
 
 
void process_outgoing_tun(struct context *c, struct link_socket *in_sock);
 
 
/**************************************************************************/
 
/*
 * Send a string to remote over the TLS control channel.
 * Used for push/pull messages, passing username/password,
 * etc.
 * @param c          - The context structure of the VPN tunnel associated with
 *                     the packet.
 * @param str        - The message to be sent
 * @param msglevel   - Message level to use for logging
 */
bool send_control_channel_string(struct context *c, const char *str, msglvl_t msglevel);
 
/*
 * Send a string to remote over the TLS control channel.
 * Used for push/pull messages, auth pending and other clear text
 * control messages.
 *
 * This variant does not schedule the actual sending of the message
 * The caller needs to ensure that it is scheduled or call
 * send_control_channel_string
 *
 * @param session    - The session structure of the VPN tunnel associated
 *                     with the packet. The method will always use the
 *                     primary key (KS_PRIMARY) for sending the message
 * @param str        - The message to be sent
 * @param msglevel   - Message level to use for logging
 */
 
bool send_control_channel_string_dowork(struct tls_session *session, const char *str,
                                        msglvl_t msglevel);
 
 
void reschedule_multi_process(struct context *c);
 
#define PIPV4_PASSTOS             (1u << 0)
#define PIP_MSSFIX                (1u << 1) /* v4 and v6 */
#define PIP_OUTGOING              (1u << 2)
#define PIPV4_EXTRACT_DHCP_ROUTER (1u << 3)
#define PIPV4_CLIENT_NAT          (1u << 4)
#define PIPV6_ICMP_NOHOST_CLIENT  (1u << 5)
#define PIPV6_ICMP_NOHOST_SERVER  (1u << 6)
 
 
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf,
                       struct link_socket *sock);
 
bool schedule_exit(struct context *c);
 
static inline struct link_socket_info *
get_link_socket_info(struct context *c)
{
    if (c->c2.link_socket_infos)
    {
        return c->c2.link_socket_infos[0];
    }
    else
    {
        return &c->c2.link_sockets[0]->info;
    }
}
 
static inline void
register_activity(struct context *c, const int64_t size)
{
    if (c->options.inactivity_timeout)
    {
        c->c2.inactivity_bytes += size;
        if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes)
        {
            c->c2.inactivity_bytes = 0;
            event_timeout_reset(&c->c2.inactivity_interval);
        }
    }
}
 
/*
 * Return the io_wait() flags appropriate for
 * a point-to-point tunnel.
 */
static inline unsigned int
p2p_iow_flags(const struct context *c)
{
    unsigned int flags = (IOW_SHAPER | IOW_CHECK_RESIDUAL | IOW_FRAG | IOW_READ | IOW_WAIT_SIGNAL);
    if (c->c2.to_link.len > 0)
    {
        flags |= IOW_TO_LINK;
    }
    if (c->c2.to_tun.len > 0)
    {
        flags |= IOW_TO_TUN;
    }
    return flags;
}
 
/*
 * This is the core I/O wait function, used for all I/O waits except
 * for the top-level server sockets.
 */
static inline void
io_wait(struct context *c, const unsigned int flags)
{
    if (proto_is_dgram(c->c2.link_sockets[0]->info.proto) && c->c2.fast_io
        && (flags & (IOW_TO_TUN | IOW_TO_LINK | IOW_MBUF)))
    {
        /* fast path -- only for TUN/TAP/UDP writes */
        unsigned int ret = 0;
        if (flags & IOW_TO_TUN)
        {
            ret |= TUN_WRITE;
        }
        if (flags & (IOW_TO_LINK | IOW_MBUF))
        {
            ret |= SOCKET_WRITE;
        }
        c->c2.event_set_status = ret;
    }
    else
    {
        /* slow path */
        io_wait_dowork(c, flags);
    }
}
 
static inline bool
connection_established(struct context *c)
{
    if (c->c2.tls_multi)
    {
        return c->c2.tls_multi->multi_state >= CAS_WAITING_OPTIONS_IMPORT;
    }
    else
    {
        return get_link_socket_info(c)->connection_established;
    }
}
 
#endif /* FORWARD_H */