openvpn/forward_8h_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single TCP/UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, write to the Free Software Foundation, Inc.,

 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

 */


#ifndef FORWARD_H

#define FORWARD_H


/* the following macros must be defined before including any other header

 * file

 */


#define TUN_OUT(c)      (BLEN(&(c)->c2.to_tun) > 0)

#define LINK_OUT(c)     (BLEN(&(c)->c2.to_link) > 0)

#define ANY_OUT(c)      (TUN_OUT(c) || LINK_OUT(c))


#ifdef ENABLE_FRAGMENT

#define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))

#else

#define TO_LINK_FRAG(c) (false)

#endif


#define TO_LINK_DEF(c)  (LINK_OUT(c) || TO_LINK_FRAG(c))


#include "openvpn.h"

#include "occ.h"

#include "ping.h"

#include "multi_io.h"


#define IOW_TO_TUN          (1<<0)

#define IOW_TO_LINK         (1<<1)

#define IOW_READ_TUN        (1<<2)

#define IOW_READ_LINK       (1<<3)

#define IOW_SHAPER          (1<<4)

#define IOW_CHECK_RESIDUAL  (1<<5)

#define IOW_FRAG            (1<<6)

#define IOW_MBUF            (1<<7)

#define IOW_READ_TUN_FORCE  (1<<8)

#define IOW_WAIT_SIGNAL     (1<<9)


#define IOW_READ            (IOW_READ_TUN|IOW_READ_LINK)


extern counter_type link_read_bytes_global;


extern counter_type link_write_bytes_global;


void get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags);


void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags);


void io_wait_dowork(struct context *c, const unsigned int flags);


void pre_select(struct context *c);


void process_io(struct context *c, struct link_socket *sock);


/**********************************************************************/

void encrypt_sign(struct context *c, bool comp_frag);


int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);


/**********************************************************************/

void read_incoming_link(struct context *c, struct link_socket *sock);


bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);


void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf);


void process_outgoing_link(struct context *c, struct link_socket *sock);


/**************************************************************************/

void read_incoming_tun(struct context *c);


void process_incoming_tun(struct context *c, struct link_socket *out_sock);


void process_outgoing_tun(struct context *c, struct link_socket *in_sock);


/**************************************************************************/


/*

 * Send a string to remote over the TLS control channel.

 * Used for push/pull messages, passing username/password,

 * etc.

 * @param c          - The context structure of the VPN tunnel associated with

 *                     the packet.

 * @param str        - The message to be sent

 * @param msglevel   - Message level to use for logging

 */

bool

send_control_channel_string(struct context *c, const char *str, int msglevel);


/*

 * Send a string to remote over the TLS control channel.

 * Used for push/pull messages, auth pending and other clear text

 * control messages.

 *

 * This variant does not schedule the actual sending of the message

 * The caller needs to ensure that it is scheduled or call

 * send_control_channel_string

 *

 * @param session    - The session structure of the VPN tunnel associated

 *                     with the packet. The method will always use the

 *                     primary key (KS_PRIMARY) for sending the message

 * @param str        - The message to be sent

 * @param msglevel   - Message level to use for logging

 */


bool

send_control_channel_string_dowork(struct tls_session *session,

                                   const char *str, int msglevel);


void reschedule_multi_process(struct context *c);


#define PIPV4_PASSTOS                   (1<<0)

#define PIP_MSSFIX                      (1<<1)         /* v4 and v6 */

#define PIP_OUTGOING                    (1<<2)

#define PIPV4_EXTRACT_DHCP_ROUTER       (1<<3)

#define PIPV4_CLIENT_NAT                (1<<4)

#define PIPV6_ICMP_NOHOST_CLIENT        (1<<5)

#define PIPV6_ICMP_NOHOST_SERVER        (1<<6)


void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf,

                       struct link_socket *sock);


bool schedule_exit(struct context *c);


static inline struct link_socket_info *


get_link_socket_info(struct context *c)

{

    if (c->c2.link_socket_infos)

    {

        return c->c2.link_socket_infos[0];

    }

    else

    {

        return &c->c2.link_sockets[0]->info;

    }

}


static inline void


register_activity(struct context *c, const int size)

{

    if (c->options.inactivity_timeout)

    {

        c->c2.inactivity_bytes += size;

        if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes)

        {

            c->c2.inactivity_bytes = 0;

            event_timeout_reset(&c->c2.inactivity_interval);

        }

    }

}


/*

 * Return the io_wait() flags appropriate for

 * a point-to-point tunnel.

 */

static inline unsigned int


p2p_iow_flags(const struct context *c)

{

    unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL);

    if (c->c2.to_link.len > 0)

    {

        flags |= IOW_TO_LINK;

    }

    if (c->c2.to_tun.len > 0)

    {

        flags |= IOW_TO_TUN;

    }

#ifdef _WIN32

    if (tuntap_ring_empty(c->c1.tuntap))

    {

        flags &= ~IOW_READ_TUN;

    }

#endif

    return flags;

}


/*

 * This is the core I/O wait function, used for all I/O waits except

 * for the top-level server sockets.

 */

static inline void


io_wait(struct context *c, const unsigned int flags)

{

    if (proto_is_dgram(c->c2.link_sockets[0]->info.proto)

        && c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF)))

    {

        /* fast path -- only for TUN/TAP/UDP writes */

        unsigned int ret = 0;

        if (flags & IOW_TO_TUN)

        {

            ret |= TUN_WRITE;

        }

        if (flags & (IOW_TO_LINK|IOW_MBUF))

        {

            ret |= SOCKET_WRITE;

        }

        c->c2.event_set_status = ret;

    }

    else

    {

#ifdef _WIN32

        bool skip_iowait = flags & IOW_TO_TUN;

        if (flags & IOW_READ_TUN)

        {

            /*

             * don't read from tun if we have pending write to link,

             * since every tun read overwrites to_link buffer filled

             * by previous tun read

             */

            skip_iowait = !(flags & IOW_TO_LINK);

        }

        if (tuntap_is_wintun(c->c1.tuntap) && skip_iowait)

        {

            unsigned int ret = 0;

            if (flags & IOW_TO_TUN)

            {

                ret |= TUN_WRITE;

            }

            if (flags & IOW_READ_TUN)

            {

                ret |= TUN_READ;

            }

            c->c2.event_set_status = ret;

        }

        else

#endif /* ifdef _WIN32 */

        {

            /* slow path */

            io_wait_dowork(c, flags);

        }

    }

}


static inline bool


connection_established(struct context *c)

{

    if (c->c2.tls_multi)

    {

        return c->c2.tls_multi->multi_state >= CAS_WAITING_OPTIONS_IMPORT;

    }

    else

    {

        return get_link_socket_info(c)->connection_established;

    }

}


#endif /* FORWARD_H */

counter_type
uint64_t counter_type
Definition common.h:30

TUN_WRITE
#define TUN_WRITE
Definition event.h:66

SOCKET_WRITE
#define SOCKET_WRITE
Definition event.h:63

TUN_READ
#define TUN_READ
Definition event.h:65

p2p_iow_flags
static unsigned int p2p_iow_flags(const struct context *c)
Definition forward.h:352

link_write_bytes_global
counter_type link_write_bytes_global
Definition forward.c:51

reschedule_multi_process
void reschedule_multi_process(struct context *c)
Reschedule tls_multi_process.
Definition forward.c:403

get_server_poll_remaining_time
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition forward.c:509

IOW_WAIT_SIGNAL
#define IOW_WAIT_SIGNAL
Definition forward.h:64

IOW_READ_TUN
#define IOW_READ_TUN
Definition forward.h:57

send_control_channel_string_dowork
bool send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
Definition forward.c:381

process_io
void process_io(struct context *c, struct link_socket *sock)
Definition forward.c:2387

IOW_SHAPER
#define IOW_SHAPER
Definition forward.h:59

IOW_FRAG
#define IOW_FRAG
Definition forward.h:61

schedule_exit
bool schedule_exit(struct context *c)
Definition forward.c:533

IOW_MBUF
#define IOW_MBUF
Definition forward.h:62

send_control_channel_string
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
Definition forward.c:410

io_wait
static void io_wait(struct context *c, const unsigned int flags)
Definition forward.h:377

get_link_socket_info
static struct link_socket_info * get_link_socket_info(struct context *c)
Definition forward.h:321

get_io_flags_udp
void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags)
Definition forward.c:2201

pre_select
void pre_select(struct context *c)
Definition forward.c:1997

IOW_CHECK_RESIDUAL
#define IOW_CHECK_RESIDUAL
Definition forward.h:60

connection_established
static bool connection_established(struct context *c)
Definition forward.h:430

register_activity
static void register_activity(struct context *c, const int size)
Definition forward.h:334

get_io_flags_dowork_udp
void get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags)
Definition forward.c:2192

IOW_TO_TUN
#define IOW_TO_TUN
Definition forward.h:55

link_read_bytes_global
counter_type link_read_bytes_global
Definition forward.c:50

io_wait_dowork
void io_wait_dowork(struct context *c, const unsigned int flags)
Definition forward.c:2254

process_ip_header
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf, struct link_socket *sock)
Definition forward.c:1658

IOW_READ
#define IOW_READ
Definition forward.h:66

IOW_TO_LINK
#define IOW_TO_LINK
Definition forward.h:56

encrypt_sign
void encrypt_sign(struct context *c, bool comp_frag)
Process a data channel packet that will be sent through a VPN tunnel.
Definition forward.c:625

process_incoming_link_part1
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated)
Starts processing a packet read from the external network interface.
Definition forward.c:1000

process_incoming_link_part2
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf)
Continues processing a packet read from the external network interface.
Definition forward.c:1150

process_outgoing_link
void process_outgoing_link(struct context *c, struct link_socket *sock)
Write a packet to the external network interface.
Definition forward.c:1744

read_incoming_link
void read_incoming_link(struct context *c, struct link_socket *sock)
Read a packet from the external network interface.
Definition forward.c:934

read_incoming_tun
void read_incoming_tun(struct context *c)
Read a packet from the virtual tun/tap network interface.
Definition forward.c:1299

process_incoming_tun
void process_incoming_tun(struct context *c, struct link_socket *out_sock)
Process a packet read from the virtual tun/tap network interface.
Definition forward.c:1464

process_outgoing_tun
void process_outgoing_tun(struct context *c, struct link_socket *in_sock)
Write a packet to the virtual tun/tap network interface.
Definition forward.c:1901

event_timeout_reset
static void event_timeout_reset(struct event_timeout *et)
Resets a timer.
Definition interval.h:189

multi_io.h

occ.h

openvpn.h

ping.h

proto_is_dgram
static bool proto_is_dgram(int proto)
Return if the protocol is datagram (UDP)
Definition socket.h:597

CAS_WAITING_OPTIONS_IMPORT
@ CAS_WAITING_OPTIONS_IMPORT
client with pull or p2p waiting for first time options import
Definition ssl_common.h:574

buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:61

buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:66

context_1::tuntap
struct tuntap * tuntap
Tun/tap virtual network interface.
Definition openvpn.h:171

context_2::event_set_status
unsigned int event_set_status
Definition openvpn.h:235

context_2::tls_multi
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
Definition openvpn.h:323

context_2::to_link
struct buffer to_link
Definition openvpn.h:377

context_2::inactivity_bytes
int64_t inactivity_bytes
Definition openvpn.h:288

context_2::to_tun
struct buffer to_tun
Definition openvpn.h:376

context_2::link_sockets
struct link_socket ** link_sockets
Definition openvpn.h:237

context_2::link_socket_infos
struct link_socket_info ** link_socket_infos
Definition openvpn.h:238

context_2::fast_io
bool fast_io
Definition openvpn.h:424

context_2::inactivity_interval
struct event_timeout inactivity_interval
Definition openvpn.h:287

context
Contains all state information for one tunnel.
Definition openvpn.h:474

context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:514

context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:475

context::c1
struct context_1 c1
Level 1 context.
Definition openvpn.h:513

event_timeout
Definition interval.h:137

link_socket_info
Definition socket.h:114

link_socket_info::connection_established
bool connection_established
Definition socket.h:116

link_socket_info::proto
int proto
Definition socket.h:120

link_socket
Definition socket.h:178

link_socket::info
struct link_socket_info info
Definition socket.h:179

multi_io
Definition multi_io.h:53

options::inactivity_minimum_bytes
int64_t inactivity_minimum_bytes
Definition options.h:344

options::inactivity_timeout
int inactivity_timeout
Definition options.h:343

session
Definition keyingmaterialexporter.c:56

tls_multi::multi_state
enum multi_status multi_state
Definition ssl_common.h:618

tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:480

tuntap_is_wintun
static bool tuntap_is_wintun(struct tuntap *tt)
Definition tun.h:265

tuntap_ring_empty
static bool tuntap_ring_empty(struct tuntap *tt)
Definition tun.h:271