OpenVPN
forward.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23
30#ifndef FORWARD_H
31#define FORWARD_H
32
33/* the following macros must be defined before including any other header
34 * file
35 */
36
37#define TUN_OUT(c) (BLEN(&(c)->c2.to_tun) > 0)
38#define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0)
39#define ANY_OUT(c) (TUN_OUT(c) || LINK_OUT(c))
40
41#ifdef ENABLE_FRAGMENT
42#define TO_LINK_FRAG(c) ((c)->c2.fragment && fragment_outgoing_defined((c)->c2.fragment))
43#else
44#define TO_LINK_FRAG(c) (false)
45#endif
46
47#define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c))
48
49#include "openvpn.h"
50#include "occ.h"
51#include "ping.h"
52#include "multi_io.h"
53
54#define IOW_TO_TUN (1 << 0)
55#define IOW_TO_LINK (1 << 1)
56#define IOW_READ_TUN (1 << 2)
57#define IOW_READ_LINK (1 << 3)
58#define IOW_SHAPER (1 << 4)
59#define IOW_CHECK_RESIDUAL (1 << 5)
60#define IOW_FRAG (1 << 6)
61#define IOW_MBUF (1 << 7)
62#define IOW_READ_TUN_FORCE (1 << 8)
63#define IOW_WAIT_SIGNAL (1 << 9)
64
65#define IOW_READ (IOW_READ_TUN | IOW_READ_LINK)
66
68
70
71void get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io,
72 const unsigned int flags);
73
74void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags);
75
76void io_wait_dowork(struct context *c, const unsigned int flags);
77
78void pre_select(struct context *c);
79
80void process_io(struct context *c, struct link_socket *sock);
81
82
83/**********************************************************************/
116void encrypt_sign(struct context *c, bool comp_frag);
117
118int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout);
119
120/**********************************************************************/
141void read_incoming_link(struct context *c, struct link_socket *sock);
142
169bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated);
170
196void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi,
197 const uint8_t *orig_buf);
198
209void extract_dco_float_peer_addr(sa_family_t socket_family, struct openvpn_sockaddr *out_osaddr,
210 const struct sockaddr *float_sa);
211
225void process_outgoing_link(struct context *c, struct link_socket *sock);
226
227
228/**************************************************************************/
241void read_incoming_tun(struct context *c);
242
243
258void process_incoming_tun(struct context *c, struct link_socket *out_sock);
259
260
274void process_outgoing_tun(struct context *c, struct link_socket *in_sock);
275
276
277/**************************************************************************/
278
279/*
280 * Send a string to remote over the TLS control channel.
281 * Used for push/pull messages, passing username/password,
282 * etc.
283 * @param c - The context structure of the VPN tunnel associated with
284 * the packet.
285 * @param str - The message to be sent
286 * @param msglevel - Message level to use for logging
287 */
288bool send_control_channel_string(struct context *c, const char *str, int msglevel);
289
290/*
291 * Send a string to remote over the TLS control channel.
292 * Used for push/pull messages, auth pending and other clear text
293 * control messages.
294 *
295 * This variant does not schedule the actual sending of the message
296 * The caller needs to ensure that it is scheduled or call
297 * send_control_channel_string
298 *
299 * @param session - The session structure of the VPN tunnel associated
300 * with the packet. The method will always use the
301 * primary key (KS_PRIMARY) for sending the message
302 * @param str - The message to be sent
303 * @param msglevel - Message level to use for logging
304 */
305
306bool send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel);
307
308
315void reschedule_multi_process(struct context *c);
316
317#define PIPV4_PASSTOS (1u << 0)
318#define PIP_MSSFIX (1u << 1) /* v4 and v6 */
319#define PIP_OUTGOING (1u << 2)
320#define PIPV4_EXTRACT_DHCP_ROUTER (1u << 3)
321#define PIPV4_CLIENT_NAT (1u << 4)
322#define PIPV6_ICMP_NOHOST_CLIENT (1u << 5)
323#define PIPV6_ICMP_NOHOST_SERVER (1u << 6)
324
325
326void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf,
327 struct link_socket *sock);
328
329bool schedule_exit(struct context *c);
330
331static inline struct link_socket_info *
333{
334 if (c->c2.link_socket_infos)
335 {
336 return c->c2.link_socket_infos[0];
337 }
338 else
339 {
340 return &c->c2.link_sockets[0]->info;
341 }
342}
343
344static inline void
345register_activity(struct context *c, const int size)
346{
348 {
349 c->c2.inactivity_bytes += size;
351 {
352 c->c2.inactivity_bytes = 0;
354 }
355 }
356}
357
358/*
359 * Return the io_wait() flags appropriate for
360 * a point-to-point tunnel.
361 */
362static inline unsigned int
363p2p_iow_flags(const struct context *c)
364{
365 unsigned int flags = (IOW_SHAPER | IOW_CHECK_RESIDUAL | IOW_FRAG | IOW_READ | IOW_WAIT_SIGNAL);
366 if (c->c2.to_link.len > 0)
367 {
368 flags |= IOW_TO_LINK;
369 }
370 if (c->c2.to_tun.len > 0)
371 {
372 flags |= IOW_TO_TUN;
373 }
374 return flags;
375}
376
377/*
378 * This is the core I/O wait function, used for all I/O waits except
379 * for the top-level server sockets.
380 */
381static inline void
382io_wait(struct context *c, const unsigned int flags)
383{
385 && (flags & (IOW_TO_TUN | IOW_TO_LINK | IOW_MBUF)))
386 {
387 /* fast path -- only for TUN/TAP/UDP writes */
388 unsigned int ret = 0;
389 if (flags & IOW_TO_TUN)
390 {
391 ret |= TUN_WRITE;
392 }
393 if (flags & (IOW_TO_LINK | IOW_MBUF))
394 {
395 ret |= SOCKET_WRITE;
396 }
397 c->c2.event_set_status = ret;
398 }
399 else
400 {
401 /* slow path */
402 io_wait_dowork(c, flags);
403 }
404}
405
406static inline bool
408{
409 if (c->c2.tls_multi)
410 {
412 }
413 else
414 {
416 }
417}
418
419#endif /* FORWARD_H */
uint64_t counter_type
Definition common.h:29
#define TUN_WRITE
Definition event.h:65
#define SOCKET_WRITE
Definition event.h:62
static unsigned int p2p_iow_flags(const struct context *c)
Definition forward.h:363
counter_type link_write_bytes_global
Definition forward.c:50
void reschedule_multi_process(struct context *c)
Reschedule tls_multi_process.
Definition forward.c:391
int get_server_poll_remaining_time(struct event_timeout *server_poll_timeout)
Definition forward.c:497
#define IOW_WAIT_SIGNAL
Definition forward.h:63
bool send_control_channel_string_dowork(struct tls_session *session, const char *str, int msglevel)
Definition forward.c:371
void process_io(struct context *c, struct link_socket *sock)
Definition forward.c:2322
#define IOW_SHAPER
Definition forward.h:58
#define IOW_FRAG
Definition forward.h:60
bool schedule_exit(struct context *c)
Definition forward.c:521
#define IOW_MBUF
Definition forward.h:61
bool send_control_channel_string(struct context *c, const char *str, int msglevel)
Definition forward.c:398
void extract_dco_float_peer_addr(sa_family_t socket_family, struct openvpn_sockaddr *out_osaddr, const struct sockaddr *float_sa)
Transfers float_sa data extracted from an incoming DCO PEER_FLOAT_NTF to out_osaddr for later process...
Definition forward.c:1221
static void io_wait(struct context *c, const unsigned int flags)
Definition forward.h:382
static struct link_socket_info * get_link_socket_info(struct context *c)
Definition forward.h:332
void get_io_flags_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags)
Definition forward.c:2164
void pre_select(struct context *c)
Definition forward.c:1969
#define IOW_CHECK_RESIDUAL
Definition forward.h:59
static bool connection_established(struct context *c)
Definition forward.h:407
static void register_activity(struct context *c, const int size)
Definition forward.h:345
void get_io_flags_dowork_udp(struct context *c, struct multi_io *multi_io, const unsigned int flags)
Definition forward.c:2155
#define IOW_TO_TUN
Definition forward.h:54
counter_type link_read_bytes_global
Definition forward.c:49
void io_wait_dowork(struct context *c, const unsigned int flags)
Definition forward.c:2189
void process_ip_header(struct context *c, unsigned int flags, struct buffer *buf, struct link_socket *sock)
Definition forward.c:1652
#define IOW_READ
Definition forward.h:65
#define IOW_TO_LINK
Definition forward.h:55
void encrypt_sign(struct context *c, bool comp_frag)
Process a data channel packet that will be sent through a VPN tunnel.
Definition forward.c:614
bool process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, bool floated)
Starts processing a packet read from the external network interface.
Definition forward.c:985
void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf)
Continues processing a packet read from the external network interface.
Definition forward.c:1124
void process_outgoing_link(struct context *c, struct link_socket *sock)
Write a packet to the external network interface.
Definition forward.c:1736
void read_incoming_link(struct context *c, struct link_socket *sock)
Read a packet from the external network interface.
Definition forward.c:919
void read_incoming_tun(struct context *c)
Read a packet from the virtual tun/tap network interface.
Definition forward.c:1316
void process_incoming_tun(struct context *c, struct link_socket *out_sock)
Process a packet read from the virtual tun/tap network interface.
Definition forward.c:1464
void process_outgoing_tun(struct context *c, struct link_socket *in_sock)
Write a packet to the virtual tun/tap network interface.
Definition forward.c:1879
static void event_timeout_reset(struct event_timeout *et)
Resets a timer.
Definition interval.h:187
static bool proto_is_dgram(int proto)
Return if the protocol is datagram (UDP)
@ CAS_WAITING_OPTIONS_IMPORT
client with pull or p2p waiting for first time options import
Definition ssl_common.h:587
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
unsigned int event_set_status
Definition openvpn.h:235
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
Definition openvpn.h:323
struct buffer to_link
Definition openvpn.h:377
int64_t inactivity_bytes
Definition openvpn.h:288
struct buffer to_tun
Definition openvpn.h:376
struct link_socket ** link_sockets
Definition openvpn.h:237
struct link_socket_info ** link_socket_infos
Definition openvpn.h:238
bool fast_io
Definition openvpn.h:424
struct event_timeout inactivity_interval
Definition openvpn.h:287
Contains all state information for one tunnel.
Definition openvpn.h:474
struct context_2 c2
Level 2 context.
Definition openvpn.h:517
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:475
int64_t inactivity_minimum_bytes
Definition options.h:346
int inactivity_timeout
Definition options.h:345
enum multi_status multi_state
Definition ssl_common.h:633
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:490
unsigned short sa_family_t
Definition syshead.h:396