OpenVPN
gremlin.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23/*
24 * Test protocol robustness by simulating dropped packets and
25 * network outages when the --gremlin option is used.
26 */
27
28#ifdef HAVE_CONFIG_H
29#include "config.h"
30#endif
31
32#include "syshead.h"
33
34#ifdef ENABLE_DEBUG
35
36#include "error.h"
37#include "common.h"
38#include "crypto.h"
39#include "misc.h"
40#include "otime.h"
41#include "gremlin.h"
42
43#include "memdbg.h"
44
45/*
46 * Parameters for packet corruption and droppage.
47 * Each parameter has 4 possible levels, 0 = disabled,
48 * while 1, 2, and 3 are enumerated in the below arrays.
49 * The parameter is a 2-bit field within the --gremlin
50 * parameter.
51 */
52
53/*
54 * Probability that we will drop a packet is 1 / n
55 */
56static const int drop_freq[] = { 500, 100, 50 };
57
58/*
59 * Probability that we will corrupt a packet is 1 / n
60 */
61static const int corrupt_freq[] = { 500, 100, 50 };
62
63/*
64 * When network goes up, it will be up for between
65 * UP_LOW and UP_HIGH seconds.
66 */
67static const int up_low[] = { 60, 10, 5 };
68static const int up_high[] = { 600, 60, 10 };
69
70/*
71 * When network goes down, it will be down for between
72 * DOWN_LOW and DOWN_HIGH seconds.
73 */
74static const int down_low[] = { 5, 10, 10 };
75static const int down_high[] = { 10, 60, 120 };
76
77/*
78 * Packet flood levels:
79 * { number of packets, packet size }
80 */
81static const struct packet_flood_parms packet_flood_data[] = { { 10, 100 },
82 { 10, 1500 },
83 { 100, 1500 } };
84
85struct packet_flood_parms
86get_packet_flood_parms(int level)
87{
88 ASSERT(level > 0 && level < 4);
89 return packet_flood_data[level - 1];
90}
91
92/*
93 * Return true with probability 1/n
94 */
95static bool
96flip(int n)
97{
98 return (get_random() % n) == 0;
99}
100
101/*
102 * Return uniformly distributed random number between
103 * low and high.
104 */
105static int
106roll(int low, int high)
107{
108 int ret;
109 ASSERT(low <= high);
110 ret = low + (get_random() % (high - low + 1));
111 ASSERT(ret >= low && ret <= high);
112 return ret;
113}
114
115static bool initialized; /* GLOBAL */
116static bool up; /* GLOBAL */
117static time_t next; /* GLOBAL */
118
119/*
120 * Return false if we should drop a packet.
121 */
122bool
123ask_gremlin(int flags)
124{
125 const int up_down_level = GREMLIN_UP_DOWN_LEVEL(flags);
126 const int drop_level = GREMLIN_DROP_LEVEL(flags);
127
128 if (!initialized)
129 {
130 initialized = true;
131
132 if (up_down_level)
133 {
134 up = false;
135 }
136 else
137 {
138 up = true;
139 }
140
141 next = now;
142 }
143
144 if (up_down_level) /* change up/down state? */
145 {
146 if (now >= next)
147 {
148 int delta;
149 if (up)
150 {
151 delta = roll(down_low[up_down_level - 1], down_high[up_down_level - 1]);
152 up = false;
153 }
154 else
155 {
156 delta = roll(up_low[up_down_level - 1], up_high[up_down_level - 1]);
157 up = true;
158 }
159
160 msg(D_GREMLIN, "GREMLIN: CONNECTION GOING %s FOR %d SECONDS", (up ? "UP" : "DOWN"),
161 delta);
162 next = now + delta;
163 }
164 }
165
166 if (drop_level)
167 {
168 if (up && flip(drop_freq[drop_level - 1]))
169 {
170 dmsg(D_GREMLIN_VERBOSE, "GREMLIN: Random packet drop");
171 return false;
172 }
173 }
174
175 return up;
176}
177
178/*
179 * Possibly corrupt a packet.
180 */
181void
182corrupt_gremlin(struct buffer *buf, int flags)
183{
184 const int corrupt_level = GREMLIN_CORRUPT_LEVEL(flags);
185 if (corrupt_level)
186 {
187 if (flip(corrupt_freq[corrupt_level - 1]))
188 {
189 do
190 {
191 if (buf->len > 0)
192 {
193 uint8_t r = roll(0, 255);
194 int method = roll(0, 5);
195
196 switch (method)
197 {
198 case 0: /* corrupt the first byte */
199 *BPTR(buf) = r;
200 break;
201
202 case 1: /* corrupt the last byte */
203 *(BPTR(buf) + buf->len - 1) = r;
204 break;
205
206 case 2: /* corrupt a random byte */
207 *(BPTR(buf) + roll(0, buf->len - 1)) = r;
208 break;
209
210 case 3: /* append a random byte */
211 buf_write(buf, &r, 1);
212 break;
213
214 case 4: /* reduce length by 1 */
215 --buf->len;
216 break;
217
218 case 5: /* reduce length by a random amount */
219 buf->len -= roll(0, buf->len - 1);
220 break;
221 }
222 dmsg(D_GREMLIN_VERBOSE, "GREMLIN: Packet Corruption, method=%d", method);
223 }
224 else
225 {
226 break;
227 }
228 } while (flip(2)); /* a 50% chance we will corrupt again */
229 }
230 }
231}
232#endif /* ifdef ENABLE_DEBUG */
#define BPTR(buf)
Definition buffer.h:123
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition buffer.h:660
long int get_random(void)
Definition crypto.c:1716
Data Channel Cryptography Module.
#define D_GREMLIN_VERBOSE
Definition errlevel.h:159
#define D_GREMLIN
Definition errlevel.h:77
#define dmsg(flags,...)
Definition error.h:170
#define msg(flags,...)
Definition error.h:150
#define ASSERT(x)
Definition error.h:217
time_t now
Definition otime.c:33
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65