OpenVPN
mroute.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifndef MROUTE_H
24#define MROUTE_H
25
26#include "buffer.h"
27#include "list.h"
28#include "route.h"
29
30#include <stddef.h>
31
32#define IP_MCAST_SUBNET_MASK ((in_addr_t)240 << 24)
33#define IP_MCAST_NETWORK ((in_addr_t)224 << 24)
34
35/* Return status values for mroute_extract_addr_from_packet */
36
37#define MROUTE_EXTRACT_SUCCEEDED (1 << 0)
38#define MROUTE_EXTRACT_BCAST (1 << 1)
39#define MROUTE_EXTRACT_MCAST (1 << 2)
40#define MROUTE_EXTRACT_IGMP (1 << 3)
41
42#define MROUTE_SEC_EXTRACT_SUCCEEDED (1 << (0 + MROUTE_SEC_SHIFT))
43#define MROUTE_SEC_EXTRACT_BCAST (1 << (1 + MROUTE_SEC_SHIFT))
44#define MROUTE_SEC_EXTRACT_MCAST (1 << (2 + MROUTE_SEC_SHIFT))
45#define MROUTE_SEC_EXTRACT_IGMP (1 << (3 + MROUTE_SEC_SHIFT))
46
47#define MROUTE_SEC_SHIFT 4
48
49/*
50 * Choose the largest address possible with
51 * any of our supported types, which is IPv6
52 * with port number.
53 */
54#define MR_MAX_ADDR_LEN 20
55
56/*
57 * Address Types
58 */
59#define MR_ADDR_NONE 0
60#define MR_ADDR_ETHER 1
61#define MR_ADDR_IPV4 2
62#define MR_ADDR_IPV6 3
63#define MR_ADDR_MASK 3
64
65/* Address type mask indicating that port # is part of address */
66#define MR_WITH_PORT 4
67
68/* Address type mask indicating that netbits is part of address */
69#define MR_WITH_NETBITS 8
70
71/* Indicates than IPv4 addr was extracted from ARP packet */
72#define MR_ARP 16
73
74/* Address type mask indicating that proto # is part of address */
75#define MR_WITH_PROTO 32
76
78{
79 uint8_t len; /* length of address */
81 uint8_t type; /* MR_ADDR/MR_WITH flags */
82 uint8_t netbits; /* number of bits in network part of address,
83 * valid if MR_WITH_NETBITS is set */
84 union
85 {
86 uint8_t raw_addr[MR_MAX_ADDR_LEN]; /* actual address */
87 struct
88 {
92 struct
93 {
94 in_addr_t addr; /* _network order_ IPv4 address */
95 in_port_t port; /* _network order_ TCP/UDP port */
96 } v4;
97 struct
98 {
99 struct in6_addr addr;
100 in_port_t port; /* _network order_ TCP/UDP port */
101 } v6;
102 struct
103 {
105 in_addr_t addr; /* _network order_ IPv4 address */
107 };
108};
109
110/* Double-check that struct packing works as expected */
111static_assert(offsetof(struct mroute_addr, v4.port) == offsetof(struct mroute_addr, v4) + 4,
112 "Unexpected struct packing of v4");
113static_assert(offsetof(struct mroute_addr, v6.port) == offsetof(struct mroute_addr, v6) + 16,
114 "Unexpected struct packing of v6");
115static_assert(offsetof(struct mroute_addr, v4mappedv6.addr)
116 == offsetof(struct mroute_addr, v4mappedv6) + 12,
117 "Unexpected struct packing of v4mappedv6");
118
119/*
120 * Number of bits in an address. Should be raised for IPv6.
121 */
122#define MR_HELPER_NET_LEN 129
123
124/*
125 * Used to help maintain CIDR routing table.
126 */
128{
129 unsigned int cache_generation; /* incremented when route added */
130 int ageable_ttl_secs; /* host route cache entry time-to-live*/
131 int n_net_len; /* length of net_len array */
132 uint8_t net_len[MR_HELPER_NET_LEN]; /* CIDR netlengths in descending order */
133 int net_len_refcount[MR_HELPER_NET_LEN]; /* refcount of each netlength */
134};
135
136struct openvpn_sockaddr;
137
139 const struct openvpn_sockaddr *osaddr, bool use_port);
140
141bool mroute_learnable_address(const struct mroute_addr *addr, struct gc_arena *gc);
142
143uint32_t mroute_addr_hash_function(const void *key, uint32_t iv);
144
145bool mroute_addr_compare_function(const void *key1, const void *key2);
146
147void mroute_addr_init(struct mroute_addr *addr);
148
149const char *mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc);
150
151#define MAPF_SUBNET (1 << 0)
152#define MAPF_IA_EMPTY_IF_UNDEF (1 << 1)
153#define MAPF_SHOW_ARP (1 << 2)
154#define MAPF_SHOW_FAMILY (1 << 3)
155const char *mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags,
156 struct gc_arena *gc);
157
159
161
162void mroute_helper_free(struct mroute_helper *mh);
163
164void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits);
165
166void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits);
167
168unsigned int mroute_extract_addr_ip(struct mroute_addr *src, struct mroute_addr *dest,
169 const struct buffer *buf);
170
171unsigned int mroute_extract_addr_ether(struct mroute_addr *src, struct mroute_addr *dest,
172 uint16_t vid, const struct buffer *buf);
173
174/*
175 * Given a raw packet in buf, return the src and dest
176 * addresses of the packet.
177 */
178static inline unsigned int
179mroute_extract_addr_from_packet(struct mroute_addr *src, struct mroute_addr *dest, uint16_t vid,
180 const struct buffer *buf, int tunnel_type)
181{
182 unsigned int ret = 0;
183 verify_align_4(buf);
184
185 /*
186 * Since we don't really need the protocol on vaddresses for internal VPN
187 * payload packets, make sure we have the same value to avoid hashing insert
188 * and search issues.
189 */
190 src->proto = 0;
191 dest->proto = src->proto;
192
193 if (tunnel_type == DEV_TYPE_TUN)
194 {
195 ret = mroute_extract_addr_ip(src, dest, buf);
196 }
197 else if (tunnel_type == DEV_TYPE_TAP)
198 {
199 ret = mroute_extract_addr_ether(src, dest, vid, buf);
200 }
201 return ret;
202}
203
204static inline bool
205mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)
206{
207 if (a1->type != a2->type)
208 {
209 return false;
210 }
211 if (a1->proto != a2->proto)
212 {
213 return false;
214 }
215 if (a1->netbits != a2->netbits)
216 {
217 return false;
218 }
219 if (a1->len != a2->len)
220 {
221 return false;
222 }
223 return memcmp(a1->raw_addr, a2->raw_addr, a1->len) == 0;
224}
225
226static inline const uint8_t *
228{
229 /* NOTE: depends on ordering of struct mroute_addr */
230 return (uint8_t *)&a->proto;
231}
232
233static inline uint32_t
235{
236 return (uint32_t)a->len + 3;
237}
238
239static inline void
240mroute_extract_in_addr_t(struct mroute_addr *dest, const in_addr_t src)
241{
242 dest->type = MR_ADDR_IPV4;
243 dest->netbits = 0;
244 dest->len = 4;
245 dest->v4.addr = htonl(src);
246}
247
248static inline in_addr_t
250{
251 if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4)
252 {
253 return ntohl(addr->v4.addr);
254 }
255 else
256 {
257 return 0;
258 }
259}
260
261static inline void
263{
264 ma->len = 0;
265 ma->type = MR_ADDR_NONE;
266}
267
268#endif /* MROUTE_H */
#define verify_align_4(ptr)
Definition buffer.h:973
static const char *const key1
Definition cert_data.h:55
static uint32_t mroute_addr_hash_len(const struct mroute_addr *a)
Definition mroute.h:234
#define MR_MAX_ADDR_LEN
Definition mroute.h:54
void mroute_addr_mask_host_bits(struct mroute_addr *ma)
Definition mroute.c:318
void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits)
Definition mroute.c:520
unsigned int mroute_extract_addr_ip(struct mroute_addr *src, struct mroute_addr *dest, const struct buffer *buf)
Definition mroute.c:147
static unsigned int mroute_extract_addr_from_packet(struct mroute_addr *src, struct mroute_addr *dest, uint16_t vid, const struct buffer *buf, int tunnel_type)
Definition mroute.h:179
static in_addr_t in_addr_t_from_mroute_addr(const struct mroute_addr *addr)
Definition mroute.h:249
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition mroute.c:377
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr, const struct openvpn_sockaddr *osaddr, bool use_port)
Definition mroute.c:254
const char * mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc)
Definition mroute.c:371
static void mroute_extract_in_addr_t(struct mroute_addr *dest, const in_addr_t src)
Definition mroute.h:240
uint32_t mroute_addr_hash_function(const void *key, uint32_t iv)
Definition mroute.c:358
#define MR_ADDR_IPV4
Definition mroute.h:61
void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits)
Definition mroute.c:535
bool mroute_learnable_address(const struct mroute_addr *addr, struct gc_arena *gc)
Definition mroute.c:63
static const uint8_t * mroute_addr_hash_ptr(const struct mroute_addr *a)
Definition mroute.h:227
bool mroute_addr_compare_function(const void *key1, const void *key2)
Definition mroute.c:365
unsigned int mroute_extract_addr_ether(struct mroute_addr *src, struct mroute_addr *dest, uint16_t vid, const struct buffer *buf)
Definition mroute.c:222
struct mroute_helper * mroute_helper_init(int ageable_ttl_secs)
Definition mroute.c:482
#define MR_HELPER_NET_LEN
Definition mroute.h:122
void mroute_addr_init(struct mroute_addr *addr)
Definition mroute.c:38
static bool mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)
Definition mroute.h:205
#define MR_ADDR_MASK
Definition mroute.h:63
static void mroute_addr_reset(struct mroute_addr *ma)
Definition mroute.h:262
#define MR_ADDR_NONE
Definition mroute.h:59
void mroute_helper_free(struct mroute_helper *mh)
Definition mroute.c:551
#define DEV_TYPE_TAP
Definition proto.h:36
#define OPENVPN_ETH_ALEN
Definition proto.h:52
#define DEV_TYPE_TUN
Definition proto.h:35
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
Container for bidirectional cipher and HMAC key material.
Definition crypto.h:240
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152
uint8_t raw_addr[MR_MAX_ADDR_LEN]
Definition mroute.h:86
struct mroute_addr::@2::@7 v4mappedv6
uint16_t vid
Definition mroute.h:90
in_addr_t addr
Definition mroute.h:94
uint8_t prefix[12]
Definition mroute.h:104
struct mroute_addr::@2::@4 ether
struct mroute_addr::@2::@6 v6
uint8_t addr[OPENVPN_ETH_ALEN]
Definition mroute.h:89
struct mroute_addr::@2::@5 v4
uint8_t proto
Definition mroute.h:80
uint8_t type
Definition mroute.h:81
in_port_t port
Definition mroute.h:95
uint8_t len
Definition mroute.h:79
uint8_t netbits
Definition mroute.h:82
int ageable_ttl_secs
Definition mroute.h:130
int net_len_refcount[MR_HELPER_NET_LEN]
Definition mroute.h:133
unsigned int cache_generation
Definition mroute.h:129
uint8_t net_len[MR_HELPER_NET_LEN]
Definition mroute.h:132
int n_net_len
Definition mroute.h:131
union openvpn_sockaddr::@27 addr
struct gc_arena gc
Definition test_ssl.c:154