mroute.h

Go to the documentation of this file.

/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, see <https://www.gnu.org/licenses/>.
 */
 
#ifndef MROUTE_H
#define MROUTE_H
 
#include "buffer.h"
#include "list.h"
#include "route.h"
 
#include <stddef.h>
 
#define IP_MCAST_SUBNET_MASK ((in_addr_t)240 << 24)
#define IP_MCAST_NETWORK     ((in_addr_t)224 << 24)
 
/* Return status values for mroute_extract_addr_from_packet */
 
#define MROUTE_EXTRACT_SUCCEEDED (1 << 0)
#define MROUTE_EXTRACT_BCAST     (1 << 1)
#define MROUTE_EXTRACT_MCAST     (1 << 2)
#define MROUTE_EXTRACT_IGMP      (1 << 3)
 
#define MROUTE_SEC_EXTRACT_SUCCEEDED (1 << (0 + MROUTE_SEC_SHIFT))
#define MROUTE_SEC_EXTRACT_BCAST     (1 << (1 + MROUTE_SEC_SHIFT))
#define MROUTE_SEC_EXTRACT_MCAST     (1 << (2 + MROUTE_SEC_SHIFT))
#define MROUTE_SEC_EXTRACT_IGMP      (1 << (3 + MROUTE_SEC_SHIFT))
 
#define MROUTE_SEC_SHIFT 4
 
/*
 * Choose the largest address possible with
 * any of our supported types, which is IPv6
 * with port number.
 */
#define MR_MAX_ADDR_LEN 20
 
/*
 * Address Types
 */
#define MR_ADDR_NONE  0
#define MR_ADDR_ETHER 1
#define MR_ADDR_IPV4  2
#define MR_ADDR_IPV6  3
#define MR_ADDR_MASK  3
 
/* Address type mask indicating that port # is part of address */
#define MR_WITH_PORT 4
 
/* Address type mask indicating that netbits is part of address */
#define MR_WITH_NETBITS 8
 
/* Indicates than IPv4 addr was extracted from ARP packet */
#define MR_ARP 16
 
/* Address type mask indicating that proto # is part of address */
#define MR_WITH_PROTO 32
 
struct mroute_addr
{
    uint8_t len;     /* length of address */
    uint8_t proto;
    uint8_t type;    /* MR_ADDR/MR_WITH flags */
    uint8_t netbits; /* number of bits in network part of address,
                      * valid if MR_WITH_NETBITS is set */
    union
    {
        uint8_t raw_addr[MR_MAX_ADDR_LEN]; /* actual address */
        struct
        {
            uint8_t addr[OPENVPN_ETH_ALEN];
            uint16_t vid;
        } ether;
        struct
        {
            in_addr_t addr; /* _network order_ IPv4 address */
            in_port_t port; /* _network order_ TCP/UDP port */
        } v4;
        struct
        {
            struct in6_addr addr;
            in_port_t port; /* _network order_ TCP/UDP port */
        } v6;
        struct
        {
            uint8_t prefix[12];
            in_addr_t addr; /* _network order_ IPv4 address */
        } v4mappedv6;
    };
};
 
/* Double-check that struct packing works as expected */
static_assert(offsetof(struct mroute_addr, v4.port) == offsetof(struct mroute_addr, v4) + 4,
              "Unexpected struct packing of v4");
static_assert(offsetof(struct mroute_addr, v6.port) == offsetof(struct mroute_addr, v6) + 16,
              "Unexpected struct packing of v6");
static_assert(offsetof(struct mroute_addr, v4mappedv6.addr)
                  == offsetof(struct mroute_addr, v4mappedv6) + 12,
              "Unexpected struct packing of v4mappedv6");
 
/*
 * Number of bits in an address.  Should be raised for IPv6.
 */
#define MR_HELPER_NET_LEN 129
 
/*
 * Used to help maintain CIDR routing table.
 */
struct mroute_helper
{
    unsigned int cache_generation;           /* incremented when route added */
    int ageable_ttl_secs;                    /* host route cache entry time-to-live*/
    int n_net_len;                           /* length of net_len array */
    uint8_t net_len[MR_HELPER_NET_LEN];      /* CIDR netlengths in descending order */
    int net_len_refcount[MR_HELPER_NET_LEN]; /* refcount of each netlength */
};
 
struct openvpn_sockaddr;
 
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr,
                                     const struct openvpn_sockaddr *osaddr, bool use_port);
 
bool mroute_learnable_address(const struct mroute_addr *addr, struct gc_arena *gc);
 
uint32_t mroute_addr_hash_function(const void *key, uint32_t iv);
 
bool mroute_addr_compare_function(const void *key1, const void *key2);
 
void mroute_addr_init(struct mroute_addr *addr);
 
const char *mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc);
 
#define MAPF_SUBNET            (1 << 0)
#define MAPF_IA_EMPTY_IF_UNDEF (1 << 1)
#define MAPF_SHOW_ARP          (1 << 2)
#define MAPF_SHOW_FAMILY       (1 << 3)
const char *mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags,
                                 struct gc_arena *gc);
 
void mroute_addr_mask_host_bits(struct mroute_addr *ma);
 
struct mroute_helper *mroute_helper_init(int ageable_ttl_secs);
 
void mroute_helper_free(struct mroute_helper *mh);
 
void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits);
 
void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits);
 
unsigned int mroute_extract_addr_ip(struct mroute_addr *src, struct mroute_addr *dest,
                                    const struct buffer *buf);
 
unsigned int mroute_extract_addr_ether(struct mroute_addr *src, struct mroute_addr *dest,
                                       uint16_t vid, const struct buffer *buf);
 
/*
 * Given a raw packet in buf, return the src and dest
 * addresses of the packet.
 */
static inline unsigned int
mroute_extract_addr_from_packet(struct mroute_addr *src, struct mroute_addr *dest, uint16_t vid,
                                const struct buffer *buf, int tunnel_type)
{
    unsigned int ret = 0;
    verify_align_4(buf);
 
    /*
     * Since we don't really need the protocol on vaddresses for internal VPN
     * payload packets, make sure we have the same value to avoid hashing insert
     * and search issues.
     */
    src->proto = 0;
    dest->proto = src->proto;
 
    if (tunnel_type == DEV_TYPE_TUN)
    {
        ret = mroute_extract_addr_ip(src, dest, buf);
    }
    else if (tunnel_type == DEV_TYPE_TAP)
    {
        ret = mroute_extract_addr_ether(src, dest, vid, buf);
    }
    return ret;
}
 
static inline bool
mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)
{
    if (a1->type != a2->type)
    {
        return false;
    }
    if (a1->proto != a2->proto)
    {
        return false;
    }
    if (a1->netbits != a2->netbits)
    {
        return false;
    }
    if (a1->len != a2->len)
    {
        return false;
    }
    return memcmp(a1->raw_addr, a2->raw_addr, a1->len) == 0;
}
 
static inline const uint8_t *
mroute_addr_hash_ptr(const struct mroute_addr *a)
{
    /* NOTE: depends on ordering of struct mroute_addr */
    return (uint8_t *)&a->proto;
}
 
static inline uint32_t
mroute_addr_hash_len(const struct mroute_addr *a)
{
    return (uint32_t)a->len + 3;
}
 
static inline void
mroute_extract_in_addr_t(struct mroute_addr *dest, const in_addr_t src)
{
    dest->type = MR_ADDR_IPV4;
    dest->netbits = 0;
    dest->len = 4;
    dest->v4.addr = htonl(src);
}
 
static inline in_addr_t
in_addr_t_from_mroute_addr(const struct mroute_addr *addr)
{
    if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4)
    {
        return ntohl(addr->v4.addr);
    }
    else
    {
        return 0;
    }
}
 
static inline void
mroute_addr_reset(struct mroute_addr *ma)
{
    ma->len = 0;
    ma->type = MR_ADDR_NONE;
}
 
#endif /* MROUTE_H */