openvpn/mroute_8h_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single TCP/UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, write to the Free Software Foundation, Inc.,

 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

 */


#ifndef MROUTE_H

#define MROUTE_H


#include "buffer.h"

#include "list.h"

#include "route.h"


#include <stddef.h>


#define IP_MCAST_SUBNET_MASK  ((in_addr_t)240<<24)

#define IP_MCAST_NETWORK      ((in_addr_t)224<<24)


/* Return status values for mroute_extract_addr_from_packet */


#define MROUTE_EXTRACT_SUCCEEDED (1<<0)

#define MROUTE_EXTRACT_BCAST     (1<<1)

#define MROUTE_EXTRACT_MCAST     (1<<2)

#define MROUTE_EXTRACT_IGMP      (1<<3)


#define MROUTE_SEC_EXTRACT_SUCCEEDED (1<<(0+MROUTE_SEC_SHIFT))

#define MROUTE_SEC_EXTRACT_BCAST     (1<<(1+MROUTE_SEC_SHIFT))

#define MROUTE_SEC_EXTRACT_MCAST     (1<<(2+MROUTE_SEC_SHIFT))

#define MROUTE_SEC_EXTRACT_IGMP      (1<<(3+MROUTE_SEC_SHIFT))


#define MROUTE_SEC_SHIFT         4


/*

 * Choose the largest address possible with

 * any of our supported types, which is IPv6

 * with port number.

 */

#define MR_MAX_ADDR_LEN 20


/*

 * Address Types

 */

#define MR_ADDR_NONE             0

#define MR_ADDR_ETHER            1

#define MR_ADDR_IPV4             2

#define MR_ADDR_IPV6             3

#define MR_ADDR_MASK             3


/* Address type mask indicating that port # is part of address */

#define MR_WITH_PORT             4


/* Address type mask indicating that netbits is part of address */

#define MR_WITH_NETBITS          8


/* Indicates than IPv4 addr was extracted from ARP packet */

#define MR_ARP                   16


/* Address type mask indicating that proto # is part of address */

#define MR_WITH_PROTO            32


struct mroute_addr {

    uint8_t len;    /* length of address */

    uint8_t proto;

    uint8_t type;   /* MR_ADDR/MR_WITH flags */

    uint8_t netbits; /* number of bits in network part of address,

                      * valid if MR_WITH_NETBITS is set */

    union {

        uint8_t raw_addr[MR_MAX_ADDR_LEN]; /* actual address */

        struct {

            uint8_t addr[OPENVPN_ETH_ALEN];

            uint16_t vid;

        } ether;

        struct {

            in_addr_t addr;     /* _network order_ IPv4 address */

            in_port_t port;     /* _network order_ TCP/UDP port */

        } v4;

        struct {

            struct in6_addr addr;

            in_port_t port;     /* _network order_ TCP/UDP port */

        } v6;

        struct {

            uint8_t prefix[12];

            in_addr_t addr;     /* _network order_ IPv4 address */

        } v4mappedv6;

    };

};


/* Double-check that struct packing works as expected */

static_assert(offsetof(struct mroute_addr, v4.port) ==

              offsetof(struct mroute_addr, v4) + 4,

              "Unexpected struct packing of v4");

static_assert(offsetof(struct mroute_addr, v6.port) ==

              offsetof(struct mroute_addr, v6) + 16,

              "Unexpected struct packing of v6");

static_assert(offsetof(struct mroute_addr, v4mappedv6.addr) ==

              offsetof(struct mroute_addr, v4mappedv6) + 12,

              "Unexpected struct packing of v4mappedv6");


/*

 * Number of bits in an address.  Should be raised for IPv6.

 */

#define MR_HELPER_NET_LEN 129


/*

 * Used to help maintain CIDR routing table.

 */


struct mroute_helper {

    unsigned int cache_generation; /* incremented when route added */

    int ageable_ttl_secs;        /* host route cache entry time-to-live*/

    int n_net_len;               /* length of net_len array */

    uint8_t net_len[MR_HELPER_NET_LEN];    /* CIDR netlengths in descending order */

    int net_len_refcount[MR_HELPER_NET_LEN]; /* refcount of each netlength */

};


struct openvpn_sockaddr;


bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr,

                                     const struct openvpn_sockaddr *osaddr,

                                     bool use_port);


bool mroute_learnable_address(const struct mroute_addr *addr,

                              struct gc_arena *gc);


uint32_t mroute_addr_hash_function(const void *key, uint32_t iv);


bool mroute_addr_compare_function(const void *key1, const void *key2);


void mroute_addr_init(struct mroute_addr *addr);


const char *mroute_addr_print(const struct mroute_addr *ma,

                              struct gc_arena *gc);


#define MAPF_SUBNET            (1<<0)

#define MAPF_IA_EMPTY_IF_UNDEF (1<<1)

#define MAPF_SHOW_ARP          (1<<2)

const char *mroute_addr_print_ex(const struct mroute_addr *ma,

                                 const unsigned int flags,

                                 struct gc_arena *gc);


void mroute_addr_mask_host_bits(struct mroute_addr *ma);


struct mroute_helper *mroute_helper_init(int ageable_ttl_secs);


void mroute_helper_free(struct mroute_helper *mh);


void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits);


void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits);


unsigned int mroute_extract_addr_ip(struct mroute_addr *src,

                                    struct mroute_addr *dest,

                                    const struct buffer *buf);


unsigned int mroute_extract_addr_ether(struct mroute_addr *src,

                                       struct mroute_addr *dest,

                                       uint16_t vid,

                                       const struct buffer *buf);


/*

 * Given a raw packet in buf, return the src and dest

 * addresses of the packet.

 */

static inline unsigned int


mroute_extract_addr_from_packet(struct mroute_addr *src,

                                struct mroute_addr *dest,

                                uint16_t vid,

                                const struct buffer *buf,

                                int tunnel_type)

{

    unsigned int ret = 0;

    verify_align_4(buf);


    /*

     * Since we don't really need the protocol on vaddresses for internal VPN

     * payload packets, make sure we have the same value to avoid hashing insert

     * and search issues.

     */

    src->proto = 0;

    dest->proto = src->proto;


    if (tunnel_type == DEV_TYPE_TUN)

    {

        ret = mroute_extract_addr_ip(src, dest, buf);

    }

    else if (tunnel_type == DEV_TYPE_TAP)

    {

        ret = mroute_extract_addr_ether(src, dest, vid, buf);

    }

    return ret;

}


static inline bool


mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)

{

    if (a1->type != a2->type)

    {

        return false;

    }

    if (a1->proto != a2->proto)

    {

        return false;

    }

    if (a1->netbits != a2->netbits)

    {

        return false;

    }

    if (a1->len != a2->len)

    {

        return false;

    }

    return memcmp(a1->raw_addr, a2->raw_addr, a1->len) == 0;

}


static inline const uint8_t *


mroute_addr_hash_ptr(const struct mroute_addr *a)

{

    /* NOTE: depends on ordering of struct mroute_addr */

    return (uint8_t *) &a->proto;

}


static inline uint32_t


mroute_addr_hash_len(const struct mroute_addr *a)

{

    return (uint32_t) a->len + 3;

}


static inline void


mroute_extract_in_addr_t(struct mroute_addr *dest, const in_addr_t src)

{

    dest->type = MR_ADDR_IPV4;

    dest->netbits = 0;

    dest->len = 4;

    dest->v4.addr = htonl(src);

}


static inline in_addr_t


in_addr_t_from_mroute_addr(const struct mroute_addr *addr)

{

    if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4)

    {

        return ntohl(addr->v4.addr);

    }

    else

    {

        return 0;

    }

}


static inline void


mroute_addr_reset(struct mroute_addr *ma)

{

    ma->len = 0;

    ma->type = MR_ADDR_NONE;

}


#endif /* MROUTE_H */

buffer.h

verify_align_4
#define verify_align_4(ptr)
Definition buffer.h:991

key1
static const char *const key1
Definition cert_data.h:56

list.h

mroute_addr_hash_len
static uint32_t mroute_addr_hash_len(const struct mroute_addr *a)
Definition mroute.h:239

MR_MAX_ADDR_LEN
#define MR_MAX_ADDR_LEN
Definition mroute.h:55

mroute_addr_mask_host_bits
void mroute_addr_mask_host_bits(struct mroute_addr *ma)
Definition mroute.c:329

mroute_helper_add_iroute46
void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits)
Definition mroute.c:526

mroute_extract_addr_ip
unsigned int mroute_extract_addr_ip(struct mroute_addr *src, struct mroute_addr *dest, const struct buffer *buf)
Definition mroute.c:151

mroute_extract_addr_from_packet
static unsigned int mroute_extract_addr_from_packet(struct mroute_addr *src, struct mroute_addr *dest, uint16_t vid, const struct buffer *buf, int tunnel_type)
Definition mroute.h:181

in_addr_t_from_mroute_addr
static in_addr_t in_addr_t_from_mroute_addr(const struct mroute_addr *addr)
Definition mroute.h:254

mroute_addr_print_ex
const char * mroute_addr_print_ex(const struct mroute_addr *ma, const unsigned int flags, struct gc_arena *gc)
Definition mroute.c:391

mroute_extract_openvpn_sockaddr
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr, const struct openvpn_sockaddr *osaddr, bool use_port)
Definition mroute.c:264

mroute_addr_print
const char * mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc)
Definition mroute.c:384

mroute_extract_in_addr_t
static void mroute_extract_in_addr_t(struct mroute_addr *dest, const in_addr_t src)
Definition mroute.h:245

mroute_addr_hash_function
uint32_t mroute_addr_hash_function(const void *key, uint32_t iv)
Definition mroute.c:369

MR_ADDR_IPV4
#define MR_ADDR_IPV4
Definition mroute.h:62

mroute_helper_del_iroute46
void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits)
Definition mroute.c:541

mroute_learnable_address
bool mroute_learnable_address(const struct mroute_addr *addr, struct gc_arena *gc)
Definition mroute.c:65

mroute_addr_hash_ptr
static const uint8_t * mroute_addr_hash_ptr(const struct mroute_addr *a)
Definition mroute.h:232

mroute_addr_compare_function
bool mroute_addr_compare_function(const void *key1, const void *key2)
Definition mroute.c:377

mroute_extract_addr_ether
unsigned int mroute_extract_addr_ether(struct mroute_addr *src, struct mroute_addr *dest, uint16_t vid, const struct buffer *buf)
Definition mroute.c:229

mroute_helper_init
struct mroute_helper * mroute_helper_init(int ageable_ttl_secs)
Definition mroute.c:488

MR_HELPER_NET_LEN
#define MR_HELPER_NET_LEN
Definition mroute.h:119

mroute_addr_init
void mroute_addr_init(struct mroute_addr *addr)
Definition mroute.c:39

mroute_addr_equal
static bool mroute_addr_equal(const struct mroute_addr *a1, const struct mroute_addr *a2)
Definition mroute.h:210

MR_ADDR_MASK
#define MR_ADDR_MASK
Definition mroute.h:64

mroute_addr_reset
static void mroute_addr_reset(struct mroute_addr *ma)
Definition mroute.h:267

MR_ADDR_NONE
#define MR_ADDR_NONE
Definition mroute.h:60

mroute_helper_free
void mroute_helper_free(struct mroute_helper *mh)
Definition mroute.c:557

DEV_TYPE_TAP
#define DEV_TYPE_TAP
Definition proto.h:37

OPENVPN_ETH_ALEN
#define OPENVPN_ETH_ALEN
Definition proto.h:53

DEV_TYPE_TUN
#define DEV_TYPE_TUN
Definition proto.h:36

route.h

buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:61

gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:117

key2
Container for bidirectional cipher and HMAC key material.
Definition crypto.h:239

key
Container for unidirectional cipher and HMAC key material.
Definition crypto.h:152

mroute_addr
Definition mroute.h:78

mroute_addr::raw_addr
uint8_t raw_addr[MR_MAX_ADDR_LEN]
Definition mroute.h:85

mroute_addr::v4mappedv6
struct mroute_addr::@2::@7 v4mappedv6

mroute_addr::vid
uint16_t vid
Definition mroute.h:88

mroute_addr::addr
in_addr_t addr
Definition mroute.h:91

mroute_addr::prefix
uint8_t prefix[12]
Definition mroute.h:99

mroute_addr::ether
struct mroute_addr::@2::@4 ether

mroute_addr::v6
struct mroute_addr::@2::@6 v6

mroute_addr::addr
uint8_t addr[OPENVPN_ETH_ALEN]
Definition mroute.h:87

mroute_addr::v4
struct mroute_addr::@2::@5 v4

mroute_addr::proto
uint8_t proto
Definition mroute.h:80

mroute_addr::type
uint8_t type
Definition mroute.h:81

mroute_addr::port
in_port_t port
Definition mroute.h:92

mroute_addr::len
uint8_t len
Definition mroute.h:79

mroute_addr::netbits
uint8_t netbits
Definition mroute.h:82

mroute_helper
Definition mroute.h:124

mroute_helper::ageable_ttl_secs
int ageable_ttl_secs
Definition mroute.h:126

mroute_helper::net_len_refcount
int net_len_refcount[MR_HELPER_NET_LEN]
Definition mroute.h:129

mroute_helper::cache_generation
unsigned int cache_generation
Definition mroute.h:125

mroute_helper::net_len
uint8_t net_len[MR_HELPER_NET_LEN]
Definition mroute.h:128

mroute_helper::n_net_len
int n_net_len
Definition mroute.h:127

openvpn_sockaddr
Definition socket.h:66

openvpn_sockaddr::addr
union openvpn_sockaddr::@20 addr

gc
struct gc_arena gc
Definition test_ssl.c:155