OpenVPN
mtcp.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include "multi.h"
30#include "forward.h"
31#include "mtcp.h"
32#include "multi_io.h"
33
34#include "memdbg.h"
35
36#ifdef HAVE_SYS_INOTIFY_H
37#include <sys/inotify.h>
38#endif
39
40struct ta_iow_flags
41{
42 unsigned int flags;
43 unsigned int ret;
44 unsigned int tun;
45 unsigned int sock;
46};
47
48struct multi_instance *
49multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
50{
51 struct gc_arena gc = gc_new();
52 struct multi_instance *mi = NULL;
53 struct hash *hash = m->hash;
54
55 mi = multi_create_instance(m, NULL, sock);
56 if (mi)
57 {
58 mi->real.proto = sock->info.proto;
59 struct hash_element *he;
60 const uint32_t hv = hash_value(hash, &mi->real);
61 struct hash_bucket *bucket = hash_bucket(hash, hv);
62
63 multi_assign_peer_id(m, mi);
64
65 he = hash_lookup_fast(hash, bucket, &mi->real, hv);
66
67 if (he)
68 {
69 struct multi_instance *oldmi = (struct multi_instance *)he->value;
70 msg(D_MULTI_LOW,
71 "MULTI TCP: new incoming client address matches existing client address -- new client takes precedence");
72 oldmi->did_real_hash = false;
73 multi_close_instance(m, oldmi, false);
74 he->key = &mi->real;
75 he->value = mi;
76 }
77 else
78 {
79 hash_add_fast(hash, bucket, &mi->real, hv, mi);
80 }
81
82 mi->did_real_hash = true;
83 }
84
85#ifdef ENABLE_DEBUG
86 if (mi)
87 {
88 dmsg(D_MULTI_DEBUG, "MULTI TCP: instance added: %s", mroute_addr_print(&mi->real, &gc));
89 }
90 else
91 {
92 dmsg(D_MULTI_DEBUG, "MULTI TCP: new client instance failed");
93 }
94#endif
95
96 gc_free(&gc);
97 ASSERT(!(mi && mi->halt));
98 return mi;
99}
100
101bool
102multi_tcp_instance_specific_init(struct multi_context *m, struct multi_instance *mi)
103{
104 /* buffer for queued TCP socket output packets */
105 mi->tcp_link_out_deferred = mbuf_init(m->top.options.n_bcast_buf);
106
107 ASSERT(mi->context.c2.link_sockets);
108 ASSERT(mi->context.c2.link_sockets[0]);
109 ASSERT(mi->context.c2.link_sockets[0]->info.lsa);
110 ASSERT(mi->context.c2.link_sockets[0]->mode == LS_MODE_TCP_ACCEPT_FROM);
111 ASSERT(mi->context.c2.link_sockets[0]->info.lsa->actual.dest.addr.sa.sa_family == AF_INET
112 || mi->context.c2.link_sockets[0]->info.lsa->actual.dest.addr.sa.sa_family == AF_INET6);
113 mi->real.proto = mi->context.c2.link_sockets[0]->info.proto;
114 if (!mroute_extract_openvpn_sockaddr(
115 &mi->real, &mi->context.c2.link_sockets[0]->info.lsa->actual.dest, true))
116 {
117 msg(D_MULTI_ERRORS, "MULTI TCP: TCP client address is undefined");
118 return false;
119 }
120 return true;
121}
122
123void
128
129void
130multi_tcp_delete_event(struct multi_io *multi_io, event_t event)
131{
132 if (multi_io && multi_io->es)
133 {
134 event_del(multi_io->es, event);
135 }
136}
137
138void
139multi_tcp_dereference_instance(struct multi_io *multi_io, struct multi_instance *mi)
140{
141 struct link_socket *sock = mi->context.c2.link_sockets[0];
142 if (sock && mi->socket_set_called)
143 {
144 event_del(multi_io->es, socket_event_handle(sock));
145 mi->socket_set_called = false;
146 }
147 multi_io->n_esr = 0;
148}
149
150bool
151multi_tcp_process_outgoing_link_ready(struct multi_context *m, struct multi_instance *mi,
152 const unsigned int mpp_flags)
153{
154 struct mbuf_item item;
155 bool ret = true;
156 ASSERT(mi);
157
158 /* extract from queue */
159 if (mbuf_extract_item(mi->tcp_link_out_deferred, &item)) /* ciphertext IP packet */
160 {
161 dmsg(D_MULTI_TCP, "MULTI TCP: transmitting previously deferred packet");
162
163 ASSERT(mi == item.instance);
164 mi->context.c2.to_link = item.buffer->buf;
165 ret = multi_process_outgoing_link_dowork(m, mi, mpp_flags);
166 if (!ret)
167 {
168 mi = NULL;
169 }
170 mbuf_free_buf(item.buffer);
171 }
172 return ret;
173}
174
175bool
176multi_tcp_process_outgoing_link(struct multi_context *m, bool defer, const unsigned int mpp_flags)
177{
178 struct multi_instance *mi = multi_process_outgoing_link_pre(m);
179 bool ret = true;
180
181 if (mi)
182 {
183 if ((defer && !proto_is_dgram(mi->context.c2.link_sockets[0]->info.proto))
184 || mbuf_defined(mi->tcp_link_out_deferred))
185 {
186 /* save to queue */
187 struct buffer *buf = &mi->context.c2.to_link;
188 if (BLEN(buf) > 0)
189 {
190 struct mbuf_buffer *mb = mbuf_alloc_buf(buf);
191 struct mbuf_item item;
192
193 set_prefix(mi);
194 dmsg(D_MULTI_TCP, "MULTI TCP: queuing deferred packet");
195 item.buffer = mb;
196 item.instance = mi;
197 mbuf_add_item(mi->tcp_link_out_deferred, &item);
198 mbuf_free_buf(mb);
199 buf_reset(buf);
200 ret = multi_process_post(m, mi, mpp_flags);
201 if (!ret)
202 {
203 mi = NULL;
204 }
205 clear_prefix();
206 }
207 }
208 else
209 {
210 ret = multi_process_outgoing_link_dowork(m, mi, mpp_flags);
211 if (!ret)
212 {
213 mi = NULL;
214 }
215 }
216 }
217 return ret;
218}
buf_reset
static void buf_reset(struct buffer *buf)
Definition buffer.h:303
BLEN
#define BLEN(buf)
Definition buffer.h:126
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1015
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1007
D_MULTI_ERRORS
#define D_MULTI_ERRORS
Definition errlevel.h:64
D_MULTI_DEBUG
#define D_MULTI_DEBUG
Definition errlevel.h:126
D_MULTI_TCP
#define D_MULTI_TCP
Definition errlevel.h:162
D_MULTI_LOW
#define D_MULTI_LOW
Definition errlevel.h:85
event_del
static void event_del(struct event_set *es, event_t event)
Definition event.h:177
forward.h
Interface functions to the internal and external multiplexers.
hash_lookup_fast
struct hash_element * hash_lookup_fast(struct hash *hash, struct hash_bucket *bucket, const void *key, uint32_t hv)
Definition list.c:81
hash_value
static uint32_t hash_value(const struct hash *hash, const void *key)
Definition list.h:107
hash_add_fast
static void hash_add_fast(struct hash *hash, struct hash_bucket *bucket, const void *key, uint32_t hv, void *value)
Definition list.h:149
mbuf_add_item
void mbuf_add_item(struct mbuf_set *ms, const struct mbuf_item *item)
Definition mbuf.c:88
mbuf_alloc_buf
struct mbuf_buffer * mbuf_alloc_buf(const struct buffer *buf)
Definition mbuf.c:64
mbuf_free_buf
void mbuf_free_buf(struct mbuf_buffer *mb)
Definition mbuf.c:75
mbuf_extract_item
bool mbuf_extract_item(struct mbuf_set *ms, struct mbuf_item *item)
Definition mbuf.c:110
mbuf_free
void mbuf_free(struct mbuf_set *ms)
Definition mbuf.c:48
mbuf_init
struct mbuf_set * mbuf_init(unsigned int size)
Definition mbuf.c:38
mbuf_defined
static bool mbuf_defined(const struct mbuf_set *ms)
Definition mbuf.h:79
mroute_extract_openvpn_sockaddr
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr, const struct openvpn_sockaddr *osaddr, bool use_port)
Definition mroute.c:254
mroute_addr_print
const char * mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc)
Definition mroute.c:371
multi_tcp_instance_specific_free
void multi_tcp_instance_specific_free(struct multi_instance *mi)
Definition mtcp.c:124
multi_create_instance_tcp
struct multi_instance * multi_create_instance_tcp(struct multi_context *m, struct link_socket *sock)
Definition mtcp.c:49
multi_tcp_delete_event
void multi_tcp_delete_event(struct multi_io *multi_io, event_t event)
Definition mtcp.c:130
multi_tcp_instance_specific_init
bool multi_tcp_instance_specific_init(struct multi_context *m, struct multi_instance *mi)
Definition mtcp.c:102
multi_tcp_process_outgoing_link
bool multi_tcp_process_outgoing_link(struct multi_context *m, bool defer, const unsigned int mpp_flags)
Definition mtcp.c:176
multi_tcp_process_outgoing_link_ready
bool multi_tcp_process_outgoing_link_ready(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
Definition mtcp.c:151
multi_tcp_dereference_instance
void multi_tcp_dereference_instance(struct multi_io *multi_io, struct multi_instance *mi)
Definition mtcp.c:139
multi_create_instance
struct multi_instance * multi_create_instance(struct multi_context *m, const struct mroute_addr *real, struct link_socket *sock)
Definition multi.c:732
multi_process_post
bool multi_process_post(struct multi_context *m, struct multi_instance *mi, const unsigned int flags)
Perform postprocessing of a VPN tunnel instance.
Definition multi.c:3013
multi_close_instance
void multi_close_instance(struct multi_context *m, struct multi_instance *mi, bool shutdown)
Definition multi.c:582
multi_assign_peer_id
void multi_assign_peer_id(struct multi_context *m, struct multi_instance *mi)
Assigns a peer-id to a a client and adds the instance to the the instances array of the multi_context...
Definition multi.c:4150
multi.h
Header file for server-mode related structures and functions.
set_prefix
static void set_prefix(struct multi_instance *mi)
Definition multi.h:521
clear_prefix
static void clear_prefix(void)
Definition multi.h:533
multi_process_outgoing_link_pre
static struct multi_instance * multi_process_outgoing_link_pre(struct multi_context *m)
Definition multi.h:411
multi_process_outgoing_link_dowork
static bool multi_process_outgoing_link_dowork(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
Definition multi.h:658
multi_io.h
dmsg
#define dmsg(flags,...)
Definition error.h:170
msg
#define msg(flags,...)
Definition error.h:150
ASSERT
#define ASSERT(x)
Definition error.h:217
socket_event_handle
static event_t socket_event_handle(const struct link_socket *sock)
Definition socket.h:738
LS_MODE_TCP_ACCEPT_FROM
#define LS_MODE_TCP_ACCEPT_FROM
Definition socket.h:181
proto_is_dgram
static bool proto_is_dgram(int proto)
Return if the protocol is datagram (UDP)
Definition socket_util.h:206
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
context_2::to_link
struct buffer to_link
Definition openvpn.h:377
context_2::link_sockets
struct link_socket ** link_sockets
Definition openvpn.h:237
context::c2
struct context_2 c2
Level 2 context.
Definition openvpn.h:517
context::options
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:475
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
hash_bucket
Definition list.h:51
hash_element
Definition list.h:43
hash_element::value
void * value
Definition list.h:44
hash_element::key
const void * key
Definition list.h:45
hash
Definition list.h:56
link_socket_actual::dest
struct openvpn_sockaddr dest
Definition socket_util.h:53
link_socket_addr::actual
struct link_socket_actual actual
Definition socket.h:82
link_socket_info::lsa
struct link_socket_addr * lsa
Definition socket.h:87
link_socket_info::proto
int proto
Definition socket.h:92
link_socket
Definition socket.h:148
link_socket::info
struct link_socket_info info
Definition socket.h:149
link_socket::mode
int mode
Definition socket.h:182
mbuf_buffer
Definition mbuf.h:41
mbuf_buffer::buf
struct buffer buf
Definition mbuf.h:42
mbuf_item
Definition mbuf.h:50
mbuf_item::buffer
struct mbuf_buffer * buffer
Definition mbuf.h:51
mbuf_item::instance
struct multi_instance * instance
Definition mbuf.h:52
mroute_addr::proto
uint8_t proto
Definition mroute.h:80
multi_context
Main OpenVPN server state structure.
Definition multi.h:164
multi_context::hash
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition multi.h:168
multi_context::top
struct context top
Storage structure for process-wide configuration.
Definition multi.h:203
multi_instance
Server-mode state structure for one single VPN tunnel.
Definition multi.h:103
multi_instance::tcp_link_out_deferred
struct mbuf_set * tcp_link_out_deferred
Definition multi.h:129
multi_instance::real
struct mroute_addr real
External network address of the remote peer.
Definition multi.h:122
multi_instance::socket_set_called
bool socket_set_called
Definition multi.h:130
multi_instance::did_real_hash
bool did_real_hash
Definition multi.h:135
multi_instance::halt
bool halt
Definition multi.h:114
multi_instance::context
struct context context
The context structure storing state for this VPN tunnel.
Definition multi.h:144
multi_io
Definition multi_io.h:52
multi_io::es
struct event_set * es
Definition multi_io.h:53
multi_io::n_esr
int n_esr
Definition multi_io.h:55
openvpn_sockaddr::addr
union openvpn_sockaddr::@27 addr
openvpn_sockaddr::sa
struct sockaddr sa
Definition socket_util.h:42
options::n_bcast_buf
int n_bcast_buf
Definition options.h:512
rw_handle
Definition win32.h:80
ta_iow_flags
Definition mtcp.c:41
ta_iow_flags::flags
unsigned int flags
Definition mtcp.c:42
ta_iow_flags::ret
unsigned int ret
Definition mtcp.c:43
ta_iow_flags::tun
unsigned int tun
Definition mtcp.c:44
ta_iow_flags::sock
unsigned int sock
Definition mtcp.c:45
gc
struct gc_arena gc
Definition test_ssl.c:154
Generated by doxygen 1.9.8