OpenVPN
mudp.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifdef HAVE_CONFIG_H
24#include "config.h"
25#endif
26
27#include "syshead.h"
28
29#include "multi.h"
30#include <inttypes.h>
31#include "forward.h"
32
33#include "memdbg.h"
34#include "ssl_pkt.h"
35
36#ifdef HAVE_SYS_INOTIFY_H
37#include <sys/inotify.h>
38#endif
39
40static void
42 struct tls_auth_standalone *tas, struct session_id *sid,
43 bool request_resend_wkc, struct link_socket *sock)
44{
47 uint8_t header = 0 | (P_CONTROL_HARD_RESET_SERVER_V2 << P_OPCODE_SHIFT);
48 struct buffer buf = tls_reset_standalone(&state->tls_wrap_tmp, tas, sid,
49 &state->peer_session_id, header, request_resend_wkc);
50
51 struct context *c = &m->top;
52
53 /* dco-win server requires prepend with sockaddr, so preserve offset */
55
56 buf_copy(&c->c2.buffers->aux_buf, &buf);
57
58 /*
59 * We do not want to keep any state here, so we send the reply to the
60 * initial packet synchronously without queueing anything.
61 *
62 * If we hit EAGAIN on a busy socket, the packet will be lost and the
63 * client will have to retransmit its HARD_RESET. This is considered an
64 * acceptable compromise to avoid consuming server resources under attack.
65 */
66 msg_set_prefix("Connection Attempt");
67 c->c2.to_link = c->c2.buffers->aux_buf;
68 c->c2.to_link_addr = &c->c2.from;
69 msg(D_MULTI_DEBUG, "Reset packet from client, sending HMAC based reset challenge");
70 process_outgoing_link(c, sock);
71 c->c2.to_link.len = 0;
72 c->c2.to_link_addr = NULL;
73 msg_set_prefix(NULL);
74}
75
76
77/* Returns true if this packet should create a new session */
78static bool
80 struct mroute_addr addr, struct link_socket *sock)
81{
83
84 enum first_packet_verdict verdict;
85
87
88 verdict = tls_pre_decrypt_lite(tas, state, &m->top.c2.from, &m->top.c2.buf);
89
91 struct openvpn_sockaddr *from = &m->top.c2.from.dest;
92 int handwindow = m->top.options.handshake_window;
93
94 if (verdict == VERDICT_VALID_RESET_V3 || verdict == VERDICT_VALID_RESET_V2)
95 {
96 /* Check if we are still below our limit for sending out
97 * responses */
99 {
100 return false;
101 }
102 }
103
104 if (verdict == VERDICT_VALID_RESET_V3)
105 {
106 /* Extract the packet id to check if it has the special format that
107 * indicates early negotiation support */
108 struct packet_id_net pin;
109 struct buffer tmp = m->top.c2.buf;
111 ASSERT(packet_id_read(&pin, &tmp, true));
112
113 /* The most significant byte is 0x0f if early negotiation is supported */
115
116 /* All clients that support early negotiation and tls-crypt are assumed
117 * to also support resending the WKc in the 2nd packet */
119 {
120 /* Calculate the session ID HMAC for our reply and create reset packet */
121 struct session_id sid =
122 calculate_session_id_hmac(state->peer_session_id, from, hmac, handwindow, 0);
123 send_hmac_reset_packet(m, state, tas, &sid, true, sock);
124
125 return false;
126 }
127 else
128 {
129 /* For tls-crypt-v2 we need to keep the state of the first packet
130 * to store the unwrapped key if the client doesn't support resending
131 * the wrapped key. Unless the user specifically disallowed
132 * compatibility with such clients to avoid state exhaustion */
134 {
135 struct gc_arena gc = gc_new();
136 const char *peer = print_link_socket_actual(&m->top.c2.from, &gc);
138 "tls-crypt-v2 force-cookie is enabled, "
139 "ignoring connection attempt from old client (%s)",
140 peer);
141 gc_free(&gc);
142 return false;
143 }
144 else
145 {
146 return true;
147 }
148 }
149 }
150 else if (verdict == VERDICT_VALID_RESET_V2)
151 {
152 /* Calculate the session ID HMAC for our reply and create reset packet */
153 struct session_id sid =
154 calculate_session_id_hmac(state->peer_session_id, from, hmac, handwindow, 0);
155
156 send_hmac_reset_packet(m, state, tas, &sid, false, sock);
157
158 /* We have a reply do not create a new session */
159 return false;
160 }
161 else if (verdict == VERDICT_VALID_CONTROL_V1 || verdict == VERDICT_VALID_ACK_V1
162 || verdict == VERDICT_VALID_WKC_V1)
163 {
164 /* ACK_V1 contains the peer id (our id) while CONTROL_V1 can but does not
165 * need to contain the peer id */
166 struct gc_arena gc = gc_new();
167
168 bool pkt_is_ack = (verdict == VERDICT_VALID_ACK_V1);
169 bool ret = check_session_hmac_and_pkt_id(state, from, hmac, handwindow, pkt_is_ack);
170
171 const char *peer = print_link_socket_actual(&m->top.c2.from, &gc);
172 uint8_t pkt_firstbyte = *BPTR(&m->top.c2.buf);
173 int op = pkt_firstbyte >> P_OPCODE_SHIFT;
174
175 if (!ret)
176 {
177 msg(D_MULTI_MEDIUM, "Packet (%s) with invalid or missing SID from"
178 " %s or wrong packet id",
179 packet_opcode_name(op), peer);
180 }
181 else
182 {
184 "Valid packet (%s) with HMAC challenge from peer (%s), "
185 "accepting new connection.",
186 packet_opcode_name(op), peer);
187 }
188 gc_free(&gc);
189
190 return ret;
191 }
192
193 /* VERDICT_INVALID */
194 return false;
195}
196
204static struct multi_instance *
206 struct link_socket *sock,
207 struct mroute_addr *real,
208 const uint64_t hv,
209 struct hash_bucket *bucket)
210{
211 struct hash *hash = m->hash;
212 struct tls_pre_decrypt_state state = { 0 };
213 struct multi_instance *mi = NULL;
214 struct gc_arena gc = gc_new();
215
217 {
219 "MULTI: Connection attempt from %s ignored while server is "
220 "shutting down",
221 mroute_addr_print(real, &gc));
222 }
223 else if (do_pre_decrypt_check(m, &state, *real, sock))
224 {
225 /* This is an unknown session but with valid tls-auth/tls-crypt
226 * (or no auth at all). If this is the initial packet of a
227 * session, we just send a reply with a HMAC session id and
228 * do not generate a session slot */
229
231 {
232 /* a successful three-way handshake only counts against
233 * connect-freq but not against connect-freq-initial */
235
236 mi = multi_create_instance(m, real, sock);
237 if (mi)
238 {
239 hash_add_fast(hash, bucket, &mi->real, hv, mi);
240 mi->did_real_hash = true;
242
243 /* If we have a session id already, ensure that the
244 * state is using the same */
247 {
249 struct tls_session *session =
252 }
253 }
254 }
255 else
256 {
258 "MULTI: Connection from %s would exceed new connection frequency limit as controlled by --connect-freq",
259 mroute_addr_print(real, &gc));
260 }
261 }
263 gc_free(&gc);
264 return mi;
265}
266
272struct multi_instance *
273multi_get_create_instance_udp(struct multi_context *m, bool *floated, struct link_socket *sock)
274{
275 struct gc_arena gc = gc_new();
276 struct mroute_addr real = { 0 };
277 struct multi_instance *mi = NULL;
278 struct hash *hash = m->hash;
279 real.proto = sock->info.proto;
280
281 if (mroute_extract_openvpn_sockaddr(&real, &m->top.c2.from.dest, true) && m->top.c2.buf.len > 0)
282 {
283 struct hash_element *he;
284 const uint64_t hv = hash_value(hash, &real);
285 struct hash_bucket *bucket = hash_bucket(hash, hv);
286 uint8_t *ptr = BPTR(&m->top.c2.buf);
287 uint8_t op = ptr[0] >> P_OPCODE_SHIFT;
288 bool v2 = (op == P_DATA_V2) && (m->top.c2.buf.len >= (1 + 3));
289 bool peer_id_disabled = false;
290
291 /* make sure buffer has enough length to read opcode (1 byte) and peer-id (3 bytes) */
292 if (v2)
293 {
294 uint32_t peer_id = ((uint32_t)ptr[1] << 16) | ((uint32_t)ptr[2] << 8) | ((uint32_t)ptr[3]);
295 peer_id_disabled = (peer_id == MAX_PEER_ID);
296
297 if (!peer_id_disabled && (peer_id < m->max_clients) && m->instances[peer_id])
298 {
299 /* Floating on TCP will never be possible, so ensure we only process
300 * UDP clients */
301 if (m->instances[peer_id]->context.c2.link_sockets[0]->info.proto
302 == sock->info.proto)
303 {
304 mi = m->instances[peer_id];
305 *floated = !link_socket_actual_match(&mi->context.c2.from, &m->top.c2.from);
306
307 if (*floated)
308 {
309 /* reset prefix, since here we are not sure peer is the one it claims to be
310 */
312 msg(D_MULTI_MEDIUM, "Float requested for peer %" PRIu32 " to %s", peer_id,
313 mroute_addr_print(&real, &gc));
314 }
315 }
316 }
317 }
318 if (!v2 || peer_id_disabled)
319 {
320 he = hash_lookup_fast(hash, bucket, &real, hv);
321 if (he)
322 {
323 mi = (struct multi_instance *)he->value;
324 }
325 }
326
327 /* we have no existing multi instance for this connection */
328 if (!mi)
329 {
330 mi = handle_connection_attempt(m, sock, &real, hv, bucket);
331 }
332
333#ifdef ENABLE_DEBUG
335 {
336 const char *status = mi ? "[ok]" : "[failed]";
337
338 dmsg(D_MULTI_DEBUG, "GET INST BY REAL: %s %s", mroute_addr_print(&real, &gc), status);
339 }
340#endif
341 }
342
343 gc_free(&gc);
344 ASSERT(!(mi && mi->halt));
345 return mi;
346}
347
348/*
349 * Send a packet to UDP socket.
350 */
351static inline void
352multi_process_outgoing_link(struct multi_context *m, const unsigned int mpp_flags)
353{
355 if (mi)
356 {
357 multi_process_outgoing_link_dowork(m, mi, mpp_flags);
358 }
359}
360
361/*
362 * Process a UDP socket event.
363 */
364void
365multi_process_io_udp(struct multi_context *m, struct link_socket *sock, unsigned int rwflags)
366{
367 const unsigned int mpp_flags = (MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL);
368
369 /* UDP port ready to accept write */
370 if (rwflags & SOCKET_WRITE)
371 {
372 multi_process_outgoing_link(m, mpp_flags);
373 }
374 /* Incoming data on UDP port */
375 else if (rwflags & SOCKET_READ)
376 {
377 read_incoming_link(&m->top, sock);
378 if (!IS_SIG(&m->top))
379 {
380 multi_process_incoming_link(m, NULL, mpp_flags, sock);
381 }
382 }
383}
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition buffer.h:705
#define BPTR(buf)
Definition buffer.h:123
static bool buf_advance(struct buffer *buf, ssize_t size)
Definition buffer.h:617
static void gc_free(struct gc_arena *a)
Definition buffer.h:1049
#define buf_init(buf, offset)
Definition buffer.h:210
static struct gc_arena gc_new(void)
Definition buffer.h:1041
#define CO_FORCE_TLSCRYPTV2_COOKIE
Bit-flag indicating that we do not allow clients that do not support resending the wrapped client key...
Definition crypto.h:367
#define D_MULTI_ERRORS
Definition errlevel.h:64
#define D_MULTI_MEDIUM
Definition errlevel.h:101
#define D_MULTI_DEBUG
Definition errlevel.h:126
#define SOCKET_READ
Definition event.h:60
#define SOCKET_WRITE
Definition event.h:61
Interface functions to the internal and external multiplexers.
#define TM_INITIAL
As yet un-trusted tls_session \ being negotiated.
Definition ssl_common.h:545
enum first_packet_verdict tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, struct tls_pre_decrypt_state *state, const struct link_socket_actual *from, const struct buffer *buf)
Inspect an incoming packet for which no VPN tunnel is active, and determine whether a new VPN tunnel ...
Definition ssl_pkt.c:294
bool multi_process_incoming_link(struct multi_context *m, struct multi_instance *instance, const unsigned int mpp_flags, struct link_socket *sock)
Demultiplex and process a packet received over the external network interface.
Definition multi.c:3306
void process_outgoing_link(struct context *c, struct link_socket *sock)
Write a packet to the external network interface.
Definition forward.c:1748
void read_incoming_link(struct context *c, struct link_socket *sock)
Read a packet from the external network interface.
Definition forward.c:926
struct multi_instance * multi_get_create_instance_udp(struct multi_context *m, bool *floated, struct link_socket *sock)
Get a client instance based on real address.
Definition mudp.c:273
static SERVICE_STATUS status
Definition interactive.c:52
struct hash_element * hash_lookup_fast(struct hash *hash, struct hash_bucket *bucket, const void *key, uint64_t hv)
Definition list.c:79
static void hash_add_fast(struct hash *hash, struct hash_bucket *bucket, const void *key, uint64_t hv, void *value)
Definition list.h:146
static uint64_t hash_value(const struct hash *hash, const void *key)
Definition list.h:104
bool mroute_extract_openvpn_sockaddr(struct mroute_addr *addr, const struct openvpn_sockaddr *osaddr, bool use_port)
Definition mroute.c:254
const char * mroute_addr_print(const struct mroute_addr *ma, struct gc_arena *gc)
Definition mroute.c:371
static struct multi_instance * handle_connection_attempt(struct multi_context *m, struct link_socket *sock, struct mroute_addr *real, const uint64_t hv, struct hash_bucket *bucket)
Handles a packet if no existing session exists for this incoming packet.
Definition mudp.c:205
static bool do_pre_decrypt_check(struct multi_context *m, struct tls_pre_decrypt_state *state, struct mroute_addr addr, struct link_socket *sock)
Definition mudp.c:79
static void send_hmac_reset_packet(struct multi_context *m, struct tls_pre_decrypt_state *state, struct tls_auth_standalone *tas, struct session_id *sid, bool request_resend_wkc, struct link_socket *sock)
Definition mudp.c:41
static void multi_process_outgoing_link(struct multi_context *m, const unsigned int mpp_flags)
Definition mudp.c:352
void multi_process_io_udp(struct multi_context *m, struct link_socket *sock, unsigned int rwflags)
Definition mudp.c:365
struct multi_instance * multi_create_instance(struct multi_context *m, const struct mroute_addr *real, struct link_socket *sock)
Definition multi.c:702
void ungenerate_prefix(struct multi_instance *mi)
Definition multi.c:465
void multi_assign_peer_id(struct multi_context *m, struct multi_instance *mi)
Assigns a peer-id to a a client and adds the instance to the the instances array of the multi_context...
Definition multi.c:4081
Header file for server-mode related structures and functions.
#define MPP_CLOSE_ON_SIGNAL
Definition multi.h:270
static struct multi_instance * multi_process_outgoing_link_pre(struct multi_context *m)
Definition multi.h:409
#define MPP_PRE_SELECT
Definition multi.h:269
static bool multi_process_outgoing_link_dowork(struct multi_context *m, struct multi_instance *mi, const unsigned int mpp_flags)
Definition multi.h:657
static bool check_debug_level(msglvl_t level)
Definition error.h:251
static void msg_set_prefix(const char *prefix)
Definition error.h:330
#define dmsg(flags,...)
Definition error.h:172
#define msg(flags,...)
Definition error.h:152
#define ASSERT(x)
Definition error.h:219
#define MAX_PEER_ID
Definition openvpn.h:550
bool frequency_limit_event_allowed(struct frequency_limit *f)
Definition otime.c:158
bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_form)
Definition packet_id.c:319
static void reset_packet_id_send(struct packet_id_send *p)
Reset the current send packet id to its initial state.
Definition packet_id.h:312
void reflect_filter_rate_limit_decrease(struct initial_packet_rate_limit *irl)
decreases the counter of initial packets seen, so connections that successfully completed the three-w...
bool reflect_filter_rate_limit_check(struct initial_packet_rate_limit *irl)
checks if the connection is still allowed to connect under the rate limit.
static bool session_id_defined(const struct session_id *sid1)
Definition session_id.h:53
#define SID_SIZE
Definition session_id.h:44
#define IS_SIG(c)
Definition sig.h:47
const char * print_link_socket_actual(const struct link_socket_actual *act, struct gc_arena *gc)
static bool link_socket_actual_match(const struct link_socket_actual *a1, const struct link_socket_actual *a2)
bool session_skip_to_pre_start(struct tls_session *session, struct tls_pre_decrypt_state *state, struct link_socket_actual *from)
Definition ssl.c:2498
struct session_id calculate_session_id_hmac(struct session_id client_sid, const struct openvpn_sockaddr *from, hmac_ctx_t *hmac, int handwindow, int offset)
Calculates the HMAC based server session id based on a client session id and socket addr.
Definition ssl_pkt.c:460
void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state)
Definition ssl_pkt.c:272
bool check_session_hmac_and_pkt_id(struct tls_pre_decrypt_state *state, const struct openvpn_sockaddr *from, hmac_ctx_t *hmac, int handwindow, bool pkt_is_ack)
Checks if a control packet has a correct HMAC server session id.
Definition ssl_pkt.c:500
struct buffer tls_reset_standalone(struct tls_wrap_ctx *ctx, struct tls_auth_standalone *tas, struct session_id *own_sid, struct session_id *remote_sid, uint8_t header, bool request_resend_wkc)
This function creates a reset packet using the information from the tls pre decrypt state.
Definition ssl_pkt.c:404
SSL control channel wrap/unwrap and decode functions.
#define P_DATA_V2
Definition ssl_pkt.h:48
#define P_OPCODE_SHIFT
Definition ssl_pkt.h:39
static const char * packet_opcode_name(int op)
Definition ssl_pkt.h:239
#define EARLY_NEG_MASK
Definition ssl_pkt.h:312
#define P_CONTROL_HARD_RESET_SERVER_V2
Definition ssl_pkt.h:52
first_packet_verdict
Definition ssl_pkt.h:85
@ VERDICT_VALID_ACK_V1
This packet is a valid ACK control packet from the peer, i.e.
Definition ssl_pkt.h:94
@ VERDICT_VALID_WKC_V1
The packet is a valid control packet with appended wrapped client key.
Definition ssl_pkt.h:96
@ VERDICT_VALID_RESET_V2
This packet is a valid reset packet from the peer (all but tls-crypt-v2)
Definition ssl_pkt.h:87
@ VERDICT_VALID_RESET_V3
This is a valid v3 reset (tls-crypt-v2)
Definition ssl_pkt.h:89
@ VERDICT_VALID_CONTROL_V1
This packet is a valid control packet from the peer.
Definition ssl_pkt.h:91
#define EARLY_NEG_START
Definition ssl_pkt.h:313
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
int offset
Offset in bytes of the actual content within the allocated memory.
Definition buffer.h:63
hmac_ctx_t * session_id_hmac
the HMAC we use to generate and verify our syn cookie like session ids from the server.
Definition openvpn.h:338
struct tls_auth_standalone * tls_auth_standalone
TLS state structure required for the initial authentication of a client's connection attempt.
Definition openvpn.h:326
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
Definition openvpn.h:323
struct link_socket_actual from
Definition openvpn.h:245
struct buffer to_link
Definition openvpn.h:377
struct link_socket ** link_sockets
Definition openvpn.h:237
struct link_socket_actual * to_link_addr
Definition openvpn.h:244
struct buffer buf
Definition openvpn.h:375
struct context_buffers * buffers
Definition openvpn.h:367
struct buffer aux_buf
Definition openvpn.h:97
Contains all state information for one tunnel.
Definition openvpn.h:471
struct context_2 c2
Level 2 context.
Definition openvpn.h:514
struct options options
Options loaded from command line or configuration file.
Definition openvpn.h:472
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition crypto.h:386
struct packet_id packet_id
Current packet ID state for both sending and receiving directions.
Definition crypto.h:333
int signal_received
Definition multi.h:62
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
void * value
Definition list.h:41
Definition list.h:53
uint8_t proto
Definition mroute.h:84
Main OpenVPN server state structure.
Definition multi.h:162
struct initial_packet_rate_limit * initial_rate_limiter
Definition multi.h:180
struct deferred_signal_schedule_entry deferred_shutdown_signal
Definition multi.h:214
struct hash * hash
VPN tunnel instances indexed by real address of the remote peer.
Definition multi.h:169
struct frequency_limit * new_connection_limiter
Definition multi.h:179
struct context top
Storage structure for process-wide configuration.
Definition multi.h:201
struct multi_instance ** instances
Array of multi_instances with the size of max_clients.
Definition multi.h:163
Server-mode state structure for one single VPN tunnel.
Definition multi.h:102
struct mroute_addr real
External network address of the remote peer.
Definition multi.h:121
bool did_real_hash
Definition multi.h:134
struct context context
The context structure storing state for this VPN tunnel.
Definition multi.h:142
int handshake_window
Definition options.h:649
Data structure for describing the packet id that is received/send to the network.
Definition packet_id.h:191
struct packet_id_send send
Definition packet_id.h:200
struct packet_id_rec rec
Definition packet_id.h:201
struct tls_wrap_ctx tls_wrap
Definition ssl_pkt.h:79
struct tls_session session[TM_SIZE]
Array of tls_session objects representing control channel sessions with the remote peer.
Definition ssl_common.h:711
int n_sessions
Number of sessions negotiated thus far.
Definition ssl_common.h:630
struct that stores the temporary data for the tls lite decrypt functions
Definition ssl_pkt.h:106
struct session_id peer_session_id
Definition ssl_pkt.h:109
struct session_id server_session_id
Definition ssl_pkt.h:110
struct tls_wrap_ctx tls_wrap_tmp
Definition ssl_pkt.h:107
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:489
struct crypto_options opt
Crypto state.
Definition ssl_common.h:283
struct gc_arena gc
Definition test_ssl.c:133