multi.h

Go to the documentation of this file.

/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, see <https://www.gnu.org/licenses/>.
 */
 
#ifndef MULTI_H
#define MULTI_H
 
#include "init.h"
#include "forward.h"
#include "mroute.h"
#include "mbuf.h"
#include "list.h"
#include "schedule.h"
#include "pool.h"
#include "mudp.h"
#include "mtcp.h"
#include "multi_io.h"
#include "vlan.h"
#include "reflect_filter.h"
 
#define MULTI_PREFIX_MAX_LENGTH 256
 
/*
 * Walk (don't run) through the routing table,
 * deleting old entries, and possibly multi_instance
 * structs as well which have been marked for deletion.
 */
struct multi_reap
{
    uint32_t bucket_base;
    uint32_t buckets_per_pass;
    time_t last_call;
};
 
 
struct deferred_signal_schedule_entry
{
    struct schedule_entry se;
    int signal_received;
    struct timeval wakeup;
};
 
struct client_connect_defer_state
{
    /* Index of currently executed handler.  */
    int cur_handler_index;
    /* Remember which option classes where processed for delayed option
     * handling. */
    unsigned int option_types_found;
 
    char *deferred_ret_file;
 
    char *config_file;
};
 
struct multi_instance
{
    struct schedule_entry se; /* this must be the first element of the structure,
                               * We cast between this and schedule_entry so the
                               * beginning of the struct must be identical */
 
    struct event_arg ev_arg;  
    struct gc_arena gc;
    bool halt;
    int refcount;
    int route_count;         /* number of routes (including cached routes) owned by this instance */
    time_t created;          
    struct timeval wakeup;   /* absolute time */
    struct mroute_addr real; 
    ifconfig_pool_handle vaddr_handle;
    char msg_prefix[MULTI_PREFIX_MAX_LENGTH];
 
    /* queued outgoing data in Server/TCP mode */
    unsigned int tcp_rwflags;
    struct mbuf_set *tcp_link_out_deferred;
    bool socket_set_called;
 
    in_addr_t reporting_addr;            /* IP address shown in status listing */
    struct in6_addr reporting_addr_ipv6; /* IPv6 address in status listing */
 
    bool did_real_hash;
    bool did_iter;
#ifdef ENABLE_MANAGEMENT
    bool did_cid_hash;
    struct buffer_list *cc_config;
#endif
    bool did_iroutes;
    int n_clients_delta;    /* added to multi_context.n_clients when instance is closed */
 
    struct context context; 
    struct client_connect_defer_state client_connect_defer_state;
#ifdef ENABLE_ASYNC_PUSH
    int inotify_watch; /* watch descriptor for acf */
#endif
};
 
 
struct multi_context
{
    struct multi_instance **instances; 
    struct hash *hash;                 
    struct hash *vhash;                
    struct hash *iter;                 
    struct schedule *schedule;
    struct mbuf_set *mbuf;             
    struct multi_io *multi_io;         
    struct ifconfig_pool *ifconfig_pool;
    struct frequency_limit *new_connection_limiter;
    struct initial_packet_rate_limit *initial_rate_limiter;
    struct mroute_helper *route_helper;
    struct multi_reap *reaper;
    struct mroute_addr local;
    bool enable_c2c;
    int max_clients;
    int tcp_queue_limit;
    int status_file_version;
    int n_clients; /* current number of authenticated clients */
 
#ifdef ENABLE_MANAGEMENT
    struct hash *cid_hash;
    unsigned long cid_counter;
#endif
 
    struct multi_instance *pending;
    struct multi_instance *earliest_wakeup;
    struct multi_instance **mpp_touched;
    struct context_buffers *context_buffers;
    time_t per_second_trigger;
 
    struct context top; 
    struct buffer hmac_reply;
    struct link_socket_actual *hmac_reply_dest;
    struct link_socket *hmac_reply_ls;
 
    /*
     * Timer object for stale route check
     */
    struct event_timeout stale_routes_check_et;
 
#ifdef ENABLE_ASYNC_PUSH
    /* mapping between inotify watch descriptors and multi_instances */
    struct hash *inotify_watchers;
#endif
 
    struct deferred_signal_schedule_entry deferred_shutdown_signal;
};
 
enum client_connect_return
{
    CC_RET_FAILED,
    CC_RET_SUCCEEDED,
    CC_RET_DEFERRED,
    CC_RET_SKIPPED
};
 
/*
 * Host route
 */
struct multi_route
{
    struct mroute_addr addr;
    struct multi_instance *instance;
 
#define MULTI_ROUTE_CACHE   (1 << 0)
#define MULTI_ROUTE_AGEABLE (1 << 1)
    unsigned int flags;
 
    unsigned int cache_generation;
    time_t last_reference;
};
 
 
/**************************************************************************/
void tunnel_server(struct context *top);
 
 
const char *multi_instance_string(const struct multi_instance *mi, bool null, struct gc_arena *gc);
 
/*
 * Called by mtcp.c, mudp.c, or other (to be written) protocol drivers
 */
 
struct multi_instance *multi_create_instance(struct multi_context *m,
                                             const struct mroute_addr *real,
                                             struct link_socket *sock);
 
void multi_close_instance(struct multi_context *m, struct multi_instance *mi, bool shutdown);
 
bool multi_process_timeout(struct multi_context *m, const unsigned int mpp_flags);
 
#define MPP_PRE_SELECT      (1 << 0)
#define MPP_CLOSE_ON_SIGNAL (1 << 1)
#define MPP_RECORD_TOUCH    (1 << 2)
 
 
/**************************************************************************/
bool multi_process_post(struct multi_context *m, struct multi_instance *mi,
                        const unsigned int flags);
 
void multi_process_incoming_dco(dco_context_t *dco);
 
/**************************************************************************/
bool multi_process_incoming_link(struct multi_context *m, struct multi_instance *instance,
                                 const unsigned int mpp_flags, struct link_socket *sock);
 
 
bool multi_process_incoming_tun(struct multi_context *m, const unsigned int mpp_flags);
 
 
void multi_process_drop_outgoing_tun(struct multi_context *m, const unsigned int mpp_flags);
 
struct multi_instance *multi_get_queue(struct mbuf_set *ms);
 
void multi_add_mbuf(struct multi_context *m, struct multi_instance *mi, struct mbuf_buffer *mb);
 
void multi_ifconfig_pool_persist(struct multi_context *m, bool force);
 
bool multi_process_signal(struct multi_context *m);
 
void multi_close_instance_on_signal(struct multi_context *m, struct multi_instance *mi);
 
void init_management_callback_multi(struct multi_context *m);
 
#ifdef ENABLE_ASYNC_PUSH
void multi_process_file_closed(struct multi_context *m, const unsigned int mpp_flags);
 
#endif
 
/*
 * Return true if our output queue is not full
 */
static inline bool
multi_output_queue_ready(const struct multi_context *m, const struct multi_instance *mi)
{
    if (mi->tcp_link_out_deferred)
    {
        return mbuf_len(mi->tcp_link_out_deferred) <= m->tcp_queue_limit;
    }
    else
    {
        return true;
    }
}
 
/*
 * Determine which instance has pending output
 * and prepare the output for sending in
 * the to_link buffer.
 */
static inline struct multi_instance *
multi_process_outgoing_link_pre(struct multi_context *m)
{
    struct multi_instance *mi = NULL;
 
    if (m->pending)
    {
        mi = m->pending;
    }
    else if (mbuf_defined(m->mbuf))
    {
        mi = multi_get_queue(m->mbuf);
    }
    return mi;
}
 
/*
 * Per-client route quota management
 */
 
void route_quota_exceeded(const struct multi_instance *mi);
 
static inline void
route_quota_inc(struct multi_instance *mi)
{
    ++mi->route_count;
}
 
static inline void
route_quota_dec(struct multi_instance *mi)
{
    --mi->route_count;
}
 
/* can we add a new route? */
static inline bool
route_quota_test(const struct multi_instance *mi)
{
    if (mi->route_count >= mi->context.options.max_routes_per_client)
    {
        route_quota_exceeded(mi);
        return false;
    }
    else
    {
        return true;
    }
}
 
/*
 * Instance reference counting
 */
 
static inline void
multi_instance_inc_refcount(struct multi_instance *mi)
{
    ++mi->refcount;
}
 
static inline void
multi_instance_dec_refcount(struct multi_instance *mi)
{
    if (--mi->refcount <= 0)
    {
        gc_free(&mi->gc);
        free(mi);
    }
}
 
static inline void
multi_route_del(struct multi_route *route)
{
    struct multi_instance *mi = route->instance;
    route_quota_dec(mi);
    multi_instance_dec_refcount(mi);
    free(route);
}
 
static inline bool
multi_route_defined(const struct multi_context *m, const struct multi_route *r)
{
    if (r->instance->halt)
    {
        return false;
    }
    else if ((r->flags & MULTI_ROUTE_CACHE)
             && r->cache_generation != m->route_helper->cache_generation)
    {
        return false;
    }
    else if ((r->flags & MULTI_ROUTE_AGEABLE)
             && r->last_reference + m->route_helper->ageable_ttl_secs < now)
    {
        return false;
    }
    else
    {
        return true;
    }
}
 
/*
 * Takes prefix away from multi_instance.
 */
void ungenerate_prefix(struct multi_instance *mi);
 
/*
 * Set a msg() function prefix with our current client instance ID.
 */
 
static inline void
set_prefix(struct multi_instance *mi)
{
#ifdef MULTI_DEBUG_EVENT_LOOP
    if (mi->msg_prefix[0])
    {
        printf("[%s]\n", mi->msg_prefix);
    }
#endif
    msg_set_prefix(mi->msg_prefix[0] ? mi->msg_prefix : NULL);
}
 
static inline void
clear_prefix(void)
{
#ifdef MULTI_DEBUG_EVENT_LOOP
    printf("[NULL]\n");
#endif
    msg_set_prefix(NULL);
}
 
/*
 * Instance Reaper
 *
 * Reaper constants.  The reaper is the process where the virtual address
 * and virtual route hash table is scanned for dead entries which are
 * then removed.  The hash table could potentially be quite large, so we
 * don't want to reap in a single pass.
 */
 
#define REAP_MAX_WAKEUP 10   /* Do reap pass at least once per n seconds */
#define REAP_DIVISOR    256  /* How many passes to cover whole hash table */
#define REAP_MIN        16   /* Minimum number of buckets per pass */
#define REAP_MAX        1024 /* Maximum number of buckets per pass */
 
/*
 * Mark a cached host route for deletion after this
 * many seconds without any references.
 */
#define MULTI_CACHE_ROUTE_TTL 60
 
void multi_reap_process_dowork(const struct multi_context *m);
 
void multi_process_per_second_timers_dowork(struct multi_context *m);
 
static inline void
multi_reap_process(const struct multi_context *m)
{
    if (m->reaper->last_call != now)
    {
        multi_reap_process_dowork(m);
    }
}
 
static inline void
multi_process_per_second_timers(struct multi_context *m)
{
    if (m->per_second_trigger != now)
    {
        multi_process_per_second_timers_dowork(m);
        m->per_second_trigger = now;
    }
}
 
/*
 * Updates \c dest with the earliest timeout as a delta relative to the current
 * time and sets \c m->earliest_wakeup to the \c multi_instance with the
 * soonest scheduled wakeup.
 *
 * @param m     Pointer to the multi context
 * @param dest  Pointer to a timeval struct that will hold the earliest timeout
 *              delta.
 */
static inline void
multi_get_timeout_instance(struct multi_context *m, struct timeval *dest)
{
    struct timeval tv, current;
 
    CLEAR(tv);
    m->earliest_wakeup = (struct multi_instance *)schedule_get_earliest_wakeup(m->schedule, &tv);
    if (m->earliest_wakeup)
    {
        ASSERT(!openvpn_gettimeofday(&current, NULL));
        tv_delta(dest, &current, &tv);
        if (dest->tv_sec >= REAP_MAX_WAKEUP)
        {
            m->earliest_wakeup = NULL;
            dest->tv_sec = REAP_MAX_WAKEUP;
            dest->tv_usec = 0;
        }
    }
    else
    {
        dest->tv_sec = REAP_MAX_WAKEUP;
        dest->tv_usec = 0;
    }
}
 
 
static inline bool
multi_process_outgoing_tun(struct multi_context *m, const unsigned int mpp_flags)
{
    struct multi_instance *mi = m->pending;
    bool ret = true;
 
    ASSERT(mi);
#ifdef MULTI_DEBUG_EVENT_LOOP
    printf("%s -> TUN len=%d\n", id(mi), mi->context.c2.to_tun.len);
#endif
    set_prefix(mi);
    vlan_process_outgoing_tun(m, mi);
    process_outgoing_tun(&mi->context, mi->context.c2.link_sockets[0]);
    ret = multi_process_post(m, mi, mpp_flags);
    clear_prefix();
    return ret;
}
 
#define CLIENT_CONNECT_OPT_MASK                                                            \
    (OPT_P_INSTANCE | OPT_P_INHERIT | OPT_P_PUSH | OPT_P_TIMER | OPT_P_CONFIG | OPT_P_ECHO \
     | OPT_P_COMP | OPT_P_SOCKFLAGS)
 
static inline bool
multi_process_outgoing_link_dowork(struct multi_context *m, struct multi_instance *mi,
                                   const unsigned int mpp_flags)
{
    bool ret = true;
    set_prefix(mi);
    process_outgoing_link(&mi->context, mi->context.c2.link_sockets[0]);
    ret = multi_process_post(m, mi, mpp_flags);
    clear_prefix();
    return ret;
}
 
bool
multi_check_push_ifconfig_extra_route(struct multi_instance *mi, in_addr_t dest);
 
bool
multi_check_push_ifconfig_ipv6_extra_route(struct multi_instance *mi,
                                           struct in6_addr *dest);
 
/*
 * Check for signals.
 */
#define MULTI_CHECK_SIG(m) EVENT_LOOP_CHECK_SIGNAL(&(m)->top, multi_process_signal, (m))
 
static inline void
multi_set_pending(struct multi_context *m, struct multi_instance *mi)
{
    m->pending = mi;
}
void multi_assign_peer_id(struct multi_context *m, struct multi_instance *mi);
 
#ifdef ENABLE_MANAGEMENT
struct multi_instance *
lookup_by_cid(struct multi_context *m, const unsigned long cid);
#endif
 
void
update_vhash(struct multi_context *m, struct multi_instance *mi, const char *new_ip, const char *new_ipv6);
void unlearn_ifconfig(struct multi_context *m, struct multi_instance *mi);
void unlearn_ifconfig_ipv6(struct multi_context *m, struct multi_instance *mi);
 
#endif /* MULTI_H */