OpenVPN
occ.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, see <https://www.gnu.org/licenses/>.
21 */
22
23#ifndef OCC_H
24#define OCC_H
25
26#include "forward.h"
27
28/* OCC_STRING_SIZE must be set to sizeof (occ_magic) */
29#define OCC_STRING_SIZE 16
30
31/*
32 * OCC (OpenVPN Configuration Control) protocol opcodes.
33 */
34
35#define OCC_REQUEST 0 /* request options string from peer */
36#define OCC_REPLY 1 /* deliver options string to peer */
37
38/*
39 * Send an OCC_REQUEST once every OCC_INTERVAL
40 * seconds until a reply is received.
41 *
42 * If we haven't received a reply after
43 * OCC_N_TRIES, give up.
44 */
45#define OCC_INTERVAL_SECONDS 10
46#define OCC_N_TRIES 12
47
48/*
49 * Other OCC protocol opcodes used to estimate the MTU empirically.
50 */
51#define OCC_MTU_LOAD_REQUEST 2 /* Ask peer to send a big packet to us */
52#define OCC_MTU_LOAD 3 /* Send a big packet to peer */
53#define OCC_MTU_REQUEST \
54 4 /* Ask peer to tell us the largest \
55 * packet it has received from us so far */
56#define OCC_MTU_REPLY 5 /* Send largest packet size to peer */
57
58/*
59 * Process one command from mtu_load_test_sequence
60 * once every n seconds, if --mtu-test is specified.
61 */
62#define OCC_MTU_LOAD_INTERVAL_SECONDS 3
63
64/*
65 * Send an exit message to remote.
66 */
67#define OCC_EXIT 6
68
69/*
70 * Used to conduct a load test command sequence
71 * of UDP connection for empirical MTU measurement.
72 */
73struct mtu_load_test
75 int op; /* OCC opcode to send to peer */
76 int delta; /* determine packet size to send by using
77 * this delta against currently
78 * configured MTU */
79};
80
81extern const uint8_t occ_magic[];
82
83static inline bool
84is_occ_msg(const struct buffer *buf)
85{
87}
88
89void process_received_occ_msg(struct context *c);
90
92
94
96
97/*
98 * Inline functions
99 */
100
101static inline int
102occ_reset_op(void)
103{
104 return -1;
105}
106
107/*
108 * Should we send an OCC_REQUEST message?
109 */
110static inline void
112{
115 (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0))
116 {
118 }
119}
120
121/*
122 * Should we send an MTU load test?
123 */
133}
134
135/*
136 * Should we send an OCC message?
137 */
138static inline void
140{
141 if (c->c2.occ_op >= 0)
142 {
143 if (!TO_LINK_DEF(c))
144 {
146 }
147 else
148 {
149 tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */
150 }
151 }
152}
153
158static inline bool
160{
161 /* Check if we have TLS active at all */
162 if (!c->c2.tls_multi)
163 {
164 return false;
165 }
166
167 const struct key_state *ks = get_primary_key(c->c2.tls_multi);
169}
170#endif /* ifndef OCC_H */
static bool buf_string_match_head(const struct buffer *src, const void *match, int size)
Compare first size bytes of src buffer contents with match.
Definition buffer.h:845
#define CO_USE_CC_EXIT_NOTIFY
Bit-flag indicating that explicit exit notifies should be sent via the control channel instead of usi...
Definition crypto.h:369
Interface functions to the internal and external multiplexers.
#define TO_LINK_DEF(c)
Definition forward.h:47
bool event_timeout_trigger(struct event_timeout *et, struct timeval *tv, const int et_const_retry)
This is the principal function for testing and triggering recurring timers.
Definition interval.c:42
#define ETT_DEFAULT
Definition interval.h:222
static bool event_timeout_defined(const struct event_timeout *et)
Definition interval.h:142
static void check_send_occ_msg(struct context *c)
Definition occ.h:138
void process_received_occ_msg(struct context *c)
Definition occ.c:351
static bool is_occ_msg(const struct buffer *buf)
Definition occ.h:83
void check_send_occ_req_dowork(struct context *c)
Definition occ.c:144
static int occ_reset_op(void)
Definition occ.h:101
static void check_send_occ_req(struct context *c)
Definition occ.h:110
void check_send_occ_msg_dowork(struct context *c)
Definition occ.c:212
const uint8_t occ_magic[]
Definition occ.c:54
#define OCC_STRING_SIZE
Definition occ.h:29
void check_send_occ_load_test_dowork(struct context *c)
Definition occ.c:178
static bool cc_exit_notify_enabled(struct context *c)
Small helper function to determine if we should send the exit notification via control channel.
Definition occ.h:158
static void check_send_occ_load_test(struct context *c)
Definition occ.h:124
static void tv_clear(struct timeval *tv)
Definition otime.h:100
static const struct key_state * get_primary_key(const struct tls_multi *multi)
gets an item of key_state objects in the order they should be scanned by data channel modules.
Definition ssl_common.h:756
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
struct event_timeout occ_mtu_load_test_interval
Definition openvpn.h:317
int occ_op
Definition openvpn.h:299
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
Definition openvpn.h:323
struct event_timeout occ_interval
Definition openvpn.h:301
struct timeval timeval
Time to next event of timers and similar.
Definition openvpn.h:396
Contains all state information for one tunnel.
Definition openvpn.h:474
struct context_2 c2
Level 2 context.
Definition openvpn.h:517
unsigned int flags
Bit-flags determining behavior of security operation functions.
Definition crypto.h:384
Security parameter state of one TLS and data channel key session.
Definition ssl_common.h:208
struct crypto_options crypto_options
Definition ssl_common.h:237
int delta
Definition occ.h:75
int op
Definition occ.h:74