OpenVPN 3 Core Library
Loading...
Searching...
No Matches
tcpcli.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// TCP transport object specialized for client.
13
14#ifndef OPENVPN_TRANSPORT_CLIENT_TCPCLI_H
15#define OPENVPN_TRANSPORT_CLIENT_TCPCLI_H
16
17#include <sstream>
18
19#include <openvpn/io/io.hpp>
20
21#include <openvpn/transport/tcplink.hpp>
22#ifdef OPENVPN_TLS_LINK
23#include <openvpn/transport/tlslink.hpp>
24#endif
25#include <openvpn/transport/client/transbase.hpp>
26#include <openvpn/transport/socket_protect.hpp>
27#include <openvpn/client/remotelist.hpp>
28
29namespace openvpn::TCPTransport {
30
31class ClientConfig : public TransportClientFactory
32{
33 public:
34 using Ptr = RCPtr<ClientConfig>;
35
36 RemoteList::Ptr remote_list;
37 size_t free_list_max_size;
38 Frame::Ptr frame;
39 SessionStats::Ptr stats;
40
41 SocketProtect *socket_protect;
42
43#ifdef OPENVPN_TLS_LINK
44 bool use_tls = false;
45 std::string tls_ca;
46#endif
47
48#ifdef OPENVPN_GREMLIN
49 Gremlin::Config::Ptr gremlin_config;
50#endif
51
52 static Ptr new_obj()
53 {
54 return new ClientConfig;
55 }
56
57 TransportClient::Ptr new_transport_client_obj(openvpn_io::io_context &io_context,
58 TransportClientParent *parent) override;
59
60 void process_push(const OptionList &opt) override
61 {
62 remote_list->process_push(opt);
63 }
64
65 private:
66 ClientConfig()
67 : free_list_max_size(8),
68 socket_protect(nullptr)
69 {
70 }
71};
72
73class Client : public TransportClient, AsyncResolvableTCP
74{
75 using Ptr = RCPtr<Client>;
76
77 using LinkImpl = TCPLink<openvpn_io::ip::tcp, Client *, false>;
78#ifdef OPENVPN_TLS_LINK
79 typedef TLSLink<openvpn_io::ip::tcp, Client *, false> LinkImplTLS;
80#endif
81
82 friend class ClientConfig; // calls constructor
83 friend LinkImpl::Base; // calls tcp_read_handler
84
85 public:
86 void transport_start() override
87 {
88 if (!impl)
89 {
90 halt = false;
91 stop_requeueing = false;
92 if (config->remote_list->endpoint_available(&server_host,
93 &server_port,
94 &server_protocol))
95 {
96 start_connect_();
97 }
98 else
99 {
100 parent->transport_pre_resolve();
101
102 async_resolve_name(server_host, server_port);
103 }
104 }
105 }
106
107 bool transport_send_const(const Buffer &buf) override
108 {
109 return send_const(buf);
110 }
111
112 bool transport_send(BufferAllocated &buf) override
113 {
114 return send(buf);
115 }
116
117 bool transport_send_queue_empty() override
118 {
119 if (impl)
120 return impl->send_queue_empty();
121 return false;
122 }
123
124 bool transport_has_send_queue() override
125 {
126 return true;
127 }
128
129 size_t transport_send_queue_size() override
130 {
131 if (impl)
132 return impl->send_queue_size();
133 return 0;
134 }
135
136 void reset_align_adjust(const size_t align_adjust) override
137 {
138 if (impl)
139 impl->reset_align_adjust(align_adjust);
140 }
141
142 void server_endpoint_info(std::string &host, std::string &port, std::string &proto, std::string &ip_addr) const override
143 {
144 host = server_host;
145 port = server_port;
146 const IP::Addr addr = server_endpoint_addr();
147 proto = server_protocol.str();
148 ip_addr = addr.to_string();
149 }
150
151 IP::Addr server_endpoint_addr() const override
152 {
153 return IP::Addr::from_asio(server_endpoint.address());
154 }
155
156 unsigned short server_endpoint_port() const override
157 {
158 return server_endpoint.port();
159 }
160
161 openvpn_io::detail::socket_type native_handle() override
162 {
163 return socket.native_handle();
164 }
165
166 Protocol transport_protocol() const override
167 {
168 return server_protocol;
169 }
170
171 void stop() override
172 {
173 stop_();
174 }
175 ~Client() override
176 {
177 stop_();
178 }
179
180 private:
181 Client(openvpn_io::io_context &io_context_arg,
182 ClientConfig *config_arg,
183 TransportClientParent *parent_arg)
184 : AsyncResolvableTCP(io_context_arg),
185 io_context(io_context_arg),
186 socket(io_context_arg),
187 config(config_arg),
188 parent(parent_arg),
189 resolver(io_context_arg),
190 halt(false),
191 stop_requeueing(false)
192 {
193 }
194
195 void transport_reparent(TransportClientParent *parent_arg) override
196 {
197 parent = parent_arg;
198 }
199
200 void transport_stop_requeueing() override
201 {
202 stop_requeueing = true;
203 }
204
205 bool send_const(const Buffer &cbuf)
206 {
207 if (impl)
208 {
209 BufferAllocated buf(cbuf);
210 return impl->send(buf);
211 }
212 return false;
213 }
214
215 bool send(BufferAllocated &buf)
216 {
217 if (impl)
218 return impl->send(buf);
219 return false;
220 }
221
222 void tcp_eof_handler() // called by LinkImpl::Base
223 {
224 config->stats->error(Error::NETWORK_EOF_ERROR);
225 tcp_error_handler("NETWORK_EOF_ERROR");
226 }
227
228 bool tcp_read_handler(BufferAllocated &buf) // called by LinkImpl::Base
229 {
230 parent->transport_recv(buf);
231 return !stop_requeueing;
232 }
233
234 void tcp_write_queue_needs_send() // called by LinkImpl::Base
235 {
236 parent->transport_needs_send();
237 }
238
239 void tcp_error_handler(const char *error) // called by LinkImpl::Base
240 {
241 std::ostringstream os;
242 os << "Transport error on '" << server_host << ": " << error;
243 stop();
244 parent->transport_error(Error::TRANSPORT_ERROR, os.str());
245 }
246
247 void stop_()
248 {
249 if (!halt)
250 {
251 halt = true;
252 if (impl)
253 impl->stop();
254
255 socket.close();
256 resolver.cancel();
257 async_resolve_cancel();
258 }
259 }
260
261 // do DNS resolve
262 void resolve_callback(const openvpn_io::error_code &error,
263 results_type results) override
264 {
265 if (!halt)
266 {
267 if (!error)
268 {
269 // save resolved endpoint list in remote_list
270 config->remote_list->set_endpoint_range(results);
271 start_connect_();
272 }
273 else
274 {
275 std::ostringstream os;
276 os << "DNS resolve error on '" << server_host << "' for " << server_protocol.str() << " session: " << error.message();
277 config->stats->error(Error::RESOLVE_ERROR);
278 stop();
279 parent->transport_error(Error::UNDEF, os.str());
280 }
281 }
282 }
283
284 // do TCP connect
285 void start_connect_()
286 {
287 config->remote_list->get_endpoint(server_endpoint);
288 OPENVPN_LOG("Contacting " << server_endpoint << " via "
289 << server_protocol.str());
290 parent->transport_wait();
291 socket.open(server_endpoint.protocol());
292
293 if (config->socket_protect)
294 {
295 if (!config->socket_protect->socket_protect(socket.native_handle(), server_endpoint_addr()))
296 {
297 config->stats->error(Error::SOCKET_PROTECT_ERROR);
298 stop();
299 parent->transport_error(Error::UNDEF, "socket_protect error (" + std::string(server_protocol.str()) + ")");
300 return;
301 }
302 }
303
304 socket.set_option(openvpn_io::ip::tcp::no_delay(true));
305 socket.async_connect(server_endpoint, [self = Ptr(this)](const openvpn_io::error_code &error)
306 {
307 OPENVPN_ASYNC_HANDLER;
308 self->start_impl_(error); });
309 }
310
311 // start I/O on TCP socket
312 void start_impl_(const openvpn_io::error_code &error)
313 {
314 if (!halt)
315 {
316 if (!error)
317 {
318#ifdef OPENVPN_TLS_LINK
319 if (config->use_tls)
320 {
321 int flags = SSLConst::LOG_VERIFY_STATUS | SSLConst::ENABLE_CLIENT_SNI;
322 SSLLib::SSLAPI::Config::Ptr ssl_conf;
323 ssl_conf.reset(new SSLLib::SSLAPI::Config());
324 ssl_conf->set_mode(Mode(Mode::CLIENT));
325 ssl_conf->set_local_cert_enabled(false);
326 ssl_conf->set_frame(config->frame);
327 ssl_conf->set_rng(new SSLLib::RandomAPI());
328
329 if (!config->tls_ca.empty())
330 {
331 ssl_conf->load_ca(config->tls_ca, true);
332 }
333 else
334 {
335 flags |= SSLConst::NO_VERIFY_PEER;
336 }
337
338 ssl_conf->set_flags(flags);
339 ssl_factory = ssl_conf->new_factory();
340
341 impl.reset(new LinkImplTLS(this,
342 io_context,
343 socket,
344 0,
345 config->free_list_max_size,
346 config->frame,
347 config->stats,
348 ssl_factory));
349 }
350 else
351#endif
352 impl.reset(new LinkImpl(this,
353 socket,
354 0, // send_queue_max_size is unlimited because we regulate size in cliproto.hpp
355 config->free_list_max_size,
356 (*config->frame)[Frame::READ_LINK_TCP],
357 config->stats));
358
359#ifdef OPENVPN_GREMLIN
360 impl->gremlin_config(config->gremlin_config);
361#endif
362 impl->start();
363 if (!parent->transport_is_openvpn_protocol())
364 impl->set_raw_mode(true);
365 parent->transport_connecting();
366 }
367 else
368 {
369 std::ostringstream os;
370 os << server_protocol.str() << " connect error on '" << server_host << ':' << server_port << "' (" << server_endpoint << "): " << error.message();
371 config->stats->error(Error::TCP_CONNECT_ERROR);
372 stop();
373 parent->transport_error(Error::UNDEF, os.str());
374 }
375 }
376 }
377
378 std::string server_host;
379 std::string server_port;
380 Protocol server_protocol;
381
382 openvpn_io::io_context &io_context;
383 openvpn_io::ip::tcp::socket socket;
384 ClientConfig::Ptr config;
385 TransportClientParent *parent;
386 LinkBase::Ptr impl;
387 openvpn_io::ip::tcp::resolver resolver;
388 LinkImpl::Base::protocol::endpoint server_endpoint;
389 bool halt;
390 bool stop_requeueing;
391
392#ifdef OPENVPN_TLS_LINK
393 SSLFactoryAPI::Ptr ssl_factory;
394#endif
395};
396
397inline TransportClient::Ptr ClientConfig::new_transport_client_obj(openvpn_io::io_context &io_context,
398 TransportClientParent *parent)
399{
400 return TransportClient::Ptr(new Client(io_context, this, parent));
401}
402} // namespace openvpn::TCPTransport
403
404#endif
OPENVPN_ASYNC_HANDLER
#define OPENVPN_ASYNC_HANDLER
Definition bigmutex.hpp:36
openvpn::AsyncResolvable::results_type
typename RESOLVER_TYPE::results_type results_type
Definition asio.hpp:97
openvpn::AsyncResolvable::async_resolve_name
virtual void async_resolve_name(const std::string &host, const std::string &port)
Definition asio.hpp:125
openvpn::IP::Addr::from_asio
static Addr from_asio(const openvpn_io::ip::address &addr)
Definition ip.hpp:576
openvpn::IP::Addr::to_string
std::string to_string() const
Definition ip.hpp:528
openvpn::Protocol::str
const char * str() const
Definition protocol.hpp:212
openvpn::RCPtr::reset
void reset() noexcept
Points this RCPtr<T> to nullptr safely.
Definition rc.hpp:290
openvpn::RemoteList::process_push
void process_push(const OptionList &opt)
Definition remotelist.hpp:535
openvpn::TCPTransport::ClientConfig::new_transport_client_obj
TransportClient::Ptr new_transport_client_obj(openvpn_io::io_context &io_context, TransportClientParent *parent) override
Definition tcpcli.hpp:397
openvpn::TCPTransport::ClientConfig::process_push
void process_push(const OptionList &opt) override
Definition tcpcli.hpp:60
openvpn::TCPTransport::Client::server_endpoint
LinkImpl::Base::protocol::endpoint server_endpoint
Definition tcpcli.hpp:388
openvpn::TCPTransport::Client::transport_start
void transport_start() override
Definition tcpcli.hpp:86
openvpn::TCPTransport::Client::resolver
openvpn_io::ip::tcp::resolver resolver
Definition tcpcli.hpp:387
openvpn::TCPTransport::Client::config
ClientConfig::Ptr config
Definition tcpcli.hpp:384
openvpn::TCPTransport::Client::transport_stop_requeueing
void transport_stop_requeueing() override
Definition tcpcli.hpp:200
openvpn::TCPTransport::Client::start_impl_
void start_impl_(const openvpn_io::error_code &error)
Definition tcpcli.hpp:312
openvpn::TCPTransport::Client::io_context
openvpn_io::io_context & io_context
Definition tcpcli.hpp:382
openvpn::TCPTransport::Client::send
bool send(BufferAllocated &buf)
Definition tcpcli.hpp:215
openvpn::TCPTransport::Client::transport_has_send_queue
bool transport_has_send_queue() override
Definition tcpcli.hpp:124
openvpn::TCPTransport::Client::send_const
bool send_const(const Buffer &cbuf)
Definition tcpcli.hpp:205
openvpn::TCPTransport::Client::transport_send_queue_size
size_t transport_send_queue_size() override
Definition tcpcli.hpp:129
openvpn::TCPTransport::Client::transport_reparent
void transport_reparent(TransportClientParent *parent_arg) override
Definition tcpcli.hpp:195
openvpn::TCPTransport::Client::server_endpoint_addr
IP::Addr server_endpoint_addr() const override
Definition tcpcli.hpp:151
openvpn::TCPTransport::Client::tcp_error_handler
void tcp_error_handler(const char *error)
Definition tcpcli.hpp:239
openvpn::TCPTransport::Client::native_handle
openvpn_io::detail::socket_type native_handle() override
Definition tcpcli.hpp:161
openvpn::TCPTransport::Client::LinkImpl
TCPLink< openvpn_io::ip::tcp, Client *, false > LinkImpl
Definition tcpcli.hpp:77
openvpn::TCPTransport::Client::socket
openvpn_io::ip::tcp::socket socket
Definition tcpcli.hpp:383
openvpn::TCPTransport::Client::tcp_read_handler
bool tcp_read_handler(BufferAllocated &buf)
Definition tcpcli.hpp:228
openvpn::TCPTransport::Client::server_endpoint_info
void server_endpoint_info(std::string &host, std::string &port, std::string &proto, std::string &ip_addr) const override
Definition tcpcli.hpp:142
openvpn::TCPTransport::Client::Client
Client(openvpn_io::io_context &io_context_arg, ClientConfig *config_arg, TransportClientParent *parent_arg)
Definition tcpcli.hpp:181
openvpn::TCPTransport::Client::transport_send_queue_empty
bool transport_send_queue_empty() override
Definition tcpcli.hpp:117
openvpn::TCPTransport::Client::parent
TransportClientParent * parent
Definition tcpcli.hpp:385
openvpn::TCPTransport::Client::transport_send_const
bool transport_send_const(const Buffer &buf) override
Definition tcpcli.hpp:107
openvpn::TCPTransport::Client::resolve_callback
void resolve_callback(const openvpn_io::error_code &error, results_type results) override
Definition tcpcli.hpp:262
openvpn::TCPTransport::Client::server_endpoint_port
unsigned short server_endpoint_port() const override
Definition tcpcli.hpp:156
openvpn::TCPTransport::Client::reset_align_adjust
void reset_align_adjust(const size_t align_adjust) override
Definition tcpcli.hpp:136
openvpn::TCPTransport::Client::transport_protocol
Protocol transport_protocol() const override
Definition tcpcli.hpp:166
openvpn::TCPTransport::Client::transport_send
bool transport_send(BufferAllocated &buf) override
Definition tcpcli.hpp:112
OPENVPN_LOG
#define OPENVPN_LOG(args)
Definition logdatetime.hpp:23
openvpn::Error::NETWORK_EOF_ERROR
@ NETWORK_EOF_ERROR
Definition error.hpp:25
openvpn::Error::TCP_CONNECT_ERROR
@ TCP_CONNECT_ERROR
Definition error.hpp:50
openvpn::Error::SOCKET_PROTECT_ERROR
@ SOCKET_PROTECT_ERROR
Definition error.hpp:36
socket_protect.hpp
openvpn::TransportClientParent::transport_connecting
virtual void transport_connecting()=0
openvpn::TransportClientParent::transport_pre_resolve
virtual void transport_pre_resolve()=0
openvpn::TransportClientParent::transport_error
virtual void transport_error(const Error::Type fatal_err, const std::string &err_text)=0
openvpn::TransportClientParent::transport_is_openvpn_protocol
virtual bool transport_is_openvpn_protocol()=0
openvpn::TransportClientParent::transport_wait
virtual void transport_wait()=0
openvpn::TransportClientParent::transport_recv
virtual void transport_recv(BufferAllocated &buf)=0
openvpn::TransportClientParent::transport_needs_send
virtual void transport_needs_send()=0
openvpn::TransportClient::Ptr
RCPtr< TransportClient > Ptr
Definition transbase.hpp:37
flags
reroute_gw flags
Definition test_capture.cpp:277
port
proxy_host_port port
Definition test_capture.cpp:707
host
proxy_host_port host
Definition test_capture.cpp:693
os
std::ostringstream os
Definition test_capture.cpp:1099