search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tets
[anytun.git] / openvpn / openvpn.h
blobcad7164e83b165e6823c60ef6894b4e8f34558d0
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25 #ifndef OPENVPN_H
26 #define OPENVPN_H
27
28 #include "buffer.h"
29 #include "options.h"
30 #include "socket.h"
31 #include "crypto.h"
32 #include "ssl.h"
33 #include "packet_id.h"
34 #include "lzo.h"
35 #include "tun.h"
36 #include "interval.h"
37 #include "status.h"
38 #include "fragment.h"
39 #include "shaper.h"
40 #include "route.h"
41 #include "proxy.h"
42 #include "socks.h"
43 #include "sig.h"
44 #include "misc.h"
45 #include "mbuf.h"
46 #include "pool.h"
47 #include "plugin.h"
48 #include "manage.h"
49
50 /*
51 * Our global key schedules, packaged thusly
52 * to facilitate --persist-key.
53 */
54
55 struct key_schedule
56 {
57 #ifdef USE_CRYPTO
58 /* which cipher, HMAC digest, and key sizes are we using? */
59 struct key_type key_type;
60
61 /* pre-shared static key, read from a file */
62 struct key_ctx_bi static_key;
63
64 #ifdef USE_SSL
65 /* our global SSL context */
66 SSL_CTX *ssl_ctx;
67
68 /* optional authentication HMAC key for TLS control channel */
69 struct key_ctx_bi tls_auth_key;
70
71 #endif /* USE_SSL */
72 #else /* USE_CRYPTO */
73 int dummy;
74 #endif /* USE_CRYPTO */
75 };
76
77 /*
78 * struct packet_id_persist should be empty if we are not
79 * building with crypto.
80 */
81 #ifndef PACKET_ID_H
82 struct packet_id_persist
83 {
84 int dummy;
85 };
86 static inline void
87 packet_id_persist_init (struct packet_id_persist *p)
88 {
89 }
90 #endif
91
92 /*
93 * Packet processing buffers.
94 */
95 struct context_buffers
96 {
97 /* miscellaneous buffer, used by ping, occ, etc. */
98 struct buffer aux_buf;
99
100 /* workspace buffers used by crypto routines */
101 #ifdef USE_CRYPTO
102 struct buffer encrypt_buf;
103 struct buffer decrypt_buf;
104 #endif
105
106 /* workspace buffers for LZO compression */
107 #ifdef USE_LZO
108 struct buffer lzo_compress_buf;
109 struct buffer lzo_decompress_buf;
110 #endif
111
112 /*
113 * Buffers used to read from TUN device
114 * and TCP/UDP port.
115 */
116 struct buffer read_link_buf;
117 struct buffer read_tun_buf;
118 };
119
120 /*
121 * level 0 context contains data related to
122 * once-per OpenVPN instantiation events
123 * such as daemonization.
124 */
125 struct context_0
126 {
127 /* workspace for get_pid_file/write_pid */
128 struct pid_state pid_state;
129
130 /* workspace for --user/--group */
131 bool uid_gid_specified;
132 bool uid_gid_set;
133 struct user_state user_state;
134 struct group_state group_state;
135 };
136
137 /*
138 * Contains the persist-across-restart OpenVPN tunnel instance state.
139 * Reset only for SIGHUP restarts.
140 */
141 struct context_1
142 {
143 /* local and remote addresses */
144 struct link_socket_addr link_socket_addr;
145
146 /* tunnel session keys */
147 struct key_schedule ks;
148
149 /* persist crypto sequence number to/from file */
150 struct packet_id_persist pid_persist;
151
152 /* array of remote addresses */
153 struct remote_list *remote_list;
154
155 /* TUN/TAP interface */
156 struct tuntap *tuntap;
157 bool tuntap_owned;
158
159 /* list of --route directives */
160 struct route_list *route_list;
161
162 /* --status file */
163 struct status_output *status_output;
164 bool status_output_owned;
165
166 #ifdef ENABLE_HTTP_PROXY
167 /* HTTP proxy object */
168 struct http_proxy_info *http_proxy;
169 #endif
170
171 #ifdef ENABLE_SOCKS
172 /* SOCKS proxy object */
173 struct socks_proxy_info *socks_proxy;
174 #endif
175
176 /* shared object plugins */
177 struct plugin_list *plugins;
178 bool plugins_owned;
179
180 #if P2MP
181
182 #if P2MP_SERVER
183 /* persist --ifconfig-pool db to file */
184 struct ifconfig_pool_persist *ifconfig_pool_persist;
185 bool ifconfig_pool_persist_owned;
186 #endif
187
188 /* if client mode, option strings we pulled from server */
189 char *pulled_options_string_save;
190
191 /* save user/pass for authentication */
192 struct user_pass *auth_user_pass;
193 #endif
194 };
195
196 /*
197 * Contains the OpenVPN tunnel instance state, wiped across
198 * SIGUSR1 and SIGHUP restarts.
199 */
200 struct context_2
201 {
202 /* garbage collection arena for context_2 scope */
203 struct gc_arena gc;
204
205 /* our global wait events */
206 struct event_set *event_set;
207 int event_set_max;
208 bool event_set_owned;
209
210 /* event flags returned by io_wait */
211 # define SOCKET_READ (1<<0)
212 # define SOCKET_WRITE (1<<1)
213 # define TUN_READ (1<<2)
214 # define TUN_WRITE (1<<3)
215 # define ES_ERROR (1<<4)
216 # define ES_TIMEOUT (1<<5)
217 # ifdef ENABLE_MANAGEMENT
218 # define MANAGEMENT_READ (1<<6)
219 # define MANAGEMENT_WRITE (1<<7)
220 # endif
221
222 unsigned int event_set_status;
223
224 struct link_socket *link_socket; /* socket used for TCP/UDP connection to remote */
225 bool link_socket_owned;
226 struct link_socket_info *link_socket_info;
227 const struct link_socket *accept_from; /* possibly do accept() on a parent link_socket */
228
229 struct sockaddr_in to_link_addr; /* IP address of remote */
230 struct sockaddr_in from; /* address of incoming datagram */
231
232 /* MTU frame parameters */
233 struct frame frame;
234
235 #ifdef ENABLE_FRAGMENT
236 /* Object to handle advanced MTU negotiation and datagram fragmentation */
237 struct fragment_master *fragment;
238 struct frame frame_fragment;
239 struct frame frame_fragment_omit;
240 #endif
241
242 #ifdef HAVE_GETTIMEOFDAY
243 /*
244 * Traffic shaper object.
245 */
246 struct shaper shaper;
247 #endif
248
249 /*
250 * Statistics
251 */
252 counter_type tun_read_bytes;
253 counter_type tun_write_bytes;
254 counter_type link_read_bytes;
255 counter_type link_read_bytes_auth;
256 counter_type link_write_bytes;
257
258 /*
259 * Timer objects for ping and inactivity
260 * timeout features.
261 */
262 struct event_timeout wait_for_connect;
263 struct event_timeout inactivity_interval;
264 struct event_timeout ping_send_interval;
265 struct event_timeout ping_rec_interval;
266
267 #ifdef ENABLE_OCC
268 /* the option strings must match across peers */
269 char *options_string_local;
270 char *options_string_remote;
271
272 int occ_op; /* INIT to -1 */
273 int occ_n_tries;
274 struct event_timeout occ_interval;
275 #endif
276
277 /*
278 * Keep track of maximum packet size received so far
279 * (of authenticated packets).
280 */
281 int original_recv_size; /* temporary */
282 int max_recv_size_local; /* max packet size received */
283 int max_recv_size_remote; /* max packet size received by remote */
284 int max_send_size_local; /* max packet size sent */
285 int max_send_size_remote; /* max packet size sent by remote */
286
287 #ifdef ENABLE_OCC
288 /* remote wants us to send back a load test packet of this size */
289 int occ_mtu_load_size;
290
291 struct event_timeout occ_mtu_load_test_interval;
292 int occ_mtu_load_n_tries;
293 #endif
294
295 #ifdef USE_CRYPTO
296
297 /*
298 * TLS-mode crypto objects.
299 */
300 #ifdef USE_SSL
301
302 /* master OpenVPN SSL/TLS object */
303 struct tls_multi *tls_multi;
304
305 /* check --tls-auth signature without needing
306 a full-size tls_multi object */
307 struct tls_auth_standalone *tls_auth_standalone;
308
309 /* used to optimize calls to tls_multi_process */
310 struct interval tmp_int;
311
312 /* throw this signal on TLS errors */
313 int tls_exit_signal;
314
315 #endif /* USE_SSL */
316
317 /* passed to encrypt or decrypt, contains all
318 crypto-related command line options related
319 to data channel encryption/decryption */
320 struct crypto_options crypto_options;
321
322 /* used to keep track of data channel packet sequence numbers */
323 struct packet_id packet_id;
324 struct event_timeout packet_id_persist_interval;
325
326 #endif /* USE_CRYPTO */
327
328 /*
329 * LZO compression library workspace.
330 */
331 #ifdef USE_LZO
332 struct lzo_compress_workspace lzo_compwork;
333 #endif
334
335 /*
336 * Buffers used for packet processing.
337 */
338 struct context_buffers *buffers;
339 bool buffers_owned; /* if true, we should free all buffers on close */
340
341 /*
342 * These buffers don't actually allocate storage, they are used
343 * as pointers to the allocated buffers in
344 * struct context_buffers.
345 */
346 struct buffer buf;
347 struct buffer to_tun;
348 struct buffer to_link;
349
350 /*
351 * IPv4 TUN device?
352 */
353 bool ipv4_tun;
354
355 /* should we print R|W|r|w to console on packet transfers? */
356 bool log_rw;
357
358 /* route stuff */
359 struct event_timeout route_wakeup;
360 struct event_timeout route_wakeup_expire;
361
362 /* did we open tun/tap dev during this cycle? */
363 bool did_open_tun;
364
365 /*
366 * Event loop info
367 */
368
369 /* how long to wait on link/tun read before we will need to be serviced */
370 struct timeval timeval;
371
372 /* next wakeup for processing coarse timers (>1 sec resolution) */
373 time_t coarse_timer_wakeup;
374
375 /* maintain a random delta to add to timeouts to avoid contexts
376 waking up simultaneously */
377 time_t update_timeout_random_component;
378 struct timeval timeout_random_component;
379
380 /* indicates that the do_up_delay function has run */
381 bool do_up_ran;
382
383 #ifdef ENABLE_OCC
384 /* indicates that we have received a SIGTERM when
385 options->explicit_exit_notification is enabled,
386 but we have not exited yet */
387 time_t explicit_exit_notification_time_wait;
388 struct event_timeout explicit_exit_notification_interval;
389 #endif
390
391 /* environmental variables to pass to scripts */
392 struct env_set *es;
393
394 /* don't wait for TUN/TAP/UDP to be ready to accept write */
395 bool fast_io;
396
397 #if P2MP
398
399 #if P2MP_SERVER
400 /* --ifconfig endpoints to be pushed to client */
401 bool push_reply_deferred;
402 bool push_ifconfig_defined;
403 in_addr_t push_ifconfig_local;
404 in_addr_t push_ifconfig_remote_netmask;
405
406 /* client authentication state, CAS_SUCCEEDED must be 0 */
407 # define CAS_SUCCEEDED 0
408 # define CAS_PENDING 1
409 # define CAS_FAILED 2
410 # define CAS_PARTIAL 3 /* at least one client-connect script/plugin
411 succeeded while a later one in the chain failed */
412 int context_auth;
413 #endif
414
415 struct event_timeout push_request_interval;
416 const char *pulled_options_string;
417
418 struct event_timeout scheduled_exit;
419
420 #endif
421 };
422
423 /*
424 * Contains all state information for one tunnel.
425 */
426 struct context
427 {
428 /* command line or config file options */
429 struct options options;
430
431 /* true on initial VPN iteration */
432 bool first_time;
433
434 /* used by multi-client code to lock the context */
435 /*MUTEX_DEFINE (mutex);*/
436
437 /* context modes */
438 # define CM_P2P 0 /* standalone point-to-point session or client */
439 # define CM_TOP 1 /* top level of a multi-client or point-to-multipoint server */
440 # define CM_TOP_CLONE 2 /* clone of a CM_TOP context for one thread */
441 # define CM_CHILD_UDP 3 /* child context of a CM_TOP or CM_THREAD */
442 # define CM_CHILD_TCP 4 /* child context of a CM_TOP or CM_THREAD */
443 int mode;
444
445 /* garbage collection for context scope
446 allocations */
447 struct gc_arena gc;
448
449 /* environmental variable settings */
450 struct env_set *es;
451
452 /* signal info */
453 struct signal_info *sig;
454
455 /* set to true after we daemonize */
456 bool did_we_daemonize;
457
458 /* level 0 context contains data related to
459 once-per OpenVPN instantiation events
460 such as daemonization */
461 struct context_0 *c0;
462
463 /* level 1 context is preserved for
464 SIGUSR1 restarts, but initialized
465 for SIGHUP restarts */
466 struct context_1 c1;
467
468 /* level 2 context is initialized for all
469 restarts (SIGUSR1 and SIGHUP) */
470 struct context_2 c2;
471 };
472
473 /*
474 * Check for a signal when inside an event loop
475 */
476 #define EVENT_LOOP_CHECK_SIGNAL(c, func, arg) \
477 if (IS_SIG (c)) \
478 { \
479 const int brk = func (arg); \
480 perf_pop (); \
481 if (brk) \
482 break; \
483 else \
484 continue; \
485 }
486
487 /*
488 * Macros for referencing objects which may not
489 * have been compiled in.
490 */
491
492 #if defined(USE_CRYPTO) && defined(USE_SSL)
493 #define TLS_MODE(c) ((c)->c2.tls_multi != NULL)
494 #define PROTO_DUMP_FLAGS (check_debug_level (D_LINK_RW_VERBOSE) ? (PD_SHOW_DATA|PD_VERBOSE) : 0)
495 #define PROTO_DUMP(buf, gc) protocol_dump((buf), \
496 PROTO_DUMP_FLAGS | \
497 (c->c2.tls_multi ? PD_TLS : 0) | \
498 (c->options.tls_auth_file ? c->c1.ks.key_type.hmac_length : 0), \
499 gc)
500 #else
501 #define TLS_MODE(c) (false)
502 #define PROTO_DUMP(buf, gc) format_hex (BPTR (buf), BLEN (buf), 80, gc)
503 #endif
504
505 #ifdef USE_CRYPTO
506 #define MD5SUM(buf, len, gc) md5sum((buf), (len), 0, (gc))
507 #else
508 #define MD5SUM(buf, len, gc) "[unavailable]"
509 #endif
510
511 #ifdef USE_CRYPTO
512 #define CIPHER_ENABLED(c) (c->c1.ks.key_type.cipher != NULL)
513 #else
514 #define CIPHER_ENABLED(c) (false)
515 #endif
516
517 #endif
Implementation of SATP