From patchwork Wed Jul 11 07:00:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 411 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id BfSaACw4RlvVDQAAIUCqbw for ; Wed, 11 Jul 2018 13:02:36 -0400 Received: from director6.mail.ord1c.rsapps.net ([172.28.255.1]) by director12.mail.ord1d.rsapps.net (Dovecot) with LMTP id PxTdCyw4RltdFAAAIasKDg ; Wed, 11 Jul 2018 13:02:36 -0400 Received: from smtp17.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director6.mail.ord1c.rsapps.net with LMTP id +JE4Giw4RlvsSgAA5akwjA ; Wed, 11 Jul 2018 13:02:36 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp17.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 35204fec-852c-11e8-9900-bc305beffb0c-1-1 Received: from [216.105.38.7] ([216.105.38.7:42005] helo=lists.sourceforge.net) by smtp17.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 23/44-08978-B28364B5; Wed, 11 Jul 2018 13:02:35 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1fdIUd-0005BM-Tu; Wed, 11 Jul 2018 17:01:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1fdIUc-0005BF-Cc for openvpn-devel@lists.sourceforge.net; Wed, 11 Jul 2018 17:01:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=j2MnlWb06eJYQLrDSVQMEaMbCDA86HMPtRGwAkAET3s=; b=VRO9J+ZnWwCVV9vIAdP0DT7of5 gDok53l6B/InL6MUjy2uKS/IrVf0dDuowDV1d2O2hqs1EaSDS3/QW/1dgp87snfe+ibl59rMjlGKL vAKs+577MPTc431cdSfvh93r+eBF2NEO60cHZvF/6xJqz4/hMVj9tRCXQZAHnJVnwCzs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=j2MnlWb06eJYQLrDSVQMEaMbCDA86HMPtRGwAkAET3s=; b=hsZwcGM8mvtGzXIfsa8nI4KuqB HTdpLQC8IyiTDP2GZ+n+05t1kERUx3UG8W28Oi0tLTOKlY5QN61eD1+iJEprhz6rDrVfayridTwwP D0ph4o40LrTKGRxKLUCGd+UpjXKE4w77A1ki7IMWo/Ap9IYg9V7Xq+OUdE0ahNyBtGLQ=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1fdIUZ-00FLfs-S9 for openvpn-devel@lists.sourceforge.net; Wed, 11 Jul 2018 17:01:30 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Thu, 12 Jul 2018 01:00:42 +0800 Message-Id: <20180711170042.15154-1-a@unstable.cc> In-Reply-To: <20180711165918.12762-1-a@unstable.cc> References: <20180711165918.12762-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1fdIUZ-00FLfs-S9 Subject: [Openvpn-devel] [PATCH v2] socket: make stream_buf_* functions static X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox stream_buf_init(), stream_buf_close() and stream_buf_added() are only used within socket.c, therefore there is noneed to have them declared in socket.h. Make them static and remove useless declarations. This change required some re-ordering of the functions to ensure they were defined before being used, however, no this is just a copy/paste and no function change has been introduced. Signed-off-by: Antonio Quartulli --- v2: - fix commit subject src/openvpn/socket.c | 362 +++++++++++++++++++++---------------------- src/openvpn/socket.h | 15 -- 2 files changed, 181 insertions(+), 196 deletions(-) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 211e7441..2a62a49b 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -1491,6 +1491,187 @@ done: gc_free(&gc); } +/* + * Stream buffer functions, used to packetize a TCP + * stream connection. + */ + +static inline void +stream_buf_reset(struct stream_buf *sb) +{ + dmsg(D_STREAM_DEBUG, "STREAM: RESET"); + sb->residual_fully_formed = false; + sb->buf = sb->buf_init; + buf_reset(&sb->next); + sb->len = -1; +} + +static void +stream_buf_init(struct stream_buf *sb, + struct buffer *buf, + const unsigned int sockflags, + const int proto) +{ + sb->buf_init = *buf; + sb->maxlen = sb->buf_init.len; + sb->buf_init.len = 0; + sb->residual = alloc_buf(sb->maxlen); + sb->error = false; +#if PORT_SHARE + sb->port_share_state = ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCP_SERVER)) + ? PS_ENABLED + : PS_DISABLED; +#endif + stream_buf_reset(sb); + + dmsg(D_STREAM_DEBUG, "STREAM: INIT maxlen=%d", sb->maxlen); +} + +static void +stream_buf_close(struct stream_buf *sb) +{ + free_buf(&sb->residual); +} + +static inline void +stream_buf_set_next(struct stream_buf *sb) +{ + /* set up 'next' for next i/o read */ + sb->next = sb->buf; + sb->next.offset = sb->buf.offset + sb->buf.len; + sb->next.len = (sb->len >= 0 ? sb->len : sb->maxlen) - sb->buf.len; + dmsg(D_STREAM_DEBUG, "STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%d", + sb->buf.offset, sb->buf.len, + sb->next.offset, sb->next.len, + sb->len, sb->maxlen); + ASSERT(sb->next.len > 0); + ASSERT(buf_safe(&sb->buf, sb->next.len)); +} + +static inline void +stream_buf_get_final(struct stream_buf *sb, struct buffer *buf) +{ + dmsg(D_STREAM_DEBUG, "STREAM: GET FINAL len=%d", + buf_defined(&sb->buf) ? sb->buf.len : -1); + ASSERT(buf_defined(&sb->buf)); + *buf = sb->buf; +} + +static inline void +stream_buf_get_next(struct stream_buf *sb, struct buffer *buf) +{ + dmsg(D_STREAM_DEBUG, "STREAM: GET NEXT len=%d", + buf_defined(&sb->next) ? sb->next.len : -1); + ASSERT(buf_defined(&sb->next)); + *buf = sb->next; +} + +static bool +stream_buf_added(struct stream_buf *sb, + int length_added) +{ + dmsg(D_STREAM_DEBUG, "STREAM: ADD length_added=%d", length_added); + if (length_added > 0) + { + sb->buf.len += length_added; + } + + /* if length unknown, see if we can get the length prefix from + * the head of the buffer */ + if (sb->len < 0 && sb->buf.len >= (int) sizeof(packet_size_type)) + { + packet_size_type net_size; + +#if PORT_SHARE + if (sb->port_share_state == PS_ENABLED) + { + if (!is_openvpn_protocol(&sb->buf)) + { + msg(D_STREAM_ERRORS, "Non-OpenVPN client protocol detected"); + sb->port_share_state = PS_FOREIGN; + sb->error = true; + return false; + } + else + { + sb->port_share_state = PS_DISABLED; + } + } +#endif + + ASSERT(buf_read(&sb->buf, &net_size, sizeof(net_size))); + sb->len = ntohps(net_size); + + if (sb->len < 1 || sb->len > sb->maxlen) + { + msg(M_WARN, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]", sb->len, sb->maxlen); + stream_buf_reset(sb); + sb->error = true; + return false; + } + } + + /* is our incoming packet fully read? */ + if (sb->len > 0 && sb->buf.len >= sb->len) + { + /* save any residual data that's part of the next packet */ + ASSERT(buf_init(&sb->residual, 0)); + if (sb->buf.len > sb->len) + { + ASSERT(buf_copy_excess(&sb->residual, &sb->buf, sb->len)); + } + dmsg(D_STREAM_DEBUG, "STREAM: ADD returned TRUE, buf_len=%d, residual_len=%d", + BLEN(&sb->buf), + BLEN(&sb->residual)); + return true; + } + else + { + dmsg(D_STREAM_DEBUG, "STREAM: ADD returned FALSE (have=%d need=%d)", sb->buf.len, sb->len); + stream_buf_set_next(sb); + return false; + } +} + +bool +stream_buf_read_setup_dowork(struct link_socket *sock) +{ + if (sock->stream_buf.residual.len && !sock->stream_buf.residual_fully_formed) + { + ASSERT(buf_copy(&sock->stream_buf.buf, &sock->stream_buf.residual)); + ASSERT(buf_init(&sock->stream_buf.residual, 0)); + sock->stream_buf.residual_fully_formed = stream_buf_added(&sock->stream_buf, 0); + dmsg(D_STREAM_DEBUG, "STREAM: RESIDUAL FULLY FORMED [%s], len=%d", + sock->stream_buf.residual_fully_formed ? "YES" : "NO", + sock->stream_buf.residual.len); + } + + if (!sock->stream_buf.residual_fully_formed) + { + stream_buf_set_next(&sock->stream_buf); + } + return !sock->stream_buf.residual_fully_formed; +} + +/* + * The listen event is a special event whose sole purpose is + * to tell us that there's a new incoming connection on a + * TCP socket, for use in server mode. + */ +event_t +socket_listen_event_handle(struct link_socket *s) +{ +#ifdef _WIN32 + if (!defined_net_event_win32(&s->listen_handle)) + { + init_net_event_win32(&s->listen_handle, FD_ACCEPT, s->sd, 0); + } + return &s->listen_handle; +#else /* ifdef _WIN32 */ + return s->sd; +#endif +} + /* For stream protocols, allocate a buffer to build up packet. * Called after frame has been finalized. */ @@ -2485,187 +2666,6 @@ socket_stat(const struct link_socket *s, unsigned int rwflags, struct gc_arena * return BSTR(&out); } -/* - * Stream buffer functions, used to packetize a TCP - * stream connection. - */ - -static inline void -stream_buf_reset(struct stream_buf *sb) -{ - dmsg(D_STREAM_DEBUG, "STREAM: RESET"); - sb->residual_fully_formed = false; - sb->buf = sb->buf_init; - buf_reset(&sb->next); - sb->len = -1; -} - -void -stream_buf_init(struct stream_buf *sb, - struct buffer *buf, - const unsigned int sockflags, - const int proto) -{ - sb->buf_init = *buf; - sb->maxlen = sb->buf_init.len; - sb->buf_init.len = 0; - sb->residual = alloc_buf(sb->maxlen); - sb->error = false; -#if PORT_SHARE - sb->port_share_state = ((sockflags & SF_PORT_SHARE) && (proto == PROTO_TCP_SERVER)) - ? PS_ENABLED - : PS_DISABLED; -#endif - stream_buf_reset(sb); - - dmsg(D_STREAM_DEBUG, "STREAM: INIT maxlen=%d", sb->maxlen); -} - -static inline void -stream_buf_set_next(struct stream_buf *sb) -{ - /* set up 'next' for next i/o read */ - sb->next = sb->buf; - sb->next.offset = sb->buf.offset + sb->buf.len; - sb->next.len = (sb->len >= 0 ? sb->len : sb->maxlen) - sb->buf.len; - dmsg(D_STREAM_DEBUG, "STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%d", - sb->buf.offset, sb->buf.len, - sb->next.offset, sb->next.len, - sb->len, sb->maxlen); - ASSERT(sb->next.len > 0); - ASSERT(buf_safe(&sb->buf, sb->next.len)); -} - -static inline void -stream_buf_get_final(struct stream_buf *sb, struct buffer *buf) -{ - dmsg(D_STREAM_DEBUG, "STREAM: GET FINAL len=%d", - buf_defined(&sb->buf) ? sb->buf.len : -1); - ASSERT(buf_defined(&sb->buf)); - *buf = sb->buf; -} - -static inline void -stream_buf_get_next(struct stream_buf *sb, struct buffer *buf) -{ - dmsg(D_STREAM_DEBUG, "STREAM: GET NEXT len=%d", - buf_defined(&sb->next) ? sb->next.len : -1); - ASSERT(buf_defined(&sb->next)); - *buf = sb->next; -} - -bool -stream_buf_read_setup_dowork(struct link_socket *sock) -{ - if (sock->stream_buf.residual.len && !sock->stream_buf.residual_fully_formed) - { - ASSERT(buf_copy(&sock->stream_buf.buf, &sock->stream_buf.residual)); - ASSERT(buf_init(&sock->stream_buf.residual, 0)); - sock->stream_buf.residual_fully_formed = stream_buf_added(&sock->stream_buf, 0); - dmsg(D_STREAM_DEBUG, "STREAM: RESIDUAL FULLY FORMED [%s], len=%d", - sock->stream_buf.residual_fully_formed ? "YES" : "NO", - sock->stream_buf.residual.len); - } - - if (!sock->stream_buf.residual_fully_formed) - { - stream_buf_set_next(&sock->stream_buf); - } - return !sock->stream_buf.residual_fully_formed; -} - -bool -stream_buf_added(struct stream_buf *sb, - int length_added) -{ - dmsg(D_STREAM_DEBUG, "STREAM: ADD length_added=%d", length_added); - if (length_added > 0) - { - sb->buf.len += length_added; - } - - /* if length unknown, see if we can get the length prefix from - * the head of the buffer */ - if (sb->len < 0 && sb->buf.len >= (int) sizeof(packet_size_type)) - { - packet_size_type net_size; - -#if PORT_SHARE - if (sb->port_share_state == PS_ENABLED) - { - if (!is_openvpn_protocol(&sb->buf)) - { - msg(D_STREAM_ERRORS, "Non-OpenVPN client protocol detected"); - sb->port_share_state = PS_FOREIGN; - sb->error = true; - return false; - } - else - { - sb->port_share_state = PS_DISABLED; - } - } -#endif - - ASSERT(buf_read(&sb->buf, &net_size, sizeof(net_size))); - sb->len = ntohps(net_size); - - if (sb->len < 1 || sb->len > sb->maxlen) - { - msg(M_WARN, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]", sb->len, sb->maxlen); - stream_buf_reset(sb); - sb->error = true; - return false; - } - } - - /* is our incoming packet fully read? */ - if (sb->len > 0 && sb->buf.len >= sb->len) - { - /* save any residual data that's part of the next packet */ - ASSERT(buf_init(&sb->residual, 0)); - if (sb->buf.len > sb->len) - { - ASSERT(buf_copy_excess(&sb->residual, &sb->buf, sb->len)); - } - dmsg(D_STREAM_DEBUG, "STREAM: ADD returned TRUE, buf_len=%d, residual_len=%d", - BLEN(&sb->buf), - BLEN(&sb->residual)); - return true; - } - else - { - dmsg(D_STREAM_DEBUG, "STREAM: ADD returned FALSE (have=%d need=%d)", sb->buf.len, sb->len); - stream_buf_set_next(sb); - return false; - } -} - -void -stream_buf_close(struct stream_buf *sb) -{ - free_buf(&sb->residual); -} - -/* - * The listen event is a special event whose sole purpose is - * to tell us that there's a new incoming connection on a - * TCP socket, for use in server mode. - */ -event_t -socket_listen_event_handle(struct link_socket *s) -{ -#ifdef _WIN32 - if (!defined_net_event_win32(&s->listen_handle)) - { - init_net_event_win32(&s->listen_handle, FD_ACCEPT, s->sd, 0); - } - return &s->listen_handle; -#else /* ifdef _WIN32 */ - return s->sd; -#endif -} - /* * Format IP addresses in ascii */ diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 479d1150..7329a518 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -994,21 +994,6 @@ link_socket_set_outgoing_addr(const struct buffer *buf, } } -/* - * Stream buffer handling -- stream_buf is a helper class - * to assist in the packetization of stream transport protocols - * such as TCP. - */ - -void stream_buf_init(struct stream_buf *sb, - struct buffer *buf, - const unsigned int sockflags, - const int proto); - -void stream_buf_close(struct stream_buf *sb); - -bool stream_buf_added(struct stream_buf *sb, int length_added); - static inline bool stream_buf_read_setup(struct link_socket *sock) {