From patchwork Sat Nov 11 05:18:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 68 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director5.mail.ord1d.rsapps.net ([172.30.191.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id K9l1Hz4jB1qjVQAAgoeIoA for ; Sat, 11 Nov 2017 11:20:14 -0500 Received: from proxy8.mail.ord1d.rsapps.net ([172.30.191.6]) by director5.mail.ord1d.rsapps.net (Dovecot) with LMTP id 8xNLHz4jB1quCQAAsdCWiw ; Sat, 11 Nov 2017 11:20:14 -0500 Received: from smtp8.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.ord1d.rsapps.net (Dovecot) with LMTP id /PVMBj4jB1roBQAAGdz6CA ; Sat, 11 Nov 2017 11:20:14 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp8.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Classification-ID: 3275a998-c6fc-11e7-a030-782bcb03304b-1-1 Received: from [216.34.181.88] ([216.34.181.88:20458] helo=lists.sourceforge.net) by smtp8.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5C/BF-21198-D33270A5; Sat, 11 Nov 2017 11:20:14 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-4.v29.ch3.sourceforge.com) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eDYVD-0004YN-Ts; Sat, 11 Nov 2017 16:19:27 +0000 Received: from sfi-mx-1.v28.ch3.sourceforge.com ([172.29.28.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eDYVC-0004YG-Pj for openvpn-devel@lists.sourceforge.net; Sat, 11 Nov 2017 16:19:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=FMoy/m5u/LqnIXDsicHmJ/09ET47ZuiI9VRuapBnGQc=; b=ZJHaNqq+fUVjoNyniVC+rTSDCj u7yUKYAWoleuxZqsIN3BCRt9aPAqpjLMGUVPXrVCpu2jyYwrFLWury34mwJwc5/h38oee+U3Cw5I6 fP3X6ZWgVogyshf+uVxn3m+kLRuAfgKqzYIfr132bry1eoBUn6XJ2Fz6mwUyn5Tr5VMI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=FMoy/m5u/LqnIXDsicHmJ/09ET47ZuiI9VRuapBnGQc=; b=iFWsp0sfFUPFFuiD7lXZ/juFhr HjrwbYPjBV6oAUPqx9Fe79hxsmv4v4MSgMsFOJHqOxQJUCX/upWhOykcJNI8EoODMYt+aC9qcq9l/ D8HQ3tBgYlMqmeZ3ruiBPJczUBFG+mS95SvFZ/zO8p+6Sw5KSyIifGvM5LXK5AxZ29Ao=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.ch3.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) id 1eDYV9-0002Mm-J6 for openvpn-devel@lists.sourceforge.net; Sat, 11 Nov 2017 16:19:26 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Sun, 12 Nov 2017 00:18:35 +0800 Message-Id: <20171111161836.23356-2-a@unstable.cc> In-Reply-To: <20171111161836.23356-1-a@unstable.cc> References: <20171111161836.23356-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1eDYV9-0002Mm-J6 Subject: [Openvpn-devel] [PATCH v5 2/3] merge *-inline.h files with their main header X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox *-inline.h files are not very useful anymore. In the attempt of cleaning up the code some more, merge them into their main header files. No functional change is part of this patch. Cc: Steffan Karger Signed-off-by: Antonio Quartulli --- v4: pf_c2c/addr_test() has been made static again v5: no change src/openvpn/Makefile.am | 8 +- src/openvpn/forward-inline.h | 341 ------------------------------------ src/openvpn/forward.c | 6 +- src/openvpn/forward.h | 319 ++++++++++++++++++++++++++++++++- src/openvpn/init.c | 4 +- src/openvpn/mtcp.c | 2 +- src/openvpn/mudp.c | 2 +- src/openvpn/multi.c | 4 +- src/openvpn/occ-inline.h | 95 ---------- src/openvpn/occ.c | 4 +- src/openvpn/occ.h | 61 +++++++ src/openvpn/openvpn.c | 2 - src/openvpn/openvpn.h | 2 +- src/openvpn/openvpn.vcxproj | 4 - src/openvpn/openvpn.vcxproj.filters | 12 -- src/openvpn/pf-inline.h | 67 ------- src/openvpn/pf.c | 2 +- src/openvpn/pf.h | 39 +++++ src/openvpn/ping-inline.h | 64 ------- src/openvpn/ping.c | 1 - src/openvpn/ping.h | 37 ++++ 21 files changed, 469 insertions(+), 607 deletions(-) delete mode 100644 src/openvpn/forward-inline.h delete mode 100644 src/openvpn/occ-inline.h delete mode 100644 src/openvpn/pf-inline.h delete mode 100644 src/openvpn/ping-inline.h diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index fcc22d68..babc0adb 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -55,7 +55,7 @@ openvpn_SOURCES = \ error.c error.h \ event.c event.h \ fdmisc.c fdmisc.h \ - forward.c forward.h forward-inline.h \ + forward.c forward.h \ fragment.c fragment.h \ gremlin.c gremlin.h \ helper.c helper.h \ @@ -80,7 +80,7 @@ openvpn_SOURCES = \ mudp.c mudp.h \ multi.c multi.h \ ntlm.c ntlm.h \ - occ.c occ.h occ-inline.h \ + occ.c occ.h \ openssl_compat.h \ pkcs11.c pkcs11.h pkcs11_backend.h \ pkcs11_openssl.c \ @@ -90,8 +90,8 @@ openvpn_SOURCES = \ otime.c otime.h \ packet_id.c packet_id.h \ perf.c perf.h \ - pf.c pf.h pf-inline.h \ - ping.c ping.h ping-inline.h \ + pf.c pf.h \ + ping.c ping.h \ plugin.c plugin.h \ pool.c pool.h \ proto.c proto.h \ diff --git a/src/openvpn/forward-inline.h b/src/openvpn/forward-inline.h deleted file mode 100644 index ab83ea40..00000000 --- a/src/openvpn/forward-inline.h +++ /dev/null @@ -1,341 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef FORWARD_INLINE_H -#define FORWARD_INLINE_H - -/* - * Inline functions - */ - -/* - * Does TLS session need service? - */ -static inline void -check_tls(struct context *c) -{ -#if defined(ENABLE_CRYPTO) - void check_tls_dowork(struct context *c); - - if (c->c2.tls_multi) - { - check_tls_dowork(c); - } -#endif -} - -/* - * TLS errors are fatal in TCP mode. - * Also check for --tls-exit trigger. - */ -static inline void -check_tls_errors(struct context *c) -{ -#if defined(ENABLE_CRYPTO) - void check_tls_errors_co(struct context *c); - - void check_tls_errors_nco(struct context *c); - - if (c->c2.tls_multi && c->c2.tls_exit_signal) - { - if (link_socket_connection_oriented(c->c2.link_socket)) - { - if (c->c2.tls_multi->n_soft_errors) - { - check_tls_errors_co(c); - } - } - else - { - if (c->c2.tls_multi->n_hard_errors) - { - check_tls_errors_nco(c); - } - } - } -#endif /* if defined(ENABLE_CRYPTO) */ -} - -/* - * Check for possible incoming configuration - * messages on the control channel. - */ -static inline void -check_incoming_control_channel(struct context *c) -{ -#if P2MP - void check_incoming_control_channel_dowork(struct context *c); - - if (tls_test_payload_len(c->c2.tls_multi) > 0) - { - check_incoming_control_channel_dowork(c); - } -#endif -} - -/* - * Options like --up-delay need to be triggered by this function which - * checks for connection establishment. - */ -static inline void -check_connection_established(struct context *c) -{ - void check_connection_established_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.wait_for_connect)) - { - check_connection_established_dowork(c); - } -} - -/* - * Should we add routes? - */ -static inline void -check_add_routes(struct context *c) -{ - void check_add_routes_dowork(struct context *c); - - if (event_timeout_trigger(&c->c2.route_wakeup, &c->c2.timeval, ETT_DEFAULT)) - { - check_add_routes_dowork(c); - } -} - -/* - * Should we exit due to inactivity timeout? - */ -static inline void -check_inactivity_timeout(struct context *c) -{ - void check_inactivity_timeout_dowork(struct context *c); - - if (c->options.inactivity_timeout - && event_timeout_trigger(&c->c2.inactivity_interval, &c->c2.timeval, ETT_DEFAULT)) - { - check_inactivity_timeout_dowork(c); - } -} - -#if P2MP - -static inline void -check_server_poll_timeout(struct context *c) -{ - void check_server_poll_timeout_dowork(struct context *c); - - if (c->options.ce.connect_timeout - && event_timeout_trigger(&c->c2.server_poll_interval, &c->c2.timeval, ETT_DEFAULT)) - { - check_server_poll_timeout_dowork(c); - } -} - -/* - * Scheduled exit? - */ -static inline void -check_scheduled_exit(struct context *c) -{ - void check_scheduled_exit_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.scheduled_exit)) - { - if (event_timeout_trigger(&c->c2.scheduled_exit, &c->c2.timeval, ETT_DEFAULT)) - { - check_scheduled_exit_dowork(c); - } - } -} -#endif /* if P2MP */ - -/* - * Should we write timer-triggered status file. - */ -static inline void -check_status_file(struct context *c) -{ - void check_status_file_dowork(struct context *c); - - if (c->c1.status_output) - { - if (status_trigger_tv(c->c1.status_output, &c->c2.timeval)) - { - check_status_file_dowork(c); - } - } -} - -#ifdef ENABLE_FRAGMENT -/* - * Should we deliver a datagram fragment to remote? - */ -static inline void -check_fragment(struct context *c) -{ - void check_fragment_dowork(struct context *c); - - if (c->c2.fragment) - { - check_fragment_dowork(c); - } -} -#endif - -#if P2MP - -/* - * see if we should send a push_request in response to --pull - */ -static inline void -check_push_request(struct context *c) -{ - void check_push_request_dowork(struct context *c); - - if (event_timeout_trigger(&c->c2.push_request_interval, &c->c2.timeval, ETT_DEFAULT)) - { - check_push_request_dowork(c); - } -} - -#endif - -#ifdef ENABLE_CRYPTO -/* - * Should we persist our anti-replay packet ID state to disk? - */ -static inline void -check_packet_id_persist_flush(struct context *c) -{ - if (packet_id_persist_enabled(&c->c1.pid_persist) - && event_timeout_trigger(&c->c2.packet_id_persist_interval, &c->c2.timeval, ETT_DEFAULT)) - { - packet_id_persist_save(&c->c1.pid_persist); - } -} -#endif - -/* - * Set our wakeup to 0 seconds, so we will be rescheduled - * immediately. - */ -static inline void -context_immediate_reschedule(struct context *c) -{ - c->c2.timeval.tv_sec = 0; /* ZERO-TIMEOUT */ - c->c2.timeval.tv_usec = 0; -} - -static inline void -context_reschedule_sec(struct context *c, int sec) -{ - if (sec < 0) - { - sec = 0; - } - if (sec < c->c2.timeval.tv_sec) - { - c->c2.timeval.tv_sec = sec; - c->c2.timeval.tv_usec = 0; - } -} - -static inline struct link_socket_info * -get_link_socket_info(struct context *c) -{ - if (c->c2.link_socket_info) - { - return c->c2.link_socket_info; - } - else - { - return &c->c2.link_socket->info; - } -} - -static inline void -register_activity(struct context *c, const int size) -{ - if (c->options.inactivity_timeout) - { - c->c2.inactivity_bytes += size; - if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes) - { - c->c2.inactivity_bytes = 0; - event_timeout_reset(&c->c2.inactivity_interval); - } - } -} - -/* - * Return the io_wait() flags appropriate for - * a point-to-point tunnel. - */ -static inline unsigned int -p2p_iow_flags(const struct context *c) -{ - unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL); - if (c->c2.to_link.len > 0) - { - flags |= IOW_TO_LINK; - } - if (c->c2.to_tun.len > 0) - { - flags |= IOW_TO_TUN; - } - return flags; -} - -/* - * This is the core I/O wait function, used for all I/O waits except - * for TCP in server mode. - */ -static inline void -io_wait(struct context *c, const unsigned int flags) -{ - void io_wait_dowork(struct context *c, const unsigned int flags); - - if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF))) - { - /* fast path -- only for TUN/TAP/UDP writes */ - unsigned int ret = 0; - if (flags & IOW_TO_TUN) - { - ret |= TUN_WRITE; - } - if (flags & (IOW_TO_LINK|IOW_MBUF)) - { - ret |= SOCKET_WRITE; - } - c->c2.event_set_status = ret; - } - else - { - /* slow path */ - io_wait_dowork(c, flags); - } -} - -#define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established) - -#endif /* EVENT_INLINE_H */ diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 1b7455bb..79200829 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -35,6 +35,9 @@ #include "gremlin.h" #include "mss.h" #include "event.h" +#include "occ.h" +#include "pf.h" +#include "ping.h" #include "ps.h" #include "dhcp.h" #include "common.h" @@ -42,9 +45,6 @@ #include "memdbg.h" -#include "forward-inline.h" -#include "occ-inline.h" -#include "ping-inline.h" #include "mstats.h" counter_type link_read_bytes_global; /* GLOBAL */ diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index 9fde5a30..0b7f1250 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -31,9 +31,8 @@ #ifndef FORWARD_H #define FORWARD_H -#include "openvpn.h" -#include "occ.h" -#include "ping.h" +/* the following macros must be defined before including any other header + * file */ #define TUN_OUT(c) (BLEN(&(c)->c2.to_tun) > 0) #define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0) @@ -47,6 +46,10 @@ #define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c)) +#include "openvpn.h" +#include "occ.h" +#include "ping.h" + #define IOW_TO_TUN (1<<0) #define IOW_TO_LINK (1<<1) #define IOW_READ_TUN (1<<2) @@ -262,4 +265,314 @@ void schedule_exit(struct context *c, const int n_seconds, const int signal); #endif +/* + * Does TLS session need service? + */ +static inline void +check_tls(struct context *c) +{ +#if defined(ENABLE_CRYPTO) + void check_tls_dowork(struct context *c); + + if (c->c2.tls_multi) + { + check_tls_dowork(c); + } +#endif +} + +/* + * TLS errors are fatal in TCP mode. + * Also check for --tls-exit trigger. + */ +static inline void +check_tls_errors(struct context *c) +{ +#if defined(ENABLE_CRYPTO) + void check_tls_errors_co(struct context *c); + + void check_tls_errors_nco(struct context *c); + + if (c->c2.tls_multi && c->c2.tls_exit_signal) + { + if (link_socket_connection_oriented(c->c2.link_socket)) + { + if (c->c2.tls_multi->n_soft_errors) + { + check_tls_errors_co(c); + } + } + else + { + if (c->c2.tls_multi->n_hard_errors) + { + check_tls_errors_nco(c); + } + } + } +#endif /* if defined(ENABLE_CRYPTO) */ +} + +/* + * Check for possible incoming configuration + * messages on the control channel. + */ +static inline void +check_incoming_control_channel(struct context *c) +{ +#if P2MP + void check_incoming_control_channel_dowork(struct context *c); + + if (tls_test_payload_len(c->c2.tls_multi) > 0) + { + check_incoming_control_channel_dowork(c); + } +#endif +} + +/* + * Options like --up-delay need to be triggered by this function which + * checks for connection establishment. + */ +static inline void +check_connection_established(struct context *c) +{ + void check_connection_established_dowork(struct context *c); + + if (event_timeout_defined(&c->c2.wait_for_connect)) + { + check_connection_established_dowork(c); + } +} + +/* + * Should we add routes? + */ +static inline void +check_add_routes(struct context *c) +{ + void check_add_routes_dowork(struct context *c); + + if (event_timeout_trigger(&c->c2.route_wakeup, &c->c2.timeval, ETT_DEFAULT)) + { + check_add_routes_dowork(c); + } +} + +/* + * Should we exit due to inactivity timeout? + */ +static inline void +check_inactivity_timeout(struct context *c) +{ + void check_inactivity_timeout_dowork(struct context *c); + + if (c->options.inactivity_timeout + && event_timeout_trigger(&c->c2.inactivity_interval, &c->c2.timeval, ETT_DEFAULT)) + { + check_inactivity_timeout_dowork(c); + } +} + +#if P2MP + +static inline void +check_server_poll_timeout(struct context *c) +{ + void check_server_poll_timeout_dowork(struct context *c); + + if (c->options.ce.connect_timeout + && event_timeout_trigger(&c->c2.server_poll_interval, &c->c2.timeval, ETT_DEFAULT)) + { + check_server_poll_timeout_dowork(c); + } +} + +/* + * Scheduled exit? + */ +static inline void +check_scheduled_exit(struct context *c) +{ + void check_scheduled_exit_dowork(struct context *c); + + if (event_timeout_defined(&c->c2.scheduled_exit)) + { + if (event_timeout_trigger(&c->c2.scheduled_exit, &c->c2.timeval, ETT_DEFAULT)) + { + check_scheduled_exit_dowork(c); + } + } +} +#endif /* if P2MP */ + +/* + * Should we write timer-triggered status file. + */ +static inline void +check_status_file(struct context *c) +{ + void check_status_file_dowork(struct context *c); + + if (c->c1.status_output) + { + if (status_trigger_tv(c->c1.status_output, &c->c2.timeval)) + { + check_status_file_dowork(c); + } + } +} + +#ifdef ENABLE_FRAGMENT +/* + * Should we deliver a datagram fragment to remote? + */ +static inline void +check_fragment(struct context *c) +{ + void check_fragment_dowork(struct context *c); + + if (c->c2.fragment) + { + check_fragment_dowork(c); + } +} +#endif + +#if P2MP + +/* + * see if we should send a push_request in response to --pull + */ +static inline void +check_push_request(struct context *c) +{ + void check_push_request_dowork(struct context *c); + + if (event_timeout_trigger(&c->c2.push_request_interval, &c->c2.timeval, ETT_DEFAULT)) + { + check_push_request_dowork(c); + } +} + +#endif + +#ifdef ENABLE_CRYPTO +/* + * Should we persist our anti-replay packet ID state to disk? + */ +static inline void +check_packet_id_persist_flush(struct context *c) +{ + if (packet_id_persist_enabled(&c->c1.pid_persist) + && event_timeout_trigger(&c->c2.packet_id_persist_interval, &c->c2.timeval, ETT_DEFAULT)) + { + packet_id_persist_save(&c->c1.pid_persist); + } +} +#endif + +/* + * Set our wakeup to 0 seconds, so we will be rescheduled + * immediately. + */ +static inline void +context_immediate_reschedule(struct context *c) +{ + c->c2.timeval.tv_sec = 0; /* ZERO-TIMEOUT */ + c->c2.timeval.tv_usec = 0; +} + +static inline void +context_reschedule_sec(struct context *c, int sec) +{ + if (sec < 0) + { + sec = 0; + } + if (sec < c->c2.timeval.tv_sec) + { + c->c2.timeval.tv_sec = sec; + c->c2.timeval.tv_usec = 0; + } +} + +static inline struct link_socket_info * +get_link_socket_info(struct context *c) +{ + if (c->c2.link_socket_info) + { + return c->c2.link_socket_info; + } + else + { + return &c->c2.link_socket->info; + } +} + +static inline void +register_activity(struct context *c, const int size) +{ + if (c->options.inactivity_timeout) + { + c->c2.inactivity_bytes += size; + if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes) + { + c->c2.inactivity_bytes = 0; + event_timeout_reset(&c->c2.inactivity_interval); + } + } +} + +/* + * Return the io_wait() flags appropriate for + * a point-to-point tunnel. + */ +static inline unsigned int +p2p_iow_flags(const struct context *c) +{ + unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL); + if (c->c2.to_link.len > 0) + { + flags |= IOW_TO_LINK; + } + if (c->c2.to_tun.len > 0) + { + flags |= IOW_TO_TUN; + } + return flags; +} + +/* + * This is the core I/O wait function, used for all I/O waits except + * for TCP in server mode. + */ +static inline void +io_wait(struct context *c, const unsigned int flags) +{ + void io_wait_dowork(struct context *c, const unsigned int flags); + + if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF))) + { + /* fast path -- only for TUN/TAP/UDP writes */ + unsigned int ret = 0; + if (flags & IOW_TO_TUN) + { + ret |= TUN_WRITE; + } + if (flags & (IOW_TO_LINK|IOW_MBUF)) + { + ret |= SOCKET_WRITE; + } + c->c2.event_set_status = ret; + } + else + { + /* slow path */ + io_wait_dowork(c, flags); + } +} + +#define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established) + #endif /* FORWARD_H */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 1ed2c55e..2e34f547 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -41,6 +41,7 @@ #include "otime.h" #include "pool.h" #include "gremlin.h" +#include "occ.h" #include "pkcs11.h" #include "ps.h" #include "lladdr.h" @@ -48,11 +49,10 @@ #include "mstats.h" #include "ssl_verify.h" #include "tls_crypt.h" -#include "forward-inline.h" +#include "forward.h" #include "memdbg.h" -#include "occ-inline.h" static struct context *static_context; /* GLOBAL */ diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 3cb52113..015d6b89 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -32,7 +32,7 @@ #if P2MP_SERVER #include "multi.h" -#include "forward-inline.h" +#include "forward.h" #include "memdbg.h" diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index eb28ca2b..a4cd6bf8 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -33,7 +33,7 @@ #include "multi.h" #include -#include "forward-inline.h" +#include "forward.h" #include "memdbg.h" diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 5c2c8e69..a97eed6e 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -36,10 +36,12 @@ #if P2MP_SERVER +#include "forward.h" #include "multi.h" #include "push.h" #include "misc.h" #include "otime.h" +#include "pf.h" #include "gremlin.h" #include "mstats.h" #include "ssl_verify.h" @@ -47,8 +49,6 @@ #include "memdbg.h" -#include "forward-inline.h" -#include "pf-inline.h" /*#define MULTI_DEBUG_EVENT_LOOP*/ diff --git a/src/openvpn/occ-inline.h b/src/openvpn/occ-inline.h deleted file mode 100644 index 0fa8e5ba..00000000 --- a/src/openvpn/occ-inline.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef OCC_INLINE_H -#define OCC_INLINE_H - -#ifdef ENABLE_OCC - -/* - * Inline functions - */ - -static inline int -occ_reset_op(void) -{ - return -1; -} - -/* - * Should we send an OCC_REQUEST message? - */ -static inline void -check_send_occ_req(struct context *c) -{ - void check_send_occ_req_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.occ_interval) - && event_timeout_trigger(&c->c2.occ_interval, - &c->c2.timeval, - (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) - { - check_send_occ_req_dowork(c); - } -} - -/* - * Should we send an MTU load test? - */ -static inline void -check_send_occ_load_test(struct context *c) -{ - void check_send_occ_load_test_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.occ_mtu_load_test_interval) - && event_timeout_trigger(&c->c2.occ_mtu_load_test_interval, - &c->c2.timeval, - (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) - { - check_send_occ_load_test_dowork(c); - } -} - -/* - * Should we send an OCC message? - */ -static inline void -check_send_occ_msg(struct context *c) -{ - void check_send_occ_msg_dowork(struct context *c); - - if (c->c2.occ_op >= 0) - { - if (!TO_LINK_DEF(c)) - { - check_send_occ_msg_dowork(c); - } - else - { - tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */ - } - } -} - -#endif /* ifdef ENABLE_OCC */ -#endif /* ifndef OCC_INLINE_H */ diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 40f7e768..5bec2b15 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -32,11 +32,9 @@ #ifdef ENABLE_OCC #include "occ.h" - +#include "forward.h" #include "memdbg.h" -#include "forward-inline.h" -#include "occ-inline.h" /* * This random string identifies an OpenVPN diff --git a/src/openvpn/occ.h b/src/openvpn/occ.h index 12d7bc57..369ebac4 100644 --- a/src/openvpn/occ.h +++ b/src/openvpn/occ.h @@ -90,5 +90,66 @@ is_occ_msg(const struct buffer *buf) void process_received_occ_msg(struct context *c); +static inline int +occ_reset_op(void) +{ + return -1; +} + +/* + * Should we send an OCC_REQUEST message? + */ +static inline void +check_send_occ_req(struct context *c) +{ + void check_send_occ_req_dowork(struct context *c); + + if (event_timeout_defined(&c->c2.occ_interval) + && event_timeout_trigger(&c->c2.occ_interval, + &c->c2.timeval, + (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) + { + check_send_occ_req_dowork(c); + } +} + +/* + * Should we send an MTU load test? + */ +static inline void +check_send_occ_load_test(struct context *c) +{ + void check_send_occ_load_test_dowork(struct context *c); + + if (event_timeout_defined(&c->c2.occ_mtu_load_test_interval) + && event_timeout_trigger(&c->c2.occ_mtu_load_test_interval, + &c->c2.timeval, + (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) + { + check_send_occ_load_test_dowork(c); + } +} + +/* + * Should we send an OCC message? + */ +static inline void +check_send_occ_msg(struct context *c) +{ + void check_send_occ_msg_dowork(struct context *c); + + if (c->c2.occ_op >= 0) + { + if (!TO_LINK_DEF(c)) + { + check_send_occ_msg_dowork(c); + } + else + { + tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */ + } + } +} + #endif /* ifdef ENABLE_OCC */ #endif /* ifndef OCC_H */ diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index e237ee50..d25bc093 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -37,8 +37,6 @@ #include "memdbg.h" -#include "forward-inline.h" - #define P2P_CHECK_SIG() EVENT_LOOP_CHECK_SIGNAL(c, process_signal_p2p, c); static bool diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 9262e68b..a7e133d9 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -42,10 +42,10 @@ #include "sig.h" #include "misc.h" #include "mbuf.h" +#include "pf.h" #include "pool.h" #include "plugin.h" #include "manage.h" -#include "pf.h" /* * Our global key schedules, packaged thusly diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index d1c0fdec..30cceb34 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -193,7 +193,6 @@ - @@ -217,16 +216,13 @@ - - - diff --git a/src/openvpn/openvpn.vcxproj.filters b/src/openvpn/openvpn.vcxproj.filters index 30df5ec2..4152236d 100644 --- a/src/openvpn/openvpn.vcxproj.filters +++ b/src/openvpn/openvpn.vcxproj.filters @@ -284,9 +284,6 @@ Header Files - - Header Files - Header Files @@ -356,9 +353,6 @@ Header Files - - Header Files - Header Files @@ -377,15 +371,9 @@ Header Files - - Header Files - Header Files - - Header Files - Header Files diff --git a/src/openvpn/pf-inline.h b/src/openvpn/pf-inline.h deleted file mode 100644 index 3ba90ccf..00000000 --- a/src/openvpn/pf-inline.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#if defined(ENABLE_PF) && !defined(PF_INLINE_H) -#define PF_INLINE_H - -/* - * Inline functions - */ - -#define PCT_SRC 1 -#define PCT_DEST 2 -static inline bool -pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src, - const struct pf_context *dest_pf, const struct tls_multi *dest, - const char *prefix) -{ - bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix); - - return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix)) - && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC, - prefix)); -} - -static inline bool -pf_addr_test(const struct pf_context *src_pf, const struct context *src, - const struct mroute_addr *dest, const char *prefix) -{ - bool pf_addr_test_dowork(const struct context *src, const struct mroute_addr *dest, const char *prefix); - - if (src_pf->enabled) - { - return pf_addr_test_dowork(src, dest, prefix); - } - else - { - return true; - } -} - -static inline bool -pf_kill_test(const struct pf_set *pfs) -{ - return pfs->kill; -} - -#endif /* if defined(ENABLE_PF) && !defined(PF_INLINE_H) */ diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c index 5cb002bf..12eeb2d0 100644 --- a/src/openvpn/pf.c +++ b/src/openvpn/pf.c @@ -35,9 +35,9 @@ #include "init.h" #include "memdbg.h" +#include "pf.h" #include "ssl_verify.h" -#include "pf-inline.h" static void pf_destroy(struct pf_set *pfs) diff --git a/src/openvpn/pf.h b/src/openvpn/pf.h index 414c85b8..a53ea7e4 100644 --- a/src/openvpn/pf.h +++ b/src/openvpn/pf.h @@ -31,6 +31,9 @@ #define PF_MAX_LINE_LEN 256 +#define PCT_SRC 1 +#define PCT_DEST 2 + struct context; struct ipv4_subnet { @@ -101,4 +104,40 @@ void pf_context_print(const struct pf_context *pfc, const char *prefix, const in #endif +bool pf_addr_test_dowork(const struct context *src, + const struct mroute_addr *dest, const char *prefix); + +static inline bool +pf_addr_test(const struct pf_context *src_pf, const struct context *src, + const struct mroute_addr *dest, const char *prefix) +{ + if (src_pf->enabled) + { + return pf_addr_test_dowork(src, dest, prefix); + } + else + { + return true; + } +} + +bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, + const char *prefix); + +static inline bool +pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src, + const struct pf_context *dest_pf, const struct tls_multi *dest, + const char *prefix) +{ + return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix)) + && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC, + prefix)); +} + +static inline bool +pf_kill_test(const struct pf_set *pfs) +{ + return pfs->kill; +} + #endif /* if defined(ENABLE_PF) && !defined(OPENVPN_PF_H) */ diff --git a/src/openvpn/ping-inline.h b/src/openvpn/ping-inline.h deleted file mode 100644 index 0642b851..00000000 --- a/src/openvpn/ping-inline.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef PING_INLINE_H -#define PING_INLINE_H - -/* - * Should we exit or restart due to ping (or other authenticated packet) - * not received in n seconds? - */ -static inline void -check_ping_restart(struct context *c) -{ - void check_ping_restart_dowork(struct context *c); - - if (c->options.ping_rec_timeout - && event_timeout_trigger(&c->c2.ping_rec_interval, - &c->c2.timeval, - (!c->options.ping_timer_remote - || link_socket_actual_defined(&c->c1.link_socket_addr.actual)) - ? ETT_DEFAULT : 15)) - { - check_ping_restart_dowork(c); - } -} - -/* - * Should we ping the remote? - */ -static inline void -check_ping_send(struct context *c) -{ - void check_ping_send_dowork(struct context *c); - - if (c->options.ping_send_timeout - && event_timeout_trigger(&c->c2.ping_send_interval, - &c->c2.timeval, - !TO_LINK_DEF(c) ? ETT_DEFAULT : 1)) - { - check_ping_send_dowork(c); - } -} - -#endif /* ifndef PING_INLINE_H */ diff --git a/src/openvpn/ping.c b/src/openvpn/ping.c index 728d6c2a..10cd5a5e 100644 --- a/src/openvpn/ping.c +++ b/src/openvpn/ping.c @@ -33,7 +33,6 @@ #include "memdbg.h" -#include "ping-inline.h" /* * This random string identifies an OpenVPN ping packet. diff --git a/src/openvpn/ping.h b/src/openvpn/ping.h index 5bd5c089..9c5ef8e1 100644 --- a/src/openvpn/ping.h +++ b/src/openvpn/ping.h @@ -43,4 +43,41 @@ is_ping_msg(const struct buffer *buf) return buf_string_match(buf, ping_string, PING_STRING_SIZE); } +/* + * Should we exit or restart due to ping (or other authenticated packet) + * not received in n seconds? + */ +static inline void +check_ping_restart(struct context *c) +{ + void check_ping_restart_dowork(struct context *c); + + if (c->options.ping_rec_timeout + && event_timeout_trigger(&c->c2.ping_rec_interval, + &c->c2.timeval, + (!c->options.ping_timer_remote + || link_socket_actual_defined(&c->c1.link_socket_addr.actual)) + ? ETT_DEFAULT : 15)) + { + check_ping_restart_dowork(c); + } +} + +/* + * Should we ping the remote? + */ +static inline void +check_ping_send(struct context *c) +{ + void check_ping_send_dowork(struct context *c); + + if (c->options.ping_send_timeout + && event_timeout_trigger(&c->c2.ping_send_interval, + &c->c2.timeval, + !TO_LINK_DEF(c) ? ETT_DEFAULT : 1)) + { + check_ping_send_dowork(c); + } +} + #endif