From patchwork Sat Nov 11 05:18:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 66 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director6.mail.ord1d.rsapps.net ([172.30.191.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id 22QAGCkjB1rJEgAAgoeIoA for ; Sat, 11 Nov 2017 11:19:53 -0500 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director6.mail.ord1d.rsapps.net (Dovecot) with LMTP id WXDzACkjB1qbLgAAhgvE6Q ; Sat, 11 Nov 2017 11:19:53 -0500 Received: from smtp48.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net (Dovecot) with LMTP id yu+VFikjB1q7eQAATCaURg ; Sat, 11 Nov 2017 11:19:53 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp48.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Classification-ID: 260e2bc6-c6fc-11e7-879b-b8ca3a5fc420-1-1 Received: from [216.34.181.88] ([216.34.181.88:56018] helo=lists.sourceforge.net) by smtp48.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id E6/75-02352-923270A5; Sat, 11 Nov 2017 11:19:53 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eDYVA-0000dO-P9; Sat, 11 Nov 2017 16:19:24 +0000 Received: from sfi-mx-4.v28.ch3.sourceforge.com ([172.29.28.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eDYV9-0000dI-SE for openvpn-devel@lists.sourceforge.net; Sat, 11 Nov 2017 16:19:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JwTiHA+ibJnRZ6HcqmDPJzf778jRw9cxMGs1dhlq3tI=; b=ea+4odBEhv+lehZESS7V93fRTM i3pLwP9g7qRqutHadfrBcDOBchwtfwVInCAC18tS6YXHfHEqTLSrYFmCHITmy3MZ8Nde7PdGOXjSd xJpBhrdkPlBY0sT2MGMu++LkmWtiN9VYGd4O/8kq3E4pzUQbcjvAhSPx4Hv1MUoUpMkA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JwTiHA+ibJnRZ6HcqmDPJzf778jRw9cxMGs1dhlq3tI=; b=aL0InnRr7bBEHDsYTqrhKHGzuS sAQJJaHZXwL2741Xla5SznvEVVpqM2zMxvIbsCaDL4EMWLK7SxY6sPFHZ1P5/L+5q80ptuVwYp9EY om3A1RT1iK6QEJmjX5ErNSA96HxgmD94PX0GPQq/lbTRyGpSYQJpX6upqvTLDvCe/rXI=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-4.v28.ch3.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) id 1eDYV8-0003rT-9m for openvpn-devel@lists.sourceforge.net; Sat, 11 Nov 2017 16:19:23 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Sun, 12 Nov 2017 00:18:34 +0800 Message-Id: <20171111161836.23356-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] 0.3 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1eDYV8-0003rT-9m Subject: [Openvpn-devel] [PATCH v5 1/3] pf: restyle pf_c2c/addr_test() to make them 'struct context' agnostic X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox In the attempt of getting rid of any pf-inline.h file, we need to make sure that inline functions do not trigger any circular include dependency. For this reason, avoid pf_c2c/addr_test() to be 'struct context' aware, so that pf-inline.h does not need to rely on the content of openvpn.h. Cc: Steffan Karger Signed-off-by: Antonio Quartulli Reviewed-by: Steffan Karger Acked-by: Steffan Karger --- v1-v3: skipped v4: this is the first version of this patch, but named v4 for convenience v5: follow Steffan's suggestion and make pf_c2c_test() take tls_multi as argument src/openvpn/multi.c | 28 +++++++++++++++++++++------- src/openvpn/pf-inline.h | 14 +++++++++----- 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 82a0b9d9..5c2c8e69 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2230,7 +2230,11 @@ multi_bcast(struct multi_context *m, #ifdef ENABLE_PF if (sender_instance) { - if (!pf_c2c_test(&sender_instance->context, &mi->context, "bcast_c2c")) + if (!pf_c2c_test(&sender_instance->context.c2.pf, + sender_instance->context.c2.tls_multi, + &mi->context.c2.pf, + mi->context.c2.tls_multi, + "bcast_c2c")) { msg(D_PF_DROPPED_BCAST, "PF: client[%s] -> client[%s] packet dropped by BCAST packet filter", mi_prefix(sender_instance), @@ -2240,7 +2244,8 @@ multi_bcast(struct multi_context *m, } if (sender_addr) { - if (!pf_addr_test(&mi->context, sender_addr, "bcast_src_addr")) + if (!pf_addr_test(&mi->context.c2.pf, &mi->context, + sender_addr, "bcast_src_addr")) { struct gc_arena gc = gc_new(); msg(D_PF_DROPPED_BCAST, "PF: addr[%s] -> client[%s] packet dropped by BCAST packet filter", @@ -2599,7 +2604,10 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst if (mi) { #ifdef ENABLE_PF - if (!pf_c2c_test(c, &mi->context, "tun_c2c")) + if (!pf_c2c_test(&c->c2.pf, c->c2.tls_multi, + &mi->context.c2.pf, + mi->context.c2.tls_multi, + "tun_c2c")) { msg(D_PF_DROPPED, "PF: client -> client[%s] packet dropped by TUN packet filter", mi_prefix(mi)); @@ -2615,7 +2623,8 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst } } #ifdef ENABLE_PF - if (c->c2.to_tun.len && !pf_addr_test(c, &dest, "tun_dest_addr")) + if (c->c2.to_tun.len && !pf_addr_test(&c->c2.pf, c, &dest, + "tun_dest_addr")) { msg(D_PF_DROPPED, "PF: client -> addr[%s] packet dropped by TUN packet filter", mroute_addr_print_ex(&dest, MAPF_SHOW_ARP, &gc)); @@ -2660,7 +2669,10 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst if (mi) { #ifdef ENABLE_PF - if (!pf_c2c_test(c, &mi->context, "tap_c2c")) + if (!pf_c2c_test(&c->c2.pf, c->c2.tls_multi, + &mi->context.c2.pf, + mi->context.c2.tls_multi, + "tap_c2c")) { msg(D_PF_DROPPED, "PF: client -> client[%s] packet dropped by TAP packet filter", mi_prefix(mi)); @@ -2676,7 +2688,9 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst } } #ifdef ENABLE_PF - if (c->c2.to_tun.len && !pf_addr_test(c, &edest, "tap_dest_addr")) + if (c->c2.to_tun.len && !pf_addr_test(&c->c2.pf, c, + &edest, + "tap_dest_addr")) { msg(D_PF_DROPPED, "PF: client -> addr[%s] packet dropped by TAP packet filter", mroute_addr_print_ex(&edest, MAPF_SHOW_ARP, &gc)); @@ -2789,7 +2803,7 @@ multi_process_incoming_tun(struct multi_context *m, const unsigned int mpp_flags set_prefix(m->pending); #ifdef ENABLE_PF - if (!pf_addr_test(c, e2, "tun_tap_src_addr")) + if (!pf_addr_test(&c->c2.pf, c, e2, "tun_tap_src_addr")) { msg(D_PF_DROPPED, "PF: addr[%s] -> client packet dropped by packet filter", mroute_addr_print_ex(&src, MAPF_SHOW_ARP, &gc)); diff --git a/src/openvpn/pf-inline.h b/src/openvpn/pf-inline.h index ac19ac4c..3ba90ccf 100644 --- a/src/openvpn/pf-inline.h +++ b/src/openvpn/pf-inline.h @@ -31,20 +31,24 @@ #define PCT_SRC 1 #define PCT_DEST 2 static inline bool -pf_c2c_test(const struct context *src, const struct context *dest, const char *prefix) +pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src, + const struct pf_context *dest_pf, const struct tls_multi *dest, + const char *prefix) { bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix); - return (!src->c2.pf.enabled || pf_cn_test(src->c2.pf.pfs, dest->c2.tls_multi, PCT_DEST, prefix)) - && (!dest->c2.pf.enabled || pf_cn_test(dest->c2.pf.pfs, src->c2.tls_multi, PCT_SRC, prefix)); + return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix)) + && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC, + prefix)); } static inline bool -pf_addr_test(const struct context *src, const struct mroute_addr *dest, const char *prefix) +pf_addr_test(const struct pf_context *src_pf, const struct context *src, + const struct mroute_addr *dest, const char *prefix) { bool pf_addr_test_dowork(const struct context *src, const struct mroute_addr *dest, const char *prefix); - if (src->c2.pf.enabled) + if (src_pf->enabled) { return pf_addr_test_dowork(src, dest, prefix); } From patchwork Sat Nov 11 05:18:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 68 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director5.mail.ord1d.rsapps.net ([172.30.191.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id K9l1Hz4jB1qjVQAAgoeIoA for ; Sat, 11 Nov 2017 11:20:14 -0500 Received: from proxy8.mail.ord1d.rsapps.net ([172.30.191.6]) by director5.mail.ord1d.rsapps.net (Dovecot) with LMTP id 8xNLHz4jB1quCQAAsdCWiw ; Sat, 11 Nov 2017 11:20:14 -0500 Received: from smtp8.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.ord1d.rsapps.net (Dovecot) with LMTP id /PVMBj4jB1roBQAAGdz6CA ; Sat, 11 Nov 2017 11:20:14 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp8.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Classification-ID: 3275a998-c6fc-11e7-a030-782bcb03304b-1-1 Received: from [216.34.181.88] ([216.34.181.88:20458] helo=lists.sourceforge.net) by smtp8.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5C/BF-21198-D33270A5; Sat, 11 Nov 2017 11:20:14 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-4.v29.ch3.sourceforge.com) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eDYVD-0004YN-Ts; Sat, 11 Nov 2017 16:19:27 +0000 Received: from sfi-mx-1.v28.ch3.sourceforge.com ([172.29.28.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eDYVC-0004YG-Pj for openvpn-devel@lists.sourceforge.net; Sat, 11 Nov 2017 16:19:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=FMoy/m5u/LqnIXDsicHmJ/09ET47ZuiI9VRuapBnGQc=; b=ZJHaNqq+fUVjoNyniVC+rTSDCj u7yUKYAWoleuxZqsIN3BCRt9aPAqpjLMGUVPXrVCpu2jyYwrFLWury34mwJwc5/h38oee+U3Cw5I6 fP3X6ZWgVogyshf+uVxn3m+kLRuAfgKqzYIfr132bry1eoBUn6XJ2Fz6mwUyn5Tr5VMI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=FMoy/m5u/LqnIXDsicHmJ/09ET47ZuiI9VRuapBnGQc=; b=iFWsp0sfFUPFFuiD7lXZ/juFhr HjrwbYPjBV6oAUPqx9Fe79hxsmv4v4MSgMsFOJHqOxQJUCX/upWhOykcJNI8EoODMYt+aC9qcq9l/ D8HQ3tBgYlMqmeZ3ruiBPJczUBFG+mS95SvFZ/zO8p+6Sw5KSyIifGvM5LXK5AxZ29Ao=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.ch3.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) id 1eDYV9-0002Mm-J6 for openvpn-devel@lists.sourceforge.net; Sat, 11 Nov 2017 16:19:26 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Sun, 12 Nov 2017 00:18:35 +0800 Message-Id: <20171111161836.23356-2-a@unstable.cc> In-Reply-To: <20171111161836.23356-1-a@unstable.cc> References: <20171111161836.23356-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1eDYV9-0002Mm-J6 Subject: [Openvpn-devel] [PATCH v5 2/3] merge *-inline.h files with their main header X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox *-inline.h files are not very useful anymore. In the attempt of cleaning up the code some more, merge them into their main header files. No functional change is part of this patch. Cc: Steffan Karger Signed-off-by: Antonio Quartulli --- v4: pf_c2c/addr_test() has been made static again v5: no change src/openvpn/Makefile.am | 8 +- src/openvpn/forward-inline.h | 341 ------------------------------------ src/openvpn/forward.c | 6 +- src/openvpn/forward.h | 319 ++++++++++++++++++++++++++++++++- src/openvpn/init.c | 4 +- src/openvpn/mtcp.c | 2 +- src/openvpn/mudp.c | 2 +- src/openvpn/multi.c | 4 +- src/openvpn/occ-inline.h | 95 ---------- src/openvpn/occ.c | 4 +- src/openvpn/occ.h | 61 +++++++ src/openvpn/openvpn.c | 2 - src/openvpn/openvpn.h | 2 +- src/openvpn/openvpn.vcxproj | 4 - src/openvpn/openvpn.vcxproj.filters | 12 -- src/openvpn/pf-inline.h | 67 ------- src/openvpn/pf.c | 2 +- src/openvpn/pf.h | 39 +++++ src/openvpn/ping-inline.h | 64 ------- src/openvpn/ping.c | 1 - src/openvpn/ping.h | 37 ++++ 21 files changed, 469 insertions(+), 607 deletions(-) delete mode 100644 src/openvpn/forward-inline.h delete mode 100644 src/openvpn/occ-inline.h delete mode 100644 src/openvpn/pf-inline.h delete mode 100644 src/openvpn/ping-inline.h diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index fcc22d68..babc0adb 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -55,7 +55,7 @@ openvpn_SOURCES = \ error.c error.h \ event.c event.h \ fdmisc.c fdmisc.h \ - forward.c forward.h forward-inline.h \ + forward.c forward.h \ fragment.c fragment.h \ gremlin.c gremlin.h \ helper.c helper.h \ @@ -80,7 +80,7 @@ openvpn_SOURCES = \ mudp.c mudp.h \ multi.c multi.h \ ntlm.c ntlm.h \ - occ.c occ.h occ-inline.h \ + occ.c occ.h \ openssl_compat.h \ pkcs11.c pkcs11.h pkcs11_backend.h \ pkcs11_openssl.c \ @@ -90,8 +90,8 @@ openvpn_SOURCES = \ otime.c otime.h \ packet_id.c packet_id.h \ perf.c perf.h \ - pf.c pf.h pf-inline.h \ - ping.c ping.h ping-inline.h \ + pf.c pf.h \ + ping.c ping.h \ plugin.c plugin.h \ pool.c pool.h \ proto.c proto.h \ diff --git a/src/openvpn/forward-inline.h b/src/openvpn/forward-inline.h deleted file mode 100644 index ab83ea40..00000000 --- a/src/openvpn/forward-inline.h +++ /dev/null @@ -1,341 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef FORWARD_INLINE_H -#define FORWARD_INLINE_H - -/* - * Inline functions - */ - -/* - * Does TLS session need service? - */ -static inline void -check_tls(struct context *c) -{ -#if defined(ENABLE_CRYPTO) - void check_tls_dowork(struct context *c); - - if (c->c2.tls_multi) - { - check_tls_dowork(c); - } -#endif -} - -/* - * TLS errors are fatal in TCP mode. - * Also check for --tls-exit trigger. - */ -static inline void -check_tls_errors(struct context *c) -{ -#if defined(ENABLE_CRYPTO) - void check_tls_errors_co(struct context *c); - - void check_tls_errors_nco(struct context *c); - - if (c->c2.tls_multi && c->c2.tls_exit_signal) - { - if (link_socket_connection_oriented(c->c2.link_socket)) - { - if (c->c2.tls_multi->n_soft_errors) - { - check_tls_errors_co(c); - } - } - else - { - if (c->c2.tls_multi->n_hard_errors) - { - check_tls_errors_nco(c); - } - } - } -#endif /* if defined(ENABLE_CRYPTO) */ -} - -/* - * Check for possible incoming configuration - * messages on the control channel. - */ -static inline void -check_incoming_control_channel(struct context *c) -{ -#if P2MP - void check_incoming_control_channel_dowork(struct context *c); - - if (tls_test_payload_len(c->c2.tls_multi) > 0) - { - check_incoming_control_channel_dowork(c); - } -#endif -} - -/* - * Options like --up-delay need to be triggered by this function which - * checks for connection establishment. - */ -static inline void -check_connection_established(struct context *c) -{ - void check_connection_established_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.wait_for_connect)) - { - check_connection_established_dowork(c); - } -} - -/* - * Should we add routes? - */ -static inline void -check_add_routes(struct context *c) -{ - void check_add_routes_dowork(struct context *c); - - if (event_timeout_trigger(&c->c2.route_wakeup, &c->c2.timeval, ETT_DEFAULT)) - { - check_add_routes_dowork(c); - } -} - -/* - * Should we exit due to inactivity timeout? - */ -static inline void -check_inactivity_timeout(struct context *c) -{ - void check_inactivity_timeout_dowork(struct context *c); - - if (c->options.inactivity_timeout - && event_timeout_trigger(&c->c2.inactivity_interval, &c->c2.timeval, ETT_DEFAULT)) - { - check_inactivity_timeout_dowork(c); - } -} - -#if P2MP - -static inline void -check_server_poll_timeout(struct context *c) -{ - void check_server_poll_timeout_dowork(struct context *c); - - if (c->options.ce.connect_timeout - && event_timeout_trigger(&c->c2.server_poll_interval, &c->c2.timeval, ETT_DEFAULT)) - { - check_server_poll_timeout_dowork(c); - } -} - -/* - * Scheduled exit? - */ -static inline void -check_scheduled_exit(struct context *c) -{ - void check_scheduled_exit_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.scheduled_exit)) - { - if (event_timeout_trigger(&c->c2.scheduled_exit, &c->c2.timeval, ETT_DEFAULT)) - { - check_scheduled_exit_dowork(c); - } - } -} -#endif /* if P2MP */ - -/* - * Should we write timer-triggered status file. - */ -static inline void -check_status_file(struct context *c) -{ - void check_status_file_dowork(struct context *c); - - if (c->c1.status_output) - { - if (status_trigger_tv(c->c1.status_output, &c->c2.timeval)) - { - check_status_file_dowork(c); - } - } -} - -#ifdef ENABLE_FRAGMENT -/* - * Should we deliver a datagram fragment to remote? - */ -static inline void -check_fragment(struct context *c) -{ - void check_fragment_dowork(struct context *c); - - if (c->c2.fragment) - { - check_fragment_dowork(c); - } -} -#endif - -#if P2MP - -/* - * see if we should send a push_request in response to --pull - */ -static inline void -check_push_request(struct context *c) -{ - void check_push_request_dowork(struct context *c); - - if (event_timeout_trigger(&c->c2.push_request_interval, &c->c2.timeval, ETT_DEFAULT)) - { - check_push_request_dowork(c); - } -} - -#endif - -#ifdef ENABLE_CRYPTO -/* - * Should we persist our anti-replay packet ID state to disk? - */ -static inline void -check_packet_id_persist_flush(struct context *c) -{ - if (packet_id_persist_enabled(&c->c1.pid_persist) - && event_timeout_trigger(&c->c2.packet_id_persist_interval, &c->c2.timeval, ETT_DEFAULT)) - { - packet_id_persist_save(&c->c1.pid_persist); - } -} -#endif - -/* - * Set our wakeup to 0 seconds, so we will be rescheduled - * immediately. - */ -static inline void -context_immediate_reschedule(struct context *c) -{ - c->c2.timeval.tv_sec = 0; /* ZERO-TIMEOUT */ - c->c2.timeval.tv_usec = 0; -} - -static inline void -context_reschedule_sec(struct context *c, int sec) -{ - if (sec < 0) - { - sec = 0; - } - if (sec < c->c2.timeval.tv_sec) - { - c->c2.timeval.tv_sec = sec; - c->c2.timeval.tv_usec = 0; - } -} - -static inline struct link_socket_info * -get_link_socket_info(struct context *c) -{ - if (c->c2.link_socket_info) - { - return c->c2.link_socket_info; - } - else - { - return &c->c2.link_socket->info; - } -} - -static inline void -register_activity(struct context *c, const int size) -{ - if (c->options.inactivity_timeout) - { - c->c2.inactivity_bytes += size; - if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes) - { - c->c2.inactivity_bytes = 0; - event_timeout_reset(&c->c2.inactivity_interval); - } - } -} - -/* - * Return the io_wait() flags appropriate for - * a point-to-point tunnel. - */ -static inline unsigned int -p2p_iow_flags(const struct context *c) -{ - unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL); - if (c->c2.to_link.len > 0) - { - flags |= IOW_TO_LINK; - } - if (c->c2.to_tun.len > 0) - { - flags |= IOW_TO_TUN; - } - return flags; -} - -/* - * This is the core I/O wait function, used for all I/O waits except - * for TCP in server mode. - */ -static inline void -io_wait(struct context *c, const unsigned int flags) -{ - void io_wait_dowork(struct context *c, const unsigned int flags); - - if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF))) - { - /* fast path -- only for TUN/TAP/UDP writes */ - unsigned int ret = 0; - if (flags & IOW_TO_TUN) - { - ret |= TUN_WRITE; - } - if (flags & (IOW_TO_LINK|IOW_MBUF)) - { - ret |= SOCKET_WRITE; - } - c->c2.event_set_status = ret; - } - else - { - /* slow path */ - io_wait_dowork(c, flags); - } -} - -#define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established) - -#endif /* EVENT_INLINE_H */ diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 1b7455bb..79200829 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -35,6 +35,9 @@ #include "gremlin.h" #include "mss.h" #include "event.h" +#include "occ.h" +#include "pf.h" +#include "ping.h" #include "ps.h" #include "dhcp.h" #include "common.h" @@ -42,9 +45,6 @@ #include "memdbg.h" -#include "forward-inline.h" -#include "occ-inline.h" -#include "ping-inline.h" #include "mstats.h" counter_type link_read_bytes_global; /* GLOBAL */ diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index 9fde5a30..0b7f1250 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -31,9 +31,8 @@ #ifndef FORWARD_H #define FORWARD_H -#include "openvpn.h" -#include "occ.h" -#include "ping.h" +/* the following macros must be defined before including any other header + * file */ #define TUN_OUT(c) (BLEN(&(c)->c2.to_tun) > 0) #define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0) @@ -47,6 +46,10 @@ #define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c)) +#include "openvpn.h" +#include "occ.h" +#include "ping.h" + #define IOW_TO_TUN (1<<0) #define IOW_TO_LINK (1<<1) #define IOW_READ_TUN (1<<2) @@ -262,4 +265,314 @@ void schedule_exit(struct context *c, const int n_seconds, const int signal); #endif +/* + * Does TLS session need service? + */ +static inline void +check_tls(struct context *c) +{ +#if defined(ENABLE_CRYPTO) + void check_tls_dowork(struct context *c); + + if (c->c2.tls_multi) + { + check_tls_dowork(c); + } +#endif +} + +/* + * TLS errors are fatal in TCP mode. + * Also check for --tls-exit trigger. + */ +static inline void +check_tls_errors(struct context *c) +{ +#if defined(ENABLE_CRYPTO) + void check_tls_errors_co(struct context *c); + + void check_tls_errors_nco(struct context *c); + + if (c->c2.tls_multi && c->c2.tls_exit_signal) + { + if (link_socket_connection_oriented(c->c2.link_socket)) + { + if (c->c2.tls_multi->n_soft_errors) + { + check_tls_errors_co(c); + } + } + else + { + if (c->c2.tls_multi->n_hard_errors) + { + check_tls_errors_nco(c); + } + } + } +#endif /* if defined(ENABLE_CRYPTO) */ +} + +/* + * Check for possible incoming configuration + * messages on the control channel. + */ +static inline void +check_incoming_control_channel(struct context *c) +{ +#if P2MP + void check_incoming_control_channel_dowork(struct context *c); + + if (tls_test_payload_len(c->c2.tls_multi) > 0) + { + check_incoming_control_channel_dowork(c); + } +#endif +} + +/* + * Options like --up-delay need to be triggered by this function which + * checks for connection establishment. + */ +static inline void +check_connection_established(struct context *c) +{ + void check_connection_established_dowork(struct context *c); + + if (event_timeout_defined(&c->c2.wait_for_connect)) + { + check_connection_established_dowork(c); + } +} + +/* + * Should we add routes? + */ +static inline void +check_add_routes(struct context *c) +{ + void check_add_routes_dowork(struct context *c); + + if (event_timeout_trigger(&c->c2.route_wakeup, &c->c2.timeval, ETT_DEFAULT)) + { + check_add_routes_dowork(c); + } +} + +/* + * Should we exit due to inactivity timeout? + */ +static inline void +check_inactivity_timeout(struct context *c) +{ + void check_inactivity_timeout_dowork(struct context *c); + + if (c->options.inactivity_timeout + && event_timeout_trigger(&c->c2.inactivity_interval, &c->c2.timeval, ETT_DEFAULT)) + { + check_inactivity_timeout_dowork(c); + } +} + +#if P2MP + +static inline void +check_server_poll_timeout(struct context *c) +{ + void check_server_poll_timeout_dowork(struct context *c); + + if (c->options.ce.connect_timeout + && event_timeout_trigger(&c->c2.server_poll_interval, &c->c2.timeval, ETT_DEFAULT)) + { + check_server_poll_timeout_dowork(c); + } +} + +/* + * Scheduled exit? + */ +static inline void +check_scheduled_exit(struct context *c) +{ + void check_scheduled_exit_dowork(struct context *c); + + if (event_timeout_defined(&c->c2.scheduled_exit)) + { + if (event_timeout_trigger(&c->c2.scheduled_exit, &c->c2.timeval, ETT_DEFAULT)) + { + check_scheduled_exit_dowork(c); + } + } +} +#endif /* if P2MP */ + +/* + * Should we write timer-triggered status file. + */ +static inline void +check_status_file(struct context *c) +{ + void check_status_file_dowork(struct context *c); + + if (c->c1.status_output) + { + if (status_trigger_tv(c->c1.status_output, &c->c2.timeval)) + { + check_status_file_dowork(c); + } + } +} + +#ifdef ENABLE_FRAGMENT +/* + * Should we deliver a datagram fragment to remote? + */ +static inline void +check_fragment(struct context *c) +{ + void check_fragment_dowork(struct context *c); + + if (c->c2.fragment) + { + check_fragment_dowork(c); + } +} +#endif + +#if P2MP + +/* + * see if we should send a push_request in response to --pull + */ +static inline void +check_push_request(struct context *c) +{ + void check_push_request_dowork(struct context *c); + + if (event_timeout_trigger(&c->c2.push_request_interval, &c->c2.timeval, ETT_DEFAULT)) + { + check_push_request_dowork(c); + } +} + +#endif + +#ifdef ENABLE_CRYPTO +/* + * Should we persist our anti-replay packet ID state to disk? + */ +static inline void +check_packet_id_persist_flush(struct context *c) +{ + if (packet_id_persist_enabled(&c->c1.pid_persist) + && event_timeout_trigger(&c->c2.packet_id_persist_interval, &c->c2.timeval, ETT_DEFAULT)) + { + packet_id_persist_save(&c->c1.pid_persist); + } +} +#endif + +/* + * Set our wakeup to 0 seconds, so we will be rescheduled + * immediately. + */ +static inline void +context_immediate_reschedule(struct context *c) +{ + c->c2.timeval.tv_sec = 0; /* ZERO-TIMEOUT */ + c->c2.timeval.tv_usec = 0; +} + +static inline void +context_reschedule_sec(struct context *c, int sec) +{ + if (sec < 0) + { + sec = 0; + } + if (sec < c->c2.timeval.tv_sec) + { + c->c2.timeval.tv_sec = sec; + c->c2.timeval.tv_usec = 0; + } +} + +static inline struct link_socket_info * +get_link_socket_info(struct context *c) +{ + if (c->c2.link_socket_info) + { + return c->c2.link_socket_info; + } + else + { + return &c->c2.link_socket->info; + } +} + +static inline void +register_activity(struct context *c, const int size) +{ + if (c->options.inactivity_timeout) + { + c->c2.inactivity_bytes += size; + if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes) + { + c->c2.inactivity_bytes = 0; + event_timeout_reset(&c->c2.inactivity_interval); + } + } +} + +/* + * Return the io_wait() flags appropriate for + * a point-to-point tunnel. + */ +static inline unsigned int +p2p_iow_flags(const struct context *c) +{ + unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL); + if (c->c2.to_link.len > 0) + { + flags |= IOW_TO_LINK; + } + if (c->c2.to_tun.len > 0) + { + flags |= IOW_TO_TUN; + } + return flags; +} + +/* + * This is the core I/O wait function, used for all I/O waits except + * for TCP in server mode. + */ +static inline void +io_wait(struct context *c, const unsigned int flags) +{ + void io_wait_dowork(struct context *c, const unsigned int flags); + + if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF))) + { + /* fast path -- only for TUN/TAP/UDP writes */ + unsigned int ret = 0; + if (flags & IOW_TO_TUN) + { + ret |= TUN_WRITE; + } + if (flags & (IOW_TO_LINK|IOW_MBUF)) + { + ret |= SOCKET_WRITE; + } + c->c2.event_set_status = ret; + } + else + { + /* slow path */ + io_wait_dowork(c, flags); + } +} + +#define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established) + #endif /* FORWARD_H */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 1ed2c55e..2e34f547 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -41,6 +41,7 @@ #include "otime.h" #include "pool.h" #include "gremlin.h" +#include "occ.h" #include "pkcs11.h" #include "ps.h" #include "lladdr.h" @@ -48,11 +49,10 @@ #include "mstats.h" #include "ssl_verify.h" #include "tls_crypt.h" -#include "forward-inline.h" +#include "forward.h" #include "memdbg.h" -#include "occ-inline.h" static struct context *static_context; /* GLOBAL */ diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c index 3cb52113..015d6b89 100644 --- a/src/openvpn/mtcp.c +++ b/src/openvpn/mtcp.c @@ -32,7 +32,7 @@ #if P2MP_SERVER #include "multi.h" -#include "forward-inline.h" +#include "forward.h" #include "memdbg.h" diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index eb28ca2b..a4cd6bf8 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -33,7 +33,7 @@ #include "multi.h" #include -#include "forward-inline.h" +#include "forward.h" #include "memdbg.h" diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 5c2c8e69..a97eed6e 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -36,10 +36,12 @@ #if P2MP_SERVER +#include "forward.h" #include "multi.h" #include "push.h" #include "misc.h" #include "otime.h" +#include "pf.h" #include "gremlin.h" #include "mstats.h" #include "ssl_verify.h" @@ -47,8 +49,6 @@ #include "memdbg.h" -#include "forward-inline.h" -#include "pf-inline.h" /*#define MULTI_DEBUG_EVENT_LOOP*/ diff --git a/src/openvpn/occ-inline.h b/src/openvpn/occ-inline.h deleted file mode 100644 index 0fa8e5ba..00000000 --- a/src/openvpn/occ-inline.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef OCC_INLINE_H -#define OCC_INLINE_H - -#ifdef ENABLE_OCC - -/* - * Inline functions - */ - -static inline int -occ_reset_op(void) -{ - return -1; -} - -/* - * Should we send an OCC_REQUEST message? - */ -static inline void -check_send_occ_req(struct context *c) -{ - void check_send_occ_req_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.occ_interval) - && event_timeout_trigger(&c->c2.occ_interval, - &c->c2.timeval, - (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) - { - check_send_occ_req_dowork(c); - } -} - -/* - * Should we send an MTU load test? - */ -static inline void -check_send_occ_load_test(struct context *c) -{ - void check_send_occ_load_test_dowork(struct context *c); - - if (event_timeout_defined(&c->c2.occ_mtu_load_test_interval) - && event_timeout_trigger(&c->c2.occ_mtu_load_test_interval, - &c->c2.timeval, - (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) - { - check_send_occ_load_test_dowork(c); - } -} - -/* - * Should we send an OCC message? - */ -static inline void -check_send_occ_msg(struct context *c) -{ - void check_send_occ_msg_dowork(struct context *c); - - if (c->c2.occ_op >= 0) - { - if (!TO_LINK_DEF(c)) - { - check_send_occ_msg_dowork(c); - } - else - { - tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */ - } - } -} - -#endif /* ifdef ENABLE_OCC */ -#endif /* ifndef OCC_INLINE_H */ diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c index 40f7e768..5bec2b15 100644 --- a/src/openvpn/occ.c +++ b/src/openvpn/occ.c @@ -32,11 +32,9 @@ #ifdef ENABLE_OCC #include "occ.h" - +#include "forward.h" #include "memdbg.h" -#include "forward-inline.h" -#include "occ-inline.h" /* * This random string identifies an OpenVPN diff --git a/src/openvpn/occ.h b/src/openvpn/occ.h index 12d7bc57..369ebac4 100644 --- a/src/openvpn/occ.h +++ b/src/openvpn/occ.h @@ -90,5 +90,66 @@ is_occ_msg(const struct buffer *buf) void process_received_occ_msg(struct context *c); +static inline int +occ_reset_op(void) +{ + return -1; +} + +/* + * Should we send an OCC_REQUEST message? + */ +static inline void +check_send_occ_req(struct context *c) +{ + void check_send_occ_req_dowork(struct context *c); + + if (event_timeout_defined(&c->c2.occ_interval) + && event_timeout_trigger(&c->c2.occ_interval, + &c->c2.timeval, + (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) + { + check_send_occ_req_dowork(c); + } +} + +/* + * Should we send an MTU load test? + */ +static inline void +check_send_occ_load_test(struct context *c) +{ + void check_send_occ_load_test_dowork(struct context *c); + + if (event_timeout_defined(&c->c2.occ_mtu_load_test_interval) + && event_timeout_trigger(&c->c2.occ_mtu_load_test_interval, + &c->c2.timeval, + (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) + { + check_send_occ_load_test_dowork(c); + } +} + +/* + * Should we send an OCC message? + */ +static inline void +check_send_occ_msg(struct context *c) +{ + void check_send_occ_msg_dowork(struct context *c); + + if (c->c2.occ_op >= 0) + { + if (!TO_LINK_DEF(c)) + { + check_send_occ_msg_dowork(c); + } + else + { + tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */ + } + } +} + #endif /* ifdef ENABLE_OCC */ #endif /* ifndef OCC_H */ diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index e237ee50..d25bc093 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -37,8 +37,6 @@ #include "memdbg.h" -#include "forward-inline.h" - #define P2P_CHECK_SIG() EVENT_LOOP_CHECK_SIGNAL(c, process_signal_p2p, c); static bool diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 9262e68b..a7e133d9 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -42,10 +42,10 @@ #include "sig.h" #include "misc.h" #include "mbuf.h" +#include "pf.h" #include "pool.h" #include "plugin.h" #include "manage.h" -#include "pf.h" /* * Our global key schedules, packaged thusly diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index d1c0fdec..30cceb34 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -193,7 +193,6 @@ - @@ -217,16 +216,13 @@ - - - diff --git a/src/openvpn/openvpn.vcxproj.filters b/src/openvpn/openvpn.vcxproj.filters index 30df5ec2..4152236d 100644 --- a/src/openvpn/openvpn.vcxproj.filters +++ b/src/openvpn/openvpn.vcxproj.filters @@ -284,9 +284,6 @@ Header Files - - Header Files - Header Files @@ -356,9 +353,6 @@ Header Files - - Header Files - Header Files @@ -377,15 +371,9 @@ Header Files - - Header Files - Header Files - - Header Files - Header Files diff --git a/src/openvpn/pf-inline.h b/src/openvpn/pf-inline.h deleted file mode 100644 index 3ba90ccf..00000000 --- a/src/openvpn/pf-inline.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#if defined(ENABLE_PF) && !defined(PF_INLINE_H) -#define PF_INLINE_H - -/* - * Inline functions - */ - -#define PCT_SRC 1 -#define PCT_DEST 2 -static inline bool -pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src, - const struct pf_context *dest_pf, const struct tls_multi *dest, - const char *prefix) -{ - bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix); - - return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix)) - && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC, - prefix)); -} - -static inline bool -pf_addr_test(const struct pf_context *src_pf, const struct context *src, - const struct mroute_addr *dest, const char *prefix) -{ - bool pf_addr_test_dowork(const struct context *src, const struct mroute_addr *dest, const char *prefix); - - if (src_pf->enabled) - { - return pf_addr_test_dowork(src, dest, prefix); - } - else - { - return true; - } -} - -static inline bool -pf_kill_test(const struct pf_set *pfs) -{ - return pfs->kill; -} - -#endif /* if defined(ENABLE_PF) && !defined(PF_INLINE_H) */ diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c index 5cb002bf..12eeb2d0 100644 --- a/src/openvpn/pf.c +++ b/src/openvpn/pf.c @@ -35,9 +35,9 @@ #include "init.h" #include "memdbg.h" +#include "pf.h" #include "ssl_verify.h" -#include "pf-inline.h" static void pf_destroy(struct pf_set *pfs) diff --git a/src/openvpn/pf.h b/src/openvpn/pf.h index 414c85b8..a53ea7e4 100644 --- a/src/openvpn/pf.h +++ b/src/openvpn/pf.h @@ -31,6 +31,9 @@ #define PF_MAX_LINE_LEN 256 +#define PCT_SRC 1 +#define PCT_DEST 2 + struct context; struct ipv4_subnet { @@ -101,4 +104,40 @@ void pf_context_print(const struct pf_context *pfc, const char *prefix, const in #endif +bool pf_addr_test_dowork(const struct context *src, + const struct mroute_addr *dest, const char *prefix); + +static inline bool +pf_addr_test(const struct pf_context *src_pf, const struct context *src, + const struct mroute_addr *dest, const char *prefix) +{ + if (src_pf->enabled) + { + return pf_addr_test_dowork(src, dest, prefix); + } + else + { + return true; + } +} + +bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, + const char *prefix); + +static inline bool +pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src, + const struct pf_context *dest_pf, const struct tls_multi *dest, + const char *prefix) +{ + return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix)) + && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC, + prefix)); +} + +static inline bool +pf_kill_test(const struct pf_set *pfs) +{ + return pfs->kill; +} + #endif /* if defined(ENABLE_PF) && !defined(OPENVPN_PF_H) */ diff --git a/src/openvpn/ping-inline.h b/src/openvpn/ping-inline.h deleted file mode 100644 index 0642b851..00000000 --- a/src/openvpn/ping-inline.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef PING_INLINE_H -#define PING_INLINE_H - -/* - * Should we exit or restart due to ping (or other authenticated packet) - * not received in n seconds? - */ -static inline void -check_ping_restart(struct context *c) -{ - void check_ping_restart_dowork(struct context *c); - - if (c->options.ping_rec_timeout - && event_timeout_trigger(&c->c2.ping_rec_interval, - &c->c2.timeval, - (!c->options.ping_timer_remote - || link_socket_actual_defined(&c->c1.link_socket_addr.actual)) - ? ETT_DEFAULT : 15)) - { - check_ping_restart_dowork(c); - } -} - -/* - * Should we ping the remote? - */ -static inline void -check_ping_send(struct context *c) -{ - void check_ping_send_dowork(struct context *c); - - if (c->options.ping_send_timeout - && event_timeout_trigger(&c->c2.ping_send_interval, - &c->c2.timeval, - !TO_LINK_DEF(c) ? ETT_DEFAULT : 1)) - { - check_ping_send_dowork(c); - } -} - -#endif /* ifndef PING_INLINE_H */ diff --git a/src/openvpn/ping.c b/src/openvpn/ping.c index 728d6c2a..10cd5a5e 100644 --- a/src/openvpn/ping.c +++ b/src/openvpn/ping.c @@ -33,7 +33,6 @@ #include "memdbg.h" -#include "ping-inline.h" /* * This random string identifies an OpenVPN ping packet. diff --git a/src/openvpn/ping.h b/src/openvpn/ping.h index 5bd5c089..9c5ef8e1 100644 --- a/src/openvpn/ping.h +++ b/src/openvpn/ping.h @@ -43,4 +43,41 @@ is_ping_msg(const struct buffer *buf) return buf_string_match(buf, ping_string, PING_STRING_SIZE); } +/* + * Should we exit or restart due to ping (or other authenticated packet) + * not received in n seconds? + */ +static inline void +check_ping_restart(struct context *c) +{ + void check_ping_restart_dowork(struct context *c); + + if (c->options.ping_rec_timeout + && event_timeout_trigger(&c->c2.ping_rec_interval, + &c->c2.timeval, + (!c->options.ping_timer_remote + || link_socket_actual_defined(&c->c1.link_socket_addr.actual)) + ? ETT_DEFAULT : 15)) + { + check_ping_restart_dowork(c); + } +} + +/* + * Should we ping the remote? + */ +static inline void +check_ping_send(struct context *c) +{ + void check_ping_send_dowork(struct context *c); + + if (c->options.ping_send_timeout + && event_timeout_trigger(&c->c2.ping_send_interval, + &c->c2.timeval, + !TO_LINK_DEF(c) ? ETT_DEFAULT : 1)) + { + check_ping_send_dowork(c); + } +} + #endif From patchwork Sat Nov 11 05:18:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 67 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director3.mail.ord1d.rsapps.net ([172.28.255.1]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id uz6PBiwjB1rJEgAAgoeIoA for ; Sat, 11 Nov 2017 11:19:56 -0500 Received: from director8.mail.ord1c.rsapps.net ([172.28.255.1]) by director3.mail.ord1d.rsapps.net (Dovecot) with LMTP id iwdbBiwjB1oNKwAAkXNnRw ; Sat, 11 Nov 2017 11:19:56 -0500 Received: from smtp18.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director8.mail.ord1c.rsapps.net (Dovecot) with LMTP id EJQyBiwjB1peQwAAPBwpBw ; Sat, 11 Nov 2017 11:19:56 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp18.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Classification-ID: 278c0cca-c6fc-11e7-9061-bc305bf00c68-1-1 Received: from [216.34.181.88] ([216.34.181.88:17886] helo=lists.sourceforge.net) by smtp18.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 25/A6-22124-B23270A5; Sat, 11 Nov 2017 11:19:55 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eDYVD-0003uj-I7; Sat, 11 Nov 2017 16:19:27 +0000 Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eDYVC-0003ud-C0 for openvpn-devel@lists.sourceforge.net; Sat, 11 Nov 2017 16:19:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+gVqPBhM7c8QbP0aQCYIIt5kdoQ2kD0pu1blUgD/NZo=; b=MOL41y8+tzdvSo0+ihtTuPW85z 37mNIMAZvrMfJPHc7r3het7gU3vZAjxnL2VGKOfBlDNAY2faINv+sRwsFhEBVxWTsdUIiVCrWPrqI Gq8WtxAM2glKXMNVZQ27VOuIAReLQqV6y4lCNA1no5Lf0mS0lCswWH7Kvr8VGg2Ty+I4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+gVqPBhM7c8QbP0aQCYIIt5kdoQ2kD0pu1blUgD/NZo=; b=JlCOtk0soc1Do7yApZnzg7XCxF n+fe6tmgQlSK40jmelEV8ZyLh0zwL46+9ZPdW1ZbP37Hg8ivW6N9zgFYHG6JkPvEPqLKxPQUjfjzm 8tGZEloxZvX9EiTgkQtFv6DX+wfsCrfvzXyTWv8RNiADzxGfI1ChlkIcN7ZldCT/a46g=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-2.v28.ch3.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) id 1eDYVA-0004Dl-Qe for openvpn-devel@lists.sourceforge.net; Sat, 11 Nov 2017 16:19:26 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Sun, 12 Nov 2017 00:18:36 +0800 Message-Id: <20171111161836.23356-3-a@unstable.cc> In-Reply-To: <20171111161836.23356-1-a@unstable.cc> References: <20171111161836.23356-1-a@unstable.cc> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [5.148.176.60 listed in list.dnswl.org] 0.2 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1eDYVA-0004Dl-Qe Subject: [Openvpn-devel] [PATCH v5 3/3] ensure function declarations are compiled with their definitions X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli Function prototypes should be included when compiling their definitions so that it is clear to compilers and static analyzers that they are not static. This means that several declarations have to be moved to the related header files which in turn have to be included by the source files implementing them. Generally speaking this also improves the coding style and makes this code more consistent with the rest that already follows this rule. Cc: Steffan Karger Signed-off-by: Antonio Quartulli Reviewed-by: Steffan Karger Acked-by: Steffan Karger --- v4: rebased and erroneous conflict markers removed v5: no change src/openvpn/crypto.h | 8 ++++++++ src/openvpn/error.c | 8 +------- src/openvpn/forward.h | 35 +++++++++++++++++++++++++++++++++++ src/openvpn/fragment.c | 1 + src/openvpn/gremlin.c | 1 + src/openvpn/init.h | 2 ++ src/openvpn/lladdr.c | 1 + src/openvpn/manage.h | 10 +++++----- src/openvpn/mbuf.h | 4 ++-- src/openvpn/misc.h | 8 -------- src/openvpn/mroute.h | 20 ++++++++++---------- src/openvpn/multi.h | 7 +++---- src/openvpn/occ.h | 16 ++++++++++------ src/openvpn/pf.h | 7 +++++++ src/openvpn/ping.h | 4 ++++ src/openvpn/plugin.h | 2 ++ src/openvpn/socket.h | 13 +++++++------ 17 files changed, 99 insertions(+), 48 deletions(-) diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 6d60ef8c..c489ef1e 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -459,6 +459,9 @@ void prng_bytes(uint8_t *output, int len); void prng_uninit(void); +/* an analogue to the random() function, but use prng_bytes */ +long int get_random(void); + void test_crypto(struct crypto_options *co, struct frame *f); @@ -514,5 +517,10 @@ key_ctx_bi_defined(const struct key_ctx_bi *key) } +#else + +/* use plain random is no crypto support is compiled */ +#define get_random random + #endif /* ENABLE_CRYPTO */ #endif /* CRYPTO_H */ diff --git a/src/openvpn/error.c b/src/openvpn/error.c index 26455455..33806e44 100644 --- a/src/openvpn/error.c +++ b/src/openvpn/error.c @@ -31,6 +31,7 @@ #include "error.h" #include "buffer.h" +#include "init.h" #include "misc.h" #include "win32.h" #include "socket.h" @@ -734,13 +735,6 @@ openvpn_exit(const int status) { if (!forked) { - void tun_abort(); - -#ifdef ENABLE_PLUGIN - void plugin_abort(void); - -#endif - tun_abort(); #ifdef _WIN32 diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index 0b7f1250..248c941e 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -63,6 +63,41 @@ #define IOW_READ (IOW_READ_TUN|IOW_READ_LINK) +extern counter_type link_read_bytes_global; + +extern counter_type link_write_bytes_global; + +#ifdef ENABLE_CRYPTO +void check_tls_dowork(struct context *c); + +void check_tls_errors_co(struct context *c); + +void check_tls_errors_nco(struct context *c); +#endif /* ENABLE_CRYPTO */ + +#if P2MP +void check_incoming_control_channel_dowork(struct context *c); + +void check_scheduled_exit_dowork(struct context *c); + +void check_push_request_dowork(struct context *c); +#endif /* P2MP */ + +#ifdef ENABLE_FRAGMENT +void check_fragment_dowork(struct context *c); +#endif /* ENABLE_FRAGMENT */ + +void check_connection_established_dowork(struct context *c); + +void check_add_routes_dowork(struct context *c); + +void check_inactivity_timeout_dowork(struct context *c); + +void check_server_poll_timeout_dowork(struct context *c); + +void check_status_file_dowork(struct context *c); + +void io_wait_dowork(struct context *c, const unsigned int flags); void pre_select(struct context *c); diff --git a/src/openvpn/fragment.c b/src/openvpn/fragment.c index 84f01214..36588060 100644 --- a/src/openvpn/fragment.c +++ b/src/openvpn/fragment.c @@ -31,6 +31,7 @@ #ifdef ENABLE_FRAGMENT +#include "crypto.h" #include "misc.h" #include "fragment.h" #include "integer.h" diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c index e85ce9cf..dca506a9 100644 --- a/src/openvpn/gremlin.c +++ b/src/openvpn/gremlin.c @@ -38,6 +38,7 @@ #include "error.h" #include "common.h" +#include "crypto.h" #include "misc.h" #include "otime.h" #include "gremlin.h" diff --git a/src/openvpn/init.h b/src/openvpn/init.h index 15feb677..b681cd9d 100644 --- a/src/openvpn/init.h +++ b/src/openvpn/init.h @@ -140,4 +140,6 @@ void open_plugins(struct context *c, const bool import_options, int init_point); #endif +void tun_abort(void); + #endif /* ifndef INIT_H */ diff --git a/src/openvpn/lladdr.c b/src/openvpn/lladdr.c index ff71e48c..ea35e4d9 100644 --- a/src/openvpn/lladdr.c +++ b/src/openvpn/lladdr.c @@ -11,6 +11,7 @@ #include "syshead.h" #include "error.h" #include "misc.h" +#include "lladdr.h" int set_lladdr(const char *ifname, const char *lladdr, diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index 676be640..23339ee7 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -583,17 +583,17 @@ management_bytes_in(struct management *man, const int size) #ifdef MANAGEMENT_DEF_AUTH +void man_bytecount_output_server(struct management *man, + const counter_type *bytes_in_total, + const counter_type *bytes_out_total, + struct man_def_auth_context *mdac); + static inline void management_bytes_server(struct management *man, const counter_type *bytes_in_total, const counter_type *bytes_out_total, struct man_def_auth_context *mdac) { - void man_bytecount_output_server(struct management *man, - const counter_type *bytes_in_total, - const counter_type *bytes_out_total, - struct man_def_auth_context *mdac); - if (man->connection.bytecount_update_seconds > 0 && now >= mdac->bytecount_last_update + man->connection.bytecount_update_seconds && (mdac->flags & (DAF_CONNECTION_ESTABLISHED|DAF_CONNECTION_CLOSED)) == DAF_CONNECTION_ESTABLISHED) diff --git a/src/openvpn/mbuf.h b/src/openvpn/mbuf.h index e0643de1..1c35432f 100644 --- a/src/openvpn/mbuf.h +++ b/src/openvpn/mbuf.h @@ -96,11 +96,11 @@ mbuf_maximum_queued(const struct mbuf_set *ms) return (int) ms->max_queued; } +struct multi_instance *mbuf_peek_dowork(struct mbuf_set *ms); + static inline struct multi_instance * mbuf_peek(struct mbuf_set *ms) { - struct multi_instance *mbuf_peek_dowork(struct mbuf_set *ms); - if (mbuf_defined(ms)) { return mbuf_peek_dowork(ms); diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h index f6c810a2..2c405f42 100644 --- a/src/openvpn/misc.h +++ b/src/openvpn/misc.h @@ -142,14 +142,6 @@ const char **make_arg_array(const char *first, const char *parms, struct gc_aren const char **make_extended_arg_array(char **p, struct gc_arena *gc); -/* an analogue to the random() function, but use OpenSSL functions if available */ -#ifdef ENABLE_CRYPTO -long int get_random(void); - -#else -#define get_random random -#endif - /* return true if filename can be opened for read */ bool test_file(const char *filename); diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h index 35361fbd..fc37211c 100644 --- a/src/openvpn/mroute.h +++ b/src/openvpn/mroute.h @@ -169,6 +169,16 @@ void mroute_helper_add_iroute46(struct mroute_helper *mh, int netbits); void mroute_helper_del_iroute46(struct mroute_helper *mh, int netbits); +unsigned int mroute_extract_addr_ip(struct mroute_addr *src, + struct mroute_addr *dest, + const struct buffer *buf); + +unsigned int mroute_extract_addr_ether(struct mroute_addr *src, + struct mroute_addr *dest, + struct mroute_addr *esrc, + struct mroute_addr *edest, + const struct buffer *buf); + /* * Given a raw packet in buf, return the src and dest * addresses of the packet. @@ -181,16 +191,6 @@ mroute_extract_addr_from_packet(struct mroute_addr *src, const struct buffer *buf, int tunnel_type) { - unsigned int mroute_extract_addr_ip(struct mroute_addr *src, - struct mroute_addr *dest, - const struct buffer *buf); - - unsigned int mroute_extract_addr_ether(struct mroute_addr *src, - struct mroute_addr *dest, - struct mroute_addr *esrc, - struct mroute_addr *edest, - const struct buffer *buf); - unsigned int ret = 0; verify_align_4(buf); if (tunnel_type == DEV_TYPE_TUN) diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index 63afbaf0..5892ac07 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -536,11 +536,12 @@ clear_prefix(void) */ #define MULTI_CACHE_ROUTE_TTL 60 +void multi_reap_process_dowork(const struct multi_context *m); +void multi_process_per_second_timers_dowork(struct multi_context *m); + static inline void multi_reap_process(const struct multi_context *m) { - void multi_reap_process_dowork(const struct multi_context *m); - if (m->reaper->last_call != now) { multi_reap_process_dowork(m); @@ -552,8 +553,6 @@ multi_process_per_second_timers(struct multi_context *m) { if (m->per_second_trigger != now) { - void multi_process_per_second_timers_dowork(struct multi_context *m); - multi_process_per_second_timers_dowork(m); m->per_second_trigger = now; } diff --git a/src/openvpn/occ.h b/src/openvpn/occ.h index 369ebac4..bfb08562 100644 --- a/src/openvpn/occ.h +++ b/src/openvpn/occ.h @@ -90,6 +90,16 @@ is_occ_msg(const struct buffer *buf) void process_received_occ_msg(struct context *c); +void check_send_occ_req_dowork(struct context *c); + +void check_send_occ_load_test_dowork(struct context *c); + +void check_send_occ_msg_dowork(struct context *c); + +/* + * Inline functions + */ + static inline int occ_reset_op(void) { @@ -102,8 +112,6 @@ occ_reset_op(void) static inline void check_send_occ_req(struct context *c) { - void check_send_occ_req_dowork(struct context *c); - if (event_timeout_defined(&c->c2.occ_interval) && event_timeout_trigger(&c->c2.occ_interval, &c->c2.timeval, @@ -119,8 +127,6 @@ check_send_occ_req(struct context *c) static inline void check_send_occ_load_test(struct context *c) { - void check_send_occ_load_test_dowork(struct context *c); - if (event_timeout_defined(&c->c2.occ_mtu_load_test_interval) && event_timeout_trigger(&c->c2.occ_mtu_load_test_interval, &c->c2.timeval, @@ -136,8 +142,6 @@ check_send_occ_load_test(struct context *c) static inline void check_send_occ_msg(struct context *c) { - void check_send_occ_msg_dowork(struct context *c); - if (c->c2.occ_op >= 0) { if (!TO_LINK_DEF(c)) diff --git a/src/openvpn/pf.h b/src/openvpn/pf.h index a53ea7e4..42fbc26e 100644 --- a/src/openvpn/pf.h +++ b/src/openvpn/pf.h @@ -121,6 +121,13 @@ pf_addr_test(const struct pf_context *src_pf, const struct context *src, } } +/* + * Inline functions + */ + +#define PCT_SRC 1 +#define PCT_DEST 2 + bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix); diff --git a/src/openvpn/ping.h b/src/openvpn/ping.h index 9c5ef8e1..ff2eb939 100644 --- a/src/openvpn/ping.h +++ b/src/openvpn/ping.h @@ -43,6 +43,10 @@ is_ping_msg(const struct buffer *buf) return buf_string_match(buf, ping_string, PING_STRING_SIZE); } +void check_ping_restart_dowork(struct context *c); + +void check_ping_send_dowork(struct context *c); + /* * Should we exit or restart due to ping (or other authenticated packet) * not received in n seconds? diff --git a/src/openvpn/plugin.h b/src/openvpn/plugin.h index 0cffee0f..1c98857f 100644 --- a/src/openvpn/plugin.h +++ b/src/openvpn/plugin.h @@ -215,4 +215,6 @@ plugin_call(const struct plugin_list *pl, ); } +void plugin_abort(void); + #endif /* OPENVPN_PLUGIN_H */ diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 2d7f2187..b0fb55e1 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -1009,11 +1009,11 @@ void stream_buf_close(struct stream_buf *sb); bool stream_buf_added(struct stream_buf *sb, int length_added); +bool stream_buf_read_setup_dowork(struct link_socket *sock); + static inline bool stream_buf_read_setup(struct link_socket *sock) { - bool stream_buf_read_setup_dowork(struct link_socket *sock); - if (link_socket_connection_oriented(sock)) { return stream_buf_read_setup_dowork(sock); @@ -1118,16 +1118,17 @@ link_socket_write_win32(struct link_socket *sock, #else /* ifdef _WIN32 */ +size_t link_socket_write_udp_posix_sendmsg(struct link_socket *sock, + struct buffer *buf, + struct link_socket_actual *to); + + static inline size_t link_socket_write_udp_posix(struct link_socket *sock, struct buffer *buf, struct link_socket_actual *to) { #if ENABLE_IP_PKTINFO - size_t link_socket_write_udp_posix_sendmsg(struct link_socket *sock, - struct buffer *buf, - struct link_socket_actual *to); - if (proto_is_udp(sock->info.proto) && (sock->sockflags & SF_USE_IP_PKTINFO) && addr_defined_ipi(to)) {