diff options
author | Parménides GV <parmegv@sdf.org> | 2015-06-04 19:20:15 +0200 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2015-06-04 19:20:15 +0200 |
commit | 27594eeae6f40a402bc3110f06d57975168e74e3 (patch) | |
tree | cdabf6571e6f4ff07205fd6921d8095539a1fcdc /app/openvpn/src/openvpn/mudp.c | |
parent | 8dc4f58d96892fbfd83094fb85b1d17656035290 (diff) |
ics-openvpn as a submodule! beautiful
ics-openvpn is now officially on GitHub, and they track openssl and
openvpn as submodules, so it's easier to update everything. Just a git
submodule update --recursive.
I've also set up soft links to native modules from ics-openvpn in app,
so that we don't copy files in Gradle (which was causing problems with
the submodules .git* files, not being copied). That makes the repo
cleaner.
Diffstat (limited to 'app/openvpn/src/openvpn/mudp.c')
-rw-r--r-- | app/openvpn/src/openvpn/mudp.c | 324 |
1 files changed, 0 insertions, 324 deletions
diff --git a/app/openvpn/src/openvpn/mudp.c b/app/openvpn/src/openvpn/mudp.c deleted file mode 100644 index 3e3f7508..00000000 --- a/app/openvpn/src/openvpn/mudp.c +++ /dev/null @@ -1,324 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#elif defined(_MSC_VER) -#include "config-msvc.h" -#endif - -#include "syshead.h" - -#if P2MP_SERVER - -#include "multi.h" -#include <inttypes.h> -#include "forward-inline.h" - -#include "memdbg.h" - -/* - * Get a client instance based on real address. If - * the instance doesn't exist, create it while - * maintaining real address hash table atomicity. - */ - -struct multi_instance * -multi_get_create_instance_udp (struct multi_context *m, bool *floated) -{ - struct gc_arena gc = gc_new (); - struct mroute_addr real; - struct multi_instance *mi = NULL; - struct hash *hash = m->hash; - - if (mroute_extract_openvpn_sockaddr (&real, &m->top.c2.from.dest, true)) - { - struct hash_element *he; - const uint32_t hv = hash_value (hash, &real); - struct hash_bucket *bucket = hash_bucket (hash, hv); - uint8_t* ptr = BPTR(&m->top.c2.buf); - uint8_t op = ptr[0] >> P_OPCODE_SHIFT; - uint32_t peer_id; - int i; - - /* make sure buffer has enough length to read opcode (1 byte) and peer-id (3 bytes) */ - if (op == P_DATA_V2 && m->top.c2.buf.len >= (1 + 3)) - { - peer_id = ntohl(*(uint32_t*)ptr) & 0xFFFFFF; - if ((peer_id < m->max_clients) && (m->instances[peer_id])) - { - mi = m->instances[peer_id]; - - *floated = !link_socket_actual_match(&mi->context.c2.from, &m->top.c2.from); - - if (*floated) - { - /* reset prefix, since here we are not sure peer is the one it claims to be */ - ungenerate_prefix(mi); - msg (D_MULTI_ERRORS, "Untrusted peer %" PRIu32 " wants to float to %s", peer_id, - mroute_addr_print (&real, &gc)); - } - } - } - else - { - he = hash_lookup_fast (hash, bucket, &real, hv); - if (he) - { - mi = (struct multi_instance *) he->value; - } - } - if (!mi) - { - if (!m->top.c2.tls_auth_standalone - || tls_pre_decrypt_lite (m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf)) - { - if (frequency_limit_event_allowed (m->new_connection_limiter)) - { - mi = multi_create_instance (m, &real); - if (mi) - { - hash_add_fast (hash, bucket, &mi->real, hv, mi); - mi->did_real_hash = true; - - for (i = 0; i < m->max_clients; ++i) - { - if (!m->instances[i]) - { - mi->context.c2.tls_multi->peer_id = i; - m->instances[i] = mi; - break; - } - } - - /* should not really end up here, since multi_create_instance returns null - * if amount of clients exceeds max_clients */ - ASSERT(i < m->max_clients); - } - } - else - { - msg (D_MULTI_ERRORS, - "MULTI: Connection from %s would exceed new connection frequency limit as controlled by --connect-freq", - mroute_addr_print (&real, &gc)); - } - } - } - -#ifdef ENABLE_DEBUG - if (check_debug_level (D_MULTI_DEBUG)) - { - const char *status = mi ? "[ok]" : "[failed]"; - - dmsg (D_MULTI_DEBUG, "GET INST BY REAL: %s %s", - mroute_addr_print (&real, &gc), - status); - } -#endif - } - - gc_free (&gc); - ASSERT (!(mi && mi->halt)); - return mi; -} - -/* - * Send a packet to TCP/UDP socket. - */ -static inline void -multi_process_outgoing_link (struct multi_context *m, const unsigned int mpp_flags) -{ - struct multi_instance *mi = multi_process_outgoing_link_pre (m); - if (mi) - multi_process_outgoing_link_dowork (m, mi, mpp_flags); -} - -/* - * Process an I/O event. - */ -static void -multi_process_io_udp (struct multi_context *m) -{ - const unsigned int status = m->top.c2.event_set_status; - const unsigned int mpp_flags = m->top.c2.fast_io - ? (MPP_CONDITIONAL_PRE_SELECT | MPP_CLOSE_ON_SIGNAL) - : (MPP_PRE_SELECT | MPP_CLOSE_ON_SIGNAL); - -#ifdef MULTI_DEBUG_EVENT_LOOP - char buf[16]; - buf[0] = 0; - if (status & SOCKET_READ) - strcat (buf, "SR/"); - else if (status & SOCKET_WRITE) - strcat (buf, "SW/"); - else if (status & TUN_READ) - strcat (buf, "TR/"); - else if (status & TUN_WRITE) - strcat (buf, "TW/"); - printf ("IO %s\n", buf); -#endif - -#ifdef ENABLE_MANAGEMENT - if (status & (MANAGEMENT_READ|MANAGEMENT_WRITE)) - { - ASSERT (management); - management_io (management); - } -#endif - - /* UDP port ready to accept write */ - if (status & SOCKET_WRITE) - { - multi_process_outgoing_link (m, mpp_flags); - } - /* TUN device ready to accept write */ - else if (status & TUN_WRITE) - { - multi_process_outgoing_tun (m, mpp_flags); - } - /* Incoming data on UDP port */ - else if (status & SOCKET_READ) - { - read_incoming_link (&m->top); - multi_release_io_lock (m); - if (!IS_SIG (&m->top)) - multi_process_incoming_link (m, NULL, mpp_flags); - } - /* Incoming data on TUN device */ - else if (status & TUN_READ) - { - read_incoming_tun (&m->top); - multi_release_io_lock (m); - if (!IS_SIG (&m->top)) - multi_process_incoming_tun (m, mpp_flags); - } -} - -/* - * Return the io_wait() flags appropriate for - * a point-to-multipoint tunnel. - */ -static inline unsigned int -p2mp_iow_flags (const struct multi_context *m) -{ - unsigned int flags = IOW_WAIT_SIGNAL; - if (m->pending) - { - if (TUN_OUT (&m->pending->context)) - flags |= IOW_TO_TUN; - if (LINK_OUT (&m->pending->context)) - flags |= IOW_TO_LINK; - } - else if (mbuf_defined (m->mbuf)) - flags |= IOW_MBUF; - else - flags |= IOW_READ; - - return flags; -} - - -/**************************************************************************/ -/** - * Main event loop for OpenVPN in UDP server mode. - * @ingroup eventloop - * - * This function implements OpenVPN's main event loop for UDP server mode. - * At this time, OpenVPN does not yet support multithreading. This - * function's name is therefore slightly misleading. - * - * @param top - Top-level context structure. - */ -static void -tunnel_server_udp_single_threaded (struct context *top) -{ - struct multi_context multi; - - top->mode = CM_TOP; - context_clear_2 (top); - - /* initialize top-tunnel instance */ - init_instance_handle_signals (top, top->es, CC_HARD_USR1_TO_HUP); - if (IS_SIG (top)) - return; - - /* initialize global multi_context object */ - multi_init (&multi, top, false, MC_SINGLE_THREADED); - - /* initialize our cloned top object */ - multi_top_init (&multi, top, true); - - /* initialize management interface */ - init_management_callback_multi (&multi); - - /* finished with initialization */ - initialization_sequence_completed (top, ISC_SERVER); /* --mode server --proto udp */ - - /* per-packet event loop */ - while (true) - { - perf_push (PERF_EVENT_LOOP); - - /* set up and do the io_wait() */ - multi_get_timeout (&multi, &multi.top.c2.timeval); - io_wait (&multi.top, p2mp_iow_flags (&multi)); - MULTI_CHECK_SIG (&multi); - - /* check on status of coarse timers */ - multi_process_per_second_timers (&multi); - - /* timeout? */ - if (multi.top.c2.event_set_status == ES_TIMEOUT) - { - multi_process_timeout (&multi, MPP_PRE_SELECT|MPP_CLOSE_ON_SIGNAL); - } - else - { - /* process I/O */ - multi_process_io_udp (&multi); - MULTI_CHECK_SIG (&multi); - } - - perf_pop (); - } - - /* shut down management interface */ - uninit_management_callback_multi (&multi); - - /* save ifconfig-pool */ - multi_ifconfig_pool_persist (&multi, true); - - /* tear down tunnel instance (unless --persist-tun) */ - multi_uninit (&multi); - multi_top_free (&multi); - close_instance (top); -} - -void -tunnel_server_udp (struct context *top) -{ - tunnel_server_udp_single_threaded (top); -} - -#endif |