1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file
* Main page documentation file.
*/
/**
* @mainpage OpenVPN source code documentation
*
* This documentation describes the internal structure of OpenVPN. It was
* automatically generated from specially formatted comment blocks in
* OpenVPN's source code using Doxygen. (See
* http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen)
*
* The \ref mainpage_modules "Modules section" below gives an introduction
* into the high-level module concepts used throughout this documentation.
* The \ref mainpage_relatedpages "Related Pages section" below describes
* various special subjects related to OpenVPN's implementation which are
* discussed in the related pages section.
*
* @section mainpage_modules Modules
*
* For the purpose of describing the internal structure of OpenVPN, this
* documentation and the underlying source code has been broken up into a
* number of conceptually well-defined parts, known as modules. Each
* module plays a specific role within the OpenVPN process, and in most
* cases each module has a clear interfacing strategy for interacting with
* other modules.
*
* The following modules have been defined:
* - Driver module:
* - The \link eventloop Main Event Loop\endlink: this module drives the
* event handling of OpenVPN. It implements various types of
* select-loop which wait until an event happens, and then delegate
* the handling of that event to the appropriate module.
* - Network interface modules:
* - The \link external_multiplexer External Multiplexer\endlink: this
* module sends and receives packets to and from remote OpenVPN peers
* over the external network interface. It also takes care of
* demultiplexing received packets to their appropriate VPN tunnel and
* splitting control channel and data channel packets.
* - The \link internal_multiplexer Internal Multiplexer\endlink: this
* module sends and receives packets to and from locally reachable
* posts over the virtual tun/tap network interface. It also takes
* care of determining through which VPN tunnel a received packet must
* be sent to reach its destination.
* - Control channel modules:
* - The \link reliable Reliability Layer\endlink: this module offers a
* %reliable and sequential transport layer for control channel
* messages.
* - The \link control_tls Control Channel TLS module\endlink: this
* module offers a secure encapsulation of control channel messages
* using the TLS protocol.
* - The \link control_processor Control Channel Processor\endlink: his
* module manages the setup, maintenance, and shut down of VPN
* tunnels.
* - Data channel modules:
* - The \link data_control Data Channel Control module\endlink: this
* module controls the processing of data channel packets and,
* depending on the settings of the packet's VPN tunnel, passes the
* packet to the three modules below for handling.
* - The \link data_crypto Data Channel Crypto module\endlink: this
* module performs security operations on data channel packets.
* - The \link fragmentation Data Channel Fragmentation module\endlink:
* this module offers fragmentation of data channel packets larger
* than the VPN tunnel's MTU.
* - The \link compression Data Channel Compression module\endlink: this
* module offers compression of data channel packets.
*
* @subsection mainpage_modules_example Example event: receiving a packet
*
* OpenVPN handles many types of events during operation. These include
* external events, such as network traffic being received, and internal
* events, such as a %key session timing out causing renegotiation. An
* example event, receiving a packet over the network, is described here
* together with which modules play what roles:
* -# The \link eventloop Main Event Loop\endlink detects that a packet
* can be read from the external or the virtual tun/tap network
* interface.
* -# The \link eventloop Main Event Loop\endlink calls the \link
* external_multiplexer External Multiplexer\endlink or \link
* internal_multiplexer Internal Multiplexer\endlink to read and
* process the packet.
* -# The multiplexer module determines the type of packet and its
* destination, and passes the packet on to the appropriate handling
* module:
* - A control channel packet received by the \link
* external_multiplexer External Multiplexer\endlink is passed on
* through the \link reliable Reliability Layer\endlink and the \link
* control_tls Control Channel TLS module\endlink to the \link
* control_processor Control Channel Processor\endlink.
* - A data channel packet received by either multiplexer module is
* passed on to the \link data_control Data Channel Control
* module\endlink.
* -# The packet is processed by the appropriate control channel or data
* channel modules.
* -# If, after processing the packet, a resulting packet is generated
* that needs to be sent to a local or remote destination, it is given
* to the \link external_multiplexer External Multiplexer\endlink or
* \link internal_multiplexer Internal Multiplexer\endlink for sending.
* -# If a packet is waiting to be sent by either multiplexer module and
* the \link eventloop Main Event Loop\endlink detects that data can be
* written to the associated network interface, it calls the
* multiplexer module to send the packet.
*
* @section mainpage_relatedpages Related pages
*
* This documentation includes a number of descriptions of various aspects
* of OpenVPN and its implementation. These are not directly related to
* one module, function, or data structure, and are therefore listed
* separately under "Related Pages".
*
* @subsection mainpage_relatedpages_key_generation Data channel key generation
*
* The @ref key_generation "Data channel key generation" related page
* describes how, during VPN tunnel setup and renegotiation, OpenVPN peers
* generate and exchange the %key material required for the symmetric
* encryption/decryption and HMAC signing/verifying security operations
* performed on data channel packets.
*
* @subsection mainpage_relatedpages_tunnel_state VPN tunnel state
*
* The @ref tunnel_state "Structure of VPN tunnel state storage" related
* page describes how an OpenVPN process manages the state information
* associated with its active VPN tunnels.
*
* @subsection mainpage_relatedpages_network_protocol Network protocol
*
* The @ref network_protocol "Network protocol" related page describes the
* format and content of VPN tunnel packets exchanged between OpenVPN
* peers.
*
* @subsection mainpage_relatedpages_memory_management Memory management
*
* The @ref memory_management "Memory management strategies" related page
* gives a brief introduction into OpenVPN's memory %buffer library and
* garbage collection facilities.
*/
|