]>
Commit | Line | Data |
---|---|---|
e34437c2 AQ |
1 | /* |
2 | * OpenVPN -- An application to securely tunnel IP networks | |
3 | * over a single TCP/UDP port, with support for SSL/TLS-based | |
4 | * session authentication and key exchange, | |
5 | * packet encryption, packet authentication, and | |
6 | * packet compression. | |
7 | * | |
b25c6d7e FL |
8 | * Copyright (C) 2021-2024 Arne Schwabe <arne@rfc2549.org> |
9 | * Copyright (C) 2021-2024 Antonio Quartulli <a@unstable.cc> | |
10 | * Copyright (C) 2021-2024 OpenVPN Inc <sales@openvpn.net> | |
e34437c2 AQ |
11 | * |
12 | * This program is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU General Public License version 2 | |
14 | * as published by the Free Software Foundation. | |
15 | * | |
16 | * This program is distributed in the hope that it will be useful, | |
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | * GNU General Public License for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU General Public License | |
22 | * along with this program (see the file COPYING included with this | |
23 | * distribution); if not, write to the Free Software Foundation, Inc., | |
24 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
25 | */ | |
26 | #ifndef DCO_H | |
27 | #define DCO_H | |
28 | ||
29 | #include "buffer.h" | |
30 | #include "error.h" | |
31 | #include "dco_internal.h" | |
32 | #include "networking.h" | |
33 | ||
34 | /* forward declarations (including other headers leads to nasty include | |
35 | * order problems) | |
36 | */ | |
37 | struct event_set; | |
6a5612fe AQ |
38 | struct key2; |
39 | struct key_state; | |
a5b4bad4 AQ |
40 | struct multi_context; |
41 | struct multi_instance; | |
42 | struct mroute_addr; | |
e34437c2 | 43 | struct options; |
6a5612fe | 44 | struct tls_multi; |
e34437c2 AQ |
45 | struct tuntap; |
46 | ||
a5b4bad4 | 47 | #define DCO_IROUTE_METRIC 100 |
90d9c38b AQ |
48 | #define DCO_DEFAULT_METRIC 200 |
49 | ||
e34437c2 AQ |
50 | #if defined(ENABLE_DCO) |
51 | ||
52 | /** | |
53 | * Check whether ovpn-dco is available on this platform (i.e. kernel support is | |
54 | * there) | |
55 | * | |
56 | * @param msglevel level to print messages to | |
57 | * @return true if ovpn-dco is available, false otherwise | |
58 | */ | |
59 | bool dco_available(int msglevel); | |
60 | ||
3da238e6 AQ |
61 | |
62 | /** | |
63 | * Return a human readable string representing the DCO version | |
64 | * | |
65 | * @param gc the garbage collector to use for any dynamic allocation | |
66 | * @return a pointer to the string (allocated via gc) containing the string | |
67 | */ | |
68 | const char *dco_version_string(struct gc_arena *gc); | |
69 | ||
e34437c2 AQ |
70 | /** |
71 | * Check whether the options struct has any option that is not supported by | |
72 | * our current dco implementation. If so print a warning at warning level | |
73 | * for the first conflicting option found and return false. | |
74 | * | |
75 | * @param msglevel the msg level to use to print the warnings | |
76 | * @param o the options struct that hold the options | |
77 | * @return true if no conflict was detected, false otherwise | |
78 | */ | |
f7b2817b | 79 | bool dco_check_option(int msglevel, const struct options *o); |
e34437c2 | 80 | |
897728ff TR |
81 | /** |
82 | * Check whether the options struct has any further option that is not supported | |
83 | * by our current dco implementation during early startup. | |
84 | * If so print a warning at warning level for the first conflicting option | |
85 | * found and return false. | |
86 | * | |
87 | * @param msglevel the msg level to use to print the warnings | |
88 | * @param o the options struct that hold the options | |
89 | * @return true if no conflict was detected, false otherwise | |
90 | */ | |
f7b2817b | 91 | bool dco_check_startup_option(int msglevel, const struct options *o); |
897728ff | 92 | |
46f6a7e8 AQ |
93 | /** |
94 | * Check whether any of the options pushed by the server is not supported by | |
95 | * our current dco implementation. If so print a warning at warning level | |
96 | * for the first conflicting option found and return false. | |
97 | * | |
98 | * @param msglevel the msg level to use to print the warnings | |
99 | * @param o the options struct that hold the options | |
100 | * @return true if no conflict was detected, false otherwise | |
101 | */ | |
102 | bool dco_check_pull_options(int msglevel, const struct options *o); | |
103 | ||
e34437c2 AQ |
104 | /** |
105 | * Initialize the DCO context | |
106 | * | |
107 | * @param mode the instance operating mode (P2P or multi-peer) | |
108 | * @param dco the context to initialize | |
109 | * @return true on success, false otherwise | |
110 | */ | |
111 | bool ovpn_dco_init(int mode, dco_context_t *dco); | |
112 | ||
113 | /** | |
114 | * Open/create a DCO interface | |
115 | * | |
116 | * @param tt the tuntap context | |
117 | * @param ctx the networking API context | |
118 | * @param dev the name of the interface to create | |
119 | * @return 0 on success or a negative error code otherwise | |
120 | */ | |
121 | int open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev); | |
122 | ||
123 | /** | |
124 | * Close/destroy a DCO interface | |
125 | * | |
126 | * @param tt the tuntap context | |
127 | * @param ctx the networking API context | |
128 | */ | |
129 | void close_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx); | |
130 | ||
131 | /** | |
132 | * Read data from the DCO communication channel (i.e. a control packet) | |
133 | * | |
134 | * @param dco the DCO context | |
135 | * @return 0 on success or a negative error code otherwise | |
136 | */ | |
137 | int dco_do_read(dco_context_t *dco); | |
138 | ||
e34437c2 AQ |
139 | /** |
140 | * Install a DCO in the main event loop | |
141 | */ | |
142 | void dco_event_set(dco_context_t *dco, struct event_set *es, void *arg); | |
143 | ||
6a5612fe AQ |
144 | /** |
145 | * Install the key material in DCO for the specified peer. | |
146 | * The key is installed in the primary slot when no other key was yet installed. | |
147 | * Any subsequent invocation will install the key in the secondary slot. | |
148 | * | |
149 | * @param multi the TLS context of the current instance | |
150 | * @param ks the state of the key being installed | |
151 | * @param key2 the container for the raw key material | |
152 | * @param key_direction the key direction to be used to extract the material | |
153 | * @param ciphername the name of the cipher to use the key with | |
154 | * @param server whether we are running on a server instance or not | |
155 | * | |
156 | * @return 0 on success or a negative error code otherwise | |
157 | */ | |
158 | int init_key_dco_bi(struct tls_multi *multi, struct key_state *ks, | |
159 | const struct key2 *key2, int key_direction, | |
160 | const char *ciphername, bool server); | |
161 | ||
cd4ba927 AQ |
162 | /** |
163 | * Possibly swap or wipe keys from DCO | |
164 | * | |
165 | * @param dco DCO device context | |
166 | * @param multi TLS multi instance | |
419051c9 AS |
167 | * |
168 | * @return returns false if an error occurred that is not | |
169 | * recoverable and should reset the connection | |
cd4ba927 | 170 | */ |
419051c9 | 171 | bool dco_update_keys(dco_context_t *dco, struct tls_multi *multi); |
b6f7b285 AQ |
172 | /** |
173 | * Install a new peer in DCO - to be called by a CLIENT (or P2P) instance | |
174 | * | |
175 | * @param c the main instance context | |
176 | * @return 0 on success or a negative error code otherwise | |
177 | */ | |
178 | int dco_p2p_add_new_peer(struct context *c); | |
179 | ||
180 | /** | |
181 | * Modify DCO peer options. Special values are 0 (disable) | |
182 | * and -1 (do not touch). | |
183 | * | |
184 | * @param dco DCO device context | |
185 | * @param peer_id the ID of the peer to be modified | |
186 | * @param keepalive_interval keepalive interval in seconds | |
187 | * @param keepalive_timeout keepalive timeout in seconds | |
188 | * @param mss TCP MSS value | |
189 | * | |
190 | * @return 0 on success or a negative error code otherwise | |
191 | */ | |
192 | int dco_set_peer(dco_context_t *dco, unsigned int peerid, | |
193 | int keepalive_interval, int keepalive_timeout, int mss); | |
194 | ||
195 | /** | |
196 | * Remove a peer from DCO | |
197 | * | |
198 | * @param c the main instance context of the peer to remove | |
199 | */ | |
200 | void dco_remove_peer(struct context *c); | |
201 | ||
a5b4bad4 AQ |
202 | /** |
203 | * Install a new peer in DCO - to be called by a SERVER instance | |
204 | * | |
205 | * @param m the server context | |
206 | * @param mi the client instance | |
207 | * @return 0 on success or a negative error code otherwise | |
208 | */ | |
209 | int dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi); | |
210 | ||
211 | /** | |
212 | * Install an iroute in DCO, which means adding a route to the system routing | |
213 | * table. To be called by a SERVER instance only. | |
214 | * | |
215 | * @param m the server context | |
216 | * @param mi the client instance acting as nexthop for the route | |
217 | * @param addr the route to add | |
218 | */ | |
219 | void dco_install_iroute(struct multi_context *m, struct multi_instance *mi, | |
220 | struct mroute_addr *addr); | |
221 | ||
222 | /** | |
223 | * Remove all routes added through the specified client | |
224 | * | |
225 | * @param m the server context | |
226 | * @param mi the client instance for which routes have to be removed | |
227 | */ | |
228 | void dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi); | |
229 | ||
ce2b459d KP |
230 | /** |
231 | * Update traffic statistics for all peers | |
232 | * | |
233 | * @param dco DCO device context | |
234 | * @param m the server context | |
235 | **/ | |
6dbf8352 | 236 | int dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m); |
ce2b459d | 237 | |
74d5ece4 LS |
238 | /** |
239 | * Update traffic statistics for single peer | |
240 | * | |
241 | * @param c instance context of the peer | |
242 | **/ | |
243 | int dco_get_peer_stats(struct context *c); | |
244 | ||
f9aafa35 AQ |
245 | /** |
246 | * Retrieve the list of ciphers supported by the current platform | |
247 | * | |
248 | * @return list of colon-separated ciphers | |
249 | */ | |
250 | const char *dco_get_supported_ciphers(); | |
251 | ||
e34437c2 AQ |
252 | #else /* if defined(ENABLE_DCO) */ |
253 | ||
254 | typedef void *dco_context_t; | |
255 | ||
256 | static inline bool | |
257 | dco_available(int msglevel) | |
258 | { | |
259 | return false; | |
260 | } | |
261 | ||
3da238e6 AQ |
262 | static inline const char * |
263 | dco_version_string(struct gc_arena *gc) | |
264 | { | |
265 | return "not-compiled"; | |
266 | } | |
267 | ||
e34437c2 | 268 | static inline bool |
f7b2817b | 269 | dco_check_option(int msglevel, const struct options *o) |
e34437c2 AQ |
270 | { |
271 | return false; | |
272 | } | |
273 | ||
897728ff | 274 | static inline bool |
f7b2817b | 275 | dco_check_startup_option(int msglevel, const struct options *o) |
897728ff TR |
276 | { |
277 | return false; | |
278 | } | |
279 | ||
46f6a7e8 AQ |
280 | static inline bool |
281 | dco_check_pull_options(int msglevel, const struct options *o) | |
282 | { | |
283 | return false; | |
284 | } | |
285 | ||
e34437c2 AQ |
286 | static inline bool |
287 | ovpn_dco_init(int mode, dco_context_t *dco) | |
288 | { | |
289 | return true; | |
290 | } | |
291 | ||
292 | static inline int | |
293 | open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev) | |
294 | { | |
295 | return 0; | |
296 | } | |
297 | ||
298 | static inline void | |
299 | close_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx) | |
300 | { | |
301 | } | |
302 | ||
303 | static inline int | |
304 | dco_do_read(dco_context_t *dco) | |
305 | { | |
306 | ASSERT(false); | |
307 | return 0; | |
308 | } | |
309 | ||
e34437c2 AQ |
310 | static inline void |
311 | dco_event_set(dco_context_t *dco, struct event_set *es, void *arg) | |
312 | { | |
313 | } | |
314 | ||
6a5612fe AQ |
315 | static inline int |
316 | init_key_dco_bi(struct tls_multi *multi, struct key_state *ks, | |
317 | const struct key2 *key2, int key_direction, | |
318 | const char *ciphername, bool server) | |
319 | { | |
320 | return 0; | |
321 | } | |
322 | ||
419051c9 | 323 | static inline bool |
cd4ba927 AQ |
324 | dco_update_keys(dco_context_t *dco, struct tls_multi *multi) |
325 | { | |
326 | ASSERT(false); | |
419051c9 | 327 | return false; |
cd4ba927 AQ |
328 | } |
329 | ||
329cb7ed | 330 | static inline int |
b6f7b285 AQ |
331 | dco_p2p_add_new_peer(struct context *c) |
332 | { | |
329cb7ed | 333 | return 0; |
b6f7b285 AQ |
334 | } |
335 | ||
336 | static inline int | |
337 | dco_set_peer(dco_context_t *dco, unsigned int peerid, | |
338 | int keepalive_interval, int keepalive_timeout, int mss) | |
339 | { | |
340 | return 0; | |
341 | } | |
342 | ||
343 | static inline void | |
344 | dco_remove_peer(struct context *c) | |
345 | { | |
346 | } | |
347 | ||
329cb7ed | 348 | static inline int |
a5b4bad4 AQ |
349 | dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi) |
350 | { | |
329cb7ed | 351 | return 0; |
a5b4bad4 AQ |
352 | } |
353 | ||
354 | static inline void | |
355 | dco_install_iroute(struct multi_context *m, struct multi_instance *mi, | |
356 | struct mroute_addr *addr) | |
357 | { | |
358 | } | |
359 | ||
360 | static inline void | |
361 | dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi) | |
362 | { | |
363 | } | |
364 | ||
ce2b459d | 365 | static inline int |
6dbf8352 | 366 | dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m) |
ce2b459d KP |
367 | { |
368 | return 0; | |
369 | } | |
370 | ||
74d5ece4 LS |
371 | static inline int |
372 | dco_get_peer_stats(struct context *c) | |
373 | { | |
374 | return 0; | |
375 | } | |
376 | ||
f9aafa35 AQ |
377 | static inline const char * |
378 | dco_get_supported_ciphers() | |
379 | { | |
380 | return ""; | |
381 | } | |
382 | ||
e34437c2 AQ |
383 | #endif /* defined(ENABLE_DCO) */ |
384 | #endif /* ifndef DCO_H */ |