[thirdparty/openvpn.git] / src / openvpn / dco.h

/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2021-2024 Arne Schwabe <arne@rfc2549.org>
 *  Copyright (C) 2021-2024 Antonio Quartulli <a@unstable.cc>
 *  Copyright (C) 2021-2024 OpenVPN Inc <sales@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program (see the file COPYING included with this
 *  distribution); if not, write to the Free Software Foundation, Inc.,
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
#ifndef DCO_H
#define DCO_H

#include "buffer.h"
#include "error.h"
#include "dco_internal.h"
#include "networking.h"

/* forward declarations (including other headers leads to nasty include
 * order problems)
 */
struct event_set;
struct key2;
struct key_state;
struct multi_context;
struct multi_instance;
struct mroute_addr;
struct options;
struct tls_multi;
struct tuntap;

#define DCO_IROUTE_METRIC   100
#define DCO_DEFAULT_METRIC  200

#if defined(ENABLE_DCO)

/**
 * Check whether ovpn-dco is available on this platform (i.e. kernel support is
 * there)
 *
 * @param msglevel      level to print messages to
 * @return              true if ovpn-dco is available, false otherwise
 */
bool dco_available(int msglevel);


/**
 * Return a human readable string representing the DCO version
 *
 * @param gc    the garbage collector to use for any dynamic allocation
 * @return      a pointer to the string (allocated via gc) containing the string
 */
const char *dco_version_string(struct gc_arena *gc);

/**
 * Check whether the options struct has any option that is not supported by
 * our current dco implementation. If so print a warning at warning level
 * for the first conflicting option found and return false.
 *
 * @param msglevel  the msg level to use to print the warnings
 * @param o         the options struct that hold the options
 * @return          true if no conflict was detected, false otherwise
 */
bool dco_check_option(int msglevel, const struct options *o);

/**
 * Check whether the options struct has any further option that is not supported
 * by our current dco implementation during early startup.
 * If so print a warning at warning level for the first conflicting option
 * found and return false.
 *
 * @param msglevel  the msg level to use to print the warnings
 * @param o         the options struct that hold the options
 * @return          true if no conflict was detected, false otherwise
 */
bool dco_check_startup_option(int msglevel, const struct options *o);

/**
 * Check whether any of the options pushed by the server is not supported by
 * our current dco implementation. If so print a warning at warning level
 * for the first conflicting option found and return false.
 *
 * @param msglevel  the msg level to use to print the warnings
 * @param o         the options struct that hold the options
 * @return          true if no conflict was detected, false otherwise
 */
bool dco_check_pull_options(int msglevel, const struct options *o);

/**
 * Initialize the DCO context
 *
 * @param mode      the instance operating mode (P2P or multi-peer)
 * @param dco       the context to initialize
 * @return          true on success, false otherwise
 */
bool ovpn_dco_init(int mode, dco_context_t *dco);

/**
 * Open/create a DCO interface
 *
 * @param tt        the tuntap context
 * @param ctx       the networking API context
 * @param dev       the name of the interface to create
 * @return          0 on success or a negative error code otherwise
 */
int open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev);

/**
 * Close/destroy a DCO interface
 *
 * @param tt        the tuntap context
 * @param ctx       the networking API context
 */
void close_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx);

/**
 * Read data from the DCO communication channel (i.e. a control packet)
 *
 * @param dco       the DCO context
 * @return          0 on success or a negative error code otherwise
 */
int dco_do_read(dco_context_t *dco);

/**
 * Install a DCO in the main event loop
 */
void dco_event_set(dco_context_t *dco, struct event_set *es, void *arg);

/**
 * Install the key material in DCO for the specified peer.
 * The key is installed in the primary slot when no other key was yet installed.
 * Any subsequent invocation will install the key in the secondary slot.
 *
 * @param multi     the TLS context of the current instance
 * @param ks        the state of the key being installed
 * @param key2      the container for the raw key material
 * @param key_direction the key direction to be used to extract the material
 * @param ciphername    the name of the cipher to use the key with
 * @param server    whether we are running on a server instance or not
 *
 * @return          0 on success or a negative error code otherwise
 */
int init_key_dco_bi(struct tls_multi *multi, struct key_state *ks,
                    const struct key2 *key2, int key_direction,
                    const char *ciphername, bool server);

/**
 * Possibly swap or wipe keys from DCO
 *
 * @param dco           DCO device context
 * @param multi         TLS multi instance
 *
 * @return              returns false if an error occurred that is not
 *                      recoverable and should reset the connection
 */
bool dco_update_keys(dco_context_t *dco, struct tls_multi *multi);
/**
 * Install a new peer in DCO - to be called by a CLIENT (or P2P) instance
 *
 * @param c         the main instance context
 * @return          0 on success or a negative error code otherwise
 */
int dco_p2p_add_new_peer(struct context *c);

/**
 * Modify DCO peer options. Special values are 0 (disable)
 * and -1 (do not touch).
 *
 * @param dco                DCO device context
 * @param peer_id            the ID of the peer to be modified
 * @param keepalive_interval keepalive interval in seconds
 * @param keepalive_timeout  keepalive timeout in seconds
 * @param mss                TCP MSS value
 *
 * @return                   0 on success or a negative error code otherwise
 */
int dco_set_peer(dco_context_t *dco, unsigned int peerid,
                 int keepalive_interval, int keepalive_timeout, int mss);

/**
 * Remove a peer from DCO
 *
 * @param c         the main instance context of the peer to remove
 */
void dco_remove_peer(struct context *c);

/**
 * Install a new peer in DCO - to be called by a SERVER instance
 *
 * @param m         the server context
 * @param mi        the client instance
 * @return          0 on success or a negative error code otherwise
 */
int dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi);

/**
 * Install an iroute in DCO, which means adding a route to the system routing
 * table. To be called by a SERVER instance only.
 *
 * @param m         the server context
 * @param mi        the client instance acting as nexthop for the route
 * @param addr      the route to add
 */
void dco_install_iroute(struct multi_context *m, struct multi_instance *mi,
                        struct mroute_addr *addr);

/**
 * Remove all routes added through the specified client
 *
 * @param m         the server context
 * @param mi        the client instance for which routes have to be removed
 */
void dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi);

/**
 * Update traffic statistics for all peers
 *
 * @param dco   DCO device context
 * @param m     the server context
 **/
int dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m);

/**
 * Update traffic statistics for single peer
 *
 * @param c   instance context of the peer
 **/
int dco_get_peer_stats(struct context *c);

/**
 * Retrieve the list of ciphers supported by the current platform
 *
 * @return                   list of colon-separated ciphers
 */
const char *dco_get_supported_ciphers();

#else /* if defined(ENABLE_DCO) */

typedef void *dco_context_t;

static inline bool
dco_available(int msglevel)
{
    return false;
}

static inline const char *
dco_version_string(struct gc_arena *gc)
{
    return "not-compiled";
}

static inline bool
dco_check_option(int msglevel, const struct options *o)
{
    return false;
}

static inline bool
dco_check_startup_option(int msglevel, const struct options *o)
{
    return false;
}

static inline bool
dco_check_pull_options(int msglevel, const struct options *o)
{
    return false;
}

static inline bool
ovpn_dco_init(int mode, dco_context_t *dco)
{
    return true;
}

static inline int
open_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx, const char *dev)
{
    return 0;
}

static inline void
close_tun_dco(struct tuntap *tt, openvpn_net_ctx_t *ctx)
{
}

static inline int
dco_do_read(dco_context_t *dco)
{
    ASSERT(false);
    return 0;
}

static inline void
dco_event_set(dco_context_t *dco, struct event_set *es, void *arg)
{
}

static inline int
init_key_dco_bi(struct tls_multi *multi, struct key_state *ks,
                const struct key2 *key2, int key_direction,
                const char *ciphername, bool server)
{
    return 0;
}

static inline bool
dco_update_keys(dco_context_t *dco, struct tls_multi *multi)
{
    ASSERT(false);
    return false;
}

static inline int
dco_p2p_add_new_peer(struct context *c)
{
    return 0;
}

static inline int
dco_set_peer(dco_context_t *dco, unsigned int peerid,
             int keepalive_interval, int keepalive_timeout, int mss)
{
    return 0;
}

static inline void
dco_remove_peer(struct context *c)
{
}

static inline int
dco_multi_add_new_peer(struct multi_context *m, struct multi_instance *mi)
{
    return 0;
}

static inline void
dco_install_iroute(struct multi_context *m, struct multi_instance *mi,
                   struct mroute_addr *addr)
{
}

static inline void
dco_delete_iroutes(struct multi_context *m, struct multi_instance *mi)
{
}

static inline int
dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m)
{
    return 0;
}

static inline int
dco_get_peer_stats(struct context *c)
{
    return 0;
}

static inline const char *
dco_get_supported_ciphers()
{
    return "";
}

#endif /* defined(ENABLE_DCO) */
#endif /* ifndef DCO_H */
Commit	Line	Data
e34437c2 AQ	1	/*
	2	* OpenVPN -- An application to securely tunnel IP networks
	3	* over a single TCP/UDP port, with support for SSL/TLS-based
	4	* session authentication and key exchange,
	5	* packet encryption, packet authentication, and
	6	* packet compression.
	7	*
b25c6d7e FL	8	* Copyright (C) 2021-2024 Arne Schwabe <arne@rfc2549.org>
	9	* Copyright (C) 2021-2024 Antonio Quartulli <a@unstable.cc>
	10	* Copyright (C) 2021-2024 OpenVPN Inc <sales@openvpn.net>
e34437c2 AQ	11	*
	12	* This program is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU General Public License version 2
	14	* as published by the Free Software Foundation.
	15	*
	16	* This program is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	* GNU General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU General Public License
	22	* along with this program (see the file COPYING included with this
	23	* distribution); if not, write to the Free Software Foundation, Inc.,
	24	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	25	*/
	26	#ifndef DCO_H
	27	#define DCO_H
	28
	29	#include "buffer.h"
	30	#include "error.h"
	31	#include "dco_internal.h"
	32	#include "networking.h"
	33
	34	/* forward declarations (including other headers leads to nasty include
	35	* order problems)
	36	*/
	37	struct event_set;
6a5612fe AQ	38	struct key2;
6a5612fe AQ	39	struct key_state;
a5b4bad4 AQ	40	struct multi_context;
	41	struct multi_instance;
	42	struct mroute_addr;
e34437c2	43	struct options;
6a5612fe	44	struct tls_multi;
e34437c2 AQ	45	struct tuntap;
e34437c2 AQ	46
a5b4bad4	47	#define DCO_IROUTE_METRIC 100
90d9c38b AQ	48	#define DCO_DEFAULT_METRIC 200
90d9c38b AQ	49
e34437c2 AQ	50	#if defined(ENABLE_DCO)
	51
	52	/**
	53	* Check whether ovpn-dco is available on this platform (i.e. kernel support is
	54	* there)
	55	*
	56	* @param msglevel level to print messages to
	57	* @return true if ovpn-dco is available, false otherwise
	58	*/
	59	bool dco_available(int msglevel);
	60
3da238e6 AQ	61
	62	/**
	63	* Return a human readable string representing the DCO version
	64	*
	65	* @param gc the garbage collector to use for any dynamic allocation
	66	* @return a pointer to the string (allocated via gc) containing the string
	67	*/
	68	const char dco_version_string(struct gc_arena gc);
	69
e34437c2 AQ	70	/**
	71	* Check whether the options struct has any option that is not supported by
	72	* our current dco implementation. If so print a warning at warning level
	73	* for the first conflicting option found and return false.
	74	*
	75	* @param msglevel the msg level to use to print the warnings
	76	* @param o the options struct that hold the options
	77	* @return true if no conflict was detected, false otherwise
	78	*/
f7b2817b	79	bool dco_check_option(int msglevel, const struct options *o);
e34437c2	80
897728ff TR	81	/**
	82	* Check whether the options struct has any further option that is not supported
	83	* by our current dco implementation during early startup.
	84	* If so print a warning at warning level for the first conflicting option
	85	* found and return false.
	86	*
	87	* @param msglevel the msg level to use to print the warnings
	88	* @param o the options struct that hold the options
	89	* @return true if no conflict was detected, false otherwise
	90	*/
f7b2817b	91	bool dco_check_startup_option(int msglevel, const struct options *o);
897728ff	92
46f6a7e8 AQ	93	/**
	94	* Check whether any of the options pushed by the server is not supported by
	95	* our current dco implementation. If so print a warning at warning level
	96	* for the first conflicting option found and return false.
	97	*
	98	* @param msglevel the msg level to use to print the warnings
	99	* @param o the options struct that hold the options
	100	* @return true if no conflict was detected, false otherwise
	101	*/
	102	bool dco_check_pull_options(int msglevel, const struct options *o);
	103
e34437c2 AQ	104	/**
	105	* Initialize the DCO context
	106	*
	107	* @param mode the instance operating mode (P2P or multi-peer)
	108	* @param dco the context to initialize
	109	* @return true on success, false otherwise
	110	*/
	111	bool ovpn_dco_init(int mode, dco_context_t *dco);
	112
	113	/**
	114	* Open/create a DCO interface
	115	*
	116	* @param tt the tuntap context
	117	* @param ctx the networking API context
	118	* @param dev the name of the interface to create
	119	* @return 0 on success or a negative error code otherwise
	120	*/
	121	int open_tun_dco(struct tuntap tt, openvpn_net_ctx_t ctx, const char *dev);
	122
	123	/**
	124	* Close/destroy a DCO interface
	125	*
	126	* @param tt the tuntap context
	127	* @param ctx the networking API context
	128	*/
	129	void close_tun_dco(struct tuntap tt, openvpn_net_ctx_t ctx);
	130
	131	/**
	132	* Read data from the DCO communication channel (i.e. a control packet)
	133	*
	134	* @param dco the DCO context
	135	* @return 0 on success or a negative error code otherwise
	136	*/
	137	int dco_do_read(dco_context_t *dco);
	138
e34437c2 AQ	139	/**
	140	* Install a DCO in the main event loop
	141	*/
	142	void dco_event_set(dco_context_t dco, struct event_set es, void *arg);
	143
6a5612fe AQ	144	/**
	145	* Install the key material in DCO for the specified peer.
	146	* The key is installed in the primary slot when no other key was yet installed.
	147	* Any subsequent invocation will install the key in the secondary slot.
	148	*
	149	* @param multi the TLS context of the current instance
	150	* @param ks the state of the key being installed
	151	* @param key2 the container for the raw key material
	152	* @param key_direction the key direction to be used to extract the material
	153	* @param ciphername the name of the cipher to use the key with
	154	* @param server whether we are running on a server instance or not
	155	*
	156	* @return 0 on success or a negative error code otherwise
	157	*/
	158	int init_key_dco_bi(struct tls_multi multi, struct key_state ks,
	159	const struct key2 *key2, int key_direction,
	160	const char *ciphername, bool server);
	161
cd4ba927 AQ	162	/**
	163	* Possibly swap or wipe keys from DCO
	164	*
	165	* @param dco DCO device context
	166	* @param multi TLS multi instance
419051c9 AS	167	*
	168	* @return returns false if an error occurred that is not
	169	* recoverable and should reset the connection
cd4ba927	170	*/
419051c9	171	bool dco_update_keys(dco_context_t dco, struct tls_multi multi);
b6f7b285 AQ	172	/**
	173	* Install a new peer in DCO - to be called by a CLIENT (or P2P) instance
	174	*
	175	* @param c the main instance context
	176	* @return 0 on success or a negative error code otherwise
	177	*/
	178	int dco_p2p_add_new_peer(struct context *c);
	179
	180	/**
	181	* Modify DCO peer options. Special values are 0 (disable)
	182	* and -1 (do not touch).
	183	*
	184	* @param dco DCO device context
	185	* @param peer_id the ID of the peer to be modified
	186	* @param keepalive_interval keepalive interval in seconds
	187	* @param keepalive_timeout keepalive timeout in seconds
	188	* @param mss TCP MSS value
	189	*
	190	* @return 0 on success or a negative error code otherwise
	191	*/
	192	int dco_set_peer(dco_context_t *dco, unsigned int peerid,
	193	int keepalive_interval, int keepalive_timeout, int mss);
	194
	195	/**
	196	* Remove a peer from DCO
	197	*
	198	* @param c the main instance context of the peer to remove
	199	*/
	200	void dco_remove_peer(struct context *c);
	201
a5b4bad4 AQ	202	/**
	203	* Install a new peer in DCO - to be called by a SERVER instance
	204	*
	205	* @param m the server context
	206	* @param mi the client instance
	207	* @return 0 on success or a negative error code otherwise
	208	*/
	209	int dco_multi_add_new_peer(struct multi_context m, struct multi_instance mi);
	210
	211	/**
	212	* Install an iroute in DCO, which means adding a route to the system routing
	213	* table. To be called by a SERVER instance only.
	214	*
	215	* @param m the server context
	216	* @param mi the client instance acting as nexthop for the route
	217	* @param addr the route to add
	218	*/
	219	void dco_install_iroute(struct multi_context m, struct multi_instance mi,
	220	struct mroute_addr *addr);
	221
	222	/**
	223	* Remove all routes added through the specified client
	224	*
	225	* @param m the server context
	226	* @param mi the client instance for which routes have to be removed
	227	*/
	228	void dco_delete_iroutes(struct multi_context m, struct multi_instance mi);
	229
ce2b459d KP	230	/**
	231	* Update traffic statistics for all peers
	232	*
	233	* @param dco DCO device context
	234	* @param m the server context
	235	**/
6dbf8352	236	int dco_get_peer_stats_multi(dco_context_t dco, struct multi_context m);
ce2b459d	237
74d5ece4 LS	238	/**
	239	* Update traffic statistics for single peer
	240	*
	241	* @param c instance context of the peer
	242	**/
	243	int dco_get_peer_stats(struct context *c);
	244
f9aafa35 AQ	245	/**
	246	* Retrieve the list of ciphers supported by the current platform
	247	*
	248	* @return list of colon-separated ciphers
	249	*/
	250	const char *dco_get_supported_ciphers();
	251
e34437c2 AQ	252	#else /* if defined(ENABLE_DCO) */
	253
	254	typedef void *dco_context_t;
	255
	256	static inline bool
	257	dco_available(int msglevel)
	258	{
	259	return false;
	260	}
	261
3da238e6 AQ	262	static inline const char *
	263	dco_version_string(struct gc_arena *gc)
	264	{
	265	return "not-compiled";
	266	}
	267
e34437c2	268	static inline bool
f7b2817b	269	dco_check_option(int msglevel, const struct options *o)
e34437c2 AQ	270	{
	271	return false;
	272	}
	273
897728ff	274	static inline bool
f7b2817b	275	dco_check_startup_option(int msglevel, const struct options *o)
897728ff TR	276	{
	277	return false;
	278	}
	279
46f6a7e8 AQ	280	static inline bool
	281	dco_check_pull_options(int msglevel, const struct options *o)
	282	{
	283	return false;
	284	}
	285
e34437c2 AQ	286	static inline bool
	287	ovpn_dco_init(int mode, dco_context_t *dco)
	288	{
	289	return true;
	290	}
	291
	292	static inline int
	293	open_tun_dco(struct tuntap tt, openvpn_net_ctx_t ctx, const char *dev)
	294	{
	295	return 0;
	296	}
	297
	298	static inline void
	299	close_tun_dco(struct tuntap tt, openvpn_net_ctx_t ctx)
	300	{
	301	}
	302
	303	static inline int
	304	dco_do_read(dco_context_t *dco)
	305	{
	306	ASSERT(false);
	307	return 0;
	308	}
	309
e34437c2 AQ	310	static inline void
	311	dco_event_set(dco_context_t dco, struct event_set es, void *arg)
	312	{
	313	}
	314
6a5612fe AQ	315	static inline int
	316	init_key_dco_bi(struct tls_multi multi, struct key_state ks,
	317	const struct key2 *key2, int key_direction,
	318	const char *ciphername, bool server)
	319	{
	320	return 0;
	321	}
	322
419051c9	323	static inline bool
cd4ba927 AQ	324	dco_update_keys(dco_context_t dco, struct tls_multi multi)
	325	{
	326	ASSERT(false);
419051c9	327	return false;
cd4ba927 AQ	328	}
cd4ba927 AQ	329
329cb7ed	330	static inline int
b6f7b285 AQ	331	dco_p2p_add_new_peer(struct context *c)
b6f7b285 AQ	332	{
329cb7ed	333	return 0;
b6f7b285 AQ	334	}
	335
	336	static inline int
	337	dco_set_peer(dco_context_t *dco, unsigned int peerid,
	338	int keepalive_interval, int keepalive_timeout, int mss)
	339	{
	340	return 0;
	341	}
	342
	343	static inline void
	344	dco_remove_peer(struct context *c)
	345	{
	346	}
	347
329cb7ed	348	static inline int
a5b4bad4 AQ	349	dco_multi_add_new_peer(struct multi_context m, struct multi_instance mi)
a5b4bad4 AQ	350	{
329cb7ed	351	return 0;
a5b4bad4 AQ	352	}
	353
	354	static inline void
	355	dco_install_iroute(struct multi_context m, struct multi_instance mi,
	356	struct mroute_addr *addr)
	357	{
	358	}
	359
	360	static inline void
	361	dco_delete_iroutes(struct multi_context m, struct multi_instance mi)
	362	{
	363	}
	364
ce2b459d	365	static inline int
6dbf8352	366	dco_get_peer_stats_multi(dco_context_t dco, struct multi_context m)
ce2b459d KP	367	{
	368	return 0;
	369	}
	370
74d5ece4 LS	371	static inline int
	372	dco_get_peer_stats(struct context *c)
	373	{
	374	return 0;
	375	}
	376
f9aafa35 AQ	377	static inline const char *
	378	dco_get_supported_ciphers()
	379	{
	380	return "";
	381	}
	382
e34437c2 AQ	383	#endif /* defined(ENABLE_DCO) */
e34437c2 AQ	384	#endif /* ifndef DCO_H */