2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
37 #ifdef HAVE_SYS_INOTIFY_H
38 #include <sys/inotify.h>
42 send_hmac_reset_packet(struct multi_context
*m
,
43 struct tls_pre_decrypt_state
*state
,
44 struct tls_auth_standalone
*tas
,
45 struct session_id
*sid
,
46 bool request_resend_wkc
)
48 reset_packet_id_send(&state
->tls_wrap_tmp
.opt
.packet_id
.send
);
49 state
->tls_wrap_tmp
.opt
.packet_id
.rec
.initialized
= true;
50 uint8_t header
= 0 | (P_CONTROL_HARD_RESET_SERVER_V2
<< P_OPCODE_SHIFT
);
51 struct buffer buf
= tls_reset_standalone(&state
->tls_wrap_tmp
, tas
, sid
,
52 &state
->peer_session_id
, header
,
55 struct context
*c
= &m
->top
;
57 buf_reset_len(&c
->c2
.buffers
->aux_buf
);
58 buf_copy(&c
->c2
.buffers
->aux_buf
, &buf
);
59 m
->hmac_reply
= c
->c2
.buffers
->aux_buf
;
60 m
->hmac_reply_dest
= &m
->top
.c2
.from
;
61 msg(D_MULTI_DEBUG
, "Reset packet from client, sending HMAC based reset challenge");
65 /* Returns true if this packet should create a new session */
67 do_pre_decrypt_check(struct multi_context
*m
,
68 struct tls_pre_decrypt_state
*state
,
69 struct mroute_addr addr
)
71 ASSERT(m
->top
.c2
.tls_auth_standalone
);
73 enum first_packet_verdict verdict
;
75 struct tls_auth_standalone
*tas
= m
->top
.c2
.tls_auth_standalone
;
77 verdict
= tls_pre_decrypt_lite(tas
, state
, &m
->top
.c2
.from
, &m
->top
.c2
.buf
);
79 hmac_ctx_t
*hmac
= m
->top
.c2
.session_id_hmac
;
80 struct openvpn_sockaddr
*from
= &m
->top
.c2
.from
.dest
;
81 int handwindow
= m
->top
.options
.handshake_window
;
83 if (verdict
== VERDICT_VALID_RESET_V3
|| verdict
== VERDICT_VALID_RESET_V2
)
85 /* Check if we are still below our limit for sending out
87 if (!reflect_filter_rate_limit_check(m
->initial_rate_limiter
))
93 if (verdict
== VERDICT_VALID_RESET_V3
)
95 /* Extract the packet id to check if it has the special format that
96 * indicates early negotiation support */
97 struct packet_id_net pin
;
98 struct buffer tmp
= m
->top
.c2
.buf
;
99 ASSERT(buf_advance(&tmp
, 1 + SID_SIZE
));
100 ASSERT(packet_id_read(&pin
, &tmp
, true));
102 /* The most significant byte is 0x0f if early negotiation is supported */
103 bool early_neg_support
= ((pin
.id
& EARLY_NEG_MASK
) & EARLY_NEG_START
) == EARLY_NEG_START
;
105 /* All clients that support early negotiation and tls-crypt are assumed
106 * to also support resending the WKc in the 2nd packet */
107 if (early_neg_support
)
109 /* Calculate the session ID HMAC for our reply and create reset packet */
110 struct session_id sid
= calculate_session_id_hmac(state
->peer_session_id
,
111 from
, hmac
, handwindow
, 0);
112 send_hmac_reset_packet(m
, state
, tas
, &sid
, true);
118 /* For tls-crypt-v2 we need to keep the state of the first packet
119 * to store the unwrapped key if the client doesn't support resending
120 * the wrapped key. Unless the user specifically disallowed
121 * compatibility with such clients to avoid state exhaustion */
122 if (tas
->tls_wrap
.opt
.flags
& CO_FORCE_TLSCRYPTV2_COOKIE
)
124 struct gc_arena gc
= gc_new();
125 const char *peer
= print_link_socket_actual(&m
->top
.c2
.from
, &gc
);
126 msg(D_MULTI_DEBUG
, "tls-crypt-v2 force-cookie is enabled, "
127 "ignoring connection attempt from old client (%s)", peer
);
137 else if (verdict
== VERDICT_VALID_RESET_V2
)
139 /* Calculate the session ID HMAC for our reply and create reset packet */
140 struct session_id sid
= calculate_session_id_hmac(state
->peer_session_id
,
141 from
, hmac
, handwindow
, 0);
143 send_hmac_reset_packet(m
, state
, tas
, &sid
, false);
145 /* We have a reply do not create a new session */
149 else if (verdict
== VERDICT_VALID_CONTROL_V1
|| verdict
== VERDICT_VALID_ACK_V1
150 || verdict
== VERDICT_VALID_WKC_V1
)
152 /* ACK_V1 contains the peer id (our id) while CONTROL_V1 can but does not
153 * need to contain the peer id */
154 struct gc_arena gc
= gc_new();
156 bool ret
= check_session_id_hmac(state
, from
, hmac
, handwindow
);
158 const char *peer
= print_link_socket_actual(&m
->top
.c2
.from
, &gc
);
159 uint8_t pkt_firstbyte
= *BPTR( &m
->top
.c2
.buf
);
160 int op
= pkt_firstbyte
>> P_OPCODE_SHIFT
;
164 msg(D_MULTI_MEDIUM
, "Packet (%s) with invalid or missing SID from %s",
165 packet_opcode_name(op
), peer
);
169 msg(D_MULTI_DEBUG
, "Valid packet (%s) with HMAC challenge from peer (%s), "
170 "accepting new connection.", packet_opcode_name(op
), peer
);
177 /* VERDICT_INVALID */
182 * Get a client instance based on real address. If
183 * the instance doesn't exist, create it while
184 * maintaining real address hash table atomicity.
187 struct multi_instance
*
188 multi_get_create_instance_udp(struct multi_context
*m
, bool *floated
)
190 struct gc_arena gc
= gc_new();
191 struct mroute_addr real
= {0};
192 struct multi_instance
*mi
= NULL
;
193 struct hash
*hash
= m
->hash
;
195 if (mroute_extract_openvpn_sockaddr(&real
, &m
->top
.c2
.from
.dest
, true)
196 && m
->top
.c2
.buf
.len
> 0)
198 struct hash_element
*he
;
199 const uint32_t hv
= hash_value(hash
, &real
);
200 struct hash_bucket
*bucket
= hash_bucket(hash
, hv
);
201 uint8_t *ptr
= BPTR(&m
->top
.c2
.buf
);
202 uint8_t op
= ptr
[0] >> P_OPCODE_SHIFT
;
203 bool v2
= (op
== P_DATA_V2
) && (m
->top
.c2
.buf
.len
>= (1 + 3));
204 bool peer_id_disabled
= false;
206 /* make sure buffer has enough length to read opcode (1 byte) and peer-id (3 bytes) */
209 uint32_t peer_id
= ntohl(*(uint32_t *)ptr
) & 0xFFFFFF;
210 peer_id_disabled
= (peer_id
== MAX_PEER_ID
);
212 if (!peer_id_disabled
&& (peer_id
< m
->max_clients
) && (m
->instances
[peer_id
]))
214 mi
= m
->instances
[peer_id
];
216 *floated
= !link_socket_actual_match(&mi
->context
.c2
.from
, &m
->top
.c2
.from
);
220 /* reset prefix, since here we are not sure peer is the one it claims to be */
221 ungenerate_prefix(mi
);
222 msg(D_MULTI_MEDIUM
, "Float requested for peer %" PRIu32
" to %s", peer_id
,
223 mroute_addr_print(&real
, &gc
));
227 if (!v2
|| peer_id_disabled
)
229 he
= hash_lookup_fast(hash
, bucket
, &real
, hv
);
232 mi
= (struct multi_instance
*) he
->value
;
236 /* we have no existing multi instance for this connection */
239 struct tls_pre_decrypt_state state
= {0};
240 if (m
->deferred_shutdown_signal
.signal_received
)
243 "MULTI: Connection attempt from %s ignored while server is "
244 "shutting down", mroute_addr_print(&real
, &gc
));
246 else if (do_pre_decrypt_check(m
, &state
, real
))
248 /* This is an unknown session but with valid tls-auth/tls-crypt
249 * (or no auth at all). If this is the initial packet of a
250 * session, we just send a reply with a HMAC session id and
251 * do not generate a session slot */
253 if (frequency_limit_event_allowed(m
->new_connection_limiter
))
255 /* a successful three-way handshake only counts against
256 * connect-freq but not against connect-freq-initial */
257 reflect_filter_rate_limit_decrease(m
->initial_rate_limiter
);
259 mi
= multi_create_instance(m
, &real
);
262 hash_add_fast(hash
, bucket
, &mi
->real
, hv
, mi
);
263 mi
->did_real_hash
= true;
264 multi_assign_peer_id(m
, mi
);
266 /* If we have a session id already, ensure that the
267 * state is using the same */
268 if (session_id_defined(&state
.server_session_id
)
269 && session_id_defined((&state
.peer_session_id
)))
271 mi
->context
.c2
.tls_multi
->n_sessions
++;
272 struct tls_session
*session
= &mi
->context
.c2
.tls_multi
->session
[TM_INITIAL
];
273 session_skip_to_pre_start(session
, &state
, &m
->top
.c2
.from
);
280 "MULTI: Connection from %s would exceed new connection frequency limit as controlled by --connect-freq",
281 mroute_addr_print(&real
, &gc
));
284 free_tls_pre_decrypt_state(&state
);
288 if (check_debug_level(D_MULTI_DEBUG
))
290 const char *status
= mi
? "[ok]" : "[failed]";
292 dmsg(D_MULTI_DEBUG
, "GET INST BY REAL: %s %s",
293 mroute_addr_print(&real
, &gc
),
300 ASSERT(!(mi
&& mi
->halt
));
305 * Send a packet to UDP socket.
308 multi_process_outgoing_link(struct multi_context
*m
, const unsigned int mpp_flags
)
310 struct multi_instance
*mi
= multi_process_outgoing_link_pre(m
);
313 multi_process_outgoing_link_dowork(m
, mi
, mpp_flags
);
315 if (m
->hmac_reply_dest
&& m
->hmac_reply
.len
> 0)
317 msg_set_prefix("Connection Attempt");
318 m
->top
.c2
.to_link
= m
->hmac_reply
;
319 m
->top
.c2
.to_link_addr
= m
->hmac_reply_dest
;
320 process_outgoing_link(&m
->top
);
321 m
->hmac_reply_dest
= NULL
;
326 * Process an I/O event.
329 multi_process_io_udp(struct multi_context
*m
)
331 const unsigned int status
= m
->top
.c2
.event_set_status
;
332 const unsigned int mpp_flags
= m
->top
.c2
.fast_io
333 ? (MPP_CONDITIONAL_PRE_SELECT
| MPP_CLOSE_ON_SIGNAL
)
334 : (MPP_PRE_SELECT
| MPP_CLOSE_ON_SIGNAL
);
336 #ifdef MULTI_DEBUG_EVENT_LOOP
339 if (status
& SOCKET_READ
)
343 else if (status
& SOCKET_WRITE
)
347 else if (status
& TUN_READ
)
351 else if (status
& TUN_WRITE
)
355 else if (status
& FILE_CLOSED
)
359 printf("IO %s\n", buf
);
360 #endif /* ifdef MULTI_DEBUG_EVENT_LOOP */
362 #ifdef ENABLE_MANAGEMENT
363 if (status
& (MANAGEMENT_READ
|MANAGEMENT_WRITE
))
366 management_io(management
);
370 /* UDP port ready to accept write */
371 if (status
& SOCKET_WRITE
)
373 multi_process_outgoing_link(m
, mpp_flags
);
375 /* TUN device ready to accept write */
376 else if (status
& TUN_WRITE
)
378 multi_process_outgoing_tun(m
, mpp_flags
);
380 /* Incoming data on UDP port */
381 else if (status
& SOCKET_READ
)
383 read_incoming_link(&m
->top
);
384 if (!IS_SIG(&m
->top
))
386 multi_process_incoming_link(m
, NULL
, mpp_flags
);
389 /* Incoming data on TUN device */
390 else if (status
& TUN_READ
)
392 read_incoming_tun(&m
->top
);
393 if (!IS_SIG(&m
->top
))
395 multi_process_incoming_tun(m
, mpp_flags
);
398 #ifdef ENABLE_ASYNC_PUSH
399 /* INOTIFY callback */
400 else if (status
& FILE_CLOSED
)
402 multi_process_file_closed(m
, mpp_flags
);
405 #if defined(ENABLE_DCO) && (defined(TARGET_LINUX) || defined(TARGET_FREEBSD))
406 else if (status
& DCO_READ
)
408 if (!IS_SIG(&m
->top
))
413 ret
= multi_process_incoming_dco(m
);
421 * Return the io_wait() flags appropriate for
422 * a point-to-multipoint tunnel.
424 static inline unsigned int
425 p2mp_iow_flags(const struct multi_context
*m
)
427 unsigned int flags
= IOW_WAIT_SIGNAL
;
430 if (TUN_OUT(&m
->pending
->context
))
434 if (LINK_OUT(&m
->pending
->context
))
436 flags
|= IOW_TO_LINK
;
439 else if (mbuf_defined(m
->mbuf
))
443 else if (m
->hmac_reply_dest
)
445 flags
|= IOW_TO_LINK
;
452 if (tuntap_ring_empty(m
->top
.c1
.tuntap
))
454 flags
&= ~IOW_READ_TUN
;
462 tunnel_server_udp(struct context
*top
)
464 struct multi_context multi
;
467 context_clear_2(top
);
469 /* initialize top-tunnel instance */
470 init_instance_handle_signals(top
, top
->es
, CC_HARD_USR1_TO_HUP
);
476 /* initialize global multi_context object */
477 multi_init(&multi
, top
, false);
479 /* initialize our cloned top object */
480 multi_top_init(&multi
, top
);
482 /* initialize management interface */
483 init_management_callback_multi(&multi
);
485 /* finished with initialization */
486 initialization_sequence_completed(top
, ISC_SERVER
); /* --mode server --proto udp */
488 #ifdef ENABLE_ASYNC_PUSH
489 multi
.top
.c2
.inotify_fd
= inotify_init();
490 if (multi
.top
.c2
.inotify_fd
< 0)
492 msg(D_MULTI_ERRORS
| M_ERRNO
, "MULTI: inotify_init error");
496 /* per-packet event loop */
499 perf_push(PERF_EVENT_LOOP
);
501 /* set up and do the io_wait() */
502 multi_get_timeout(&multi
, &multi
.top
.c2
.timeval
);
503 io_wait(&multi
.top
, p2mp_iow_flags(&multi
));
504 MULTI_CHECK_SIG(&multi
);
506 /* check on status of coarse timers */
507 multi_process_per_second_timers(&multi
);
510 if (multi
.top
.c2
.event_set_status
== ES_TIMEOUT
)
512 multi_process_timeout(&multi
, MPP_PRE_SELECT
|MPP_CLOSE_ON_SIGNAL
);
517 multi_process_io_udp(&multi
);
518 MULTI_CHECK_SIG(&multi
);
524 #ifdef ENABLE_ASYNC_PUSH
525 close(top
->c2
.inotify_fd
);
528 /* shut down management interface */
529 uninit_management_callback();
531 /* save ifconfig-pool */
532 multi_ifconfig_pool_persist(&multi
, true);
534 /* tear down tunnel instance (unless --persist-tun) */
535 multi_uninit(&multi
);
536 multi_top_free(&multi
);