1/* 2 * OpenVPN -- An application to securely tunnel IP networks 3 * over a single TCP/UDP port, with support for SSL/TLS-based 4 * session authentication and key exchange, 5 * packet encryption, packet authentication, and 6 * packet compression. 7 * 8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program (see the file COPYING included with this 21 * distribution); if not, write to the Free Software Foundation, Inc., 22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23 */ 24 25#ifndef MROUTE_H 26#define MROUTE_H 27 28#if P2MP_SERVER 29 30#include "buffer.h" 31#include "list.h" 32#include "route.h" 33 34#define IP_MCAST_SUBNET_MASK ((in_addr_t)240<<24) 35#define IP_MCAST_NETWORK ((in_addr_t)224<<24) 36 37/* Return status values for mroute_extract_addr_from_packet */ 38 39#define MROUTE_EXTRACT_SUCCEEDED (1<<0) 40#define MROUTE_EXTRACT_BCAST (1<<1) 41#define MROUTE_EXTRACT_MCAST (1<<2) 42#define MROUTE_EXTRACT_IGMP (1<<3) 43 44#define MROUTE_SEC_EXTRACT_SUCCEEDED (1<<(0+MROUTE_SEC_SHIFT)) 45#define MROUTE_SEC_EXTRACT_BCAST (1<<(1+MROUTE_SEC_SHIFT)) 46#define MROUTE_SEC_EXTRACT_MCAST (1<<(2+MROUTE_SEC_SHIFT)) 47#define MROUTE_SEC_EXTRACT_IGMP (1<<(3+MROUTE_SEC_SHIFT)) 48 49#define MROUTE_SEC_SHIFT 4 50 51/* 52 * Choose the largest address possible with 53 * any of our supported types, which is IPv6 54 * with port number. 55 */ 56#define MR_MAX_ADDR_LEN 20 57 58/* 59 * Address Types 60 */ 61#define MR_ADDR_NONE 0 62#define MR_ADDR_ETHER 1 63#define MR_ADDR_IPV4 2 64#define MR_ADDR_IPV6 3 65#define MR_ADDR_MASK 3 66 67/* Address type mask indicating that port # is part of address */ 68#define MR_WITH_PORT 4 69 70/* Address type mask indicating that netbits is part of address */ 71#define MR_WITH_NETBITS 8 72 73/* Indicates than IPv4 addr was extracted from ARP packet */ 74#define MR_ARP 16 75 76struct mroute_addr { 77 uint8_t len; /* length of address */ 78 uint8_t unused; 79 uint8_t type; /* MR_ADDR/MR_WITH flags */ 80 uint8_t netbits; /* number of bits in network part of address, 81 valid if MR_WITH_NETBITS is set */ 82 uint8_t addr[MR_MAX_ADDR_LEN]; /* actual address */ 83}; 84 85/* 86 * Number of bits in an address. Should be raised for IPv6. 87 */ 88#define MR_HELPER_NET_LEN 129 89 90/* 91 * Used to help maintain CIDR routing table. 92 */ 93struct mroute_helper { 94 unsigned int cache_generation; /* incremented when route added */ 95 int ageable_ttl_secs; /* host route cache entry time-to-live*/ 96 int n_net_len; /* length of net_len array */ 97 uint8_t net_len[MR_HELPER_NET_LEN]; /* CIDR netlengths in descending order */ 98 int net_len_refcount[MR_HELPER_NET_LEN]; /* refcount of each netlength */ 99}; 100 101struct openvpn_sockaddr; 102 103bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr, 104 const struct openvpn_sockaddr *osaddr, 105 bool use_port); 106 107bool mroute_learnable_address (const struct mroute_addr *addr); 108 109uint32_t mroute_addr_hash_function (const void *key, uint32_t iv); 110bool mroute_addr_compare_function (const void *key1, const void *key2); 111 112void mroute_addr_init (struct mroute_addr *addr); 113 114const char *mroute_addr_print (const struct mroute_addr *ma, 115 struct gc_arena *gc); 116 117#define MAPF_SUBNET (1<<0) 118#define MAPF_IA_EMPTY_IF_UNDEF (1<<1) 119#define MAPF_SHOW_ARP (1<<2) 120const char *mroute_addr_print_ex (const struct mroute_addr *ma, 121 const unsigned int flags, 122 struct gc_arena *gc); 123 124void mroute_addr_mask_host_bits (struct mroute_addr *ma); 125 126struct mroute_helper *mroute_helper_init (int ageable_ttl_secs); 127void mroute_helper_free (struct mroute_helper *mh); 128void mroute_helper_add_iroute (struct mroute_helper *mh, const struct iroute *ir); 129void mroute_helper_del_iroute (struct mroute_helper *mh, const struct iroute *ir); 130void mroute_helper_add_iroute6 (struct mroute_helper *mh, const struct iroute_ipv6 *ir6); 131void mroute_helper_del_iroute6 (struct mroute_helper *mh, const struct iroute_ipv6 *ir6); 132 133/* 134 * Given a raw packet in buf, return the src and dest 135 * addresses of the packet. 136 */ 137static inline unsigned int 138mroute_extract_addr_from_packet (struct mroute_addr *src, 139 struct mroute_addr *dest, 140 struct mroute_addr *esrc, 141 struct mroute_addr *edest, 142 const struct buffer *buf, 143 int tunnel_type) 144{ 145 unsigned int mroute_extract_addr_ipv4 (struct mroute_addr *src, 146 struct mroute_addr *dest, 147 const struct buffer *buf); 148 149 unsigned int mroute_extract_addr_ether (struct mroute_addr *src, 150 struct mroute_addr *dest, 151 struct mroute_addr *esrc, 152 struct mroute_addr *edest, 153 const struct buffer *buf); 154 unsigned int ret = 0; 155 verify_align_4 (buf); 156 if (tunnel_type == DEV_TYPE_TUN) 157 ret = mroute_extract_addr_ipv4 (src, dest, buf); 158 else if (tunnel_type == DEV_TYPE_TAP) 159 ret = mroute_extract_addr_ether (src, dest, esrc, edest, buf); 160 return ret; 161} 162 163static inline bool 164mroute_addr_equal (const struct mroute_addr *a1, const struct mroute_addr *a2) 165{ 166 if (a1->type != a2->type) 167 return false; 168 if (a1->netbits != a2->netbits) 169 return false; 170 if (a1->len != a2->len) 171 return false; 172 return memcmp (a1->addr, a2->addr, a1->len) == 0; 173} 174 175static inline const uint8_t * 176mroute_addr_hash_ptr (const struct mroute_addr *a) 177{ 178 /* NOTE: depends on ordering of struct mroute_addr */ 179 return (uint8_t *) &a->type; 180} 181 182static inline uint32_t 183mroute_addr_hash_len (const struct mroute_addr *a) 184{ 185 return (uint32_t) a->len + 2; 186} 187 188static inline void 189mroute_extract_in_addr_t (struct mroute_addr *dest, const in_addr_t src) 190{ 191 dest->type = MR_ADDR_IPV4; 192 dest->netbits = 0; 193 dest->len = 4; 194 *(in_addr_t*)dest->addr = htonl (src); 195} 196 197static inline in_addr_t 198in_addr_t_from_mroute_addr (const struct mroute_addr *addr) 199{ 200 if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4) 201 return ntohl(*(in_addr_t*)addr->addr); 202 else 203 return 0; 204} 205 206static inline void 207mroute_addr_reset (struct mroute_addr *ma) 208{ 209 ma->len = 0; 210 ma->type = MR_ADDR_NONE; 211} 212 213#endif /* P2MP_SERVER */ 214#endif /* MROUTE_H */ 215