1/*
2 *  OpenVPN -- An application to securely tunnel IP networks
3 *             over a single TCP/UDP port, with support for SSL/TLS-based
4 *             session authentication and key exchange,
5 *             packet encryption, packet authentication, and
6 *             packet compression.
7 *
8 *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 *
10 *  This program is free software; you can redistribute it and/or modify
11 *  it under the terms of the GNU General Public License version 2
12 *  as published by the Free Software Foundation.
13 *
14 *  This program is distributed in the hope that it will be useful,
15 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 *  GNU General Public License for more details.
18 *
19 *  You should have received a copy of the GNU General Public License
20 *  along with this program (see the file COPYING included with this
21 *  distribution); if not, write to the Free Software Foundation, Inc.,
22 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23 */
24
25#ifndef MROUTE_H
26#define MROUTE_H
27
28#if P2MP_SERVER
29
30#include "buffer.h"
31#include "list.h"
32#include "route.h"
33
34#define IP_MCAST_SUBNET_MASK  ((in_addr_t)240<<24)
35#define IP_MCAST_NETWORK      ((in_addr_t)224<<24)
36
37/* Return status values for mroute_extract_addr_from_packet */
38
39#define MROUTE_EXTRACT_SUCCEEDED (1<<0)
40#define MROUTE_EXTRACT_BCAST     (1<<1)
41#define MROUTE_EXTRACT_MCAST     (1<<2)
42#define MROUTE_EXTRACT_IGMP      (1<<3)
43
44#define MROUTE_SEC_EXTRACT_SUCCEEDED (1<<(0+MROUTE_SEC_SHIFT))
45#define MROUTE_SEC_EXTRACT_BCAST     (1<<(1+MROUTE_SEC_SHIFT))
46#define MROUTE_SEC_EXTRACT_MCAST     (1<<(2+MROUTE_SEC_SHIFT))
47#define MROUTE_SEC_EXTRACT_IGMP      (1<<(3+MROUTE_SEC_SHIFT))
48
49#define MROUTE_SEC_SHIFT         4
50
51/*
52 * Choose the largest address possible with
53 * any of our supported types, which is IPv6
54 * with port number.
55 */
56#define MR_MAX_ADDR_LEN 20
57
58/*
59 * Address Types
60 */
61#define MR_ADDR_NONE             0
62#define MR_ADDR_ETHER            1
63#define MR_ADDR_IPV4             2
64#define MR_ADDR_IPV6             3
65#define MR_ADDR_MASK             3
66
67/* Address type mask indicating that port # is part of address */
68#define MR_WITH_PORT             4
69
70/* Address type mask indicating that netbits is part of address */
71#define MR_WITH_NETBITS          8
72
73/* Indicates than IPv4 addr was extracted from ARP packet */
74#define MR_ARP                   16
75
76struct mroute_addr {
77  uint8_t len;      /* length of address */
78  uint8_t unused;
79  uint8_t type;     /* MR_ADDR/MR_WITH flags */
80  uint8_t netbits;  /* number of bits in network part of address,
81		       valid if MR_WITH_NETBITS is set */
82  uint8_t addr[MR_MAX_ADDR_LEN];  /* actual address */
83};
84
85/*
86 * Number of bits in an address.  Should be raised for IPv6.
87 */
88#define MR_HELPER_NET_LEN 129
89
90/*
91 * Used to help maintain CIDR routing table.
92 */
93struct mroute_helper {
94  unsigned int cache_generation; /* incremented when route added */
95  int ageable_ttl_secs;          /* host route cache entry time-to-live*/
96  int n_net_len;                 /* length of net_len array */
97  uint8_t net_len[MR_HELPER_NET_LEN];      /* CIDR netlengths in descending order */
98  int net_len_refcount[MR_HELPER_NET_LEN]; /* refcount of each netlength */
99};
100
101struct openvpn_sockaddr;
102
103bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr,
104				      const struct openvpn_sockaddr *osaddr,
105				      bool use_port);
106
107bool mroute_learnable_address (const struct mroute_addr *addr);
108
109uint32_t mroute_addr_hash_function (const void *key, uint32_t iv);
110bool mroute_addr_compare_function (const void *key1, const void *key2);
111
112void mroute_addr_init (struct mroute_addr *addr);
113
114const char *mroute_addr_print (const struct mroute_addr *ma,
115			       struct gc_arena *gc);
116
117#define MAPF_SUBNET            (1<<0)
118#define MAPF_IA_EMPTY_IF_UNDEF (1<<1)
119#define MAPF_SHOW_ARP          (1<<2)
120const char *mroute_addr_print_ex (const struct mroute_addr *ma,
121				  const unsigned int flags,
122				  struct gc_arena *gc);
123
124void mroute_addr_mask_host_bits (struct mroute_addr *ma);
125
126struct mroute_helper *mroute_helper_init (int ageable_ttl_secs);
127void mroute_helper_free (struct mroute_helper *mh);
128void mroute_helper_add_iroute (struct mroute_helper *mh, const struct iroute *ir);
129void mroute_helper_del_iroute (struct mroute_helper *mh, const struct iroute *ir);
130void mroute_helper_add_iroute6 (struct mroute_helper *mh, const struct iroute_ipv6 *ir6);
131void mroute_helper_del_iroute6 (struct mroute_helper *mh, const struct iroute_ipv6 *ir6);
132
133/*
134 * Given a raw packet in buf, return the src and dest
135 * addresses of the packet.
136 */
137static inline unsigned int
138mroute_extract_addr_from_packet (struct mroute_addr *src,
139				 struct mroute_addr *dest,
140				 struct mroute_addr *esrc,
141				 struct mroute_addr *edest,
142				 const struct buffer *buf,
143				 int tunnel_type)
144{
145  unsigned int mroute_extract_addr_ipv4 (struct mroute_addr *src,
146					 struct mroute_addr *dest,
147					 const struct buffer *buf);
148
149  unsigned int mroute_extract_addr_ether (struct mroute_addr *src,
150					  struct mroute_addr *dest,
151					  struct mroute_addr *esrc,
152					  struct mroute_addr *edest,
153					  const struct buffer *buf);
154  unsigned int ret = 0;
155  verify_align_4 (buf);
156  if (tunnel_type == DEV_TYPE_TUN)
157    ret = mroute_extract_addr_ipv4 (src, dest, buf);
158  else if (tunnel_type == DEV_TYPE_TAP)
159    ret = mroute_extract_addr_ether (src, dest, esrc, edest, buf);
160  return ret;
161}
162
163static inline bool
164mroute_addr_equal (const struct mroute_addr *a1, const struct mroute_addr *a2)
165{
166  if (a1->type != a2->type)
167    return false;
168  if (a1->netbits != a2->netbits)
169    return false;
170  if (a1->len != a2->len)
171    return false;
172  return memcmp (a1->addr, a2->addr, a1->len) == 0;
173}
174
175static inline const uint8_t *
176mroute_addr_hash_ptr (const struct mroute_addr *a)
177{
178  /* NOTE: depends on ordering of struct mroute_addr */
179  return (uint8_t *) &a->type;
180}
181
182static inline uint32_t
183mroute_addr_hash_len (const struct mroute_addr *a)
184{
185  return (uint32_t) a->len + 2;
186}
187
188static inline void
189mroute_extract_in_addr_t (struct mroute_addr *dest, const in_addr_t src)
190{
191  dest->type = MR_ADDR_IPV4;
192  dest->netbits = 0;
193  dest->len = 4;
194  *(in_addr_t*)dest->addr = htonl (src);
195}
196
197static inline in_addr_t
198in_addr_t_from_mroute_addr (const struct mroute_addr *addr)
199{
200  if ((addr->type & MR_ADDR_MASK) == MR_ADDR_IPV4 && addr->netbits == 0 && addr->len == 4)
201    return ntohl(*(in_addr_t*)addr->addr);
202  else
203    return 0;
204}
205
206static inline void
207mroute_addr_reset (struct mroute_addr *ma)
208{
209  ma->len = 0;
210  ma->type = MR_ADDR_NONE;
211}
212
213#endif /* P2MP_SERVER */
214#endif /* MROUTE_H */
215