*-inline.h files are not very useful anymore.
In the attempt of cleaning up the code some more,
merge them into their main header files.
At the same time, move functions from forward.h
to forward.c, when they are used only in the latter.
No functional change is part of this patch.
Cc: Steffan Karger <steffan@karger.me>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20171112084830.22912-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15838.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -56,7 +56,7 @@ openvpn_SOURCES = \ |
56 | 56 |
error.c error.h \ |
57 | 57 |
event.c event.h \ |
58 | 58 |
fdmisc.c fdmisc.h \ |
59 |
- forward.c forward.h forward-inline.h \ |
|
59 |
+ forward.c forward.h \ |
|
60 | 60 |
fragment.c fragment.h \ |
61 | 61 |
gremlin.c gremlin.h \ |
62 | 62 |
helper.c helper.h \ |
... | ... |
@@ -81,7 +81,7 @@ openvpn_SOURCES = \ |
81 | 81 |
mudp.c mudp.h \ |
82 | 82 |
multi.c multi.h \ |
83 | 83 |
ntlm.c ntlm.h \ |
84 |
- occ.c occ.h occ-inline.h \ |
|
84 |
+ occ.c occ.h \ |
|
85 | 85 |
openssl_compat.h \ |
86 | 86 |
pkcs11.c pkcs11.h pkcs11_backend.h \ |
87 | 87 |
pkcs11_openssl.c \ |
... | ... |
@@ -91,8 +91,8 @@ openvpn_SOURCES = \ |
91 | 91 |
otime.c otime.h \ |
92 | 92 |
packet_id.c packet_id.h \ |
93 | 93 |
perf.c perf.h \ |
94 |
- pf.c pf.h pf-inline.h \ |
|
95 |
- ping.c ping.h ping-inline.h \ |
|
94 |
+ pf.c pf.h \ |
|
95 |
+ ping.c ping.h \ |
|
96 | 96 |
plugin.c plugin.h \ |
97 | 97 |
pool.c pool.h \ |
98 | 98 |
proto.c proto.h \ |
99 | 99 |
deleted file mode 100644 |
... | ... |
@@ -1,335 +0,0 @@ |
1 |
-/* |
|
2 |
- * OpenVPN -- An application to securely tunnel IP networks |
|
3 |
- * over a single TCP/UDP port, with support for SSL/TLS-based |
|
4 |
- * session authentication and key exchange, |
|
5 |
- * packet encryption, packet authentication, and |
|
6 |
- * packet compression. |
|
7 |
- * |
|
8 |
- * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> |
|
9 |
- * |
|
10 |
- * This program is free software; you can redistribute it and/or modify |
|
11 |
- * it under the terms of the GNU General Public License version 2 |
|
12 |
- * as published by the Free Software Foundation. |
|
13 |
- * |
|
14 |
- * This program is distributed in the hope that it will be useful, |
|
15 |
- * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
16 |
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
17 |
- * GNU General Public License for more details. |
|
18 |
- * |
|
19 |
- * You should have received a copy of the GNU General Public License along |
|
20 |
- * with this program; if not, write to the Free Software Foundation, Inc., |
|
21 |
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|
22 |
- */ |
|
23 |
- |
|
24 |
-#ifndef FORWARD_INLINE_H |
|
25 |
-#define FORWARD_INLINE_H |
|
26 |
- |
|
27 |
-/* |
|
28 |
- * Inline functions |
|
29 |
- */ |
|
30 |
- |
|
31 |
-/* |
|
32 |
- * Does TLS session need service? |
|
33 |
- */ |
|
34 |
-static inline void |
|
35 |
-check_tls(struct context *c) |
|
36 |
-{ |
|
37 |
- void check_tls_dowork(struct context *c); |
|
38 |
- |
|
39 |
- if (c->c2.tls_multi) |
|
40 |
- { |
|
41 |
- check_tls_dowork(c); |
|
42 |
- } |
|
43 |
-} |
|
44 |
- |
|
45 |
-/* |
|
46 |
- * TLS errors are fatal in TCP mode. |
|
47 |
- * Also check for --tls-exit trigger. |
|
48 |
- */ |
|
49 |
-static inline void |
|
50 |
-check_tls_errors(struct context *c) |
|
51 |
-{ |
|
52 |
- void check_tls_errors_co(struct context *c); |
|
53 |
- |
|
54 |
- void check_tls_errors_nco(struct context *c); |
|
55 |
- |
|
56 |
- if (c->c2.tls_multi && c->c2.tls_exit_signal) |
|
57 |
- { |
|
58 |
- if (link_socket_connection_oriented(c->c2.link_socket)) |
|
59 |
- { |
|
60 |
- if (c->c2.tls_multi->n_soft_errors) |
|
61 |
- { |
|
62 |
- check_tls_errors_co(c); |
|
63 |
- } |
|
64 |
- } |
|
65 |
- else |
|
66 |
- { |
|
67 |
- if (c->c2.tls_multi->n_hard_errors) |
|
68 |
- { |
|
69 |
- check_tls_errors_nco(c); |
|
70 |
- } |
|
71 |
- } |
|
72 |
- } |
|
73 |
-} |
|
74 |
- |
|
75 |
-/* |
|
76 |
- * Check for possible incoming configuration |
|
77 |
- * messages on the control channel. |
|
78 |
- */ |
|
79 |
-static inline void |
|
80 |
-check_incoming_control_channel(struct context *c) |
|
81 |
-{ |
|
82 |
-#if P2MP |
|
83 |
- void check_incoming_control_channel_dowork(struct context *c); |
|
84 |
- |
|
85 |
- if (tls_test_payload_len(c->c2.tls_multi) > 0) |
|
86 |
- { |
|
87 |
- check_incoming_control_channel_dowork(c); |
|
88 |
- } |
|
89 |
-#endif |
|
90 |
-} |
|
91 |
- |
|
92 |
-/* |
|
93 |
- * Options like --up-delay need to be triggered by this function which |
|
94 |
- * checks for connection establishment. |
|
95 |
- */ |
|
96 |
-static inline void |
|
97 |
-check_connection_established(struct context *c) |
|
98 |
-{ |
|
99 |
- void check_connection_established_dowork(struct context *c); |
|
100 |
- |
|
101 |
- if (event_timeout_defined(&c->c2.wait_for_connect)) |
|
102 |
- { |
|
103 |
- check_connection_established_dowork(c); |
|
104 |
- } |
|
105 |
-} |
|
106 |
- |
|
107 |
-/* |
|
108 |
- * Should we add routes? |
|
109 |
- */ |
|
110 |
-static inline void |
|
111 |
-check_add_routes(struct context *c) |
|
112 |
-{ |
|
113 |
- void check_add_routes_dowork(struct context *c); |
|
114 |
- |
|
115 |
- if (event_timeout_trigger(&c->c2.route_wakeup, &c->c2.timeval, ETT_DEFAULT)) |
|
116 |
- { |
|
117 |
- check_add_routes_dowork(c); |
|
118 |
- } |
|
119 |
-} |
|
120 |
- |
|
121 |
-/* |
|
122 |
- * Should we exit due to inactivity timeout? |
|
123 |
- */ |
|
124 |
-static inline void |
|
125 |
-check_inactivity_timeout(struct context *c) |
|
126 |
-{ |
|
127 |
- void check_inactivity_timeout_dowork(struct context *c); |
|
128 |
- |
|
129 |
- if (c->options.inactivity_timeout |
|
130 |
- && event_timeout_trigger(&c->c2.inactivity_interval, &c->c2.timeval, ETT_DEFAULT)) |
|
131 |
- { |
|
132 |
- check_inactivity_timeout_dowork(c); |
|
133 |
- } |
|
134 |
-} |
|
135 |
- |
|
136 |
-#if P2MP |
|
137 |
- |
|
138 |
-static inline void |
|
139 |
-check_server_poll_timeout(struct context *c) |
|
140 |
-{ |
|
141 |
- void check_server_poll_timeout_dowork(struct context *c); |
|
142 |
- |
|
143 |
- if (c->options.ce.connect_timeout |
|
144 |
- && event_timeout_trigger(&c->c2.server_poll_interval, &c->c2.timeval, ETT_DEFAULT)) |
|
145 |
- { |
|
146 |
- check_server_poll_timeout_dowork(c); |
|
147 |
- } |
|
148 |
-} |
|
149 |
- |
|
150 |
-/* |
|
151 |
- * Scheduled exit? |
|
152 |
- */ |
|
153 |
-static inline void |
|
154 |
-check_scheduled_exit(struct context *c) |
|
155 |
-{ |
|
156 |
- void check_scheduled_exit_dowork(struct context *c); |
|
157 |
- |
|
158 |
- if (event_timeout_defined(&c->c2.scheduled_exit)) |
|
159 |
- { |
|
160 |
- if (event_timeout_trigger(&c->c2.scheduled_exit, &c->c2.timeval, ETT_DEFAULT)) |
|
161 |
- { |
|
162 |
- check_scheduled_exit_dowork(c); |
|
163 |
- } |
|
164 |
- } |
|
165 |
-} |
|
166 |
-#endif /* if P2MP */ |
|
167 |
- |
|
168 |
-/* |
|
169 |
- * Should we write timer-triggered status file. |
|
170 |
- */ |
|
171 |
-static inline void |
|
172 |
-check_status_file(struct context *c) |
|
173 |
-{ |
|
174 |
- void check_status_file_dowork(struct context *c); |
|
175 |
- |
|
176 |
- if (c->c1.status_output) |
|
177 |
- { |
|
178 |
- if (status_trigger_tv(c->c1.status_output, &c->c2.timeval)) |
|
179 |
- { |
|
180 |
- check_status_file_dowork(c); |
|
181 |
- } |
|
182 |
- } |
|
183 |
-} |
|
184 |
- |
|
185 |
-#ifdef ENABLE_FRAGMENT |
|
186 |
-/* |
|
187 |
- * Should we deliver a datagram fragment to remote? |
|
188 |
- */ |
|
189 |
-static inline void |
|
190 |
-check_fragment(struct context *c) |
|
191 |
-{ |
|
192 |
- void check_fragment_dowork(struct context *c); |
|
193 |
- |
|
194 |
- if (c->c2.fragment) |
|
195 |
- { |
|
196 |
- check_fragment_dowork(c); |
|
197 |
- } |
|
198 |
-} |
|
199 |
-#endif |
|
200 |
- |
|
201 |
-#if P2MP |
|
202 |
- |
|
203 |
-/* |
|
204 |
- * see if we should send a push_request in response to --pull |
|
205 |
- */ |
|
206 |
-static inline void |
|
207 |
-check_push_request(struct context *c) |
|
208 |
-{ |
|
209 |
- void check_push_request_dowork(struct context *c); |
|
210 |
- |
|
211 |
- if (event_timeout_trigger(&c->c2.push_request_interval, &c->c2.timeval, ETT_DEFAULT)) |
|
212 |
- { |
|
213 |
- check_push_request_dowork(c); |
|
214 |
- } |
|
215 |
-} |
|
216 |
- |
|
217 |
-#endif |
|
218 |
- |
|
219 |
-/* |
|
220 |
- * Should we persist our anti-replay packet ID state to disk? |
|
221 |
- */ |
|
222 |
-static inline void |
|
223 |
-check_packet_id_persist_flush(struct context *c) |
|
224 |
-{ |
|
225 |
- if (packet_id_persist_enabled(&c->c1.pid_persist) |
|
226 |
- && event_timeout_trigger(&c->c2.packet_id_persist_interval, &c->c2.timeval, ETT_DEFAULT)) |
|
227 |
- { |
|
228 |
- packet_id_persist_save(&c->c1.pid_persist); |
|
229 |
- } |
|
230 |
-} |
|
231 |
- |
|
232 |
-/* |
|
233 |
- * Set our wakeup to 0 seconds, so we will be rescheduled |
|
234 |
- * immediately. |
|
235 |
- */ |
|
236 |
-static inline void |
|
237 |
-context_immediate_reschedule(struct context *c) |
|
238 |
-{ |
|
239 |
- c->c2.timeval.tv_sec = 0; /* ZERO-TIMEOUT */ |
|
240 |
- c->c2.timeval.tv_usec = 0; |
|
241 |
-} |
|
242 |
- |
|
243 |
-static inline void |
|
244 |
-context_reschedule_sec(struct context *c, int sec) |
|
245 |
-{ |
|
246 |
- if (sec < 0) |
|
247 |
- { |
|
248 |
- sec = 0; |
|
249 |
- } |
|
250 |
- if (sec < c->c2.timeval.tv_sec) |
|
251 |
- { |
|
252 |
- c->c2.timeval.tv_sec = sec; |
|
253 |
- c->c2.timeval.tv_usec = 0; |
|
254 |
- } |
|
255 |
-} |
|
256 |
- |
|
257 |
-static inline struct link_socket_info * |
|
258 |
-get_link_socket_info(struct context *c) |
|
259 |
-{ |
|
260 |
- if (c->c2.link_socket_info) |
|
261 |
- { |
|
262 |
- return c->c2.link_socket_info; |
|
263 |
- } |
|
264 |
- else |
|
265 |
- { |
|
266 |
- return &c->c2.link_socket->info; |
|
267 |
- } |
|
268 |
-} |
|
269 |
- |
|
270 |
-static inline void |
|
271 |
-register_activity(struct context *c, const int size) |
|
272 |
-{ |
|
273 |
- if (c->options.inactivity_timeout) |
|
274 |
- { |
|
275 |
- c->c2.inactivity_bytes += size; |
|
276 |
- if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes) |
|
277 |
- { |
|
278 |
- c->c2.inactivity_bytes = 0; |
|
279 |
- event_timeout_reset(&c->c2.inactivity_interval); |
|
280 |
- } |
|
281 |
- } |
|
282 |
-} |
|
283 |
- |
|
284 |
-/* |
|
285 |
- * Return the io_wait() flags appropriate for |
|
286 |
- * a point-to-point tunnel. |
|
287 |
- */ |
|
288 |
-static inline unsigned int |
|
289 |
-p2p_iow_flags(const struct context *c) |
|
290 |
-{ |
|
291 |
- unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL); |
|
292 |
- if (c->c2.to_link.len > 0) |
|
293 |
- { |
|
294 |
- flags |= IOW_TO_LINK; |
|
295 |
- } |
|
296 |
- if (c->c2.to_tun.len > 0) |
|
297 |
- { |
|
298 |
- flags |= IOW_TO_TUN; |
|
299 |
- } |
|
300 |
- return flags; |
|
301 |
-} |
|
302 |
- |
|
303 |
-/* |
|
304 |
- * This is the core I/O wait function, used for all I/O waits except |
|
305 |
- * for TCP in server mode. |
|
306 |
- */ |
|
307 |
-static inline void |
|
308 |
-io_wait(struct context *c, const unsigned int flags) |
|
309 |
-{ |
|
310 |
- void io_wait_dowork(struct context *c, const unsigned int flags); |
|
311 |
- |
|
312 |
- if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF))) |
|
313 |
- { |
|
314 |
- /* fast path -- only for TUN/TAP/UDP writes */ |
|
315 |
- unsigned int ret = 0; |
|
316 |
- if (flags & IOW_TO_TUN) |
|
317 |
- { |
|
318 |
- ret |= TUN_WRITE; |
|
319 |
- } |
|
320 |
- if (flags & (IOW_TO_LINK|IOW_MBUF)) |
|
321 |
- { |
|
322 |
- ret |= SOCKET_WRITE; |
|
323 |
- } |
|
324 |
- c->c2.event_set_status = ret; |
|
325 |
- } |
|
326 |
- else |
|
327 |
- { |
|
328 |
- /* slow path */ |
|
329 |
- io_wait_dowork(c, flags); |
|
330 |
- } |
|
331 |
-} |
|
332 |
- |
|
333 |
-#define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established) |
|
334 |
- |
|
335 |
-#endif /* EVENT_INLINE_H */ |
... | ... |
@@ -35,6 +35,9 @@ |
35 | 35 |
#include "gremlin.h" |
36 | 36 |
#include "mss.h" |
37 | 37 |
#include "event.h" |
38 |
+#include "occ.h" |
|
39 |
+#include "pf.h" |
|
40 |
+#include "ping.h" |
|
38 | 41 |
#include "ps.h" |
39 | 42 |
#include "dhcp.h" |
40 | 43 |
#include "common.h" |
... | ... |
@@ -42,9 +45,6 @@ |
42 | 42 |
|
43 | 43 |
#include "memdbg.h" |
44 | 44 |
|
45 |
-#include "forward-inline.h" |
|
46 |
-#include "occ-inline.h" |
|
47 |
-#include "ping-inline.h" |
|
48 | 45 |
#include "mstats.h" |
49 | 46 |
|
50 | 47 |
counter_type link_read_bytes_global; /* GLOBAL */ |
... | ... |
@@ -78,6 +78,232 @@ show_wait_status(struct context *c) |
78 | 78 |
#endif /* ifdef ENABLE_DEBUG */ |
79 | 79 |
|
80 | 80 |
/* |
81 |
+ * Does TLS session need service? |
|
82 |
+ */ |
|
83 |
+static inline void |
|
84 |
+check_tls(struct context *c) |
|
85 |
+{ |
|
86 |
+ void check_tls_dowork(struct context *c); |
|
87 |
+ |
|
88 |
+ if (c->c2.tls_multi) |
|
89 |
+ { |
|
90 |
+ check_tls_dowork(c); |
|
91 |
+ } |
|
92 |
+} |
|
93 |
+ |
|
94 |
+/* |
|
95 |
+ * TLS errors are fatal in TCP mode. |
|
96 |
+ * Also check for --tls-exit trigger. |
|
97 |
+ */ |
|
98 |
+static inline void |
|
99 |
+check_tls_errors(struct context *c) |
|
100 |
+{ |
|
101 |
+ void check_tls_errors_co(struct context *c); |
|
102 |
+ |
|
103 |
+ void check_tls_errors_nco(struct context *c); |
|
104 |
+ |
|
105 |
+ if (c->c2.tls_multi && c->c2.tls_exit_signal) |
|
106 |
+ { |
|
107 |
+ if (link_socket_connection_oriented(c->c2.link_socket)) |
|
108 |
+ { |
|
109 |
+ if (c->c2.tls_multi->n_soft_errors) |
|
110 |
+ { |
|
111 |
+ check_tls_errors_co(c); |
|
112 |
+ } |
|
113 |
+ } |
|
114 |
+ else |
|
115 |
+ { |
|
116 |
+ if (c->c2.tls_multi->n_hard_errors) |
|
117 |
+ { |
|
118 |
+ check_tls_errors_nco(c); |
|
119 |
+ } |
|
120 |
+ } |
|
121 |
+ } |
|
122 |
+} |
|
123 |
+ |
|
124 |
+/* |
|
125 |
+ * Check for possible incoming configuration |
|
126 |
+ * messages on the control channel. |
|
127 |
+ */ |
|
128 |
+static inline void |
|
129 |
+check_incoming_control_channel(struct context *c) |
|
130 |
+{ |
|
131 |
+#if P2MP |
|
132 |
+ void check_incoming_control_channel_dowork(struct context *c); |
|
133 |
+ |
|
134 |
+ if (tls_test_payload_len(c->c2.tls_multi) > 0) |
|
135 |
+ { |
|
136 |
+ check_incoming_control_channel_dowork(c); |
|
137 |
+ } |
|
138 |
+#endif |
|
139 |
+} |
|
140 |
+ |
|
141 |
+/* |
|
142 |
+ * Options like --up-delay need to be triggered by this function which |
|
143 |
+ * checks for connection establishment. |
|
144 |
+ */ |
|
145 |
+static inline void |
|
146 |
+check_connection_established(struct context *c) |
|
147 |
+{ |
|
148 |
+ void check_connection_established_dowork(struct context *c); |
|
149 |
+ |
|
150 |
+ if (event_timeout_defined(&c->c2.wait_for_connect)) |
|
151 |
+ { |
|
152 |
+ check_connection_established_dowork(c); |
|
153 |
+ } |
|
154 |
+} |
|
155 |
+ |
|
156 |
+/* |
|
157 |
+ * Should we add routes? |
|
158 |
+ */ |
|
159 |
+static inline void |
|
160 |
+check_add_routes(struct context *c) |
|
161 |
+{ |
|
162 |
+ void check_add_routes_dowork(struct context *c); |
|
163 |
+ |
|
164 |
+ if (event_timeout_trigger(&c->c2.route_wakeup, &c->c2.timeval, ETT_DEFAULT)) |
|
165 |
+ { |
|
166 |
+ check_add_routes_dowork(c); |
|
167 |
+ } |
|
168 |
+} |
|
169 |
+ |
|
170 |
+/* |
|
171 |
+ * Should we exit due to inactivity timeout? |
|
172 |
+ */ |
|
173 |
+static inline void |
|
174 |
+check_inactivity_timeout(struct context *c) |
|
175 |
+{ |
|
176 |
+ void check_inactivity_timeout_dowork(struct context *c); |
|
177 |
+ |
|
178 |
+ if (c->options.inactivity_timeout |
|
179 |
+ && event_timeout_trigger(&c->c2.inactivity_interval, &c->c2.timeval, ETT_DEFAULT)) |
|
180 |
+ { |
|
181 |
+ check_inactivity_timeout_dowork(c); |
|
182 |
+ } |
|
183 |
+} |
|
184 |
+ |
|
185 |
+#if P2MP |
|
186 |
+ |
|
187 |
+static inline void |
|
188 |
+check_server_poll_timeout(struct context *c) |
|
189 |
+{ |
|
190 |
+ void check_server_poll_timeout_dowork(struct context *c); |
|
191 |
+ |
|
192 |
+ if (c->options.ce.connect_timeout |
|
193 |
+ && event_timeout_trigger(&c->c2.server_poll_interval, &c->c2.timeval, ETT_DEFAULT)) |
|
194 |
+ { |
|
195 |
+ check_server_poll_timeout_dowork(c); |
|
196 |
+ } |
|
197 |
+} |
|
198 |
+ |
|
199 |
+/* |
|
200 |
+ * Scheduled exit? |
|
201 |
+ */ |
|
202 |
+static inline void |
|
203 |
+check_scheduled_exit(struct context *c) |
|
204 |
+{ |
|
205 |
+ void check_scheduled_exit_dowork(struct context *c); |
|
206 |
+ |
|
207 |
+ if (event_timeout_defined(&c->c2.scheduled_exit)) |
|
208 |
+ { |
|
209 |
+ if (event_timeout_trigger(&c->c2.scheduled_exit, &c->c2.timeval, ETT_DEFAULT)) |
|
210 |
+ { |
|
211 |
+ check_scheduled_exit_dowork(c); |
|
212 |
+ } |
|
213 |
+ } |
|
214 |
+} |
|
215 |
+#endif /* if P2MP */ |
|
216 |
+ |
|
217 |
+/* |
|
218 |
+ * Should we write timer-triggered status file. |
|
219 |
+ */ |
|
220 |
+static inline void |
|
221 |
+check_status_file(struct context *c) |
|
222 |
+{ |
|
223 |
+ void check_status_file_dowork(struct context *c); |
|
224 |
+ |
|
225 |
+ if (c->c1.status_output) |
|
226 |
+ { |
|
227 |
+ if (status_trigger_tv(c->c1.status_output, &c->c2.timeval)) |
|
228 |
+ { |
|
229 |
+ check_status_file_dowork(c); |
|
230 |
+ } |
|
231 |
+ } |
|
232 |
+} |
|
233 |
+ |
|
234 |
+#ifdef ENABLE_FRAGMENT |
|
235 |
+/* |
|
236 |
+ * Should we deliver a datagram fragment to remote? |
|
237 |
+ */ |
|
238 |
+static inline void |
|
239 |
+check_fragment(struct context *c) |
|
240 |
+{ |
|
241 |
+ void check_fragment_dowork(struct context *c); |
|
242 |
+ |
|
243 |
+ if (c->c2.fragment) |
|
244 |
+ { |
|
245 |
+ check_fragment_dowork(c); |
|
246 |
+ } |
|
247 |
+} |
|
248 |
+#endif |
|
249 |
+ |
|
250 |
+#if P2MP |
|
251 |
+ |
|
252 |
+/* |
|
253 |
+ * see if we should send a push_request in response to --pull |
|
254 |
+ */ |
|
255 |
+static inline void |
|
256 |
+check_push_request(struct context *c) |
|
257 |
+{ |
|
258 |
+ void check_push_request_dowork(struct context *c); |
|
259 |
+ |
|
260 |
+ if (event_timeout_trigger(&c->c2.push_request_interval, &c->c2.timeval, ETT_DEFAULT)) |
|
261 |
+ { |
|
262 |
+ check_push_request_dowork(c); |
|
263 |
+ } |
|
264 |
+} |
|
265 |
+ |
|
266 |
+#endif |
|
267 |
+ |
|
268 |
+/* |
|
269 |
+ * Should we persist our anti-replay packet ID state to disk? |
|
270 |
+ */ |
|
271 |
+static inline void |
|
272 |
+check_packet_id_persist_flush(struct context *c) |
|
273 |
+{ |
|
274 |
+ if (packet_id_persist_enabled(&c->c1.pid_persist) |
|
275 |
+ && event_timeout_trigger(&c->c2.packet_id_persist_interval, &c->c2.timeval, ETT_DEFAULT)) |
|
276 |
+ { |
|
277 |
+ packet_id_persist_save(&c->c1.pid_persist); |
|
278 |
+ } |
|
279 |
+} |
|
280 |
+ |
|
281 |
+/* |
|
282 |
+ * Set our wakeup to 0 seconds, so we will be rescheduled |
|
283 |
+ * immediately. |
|
284 |
+ */ |
|
285 |
+static inline void |
|
286 |
+context_immediate_reschedule(struct context *c) |
|
287 |
+{ |
|
288 |
+ c->c2.timeval.tv_sec = 0; /* ZERO-TIMEOUT */ |
|
289 |
+ c->c2.timeval.tv_usec = 0; |
|
290 |
+} |
|
291 |
+ |
|
292 |
+static inline void |
|
293 |
+context_reschedule_sec(struct context *c, int sec) |
|
294 |
+{ |
|
295 |
+ if (sec < 0) |
|
296 |
+ { |
|
297 |
+ sec = 0; |
|
298 |
+ } |
|
299 |
+ if (sec < c->c2.timeval.tv_sec) |
|
300 |
+ { |
|
301 |
+ c->c2.timeval.tv_sec = sec; |
|
302 |
+ c->c2.timeval.tv_usec = 0; |
|
303 |
+ } |
|
304 |
+} |
|
305 |
+ |
|
306 |
+/* |
|
81 | 307 |
* In TLS mode, let TLS level respond to any control-channel |
82 | 308 |
* packets which were received, or prepare any packets for |
83 | 309 |
* transmission. |
... | ... |
@@ -31,9 +31,9 @@ |
31 | 31 |
#ifndef FORWARD_H |
32 | 32 |
#define FORWARD_H |
33 | 33 |
|
34 |
-#include "openvpn.h" |
|
35 |
-#include "occ.h" |
|
36 |
-#include "ping.h" |
|
34 |
+/* the following macros must be defined before including any other header |
|
35 |
+ * file |
|
36 |
+ */ |
|
37 | 37 |
|
38 | 38 |
#define TUN_OUT(c) (BLEN(&(c)->c2.to_tun) > 0) |
39 | 39 |
#define LINK_OUT(c) (BLEN(&(c)->c2.to_link) > 0) |
... | ... |
@@ -47,6 +47,10 @@ |
47 | 47 |
|
48 | 48 |
#define TO_LINK_DEF(c) (LINK_OUT(c) || TO_LINK_FRAG(c)) |
49 | 49 |
|
50 |
+#include "openvpn.h" |
|
51 |
+#include "occ.h" |
|
52 |
+#include "ping.h" |
|
53 |
+ |
|
50 | 54 |
#define IOW_TO_TUN (1<<0) |
51 | 55 |
#define IOW_TO_LINK (1<<1) |
52 | 56 |
#define IOW_READ_TUN (1<<2) |
... | ... |
@@ -262,4 +266,82 @@ void schedule_exit(struct context *c, const int n_seconds, const int signal); |
262 | 262 |
|
263 | 263 |
#endif |
264 | 264 |
|
265 |
+static inline struct link_socket_info * |
|
266 |
+get_link_socket_info(struct context *c) |
|
267 |
+{ |
|
268 |
+ if (c->c2.link_socket_info) |
|
269 |
+ { |
|
270 |
+ return c->c2.link_socket_info; |
|
271 |
+ } |
|
272 |
+ else |
|
273 |
+ { |
|
274 |
+ return &c->c2.link_socket->info; |
|
275 |
+ } |
|
276 |
+} |
|
277 |
+ |
|
278 |
+static inline void |
|
279 |
+register_activity(struct context *c, const int size) |
|
280 |
+{ |
|
281 |
+ if (c->options.inactivity_timeout) |
|
282 |
+ { |
|
283 |
+ c->c2.inactivity_bytes += size; |
|
284 |
+ if (c->c2.inactivity_bytes >= c->options.inactivity_minimum_bytes) |
|
285 |
+ { |
|
286 |
+ c->c2.inactivity_bytes = 0; |
|
287 |
+ event_timeout_reset(&c->c2.inactivity_interval); |
|
288 |
+ } |
|
289 |
+ } |
|
290 |
+} |
|
291 |
+ |
|
292 |
+/* |
|
293 |
+ * Return the io_wait() flags appropriate for |
|
294 |
+ * a point-to-point tunnel. |
|
295 |
+ */ |
|
296 |
+static inline unsigned int |
|
297 |
+p2p_iow_flags(const struct context *c) |
|
298 |
+{ |
|
299 |
+ unsigned int flags = (IOW_SHAPER|IOW_CHECK_RESIDUAL|IOW_FRAG|IOW_READ|IOW_WAIT_SIGNAL); |
|
300 |
+ if (c->c2.to_link.len > 0) |
|
301 |
+ { |
|
302 |
+ flags |= IOW_TO_LINK; |
|
303 |
+ } |
|
304 |
+ if (c->c2.to_tun.len > 0) |
|
305 |
+ { |
|
306 |
+ flags |= IOW_TO_TUN; |
|
307 |
+ } |
|
308 |
+ return flags; |
|
309 |
+} |
|
310 |
+ |
|
311 |
+/* |
|
312 |
+ * This is the core I/O wait function, used for all I/O waits except |
|
313 |
+ * for TCP in server mode. |
|
314 |
+ */ |
|
315 |
+static inline void |
|
316 |
+io_wait(struct context *c, const unsigned int flags) |
|
317 |
+{ |
|
318 |
+ void io_wait_dowork(struct context *c, const unsigned int flags); |
|
319 |
+ |
|
320 |
+ if (c->c2.fast_io && (flags & (IOW_TO_TUN|IOW_TO_LINK|IOW_MBUF))) |
|
321 |
+ { |
|
322 |
+ /* fast path -- only for TUN/TAP/UDP writes */ |
|
323 |
+ unsigned int ret = 0; |
|
324 |
+ if (flags & IOW_TO_TUN) |
|
325 |
+ { |
|
326 |
+ ret |= TUN_WRITE; |
|
327 |
+ } |
|
328 |
+ if (flags & (IOW_TO_LINK|IOW_MBUF)) |
|
329 |
+ { |
|
330 |
+ ret |= SOCKET_WRITE; |
|
331 |
+ } |
|
332 |
+ c->c2.event_set_status = ret; |
|
333 |
+ } |
|
334 |
+ else |
|
335 |
+ { |
|
336 |
+ /* slow path */ |
|
337 |
+ io_wait_dowork(c, flags); |
|
338 |
+ } |
|
339 |
+} |
|
340 |
+ |
|
341 |
+#define CONNECTION_ESTABLISHED(c) (get_link_socket_info(c)->connection_established) |
|
342 |
+ |
|
265 | 343 |
#endif /* FORWARD_H */ |
... | ... |
@@ -42,6 +42,7 @@ |
42 | 42 |
#include "otime.h" |
43 | 43 |
#include "pool.h" |
44 | 44 |
#include "gremlin.h" |
45 |
+#include "occ.h" |
|
45 | 46 |
#include "pkcs11.h" |
46 | 47 |
#include "ps.h" |
47 | 48 |
#include "lladdr.h" |
... | ... |
@@ -49,11 +50,10 @@ |
49 | 49 |
#include "mstats.h" |
50 | 50 |
#include "ssl_verify.h" |
51 | 51 |
#include "tls_crypt.h" |
52 |
-#include "forward-inline.h" |
|
52 |
+#include "forward.h" |
|
53 | 53 |
|
54 | 54 |
#include "memdbg.h" |
55 | 55 |
|
56 |
-#include "occ-inline.h" |
|
57 | 56 |
|
58 | 57 |
static struct context *static_context; /* GLOBAL */ |
59 | 58 |
|
... | ... |
@@ -36,10 +36,12 @@ |
36 | 36 |
|
37 | 37 |
#if P2MP_SERVER |
38 | 38 |
|
39 |
+#include "forward.h" |
|
39 | 40 |
#include "multi.h" |
40 | 41 |
#include "push.h" |
41 | 42 |
#include "run_command.h" |
42 | 43 |
#include "otime.h" |
44 |
+#include "pf.h" |
|
43 | 45 |
#include "gremlin.h" |
44 | 46 |
#include "mstats.h" |
45 | 47 |
#include "ssl_verify.h" |
... | ... |
@@ -47,8 +49,6 @@ |
47 | 47 |
|
48 | 48 |
#include "memdbg.h" |
49 | 49 |
|
50 |
-#include "forward-inline.h" |
|
51 |
-#include "pf-inline.h" |
|
52 | 50 |
|
53 | 51 |
#include "crypto_backend.h" |
54 | 52 |
|
55 | 53 |
deleted file mode 100644 |
... | ... |
@@ -1,95 +0,0 @@ |
1 |
-/* |
|
2 |
- * OpenVPN -- An application to securely tunnel IP networks |
|
3 |
- * over a single TCP/UDP port, with support for SSL/TLS-based |
|
4 |
- * session authentication and key exchange, |
|
5 |
- * packet encryption, packet authentication, and |
|
6 |
- * packet compression. |
|
7 |
- * |
|
8 |
- * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> |
|
9 |
- * |
|
10 |
- * This program is free software; you can redistribute it and/or modify |
|
11 |
- * it under the terms of the GNU General Public License version 2 |
|
12 |
- * as published by the Free Software Foundation. |
|
13 |
- * |
|
14 |
- * This program is distributed in the hope that it will be useful, |
|
15 |
- * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
16 |
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
17 |
- * GNU General Public License for more details. |
|
18 |
- * |
|
19 |
- * You should have received a copy of the GNU General Public License along |
|
20 |
- * with this program; if not, write to the Free Software Foundation, Inc., |
|
21 |
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|
22 |
- */ |
|
23 |
- |
|
24 |
-#ifndef OCC_INLINE_H |
|
25 |
-#define OCC_INLINE_H |
|
26 |
- |
|
27 |
-#ifdef ENABLE_OCC |
|
28 |
- |
|
29 |
-/* |
|
30 |
- * Inline functions |
|
31 |
- */ |
|
32 |
- |
|
33 |
-static inline int |
|
34 |
-occ_reset_op(void) |
|
35 |
-{ |
|
36 |
- return -1; |
|
37 |
-} |
|
38 |
- |
|
39 |
-/* |
|
40 |
- * Should we send an OCC_REQUEST message? |
|
41 |
- */ |
|
42 |
-static inline void |
|
43 |
-check_send_occ_req(struct context *c) |
|
44 |
-{ |
|
45 |
- void check_send_occ_req_dowork(struct context *c); |
|
46 |
- |
|
47 |
- if (event_timeout_defined(&c->c2.occ_interval) |
|
48 |
- && event_timeout_trigger(&c->c2.occ_interval, |
|
49 |
- &c->c2.timeval, |
|
50 |
- (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) |
|
51 |
- { |
|
52 |
- check_send_occ_req_dowork(c); |
|
53 |
- } |
|
54 |
-} |
|
55 |
- |
|
56 |
-/* |
|
57 |
- * Should we send an MTU load test? |
|
58 |
- */ |
|
59 |
-static inline void |
|
60 |
-check_send_occ_load_test(struct context *c) |
|
61 |
-{ |
|
62 |
- void check_send_occ_load_test_dowork(struct context *c); |
|
63 |
- |
|
64 |
- if (event_timeout_defined(&c->c2.occ_mtu_load_test_interval) |
|
65 |
- && event_timeout_trigger(&c->c2.occ_mtu_load_test_interval, |
|
66 |
- &c->c2.timeval, |
|
67 |
- (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) |
|
68 |
- { |
|
69 |
- check_send_occ_load_test_dowork(c); |
|
70 |
- } |
|
71 |
-} |
|
72 |
- |
|
73 |
-/* |
|
74 |
- * Should we send an OCC message? |
|
75 |
- */ |
|
76 |
-static inline void |
|
77 |
-check_send_occ_msg(struct context *c) |
|
78 |
-{ |
|
79 |
- void check_send_occ_msg_dowork(struct context *c); |
|
80 |
- |
|
81 |
- if (c->c2.occ_op >= 0) |
|
82 |
- { |
|
83 |
- if (!TO_LINK_DEF(c)) |
|
84 |
- { |
|
85 |
- check_send_occ_msg_dowork(c); |
|
86 |
- } |
|
87 |
- else |
|
88 |
- { |
|
89 |
- tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */ |
|
90 |
- } |
|
91 |
- } |
|
92 |
-} |
|
93 |
- |
|
94 |
-#endif /* ifdef ENABLE_OCC */ |
|
95 |
-#endif /* ifndef OCC_INLINE_H */ |
... | ... |
@@ -90,5 +90,66 @@ is_occ_msg(const struct buffer *buf) |
90 | 90 |
|
91 | 91 |
void process_received_occ_msg(struct context *c); |
92 | 92 |
|
93 |
+static inline int |
|
94 |
+occ_reset_op(void) |
|
95 |
+{ |
|
96 |
+ return -1; |
|
97 |
+} |
|
98 |
+ |
|
99 |
+/* |
|
100 |
+ * Should we send an OCC_REQUEST message? |
|
101 |
+ */ |
|
102 |
+static inline void |
|
103 |
+check_send_occ_req(struct context *c) |
|
104 |
+{ |
|
105 |
+ void check_send_occ_req_dowork(struct context *c); |
|
106 |
+ |
|
107 |
+ if (event_timeout_defined(&c->c2.occ_interval) |
|
108 |
+ && event_timeout_trigger(&c->c2.occ_interval, |
|
109 |
+ &c->c2.timeval, |
|
110 |
+ (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) |
|
111 |
+ { |
|
112 |
+ check_send_occ_req_dowork(c); |
|
113 |
+ } |
|
114 |
+} |
|
115 |
+ |
|
116 |
+/* |
|
117 |
+ * Should we send an MTU load test? |
|
118 |
+ */ |
|
119 |
+static inline void |
|
120 |
+check_send_occ_load_test(struct context *c) |
|
121 |
+{ |
|
122 |
+ void check_send_occ_load_test_dowork(struct context *c); |
|
123 |
+ |
|
124 |
+ if (event_timeout_defined(&c->c2.occ_mtu_load_test_interval) |
|
125 |
+ && event_timeout_trigger(&c->c2.occ_mtu_load_test_interval, |
|
126 |
+ &c->c2.timeval, |
|
127 |
+ (!TO_LINK_DEF(c) && c->c2.occ_op < 0) ? ETT_DEFAULT : 0)) |
|
128 |
+ { |
|
129 |
+ check_send_occ_load_test_dowork(c); |
|
130 |
+ } |
|
131 |
+} |
|
132 |
+ |
|
133 |
+/* |
|
134 |
+ * Should we send an OCC message? |
|
135 |
+ */ |
|
136 |
+static inline void |
|
137 |
+check_send_occ_msg(struct context *c) |
|
138 |
+{ |
|
139 |
+ void check_send_occ_msg_dowork(struct context *c); |
|
140 |
+ |
|
141 |
+ if (c->c2.occ_op >= 0) |
|
142 |
+ { |
|
143 |
+ if (!TO_LINK_DEF(c)) |
|
144 |
+ { |
|
145 |
+ check_send_occ_msg_dowork(c); |
|
146 |
+ } |
|
147 |
+ else |
|
148 |
+ { |
|
149 |
+ tv_clear(&c->c2.timeval); /* ZERO-TIMEOUT */ |
|
150 |
+ } |
|
151 |
+ } |
|
152 |
+} |
|
153 |
+ |
|
93 | 154 |
#endif /* ifdef ENABLE_OCC */ |
94 | 155 |
#endif /* ifndef OCC_H */ |
... | ... |
@@ -279,7 +279,6 @@ |
279 | 279 |
<ClInclude Include="error.h" /> |
280 | 280 |
<ClInclude Include="event.h" /> |
281 | 281 |
<ClInclude Include="fdmisc.h" /> |
282 |
- <ClInclude Include="forward-inline.h" /> |
|
283 | 282 |
<ClInclude Include="forward.h" /> |
284 | 283 |
<ClInclude Include="fragment.h" /> |
285 | 284 |
<ClInclude Include="gremlin.h" /> |
... | ... |
@@ -303,16 +302,13 @@ |
303 | 303 |
<ClInclude Include="mudp.h" /> |
304 | 304 |
<ClInclude Include="multi.h" /> |
305 | 305 |
<ClInclude Include="ntlm.h" /> |
306 |
- <ClInclude Include="occ-inline.h" /> |
|
307 | 306 |
<ClInclude Include="occ.h" /> |
308 | 307 |
<ClInclude Include="openvpn.h" /> |
309 | 308 |
<ClInclude Include="options.h" /> |
310 | 309 |
<ClInclude Include="otime.h" /> |
311 | 310 |
<ClInclude Include="packet_id.h" /> |
312 | 311 |
<ClInclude Include="perf.h" /> |
313 |
- <ClInclude Include="pf-inline.h" /> |
|
314 | 312 |
<ClInclude Include="pf.h" /> |
315 |
- <ClInclude Include="ping-inline.h" /> |
|
316 | 313 |
<ClInclude Include="ping.h" /> |
317 | 314 |
<ClInclude Include="pkcs11.h" /> |
318 | 315 |
<ClInclude Include="pkcs11_backend.h" /> |
... | ... |
@@ -284,9 +284,6 @@ |
284 | 284 |
<ClInclude Include="fdmisc.h"> |
285 | 285 |
<Filter>Header Files</Filter> |
286 | 286 |
</ClInclude> |
287 |
- <ClInclude Include="forward-inline.h"> |
|
288 |
- <Filter>Header Files</Filter> |
|
289 |
- </ClInclude> |
|
290 | 287 |
<ClInclude Include="forward.h"> |
291 | 288 |
<Filter>Header Files</Filter> |
292 | 289 |
</ClInclude> |
... | ... |
@@ -356,9 +353,6 @@ |
356 | 356 |
<ClInclude Include="ntlm.h"> |
357 | 357 |
<Filter>Header Files</Filter> |
358 | 358 |
</ClInclude> |
359 |
- <ClInclude Include="occ-inline.h"> |
|
360 |
- <Filter>Header Files</Filter> |
|
361 |
- </ClInclude> |
|
362 | 359 |
<ClInclude Include="occ.h"> |
363 | 360 |
<Filter>Header Files</Filter> |
364 | 361 |
</ClInclude> |
... | ... |
@@ -377,15 +371,9 @@ |
377 | 377 |
<ClInclude Include="perf.h"> |
378 | 378 |
<Filter>Header Files</Filter> |
379 | 379 |
</ClInclude> |
380 |
- <ClInclude Include="pf-inline.h"> |
|
381 |
- <Filter>Header Files</Filter> |
|
382 |
- </ClInclude> |
|
383 | 380 |
<ClInclude Include="pf.h"> |
384 | 381 |
<Filter>Header Files</Filter> |
385 | 382 |
</ClInclude> |
386 |
- <ClInclude Include="ping-inline.h"> |
|
387 |
- <Filter>Header Files</Filter> |
|
388 |
- </ClInclude> |
|
389 | 383 |
<ClInclude Include="ping.h"> |
390 | 384 |
<Filter>Header Files</Filter> |
391 | 385 |
</ClInclude> |
392 | 386 |
deleted file mode 100644 |
... | ... |
@@ -1,67 +0,0 @@ |
1 |
-/* |
|
2 |
- * OpenVPN -- An application to securely tunnel IP networks |
|
3 |
- * over a single TCP/UDP port, with support for SSL/TLS-based |
|
4 |
- * session authentication and key exchange, |
|
5 |
- * packet encryption, packet authentication, and |
|
6 |
- * packet compression. |
|
7 |
- * |
|
8 |
- * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> |
|
9 |
- * |
|
10 |
- * This program is free software; you can redistribute it and/or modify |
|
11 |
- * it under the terms of the GNU General Public License version 2 |
|
12 |
- * as published by the Free Software Foundation. |
|
13 |
- * |
|
14 |
- * This program is distributed in the hope that it will be useful, |
|
15 |
- * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
16 |
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
17 |
- * GNU General Public License for more details. |
|
18 |
- * |
|
19 |
- * You should have received a copy of the GNU General Public License along |
|
20 |
- * with this program; if not, write to the Free Software Foundation, Inc., |
|
21 |
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|
22 |
- */ |
|
23 |
- |
|
24 |
-#if defined(ENABLE_PF) && !defined(PF_INLINE_H) |
|
25 |
-#define PF_INLINE_H |
|
26 |
- |
|
27 |
-/* |
|
28 |
- * Inline functions |
|
29 |
- */ |
|
30 |
- |
|
31 |
-#define PCT_SRC 1 |
|
32 |
-#define PCT_DEST 2 |
|
33 |
-static inline bool |
|
34 |
-pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src, |
|
35 |
- const struct pf_context *dest_pf, const struct tls_multi *dest, |
|
36 |
- const char *prefix) |
|
37 |
-{ |
|
38 |
- bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, const char *prefix); |
|
39 |
- |
|
40 |
- return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix)) |
|
41 |
- && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC, |
|
42 |
- prefix)); |
|
43 |
-} |
|
44 |
- |
|
45 |
-static inline bool |
|
46 |
-pf_addr_test(const struct pf_context *src_pf, const struct context *src, |
|
47 |
- const struct mroute_addr *dest, const char *prefix) |
|
48 |
-{ |
|
49 |
- bool pf_addr_test_dowork(const struct context *src, const struct mroute_addr *dest, const char *prefix); |
|
50 |
- |
|
51 |
- if (src_pf->enabled) |
|
52 |
- { |
|
53 |
- return pf_addr_test_dowork(src, dest, prefix); |
|
54 |
- } |
|
55 |
- else |
|
56 |
- { |
|
57 |
- return true; |
|
58 |
- } |
|
59 |
-} |
|
60 |
- |
|
61 |
-static inline bool |
|
62 |
-pf_kill_test(const struct pf_set *pfs) |
|
63 |
-{ |
|
64 |
- return pfs->kill; |
|
65 |
-} |
|
66 |
- |
|
67 |
-#endif /* if defined(ENABLE_PF) && !defined(PF_INLINE_H) */ |
... | ... |
@@ -31,6 +31,9 @@ |
31 | 31 |
|
32 | 32 |
#define PF_MAX_LINE_LEN 256 |
33 | 33 |
|
34 |
+#define PCT_SRC 1 |
|
35 |
+#define PCT_DEST 2 |
|
36 |
+ |
|
34 | 37 |
struct context; |
35 | 38 |
|
36 | 39 |
struct ipv4_subnet { |
... | ... |
@@ -101,4 +104,40 @@ void pf_context_print(const struct pf_context *pfc, const char *prefix, const in |
101 | 101 |
|
102 | 102 |
#endif |
103 | 103 |
|
104 |
+bool pf_addr_test_dowork(const struct context *src, |
|
105 |
+ const struct mroute_addr *dest, const char *prefix); |
|
106 |
+ |
|
107 |
+static inline bool |
|
108 |
+pf_addr_test(const struct pf_context *src_pf, const struct context *src, |
|
109 |
+ const struct mroute_addr *dest, const char *prefix) |
|
110 |
+{ |
|
111 |
+ if (src_pf->enabled) |
|
112 |
+ { |
|
113 |
+ return pf_addr_test_dowork(src, dest, prefix); |
|
114 |
+ } |
|
115 |
+ else |
|
116 |
+ { |
|
117 |
+ return true; |
|
118 |
+ } |
|
119 |
+} |
|
120 |
+ |
|
121 |
+bool pf_cn_test(struct pf_set *pfs, const struct tls_multi *tm, const int type, |
|
122 |
+ const char *prefix); |
|
123 |
+ |
|
124 |
+static inline bool |
|
125 |
+pf_c2c_test(const struct pf_context *src_pf, const struct tls_multi *src, |
|
126 |
+ const struct pf_context *dest_pf, const struct tls_multi *dest, |
|
127 |
+ const char *prefix) |
|
128 |
+{ |
|
129 |
+ return (!src_pf->enabled || pf_cn_test(src_pf->pfs, dest, PCT_DEST, prefix)) |
|
130 |
+ && (!dest_pf->enabled || pf_cn_test(dest_pf->pfs, src, PCT_SRC, |
|
131 |
+ prefix)); |
|
132 |
+} |
|
133 |
+ |
|
134 |
+static inline bool |
|
135 |
+pf_kill_test(const struct pf_set *pfs) |
|
136 |
+{ |
|
137 |
+ return pfs->kill; |
|
138 |
+} |
|
139 |
+ |
|
104 | 140 |
#endif /* if defined(ENABLE_PF) && !defined(OPENVPN_PF_H) */ |
105 | 141 |
deleted file mode 100644 |
... | ... |
@@ -1,64 +0,0 @@ |
1 |
-/* |
|
2 |
- * OpenVPN -- An application to securely tunnel IP networks |
|
3 |
- * over a single TCP/UDP port, with support for SSL/TLS-based |
|
4 |
- * session authentication and key exchange, |
|
5 |
- * packet encryption, packet authentication, and |
|
6 |
- * packet compression. |
|
7 |
- * |
|
8 |
- * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> |
|
9 |
- * |
|
10 |
- * This program is free software; you can redistribute it and/or modify |
|
11 |
- * it under the terms of the GNU General Public License version 2 |
|
12 |
- * as published by the Free Software Foundation. |
|
13 |
- * |
|
14 |
- * This program is distributed in the hope that it will be useful, |
|
15 |
- * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
16 |
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
17 |
- * GNU General Public License for more details. |
|
18 |
- * |
|
19 |
- * You should have received a copy of the GNU General Public License along |
|
20 |
- * with this program; if not, write to the Free Software Foundation, Inc., |
|
21 |
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|
22 |
- */ |
|
23 |
- |
|
24 |
-#ifndef PING_INLINE_H |
|
25 |
-#define PING_INLINE_H |
|
26 |
- |
|
27 |
-/* |
|
28 |
- * Should we exit or restart due to ping (or other authenticated packet) |
|
29 |
- * not received in n seconds? |
|
30 |
- */ |
|
31 |
-static inline void |
|
32 |
-check_ping_restart(struct context *c) |
|
33 |
-{ |
|
34 |
- void check_ping_restart_dowork(struct context *c); |
|
35 |
- |
|
36 |
- if (c->options.ping_rec_timeout |
|
37 |
- && event_timeout_trigger(&c->c2.ping_rec_interval, |
|
38 |
- &c->c2.timeval, |
|
39 |
- (!c->options.ping_timer_remote |
|
40 |
- || link_socket_actual_defined(&c->c1.link_socket_addr.actual)) |
|
41 |
- ? ETT_DEFAULT : 15)) |
|
42 |
- { |
|
43 |
- check_ping_restart_dowork(c); |
|
44 |
- } |
|
45 |
-} |
|
46 |
- |
|
47 |
-/* |
|
48 |
- * Should we ping the remote? |
|
49 |
- */ |
|
50 |
-static inline void |
|
51 |
-check_ping_send(struct context *c) |
|
52 |
-{ |
|
53 |
- void check_ping_send_dowork(struct context *c); |
|
54 |
- |
|
55 |
- if (c->options.ping_send_timeout |
|
56 |
- && event_timeout_trigger(&c->c2.ping_send_interval, |
|
57 |
- &c->c2.timeval, |
|
58 |
- !TO_LINK_DEF(c) ? ETT_DEFAULT : 1)) |
|
59 |
- { |
|
60 |
- check_ping_send_dowork(c); |
|
61 |
- } |
|
62 |
-} |
|
63 |
- |
|
64 |
-#endif /* ifndef PING_INLINE_H */ |
... | ... |
@@ -43,4 +43,41 @@ is_ping_msg(const struct buffer *buf) |
43 | 43 |
return buf_string_match(buf, ping_string, PING_STRING_SIZE); |
44 | 44 |
} |
45 | 45 |
|
46 |
+/* |
|
47 |
+ * Should we exit or restart due to ping (or other authenticated packet) |
|
48 |
+ * not received in n seconds? |
|
49 |
+ */ |
|
50 |
+static inline void |
|
51 |
+check_ping_restart(struct context *c) |
|
52 |
+{ |
|
53 |
+ void check_ping_restart_dowork(struct context *c); |
|
54 |
+ |
|
55 |
+ if (c->options.ping_rec_timeout |
|
56 |
+ && event_timeout_trigger(&c->c2.ping_rec_interval, |
|
57 |
+ &c->c2.timeval, |
|
58 |
+ (!c->options.ping_timer_remote |
|
59 |
+ || link_socket_actual_defined(&c->c1.link_socket_addr.actual)) |
|
60 |
+ ? ETT_DEFAULT : 15)) |
|
61 |
+ { |
|
62 |
+ check_ping_restart_dowork(c); |
|
63 |
+ } |
|
64 |
+} |
|
65 |
+ |
|
66 |
+/* |
|
67 |
+ * Should we ping the remote? |
|
68 |
+ */ |
|
69 |
+static inline void |
|
70 |
+check_ping_send(struct context *c) |
|
71 |
+{ |
|
72 |
+ void check_ping_send_dowork(struct context *c); |
|
73 |
+ |
|
74 |
+ if (c->options.ping_send_timeout |
|
75 |
+ && event_timeout_trigger(&c->c2.ping_send_interval, |
|
76 |
+ &c->c2.timeval, |
|
77 |
+ !TO_LINK_DEF(c) ? ETT_DEFAULT : 1)) |
|
78 |
+ { |
|
79 |
+ check_ping_send_dowork(c); |
|
80 |
+ } |
|
81 |
+} |
|
82 |
+ |
|
46 | 83 |
#endif |