/* *  OpenVPN -- An application to securely tunnel IP networks *             over a single TCP/UDP port, with support for SSL/TLS-based *             session authentication and key exchange, *             packet encryption, packet authentication, and *             packet compression. * *  Copyright (C) 2002-2004 James Yonan <jim@yonan.net> * *  This program is free software; you can redistribute it and/or modify *  it under the terms of the GNU General Public License as published by *  the Free Software Foundation; either version 2 of the License, or *  (at your option) any later version. * *  This program is distributed in the hope that it will be useful, *  but WITHOUT ANY WARRANTY; without even the implied warranty of *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the *  GNU General Public License for more details. * *  You should have received a copy of the GNU General Public License *  along with this program (see the file COPYING included with this *  distribution); if not, write to the Free Software Foundation, Inc., *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */#ifndef OPENVPN_H#define OPENVPN_H#include "buffer.h"#include "options.h"#include "socket.h"#include "crypto.h"#include "ssl.h"#include "packet_id.h"#include "lzo.h"#include "tun.h"#include "interval.h"#include "status.h"#include "fragment.h"#include "route.h"#include "proxy.h"#include "socks.h"#include "sig.h"#include "misc.h"/* * Our global key schedules, packaged thusly * to facilitate --persist-key. */struct key_schedule{#ifdef USE_CRYPTO  /* which cipher, HMAC digest, and key sizes are we using? */  struct key_type key_type;  /* pre-shared static key, read from a file */  struct key_ctx_bi static_key;#ifdef USE_SSL  /* our global SSL context */  SSL_CTX *ssl_ctx;  /* optional authentication HMAC key for TLS control channel */  struct key_ctx_bi tls_auth_key;#endif				/* USE_SSL */#else				/* USE_CRYPTO */  int dummy;#endif				/* USE_CRYPTO */};/* * struct packet_id_persist should be empty if we are not * building with crypto. */#ifndef PACKET_ID_Hstruct packet_id_persist{  int dummy;};static inline voidpacket_id_persist_init (struct packet_id_persist *p){}#endif/* * Packet processing buffers. */struct context_buffers{  /* miscellaneous buffer, used by ping, occ, etc. */  struct buffer aux_buf;  /* workspace buffers used by crypto routines */#ifdef USE_CRYPTO  struct buffer encrypt_buf;  struct buffer decrypt_buf;#endif  /* workspace buffers for LZO compression */#ifdef USE_LZO  struct buffer lzo_compress_buf;  struct buffer lzo_decompress_buf;#endif  /*   * Buffers used to read from TUN device   * and TCP/UDP port.   */  struct buffer read_link_buf;  struct buffer read_tun_buf;};/* * Contains the persist-across-restart OpenVPN tunnel instance state. * Reset only for SIGHUP restarts. */struct context_1{  struct link_socket_addr link_socket_addr;  struct key_schedule ks;  struct packet_id_persist pid_persist;  struct remote_list *remote_list;  struct tuntap *tuntap;  bool tuntap_owned;  struct route_list *route_list;  struct status_output *status_output;  bool status_output_owned;  struct http_proxy_info *http_proxy;  struct socks_proxy_info *socks_proxy;};/* * Contains the OpenVPN tunnel instance state, wiped across * SIGUSR1 and SIGHUP restarts. */struct context_2{  /* garbage collection arena for context_2 scope */  struct gc_arena gc;  /* our global wait events */  struct event_set *event_set;  int event_set_max;  bool event_set_owned;# define SOCKET_READ   (1<<0)# define SOCKET_WRITE  (1<<1)# define TUN_READ      (1<<2)# define TUN_WRITE     (1<<3)# define ES_ERROR      (1<<4)# define ES_TIMEOUT    (1<<6)  unsigned int event_set_status;#if PASSTOS_CAPABILITY  /* used to get/set TOS. */  uint8_t ptos;  bool ptos_defined;#endif  struct link_socket *link_socket;	 /* socket used for TCP/UDP connection to remote */  bool link_socket_owned;  struct link_socket_info *link_socket_info;  const struct link_socket *accept_from; /* possibly do accept() on a parent link_socket */  struct sockaddr_in to_link_addr;	 /* IP address of remote */  struct sockaddr_in from;               /* address of incoming datagram */  /* MTU frame parameters */  struct frame frame;  /* Object to handle advanced MTU negotiation and datagram fragmentation */  struct fragment_master *fragment;  struct frame frame_fragment;  struct frame frame_fragment_omit;#ifdef HAVE_GETTIMEOFDAY  /*   * Traffic shaper object.   */  struct shaper shaper;#endif  /*   * Statistics   */  counter_type tun_read_bytes;  counter_type tun_write_bytes;  counter_type link_read_bytes;  counter_type link_read_bytes_auth;  counter_type link_write_bytes;  /*   * Timer objects for ping and inactivity   * timeout features.   */  struct event_timeout wait_for_connect;  struct event_timeout inactivity_interval;  struct event_timeout ping_send_interval;  struct event_timeout ping_rec_interval;  /* the option strings must match across peers */  char *options_string_local;  char *options_string_remote;  int occ_op;			/* INIT to -1 */  int occ_n_tries;  struct event_timeout occ_interval;  /*   * Keep track of maximum packet size received so far   * (of authenticated packets).   */  int original_recv_size;	/* temporary */  int max_recv_size_local;	/* max packet size received */  int max_recv_size_remote;	/* max packet size received by remote */  int max_send_size_local;	/* max packet size sent */  int max_send_size_remote;	/* max packet size sent by remote */  /* remote wants us to send back a load test packet of this size */  int occ_mtu_load_size;  struct event_timeout occ_mtu_load_test_interval;  int occ_mtu_load_n_tries;#ifdef USE_CRYPTO  /*   * TLS-mode crypto objects.   */#ifdef USE_SSL  /* master OpenVPN SSL/TLS object */  struct tls_multi *tls_multi;  /* check --tls-auth signature without needing     a full-size tls_multi object */  struct tls_auth_standalone *tls_auth_standalone;  /* used to optimize calls to tls_multi_process */  struct interval tmp_int;#endif /* USE_SSL */  /* passed to encrypt or decrypt, contains all     crypto-related command line options related     to data channel encryption/decryption */  struct crypto_options crypto_options;  /* used to keep track of data channel packet sequence numbers */  struct packet_id packet_id;  struct event_timeout packet_id_persist_interval;#endif /* USE_CRYPTO */  /*   * LZO compression library workspace.   */#ifdef USE_LZO  struct lzo_compress_workspace lzo_compwork;#endif  /*   * Buffers used for packet processing.   */  struct context_buffers *buffers;  bool buffers_owned; /* if true, we should free all buffers on close */  /*   * These buffers don't actually allocate storage, they are used   * as pointers to the allocated buffers in   * struct context_buffers.   */  struct buffer buf;  struct buffer to_tun;  struct buffer to_link;  /*   * IPv4 TUN device?   */  bool ipv4_tun;  /* workspace for get_pid_file/write_pid */  struct pid_state pid_state;  /* workspace for --user/--group */  struct user_state user_state;  struct group_state group_state;  /* temporary variable */  bool did_we_daemonize;  /* should we print R|W|r|w to console on packet transfers? */  bool log_rw;  /* route stuff */  struct event_timeout route_wakeup;  /* did we open tun/tap dev during this cycle? */  bool did_open_tun;  /*   * Event loop info   */  /* how long to wait on link/tun read before we will need to be serviced */  struct timeval timeval;  /* next wakeup for processing coarse timers (>1 sec resolution) */  time_t coarse_timer_wakeup;  /* maintain a random delta to add to timeouts to avoid contexts     waking up simultaneously */  time_t update_timeout_random_component;  struct timeval timeout_random_component;  /* indicates that the do_up_delay function has run */  bool do_up_ran;#if P2MP  /* --ifconfig endpoints to be pushed to client */  bool push_reply_deferred;  bool push_ifconfig_defined;  in_addr_t push_ifconfig_local;  in_addr_t push_ifconfig_remote_netmask;  struct event_timeout push_request_interval;#endif};/* * Contains all state information for one tunnel. */struct context{  /* command line or config file options */  struct options options;  /* true on initial VPN iteration */  bool first_time;  /* used by multi-client code to lock the context */  //MUTEX_DEFINE (mutex);  /* context modes */# define CM_P2P         0 /* standalone point-to-point session */# define CM_TOP         1 /* top level of a multi-client or point-to-multipoint server */# define CM_THREAD      2 /* clone of a CM_TOP context for one thread */# define CM_CHILD_UDP   3 /* child context of a CM_TOP or CM_THREAD */# define CM_CHILD_TCP   4 /* child context of a CM_TOP or CM_THREAD */  int mode;  /* garbage collection for context scope     allocations */  struct gc_arena gc;  /* signal info */  struct signal_info *sig;  /* level 1 context is preserved for     SIGUSR1 restarts, but initialized     for SIGHUP restarts */  struct context_1 c1;  /* level 2 context is initialized for all     restarts (SIGUSR1 and SIGHUP) */  struct context_2 c2;};/* * Macros for referencing objects which may not * have been compiled in. */#if defined(USE_CRYPTO) && defined(USE_SSL)#define TLS_MODE (c->c2.tls_multi != NULL)#define PROTO_DUMP_FLAGS (check_debug_level (D_LINK_RW_VERBOSE) ? (PD_SHOW_DATA|PD_VERBOSE) : 0)#define PROTO_DUMP(buf, gc) protocol_dump((buf), \				      PROTO_DUMP_FLAGS | \				      (c->c2.tls_multi ? PD_TLS : 0) | \				      (c->options.tls_auth_file ? c->c1.ks.key_type.hmac_length : 0), \				      gc)#else#define TLS_MODE (false)#define PROTO_DUMP(buf, gc) format_hex (BPTR (buf), BLEN (buf), 80, gc)#endif#ifdef USE_CRYPTO#define MD5SUM(buf, len, gc) md5sum((buf), (len), 0, (gc))#else#define MD5SUM(buf, len, gc) "[unavailable]"#endif#endif