openvpn3/openvpn/acceptor/tcp.hpp

//    OpenVPN -- An application to securely tunnel IP networks
//               over a single port, with support for SSL/TLS-based
//               session authentication and key exchange,
//               packet encryption, packet authentication, and
//               packet compression.
//
//    Copyright (C) 2012-2022 OpenVPN Inc.
//
//    This program is free software: you can redistribute it and/or modify
//    it under the terms of the GNU Affero General Public License Version 3
//    as published by the Free Software Foundation.
//
//    This program is distributed in the hope that it will be useful,
//    but WITHOUT ANY WARRANTY; without even the implied warranty of
//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//    GNU Affero General Public License for more details.
//
//    You should have received a copy of the GNU Affero General Public License
//    along with this program in the COPYING file.
//    If not, see <http://www.gnu.org/licenses/>.

#pragma once

#include <openvpn/acceptor/base.hpp>
#include <openvpn/ssl/sslconsts.hpp>

namespace openvpn {
namespace Acceptor {

struct TCP : public Base
{
    typedef RCPtr<TCP> Ptr;

    TCP(openvpn_io::io_context &io_context)
        : acceptor(io_context)
    {
    }

    virtual void async_accept(ListenerBase *listener,
                              const size_t acceptor_index,
                              openvpn_io::io_context &io_context) override
    {
        AsioPolySock::TCP::Ptr sock(new AsioPolySock::TCP(io_context, acceptor_index));
        acceptor.async_accept(sock->socket,
                              [listener = ListenerBase::Ptr(listener), sock](const openvpn_io::error_code &error) mutable
                              { listener->handle_accept(std::move(sock), error); });
    }

    virtual void close() override
    {
#ifdef OPENVPN_DEBUG_ACCEPT
        OPENVPN_LOG("ACCEPTOR CLOSE " << local_endpoint);
#endif
        acceptor.close();
    }

    enum
    {
        // start at (1<<24) to avoid conflicting with SSLConst flags
        DISABLE_REUSE_ADDR = (1 << 24),
        REUSE_PORT = (1 << 25),

        FIRST = DISABLE_REUSE_ADDR
    };
    void set_socket_options(unsigned int flags)
    {
        static_assert(int(FIRST) > int(SSLConst::LAST), "TCP flags in conflict with SSL flags");

#if defined(OPENVPN_PLATFORM_WIN)
        // set Windows socket flags
        if (!(flags & DISABLE_REUSE_ADDR))
            acceptor.set_option(openvpn_io::ip::tcp::acceptor::reuse_address(true));
#else
        // set Unix socket flags
        {
            const int fd = acceptor.native_handle();
            if (flags & REUSE_PORT)
                SockOpt::reuseport(fd);
            if (!(flags & DISABLE_REUSE_ADDR))
                SockOpt::reuseaddr(fd);
            SockOpt::set_cloexec(fd);
        }
#endif
    }

    // filter all but socket option flags
    static unsigned int sockopt_flags(const unsigned int flags)
    {
        return flags & (DISABLE_REUSE_ADDR | REUSE_PORT);
    }

    openvpn_io::ip::tcp::endpoint local_endpoint;
    openvpn_io::ip::tcp::acceptor acceptor;
};

} // namespace Acceptor
} // namespace openvpn
Update license on files moved from common Signed-off-by: Lev Stipakov <lev@openvpn.net> 2020-01-08 11:15:16 +01:00			`// OpenVPN -- An application to securely tunnel IP networks`
			`// over a single port, with support for SSL/TLS-based`
			`// session authentication and key exchange,`
			`// packet encryption, packet authentication, and`
			`// packet compression.`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`//`
copyright: Update to 2022 Signed-off-by: David Sommerseth <davids@openvpn.net> 2022-09-29 11:41:13 +02:00			`// Copyright (C) 2012-2022 OpenVPN Inc.`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`//`
Update license on files moved from common Signed-off-by: Lev Stipakov <lev@openvpn.net> 2020-01-08 11:15:16 +01:00			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License Version 3`
			`// as published by the Free Software Foundation.`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`//`
Update license on files moved from common Signed-off-by: Lev Stipakov <lev@openvpn.net> 2020-01-08 11:15:16 +01:00			`// This program is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program in the COPYING file.`
			`// If not, see <http://www.gnu.org/licenses/>.`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00
Update license on files moved from common Signed-off-by: Lev Stipakov <lev@openvpn.net> 2020-01-08 11:15:16 +01:00			`#pragma once`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00
			`#include <openvpn/acceptor/base.hpp>`
Acceptor::TCP: don't set reuseport flag by default on listener socket Previously, all listener sockets were configured with both reuseaddr and reuseport. reuseaddr is reasonable to use as a default, but reuseport should only be used when different threads are listening on the same local port/address for load-balancing purposes. This patch adds two new socket option flags DISABLE_REUSE_ADDR and REUSE_PORT, to provide finer-grained control over these options. Signed-off-by: James Yonan <james@openvpn.net> 2019-08-30 10:03:06 +02:00			`#include <openvpn/ssl/sslconsts.hpp>`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00
			`namespace openvpn {`
			`namespace Acceptor {`

			`struct TCP : public Base`
			`{`
			`typedef RCPtr<TCP> Ptr;`

Added i/o abstraction layer. Created a lightweight abstraction layer so that another i/o reactor can be dropped in place of asio. This commit includes: * Added ASIO=1 to many "go" scripts that require asio * Renamed "asio::" to "openvpn_io::". Signed-off-by: James Yonan <james@openvpn.net> 2017-03-30 23:38:32 +02:00			`TCP(openvpn_io::io_context &io_context)`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`: acceptor(io_context)`
			`{`
			`}`

			`virtual void async_accept(ListenerBase *listener,`
			`const size_t acceptor_index,`
Added i/o abstraction layer. Created a lightweight abstraction layer so that another i/o reactor can be dropped in place of asio. This commit includes: * Added ASIO=1 to many "go" scripts that require asio * Renamed "asio::" to "openvpn_io::". Signed-off-by: James Yonan <james@openvpn.net> 2017-03-30 23:38:32 +02:00			`openvpn_io::io_context &io_context) override`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`{`
			`AsioPolySock::TCP::Ptr sock(new AsioPolySock::TCP(io_context, acceptor_index));`
Make lambda functions mutable that benefit from using std::move() on closure vars Signed-off-by: James Yonan <james@openvpn.net> 2018-05-12 05:40:57 +02:00			`acceptor.async_accept(sock->socket,`
			`[listener = ListenerBase::Ptr(listener), sock](const openvpn_io::error_code &error) mutable`
			`{ listener->handle_accept(std::move(sock), error); });`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`}`

			`virtual void close() override`
			`{`
WS::Server, Acceptor::TCP: added bind/close logging when OPENVPN_DEBUG_ACCEPT is defined Signed-off-by: James Yonan <james@openvpn.net> 2019-08-31 05:26:01 +02:00			`#ifdef OPENVPN_DEBUG_ACCEPT`
			`OPENVPN_LOG("ACCEPTOR CLOSE " << local_endpoint);`
			`#endif`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`acceptor.close();`
			`}`

Acceptor::TCP: don't set reuseport flag by default on listener socket Previously, all listener sockets were configured with both reuseaddr and reuseport. reuseaddr is reasonable to use as a default, but reuseport should only be used when different threads are listening on the same local port/address for load-balancing purposes. This patch adds two new socket option flags DISABLE_REUSE_ADDR and REUSE_PORT, to provide finer-grained control over these options. Signed-off-by: James Yonan <james@openvpn.net> 2019-08-30 10:03:06 +02:00			`enum`
			`{`
			`// start at (1<<24) to avoid conflicting with SSLConst flags`
			`DISABLE_REUSE_ADDR = (1 << 24),`
			`REUSE_PORT = (1 << 25),`

			`FIRST = DISABLE_REUSE_ADDR`
			`};`
			`void set_socket_options(unsigned int flags)`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`{`
Acceptor::TCP: don't set reuseport flag by default on listener socket Previously, all listener sockets were configured with both reuseaddr and reuseport. reuseaddr is reasonable to use as a default, but reuseport should only be used when different threads are listening on the same local port/address for load-balancing purposes. This patch adds two new socket option flags DISABLE_REUSE_ADDR and REUSE_PORT, to provide finer-grained control over these options. Signed-off-by: James Yonan <james@openvpn.net> 2019-08-30 10:03:06 +02:00			`static_assert(int(FIRST) > int(SSLConst::LAST), "TCP flags in conflict with SSL flags");`

Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`#if defined(OPENVPN_PLATFORM_WIN)`
			`// set Windows socket flags`
Acceptor::TCP: don't set reuseport flag by default on listener socket Previously, all listener sockets were configured with both reuseaddr and reuseport. reuseaddr is reasonable to use as a default, but reuseport should only be used when different threads are listening on the same local port/address for load-balancing purposes. This patch adds two new socket option flags DISABLE_REUSE_ADDR and REUSE_PORT, to provide finer-grained control over these options. Signed-off-by: James Yonan <james@openvpn.net> 2019-08-30 10:03:06 +02:00			`if (!(flags & DISABLE_REUSE_ADDR))`
			`acceptor.set_option(openvpn_io::ip::tcp::acceptor::reuse_address(true));`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`#else`
			`// set Unix socket flags`
			`{`
			`const int fd = acceptor.native_handle();`
Acceptor::TCP: don't set reuseport flag by default on listener socket Previously, all listener sockets were configured with both reuseaddr and reuseport. reuseaddr is reasonable to use as a default, but reuseport should only be used when different threads are listening on the same local port/address for load-balancing purposes. This patch adds two new socket option flags DISABLE_REUSE_ADDR and REUSE_PORT, to provide finer-grained control over these options. Signed-off-by: James Yonan <james@openvpn.net> 2019-08-30 10:03:06 +02:00			`if (flags & REUSE_PORT)`
			`SockOpt::reuseport(fd);`
			`if (!(flags & DISABLE_REUSE_ADDR))`
			`SockOpt::reuseaddr(fd);`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`SockOpt::set_cloexec(fd);`
			`}`
			`#endif`
			`}`

Acceptor::TCP: don't set reuseport flag by default on listener socket Previously, all listener sockets were configured with both reuseaddr and reuseport. reuseaddr is reasonable to use as a default, but reuseport should only be used when different threads are listening on the same local port/address for load-balancing purposes. This patch adds two new socket option flags DISABLE_REUSE_ADDR and REUSE_PORT, to provide finer-grained control over these options. Signed-off-by: James Yonan <james@openvpn.net> 2019-08-30 10:03:06 +02:00			`// filter all but socket option flags`
			`static unsigned int sockopt_flags(const unsigned int flags)`
			`{`
			`return flags & (DISABLE_REUSE_ADDR \| REUSE_PORT);`
			`}`

Added i/o abstraction layer. Created a lightweight abstraction layer so that another i/o reactor can be dropped in place of asio. This commit includes: * Added ASIO=1 to many "go" scripts that require asio * Renamed "asio::" to "openvpn_io::". Signed-off-by: James Yonan <james@openvpn.net> 2017-03-30 23:38:32 +02:00			`openvpn_io::ip::tcp::endpoint local_endpoint;`
			`openvpn_io::ip::tcp::acceptor acceptor;`
Factored out HTTP Server acceptor classes into openvpn/acceptor. 2015-10-19 00:27:01 +02:00			`};`

			`} // namespace Acceptor`
			`} // namespace openvpn`