OpenVPN
route.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 /*
25  * Support routines for adding/deleting network routes.
26  */
27 
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #elif defined(_MSC_VER)
31 #include "config-msvc.h"
32 #endif
33 
34 #include "syshead.h"
35 
36 #include "common.h"
37 #include "error.h"
38 #include "route.h"
39 #include "run_command.h"
40 #include "socket.h"
41 #include "manage.h"
42 #include "win32.h"
43 #include "options.h"
44 #include "networking.h"
45 
46 #include "memdbg.h"
47 
48 #if defined(TARGET_LINUX) || defined(TARGET_ANDROID)
49 #include <linux/rtnetlink.h> /* RTM_GETROUTE etc. */
50 #endif
51 
52 #ifdef _WIN32
53 #include "openvpn-msg.h"
54 
55 #define METRIC_NOT_USED ((DWORD)-1)
56 static bool add_route_service(const struct route_ipv4 *, const struct tuntap *);
57 
58 static bool del_route_service(const struct route_ipv4 *, const struct tuntap *);
59 
60 static bool add_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *);
61 
62 static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *);
63 
64 #endif
65 
66 static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx);
67 
68 static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags);
69 
70 #ifdef ENABLE_DEBUG
71 
72 static void
73 print_bypass_addresses(const struct route_bypass *rb)
74 {
75  struct gc_arena gc = gc_new();
76  int i;
77  for (i = 0; i < rb->n_bypass; ++i)
78  {
79  msg(D_ROUTE, "ROUTE: bypass_host_route[%d]=%s",
80  i,
81  print_in_addr_t(rb->bypass[i], 0, &gc));
82  }
83  gc_free(&gc);
84 }
85 
86 #endif
87 
88 static bool
90 {
91  int i;
92  for (i = 0; i < rb->n_bypass; ++i)
93  {
94  if (a == rb->bypass[i]) /* avoid duplicates */
95  {
96  return true;
97  }
98  }
99  if (rb->n_bypass < N_ROUTE_BYPASS)
100  {
101  rb->bypass[rb->n_bypass++] = a;
102  return true;
103  }
104  else
105  {
106  return false;
107  }
108 }
109 
110 struct route_option_list *
112 {
113  struct route_option_list *ret;
114  ALLOC_OBJ_CLEAR_GC(ret, struct route_option_list, a);
115  ret->gc = a;
116  return ret;
117 }
118 
119 struct route_ipv6_option_list *
121 {
122  struct route_ipv6_option_list *ret;
124  ret->gc = a;
125  return ret;
126 }
127 
128 /*
129  * NOTE: structs are cloned/copied shallow by design.
130  * The routes list from src will stay intact since it is allocated using
131  * the options->gc. The cloned/copied lists will share this common tail
132  * to avoid copying the data around between pulls. Pulled routes use
133  * the c2->gc so they get freed immediately after a reconnect.
134  */
135 struct route_option_list *
137 {
138  struct route_option_list *ret;
139  ALLOC_OBJ_GC(ret, struct route_option_list, a);
140  *ret = *src;
141  return ret;
142 }
143 
144 struct route_ipv6_option_list *
146 {
147  struct route_ipv6_option_list *ret;
148  ALLOC_OBJ_GC(ret, struct route_ipv6_option_list, a);
149  *ret = *src;
150  return ret;
151 }
152 
153 void
155 {
156  *dest = *src;
157  dest->gc = a;
158 }
159 
160 void
162  const struct route_ipv6_option_list *src,
163  struct gc_arena *a)
164 {
165  *dest = *src;
166  dest->gc = a;
167 }
168 
169 static const char *
170 route_string(const struct route_ipv4 *r, struct gc_arena *gc)
171 {
172  struct buffer out = alloc_buf_gc(256, gc);
173  buf_printf(&out, "ROUTE network %s netmask %s gateway %s",
174  print_in_addr_t(r->network, 0, gc),
175  print_in_addr_t(r->netmask, 0, gc),
176  print_in_addr_t(r->gateway, 0, gc)
177  );
178  if (r->flags & RT_METRIC_DEFINED)
179  {
180  buf_printf(&out, " metric %d", r->metric);
181  }
182  return BSTR(&out);
183 }
184 
185 static bool
186 is_route_parm_defined(const char *parm)
187 {
188  if (!parm)
189  {
190  return false;
191  }
192  if (!strcmp(parm, "default"))
193  {
194  return false;
195  }
196  return true;
197 }
198 
199 static void
200 setenv_route_addr(struct env_set *es, const char *key, const in_addr_t addr, int i)
201 {
202  struct gc_arena gc = gc_new();
203  struct buffer name = alloc_buf_gc(256, &gc);
204  if (i >= 0)
205  {
206  buf_printf(&name, "route_%s_%d", key, i);
207  }
208  else
209  {
210  buf_printf(&name, "route_%s", key);
211  }
212  setenv_str(es, BSTR(&name), print_in_addr_t(addr, 0, &gc));
213  gc_free(&gc);
214 }
215 
216 static bool
217 get_special_addr(const struct route_list *rl,
218  const char *string,
219  in_addr_t *out,
220  bool *status)
221 {
222  if (status)
223  {
224  *status = true;
225  }
226  if (!strcmp(string, "vpn_gateway"))
227  {
228  if (rl)
229  {
230  if (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
231  {
232  *out = rl->spec.remote_endpoint;
233  }
234  else
235  {
236  msg(M_INFO, PACKAGE_NAME " ROUTE: vpn_gateway undefined");
237  if (status)
238  {
239  *status = false;
240  }
241  }
242  }
243  return true;
244  }
245  else if (!strcmp(string, "net_gateway"))
246  {
247  if (rl)
248  {
249  if (rl->rgi.flags & RGI_ADDR_DEFINED)
250  {
251  *out = rl->rgi.gateway.addr;
252  }
253  else
254  {
255  msg(M_INFO, PACKAGE_NAME " ROUTE: net_gateway undefined -- unable to get default gateway from system");
256  if (status)
257  {
258  *status = false;
259  }
260  }
261  }
262  return true;
263  }
264  else if (!strcmp(string, "remote_host"))
265  {
266  if (rl)
267  {
268  if (rl->spec.flags & RTSA_REMOTE_HOST)
269  {
270  *out = rl->spec.remote_host;
271  }
272  else
273  {
274  msg(M_INFO, PACKAGE_NAME " ROUTE: remote_host undefined");
275  if (status)
276  {
277  *status = false;
278  }
279  }
280  }
281  return true;
282  }
283  return false;
284 }
285 
286 bool
287 is_special_addr(const char *addr_str)
288 {
289  if (addr_str)
290  {
291  return get_special_addr(NULL, addr_str, NULL, NULL);
292  }
293  else
294  {
295  return false;
296  }
297 }
298 
299 static bool
301  struct addrinfo **network_list,
302  const struct route_option *ro,
303  const struct route_list *rl)
304 {
305  const in_addr_t default_netmask = IPV4_NETMASK_HOST;
306  bool status;
307  int ret;
308  struct in_addr special;
309 
310  CLEAR(*r);
311  r->option = ro;
312 
313  /* network */
314 
315  if (!is_route_parm_defined(ro->network))
316  {
317  goto fail;
318  }
319 
320 
321  /* get_special_addr replaces specialaddr with a special ip addr
322  * like gw. getaddrinfo is called to convert a a addrinfo struct */
323 
324  if (get_special_addr(rl, ro->network, (in_addr_t *) &special.s_addr, &status))
325  {
326  special.s_addr = htonl(special.s_addr);
327  ret = openvpn_getaddrinfo(0, inet_ntoa(special), NULL, 0, NULL,
328  AF_INET, network_list);
329  }
330  else
331  {
333  ro->network, NULL, 0, NULL, AF_INET, network_list);
334  }
335 
336  status = (ret == 0);
337 
338  if (!status)
339  {
340  goto fail;
341  }
342 
343  /* netmask */
344 
346  {
347  r->netmask = getaddr(
350  ro->netmask,
351  0,
352  &status,
353  NULL);
354  if (!status)
355  {
356  goto fail;
357  }
358  }
359  else
360  {
361  r->netmask = default_netmask;
362  }
363 
364  /* gateway */
365 
367  {
368  if (!get_special_addr(rl, ro->gateway, &r->gateway, &status))
369  {
370  r->gateway = getaddr(
374  ro->gateway,
375  0,
376  &status,
377  NULL);
378  }
379  if (!status)
380  {
381  goto fail;
382  }
383  }
384  else
385  {
386  if (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
387  {
388  r->gateway = rl->spec.remote_endpoint;
389  }
390  else
391  {
392  msg(M_WARN, PACKAGE_NAME " ROUTE: " PACKAGE_NAME " needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options");
393  goto fail;
394  }
395  }
396 
397  /* metric */
398 
399  r->metric = 0;
400  if (is_route_parm_defined(ro->metric))
401  {
402  r->metric = atoi(ro->metric);
403  if (r->metric < 0)
404  {
405  msg(M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) must be >= 0",
406  ro->network,
407  ro->metric);
408  goto fail;
409  }
410  r->flags |= RT_METRIC_DEFINED;
411  }
412  else if (rl->spec.flags & RTSA_DEFAULT_METRIC)
413  {
414  r->metric = rl->spec.default_metric;
415  r->flags |= RT_METRIC_DEFINED;
416  }
417 
418  r->flags |= RT_DEFINED;
419 
420  return true;
421 
422 fail:
423  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve route for host/network: %s",
424  ro->network);
425  return false;
426 }
427 
428 static bool
430  const struct route_ipv6_option *r6o,
431  const struct route_ipv6_list *rl6 )
432 {
433  CLEAR(*r6);
434 
435  if (!get_ipv6_addr( r6o->prefix, &r6->network, &r6->netbits, M_WARN ))
436  {
437  goto fail;
438  }
439 
440  /* gateway */
441  if (is_route_parm_defined(r6o->gateway))
442  {
443  if (inet_pton( AF_INET6, r6o->gateway, &r6->gateway ) != 1)
444  {
445  msg( M_WARN, PACKAGE_NAME "ROUTE6: cannot parse gateway spec '%s'", r6o->gateway );
446  }
447  }
448  else if (rl6->spec_flags & RTSA_REMOTE_ENDPOINT)
449  {
450  r6->gateway = rl6->remote_endpoint_ipv6;
451  }
452 
453  /* metric */
454 
455  r6->metric = -1;
456  if (is_route_parm_defined(r6o->metric))
457  {
458  r6->metric = atoi(r6o->metric);
459  if (r6->metric < 0)
460  {
461  msg(M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) must be >= 0",
462  r6o->prefix,
463  r6o->metric);
464  goto fail;
465  }
466  r6->flags |= RT_METRIC_DEFINED;
467  }
468  else if (rl6->spec_flags & RTSA_DEFAULT_METRIC)
469  {
470  r6->metric = rl6->default_metric;
471  r6->flags |= RT_METRIC_DEFINED;
472  }
473 
474  r6->flags |= RT_DEFINED;
475 
476  return true;
477 
478 fail:
479  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve route for host/network: %s",
480  r6o->prefix);
481  return false;
482 }
483 
484 void
486  const char *network,
487  const char *netmask,
488  const char *gateway,
489  const char *metric)
490 {
491  struct route_option *ro;
492  ALLOC_OBJ_GC(ro, struct route_option, l->gc);
493  ro->network = network;
494  ro->netmask = netmask;
495  ro->gateway = gateway;
496  ro->metric = metric;
497  ro->next = l->routes;
498  l->routes = ro;
499 
500 }
501 
502 void
504  const char *prefix,
505  const char *gateway,
506  const char *metric)
507 {
508  struct route_ipv6_option *ro;
509  ALLOC_OBJ_GC(ro, struct route_ipv6_option, l->gc);
510  ro->prefix = prefix;
511  ro->gateway = gateway;
512  ro->metric = metric;
513  ro->next = l->routes_ipv6;
514  l->routes_ipv6 = ro;
515 }
516 
517 static void
519 {
520  gc_free(&rl->gc);
521  CLEAR(*rl);
522 }
523 
524 static void
526 {
527  gc_free(&rl6->gc);
528  CLEAR(*rl6);
529 }
530 
531 void
533  struct env_set *es,
534  const in_addr_t addr)
535 {
536  ASSERT(rl);
537  rl->spec.remote_endpoint = addr;
539  setenv_route_addr(es, "vpn_gateway", rl->spec.remote_endpoint, -1);
540 }
541 
542 static void
544  const struct route_gateway_address *gateway,
545  in_addr_t target)
546 {
547  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED);
548  if ((rl->rgi.flags & rgi_needed) == rgi_needed
549  && rl->rgi.gateway.netmask < 0xFFFFFFFF)
550  {
551  struct route_ipv4 *r1, *r2;
552  unsigned int l2;
553 
554  ALLOC_OBJ_GC(r1, struct route_ipv4, &rl->gc);
555  ALLOC_OBJ_GC(r2, struct route_ipv4, &rl->gc);
556 
557  /* split a route into two smaller blocking routes, and direct them to target */
558  l2 = ((~gateway->netmask)+1)>>1;
559  r1->flags = RT_DEFINED;
560  r1->gateway = target;
561  r1->network = gateway->addr & gateway->netmask;
562  r1->netmask = ~(l2-1);
563  r1->next = rl->routes;
564  rl->routes = r1;
565 
566  *r2 = *r1;
567  r2->network += l2;
568  r2->next = rl->routes;
569  rl->routes = r2;
570  }
571 }
572 
573 static void
575 {
576  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED);
577  if ((rl->flags & RG_BLOCK_LOCAL)
578  && (rl->rgi.flags & rgi_needed) == rgi_needed
579  && (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
580  && rl->spec.remote_host_local != TLA_LOCAL)
581  {
582  size_t i;
583 
584 #ifndef TARGET_ANDROID
585  /* add bypass for gateway addr */
587 #endif
588 
589  /* block access to local subnet */
591 
592  /* process additional subnets on gateway interface */
593  for (i = 0; i < rl->rgi.n_addrs; ++i)
594  {
595  const struct route_gateway_address *gwa = &rl->rgi.addrs[i];
596  /* omit the add/subnet in &rl->rgi which we processed above */
597  if (!((rl->rgi.gateway.addr & rl->rgi.gateway.netmask) == (gwa->addr & gwa->netmask)
598  && rl->rgi.gateway.netmask == gwa->netmask))
599  {
601  }
602  }
603  }
604 }
605 
606 bool
608  const struct route_option_list *opt,
609  const char *remote_endpoint,
610  int default_metric,
611  in_addr_t remote_host,
612  struct env_set *es,
613  openvpn_net_ctx_t *ctx)
614 {
615  struct gc_arena gc = gc_new();
616  bool ret = true;
617 
618  clear_route_list(rl);
619 
620  rl->flags = opt->flags;
621 
622  if (remote_host)
623  {
624  rl->spec.remote_host = remote_host;
625  rl->spec.flags |= RTSA_REMOTE_HOST;
626  }
627 
628  if (default_metric)
629  {
630  rl->spec.default_metric = default_metric;
632  }
633 
634  get_default_gateway(&rl->rgi, ctx);
635  if (rl->rgi.flags & RGI_ADDR_DEFINED)
636  {
637  setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1);
638 #if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL)
639  print_default_gateway(D_ROUTE, &rl->rgi, NULL);
640 #endif
641  }
642  else
643  {
644  dmsg(D_ROUTE, "ROUTE: default_gateway=UNDEF");
645  }
646 
647  if (rl->spec.flags & RTSA_REMOTE_HOST)
648  {
649  rl->spec.remote_host_local = test_local_addr(remote_host, &rl->rgi);
650  }
651 
652  if (is_route_parm_defined(remote_endpoint))
653  {
654  bool defined = false;
659  remote_endpoint,
660  0,
661  &defined,
662  NULL);
663 
664  if (defined)
665  {
666  setenv_route_addr(es, "vpn_gateway", rl->spec.remote_endpoint, -1);
668  }
669  else
670  {
671  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve default gateway: %s",
672  remote_endpoint);
673  ret = false;
674  }
675  }
676 
677  if (rl->flags & RG_ENABLE)
678  {
679  add_block_local(rl);
681 #ifdef ENABLE_DEBUG
682  print_bypass_addresses(&rl->spec.bypass);
683 #endif
684  }
685 
686  /* parse the routes from opt to rl */
687  {
688  struct route_option *ro;
689  for (ro = opt->routes; ro; ro = ro->next)
690  {
691  struct addrinfo *netlist = NULL;
692  struct route_ipv4 r;
693 
694  if (!init_route(&r, &netlist, ro, rl))
695  {
696  ret = false;
697  }
698  else
699  {
700  struct addrinfo *curele;
701  for (curele = netlist; curele; curele = curele->ai_next)
702  {
703  struct route_ipv4 *new;
704  ALLOC_OBJ_GC(new, struct route_ipv4, &rl->gc);
705  *new = r;
706  new->network = ntohl(((struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr);
707  new->next = rl->routes;
708  rl->routes = new;
709  }
710  }
711  if (netlist)
712  {
713  gc_addspecial(netlist, &gc_freeaddrinfo_callback, &gc);
714  }
715  }
716  }
717 
718  gc_free(&gc);
719  return ret;
720 }
721 
722 /* check whether an IPv6 host address is covered by a given route_ipv6
723  * (not the most beautiful implementation in the world, but portable and
724  * "good enough")
725  */
726 static bool
728  const struct in6_addr *host )
729 {
730  unsigned int bits = r6->netbits;
731  int i;
732  unsigned int mask;
733 
734  if (bits>128)
735  {
736  return false;
737  }
738 
739  for (i = 0; bits >= 8; i++, bits -= 8)
740  {
741  if (r6->network.s6_addr[i] != host->s6_addr[i])
742  {
743  return false;
744  }
745  }
746 
747  if (bits == 0)
748  {
749  return true;
750  }
751 
752  mask = 0xff << (8-bits);
753 
754  if ( (r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask ))
755  {
756  return true;
757  }
758 
759  return false;
760 }
761 
762 bool
764  const struct route_ipv6_option_list *opt6,
765  const char *remote_endpoint,
766  int default_metric,
767  const struct in6_addr *remote_host_ipv6,
768  struct env_set *es,
769  openvpn_net_ctx_t *ctx)
770 {
771  struct gc_arena gc = gc_new();
772  bool ret = true;
773  bool need_remote_ipv6_route;
774 
776 
777  rl6->flags = opt6->flags;
778 
779  if (remote_host_ipv6)
780  {
781  rl6->remote_host_ipv6 = *remote_host_ipv6;
783  }
784 
785  if (default_metric >= 0)
786  {
787  rl6->default_metric = default_metric;
789  }
790 
791  msg(D_ROUTE, "GDG6: remote_host_ipv6=%s",
792  remote_host_ipv6 ? print_in6_addr(*remote_host_ipv6, 0, &gc) : "n/a" );
793 
794  get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6, ctx);
795  if (rl6->rgi6.flags & RGI_ADDR_DEFINED)
796  {
797  setenv_str(es, "net_gateway_ipv6", print_in6_addr(rl6->rgi6.gateway.addr_ipv6, 0, &gc));
798 #if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL)
799  print_default_gateway(D_ROUTE, NULL, &rl6->rgi6);
800 #endif
801  }
802  else
803  {
804  dmsg(D_ROUTE, "ROUTE6: default_gateway=UNDEF");
805  }
806 
807  if (is_route_parm_defined( remote_endpoint ))
808  {
809  if (inet_pton( AF_INET6, remote_endpoint,
810  &rl6->remote_endpoint_ipv6) == 1)
811  {
813  }
814  else
815  {
816  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve VPN endpoint: %s", remote_endpoint);
817  ret = false;
818  }
819  }
820 
821  /* parse the routes from opt6 to rl6
822  * discovering potential overlaps with remote_host_ipv6 in the process
823  */
824  need_remote_ipv6_route = false;
825 
826  {
827  struct route_ipv6_option *ro6;
828  for (ro6 = opt6->routes_ipv6; ro6; ro6 = ro6->next)
829  {
830  struct route_ipv6 *r6;
831  ALLOC_OBJ_GC(r6, struct route_ipv6, &rl6->gc);
832  if (!init_route_ipv6(r6, ro6, rl6))
833  {
834  ret = false;
835  }
836  else
837  {
838  r6->next = rl6->routes_ipv6;
839  rl6->routes_ipv6 = r6;
840 
841 #ifndef TARGET_ANDROID
842  /* On Android the VPNService protect function call will take of
843  * avoiding routing loops, so ignore this part and let
844  * need_remote_ipv6_route always evaluate to false
845  */
846  if (remote_host_ipv6
847  && route_ipv6_match_host( r6, remote_host_ipv6 ) )
848  {
849  need_remote_ipv6_route = true;
850  msg(D_ROUTE, "ROUTE6: %s/%d overlaps IPv6 remote %s, adding host route to VPN endpoint",
851  print_in6_addr(r6->network, 0, &gc), r6->netbits,
852  print_in6_addr(*remote_host_ipv6, 0, &gc));
853  }
854 #endif
855  }
856  }
857  }
858 
859  /* add VPN server host route if needed */
860  if (need_remote_ipv6_route)
861  {
862  if ( (rl6->rgi6.flags & (RGI_ADDR_DEFINED|RGI_IFACE_DEFINED) ) ==
864  {
865  struct route_ipv6 *r6;
866  ALLOC_OBJ_CLEAR_GC(r6, struct route_ipv6, &rl6->gc);
867 
868  r6->network = *remote_host_ipv6;
869  r6->netbits = 128;
870  if (!(rl6->rgi6.flags & RGI_ON_LINK) )
871  {
872  r6->gateway = rl6->rgi6.gateway.addr_ipv6;
873  }
874  r6->metric = 1;
875 #ifdef _WIN32
876  r6->adapter_index = rl6->rgi6.adapter_index;
877 #else
878  r6->iface = rl6->rgi6.iface;
879 #endif
881 
882  r6->next = rl6->routes_ipv6;
883  rl6->routes_ipv6 = r6;
884  }
885  else
886  {
887  msg(M_WARN, "ROUTE6: IPv6 route overlaps with IPv6 remote address, but could not determine IPv6 gateway address + interface, expect failure\n" );
888  }
889  }
890 
891  gc_free(&gc);
892  return ret;
893 }
894 
895 static void
897  in_addr_t netmask,
899  const struct tuntap *tt,
900  unsigned int flags,
901  const struct route_gateway_info *rgi,
902  const struct env_set *es,
903  openvpn_net_ctx_t *ctx)
904 {
905  struct route_ipv4 r;
906  CLEAR(r);
907  r.flags = RT_DEFINED;
908  r.network = network;
909  r.netmask = netmask;
910  r.gateway = gateway;
911  add_route(&r, tt, flags, rgi, es, ctx);
912 }
913 
914 static void
918  const struct tuntap *tt,
919  unsigned int flags,
920  const struct route_gateway_info *rgi,
921  const struct env_set *es,
922  openvpn_net_ctx_t *ctx)
923 {
924  struct route_ipv4 r;
925  CLEAR(r);
927  r.network = network;
928  r.netmask = netmask;
929  r.gateway = gateway;
930  delete_route(&r, tt, flags, rgi, es, ctx);
931 }
932 
933 static void
936  const struct tuntap *tt,
937  unsigned int flags,
938  const struct route_gateway_info *rgi,
939  const struct env_set *es,
940  openvpn_net_ctx_t *ctx)
941 {
942  int i;
943  for (i = 0; i < rb->n_bypass; ++i)
944  {
945  if (rb->bypass[i])
946  {
947  add_route3(rb->bypass[i],
949  gateway,
950  tt,
951  flags | ROUTE_REF_GW,
952  rgi,
953  es,
954  ctx);
955  }
956  }
957 }
958 
959 static void
962  const struct tuntap *tt,
963  unsigned int flags,
964  const struct route_gateway_info *rgi,
965  const struct env_set *es,
966  openvpn_net_ctx_t *ctx)
967 {
968  int i;
969  for (i = 0; i < rb->n_bypass; ++i)
970  {
971  if (rb->bypass[i])
972  {
973  del_route3(rb->bypass[i],
975  gateway,
976  tt,
977  flags | ROUTE_REF_GW,
978  rgi,
979  es,
980  ctx);
981  }
982  }
983 }
984 
985 static void
986 redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt,
987  unsigned int flags, const struct env_set *es,
988  openvpn_net_ctx_t *ctx)
989 {
990  const char err[] = "NOTE: unable to redirect default gateway --";
991 
992  if (rl && rl->flags & RG_ENABLE)
993  {
994  bool local = rl->flags & RG_LOCAL;
995 
996  if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT) && (rl->flags & RG_REROUTE_GW))
997  {
998  msg(M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err);
999  }
1000  /*
1001  * check if a default route is defined, unless:
1002  * - we are connecting to a remote host in our network
1003  * - we are connecting to a non-IPv4 remote host (i.e. we use IPv6)
1004  */
1005  else if (!(rl->rgi.flags & RGI_ADDR_DEFINED) && !local
1006  && (rl->spec.remote_host != IPV4_INVALID_ADDR))
1007  {
1008  msg(M_WARN, "%s Cannot read current default gateway from system", err);
1009  }
1010  else if (!(rl->spec.flags & RTSA_REMOTE_HOST))
1011  {
1012  msg(M_WARN, "%s Cannot obtain current remote host address", err);
1013  }
1014  else
1015  {
1016 #ifndef TARGET_ANDROID
1017  if (rl->flags & RG_AUTO_LOCAL)
1018  {
1019  const int tla = rl->spec.remote_host_local;
1020  if (tla == TLA_NONLOCAL)
1021  {
1022  dmsg(D_ROUTE, "ROUTE remote_host is NOT LOCAL");
1023  local = false;
1024  }
1025  else if (tla == TLA_LOCAL)
1026  {
1027  dmsg(D_ROUTE, "ROUTE remote_host is LOCAL");
1028  local = true;
1029  }
1030  }
1031  if (!local)
1032  {
1033  /* route remote host to original default gateway */
1034  /* if remote_host is not ipv4 (ie: ipv6), just skip
1035  * adding this special /32 route */
1036  if (rl->spec.remote_host != IPV4_INVALID_ADDR)
1037  {
1040  rl->rgi.gateway.addr,
1041  tt,
1042  flags | ROUTE_REF_GW,
1043  &rl->rgi,
1044  es,
1045  ctx);
1046  rl->iflags |= RL_DID_LOCAL;
1047  }
1048  else
1049  {
1050  dmsg(D_ROUTE, "ROUTE remote_host protocol differs from tunneled");
1051  }
1052  }
1053 #endif /* ifndef TARGET_ANDROID */
1054 
1055  /* route DHCP/DNS server traffic through original default gateway */
1056  add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags,
1057  &rl->rgi, es, ctx);
1058 
1059  if (rl->flags & RG_REROUTE_GW)
1060  {
1061  if (rl->flags & RG_DEF1)
1062  {
1063  /* add new default route (1st component) */
1064  add_route3(0x00000000,
1065  0x80000000,
1066  rl->spec.remote_endpoint,
1067  tt,
1068  flags,
1069  &rl->rgi,
1070  es,
1071  ctx);
1072 
1073  /* add new default route (2nd component) */
1074  add_route3(0x80000000,
1075  0x80000000,
1076  rl->spec.remote_endpoint,
1077  tt,
1078  flags,
1079  &rl->rgi,
1080  es,
1081  ctx);
1082  }
1083  else
1084  {
1085  /* don't try to remove the def route if it does not exist */
1086  if (rl->rgi.flags & RGI_ADDR_DEFINED)
1087  {
1088  /* delete default route */
1089  del_route3(0, 0, rl->rgi.gateway.addr, tt,
1090  flags | ROUTE_REF_GW, &rl->rgi, es, ctx);
1091  }
1092 
1093  /* add new default route */
1094  add_route3(0,
1095  0,
1096  rl->spec.remote_endpoint,
1097  tt,
1098  flags,
1099  &rl->rgi,
1100  es,
1101  ctx);
1102  }
1103  }
1104 
1105  /* set a flag so we can undo later */
1107  }
1108  }
1109 }
1110 
1111 static void
1113  const struct tuntap *tt, unsigned int flags,
1114  const struct env_set *es,
1115  openvpn_net_ctx_t *ctx)
1116 {
1117  if (rl && rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY)
1118  {
1119  /* delete remote host route */
1120  if (rl->iflags & RL_DID_LOCAL)
1121  {
1124  rl->rgi.gateway.addr,
1125  tt,
1126  flags | ROUTE_REF_GW,
1127  &rl->rgi,
1128  es,
1129  ctx);
1130  rl->iflags &= ~RL_DID_LOCAL;
1131  }
1132 
1133  /* delete special DHCP/DNS bypass route */
1134  del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags,
1135  &rl->rgi, es, ctx);
1136 
1137  if (rl->flags & RG_REROUTE_GW)
1138  {
1139  if (rl->flags & RG_DEF1)
1140  {
1141  /* delete default route (1st component) */
1142  del_route3(0x00000000,
1143  0x80000000,
1144  rl->spec.remote_endpoint,
1145  tt,
1146  flags,
1147  &rl->rgi,
1148  es,
1149  ctx);
1150 
1151  /* delete default route (2nd component) */
1152  del_route3(0x80000000,
1153  0x80000000,
1154  rl->spec.remote_endpoint,
1155  tt,
1156  flags,
1157  &rl->rgi,
1158  es,
1159  ctx);
1160  }
1161  else
1162  {
1163  /* delete default route */
1164  del_route3(0,
1165  0,
1166  rl->spec.remote_endpoint,
1167  tt,
1168  flags,
1169  &rl->rgi,
1170  es,
1171  ctx);
1172  /* restore original default route if there was any */
1173  if (rl->rgi.flags & RGI_ADDR_DEFINED)
1174  {
1175  add_route3(0, 0, rl->rgi.gateway.addr, tt,
1176  flags | ROUTE_REF_GW, &rl->rgi, es, ctx);
1177  }
1178  }
1179  }
1180 
1182  }
1183 }
1184 
1185 void
1186 add_routes(struct route_list *rl, struct route_ipv6_list *rl6,
1187  const struct tuntap *tt, unsigned int flags,
1188  const struct env_set *es, openvpn_net_ctx_t *ctx)
1189 {
1190  redirect_default_route_to_vpn(rl, tt, flags, es, ctx);
1191  if (rl && !(rl->iflags & RL_ROUTES_ADDED) )
1192  {
1193  struct route_ipv4 *r;
1194 
1195 #ifdef ENABLE_MANAGEMENT
1196  if (management && rl->routes)
1197  {
1200  NULL,
1201  NULL,
1202  NULL,
1203  NULL,
1204  NULL);
1205  }
1206 #endif
1207 
1208  for (r = rl->routes; r; r = r->next)
1209  {
1210  check_subnet_conflict(r->network, r->netmask, "route");
1211  if (flags & ROUTE_DELETE_FIRST)
1212  {
1213  delete_route(r, tt, flags, &rl->rgi, es, ctx);
1214  }
1215  add_route(r, tt, flags, &rl->rgi, es, ctx);
1216  }
1217  rl->iflags |= RL_ROUTES_ADDED;
1218  }
1219  if (rl6 && !(rl6->iflags & RL_ROUTES_ADDED) )
1220  {
1221  struct route_ipv6 *r;
1222 
1223  if (!tt->did_ifconfig_ipv6_setup)
1224  {
1225  msg(M_INFO, "WARNING: OpenVPN was configured to add an IPv6 "
1226  "route over %s. However, no IPv6 has been configured for "
1227  "this interface, therefore the route installation may "
1228  "fail or may not work as expected.", tt->actual_name);
1229  }
1230 
1231  for (r = rl6->routes_ipv6; r; r = r->next)
1232  {
1233  if (flags & ROUTE_DELETE_FIRST)
1234  {
1235  delete_route_ipv6(r, tt, flags, es, ctx);
1236  }
1237  add_route_ipv6(r, tt, flags, es, ctx);
1238  }
1239  rl6->iflags |= RL_ROUTES_ADDED;
1240  }
1241 }
1242 
1243 void
1244 delete_routes(struct route_list *rl, struct route_ipv6_list *rl6,
1245  const struct tuntap *tt, unsigned int flags,
1246  const struct env_set *es, openvpn_net_ctx_t *ctx)
1247 {
1248  if (rl && rl->iflags & RL_ROUTES_ADDED)
1249  {
1250  struct route_ipv4 *r;
1251  for (r = rl->routes; r; r = r->next)
1252  {
1253  delete_route(r, tt, flags, &rl->rgi, es, ctx);
1254  }
1255  rl->iflags &= ~RL_ROUTES_ADDED;
1256  }
1257 
1258  undo_redirect_default_route_to_vpn(rl, tt, flags, es, ctx);
1259 
1260  if (rl)
1261  {
1262  clear_route_list(rl);
1263  }
1264 
1265  if (rl6 && (rl6->iflags & RL_ROUTES_ADDED) )
1266  {
1267  struct route_ipv6 *r6;
1268  for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
1269  {
1270  delete_route_ipv6(r6, tt, flags, es, ctx);
1271  }
1272  rl6->iflags &= ~RL_ROUTES_ADDED;
1273  }
1274 
1275  if (rl6)
1276  {
1277  clear_route_ipv6_list(rl6);
1278  }
1279 }
1280 
1281 #ifndef ENABLE_SMALL
1282 
1283 static const char *
1284 show_opt(const char *option)
1285 {
1286  if (!option)
1287  {
1288  return "default (not set)";
1289  }
1290  else
1291  {
1292  return option;
1293  }
1294 }
1295 
1296 static void
1297 print_route_option(const struct route_option *ro, int level)
1298 {
1299  msg(level, " route %s/%s/%s/%s",
1300  show_opt(ro->network),
1301  show_opt(ro->netmask),
1302  show_opt(ro->gateway),
1303  show_opt(ro->metric));
1304 }
1305 
1306 void
1308  int level)
1309 {
1310  struct route_option *ro;
1311  if (rol->flags & RG_ENABLE)
1312  {
1313  msg(level, " [redirect_default_gateway local=%d]",
1314  (rol->flags & RG_LOCAL) != 0);
1315  }
1316  for (ro = rol->routes; ro; ro = ro->next)
1317  {
1318  print_route_option(ro, level);
1319  }
1320 }
1321 
1322 void
1323 print_default_gateway(const int msglevel,
1324  const struct route_gateway_info *rgi,
1325  const struct route_ipv6_gateway_info *rgi6)
1326 {
1327  struct gc_arena gc = gc_new();
1328  if (rgi && (rgi->flags & RGI_ADDR_DEFINED))
1329  {
1330  struct buffer out = alloc_buf_gc(256, &gc);
1331  buf_printf(&out, "ROUTE_GATEWAY");
1332  if (rgi->flags & RGI_ON_LINK)
1333  {
1334  buf_printf(&out, " ON_LINK");
1335  }
1336  else
1337  {
1338  buf_printf(&out, " %s", print_in_addr_t(rgi->gateway.addr, 0, &gc));
1339  }
1340  if (rgi->flags & RGI_NETMASK_DEFINED)
1341  {
1342  buf_printf(&out, "/%s", print_in_addr_t(rgi->gateway.netmask, 0, &gc));
1343  }
1344 #ifdef _WIN32
1345  if (rgi->flags & RGI_IFACE_DEFINED)
1346  {
1347  buf_printf(&out, " I=%lu", rgi->adapter_index);
1348  }
1349 #else
1350  if (rgi->flags & RGI_IFACE_DEFINED)
1351  {
1352  buf_printf(&out, " IFACE=%s", rgi->iface);
1353  }
1354 #endif
1355  if (rgi->flags & RGI_HWADDR_DEFINED)
1356  {
1357  buf_printf(&out, " HWADDR=%s", format_hex_ex(rgi->hwaddr, 6, 0, 1, ":", &gc));
1358  }
1359  msg(msglevel, "%s", BSTR(&out));
1360  }
1361 
1362  if (rgi6 && (rgi6->flags & RGI_ADDR_DEFINED))
1363  {
1364  struct buffer out = alloc_buf_gc(256, &gc);
1365  buf_printf(&out, "ROUTE6_GATEWAY");
1366  buf_printf(&out, " %s", print_in6_addr(rgi6->gateway.addr_ipv6, 0, &gc));
1367  if (rgi6->flags & RGI_ON_LINK)
1368  {
1369  buf_printf(&out, " ON_LINK");
1370  }
1371  if (rgi6->flags & RGI_NETMASK_DEFINED)
1372  {
1373  buf_printf(&out, "/%d", rgi6->gateway.netbits_ipv6);
1374  }
1375 #ifdef _WIN32
1376  if (rgi6->flags & RGI_IFACE_DEFINED)
1377  {
1378  buf_printf(&out, " I=%lu", rgi6->adapter_index);
1379  }
1380 #else
1381  if (rgi6->flags & RGI_IFACE_DEFINED)
1382  {
1383  buf_printf(&out, " IFACE=%s", rgi6->iface);
1384  }
1385 #endif
1386  if (rgi6->flags & RGI_HWADDR_DEFINED)
1387  {
1388  buf_printf(&out, " HWADDR=%s", format_hex_ex(rgi6->hwaddr, 6, 0, 1, ":", &gc));
1389  }
1390  msg(msglevel, "%s", BSTR(&out));
1391  }
1392  gc_free(&gc);
1393 }
1394 
1395 #endif /* ifndef ENABLE_SMALL */
1396 
1397 static void
1398 print_route(const struct route_ipv4 *r, int level)
1399 {
1400  struct gc_arena gc = gc_new();
1401  if (r->flags & RT_DEFINED)
1402  {
1403  msg(level, "%s", route_string(r, &gc));
1404  }
1405  gc_free(&gc);
1406 }
1407 
1408 void
1409 print_routes(const struct route_list *rl, int level)
1410 {
1411  struct route_ipv4 *r;
1412  for (r = rl->routes; r; r = r->next)
1413  {
1414  print_route(r, level);
1415  }
1416 }
1417 
1418 static void
1419 setenv_route(struct env_set *es, const struct route_ipv4 *r, int i)
1420 {
1421  struct gc_arena gc = gc_new();
1422  if (r->flags & RT_DEFINED)
1423  {
1424  setenv_route_addr(es, "network", r->network, i);
1425  setenv_route_addr(es, "netmask", r->netmask, i);
1426  setenv_route_addr(es, "gateway", r->gateway, i);
1427 
1428  if (r->flags & RT_METRIC_DEFINED)
1429  {
1430  struct buffer name = alloc_buf_gc(256, &gc);
1431  buf_printf(&name, "route_metric_%d", i);
1432  setenv_int(es, BSTR(&name), r->metric);
1433  }
1434  }
1435  gc_free(&gc);
1436 }
1437 
1438 void
1439 setenv_routes(struct env_set *es, const struct route_list *rl)
1440 {
1441  int i = 1;
1442  struct route_ipv4 *r;
1443  for (r = rl->routes; r; r = r->next)
1444  {
1445  setenv_route(es, r, i++);
1446  }
1447 }
1448 
1449 static void
1450 setenv_route_ipv6(struct env_set *es, const struct route_ipv6 *r6, int i)
1451 {
1452  struct gc_arena gc = gc_new();
1453  if (r6->flags & RT_DEFINED)
1454  {
1455  struct buffer name1 = alloc_buf_gc( 256, &gc );
1456  struct buffer val = alloc_buf_gc( 256, &gc );
1457  struct buffer name2 = alloc_buf_gc( 256, &gc );
1458 
1459  buf_printf( &name1, "route_ipv6_network_%d", i );
1460  buf_printf( &val, "%s/%d", print_in6_addr( r6->network, 0, &gc ),
1461  r6->netbits );
1462  setenv_str( es, BSTR(&name1), BSTR(&val) );
1463 
1464  buf_printf( &name2, "route_ipv6_gateway_%d", i );
1465  setenv_str( es, BSTR(&name2), print_in6_addr( r6->gateway, 0, &gc ));
1466  }
1467  gc_free(&gc);
1468 }
1469 void
1470 setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
1471 {
1472  int i = 1;
1473  struct route_ipv6 *r6;
1474  for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
1475  {
1476  setenv_route_ipv6(es, r6, i++);
1477  }
1478 }
1479 
1480 /*
1481  * local_route() determines whether the gateway of a provided host
1482  * route is on the same interface that owns the default gateway.
1483  * It uses the data structure
1484  * returned by get_default_gateway() (struct route_gateway_info)
1485  * to determine this. If the route is local, LR_MATCH is returned.
1486  * When adding routes into the kernel, if LR_MATCH is defined for
1487  * a given route, the route should explicitly reference the default
1488  * gateway interface as the route destination. For example, here
1489  * is an example on Linux that uses LR_MATCH:
1490  *
1491  * route add -net 10.10.0.1 netmask 255.255.255.255 dev eth0
1492  *
1493  * This capability is needed by the "default-gateway block-local"
1494  * directive, to allow client access to the local subnet to be
1495  * blocked but still allow access to the local default gateway.
1496  */
1497 
1498 /* local_route() return values */
1499 #define LR_NOMATCH 0 /* route is not local */
1500 #define LR_MATCH 1 /* route is local */
1501 #define LR_ERROR 2 /* caller should abort adding route */
1502 
1503 static int
1505  in_addr_t netmask,
1507  const struct route_gateway_info *rgi)
1508 {
1509  /* set LR_MATCH on local host routes */
1510  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED|RGI_IFACE_DEFINED);
1511  if (rgi
1512  && (rgi->flags & rgi_needed) == rgi_needed
1513  && gateway == rgi->gateway.addr
1514  && netmask == 0xFFFFFFFF)
1515  {
1516  if (((network ^ rgi->gateway.addr) & rgi->gateway.netmask) == 0)
1517  {
1518  return LR_MATCH;
1519  }
1520  else
1521  {
1522  /* examine additional subnets on gateway interface */
1523  size_t i;
1524  for (i = 0; i < rgi->n_addrs; ++i)
1525  {
1526  const struct route_gateway_address *gwa = &rgi->addrs[i];
1527  if (((network ^ gwa->addr) & gwa->netmask) == 0)
1528  {
1529  return LR_MATCH;
1530  }
1531  }
1532  }
1533  }
1534  return LR_NOMATCH;
1535 }
1536 
1537 /* Return true if the "on-link" form of the route should be used. This is when the gateway for a
1538  * a route is specified as an interface rather than an address. */
1539 static inline bool
1540 is_on_link(const int is_local_route, const unsigned int flags, const struct route_gateway_info *rgi)
1541 {
1542  return rgi && (is_local_route == LR_MATCH || ((flags & ROUTE_REF_GW) && (rgi->flags & RGI_ON_LINK)));
1543 }
1544 
1545 void
1547  const struct tuntap *tt,
1548  unsigned int flags,
1549  const struct route_gateway_info *rgi, /* may be NULL */
1550  const struct env_set *es,
1551  openvpn_net_ctx_t *ctx)
1552 {
1553  struct gc_arena gc;
1554  struct argv argv = argv_new();
1555 #if !defined(TARGET_LINUX)
1556  const char *network;
1557 #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
1558  const char *netmask;
1559 #endif
1560  const char *gateway;
1561 #else
1562  const char *iface;
1563  int metric;
1564 #endif
1565  bool status = false;
1566  int is_local_route;
1567 
1568  if (!(r->flags & RT_DEFINED))
1569  {
1570  return;
1571  }
1572 
1573  gc_init(&gc);
1574 
1575 #if !defined(TARGET_LINUX)
1576  network = print_in_addr_t(r->network, 0, &gc);
1577 #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
1578  netmask = print_in_addr_t(r->netmask, 0, &gc);
1579 #endif
1580  gateway = print_in_addr_t(r->gateway, 0, &gc);
1581 #endif
1582 
1583  is_local_route = local_route(r->network, r->netmask, r->gateway, rgi);
1584  if (is_local_route == LR_ERROR)
1585  {
1586  goto done;
1587  }
1588 
1589 #if defined(TARGET_LINUX)
1590  iface = NULL;
1591  if (is_on_link(is_local_route, flags, rgi))
1592  {
1593  iface = rgi->iface;
1594  }
1595 
1596  metric = -1;
1597  if (r->flags & RT_METRIC_DEFINED)
1598  {
1599  metric = r->metric;
1600  }
1601 
1602  status = true;
1603  if (net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask),
1604  &r->gateway, iface, 0, metric) < 0)
1605  {
1606  msg(M_WARN, "ERROR: Linux route add command failed");
1607  status = false;
1608  }
1609 
1610 #elif defined (TARGET_ANDROID)
1611  char out[128];
1612 
1613  if (rgi)
1614  {
1615  openvpn_snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface);
1616  }
1617  else
1618  {
1619  openvpn_snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway);
1620  }
1621  management_android_control(management, "ROUTE", out);
1622 
1623 #elif defined (_WIN32)
1624  {
1625  DWORD ai = TUN_ADAPTER_INDEX_INVALID;
1626  argv_printf(&argv, "%s%sc ADD %s MASK %s %s",
1627  get_win_sys_path(),
1629  network,
1630  netmask,
1631  gateway);
1632  if (r->flags & RT_METRIC_DEFINED)
1633  {
1634  argv_printf_cat(&argv, "METRIC %d", r->metric);
1635  }
1636  if (is_on_link(is_local_route, flags, rgi))
1637  {
1638  ai = rgi->adapter_index;
1639  argv_printf_cat(&argv, "IF %lu", ai);
1640  }
1641 
1642  argv_msg(D_ROUTE, &argv);
1643 
1644  if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_SERVICE)
1645  {
1646  status = add_route_service(r, tt);
1647  msg(D_ROUTE, "Route addition via service %s", status ? "succeeded" : "failed");
1648  }
1649  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
1650  {
1651  status = add_route_ipapi(r, tt, ai);
1652  msg(D_ROUTE, "Route addition via IPAPI %s", status ? "succeeded" : "failed");
1653  }
1654  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
1655  {
1657  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add command failed");
1659  }
1660  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
1661  {
1662  status = add_route_ipapi(r, tt, ai);
1663  msg(D_ROUTE, "Route addition via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
1664  if (!status)
1665  {
1666  msg(D_ROUTE, "Route addition fallback to route.exe");
1668  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add command failed [adaptive]");
1670  }
1671  }
1672  else
1673  {
1674  ASSERT(0);
1675  }
1676  }
1677 
1678 #elif defined (TARGET_SOLARIS)
1679 
1680  /* example: route add 192.0.2.32 -netmask 255.255.255.224 somegateway */
1681 
1682  argv_printf(&argv, "%s add",
1683  ROUTE_PATH);
1684 
1685  argv_printf_cat(&argv, "%s -netmask %s %s",
1686  network,
1687  netmask,
1688  gateway);
1689 
1690  /* Solaris can only distinguish between "metric 0" == "on-link on the
1691  * interface where the IP address given is configured" and "metric > 0"
1692  * == "use gateway specified" (no finer-grained route metrics available)
1693  *
1694  * More recent versions of Solaris can also do "-interface", but that
1695  * would break backwards compatibility with older versions for no gain.
1696  */
1697  if (r->flags & RT_METRIC_DEFINED)
1698  {
1699  argv_printf_cat(&argv, "%d", r->metric);
1700  }
1701 
1702  argv_msg(D_ROUTE, &argv);
1703  status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
1704 
1705 #elif defined(TARGET_FREEBSD)
1706 
1707  argv_printf(&argv, "%s add",
1708  ROUTE_PATH);
1709 
1710 #if 0
1711  if (r->flags & RT_METRIC_DEFINED)
1712  {
1713  argv_printf_cat(&argv, "-rtt %d", r->metric);
1714  }
1715 #endif
1716 
1717  argv_printf_cat(&argv, "-net %s %s %s",
1718  network,
1719  gateway,
1720  netmask);
1721 
1722  /* FIXME -- add on-link support for FreeBSD */
1723 
1724  argv_msg(D_ROUTE, &argv);
1725  status = openvpn_execve_check(&argv, es, 0, "ERROR: FreeBSD route add command failed");
1726 
1727 #elif defined(TARGET_DRAGONFLY)
1728 
1729  argv_printf(&argv, "%s add",
1730  ROUTE_PATH);
1731 
1732 #if 0
1733  if (r->flags & RT_METRIC_DEFINED)
1734  {
1735  argv_printf_cat(&argv, "-rtt %d", r->metric);
1736  }
1737 #endif
1738 
1739  argv_printf_cat(&argv, "-net %s %s %s",
1740  network,
1741  gateway,
1742  netmask);
1743 
1744  /* FIXME -- add on-link support for Dragonfly */
1745 
1746  argv_msg(D_ROUTE, &argv);
1747  status = openvpn_execve_check(&argv, es, 0, "ERROR: DragonFly route add command failed");
1748 
1749 #elif defined(TARGET_DARWIN)
1750 
1751  argv_printf(&argv, "%s add",
1752  ROUTE_PATH);
1753 
1754 #if 0
1755  if (r->flags & RT_METRIC_DEFINED)
1756  {
1757  argv_printf_cat(&argv, "-rtt %d", r->metric);
1758  }
1759 #endif
1760 
1761  if (is_on_link(is_local_route, flags, rgi))
1762  {
1763  /* Mac OS X route syntax for ON_LINK:
1764  * route add -cloning -net 10.10.0.1 -netmask 255.255.255.255 -interface en0 */
1765  argv_printf_cat(&argv, "-cloning -net %s -netmask %s -interface %s",
1766  network,
1767  netmask,
1768  rgi->iface);
1769  }
1770  else
1771  {
1772  argv_printf_cat(&argv, "-net %s %s %s",
1773  network,
1774  gateway,
1775  netmask);
1776  }
1777 
1778  argv_msg(D_ROUTE, &argv);
1779  status = openvpn_execve_check(&argv, es, 0, "ERROR: OS X route add command failed");
1780 
1781 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1782 
1783  argv_printf(&argv, "%s add",
1784  ROUTE_PATH);
1785 
1786 #if 0
1787  if (r->flags & RT_METRIC_DEFINED)
1788  {
1789  argv_printf_cat(&argv, "-rtt %d", r->metric);
1790  }
1791 #endif
1792 
1793  argv_printf_cat(&argv, "-net %s %s -netmask %s",
1794  network,
1795  gateway,
1796  netmask);
1797 
1798  /* FIXME -- add on-link support for OpenBSD/NetBSD */
1799 
1800  argv_msg(D_ROUTE, &argv);
1801  status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed");
1802 
1803 #elif defined(TARGET_AIX)
1804 
1805  {
1806  int netbits = netmask_to_netbits2(r->netmask);
1807  argv_printf(&argv, "%s add -net %s/%d %s",
1808  ROUTE_PATH,
1809  network, netbits, gateway);
1810  argv_msg(D_ROUTE, &argv);
1811  status = openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
1812  }
1813 
1814 #else /* if defined(TARGET_LINUX) */
1815  msg(M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1816 #endif /* if defined(TARGET_LINUX) */
1817 
1818 done:
1819  if (status)
1820  {
1821  r->flags |= RT_ADDED;
1822  }
1823  else
1824  {
1825  r->flags &= ~RT_ADDED;
1826  }
1827  argv_reset(&argv);
1828  gc_free(&gc);
1829 }
1830 
1831 
1832 void
1834 {
1835  /* clear host bit parts of route
1836  * (needed if routes are specified improperly, or if we need to
1837  * explicitly setup/clear the "connected" network routes on some OSes)
1838  */
1839  int byte = 15;
1840  int bits_to_clear = 128 - r6->netbits;
1841 
1842  while (byte >= 0 && bits_to_clear > 0)
1843  {
1844  if (bits_to_clear >= 8)
1845  {
1846  r6->network.s6_addr[byte--] = 0; bits_to_clear -= 8;
1847  }
1848  else
1849  {
1850  r6->network.s6_addr[byte--] &= (0xff << bits_to_clear); bits_to_clear = 0;
1851  }
1852  }
1853 }
1854 
1855 void
1856 add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt,
1857  unsigned int flags, const struct env_set *es,
1858  openvpn_net_ctx_t *ctx)
1859 {
1860  struct gc_arena gc;
1861  struct argv argv = argv_new();
1862 
1863  const char *network;
1864  const char *gateway;
1865  bool status = false;
1866  const char *device = tt->actual_name;
1867 #if defined(TARGET_LINUX)
1868  int metric;
1869 #endif
1870  bool gateway_needed = false;
1871 
1872  if (!(r6->flags & RT_DEFINED) )
1873  {
1874  return;
1875  }
1876 
1877 #ifndef _WIN32
1878  if (r6->iface != NULL) /* vpn server special route */
1879  {
1880  device = r6->iface;
1881  if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
1882  {
1883  gateway_needed = true;
1884  }
1885  }
1886 #endif
1887 
1888  gc_init(&gc);
1889 
1891 
1892  network = print_in6_addr( r6->network, 0, &gc);
1893  gateway = print_in6_addr( r6->gateway, 0, &gc);
1894 
1895 #if defined(TARGET_DARWIN) \
1896  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
1897  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1898 
1899  /* the BSD platforms cannot specify gateway and interface independently,
1900  * but for link-local destinations, we MUST specify the interface, so
1901  * we build a combined "$gateway%$interface" gateway string
1902  */
1903  if (r6->iface != NULL && gateway_needed
1904  && IN6_IS_ADDR_LINKLOCAL(&r6->gateway) ) /* fe80::...%intf */
1905  {
1906  int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
1907  char *tmp = gc_malloc( len, true, &gc );
1908  snprintf( tmp, len, "%s%%%s", gateway, r6->iface );
1909  gateway = tmp;
1910  }
1911 #endif
1912 
1913  msg( M_INFO, "add_route_ipv6(%s/%d -> %s metric %d) dev %s",
1914  network, r6->netbits, gateway, r6->metric, device );
1915 
1916  /*
1917  * Filter out routes which are essentially no-ops
1918  * (not currently done for IPv6)
1919  */
1920 
1921  /* On "tun" interface, we never set a gateway if the operating system
1922  * can do "route to interface" - it does not add value, as the target
1923  * dev already fully qualifies the route destination on point-to-point
1924  * interfaces. OTOH, on "tap" interface, we must always set the
1925  * gateway unless the route is to be an on-link network
1926  */
1927  if (tt->type == DEV_TYPE_TAP
1928  && !( (r6->flags & RT_METRIC_DEFINED) && r6->metric == 0 ) )
1929  {
1930  gateway_needed = true;
1931  }
1932 
1933  if (gateway_needed && IN6_IS_ADDR_UNSPECIFIED(&r6->gateway))
1934  {
1935  msg(M_WARN, "ROUTE6 WARNING: " PACKAGE_NAME " needs a gateway "
1936  "parameter for a --route-ipv6 option and no default was set via "
1937  "--ifconfig-ipv6 or --route-ipv6-gateway option. Not installing "
1938  "IPv6 route to %s/%d.", network, r6->netbits);
1939  status = false;
1940  goto done;
1941  }
1942 
1943 #if defined(TARGET_LINUX)
1944  metric = -1;
1945  if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0))
1946  {
1947  metric = r6->metric;
1948  }
1949 
1950  status = true;
1951  if (net_route_v6_add(ctx, &r6->network, r6->netbits,
1952  gateway_needed ? &r6->gateway : NULL, device, 0,
1953  metric) < 0)
1954  {
1955  msg(M_WARN, "ERROR: Linux IPv6 route can't be added");
1956  status = false;
1957  }
1958 
1959 #elif defined (TARGET_ANDROID)
1960  char out[64];
1961 
1962  openvpn_snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device);
1963 
1964  management_android_control(management, "ROUTE6", out);
1965 
1966 #elif defined (_WIN32)
1967 
1968  if (tt->options.msg_channel)
1969  {
1970  status = add_route_ipv6_service(r6, tt);
1971  }
1972  else
1973  {
1974  struct buffer out = alloc_buf_gc(64, &gc);
1975  if (r6->adapter_index) /* vpn server special route */
1976  {
1977  buf_printf(&out, "interface=%lu", r6->adapter_index );
1978  gateway_needed = true;
1979  }
1980  else
1981  {
1982  buf_printf(&out, "interface=%lu", tt->adapter_index );
1983  }
1984  device = buf_bptr(&out);
1985 
1986  /* netsh interface ipv6 add route 2001:db8::/32 MyTunDevice */
1987  argv_printf(&argv, "%s%sc interface ipv6 add route %s/%d %s",
1988  get_win_sys_path(),
1990  network,
1991  r6->netbits,
1992  device);
1993 
1994  /* next-hop depends on TUN or TAP mode:
1995  * - in TAP mode, we use the "real" next-hop
1996  * - in TUN mode we use a special-case link-local address that the tapdrvr
1997  * knows about and will answer ND (neighbor discovery) packets for
1998  */
1999  if (tt->type == DEV_TYPE_TUN && !gateway_needed)
2000  {
2001  argv_printf_cat( &argv, " %s", "fe80::8" );
2002  }
2003  else if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
2004  {
2005  argv_printf_cat( &argv, " %s", gateway );
2006  }
2007 
2008 #if 0
2009  if (r6->flags & RT_METRIC_DEFINED)
2010  {
2011  argv_printf_cat(&argv, " METRIC %d", r->metric);
2012  }
2013 #endif
2014 
2015  /* in some versions of Windows, routes are persistent across reboots by
2016  * default, unless "store=active" is set (pointed out by Tony Lim, thanks)
2017  */
2018  argv_printf_cat( &argv, " store=active" );
2019 
2020  argv_msg(D_ROUTE, &argv);
2021 
2023  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add ipv6 command failed");
2025  }
2026 
2027 #elif defined (TARGET_SOLARIS)
2028 
2029  /* example: route add -inet6 2001:db8::/32 somegateway 0 */
2030 
2031  /* for some reason, routes to tun/tap do not work for me unless I set
2032  * "metric 0" - otherwise, the routes will be nicely installed, but
2033  * packets will just disappear somewhere. So we always use "0" now,
2034  * unless the route points to "gateway on other interface"...
2035  *
2036  * (Note: OpenSolaris can not specify host%interface gateways, so we just
2037  * use the GW addresses - it seems to still work for fe80:: addresses,
2038  * however this is done internally. NUD maybe?)
2039  */
2040  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2041  ROUTE_PATH,
2042  network,
2043  r6->netbits,
2044  gateway );
2045 
2046  /* on tun/tap, not "elsewhere"? -> metric 0 */
2047  if (!r6->iface)
2048  {
2049  argv_printf_cat(&argv, "0");
2050  }
2051 
2052  argv_msg(D_ROUTE, &argv);
2053  status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
2054 
2055 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
2056 
2057  argv_printf(&argv, "%s add -inet6 %s/%d",
2058  ROUTE_PATH,
2059  network,
2060  r6->netbits);
2061 
2062  if (gateway_needed)
2063  {
2064  argv_printf_cat(&argv, "%s", gateway);
2065  }
2066  else
2067  {
2068  argv_printf_cat(&argv, "-iface %s", device);
2069  }
2070 
2071  argv_msg(D_ROUTE, &argv);
2072  status = openvpn_execve_check(&argv, es, 0, "ERROR: *BSD route add -inet6 command failed");
2073 
2074 #elif defined(TARGET_DARWIN)
2075 
2076  argv_printf(&argv, "%s add -inet6 %s -prefixlen %d",
2077  ROUTE_PATH,
2078  network, r6->netbits );
2079 
2080  if (gateway_needed)
2081  {
2082  argv_printf_cat(&argv, "%s", gateway);
2083  }
2084  else
2085  {
2086  argv_printf_cat(&argv, "-iface %s", device);
2087  }
2088 
2089  argv_msg(D_ROUTE, &argv);
2090  status = openvpn_execve_check(&argv, es, 0, "ERROR: MacOS X route add -inet6 command failed");
2091 
2092 #elif defined(TARGET_OPENBSD)
2093 
2094  argv_printf(&argv, "%s add -inet6 %s -prefixlen %d %s",
2095  ROUTE_PATH,
2096  network, r6->netbits, gateway );
2097 
2098  argv_msg(D_ROUTE, &argv);
2099  status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD route add -inet6 command failed");
2100 
2101 #elif defined(TARGET_NETBSD)
2102 
2103  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2104  ROUTE_PATH,
2105  network, r6->netbits, gateway );
2106 
2107  argv_msg(D_ROUTE, &argv);
2108  status = openvpn_execve_check(&argv, es, 0, "ERROR: NetBSD route add -inet6 command failed");
2109 
2110 #elif defined(TARGET_AIX)
2111 
2112  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2113  ROUTE_PATH,
2114  network, r6->netbits, gateway);
2115  argv_msg(D_ROUTE, &argv);
2116  status = openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
2117 
2118 #else /* if defined(TARGET_LINUX) */
2119  msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script");
2120 #endif /* if defined(TARGET_LINUX) */
2121 
2122 done:
2123  if (status)
2124  {
2125  r6->flags |= RT_ADDED;
2126  }
2127  else
2128  {
2129  r6->flags &= ~RT_ADDED;
2130  }
2131  argv_reset(&argv);
2132  gc_free(&gc);
2133 }
2134 
2135 static void
2137  const struct tuntap *tt,
2138  unsigned int flags,
2139  const struct route_gateway_info *rgi,
2140  const struct env_set *es,
2141  openvpn_net_ctx_t *ctx)
2142 {
2143  struct gc_arena gc;
2144  struct argv argv = argv_new();
2145 #if !defined(TARGET_LINUX)
2146  const char *network;
2147 #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
2148  const char *netmask;
2149 #endif
2150 #if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID)
2151  const char *gateway;
2152 #endif
2153 #else
2154  int metric;
2155 #endif
2156  int is_local_route;
2157 
2158  if ((r->flags & (RT_DEFINED|RT_ADDED)) != (RT_DEFINED|RT_ADDED))
2159  {
2160  return;
2161  }
2162 
2163  gc_init(&gc);
2164 
2165 #if !defined(TARGET_LINUX)
2166  network = print_in_addr_t(r->network, 0, &gc);
2167 #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
2168  netmask = print_in_addr_t(r->netmask, 0, &gc);
2169 #endif
2170 #if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID)
2171  gateway = print_in_addr_t(r->gateway, 0, &gc);
2172 #endif
2173 #endif
2174 
2175  is_local_route = local_route(r->network, r->netmask, r->gateway, rgi);
2176  if (is_local_route == LR_ERROR)
2177  {
2178  goto done;
2179  }
2180 
2181 #if defined(TARGET_LINUX)
2182  metric = -1;
2183  if (r->flags & RT_METRIC_DEFINED)
2184  {
2185  metric = r->metric;
2186  }
2187 
2188  if (net_route_v4_del(ctx, &r->network, netmask_to_netbits2(r->netmask),
2189  &r->gateway, NULL, 0, metric) < 0)
2190  {
2191  msg(M_WARN, "ERROR: Linux route delete command failed");
2192  }
2193 #elif defined (_WIN32)
2194 
2195  argv_printf(&argv, "%s%sc DELETE %s MASK %s %s",
2196  get_win_sys_path(),
2198  network,
2199  netmask,
2200  gateway);
2201 
2202  argv_msg(D_ROUTE, &argv);
2203 
2204  if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_SERVICE)
2205  {
2206  const bool status = del_route_service(r, tt);
2207  msg(D_ROUTE, "Route deletion via service %s", status ? "succeeded" : "failed");
2208  }
2209  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
2210  {
2211  const bool status = del_route_ipapi(r, tt);
2212  msg(D_ROUTE, "Route deletion via IPAPI %s", status ? "succeeded" : "failed");
2213  }
2214  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
2215  {
2217  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete command failed");
2219  }
2220  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
2221  {
2222  const bool status = del_route_ipapi(r, tt);
2223  msg(D_ROUTE, "Route deletion via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
2224  if (!status)
2225  {
2226  msg(D_ROUTE, "Route deletion fallback to route.exe");
2228  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete command failed [adaptive]");
2230  }
2231  }
2232  else
2233  {
2234  ASSERT(0);
2235  }
2236 
2237 #elif defined (TARGET_SOLARIS)
2238 
2239  argv_printf(&argv, "%s delete %s -netmask %s %s",
2240  ROUTE_PATH,
2241  network,
2242  netmask,
2243  gateway);
2244 
2245  argv_msg(D_ROUTE, &argv);
2246  openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
2247 
2248 #elif defined(TARGET_FREEBSD)
2249 
2250  argv_printf(&argv, "%s delete -net %s %s %s",
2251  ROUTE_PATH,
2252  network,
2253  gateway,
2254  netmask);
2255 
2256  argv_msg(D_ROUTE, &argv);
2257  openvpn_execve_check(&argv, es, 0, "ERROR: FreeBSD route delete command failed");
2258 
2259 #elif defined(TARGET_DRAGONFLY)
2260 
2261  argv_printf(&argv, "%s delete -net %s %s %s",
2262  ROUTE_PATH,
2263  network,
2264  gateway,
2265  netmask);
2266 
2267  argv_msg(D_ROUTE, &argv);
2268  openvpn_execve_check(&argv, es, 0, "ERROR: DragonFly route delete command failed");
2269 
2270 #elif defined(TARGET_DARWIN)
2271 
2272  if (is_on_link(is_local_route, flags, rgi))
2273  {
2274  argv_printf(&argv, "%s delete -cloning -net %s -netmask %s -interface %s",
2275  ROUTE_PATH,
2276  network,
2277  netmask,
2278  rgi->iface);
2279  }
2280  else
2281  {
2282  argv_printf(&argv, "%s delete -net %s %s %s",
2283  ROUTE_PATH,
2284  network,
2285  gateway,
2286  netmask);
2287  }
2288 
2289  argv_msg(D_ROUTE, &argv);
2290  openvpn_execve_check(&argv, es, 0, "ERROR: OS X route delete command failed");
2291 
2292 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
2293 
2294  argv_printf(&argv, "%s delete -net %s %s -netmask %s",
2295  ROUTE_PATH,
2296  network,
2297  gateway,
2298  netmask);
2299 
2300  argv_msg(D_ROUTE, &argv);
2301  openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route delete command failed");
2302 
2303 #elif defined(TARGET_ANDROID)
2304  msg(M_NONFATAL, "Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.");
2305 
2306 #elif defined(TARGET_AIX)
2307 
2308  {
2309  int netbits = netmask_to_netbits2(r->netmask);
2310  argv_printf(&argv, "%s delete -net %s/%d %s",
2311  ROUTE_PATH,
2312  network, netbits, gateway);
2313  argv_msg(D_ROUTE, &argv);
2314  openvpn_execve_check(&argv, es, 0, "ERROR: AIX route delete command failed");
2315  }
2316 
2317 #else /* if defined(TARGET_LINUX) */
2318  msg(M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
2319 #endif /* if defined(TARGET_LINUX) */
2320 
2321 done:
2322  r->flags &= ~RT_ADDED;
2323  argv_reset(&argv);
2324  gc_free(&gc);
2325 }
2326 
2327 void
2328 delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt,
2329  unsigned int flags, const struct env_set *es,
2330  openvpn_net_ctx_t *ctx)
2331 {
2332  struct gc_arena gc;
2333  struct argv argv = argv_new();
2334  const char *network;
2335 #if !defined(TARGET_LINUX)
2336  const char *gateway;
2337 #else
2338  int metric;
2339 #endif
2340  const char *device = tt->actual_name;
2341  bool gateway_needed = false;
2342 
2343  if ((r6->flags & (RT_DEFINED|RT_ADDED)) != (RT_DEFINED|RT_ADDED))
2344  {
2345  return;
2346  }
2347 
2348 #ifndef _WIN32
2349  if (r6->iface != NULL) /* vpn server special route */
2350  {
2351  device = r6->iface;
2352  gateway_needed = true;
2353  }
2354 #endif
2355 
2356  gc_init(&gc);
2357 
2358  network = print_in6_addr( r6->network, 0, &gc);
2359 #if !defined(TARGET_LINUX)
2360  gateway = print_in6_addr( r6->gateway, 0, &gc);
2361 #endif
2362 
2363 #if defined(TARGET_DARWIN) \
2364  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
2365  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
2366 
2367  /* the BSD platforms cannot specify gateway and interface independently,
2368  * but for link-local destinations, we MUST specify the interface, so
2369  * we build a combined "$gateway%$interface" gateway string
2370  */
2371  if (r6->iface != NULL && gateway_needed
2372  && IN6_IS_ADDR_LINKLOCAL(&r6->gateway) ) /* fe80::...%intf */
2373  {
2374  int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
2375  char *tmp = gc_malloc( len, true, &gc );
2376  snprintf( tmp, len, "%s%%%s", gateway, r6->iface );
2377  gateway = tmp;
2378  }
2379 #endif
2380 
2381  msg( M_INFO, "delete_route_ipv6(%s/%d)", network, r6->netbits );
2382 
2383  /* if we used a gateway on "add route", we also need to specify it on
2384  * delete, otherwise some OSes will refuse to delete the route
2385  */
2386  if (tt->type == DEV_TYPE_TAP
2387  && !( (r6->flags & RT_METRIC_DEFINED) && r6->metric == 0 ) )
2388  {
2389  gateway_needed = true;
2390  }
2391 
2392 #if defined(TARGET_LINUX)
2393  metric = -1;
2394  if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0))
2395  {
2396  metric = r6->metric;
2397  }
2398 
2399  if (net_route_v6_del(ctx, &r6->network, r6->netbits,
2400  gateway_needed ? &r6->gateway : NULL, device, 0,
2401  metric) < 0)
2402  {
2403  msg(M_WARN, "ERROR: Linux route v6 delete command failed");
2404  }
2405 
2406 #elif defined (_WIN32)
2407 
2408  if (tt->options.msg_channel)
2409  {
2410  del_route_ipv6_service(r6, tt);
2411  }
2412  else
2413  {
2414  struct buffer out = alloc_buf_gc(64, &gc);
2415  if (r6->adapter_index) /* vpn server special route */
2416  {
2417  buf_printf(&out, "interface=%lu", r6->adapter_index );
2418  gateway_needed = true;
2419  }
2420  else
2421  {
2422  buf_printf(&out, "interface=%lu", tt->adapter_index );
2423  }
2424  device = buf_bptr(&out);
2425 
2426  /* netsh interface ipv6 delete route 2001:db8::/32 MyTunDevice */
2427  argv_printf(&argv, "%s%sc interface ipv6 delete route %s/%d %s",
2428  get_win_sys_path(),
2430  network,
2431  r6->netbits,
2432  device);
2433 
2434  /* next-hop depends on TUN or TAP mode:
2435  * - in TAP mode, we use the "real" next-hop
2436  * - in TUN mode we use a special-case link-local address that the tapdrvr
2437  * knows about and will answer ND (neighbor discovery) packets for
2438  * (and "route deletion without specifying next-hop" does not work...)
2439  */
2440  if (tt->type == DEV_TYPE_TUN && !gateway_needed)
2441  {
2442  argv_printf_cat( &argv, " %s", "fe80::8" );
2443  }
2444  else if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
2445  {
2446  argv_printf_cat( &argv, " %s", gateway );
2447  }
2448 
2449 #if 0
2450  if (r6->flags & RT_METRIC_DEFINED)
2451  {
2452  argv_printf_cat(&argv, "METRIC %d", r->metric);
2453  }
2454 #endif
2455 
2456  /* Windows XP to 7 "just delete" routes, wherever they came from, but
2457  * in Windows 8(.1?), if you create them with "store=active", this is
2458  * how you should delete them as well (pointed out by Cedric Tabary)
2459  */
2460  argv_printf_cat( &argv, " store=active" );
2461 
2462  argv_msg(D_ROUTE, &argv);
2463 
2465  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete ipv6 command failed");
2467  }
2468 
2469 #elif defined (TARGET_SOLARIS)
2470 
2471  /* example: route delete -inet6 2001:db8::/32 somegateway */
2472 
2473  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2474  ROUTE_PATH,
2475  network,
2476  r6->netbits,
2477  gateway );
2478 
2479  argv_msg(D_ROUTE, &argv);
2480  openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
2481 
2482 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
2483 
2484  argv_printf(&argv, "%s delete -inet6 %s/%d",
2485  ROUTE_PATH,
2486  network,
2487  r6->netbits );
2488 
2489  if (gateway_needed)
2490  {
2491  argv_printf_cat(&argv, "%s", gateway);
2492  }
2493  else
2494  {
2495  argv_printf_cat(&argv, "-iface %s", device);
2496  }
2497 
2498  argv_msg(D_ROUTE, &argv);
2499  openvpn_execve_check(&argv, es, 0, "ERROR: *BSD route delete -inet6 command failed");
2500 
2501 #elif defined(TARGET_DARWIN)
2502 
2503  argv_printf(&argv, "%s delete -inet6 %s -prefixlen %d",
2504  ROUTE_PATH,
2505  network, r6->netbits );
2506 
2507  if (gateway_needed)
2508  {
2509  argv_printf_cat(&argv, "%s", gateway);
2510  }
2511  else
2512  {
2513  argv_printf_cat(&argv, "-iface %s", device);
2514  }
2515 
2516  argv_msg(D_ROUTE, &argv);
2517  openvpn_execve_check(&argv, es, 0, "ERROR: MacOS X route delete -inet6 command failed");
2518 
2519 #elif defined(TARGET_OPENBSD)
2520 
2521  argv_printf(&argv, "%s delete -inet6 %s -prefixlen %d %s",
2522  ROUTE_PATH,
2523  network, r6->netbits, gateway );
2524 
2525  argv_msg(D_ROUTE, &argv);
2526  openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD route delete -inet6 command failed");
2527 
2528 #elif defined(TARGET_NETBSD)
2529 
2530  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2531  ROUTE_PATH,
2532  network, r6->netbits, gateway );
2533 
2534  argv_msg(D_ROUTE, &argv);
2535  openvpn_execve_check(&argv, es, 0, "ERROR: NetBSD route delete -inet6 command failed");
2536 
2537 #elif defined(TARGET_AIX)
2538 
2539  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2540  ROUTE_PATH,
2541  network, r6->netbits, gateway);
2542  argv_msg(D_ROUTE, &argv);
2543  openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
2544 
2545 #else /* if defined(TARGET_LINUX) */
2546  msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-down script");
2547 #endif /* if defined(TARGET_LINUX) */
2548 
2549  argv_reset(&argv);
2550  gc_free(&gc);
2551 }
2552 
2553 /*
2554  * The --redirect-gateway option requires OS-specific code below
2555  * to get the current default gateway.
2556  */
2557 
2558 #if defined(_WIN32)
2559 
2560 static const MIB_IPFORWARDTABLE *
2562 {
2563  ULONG size = 0;
2564  PMIB_IPFORWARDTABLE rt = NULL;
2565  DWORD status;
2566 
2567  status = GetIpForwardTable(NULL, &size, TRUE);
2568  if (status == ERROR_INSUFFICIENT_BUFFER)
2569  {
2570  rt = (PMIB_IPFORWARDTABLE) gc_malloc(size, false, gc);
2571  status = GetIpForwardTable(rt, &size, TRUE);
2572  if (status != NO_ERROR)
2573  {
2574  msg(D_ROUTE, "NOTE: GetIpForwardTable returned error: %s (code=%u)",
2575  strerror_win32(status, gc),
2576  (unsigned int)status);
2577  rt = NULL;
2578  }
2579  }
2580  return rt;
2581 }
2582 
2583 static int
2584 test_route(const IP_ADAPTER_INFO *adapters,
2585  const in_addr_t gateway,
2586  DWORD *index)
2587 {
2588  int count = 0;
2589  DWORD i = adapter_index_of_ip(adapters, gateway, &count, NULL);
2590  if (index)
2591  {
2592  *index = i;
2593  }
2594  return count;
2595 }
2596 
2597 static void
2599  int *count,
2600  int *good,
2601  int *ambig,
2602  const IP_ADAPTER_INFO *adapters,
2603  const in_addr_t gateway)
2604 {
2605  int c;
2606 
2607  ++*count;
2608  c = test_route(adapters, gateway, NULL);
2609  if (c == 0)
2610  {
2611  *ret = false;
2612  }
2613  else
2614  {
2615  ++*good;
2616  }
2617  if (c > 1)
2618  {
2619  ++*ambig;
2620  }
2621 }
2622 
2623 /*
2624  * If we tried to add routes now, would we succeed?
2625  */
2626 bool
2627 test_routes(const struct route_list *rl, const struct tuntap *tt)
2628 {
2629  struct gc_arena gc = gc_new();
2630  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2631  bool ret = false;
2632  int count = 0;
2633  int good = 0;
2634  int ambig = 0;
2635  int len = -1;
2636  bool adapter_up = false;
2637 
2638  if (is_adapter_up(tt, adapters))
2639  {
2640  ret = true;
2641  adapter_up = true;
2642 
2643  /* we do this test only if we have IPv4 routes to install, and if
2644  * the tun/tap interface has seen IPv4 ifconfig - because if we
2645  * have no IPv4, the check will always fail, failing tun init
2646  */
2647  if (rl && tt->did_ifconfig_setup)
2648  {
2649  struct route_ipv4 *r;
2650  for (r = rl->routes, len = 0; r; r = r->next, ++len)
2651  {
2652  test_route_helper(&ret, &count, &good, &ambig, adapters, r->gateway);
2653  }
2654 
2655  if ((rl->flags & RG_ENABLE) && (rl->spec.flags & RTSA_REMOTE_ENDPOINT))
2656  {
2657  test_route_helper(&ret, &count, &good, &ambig, adapters, rl->spec.remote_endpoint);
2658  }
2659  }
2660  }
2661 
2662  msg(D_ROUTE, "TEST ROUTES: %d/%d succeeded len=%d ret=%d a=%d u/d=%s",
2663  good,
2664  count,
2665  len,
2666  (int)ret,
2667  ambig,
2668  adapter_up ? "up" : "down");
2669 
2670  gc_free(&gc);
2671  return ret;
2672 }
2673 
2674 static const MIB_IPFORWARDROW *
2675 get_default_gateway_row(const MIB_IPFORWARDTABLE *routes)
2676 {
2677  struct gc_arena gc = gc_new();
2678  DWORD lowest_metric = MAXDWORD;
2679  const MIB_IPFORWARDROW *ret = NULL;
2680  int i;
2681  int best = -1;
2682 
2683  if (routes)
2684  {
2685  for (i = 0; i < routes->dwNumEntries; ++i)
2686  {
2687  const MIB_IPFORWARDROW *row = &routes->table[i];
2688  const in_addr_t net = ntohl(row->dwForwardDest);
2689  const in_addr_t mask = ntohl(row->dwForwardMask);
2690  const DWORD index = row->dwForwardIfIndex;
2691  const DWORD metric = row->dwForwardMetric1;
2692 
2693  dmsg(D_ROUTE_DEBUG, "GDGR: route[%d] %s/%s i=%d m=%d",
2694  i,
2695  print_in_addr_t((in_addr_t) net, 0, &gc),
2696  print_in_addr_t((in_addr_t) mask, 0, &gc),
2697  (int)index,
2698  (int)metric);
2699 
2700  if (!net && !mask && metric < lowest_metric)
2701  {
2702  ret = row;
2703  lowest_metric = metric;
2704  best = i;
2705  }
2706  }
2707  }
2708 
2709  dmsg(D_ROUTE_DEBUG, "GDGR: best=%d lm=%u", best, (unsigned int)lowest_metric);
2710 
2711  gc_free(&gc);
2712  return ret;
2713 }
2714 
2715 void
2717 {
2718  struct gc_arena gc = gc_new();
2719 
2720  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2721  const MIB_IPFORWARDTABLE *routes = get_windows_routing_table(&gc);
2722  const MIB_IPFORWARDROW *row = get_default_gateway_row(routes);
2723  DWORD a_index;
2724  const IP_ADAPTER_INFO *ai;
2725 
2726  CLEAR(*rgi);
2727 
2728  if (row)
2729  {
2730  rgi->gateway.addr = ntohl(row->dwForwardNextHop);
2731  if (rgi->gateway.addr)
2732  {
2733  rgi->flags |= RGI_ADDR_DEFINED;
2734  a_index = adapter_index_of_ip(adapters, rgi->gateway.addr, NULL, &rgi->gateway.netmask);
2735  if (a_index != TUN_ADAPTER_INDEX_INVALID)
2736  {
2737  rgi->adapter_index = a_index;
2739  ai = get_adapter(adapters, a_index);
2740  if (ai)
2741  {
2742  memcpy(rgi->hwaddr, ai->Address, 6);
2743  rgi->flags |= RGI_HWADDR_DEFINED;
2744  }
2745  }
2746  }
2747  }
2748 
2749  gc_free(&gc);
2750 }
2751 
2752 static DWORD
2753 windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt)
2754 {
2755  struct gc_arena gc = gc_new();
2756  DWORD ret = TUN_ADAPTER_INDEX_INVALID;
2757  int count = 0;
2758  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2759  const IP_ADAPTER_INFO *tun_adapter = get_tun_adapter(tt, adapters);
2760  bool on_tun = false;
2761 
2762  /* first test on tun interface */
2763  if (is_ip_in_adapter_subnet(tun_adapter, r->gateway, NULL))
2764  {
2765  ret = tun_adapter->Index;
2766  count = 1;
2767  on_tun = true;
2768  }
2769  else /* test on other interfaces */
2770  {
2771  count = test_route(adapters, r->gateway, &ret);
2772  }
2773 
2774  if (count == 0)
2775  {
2776  msg(M_WARN, "Warning: route gateway is not reachable on any active network adapters: %s",
2777  print_in_addr_t(r->gateway, 0, &gc));
2779  }
2780  else if (count > 1)
2781  {
2782  msg(M_WARN, "Warning: route gateway is ambiguous: %s (%d matches)",
2783  print_in_addr_t(r->gateway, 0, &gc),
2784  count);
2785  }
2786 
2787  dmsg(D_ROUTE_DEBUG, "DEBUG: route find if: on_tun=%d count=%d index=%d",
2788  on_tun,
2789  count,
2790  (int)ret);
2791 
2792  gc_free(&gc);
2793  return ret;
2794 }
2795 
2796 /* IPv6 implementation using GetBestRoute2()
2797  * (TBD: dynamic linking so the binary can still run on XP?)
2798  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa365922(v=vs.85).aspx
2799  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa814411(v=vs.85).aspx
2800  */
2801 void
2803  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
2804 {
2805  struct gc_arena gc = gc_new();
2806  MIB_IPFORWARD_ROW2 BestRoute;
2807  SOCKADDR_INET DestinationAddress, BestSourceAddress;
2808  DWORD BestIfIndex;
2809  DWORD status;
2810  NET_LUID InterfaceLuid;
2811 
2812  CLEAR(*rgi6);
2813  CLEAR(InterfaceLuid); /* cleared = not used for lookup */
2814  CLEAR(DestinationAddress);
2815 
2816  DestinationAddress.si_family = AF_INET6;
2817  if (dest)
2818  {
2819  DestinationAddress.Ipv6.sin6_addr = *dest;
2820  }
2821 
2822  status = GetBestInterfaceEx( &DestinationAddress, &BestIfIndex );
2823 
2824  if (status != NO_ERROR)
2825  {
2826  msg(D_ROUTE, "NOTE: GetBestInterfaceEx returned error: %s (code=%u)",
2827  strerror_win32(status, &gc),
2828  (unsigned int)status);
2829  goto done;
2830  }
2831 
2832  msg( D_ROUTE, "GetBestInterfaceEx() returned if=%d", (int) BestIfIndex );
2833 
2834  status = GetBestRoute2( &InterfaceLuid, BestIfIndex, NULL,
2835  &DestinationAddress, 0,
2836  &BestRoute, &BestSourceAddress );
2837 
2838  if (status != NO_ERROR)
2839  {
2840  msg(D_ROUTE, "NOTE: GetIpForwardEntry2 returned error: %s (code=%u)",
2841  strerror_win32(status, &gc),
2842  (unsigned int)status);
2843  goto done;
2844  }
2845 
2846  msg( D_ROUTE, "GDG6: II=%lu DP=%s/%d NH=%s",
2847  BestRoute.InterfaceIndex,
2848  print_in6_addr( BestRoute.DestinationPrefix.Prefix.Ipv6.sin6_addr, 0, &gc),
2849  BestRoute.DestinationPrefix.PrefixLength,
2850  print_in6_addr( BestRoute.NextHop.Ipv6.sin6_addr, 0, &gc) );
2851  msg( D_ROUTE, "GDG6: Metric=%d, Loopback=%d, AA=%d, I=%d",
2852  (int) BestRoute.Metric,
2853  (int) BestRoute.Loopback,
2854  (int) BestRoute.AutoconfigureAddress,
2855  (int) BestRoute.Immortal );
2856 
2857  rgi6->gateway.addr_ipv6 = BestRoute.NextHop.Ipv6.sin6_addr;
2858  rgi6->adapter_index = BestRoute.InterfaceIndex;
2860 
2861  /* on-link is signalled by receiving an empty (::) NextHop */
2862  if (IN6_IS_ADDR_UNSPECIFIED(&BestRoute.NextHop.Ipv6.sin6_addr) )
2863  {
2864  rgi6->flags |= RGI_ON_LINK;
2865  }
2866 
2867 done:
2868  gc_free(&gc);
2869 }
2870 
2871 bool
2872 add_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index)
2873 {
2874  struct gc_arena gc = gc_new();
2875  bool ret = false;
2876  DWORD status;
2877  const DWORD if_index = (adapter_index == TUN_ADAPTER_INDEX_INVALID) ? windows_route_find_if_index(r, tt) : adapter_index;
2878 
2879  if (if_index != TUN_ADAPTER_INDEX_INVALID)
2880  {
2881  MIB_IPFORWARDROW fr;
2882  CLEAR(fr);
2883  fr.dwForwardDest = htonl(r->network);
2884  fr.dwForwardMask = htonl(r->netmask);
2885  fr.dwForwardPolicy = 0;
2886  fr.dwForwardNextHop = htonl(r->gateway);
2887  fr.dwForwardIfIndex = if_index;
2888  fr.dwForwardType = 4; /* the next hop is not the final dest */
2889  fr.dwForwardProto = 3; /* PROTO_IP_NETMGMT */
2890  fr.dwForwardAge = 0;
2891  fr.dwForwardNextHopAS = 0;
2892  fr.dwForwardMetric1 = (r->flags & RT_METRIC_DEFINED) ? r->metric : 1;
2893  fr.dwForwardMetric2 = METRIC_NOT_USED;
2894  fr.dwForwardMetric3 = METRIC_NOT_USED;
2895  fr.dwForwardMetric4 = METRIC_NOT_USED;
2896  fr.dwForwardMetric5 = METRIC_NOT_USED;
2897 
2898  if ((r->network & r->netmask) != r->network)
2899  {
2900  msg(M_WARN, "Warning: address %s is not a network address in relation to netmask %s",
2901  print_in_addr_t(r->network, 0, &gc),
2902  print_in_addr_t(r->netmask, 0, &gc));
2903  }
2904 
2905  status = CreateIpForwardEntry(&fr);
2906 
2907  if (status == NO_ERROR)
2908  {
2909  ret = true;
2910  }
2911  else
2912  {
2913  /* failed, try increasing the metric to work around Vista issue */
2914  const unsigned int forward_metric_limit = 2048; /* iteratively retry higher metrics up to this limit */
2915 
2916  for (; fr.dwForwardMetric1 <= forward_metric_limit; ++fr.dwForwardMetric1)
2917  {
2918  /* try a different forward type=3 ("the next hop is the final dest") in addition to 4.
2919  * --redirect-gateway over RRAS seems to need this. */
2920  for (fr.dwForwardType = 4; fr.dwForwardType >= 3; --fr.dwForwardType)
2921  {
2922  status = CreateIpForwardEntry(&fr);
2923  if (status == NO_ERROR)
2924  {
2925  msg(D_ROUTE, "ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=%u and dwForwardType=%u",
2926  (unsigned int)fr.dwForwardMetric1,
2927  (unsigned int)fr.dwForwardType);
2928  ret = true;
2929  goto doublebreak;
2930  }
2931  else if (status != ERROR_BAD_ARGUMENTS)
2932  {
2933  goto doublebreak;
2934  }
2935  }
2936  }
2937 
2938 doublebreak:
2939  if (status != NO_ERROR)
2940  {
2941  msg(M_WARN, "ROUTE: route addition failed using CreateIpForwardEntry: %s [status=%u if_index=%u]",
2942  strerror_win32(status, &gc),
2943  (unsigned int)status,
2944  (unsigned int)if_index);
2945  }
2946  }
2947  }
2948 
2949  gc_free(&gc);
2950  return ret;
2951 }
2952 
2953 bool
2954 del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt)
2955 {
2956  struct gc_arena gc = gc_new();
2957  bool ret = false;
2958  DWORD status;
2959  const DWORD if_index = windows_route_find_if_index(r, tt);
2960 
2961  if (if_index != TUN_ADAPTER_INDEX_INVALID)
2962  {
2963  MIB_IPFORWARDROW fr;
2964  CLEAR(fr);
2965 
2966  fr.dwForwardDest = htonl(r->network);
2967  fr.dwForwardMask = htonl(r->netmask);
2968  fr.dwForwardPolicy = 0;
2969  fr.dwForwardNextHop = htonl(r->gateway);
2970  fr.dwForwardIfIndex = if_index;
2971 
2972  status = DeleteIpForwardEntry(&fr);
2973 
2974  if (status == NO_ERROR)
2975  {
2976  ret = true;
2977  }
2978  else
2979  {
2980  msg(M_WARN, "ROUTE: route deletion failed using DeleteIpForwardEntry: %s",
2981  strerror_win32(status, &gc));
2982  }
2983  }
2984 
2985  gc_free(&gc);
2986  return ret;
2987 }
2988 
2989 static bool
2990 do_route_service(const bool add, const route_message_t *rt, const size_t size, HANDLE pipe)
2991 {
2992  bool ret = false;
2993  ack_message_t ack;
2994  struct gc_arena gc = gc_new();
2995 
2996  if (!send_msg_iservice(pipe, rt, size, &ack, "ROUTE"))
2997  {
2998  goto out;
2999  }
3000 
3001  if (ack.error_number != NO_ERROR)
3002  {
3003  msg(M_WARN, "ROUTE: route %s failed using service: %s [status=%u if_index=%d]",
3004  (add ? "addition" : "deletion"), strerror_win32(ack.error_number, &gc),
3005  ack.error_number, rt->iface.index);
3006  goto out;
3007  }
3008 
3009  ret = true;
3010 
3011 out:
3012  gc_free(&gc);
3013  return ret;
3014 }
3015 
3016 static bool
3017 do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt)
3018 {
3019  DWORD if_index = windows_route_find_if_index(r, tt);
3020  if (if_index == ~0)
3021  {
3022  return false;
3023  }
3024 
3025  route_message_t msg = {
3026  .header = {
3027  (add ? msg_add_route : msg_del_route),
3028  sizeof(route_message_t),
3029  0
3030  },
3031  .family = AF_INET,
3032  .prefix.ipv4.s_addr = htonl(r->network),
3033  .gateway.ipv4.s_addr = htonl(r->gateway),
3034  .iface = { .index = if_index, .name = "" },
3035  .metric = (r->flags & RT_METRIC_DEFINED ? r->metric : -1)
3036  };
3037 
3039  if (msg.prefix_len == -1)
3040  {
3041  msg.prefix_len = 32;
3042  }
3043 
3044  return do_route_service(add, &msg, sizeof(msg), tt->options.msg_channel);
3045 }
3046 
3047 static bool
3048 do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct tuntap *tt)
3049 {
3050  bool status;
3051  route_message_t msg = {
3052  .header = {
3053  (add ? msg_add_route : msg_del_route),
3054  sizeof(route_message_t),
3055  0
3056  },
3057  .family = AF_INET6,
3058  .prefix.ipv6 = r->network,
3059  .prefix_len = r->netbits,
3060  .gateway.ipv6 = r->gateway,
3061  .iface = { .index = tt->adapter_index, .name = "" },
3062  .metric = ( (r->flags & RT_METRIC_DEFINED) ? r->metric : -1)
3063  };
3064 
3065  if (r->adapter_index) /* vpn server special route */
3066  {
3067  msg.iface.index = r->adapter_index;
3068  }
3069 
3070  /* In TUN mode we use a special link-local address as the next hop.
3071  * The tapdrvr knows about it and will answer neighbor discovery packets.
3072  * (only do this for routes actually using the tun/tap device)
3073  */
3074  if (tt->type == DEV_TYPE_TUN
3075  && msg.iface.index == tt->adapter_index)
3076  {
3077  inet_pton(AF_INET6, "fe80::8", &msg.gateway.ipv6);
3078  }
3079 
3081  {
3082  strncpy(msg.iface.name, tt->actual_name, sizeof(msg.iface.name));
3083  msg.iface.name[sizeof(msg.iface.name) - 1] = '\0';
3084  }
3085 
3086  status = do_route_service(add, &msg, sizeof(msg), tt->options.msg_channel);
3087  msg(D_ROUTE, "IPv6 route %s via service %s",
3088  add ? "addition" : "deletion",
3089  status ? "succeeded" : "failed");
3090  return status;
3091 }
3092 
3093 static bool
3094 add_route_service(const struct route_ipv4 *r, const struct tuntap *tt)
3095 {
3096  return do_route_ipv4_service(true, r, tt);
3097 }
3098 
3099 static bool
3100 del_route_service(const struct route_ipv4 *r, const struct tuntap *tt)
3101 {
3102  return do_route_ipv4_service(false, r, tt);
3103 }
3104 
3105 static bool
3106 add_route_ipv6_service(const struct route_ipv6 *r, const struct tuntap *tt)
3107 {
3108  return do_route_ipv6_service(true, r, tt);
3109 }
3110 
3111 static bool
3112 del_route_ipv6_service(const struct route_ipv6 *r, const struct tuntap *tt)
3113 {
3114  return do_route_ipv6_service(false, r, tt);
3115 }
3116 
3117 static const char *
3118 format_route_entry(const MIB_IPFORWARDROW *r, struct gc_arena *gc)
3119 {
3120  struct buffer out = alloc_buf_gc(256, gc);
3121  buf_printf(&out, "%s %s %s p=%d i=%d t=%d pr=%d a=%d h=%d m=%d/%d/%d/%d/%d",
3122  print_in_addr_t(r->dwForwardDest, IA_NET_ORDER, gc),
3123  print_in_addr_t(r->dwForwardMask, IA_NET_ORDER, gc),
3124  print_in_addr_t(r->dwForwardNextHop, IA_NET_ORDER, gc),
3125  (int)r->dwForwardPolicy,
3126  (int)r->dwForwardIfIndex,
3127  (int)r->dwForwardType,
3128  (int)r->dwForwardProto,
3129  (int)r->dwForwardAge,
3130  (int)r->dwForwardNextHopAS,
3131  (int)r->dwForwardMetric1,
3132  (int)r->dwForwardMetric2,
3133  (int)r->dwForwardMetric3,
3134  (int)r->dwForwardMetric4,
3135  (int)r->dwForwardMetric5);
3136  return BSTR(&out);
3137 }
3138 
3139 /*
3140  * Show current routing table
3141  */
3142 void
3143 show_routes(int msglev)
3144 {
3145  struct gc_arena gc = gc_new();
3146  int i;
3147 
3148  const MIB_IPFORWARDTABLE *rt = get_windows_routing_table(&gc);
3149 
3150  msg(msglev, "SYSTEM ROUTING TABLE");
3151  if (rt)
3152  {
3153  for (i = 0; i < rt->dwNumEntries; ++i)
3154  {
3155  msg(msglev, "%s", format_route_entry(&rt->table[i], &gc));
3156  }
3157  }
3158  gc_free(&gc);
3159 }
3160 
3161 #elif defined(TARGET_LINUX) || defined(TARGET_ANDROID)
3162 
3163 void
3165 {
3166  struct gc_arena gc = gc_new();
3167  int sd = -1;
3168  char best_name[IFNAMSIZ];
3169 
3170  CLEAR(*rgi);
3171  CLEAR(best_name);
3172 
3173 #ifndef TARGET_ANDROID
3174  /* get default gateway IP addr */
3175  if (net_route_v4_best_gw(ctx, NULL, 0, &rgi->gateway.addr, best_name) == 0)
3176  {
3177  rgi->flags |= RGI_ADDR_DEFINED;
3178  if (!rgi->gateway.addr && best_name[0])
3179  {
3180  rgi->flags |= RGI_ON_LINK;
3181  }
3182  }
3183 #else /* ifndef TARGET_ANDROID */
3184  /* Android, set some pseudo GW, addr is in host byte order,
3185  * Determining the default GW on Android 5.0+ is non trivial
3186  * and serves almost no purpose since OpenVPN only uses the
3187  * default GW address to add routes for networks that should
3188  * NOT be routed over the VPN. Using a well known address
3189  * (127.'d'.'g'.'w') for the default GW make detecting
3190  * these routes easier from the controlling app.
3191  */
3192  rgi->gateway.addr = 127 << 24 | 'd' << 16 | 'g' << 8 | 'w';
3193  rgi->flags |= RGI_ADDR_DEFINED;
3194  strcpy(best_name, "android-gw");
3195 
3196  /*
3197  * Skip scanning/fetching interface from loopback interface
3198  * It always fails and "ioctl(SIOCGIFCONF) failed" confuses users
3199  */
3200  goto done;
3201 #endif /* ifndef TARGET_ANDROID */
3202 
3203  /* scan adapter list */
3204  if (rgi->flags & RGI_ADDR_DEFINED)
3205  {
3206  struct ifreq *ifr, *ifend;
3207  in_addr_t addr, netmask;
3208  struct ifreq ifreq;
3209  struct ifconf ifc;
3210  struct ifreq ifs[20]; /* Maximum number of interfaces to scan */
3211 
3212  if ((sd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
3213  {
3214  msg(M_WARN, "GDG: socket() failed");
3215  goto done;
3216  }
3217  ifc.ifc_len = sizeof(ifs);
3218  ifc.ifc_req = ifs;
3219  if (ioctl(sd, SIOCGIFCONF, &ifc) < 0)
3220  {
3221  msg(M_WARN, "GDG: ioctl(SIOCGIFCONF) failed");
3222  goto done;
3223  }
3224 
3225  /* scan through interface list */
3226  ifend = ifs + (ifc.ifc_len / sizeof(struct ifreq));
3227  for (ifr = ifc.ifc_req; ifr < ifend; ifr++)
3228  {
3229  if (ifr->ifr_addr.sa_family == AF_INET)
3230  {
3231  /* get interface addr */
3232  addr = ntohl(((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr);
3233 
3234  /* get interface name */
3235  strncpynt(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name));
3236 
3237  /* check that the interface is up */
3238  if (ioctl(sd, SIOCGIFFLAGS, &ifreq) < 0)
3239  {
3240  continue;
3241  }
3242  if (!(ifreq.ifr_flags & IFF_UP))
3243  {
3244  continue;
3245  }
3246 
3247  if (rgi->flags & RGI_ON_LINK)
3248  {
3249  /* check that interface name of current interface
3250  * matches interface name of best default route */
3251  if (strcmp(ifreq.ifr_name, best_name))
3252  {
3253  continue;
3254  }
3255 #if 0
3256  /* if point-to-point link, use remote addr as route gateway */
3257  if ((ifreq.ifr_flags & IFF_POINTOPOINT) && ioctl(sd, SIOCGIFDSTADDR, &ifreq) >= 0)
3258  {
3259  rgi->gateway.addr = ntohl(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr);
3260  if (rgi->gateway.addr)
3261  {
3262  rgi->flags &= ~RGI_ON_LINK;
3263  }
3264  }
3265 #endif
3266  }
3267  else
3268  {
3269  /* get interface netmask */
3270  if (ioctl(sd, SIOCGIFNETMASK, &ifreq) < 0)
3271  {
3272  continue;
3273  }
3274  netmask = ntohl(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr);
3275 
3276  /* check that interface matches default route */
3277  if (((rgi->gateway.addr ^ addr) & netmask) != 0)
3278  {
3279  continue;
3280  }
3281 
3282  /* save netmask */
3283  rgi->gateway.netmask = netmask;
3284  rgi->flags |= RGI_NETMASK_DEFINED;
3285  }
3286 
3287  /* save iface name */
3288  strncpynt(rgi->iface, ifreq.ifr_name, sizeof(rgi->iface));
3289  rgi->flags |= RGI_IFACE_DEFINED;
3290 
3291  /* now get the hardware address. */
3292  memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
3293  if (ioctl(sd, SIOCGIFHWADDR, &ifreq) < 0)
3294  {
3295  msg(M_WARN, "GDG: SIOCGIFHWADDR(%s) failed", ifreq.ifr_name);
3296  goto done;
3297  }
3298  memcpy(rgi->hwaddr, &ifreq.ifr_hwaddr.sa_data, 6);
3299  rgi->flags |= RGI_HWADDR_DEFINED;
3300 
3301  break;
3302  }
3303  }
3304  }
3305 
3306 done:
3307  if (sd >= 0)
3308  {
3309  close(sd);
3310  }
3311  gc_free(&gc);
3312 }
3313 
3314 /* IPv6 implementation using netlink
3315  * http://www.linuxjournal.com/article/7356
3316  * netlink(3), netlink(7), rtnetlink(7)
3317  * http://www.virtualbox.org/svn/vbox/trunk/src/VBox/NetworkServices/NAT/rtmon_linux.c
3318  */
3319 struct rtreq {
3320  struct nlmsghdr nh;
3321  struct rtmsg rtm;
3322  char attrbuf[512];
3323 };
3324 
3325 void
3327  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
3328 {
3329  int flags;
3330 
3331  CLEAR(*rgi6);
3332 
3333  if (net_route_v6_best_gw(ctx, dest, 0, &rgi6->gateway.addr_ipv6,
3334  rgi6->iface) == 0)
3335  {
3336  if (!IN6_IS_ADDR_UNSPECIFIED(rgi6->gateway.addr_ipv6.s6_addr))
3337  {
3338  rgi6->flags |= RGI_ADDR_DEFINED;
3339  }
3340 
3341  if (rgi6->iface)
3342  {
3343  rgi6->flags |= RGI_IFACE_DEFINED;
3344  }
3345  }
3346 
3347  /* if we have an interface but no gateway, the destination is on-link */
3348  flags = rgi6->flags & (RGI_IFACE_DEFINED | RGI_ADDR_DEFINED);
3349  if (flags == RGI_IFACE_DEFINED)
3350  {
3351  rgi6->flags |= (RGI_ADDR_DEFINED | RGI_ON_LINK);
3352  if (dest)
3353  {
3354  rgi6->gateway.addr_ipv6 = *dest;
3355  }
3356  }
3357 }
3358 
3359 #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \
3360  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
3361  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
3362 
3363 #include <sys/types.h>
3364 #include <sys/socket.h>
3365 #include <netinet/in.h>
3366 #include <net/route.h>
3367 #include <net/if_dl.h>
3368 
3369 struct rtmsg {
3370  struct rt_msghdr m_rtm;
3371  char m_space[512];
3372 };
3373 
3374 /* the route socket code is identical for all 4 supported BSDs and for
3375  * MacOS X (Darwin), with one crucial difference: when going from
3376  * 32 bit to 64 bit, the BSDs increased the structure size but kept
3377  * source code compatibility by keeping the use of "long", while
3378  * MacOS X decided to keep binary compatibility by *changing* the API
3379  * to use "uint32_t", thus 32 bit on all OS X variants
3380  *
3381  * We used to have a large amount of duplicate code here which really
3382  * differed only in this (long) vs. (uint32_t) - IMHO, worse than
3383  * having a combined block for all BSDs with this single #ifdef inside
3384  */
3385 
3386 #if defined(TARGET_DARWIN)
3387 #define ROUNDUP(a) \
3388  ((a) > 0 ? (1 + (((a) - 1) | (sizeof(uint32_t) - 1))) : sizeof(uint32_t))
3389 #else
3390 #define ROUNDUP(a) \
3391  ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
3392 #endif
3393 
3394 #if defined(TARGET_SOLARIS)
3395 #define NEXTADDR(w, u) \
3396  if (rtm_addrs & (w)) { \
3397  l = ROUNDUP(sizeof(u)); memmove(cp, &(u), l); cp += l; \
3398  }
3399 
3400 #define ADVANCE(x, n) (x += ROUNDUP(sizeof(struct sockaddr_in)))
3401 #else /* if defined(TARGET_SOLARIS) */
3402 #define NEXTADDR(w, u) \
3403  if (rtm_addrs & (w)) { \
3404  l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \
3405  }
3406 
3407 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
3408 #endif
3409 
3410 #define max(a,b) ((a) > (b) ? (a) : (b))
3411 
3412 void
3414 {
3415  struct gc_arena gc = gc_new();
3416  struct rtmsg m_rtmsg;
3417  int sockfd = -1;
3418  int seq, l, pid, rtm_addrs;
3419  unsigned int i;
3420  struct sockaddr so_dst, so_mask;
3421  char *cp = m_rtmsg.m_space;
3422  struct sockaddr *gate = NULL, *ifp = NULL, *sa;
3423  struct rt_msghdr *rtm_aux;
3424 
3425 #define rtm m_rtmsg.m_rtm
3426 
3427  CLEAR(*rgi);
3428 
3429  /* setup data to send to routing socket */
3430  pid = getpid();
3431  seq = 0;
3432  rtm_addrs = RTA_DST | RTA_NETMASK | RTA_IFP;
3433 
3434  bzero(&m_rtmsg, sizeof(m_rtmsg));
3435  bzero(&so_dst, sizeof(so_dst));
3436  bzero(&so_mask, sizeof(so_mask));
3437  bzero(&rtm, sizeof(struct rt_msghdr));
3438 
3439  rtm.rtm_type = RTM_GET;
3440  rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
3441  rtm.rtm_version = RTM_VERSION;
3442  rtm.rtm_seq = ++seq;
3443 #ifdef TARGET_OPENBSD
3444  rtm.rtm_tableid = getrtable();
3445 #endif
3446  rtm.rtm_addrs = rtm_addrs;
3447 
3448  so_dst.sa_family = AF_INET;
3449  so_mask.sa_family = AF_INET;
3450 
3451 #ifndef TARGET_SOLARIS
3452  so_dst.sa_len = sizeof(struct sockaddr_in);
3453  so_mask.sa_len = sizeof(struct sockaddr_in);
3454 #endif
3455 
3456  NEXTADDR(RTA_DST, so_dst);
3457  NEXTADDR(RTA_NETMASK, so_mask);
3458 
3459  rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
3460 
3461  /* transact with routing socket */
3462  sockfd = socket(PF_ROUTE, SOCK_RAW, 0);
3463  if (sockfd < 0)
3464  {
3465  msg(M_WARN, "GDG: socket #1 failed");
3466  goto done;
3467  }
3468  if (write(sockfd, (char *)&m_rtmsg, l) < 0)
3469  {
3470  msg(M_WARN, "GDG: problem writing to routing socket");
3471  goto done;
3472  }
3473  do
3474  {
3475  l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
3476  } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
3477  close(sockfd);
3478  sockfd = -1;
3479 
3480  /* extract return data from routing socket */
3481  rtm_aux = &rtm;
3482  cp = ((char *)(rtm_aux + 1));
3483  if (rtm_aux->rtm_addrs)
3484  {
3485  for (i = 1; i; i <<= 1)
3486  {
3487  if (i & rtm_aux->rtm_addrs)
3488  {
3489  sa = (struct sockaddr *)cp;
3490  if (i == RTA_GATEWAY)
3491  {
3492  gate = sa;
3493  }
3494  else if (i == RTA_IFP)
3495  {
3496  ifp = sa;
3497  }
3498  ADVANCE(cp, sa);
3499  }
3500  }
3501  }
3502  else
3503  {
3504  goto done;
3505  }
3506 
3507  /* get gateway addr and interface name */
3508  if (gate != NULL)
3509  {
3510  /* get default gateway addr */
3511  rgi->gateway.addr = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
3512  if (rgi->gateway.addr)
3513  {
3514  rgi->flags |= RGI_ADDR_DEFINED;
3515  }
3516 
3517  if (ifp)
3518  {
3519  /* get interface name */
3520  const struct sockaddr_dl *adl = (struct sockaddr_dl *) ifp;
3521  if (adl->sdl_nlen && adl->sdl_nlen < sizeof(rgi->iface))
3522  {
3523  memcpy(rgi->iface, adl->sdl_data, adl->sdl_nlen);
3524  rgi->iface[adl->sdl_nlen] = '\0';
3525  rgi->flags |= RGI_IFACE_DEFINED;
3526  }
3527  }
3528  }
3529 
3530  /* get netmask of interface that owns default gateway */
3531  if (rgi->flags & RGI_IFACE_DEFINED)
3532  {
3533  struct ifreq ifr;
3534 
3535  sockfd = socket(AF_INET, SOCK_DGRAM, 0);
3536  if (sockfd < 0)
3537  {
3538  msg(M_WARN, "GDG: socket #2 failed");
3539  goto done;
3540  }
3541 
3542  CLEAR(ifr);
3543  ifr.ifr_addr.sa_family = AF_INET;
3544  strncpynt(ifr.ifr_name, rgi->iface, IFNAMSIZ);
3545 
3546  if (ioctl(sockfd, SIOCGIFNETMASK, (char *)&ifr) < 0)
3547  {
3548  msg(M_WARN, "GDG: ioctl #1 failed");
3549  goto done;
3550  }
3551  close(sockfd);
3552  sockfd = -1;
3553 
3554  rgi->gateway.netmask = ntohl(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr);
3555  rgi->flags |= RGI_NETMASK_DEFINED;
3556  }
3557 
3558  /* try to read MAC addr associated with interface that owns default gateway */
3559  if (rgi->flags & RGI_IFACE_DEFINED)
3560  {
3561  struct ifconf ifc;
3562  struct ifreq *ifr;
3563  const int bufsize = 4096;
3564  char *buffer;
3565 
3566  buffer = (char *) gc_malloc(bufsize, true, &gc);
3567  sockfd = socket(AF_INET, SOCK_DGRAM, 0);
3568  if (sockfd < 0)
3569  {
3570  msg(M_WARN, "GDG: socket #3 failed");
3571  goto done;
3572  }
3573 
3574  ifc.ifc_len = bufsize;
3575  ifc.ifc_buf = buffer;
3576 
3577  if (ioctl(sockfd, SIOCGIFCONF, (char *)&ifc) < 0)
3578  {
3579  msg(M_WARN, "GDG: ioctl #2 failed");
3580  goto done;
3581  }
3582  close(sockfd);
3583  sockfd = -1;
3584 
3585  for (cp = buffer; cp <= buffer + ifc.ifc_len - sizeof(struct ifreq); )
3586  {
3587  ifr = (struct ifreq *)cp;
3588 #if defined(TARGET_SOLARIS)
3589  const size_t len = sizeof(ifr->ifr_name) + sizeof(ifr->ifr_addr);
3590 #else
3591  const size_t len = sizeof(ifr->ifr_name) + max(sizeof(ifr->ifr_addr), ifr->ifr_addr.sa_len);
3592 #endif
3593 
3594  if (!ifr->ifr_addr.sa_family)
3595  {
3596  break;
3597  }
3598  if (!strncmp(ifr->ifr_name, rgi->iface, IFNAMSIZ))
3599  {
3600  if (ifr->ifr_addr.sa_family == AF_LINK)
3601  {
3602  struct sockaddr_dl *sdl = (struct sockaddr_dl *)&ifr->ifr_addr;
3603  memcpy(rgi->hwaddr, LLADDR(sdl), 6);
3604  rgi->flags |= RGI_HWADDR_DEFINED;
3605  }
3606  }
3607  cp += len;
3608  }
3609  }
3610 
3611 done:
3612  if (sockfd >= 0)
3613  {
3614  close(sockfd);
3615  }
3616  gc_free(&gc);
3617 }
3618 
3619 /* BSD implementation using routing socket (as does IPv4)
3620  * (the code duplication is somewhat unavoidable if we want this to
3621  * work on OpenSolaris as well. *sigh*)
3622  */
3623 
3624 /* Solaris has no length field - this is ugly, but less #ifdef in total
3625  */
3626 #if defined(TARGET_SOLARIS)
3627 #undef ADVANCE
3628 #define ADVANCE(x, n) (x += ROUNDUP(sizeof(struct sockaddr_in6)))
3629 #endif
3630 
3631 void
3633  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
3634 {
3635 
3636  struct rtmsg m_rtmsg;
3637  int sockfd = -1;
3638  int seq, l, pid, rtm_addrs;
3639  unsigned int i;
3640  struct sockaddr_in6 so_dst, so_mask;
3641  char *cp = m_rtmsg.m_space;
3642  struct sockaddr *gate = NULL, *ifp = NULL, *sa;
3643  struct rt_msghdr *rtm_aux;
3644 
3645  CLEAR(*rgi6);
3646 
3647  /* setup data to send to routing socket */
3648  pid = getpid();
3649  seq = 0;
3650  rtm_addrs = RTA_DST | RTA_NETMASK | RTA_IFP;
3651 
3652  bzero(&m_rtmsg, sizeof(m_rtmsg));
3653  bzero(&so_dst, sizeof(so_dst));
3654  bzero(&so_mask, sizeof(so_mask));
3655  bzero(&rtm, sizeof(struct rt_msghdr));
3656 
3657  rtm.rtm_type = RTM_GET;
3658  rtm.rtm_flags = RTF_UP;
3659  rtm.rtm_version = RTM_VERSION;
3660  rtm.rtm_seq = ++seq;
3661 #ifdef TARGET_OPENBSD
3662  rtm.rtm_tableid = getrtable();
3663 #endif
3664 
3665  so_dst.sin6_family = AF_INET6;
3666  so_mask.sin6_family = AF_INET6;
3667 
3668  if (dest != NULL /* specific host? */
3669  && !IN6_IS_ADDR_UNSPECIFIED(dest) )
3670  {
3671  so_dst.sin6_addr = *dest;
3672  /* :: needs /0 "netmask", host route wants "no netmask */
3673  rtm_addrs &= ~RTA_NETMASK;
3674  }
3675 
3676  rtm.rtm_addrs = rtm_addrs;
3677 
3678 #ifndef TARGET_SOLARIS
3679  so_dst.sin6_len = sizeof(struct sockaddr_in6);
3680  so_mask.sin6_len = sizeof(struct sockaddr_in6);
3681 #endif
3682 
3683  NEXTADDR(RTA_DST, so_dst);
3684  NEXTADDR(RTA_NETMASK, so_mask);
3685 
3686  rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
3687 
3688  /* transact with routing socket */
3689  sockfd = socket(PF_ROUTE, SOCK_RAW, 0);
3690  if (sockfd < 0)
3691  {
3692  msg(M_WARN, "GDG6: socket #1 failed");
3693  goto done;
3694  }
3695  if (write(sockfd, (char *)&m_rtmsg, l) < 0)
3696  {
3697  msg(M_WARN, "GDG6: problem writing to routing socket");
3698  goto done;
3699  }
3700 
3701  do
3702  {
3703  l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
3704  }
3705  while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
3706 
3707  close(sockfd);
3708  sockfd = -1;
3709 
3710  /* extract return data from routing socket */
3711  rtm_aux = &rtm;
3712  cp = ((char *)(rtm_aux + 1));
3713  if (rtm_aux->rtm_addrs)
3714  {
3715  for (i = 1; i; i <<= 1)
3716  {
3717  if (i & rtm_aux->rtm_addrs)
3718  {
3719  sa = (struct sockaddr *)cp;
3720  if (i == RTA_GATEWAY)
3721  {
3722  gate = sa;
3723  }
3724  else if (i == RTA_IFP)
3725  {
3726  ifp = sa;
3727  }
3728  ADVANCE(cp, sa);
3729  }
3730  }
3731  }
3732  else
3733  {
3734  goto done;
3735  }
3736 
3737  /* get gateway addr and interface name */
3738  if (gate != NULL)
3739  {
3740  struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)gate;
3741  struct in6_addr gw = s6->sin6_addr;
3742 
3743 #ifndef TARGET_SOLARIS
3744  /* You do not really want to know... from FreeBSD's route.c
3745  * (KAME encodes the 16 bit scope_id in s6_addr[2] + [3],
3746  * but for a correct link-local address these must be :0000: )
3747  */
3748  if (gate->sa_len == sizeof(struct sockaddr_in6)
3749  && IN6_IS_ADDR_LINKLOCAL(&gw) )
3750  {
3751  gw.s6_addr[2] = gw.s6_addr[3] = 0;
3752  }
3753 
3754  if (gate->sa_len != sizeof(struct sockaddr_in6)
3755  || IN6_IS_ADDR_UNSPECIFIED(&gw) )
3756  {
3757  rgi6->flags |= RGI_ON_LINK;
3758  }
3759  else
3760 #endif
3761 
3762  rgi6->gateway.addr_ipv6 = gw;
3763  rgi6->flags |= RGI_ADDR_DEFINED;
3764 
3765  if (ifp)
3766  {
3767  /* get interface name */
3768  const struct sockaddr_dl *adl = (struct sockaddr_dl *) ifp;
3769  if (adl->sdl_nlen && adl->sdl_nlen < sizeof(rgi6->iface))
3770  {
3771  memcpy(rgi6->iface, adl->sdl_data, adl->sdl_nlen);
3772  rgi6->flags |= RGI_IFACE_DEFINED;
3773  }
3774  }
3775  }
3776 
3777 done:
3778  if (sockfd >= 0)
3779  {
3780  close(sockfd);
3781  }
3782 }
3783 
3784 #undef max
3785 
3786 #else /* if defined(_WIN32) */
3787 
3788 /*
3789  * This is a platform-specific method that returns data about
3790  * the current default gateway. Return data is placed into
3791  * a struct route_gateway_info object provided by caller. The
3792  * implementation should CLEAR the structure before adding
3793  * data to it.
3794  *
3795  * Data returned includes:
3796  * 1. default gateway address (rgi->gateway.addr)
3797  * 2. netmask of interface that owns default gateway
3798  * (rgi->gateway.netmask)
3799  * 3. hardware address (i.e. MAC address) of interface that owns
3800  * default gateway (rgi->hwaddr)
3801  * 4. interface name (or adapter index on Windows) that owns default
3802  * gateway (rgi->iface or rgi->adapter_index)
3803  * 5. an array of additional address/netmask pairs defined by
3804  * interface that owns default gateway (rgi->addrs with length
3805  * given in rgi->n_addrs)
3806  *
3807  * The flags RGI_x_DEFINED may be used to indicate which of the data
3808  * members were successfully returned (set in rgi->flags). All of
3809  * the data members are optional, however certain OpenVPN functionality
3810  * may be disabled by missing items.
3811  */
3812 void
3814 {
3815  CLEAR(*rgi);
3816 }
3817 void
3819  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
3820 {
3821  msg(D_ROUTE, "no support for get_default_gateway_ipv6() on this system");
3822  CLEAR(*rgi6);
3823 }
3824 
3825 #endif /* if defined(_WIN32) */
3826 
3827 bool
3828 netmask_to_netbits(const in_addr_t network, const in_addr_t netmask, int *netbits)
3829 {
3830  int i;
3831  const int addrlen = sizeof(in_addr_t) * 8;
3832 
3833  if ((network & netmask) == network)
3834  {
3835  for (i = 0; i <= addrlen; ++i)
3836  {
3837  in_addr_t mask = netbits_to_netmask(i);
3838  if (mask == netmask)
3839  {
3840  if (i == addrlen)
3841  {
3842  *netbits = -1;
3843  }
3844  else
3845  {
3846  *netbits = i;
3847  }
3848  return true;
3849  }
3850  }
3851  }
3852  return false;
3853 }
3854 
3855 /* similar to netmask_to_netbits(), but don't mess with base address
3856  * etc., just convert to netbits - non-mappable masks are returned as "-1"
3857  */
3858 int
3860 {
3861  int i;
3862  const int addrlen = sizeof(in_addr_t) * 8;
3863 
3864  for (i = 0; i <= addrlen; ++i)
3865  {
3866  in_addr_t mask = netbits_to_netmask(i);
3867  if (mask == netmask)
3868  {
3869  return i;
3870  }
3871  }
3872  return -1;
3873 }
3874 
3875 
3876 /*
3877  * get_bypass_addresses() is used by the redirect-gateway bypass-x
3878  * functions to build a route bypass to selected DHCP/DNS servers,
3879  * so that outgoing packets to these servers don't end up in the tunnel.
3880  */
3881 
3882 #if defined(_WIN32)
3883 
3884 static void
3886 {
3887  if (test_local_addr(addr, NULL) == TLA_NONLOCAL && addr != 0 && addr != IPV4_NETMASK_HOST)
3888  {
3889  add_bypass_address(rb, addr);
3890  }
3891 }
3892 
3893 static void
3894 add_host_route_array(struct route_bypass *rb, const IP_ADDR_STRING *iplist)
3895 {
3896  while (iplist)
3897  {
3898  bool succeed = false;
3899  const in_addr_t ip = getaddr(GETADDR_HOST_ORDER, iplist->IpAddress.String, 0, &succeed, NULL);
3900  if (succeed)
3901  {
3903  }
3904  iplist = iplist->Next;
3905  }
3906 }
3907 
3908 static void
3909 get_bypass_addresses(struct route_bypass *rb, const unsigned int flags)
3910 {
3911  struct gc_arena gc = gc_new();
3912  /*bool ret_bool = false;*/
3913 
3914  /* get full routing table */
3915  const MIB_IPFORWARDTABLE *routes = get_windows_routing_table(&gc);
3916 
3917  /* get the route which represents the default gateway */
3918  const MIB_IPFORWARDROW *row = get_default_gateway_row(routes);
3919 
3920  if (row)
3921  {
3922  /* get the adapter which the default gateway is associated with */
3923  const IP_ADAPTER_INFO *dgi = get_adapter_info(row->dwForwardIfIndex, &gc);
3924 
3925  /* get extra adapter info, such as DNS addresses */
3926  const IP_PER_ADAPTER_INFO *pai = get_per_adapter_info(row->dwForwardIfIndex, &gc);
3927 
3928  /* Bypass DHCP server address */
3929  if ((flags & RG_BYPASS_DHCP) && dgi && dgi->DhcpEnabled)
3930  {
3931  add_host_route_array(rb, &dgi->DhcpServer);
3932  }
3933 
3934  /* Bypass DNS server addresses */
3935  if ((flags & RG_BYPASS_DNS) && pai)
3936  {
3937  add_host_route_array(rb, &pai->DnsServerList);
3938  }
3939  }
3940 
3941  gc_free(&gc);
3942 }
3943 
3944 #else /* if defined(_WIN32) */
3945 
3946 static void
3947 get_bypass_addresses(struct route_bypass *rb, const unsigned int flags) /* PLATFORM-SPECIFIC */
3948 {
3949 }
3950 
3951 #endif /* if defined(_WIN32) */
3952 
3953 /*
3954  * Test if addr is reachable via a local interface (return ILA_LOCAL),
3955  * or if it needs to be routed via the default gateway (return
3956  * ILA_NONLOCAL). If the target platform doesn't implement this
3957  * function, return ILA_NOT_IMPLEMENTED.
3958  *
3959  * Used by redirect-gateway autolocal feature
3960  */
3961 
3962 #if defined(_WIN32)
3963 
3964 int
3965 test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi)
3966 {
3967  struct gc_arena gc = gc_new();
3968  const in_addr_t nonlocal_netmask = 0x80000000L; /* routes with netmask <= to this are considered non-local */
3969  int ret = TLA_NONLOCAL;
3970 
3971  /* get full routing table */
3972  const MIB_IPFORWARDTABLE *rt = get_windows_routing_table(&gc);
3973  if (rt)
3974  {
3975  int i;
3976  for (i = 0; i < rt->dwNumEntries; ++i)
3977  {
3978  const MIB_IPFORWARDROW *row = &rt->table[i];
3979  const in_addr_t net = ntohl(row->dwForwardDest);
3980  const in_addr_t mask = ntohl(row->dwForwardMask);
3981  if (mask > nonlocal_netmask && (addr & mask) == net)
3982  {
3983  ret = TLA_LOCAL;
3984  break;
3985  }
3986  }
3987  }
3988 
3989  gc_free(&gc);
3990  return ret;
3991 }
3992 
3993 #else /* if defined(_WIN32) */
3994 
3995 int
3996 test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi) /* PLATFORM-SPECIFIC */
3997 {
3998  if (rgi)
3999  {
4000  if (local_route(addr, 0xFFFFFFFF, rgi->gateway.addr, rgi))
4001  {
4002  return TLA_LOCAL;
4003  }
4004  else
4005  {
4006  return TLA_NONLOCAL;
4007  }
4008  }
4009  return TLA_NOT_IMPLEMENTED;
4010 }
4011 
4012 #endif /* if defined(_WIN32) */
static bool del_route_service(const struct route_ipv4 *, const struct tuntap *)
Definition: route.c:3100
#define M_NONFATAL
Definition: error.h:95
#define RG_BYPASS_DNS
Definition: route.h:88
in_addr_t gateway
Definition: route.h:121
in_addr_t addr
Definition: route.h:142
static bool add_route_service(const struct route_ipv4 *, const struct tuntap *)
Definition: route.c:3094
struct route_gateway_address gateway
Definition: route.h:166
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
unsigned int spec_flags
Definition: route.h:218
Definition: tun.h:132
const IP_PER_ADAPTER_INFO * get_per_adapter_info(const DWORD index, struct gc_arena *gc)
Definition: tun.c:4051
struct route_bypass bypass
Definition: route.h:71
const IP_ADAPTER_INFO * get_adapter_info_list(struct gc_arena *gc)
Definition: tun.c:4024
struct in6_addr ipv6
Definition: openvpn-msg.h:52
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:440
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:525
static void print_route_option(const struct route_option *ro, int level)
Definition: route.c:1297
static void setenv_route_addr(struct env_set *es, const char *key, const in_addr_t addr, int i)
Definition: route.c:200
in_addr_t network
Definition: route.h:119
#define LR_ERROR
Definition: route.c:1501
#define D_ROUTE
Definition: errlevel.h:80
void gc_addspecial(void *addr, void(free_function)(void *), struct gc_arena *a)
Definition: buffer.c:477
#define RL_DID_LOCAL
Definition: route.h:204
static bool do_route_service(const bool add, const route_message_t *rt, const size_t size, HANDLE pipe)
Definition: route.c:2990
struct argv argv_new(void)
Definition: argv.c:52
void add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1186
static void del_route3(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:915
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition: socket.c:193
struct route_ipv6 * next
Definition: route.h:126
int n_bypass
Definition: route.h:56
unsigned int flags
Definition: route.h:66
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2992
void print_default_gateway(const int msglevel, const struct route_gateway_info *rgi, const struct route_ipv6_gateway_info *rgi6)
Definition: route.c:1323
#define M_INFO
Definition: errlevel.h:55
struct route_ipv6_option_list * new_route_ipv6_option_list(struct gc_arena *a)
Definition: route.c:120
void add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1546
static bool is_route_parm_defined(const char *parm)
Definition: route.c:186
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
unsigned int iflags
Definition: route.h:206
void check_subnet_conflict(const in_addr_t ip, const in_addr_t netmask, const char *prefix)
Definition: tun.c:425
#define dmsg
Definition: error.h:174
struct in6_addr remote_host_ipv6
Definition: route.h:220
void print_route_options(const struct route_option_list *rol, int level)
Definition: route.c:1307
struct in6_addr remote_endpoint_ipv6
Definition: route.h:219
static void setenv_route_ipv6(struct env_set *es, const struct route_ipv6 *r6, int i)
Definition: route.c:1450
struct route_option * routes
Definition: route.h:95
static void clear_route_list(struct route_list *rl)
Definition: route.c:518
unsigned int flags
Definition: route.h:127
void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
Definition: route.c:2802
in_addr_t bypass[N_ROUTE_BYPASS]
Definition: route.h:57
struct route_ipv6_option_list * clone_route_ipv6_option_list(const struct route_ipv6_option_list *src, struct gc_arena *a)
Definition: route.c:145
const IP_ADAPTER_INFO * get_tun_adapter(const struct tuntap *tt, const IP_ADAPTER_INFO *list)
Definition: tun.c:4242
bool netmask_to_netbits(const in_addr_t network, const in_addr_t netmask, int *netbits)
Definition: route.c:3828
static void clear_route_ipv6_list(struct route_ipv6_list *rl6)
Definition: route.c:525
void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
Definition: route.c:1470
static in_addr_t netbits_to_netmask(const int netbits)
Definition: route.h:377
in_addr_t netmask
Definition: route.h:143
static const MIB_IPFORWARDROW * get_default_gateway_row(const MIB_IPFORWARDTABLE *routes)
Definition: route.c:2675
const char * metric
Definition: route.h:103
static char * iface
static void add_bypass_routes(struct route_bypass *rb, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:934
#define RT_METRIC_DEFINED
Definition: route.h:115
void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l, const char *prefix, const char *gateway, const char *metric)
Definition: route.c:503
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:245
static int test_route(const IP_ADAPTER_INFO *adapters, const in_addr_t gateway, DWORD *index)
Definition: route.c:2584
#define RL_ROUTES_ADDED
Definition: route.h:205
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:285
#define in_addr_t
Definition: config-msvc.h:104
#define ROUTE_METHOD_SERVICE
Definition: route.h:43
struct route_gateway_info rgi
Definition: route.h:209
#define RL_DID_REDIRECT_DEFAULT_GATEWAY
Definition: route.h:203
static bool do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:3017
struct route_ipv6_gateway_info rgi6
Definition: route.h:223
const char * gateway
Definition: route.h:79
void * openvpn_net_ctx_t
Definition: networking.h:26
struct in6_addr network
Definition: route.h:128
struct route_ipv6_option * routes_ipv6
Definition: route.h:108
struct route_special_addr spec
Definition: route.h:208
bool test_routes(const struct route_list *rl, const struct tuntap *tt)
Definition: route.c:2627
#define ASSERT(x)
Definition: error.h:221
#define IA_NET_ORDER
Definition: socket.h:394
static const char * route_string(const struct route_ipv4 *r, struct gc_arena *gc)
Definition: route.c:170
static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:2136
#define snprintf
Definition: config-msvc.h:97
static bool route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host)
Definition: route.c:727
unsigned int flags
Definition: route.h:224
struct tuntap_options options
Definition: tun.h:145
const struct route_option * option
Definition: route.h:118
#define N_ROUTE_BYPASS
Definition: route.h:55
struct route_ipv6 * routes_ipv6
Definition: route.h:225
void argv_msg(const int msglev, const struct argv *a)
Definition: argv.c:206
unsigned int flags
Definition: route.h:210
static void print_route(const struct route_ipv4 *r, int level)
Definition: route.c:1398
static bool add_bypass_address(struct route_bypass *rb, const in_addr_t a)
Definition: route.c:89
#define LR_NOMATCH
Definition: route.c:1499
void netcmd_semaphore_lock(void)
Definition: win32.c:859
#define ALLOC_OBJ_GC(dptr, type, gc)
Definition: buffer.h:1082
static bool add_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *)
Definition: route.c:3106
int add(int a, int b)
list flags
#define fail()
Definition: cmocka.h:1531
#define RG_ENABLE
Definition: route.h:84
int inet_pton(int af, const char *src, void *dst)
#define WIN_ROUTE_PATH_SUFFIX
Definition: win32.h:35
#define RGI_NETMASK_DEFINED
Definition: route.h:148
unsigned int netbits
Definition: route.h:129
#define RT_ADDED
Definition: route.h:114
void setenv_routes(struct env_set *es, const struct route_list *rl)
Definition: route.c:1439
in_addr_t netmask
Definition: route.h:120
#define CLEAR(x)
Definition: basic.h:33
#define IPV4_INVALID_ADDR
Definition: socket.h:428
#define ROUTE_REF_GW
Definition: route.h:51
void get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx)
Definition: route.c:2716
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:299
bool is_ip_in_adapter_subnet(const IP_ADAPTER_INFO *ai, const in_addr_t ip, in_addr_t *highest_netmask)
Definition: tun.c:4300
#define TLA_NONLOCAL
Definition: route.h:342
#define RG_LOCAL
Definition: route.h:85
bool is_special_addr(const char *addr_str)
Definition: route.c:287
#define RGI_ON_LINK
Definition: route.h:152
inet_address_t gateway
Definition: openvpn-msg.h:73
bool init_route_list(struct route_list *rl, const struct route_option_list *opt, const char *remote_endpoint, int default_metric, in_addr_t remote_host, struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:607
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
static void add_block_local(struct route_list *rl)
Definition: route.c:574
bool did_ifconfig_setup
Definition: tun.h:140
static bool is_on_link(const int is_local_route, const unsigned int flags, const struct route_gateway_info *rgi)
Definition: route.c:1540
static DWORD InterfaceLuid(const char *iface_name, PNET_LUID luid)
Definition: interactive.c:548
struct gc_arena gc
Definition: route.h:212
#define RGI_ADDR_DEFINED
Definition: route.h:147
#define PACKAGE_NAME
Definition: config.h:730
struct route_gateway_address addrs[RGI_N_ADDRESSES]
Definition: route.h:171
unsigned int iflags
Definition: route.h:216
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2972
#define OPENVPN_STATE_ADD_ROUTES
Definition: manage.h:485
#define TLA_LOCAL
Definition: route.h:343
#define METRIC_NOT_USED
Definition: route.c:55
#define DEV_TYPE_TUN
Definition: proto.h:37
int type
Definition: tun.h:135
static void gc_init(struct gc_arena *a)
Definition: buffer.h:1002
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:408
static void undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1112
static DWORD windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:2753
void route_ipv6_clear_host_bits(struct route_ipv6 *r6)
Definition: route.c:1833
#define NETSH_PATH_SUFFIX
Definition: win32.h:34
#define ROUTE_DELETE_FIRST
Definition: route.h:50
unsigned int flags
Definition: route.h:153
void delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1244
static void gc_freeaddrinfo_callback(void *addr)
Definition: buffer.h:202
static bool get_special_addr(const struct route_list *rl, const char *string, in_addr_t *out, bool *status)
Definition: route.c:217
#define RT_DEFINED
Definition: route.h:113
struct gc_arena gc
Definition: route.h:226
#define RG_DEF1
Definition: route.h:86
#define RTSA_DEFAULT_METRIC
Definition: route.h:65
static void setenv_route(struct env_set *es, const struct route_ipv4 *r, int i)
Definition: route.c:1419
DWORD adapter_index
Definition: route.h:134
in_addr_t remote_endpoint
Definition: route.h:68
struct in6_addr addr_ipv6
Definition: route.h:175
#define RG_BYPASS_DHCP
Definition: route.h:87
#define ROUTE_METHOD_MASK
Definition: route.h:44
static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *)
Definition: route.c:3112
static SERVICE_STATUS status
Definition: automatic.c:43
void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest, const struct route_ipv6_option_list *src, struct gc_arena *a)
Definition: route.c:161
const char * netmask
Definition: route.h:78
DWORD adapter_index
Definition: route.h:157
static bool init_route_ipv6(struct route_ipv6 *r6, const struct route_ipv6_option *r6o, const struct route_ipv6_list *rl6)
Definition: route.c:429
void route_list_add_vpn_gateway(struct route_list *rl, struct env_set *es, const in_addr_t addr)
Definition: route.c:532
unsigned int flags
Definition: route.h:117
bool send_msg_iservice(HANDLE pipe, const void *data, size_t size, ack_message_t *ack, const char *context)
Definition: win32.c:1476
#define msg
Definition: error.h:173
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
Definition: buffer.c:522
#define RGI_HWADDR_DEFINED
Definition: route.h:149
#define GETADDR_HOST_ORDER
Definition: socket.h:522
char * get_win_sys_path(void)
Definition: win32.c:1209
DWORD adapter_index
Definition: tun.h:176
void add_route_to_option_list(struct route_option_list *l, const char *network, const char *netmask, const char *gateway, const char *metric)
Definition: route.c:485
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition: error.c:819
unsigned int flags
Definition: route.h:181
const IP_ADAPTER_INFO * get_adapter_info(DWORD index, struct gc_arena *gc)
Definition: tun.c:4157
int netmask_to_netbits2(in_addr_t netmask)
Definition: route.c:3859
#define RTSA_REMOTE_ENDPOINT
Definition: route.h:63
struct route_ipv4 * next
Definition: route.h:116
static void add_host_route_if_nonlocal(struct route_bypass *rb, const in_addr_t addr)
Definition: route.c:3885
unsigned int flags
Definition: route.h:94
unsigned int flags
Definition: route.h:107
struct gc_arena * gc
Definition: route.h:109
struct in6_addr gateway
Definition: route.h:130
HANDLE msg_channel
Definition: tun.h:62
#define RTSA_REMOTE_HOST
Definition: route.h:64
static int local_route(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct route_gateway_info *rgi)
Definition: route.c:1504
int test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi)
Definition: route.c:3965
bool did_ifconfig_ipv6_setup
Definition: tun.h:141
struct route_ipv6_gateway_address gateway
Definition: route.h:194
#define RG_BLOCK_LOCAL
Definition: route.h:91
interface_t iface
Definition: openvpn-msg.h:74
int metric
Definition: route.h:131
const char * network
Definition: route.h:77
const char * metric
Definition: route.h:80
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition: buffer.h:1087
void argv_printf_cat(struct argv *a, const char *format,...)
Definition: argv.c:328
#define RG_REROUTE_GW
Definition: route.h:89
char name[256]
Definition: openvpn-msg.h:57
#define ROUTE_METHOD_IPAPI
Definition: route.h:41
#define ROUTE_METHOD_EXE
Definition: route.h:42
#define RG_AUTO_LOCAL
Definition: route.h:90
struct route_ipv6_option * next
Definition: route.h:100
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:269
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_FATAL
Definition: error.h:94
void show_routes(int msglev)
Definition: route.c:3143
struct gc_arena * gc
Definition: route.h:96
bool add_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index)
Definition: route.c:2872
#define LR_MATCH
Definition: route.c:1500
static bool init_route(struct route_ipv4 *r, struct addrinfo **network_list, const struct route_option *ro, const struct route_list *rl)
Definition: route.c:300
void netcmd_semaphore_release(void)
Definition: win32.c:875
const char * prefix
Definition: route.h:101
#define TUN_ADAPTER_INDEX_INVALID
Definition: tun.h:43
static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags)
Definition: route.c:3909
#define TLA_NOT_IMPLEMENTED
Definition: route.h:341
bool init_route_ipv6_list(struct route_ipv6_list *rl6, const struct route_ipv6_option_list *opt6, const char *remote_endpoint, int default_metric, const struct in6_addr *remote_host_ipv6, struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:763
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2663
struct route_option_list * clone_route_option_list(const struct route_option_list *src, struct gc_arena *a)
Definition: route.c:136
bool is_adapter_up(const struct tuntap *tt, const IP_ADAPTER_INFO *list)
Definition: tun.c:4255
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
uint8_t hwaddr[6]
Definition: route.h:163
void delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:2328
DWORD adapter_index_of_ip(const IP_ADAPTER_INFO *list, const in_addr_t ip, int *count, in_addr_t *netmask)
Definition: tun.c:4333
static void add_route3(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:896
#define M_WARN
Definition: error.h:96
#define ROUTE_PATH
Definition: config.h:757
static void add_host_route_array(struct route_bypass *rb, const IP_ADDR_STRING *iplist)
Definition: route.c:3894
static uint8_t * buf_bptr(const struct buffer *buf)
Definition: buffer.h:227
bool get_ipv6_addr(const char *hostname, struct in6_addr *network, unsigned int *netbits, int msglevel)
Translate an IPv6 addr or hostname from string form to in6_addr.
Definition: socket.c:224
struct route_option * next
Definition: route.h:76
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
int remote_host_local
Definition: route.h:70
const char * gateway
Definition: route.h:102
static const char * format_route_entry(const MIB_IPFORWARDROW *r, struct gc_arena *gc)
Definition: route.c:3118
#define ROUTE_METHOD_ADAPTIVE
Definition: route.h:40
const IP_ADAPTER_INFO * get_adapter(const IP_ADAPTER_INFO *ai, DWORD index)
Definition: tun.c:4138
static void add_block_local_item(struct route_list *rl, const struct route_gateway_address *gateway, in_addr_t target)
Definition: route.c:543
void argv_reset(struct argv *a)
Definition: argv.c:60
#define BSTR(buf)
Definition: buffer.h:129
void copy_route_option_list(struct route_option_list *dest, const struct route_option_list *src, struct gc_arena *a)
Definition: route.c:154
struct route_option_list * new_route_option_list(struct gc_arena *a)
Definition: route.c:111
static void del_bypass_routes(struct route_bypass *rb, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:960
Definition: argv.h:35
bool openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition: run_command.c:195
char * actual_name
Definition: tun.h:147
struct route_ipv4 * routes
Definition: route.h:211
static const MIB_IPFORWARDTABLE * get_windows_routing_table(struct gc_arena *gc)
Definition: route.c:2561
static bool do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct tuntap *tt)
Definition: route.c:3048
char * dest
Definition: compat-lz4.h:431
#define GETADDR_RESOLVE
Definition: socket.h:520
static void redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:986
#define IPV4_NETMASK_HOST
Definition: basic.h:35
in_addr_t remote_host
Definition: route.h:69
uint8_t hwaddr[6]
Definition: route.h:191
void argv_printf(struct argv *a, const char *format,...)
Definition: argv.c:318
int default_metric
Definition: route.h:221
#define D_ROUTE_DEBUG
Definition: errlevel.h:130
static const char * show_opt(const char *option)
Definition: route.c:1284
void add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1856
#define RGI_IFACE_DEFINED
Definition: route.h:150
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
#define DEV_TYPE_TAP
Definition: proto.h:38
int default_metric
Definition: route.h:72
void print_routes(const struct route_list *rl, int level)
Definition: route.c:1409
static void test_route_helper(bool *ret, int *count, int *good, int *ambig, const IP_ADAPTER_INFO *adapters, const in_addr_t gateway)
Definition: route.c:2598
bool del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:2954
int metric
Definition: route.h:122