OpenVPN
route.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 /*
25  * Support routines for adding/deleting network routes.
26  */
27 
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #elif defined(_MSC_VER)
31 #include "config-msvc.h"
32 #endif
33 
34 #include "syshead.h"
35 
36 #include "common.h"
37 #include "error.h"
38 #include "route.h"
39 #include "run_command.h"
40 #include "socket.h"
41 #include "manage.h"
42 #include "win32.h"
43 #include "options.h"
44 
45 #include "memdbg.h"
46 
47 #if defined(TARGET_LINUX) || defined(TARGET_ANDROID)
48 #include <linux/rtnetlink.h> /* RTM_GETROUTE etc. */
49 #endif
50 
51 #ifdef _WIN32
52 #include "openvpn-msg.h"
53 
54 #define METRIC_NOT_USED ((DWORD)-1)
55 static bool add_route_service(const struct route_ipv4 *, const struct tuntap *);
56 
57 static bool del_route_service(const struct route_ipv4 *, const struct tuntap *);
58 
59 static bool add_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *);
60 
61 static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *);
62 
63 #endif
64 
65 static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es);
66 
67 static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags);
68 
69 #ifdef ENABLE_DEBUG
70 
71 static void
72 print_bypass_addresses(const struct route_bypass *rb)
73 {
74  struct gc_arena gc = gc_new();
75  int i;
76  for (i = 0; i < rb->n_bypass; ++i)
77  {
78  msg(D_ROUTE, "ROUTE: bypass_host_route[%d]=%s",
79  i,
80  print_in_addr_t(rb->bypass[i], 0, &gc));
81  }
82  gc_free(&gc);
83 }
84 
85 #endif
86 
87 static bool
89 {
90  int i;
91  for (i = 0; i < rb->n_bypass; ++i)
92  {
93  if (a == rb->bypass[i]) /* avoid duplicates */
94  {
95  return true;
96  }
97  }
98  if (rb->n_bypass < N_ROUTE_BYPASS)
99  {
100  rb->bypass[rb->n_bypass++] = a;
101  return true;
102  }
103  else
104  {
105  return false;
106  }
107 }
108 
109 struct route_option_list *
111 {
112  struct route_option_list *ret;
113  ALLOC_OBJ_CLEAR_GC(ret, struct route_option_list, a);
114  ret->gc = a;
115  return ret;
116 }
117 
118 struct route_ipv6_option_list *
120 {
121  struct route_ipv6_option_list *ret;
123  ret->gc = a;
124  return ret;
125 }
126 
127 /*
128  * NOTE: structs are cloned/copied shallow by design.
129  * The routes list from src will stay intact since it is allocated using
130  * the options->gc. The cloned/copied lists will share this common tail
131  * to avoid copying the data around between pulls. Pulled routes use
132  * the c2->gc so they get freed immediately after a reconnect.
133  */
134 struct route_option_list *
136 {
137  struct route_option_list *ret;
138  ALLOC_OBJ_GC(ret, struct route_option_list, a);
139  *ret = *src;
140  return ret;
141 }
142 
143 struct route_ipv6_option_list *
145 {
146  struct route_ipv6_option_list *ret;
147  ALLOC_OBJ_GC(ret, struct route_ipv6_option_list, a);
148  *ret = *src;
149  return ret;
150 }
151 
152 void
154 {
155  *dest = *src;
156  dest->gc = a;
157 }
158 
159 void
161  const struct route_ipv6_option_list *src,
162  struct gc_arena *a)
163 {
164  *dest = *src;
165  dest->gc = a;
166 }
167 
168 static const char *
169 route_string(const struct route_ipv4 *r, struct gc_arena *gc)
170 {
171  struct buffer out = alloc_buf_gc(256, gc);
172  buf_printf(&out, "ROUTE network %s netmask %s gateway %s",
173  print_in_addr_t(r->network, 0, gc),
174  print_in_addr_t(r->netmask, 0, gc),
175  print_in_addr_t(r->gateway, 0, gc)
176  );
177  if (r->flags & RT_METRIC_DEFINED)
178  {
179  buf_printf(&out, " metric %d", r->metric);
180  }
181  return BSTR(&out);
182 }
183 
184 static bool
185 is_route_parm_defined(const char *parm)
186 {
187  if (!parm)
188  {
189  return false;
190  }
191  if (!strcmp(parm, "default"))
192  {
193  return false;
194  }
195  return true;
196 }
197 
198 static void
199 setenv_route_addr(struct env_set *es, const char *key, const in_addr_t addr, int i)
200 {
201  struct gc_arena gc = gc_new();
202  struct buffer name = alloc_buf_gc(256, &gc);
203  if (i >= 0)
204  {
205  buf_printf(&name, "route_%s_%d", key, i);
206  }
207  else
208  {
209  buf_printf(&name, "route_%s", key);
210  }
211  setenv_str(es, BSTR(&name), print_in_addr_t(addr, 0, &gc));
212  gc_free(&gc);
213 }
214 
215 static bool
216 get_special_addr(const struct route_list *rl,
217  const char *string,
218  in_addr_t *out,
219  bool *status)
220 {
221  if (status)
222  {
223  *status = true;
224  }
225  if (!strcmp(string, "vpn_gateway"))
226  {
227  if (rl)
228  {
229  if (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
230  {
231  *out = rl->spec.remote_endpoint;
232  }
233  else
234  {
235  msg(M_INFO, PACKAGE_NAME " ROUTE: vpn_gateway undefined");
236  if (status)
237  {
238  *status = false;
239  }
240  }
241  }
242  return true;
243  }
244  else if (!strcmp(string, "net_gateway"))
245  {
246  if (rl)
247  {
248  if (rl->rgi.flags & RGI_ADDR_DEFINED)
249  {
250  *out = rl->rgi.gateway.addr;
251  }
252  else
253  {
254  msg(M_INFO, PACKAGE_NAME " ROUTE: net_gateway undefined -- unable to get default gateway from system");
255  if (status)
256  {
257  *status = false;
258  }
259  }
260  }
261  return true;
262  }
263  else if (!strcmp(string, "remote_host"))
264  {
265  if (rl)
266  {
267  if (rl->spec.flags & RTSA_REMOTE_HOST)
268  {
269  *out = rl->spec.remote_host;
270  }
271  else
272  {
273  msg(M_INFO, PACKAGE_NAME " ROUTE: remote_host undefined");
274  if (status)
275  {
276  *status = false;
277  }
278  }
279  }
280  return true;
281  }
282  return false;
283 }
284 
285 bool
286 is_special_addr(const char *addr_str)
287 {
288  if (addr_str)
289  {
290  return get_special_addr(NULL, addr_str, NULL, NULL);
291  }
292  else
293  {
294  return false;
295  }
296 }
297 
298 static bool
300  struct addrinfo **network_list,
301  const struct route_option *ro,
302  const struct route_list *rl)
303 {
304  const in_addr_t default_netmask = IPV4_NETMASK_HOST;
305  bool status;
306  int ret;
307  struct in_addr special;
308 
309  CLEAR(*r);
310  r->option = ro;
311 
312  /* network */
313 
314  if (!is_route_parm_defined(ro->network))
315  {
316  goto fail;
317  }
318 
319 
320  /* get_special_addr replaces specialaddr with a special ip addr
321  * like gw. getaddrinfo is called to convert a a addrinfo struct */
322 
323  if (get_special_addr(rl, ro->network, (in_addr_t *) &special.s_addr, &status))
324  {
325  special.s_addr = htonl(special.s_addr);
326  ret = openvpn_getaddrinfo(0, inet_ntoa(special), NULL, 0, NULL,
327  AF_INET, network_list);
328  }
329  else
330  {
332  ro->network, NULL, 0, NULL, AF_INET, network_list);
333  }
334 
335  status = (ret == 0);
336 
337  if (!status)
338  {
339  goto fail;
340  }
341 
342  /* netmask */
343 
345  {
346  r->netmask = getaddr(
349  ro->netmask,
350  0,
351  &status,
352  NULL);
353  if (!status)
354  {
355  goto fail;
356  }
357  }
358  else
359  {
360  r->netmask = default_netmask;
361  }
362 
363  /* gateway */
364 
366  {
367  if (!get_special_addr(rl, ro->gateway, &r->gateway, &status))
368  {
369  r->gateway = getaddr(
373  ro->gateway,
374  0,
375  &status,
376  NULL);
377  }
378  if (!status)
379  {
380  goto fail;
381  }
382  }
383  else
384  {
385  if (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
386  {
387  r->gateway = rl->spec.remote_endpoint;
388  }
389  else
390  {
391  msg(M_WARN, PACKAGE_NAME " ROUTE: " PACKAGE_NAME " needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options");
392  goto fail;
393  }
394  }
395 
396  /* metric */
397 
398  r->metric = 0;
399  if (is_route_parm_defined(ro->metric))
400  {
401  r->metric = atoi(ro->metric);
402  if (r->metric < 0)
403  {
404  msg(M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) must be >= 0",
405  ro->network,
406  ro->metric);
407  goto fail;
408  }
409  r->flags |= RT_METRIC_DEFINED;
410  }
411  else if (rl->spec.flags & RTSA_DEFAULT_METRIC)
412  {
413  r->metric = rl->spec.default_metric;
414  r->flags |= RT_METRIC_DEFINED;
415  }
416 
417  r->flags |= RT_DEFINED;
418 
419  return true;
420 
421 fail:
422  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve route for host/network: %s",
423  ro->network);
424  return false;
425 }
426 
427 static bool
429  const struct route_ipv6_option *r6o,
430  const struct route_ipv6_list *rl6 )
431 {
432  CLEAR(*r6);
433 
434  if (!get_ipv6_addr( r6o->prefix, &r6->network, &r6->netbits, M_WARN ))
435  {
436  goto fail;
437  }
438 
439  /* gateway */
440  if (is_route_parm_defined(r6o->gateway))
441  {
442  if (inet_pton( AF_INET6, r6o->gateway, &r6->gateway ) != 1)
443  {
444  msg( M_WARN, PACKAGE_NAME "ROUTE6: cannot parse gateway spec '%s'", r6o->gateway );
445  }
446  }
447  else if (rl6->spec_flags & RTSA_REMOTE_ENDPOINT)
448  {
449  r6->gateway = rl6->remote_endpoint_ipv6;
450  }
451  else
452  {
453  msg(M_WARN, PACKAGE_NAME " ROUTE6: " PACKAGE_NAME " needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options");
454  goto fail;
455  }
456 
457  /* metric */
458 
459  r6->metric = -1;
460  if (is_route_parm_defined(r6o->metric))
461  {
462  r6->metric = atoi(r6o->metric);
463  if (r6->metric < 0)
464  {
465  msg(M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) must be >= 0",
466  r6o->prefix,
467  r6o->metric);
468  goto fail;
469  }
470  r6->flags |= RT_METRIC_DEFINED;
471  }
472  else if (rl6->spec_flags & RTSA_DEFAULT_METRIC)
473  {
474  r6->metric = rl6->default_metric;
475  r6->flags |= RT_METRIC_DEFINED;
476  }
477 
478  r6->flags |= RT_DEFINED;
479 
480  return true;
481 
482 fail:
483  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve route for host/network: %s",
484  r6o->prefix);
485  return false;
486 }
487 
488 void
490  const char *network,
491  const char *netmask,
492  const char *gateway,
493  const char *metric)
494 {
495  struct route_option *ro;
496  ALLOC_OBJ_GC(ro, struct route_option, l->gc);
497  ro->network = network;
498  ro->netmask = netmask;
499  ro->gateway = gateway;
500  ro->metric = metric;
501  ro->next = l->routes;
502  l->routes = ro;
503 
504 }
505 
506 void
508  const char *prefix,
509  const char *gateway,
510  const char *metric)
511 {
512  struct route_ipv6_option *ro;
513  ALLOC_OBJ_GC(ro, struct route_ipv6_option, l->gc);
514  ro->prefix = prefix;
515  ro->gateway = gateway;
516  ro->metric = metric;
517  ro->next = l->routes_ipv6;
518  l->routes_ipv6 = ro;
519 }
520 
521 static void
523 {
524  gc_free(&rl->gc);
525  CLEAR(*rl);
526 }
527 
528 static void
530 {
531  gc_free(&rl6->gc);
532  CLEAR(*rl6);
533 }
534 
535 void
537  struct env_set *es,
538  const in_addr_t addr)
539 {
540  ASSERT(rl);
541  rl->spec.remote_endpoint = addr;
543  setenv_route_addr(es, "vpn_gateway", rl->spec.remote_endpoint, -1);
544 }
545 
546 static void
548  const struct route_gateway_address *gateway,
549  in_addr_t target)
550 {
551  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED);
552  if ((rl->rgi.flags & rgi_needed) == rgi_needed
553  && rl->rgi.gateway.netmask < 0xFFFFFFFF)
554  {
555  struct route_ipv4 *r1, *r2;
556  unsigned int l2;
557 
558  ALLOC_OBJ_GC(r1, struct route_ipv4, &rl->gc);
559  ALLOC_OBJ_GC(r2, struct route_ipv4, &rl->gc);
560 
561  /* split a route into two smaller blocking routes, and direct them to target */
562  l2 = ((~gateway->netmask)+1)>>1;
563  r1->flags = RT_DEFINED;
564  r1->gateway = target;
565  r1->network = gateway->addr & gateway->netmask;
566  r1->netmask = ~(l2-1);
567  r1->next = rl->routes;
568  rl->routes = r1;
569 
570  *r2 = *r1;
571  r2->network += l2;
572  r2->next = rl->routes;
573  rl->routes = r2;
574  }
575 }
576 
577 static void
579 {
580  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED);
581  if ((rl->flags & RG_BLOCK_LOCAL)
582  && (rl->rgi.flags & rgi_needed) == rgi_needed
583  && (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
584  && rl->spec.remote_host_local != TLA_LOCAL)
585  {
586  size_t i;
587 
588 #ifndef TARGET_ANDROID
589  /* add bypass for gateway addr */
591 #endif
592 
593  /* block access to local subnet */
595 
596  /* process additional subnets on gateway interface */
597  for (i = 0; i < rl->rgi.n_addrs; ++i)
598  {
599  const struct route_gateway_address *gwa = &rl->rgi.addrs[i];
600  /* omit the add/subnet in &rl->rgi which we processed above */
601  if (!((rl->rgi.gateway.addr & rl->rgi.gateway.netmask) == (gwa->addr & gwa->netmask)
602  && rl->rgi.gateway.netmask == gwa->netmask))
603  {
605  }
606  }
607  }
608 }
609 
610 bool
612  const struct route_option_list *opt,
613  const char *remote_endpoint,
614  int default_metric,
615  in_addr_t remote_host,
616  struct env_set *es)
617 {
618  struct gc_arena gc = gc_new();
619  bool ret = true;
620 
621  clear_route_list(rl);
622 
623  rl->flags = opt->flags;
624 
625  if (remote_host)
626  {
627  rl->spec.remote_host = remote_host;
628  rl->spec.flags |= RTSA_REMOTE_HOST;
629  }
630 
631  if (default_metric)
632  {
633  rl->spec.default_metric = default_metric;
635  }
636 
637  get_default_gateway(&rl->rgi);
638  if (rl->rgi.flags & RGI_ADDR_DEFINED)
639  {
640  setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1);
641 #if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL)
642  print_default_gateway(D_ROUTE, &rl->rgi, NULL);
643 #endif
644  }
645  else
646  {
647  dmsg(D_ROUTE, "ROUTE: default_gateway=UNDEF");
648  }
649 
650  if (rl->spec.flags & RTSA_REMOTE_HOST)
651  {
652  rl->spec.remote_host_local = test_local_addr(remote_host, &rl->rgi);
653  }
654 
655  if (is_route_parm_defined(remote_endpoint))
656  {
657  bool defined = false;
662  remote_endpoint,
663  0,
664  &defined,
665  NULL);
666 
667  if (defined)
668  {
669  setenv_route_addr(es, "vpn_gateway", rl->spec.remote_endpoint, -1);
671  }
672  else
673  {
674  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve default gateway: %s",
675  remote_endpoint);
676  ret = false;
677  }
678  }
679 
680  if (rl->flags & RG_ENABLE)
681  {
682  add_block_local(rl);
684 #ifdef ENABLE_DEBUG
685  print_bypass_addresses(&rl->spec.bypass);
686 #endif
687  }
688 
689  /* parse the routes from opt to rl */
690  {
691  struct route_option *ro;
692  for (ro = opt->routes; ro; ro = ro->next)
693  {
694  struct addrinfo *netlist = NULL;
695  struct route_ipv4 r;
696 
697  if (!init_route(&r, &netlist, ro, rl))
698  {
699  ret = false;
700  }
701  else
702  {
703  struct addrinfo *curele;
704  for (curele = netlist; curele; curele = curele->ai_next)
705  {
706  struct route_ipv4 *new;
707  ALLOC_OBJ_GC(new, struct route_ipv4, &rl->gc);
708  *new = r;
709  new->network = ntohl(((struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr);
710  new->next = rl->routes;
711  rl->routes = new;
712  }
713  }
714  if (netlist)
715  {
716  gc_addspecial(netlist, &gc_freeaddrinfo_callback, &gc);
717  }
718  }
719  }
720 
721  gc_free(&gc);
722  return ret;
723 }
724 
725 /* check whether an IPv6 host address is covered by a given route_ipv6
726  * (not the most beautiful implementation in the world, but portable and
727  * "good enough")
728  */
729 static bool
731  const struct in6_addr *host )
732 {
733  unsigned int bits = r6->netbits;
734  int i;
735  unsigned int mask;
736 
737  if (bits>128)
738  {
739  return false;
740  }
741 
742  for (i = 0; bits >= 8; i++, bits -= 8)
743  {
744  if (r6->network.s6_addr[i] != host->s6_addr[i])
745  {
746  return false;
747  }
748  }
749 
750  if (bits == 0)
751  {
752  return true;
753  }
754 
755  mask = 0xff << (8-bits);
756 
757  if ( (r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask ))
758  {
759  return true;
760  }
761 
762  return false;
763 }
764 
765 bool
767  const struct route_ipv6_option_list *opt6,
768  const char *remote_endpoint,
769  int default_metric,
770  const struct in6_addr *remote_host_ipv6,
771  struct env_set *es)
772 {
773  struct gc_arena gc = gc_new();
774  bool ret = true;
775  bool need_remote_ipv6_route;
776 
778 
779  rl6->flags = opt6->flags;
780 
781  if (remote_host_ipv6)
782  {
783  rl6->remote_host_ipv6 = *remote_host_ipv6;
785  }
786 
787  if (default_metric >= 0)
788  {
789  rl6->default_metric = default_metric;
791  }
792 
793  msg(D_ROUTE, "GDG6: remote_host_ipv6=%s",
794  remote_host_ipv6 ? print_in6_addr(*remote_host_ipv6, 0, &gc) : "n/a" );
795 
796  get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6);
797  if (rl6->rgi6.flags & RGI_ADDR_DEFINED)
798  {
799  setenv_str(es, "net_gateway_ipv6", print_in6_addr(rl6->rgi6.gateway.addr_ipv6, 0, &gc));
800 #if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL)
801  print_default_gateway(D_ROUTE, NULL, &rl6->rgi6);
802 #endif
803  }
804  else
805  {
806  dmsg(D_ROUTE, "ROUTE6: default_gateway=UNDEF");
807  }
808 
809  if (is_route_parm_defined( remote_endpoint ))
810  {
811  if (inet_pton( AF_INET6, remote_endpoint,
812  &rl6->remote_endpoint_ipv6) == 1)
813  {
815  }
816  else
817  {
818  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve VPN endpoint: %s", remote_endpoint);
819  ret = false;
820  }
821  }
822 
823  /* parse the routes from opt6 to rl6
824  * discovering potential overlaps with remote_host_ipv6 in the process
825  */
826  need_remote_ipv6_route = false;
827 
828  {
829  struct route_ipv6_option *ro6;
830  for (ro6 = opt6->routes_ipv6; ro6; ro6 = ro6->next)
831  {
832  struct route_ipv6 *r6;
833  ALLOC_OBJ_GC(r6, struct route_ipv6, &rl6->gc);
834  if (!init_route_ipv6(r6, ro6, rl6))
835  {
836  ret = false;
837  }
838  else
839  {
840  r6->next = rl6->routes_ipv6;
841  rl6->routes_ipv6 = r6;
842 
843 #ifndef TARGET_ANDROID
844  /* On Android the VPNService protect function call will take of
845  * avoiding routing loops, so ignore this part and let
846  * need_remote_ipv6_route always evaluate to false
847  */
848  if (remote_host_ipv6
849  && route_ipv6_match_host( r6, remote_host_ipv6 ) )
850  {
851  need_remote_ipv6_route = true;
852  msg(D_ROUTE, "ROUTE6: %s/%d overlaps IPv6 remote %s, adding host route to VPN endpoint",
853  print_in6_addr(r6->network, 0, &gc), r6->netbits,
854  print_in6_addr(*remote_host_ipv6, 0, &gc));
855  }
856 #endif
857  }
858  }
859  }
860 
861  /* add VPN server host route if needed */
862  if (need_remote_ipv6_route)
863  {
864  if ( (rl6->rgi6.flags & (RGI_ADDR_DEFINED|RGI_IFACE_DEFINED) ) ==
866  {
867  struct route_ipv6 *r6;
868  ALLOC_OBJ_CLEAR_GC(r6, struct route_ipv6, &rl6->gc);
869 
870  r6->network = *remote_host_ipv6;
871  r6->netbits = 128;
872  if (!(rl6->rgi6.flags & RGI_ON_LINK) )
873  {
874  r6->gateway = rl6->rgi6.gateway.addr_ipv6;
875  }
876  r6->metric = 1;
877 #ifdef _WIN32
878  r6->adapter_index = rl6->rgi6.adapter_index;
879 #else
880  r6->iface = rl6->rgi6.iface;
881 #endif
883 
884  r6->next = rl6->routes_ipv6;
885  rl6->routes_ipv6 = r6;
886  }
887  else
888  {
889  msg(M_WARN, "ROUTE6: IPv6 route overlaps with IPv6 remote address, but could not determine IPv6 gateway address + interface, expect failure\n" );
890  }
891  }
892 
893  gc_free(&gc);
894  return ret;
895 }
896 
897 static void
899  in_addr_t netmask,
901  const struct tuntap *tt,
902  unsigned int flags,
903  const struct route_gateway_info *rgi,
904  const struct env_set *es)
905 {
906  struct route_ipv4 r;
907  CLEAR(r);
908  r.flags = RT_DEFINED;
909  r.network = network;
910  r.netmask = netmask;
911  r.gateway = gateway;
912  add_route(&r, tt, flags, rgi, es);
913 }
914 
915 static void
919  const struct tuntap *tt,
920  unsigned int flags,
921  const struct route_gateway_info *rgi,
922  const struct env_set *es)
923 {
924  struct route_ipv4 r;
925  CLEAR(r);
927  r.network = network;
928  r.netmask = netmask;
929  r.gateway = gateway;
930  delete_route(&r, tt, flags, rgi, es);
931 }
932 
933 static void
936  const struct tuntap *tt,
937  unsigned int flags,
938  const struct route_gateway_info *rgi,
939  const struct env_set *es)
940 {
941  int i;
942  for (i = 0; i < rb->n_bypass; ++i)
943  {
944  if (rb->bypass[i])
945  {
946  add_route3(rb->bypass[i],
948  gateway,
949  tt,
950  flags | ROUTE_REF_GW,
951  rgi,
952  es);
953  }
954  }
955 }
956 
957 static void
960  const struct tuntap *tt,
961  unsigned int flags,
962  const struct route_gateway_info *rgi,
963  const struct env_set *es)
964 {
965  int i;
966  for (i = 0; i < rb->n_bypass; ++i)
967  {
968  if (rb->bypass[i])
969  {
970  del_route3(rb->bypass[i],
972  gateway,
973  tt,
974  flags | ROUTE_REF_GW,
975  rgi,
976  es);
977  }
978  }
979 }
980 
981 static void
982 redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
983 {
984  const char err[] = "NOTE: unable to redirect default gateway --";
985 
986  if (rl && rl->flags & RG_ENABLE)
987  {
988  bool local = rl->flags & RG_LOCAL;
989 
990  if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT) && (rl->flags & RG_REROUTE_GW))
991  {
992  msg(M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err);
993  }
994  /*
995  * check if a default route is defined, unless:
996  * - we are connecting to a remote host in our network
997  * - we are connecting to a non-IPv4 remote host (i.e. we use IPv6)
998  */
999  else if (!(rl->rgi.flags & RGI_ADDR_DEFINED) && !local
1000  && (rl->spec.remote_host != IPV4_INVALID_ADDR))
1001  {
1002  msg(M_WARN, "%s Cannot read current default gateway from system", err);
1003  }
1004  else if (!(rl->spec.flags & RTSA_REMOTE_HOST))
1005  {
1006  msg(M_WARN, "%s Cannot obtain current remote host address", err);
1007  }
1008  else
1009  {
1010 #ifndef TARGET_ANDROID
1011  if (rl->flags & RG_AUTO_LOCAL)
1012  {
1013  const int tla = rl->spec.remote_host_local;
1014  if (tla == TLA_NONLOCAL)
1015  {
1016  dmsg(D_ROUTE, "ROUTE remote_host is NOT LOCAL");
1017  local = false;
1018  }
1019  else if (tla == TLA_LOCAL)
1020  {
1021  dmsg(D_ROUTE, "ROUTE remote_host is LOCAL");
1022  local = true;
1023  }
1024  }
1025  if (!local)
1026  {
1027  /* route remote host to original default gateway */
1028  /* if remote_host is not ipv4 (ie: ipv6), just skip
1029  * adding this special /32 route */
1030  if (rl->spec.remote_host != IPV4_INVALID_ADDR)
1031  {
1034  rl->rgi.gateway.addr,
1035  tt,
1036  flags | ROUTE_REF_GW,
1037  &rl->rgi,
1038  es);
1039  rl->iflags |= RL_DID_LOCAL;
1040  }
1041  else
1042  {
1043  dmsg(D_ROUTE, "ROUTE remote_host protocol differs from tunneled");
1044  }
1045  }
1046 #endif /* ifndef TARGET_ANDROID */
1047 
1048  /* route DHCP/DNS server traffic through original default gateway */
1049  add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, &rl->rgi, es);
1050 
1051  if (rl->flags & RG_REROUTE_GW)
1052  {
1053  if (rl->flags & RG_DEF1)
1054  {
1055  /* add new default route (1st component) */
1056  add_route3(0x00000000,
1057  0x80000000,
1058  rl->spec.remote_endpoint,
1059  tt,
1060  flags,
1061  &rl->rgi,
1062  es);
1063 
1064  /* add new default route (2nd component) */
1065  add_route3(0x80000000,
1066  0x80000000,
1067  rl->spec.remote_endpoint,
1068  tt,
1069  flags,
1070  &rl->rgi,
1071  es);
1072  }
1073  else
1074  {
1075  /* don't try to remove the def route if it does not exist */
1076  if (rl->rgi.flags & RGI_ADDR_DEFINED)
1077  {
1078  /* delete default route */
1079  del_route3(0, 0, rl->rgi.gateway.addr, tt,
1080  flags | ROUTE_REF_GW, &rl->rgi, es);
1081  }
1082 
1083  /* add new default route */
1084  add_route3(0,
1085  0,
1086  rl->spec.remote_endpoint,
1087  tt,
1088  flags,
1089  &rl->rgi,
1090  es);
1091  }
1092  }
1093 
1094  /* set a flag so we can undo later */
1096  }
1097  }
1098 }
1099 
1100 static void
1101 undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1102 {
1103  if (rl && rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY)
1104  {
1105  /* delete remote host route */
1106  if (rl->iflags & RL_DID_LOCAL)
1107  {
1110  rl->rgi.gateway.addr,
1111  tt,
1112  flags | ROUTE_REF_GW,
1113  &rl->rgi,
1114  es);
1115  rl->iflags &= ~RL_DID_LOCAL;
1116  }
1117 
1118  /* delete special DHCP/DNS bypass route */
1119  del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, &rl->rgi, es);
1120 
1121  if (rl->flags & RG_REROUTE_GW)
1122  {
1123  if (rl->flags & RG_DEF1)
1124  {
1125  /* delete default route (1st component) */
1126  del_route3(0x00000000,
1127  0x80000000,
1128  rl->spec.remote_endpoint,
1129  tt,
1130  flags,
1131  &rl->rgi,
1132  es);
1133 
1134  /* delete default route (2nd component) */
1135  del_route3(0x80000000,
1136  0x80000000,
1137  rl->spec.remote_endpoint,
1138  tt,
1139  flags,
1140  &rl->rgi,
1141  es);
1142  }
1143  else
1144  {
1145  /* delete default route */
1146  del_route3(0,
1147  0,
1148  rl->spec.remote_endpoint,
1149  tt,
1150  flags,
1151  &rl->rgi,
1152  es);
1153  /* restore original default route if there was any */
1154  if (rl->rgi.flags & RGI_ADDR_DEFINED)
1155  {
1156  add_route3(0, 0, rl->rgi.gateway.addr, tt,
1157  flags | ROUTE_REF_GW, &rl->rgi, es);
1158  }
1159  }
1160  }
1161 
1163  }
1164 }
1165 
1166 void
1167 add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1168 {
1169  redirect_default_route_to_vpn(rl, tt, flags, es);
1170  if (rl && !(rl->iflags & RL_ROUTES_ADDED) )
1171  {
1172  struct route_ipv4 *r;
1173 
1174 #ifdef ENABLE_MANAGEMENT
1175  if (management && rl->routes)
1176  {
1179  NULL,
1180  NULL,
1181  NULL,
1182  NULL,
1183  NULL);
1184  }
1185 #endif
1186 
1187  for (r = rl->routes; r; r = r->next)
1188  {
1189  check_subnet_conflict(r->network, r->netmask, "route");
1190  if (flags & ROUTE_DELETE_FIRST)
1191  {
1192  delete_route(r, tt, flags, &rl->rgi, es);
1193  }
1194  add_route(r, tt, flags, &rl->rgi, es);
1195  }
1196  rl->iflags |= RL_ROUTES_ADDED;
1197  }
1198  if (rl6 && !(rl6->iflags & RL_ROUTES_ADDED) )
1199  {
1200  struct route_ipv6 *r;
1201 
1202  if (!tt->did_ifconfig_ipv6_setup)
1203  {
1204  msg(M_INFO, "WARNING: OpenVPN was configured to add an IPv6 "
1205  "route over %s. However, no IPv6 has been configured for "
1206  "this interface, therefore the route installation may "
1207  "fail or may not work as expected.", tt->actual_name);
1208  }
1209 
1210  for (r = rl6->routes_ipv6; r; r = r->next)
1211  {
1212  if (flags & ROUTE_DELETE_FIRST)
1213  {
1214  delete_route_ipv6(r, tt, flags, es);
1215  }
1216  add_route_ipv6(r, tt, flags, es);
1217  }
1218  rl6->iflags |= RL_ROUTES_ADDED;
1219  }
1220 }
1221 
1222 void
1223 delete_routes(struct route_list *rl, struct route_ipv6_list *rl6,
1224  const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1225 {
1226  if (rl && rl->iflags & RL_ROUTES_ADDED)
1227  {
1228  struct route_ipv4 *r;
1229  for (r = rl->routes; r; r = r->next)
1230  {
1231  delete_route(r, tt, flags, &rl->rgi, es);
1232  }
1233  rl->iflags &= ~RL_ROUTES_ADDED;
1234  }
1235 
1236  undo_redirect_default_route_to_vpn(rl, tt, flags, es);
1237 
1238  if (rl)
1239  {
1240  clear_route_list(rl);
1241  }
1242 
1243  if (rl6 && (rl6->iflags & RL_ROUTES_ADDED) )
1244  {
1245  struct route_ipv6 *r6;
1246  for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
1247  {
1248  delete_route_ipv6(r6, tt, flags, es);
1249  }
1250  rl6->iflags &= ~RL_ROUTES_ADDED;
1251  }
1252 
1253  if (rl6)
1254  {
1255  clear_route_ipv6_list(rl6);
1256  }
1257 }
1258 
1259 #ifndef ENABLE_SMALL
1260 
1261 static const char *
1262 show_opt(const char *option)
1263 {
1264  if (!option)
1265  {
1266  return "default (not set)";
1267  }
1268  else
1269  {
1270  return option;
1271  }
1272 }
1273 
1274 static void
1275 print_route_option(const struct route_option *ro, int level)
1276 {
1277  msg(level, " route %s/%s/%s/%s",
1278  show_opt(ro->network),
1279  show_opt(ro->netmask),
1280  show_opt(ro->gateway),
1281  show_opt(ro->metric));
1282 }
1283 
1284 void
1286  int level)
1287 {
1288  struct route_option *ro;
1289  if (rol->flags & RG_ENABLE)
1290  {
1291  msg(level, " [redirect_default_gateway local=%d]",
1292  (rol->flags & RG_LOCAL) != 0);
1293  }
1294  for (ro = rol->routes; ro; ro = ro->next)
1295  {
1296  print_route_option(ro, level);
1297  }
1298 }
1299 
1300 void
1301 print_default_gateway(const int msglevel,
1302  const struct route_gateway_info *rgi,
1303  const struct route_ipv6_gateway_info *rgi6)
1304 {
1305  struct gc_arena gc = gc_new();
1306  if (rgi && (rgi->flags & RGI_ADDR_DEFINED))
1307  {
1308  struct buffer out = alloc_buf_gc(256, &gc);
1309  buf_printf(&out, "ROUTE_GATEWAY");
1310  if (rgi->flags & RGI_ON_LINK)
1311  {
1312  buf_printf(&out, " ON_LINK");
1313  }
1314  else
1315  {
1316  buf_printf(&out, " %s", print_in_addr_t(rgi->gateway.addr, 0, &gc));
1317  }
1318  if (rgi->flags & RGI_NETMASK_DEFINED)
1319  {
1320  buf_printf(&out, "/%s", print_in_addr_t(rgi->gateway.netmask, 0, &gc));
1321  }
1322 #ifdef _WIN32
1323  if (rgi->flags & RGI_IFACE_DEFINED)
1324  {
1325  buf_printf(&out, " I=%lu", rgi->adapter_index);
1326  }
1327 #else
1328  if (rgi->flags & RGI_IFACE_DEFINED)
1329  {
1330  buf_printf(&out, " IFACE=%s", rgi->iface);
1331  }
1332 #endif
1333  if (rgi->flags & RGI_HWADDR_DEFINED)
1334  {
1335  buf_printf(&out, " HWADDR=%s", format_hex_ex(rgi->hwaddr, 6, 0, 1, ":", &gc));
1336  }
1337  msg(msglevel, "%s", BSTR(&out));
1338  }
1339 
1340  if (rgi6 && (rgi6->flags & RGI_ADDR_DEFINED))
1341  {
1342  struct buffer out = alloc_buf_gc(256, &gc);
1343  buf_printf(&out, "ROUTE6_GATEWAY");
1344  buf_printf(&out, " %s", print_in6_addr(rgi6->gateway.addr_ipv6, 0, &gc));
1345  if (rgi6->flags & RGI_ON_LINK)
1346  {
1347  buf_printf(&out, " ON_LINK");
1348  }
1349  if (rgi6->flags & RGI_NETMASK_DEFINED)
1350  {
1351  buf_printf(&out, "/%d", rgi6->gateway.netbits_ipv6);
1352  }
1353 #ifdef _WIN32
1354  if (rgi6->flags & RGI_IFACE_DEFINED)
1355  {
1356  buf_printf(&out, " I=%lu", rgi6->adapter_index);
1357  }
1358 #else
1359  if (rgi6->flags & RGI_IFACE_DEFINED)
1360  {
1361  buf_printf(&out, " IFACE=%s", rgi6->iface);
1362  }
1363 #endif
1364  if (rgi6->flags & RGI_HWADDR_DEFINED)
1365  {
1366  buf_printf(&out, " HWADDR=%s", format_hex_ex(rgi6->hwaddr, 6, 0, 1, ":", &gc));
1367  }
1368  msg(msglevel, "%s", BSTR(&out));
1369  }
1370  gc_free(&gc);
1371 }
1372 
1373 #endif /* ifndef ENABLE_SMALL */
1374 
1375 static void
1376 print_route(const struct route_ipv4 *r, int level)
1377 {
1378  struct gc_arena gc = gc_new();
1379  if (r->flags & RT_DEFINED)
1380  {
1381  msg(level, "%s", route_string(r, &gc));
1382  }
1383  gc_free(&gc);
1384 }
1385 
1386 void
1387 print_routes(const struct route_list *rl, int level)
1388 {
1389  struct route_ipv4 *r;
1390  for (r = rl->routes; r; r = r->next)
1391  {
1392  print_route(r, level);
1393  }
1394 }
1395 
1396 static void
1397 setenv_route(struct env_set *es, const struct route_ipv4 *r, int i)
1398 {
1399  struct gc_arena gc = gc_new();
1400  if (r->flags & RT_DEFINED)
1401  {
1402  setenv_route_addr(es, "network", r->network, i);
1403  setenv_route_addr(es, "netmask", r->netmask, i);
1404  setenv_route_addr(es, "gateway", r->gateway, i);
1405 
1406  if (r->flags & RT_METRIC_DEFINED)
1407  {
1408  struct buffer name = alloc_buf_gc(256, &gc);
1409  buf_printf(&name, "route_metric_%d", i);
1410  setenv_int(es, BSTR(&name), r->metric);
1411  }
1412  }
1413  gc_free(&gc);
1414 }
1415 
1416 void
1417 setenv_routes(struct env_set *es, const struct route_list *rl)
1418 {
1419  int i = 1;
1420  struct route_ipv4 *r;
1421  for (r = rl->routes; r; r = r->next)
1422  {
1423  setenv_route(es, r, i++);
1424  }
1425 }
1426 
1427 static void
1428 setenv_route_ipv6(struct env_set *es, const struct route_ipv6 *r6, int i)
1429 {
1430  struct gc_arena gc = gc_new();
1431  if (r6->flags & RT_DEFINED)
1432  {
1433  struct buffer name1 = alloc_buf_gc( 256, &gc );
1434  struct buffer val = alloc_buf_gc( 256, &gc );
1435  struct buffer name2 = alloc_buf_gc( 256, &gc );
1436 
1437  buf_printf( &name1, "route_ipv6_network_%d", i );
1438  buf_printf( &val, "%s/%d", print_in6_addr( r6->network, 0, &gc ),
1439  r6->netbits );
1440  setenv_str( es, BSTR(&name1), BSTR(&val) );
1441 
1442  buf_printf( &name2, "route_ipv6_gateway_%d", i );
1443  setenv_str( es, BSTR(&name2), print_in6_addr( r6->gateway, 0, &gc ));
1444  }
1445  gc_free(&gc);
1446 }
1447 void
1448 setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
1449 {
1450  int i = 1;
1451  struct route_ipv6 *r6;
1452  for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
1453  {
1454  setenv_route_ipv6(es, r6, i++);
1455  }
1456 }
1457 
1458 /*
1459  * local_route() determines whether the gateway of a provided host
1460  * route is on the same interface that owns the default gateway.
1461  * It uses the data structure
1462  * returned by get_default_gateway() (struct route_gateway_info)
1463  * to determine this. If the route is local, LR_MATCH is returned.
1464  * When adding routes into the kernel, if LR_MATCH is defined for
1465  * a given route, the route should explicitly reference the default
1466  * gateway interface as the route destination. For example, here
1467  * is an example on Linux that uses LR_MATCH:
1468  *
1469  * route add -net 10.10.0.1 netmask 255.255.255.255 dev eth0
1470  *
1471  * This capability is needed by the "default-gateway block-local"
1472  * directive, to allow client access to the local subnet to be
1473  * blocked but still allow access to the local default gateway.
1474  */
1475 
1476 /* local_route() return values */
1477 #define LR_NOMATCH 0 /* route is not local */
1478 #define LR_MATCH 1 /* route is local */
1479 #define LR_ERROR 2 /* caller should abort adding route */
1480 
1481 static int
1483  in_addr_t netmask,
1485  const struct route_gateway_info *rgi)
1486 {
1487  /* set LR_MATCH on local host routes */
1488  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED|RGI_IFACE_DEFINED);
1489  if (rgi
1490  && (rgi->flags & rgi_needed) == rgi_needed
1491  && gateway == rgi->gateway.addr
1492  && netmask == 0xFFFFFFFF)
1493  {
1494  if (((network ^ rgi->gateway.addr) & rgi->gateway.netmask) == 0)
1495  {
1496  return LR_MATCH;
1497  }
1498  else
1499  {
1500  /* examine additional subnets on gateway interface */
1501  size_t i;
1502  for (i = 0; i < rgi->n_addrs; ++i)
1503  {
1504  const struct route_gateway_address *gwa = &rgi->addrs[i];
1505  if (((network ^ gwa->addr) & gwa->netmask) == 0)
1506  {
1507  return LR_MATCH;
1508  }
1509  }
1510  }
1511  }
1512  return LR_NOMATCH;
1513 }
1514 
1515 /* Return true if the "on-link" form of the route should be used. This is when the gateway for a
1516  * a route is specified as an interface rather than an address. */
1517 static inline bool
1518 is_on_link(const int is_local_route, const unsigned int flags, const struct route_gateway_info *rgi)
1519 {
1520  return rgi && (is_local_route == LR_MATCH || ((flags & ROUTE_REF_GW) && (rgi->flags & RGI_ON_LINK)));
1521 }
1522 
1523 void
1525  const struct tuntap *tt,
1526  unsigned int flags,
1527  const struct route_gateway_info *rgi, /* may be NULL */
1528  const struct env_set *es)
1529 {
1530  struct gc_arena gc;
1531  struct argv argv = argv_new();
1532  const char *network;
1533 #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
1534  const char *netmask;
1535 #endif
1536  const char *gateway;
1537  bool status = false;
1538  int is_local_route;
1539 
1540  if (!(r->flags & RT_DEFINED))
1541  {
1542  return;
1543  }
1544 
1545  gc_init(&gc);
1546 
1547  network = print_in_addr_t(r->network, 0, &gc);
1548 #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
1549  netmask = print_in_addr_t(r->netmask, 0, &gc);
1550 #endif
1551  gateway = print_in_addr_t(r->gateway, 0, &gc);
1552 
1553  is_local_route = local_route(r->network, r->netmask, r->gateway, rgi);
1554  if (is_local_route == LR_ERROR)
1555  {
1556  goto done;
1557  }
1558 
1559 #if defined(TARGET_LINUX)
1560 #ifdef ENABLE_IPROUTE
1561  argv_printf(&argv, "%s route add %s/%d",
1562  iproute_path,
1563  network,
1565 
1566  if (r->flags & RT_METRIC_DEFINED)
1567  {
1568  argv_printf_cat(&argv, "metric %d", r->metric);
1569  }
1570 
1571  if (is_on_link(is_local_route, flags, rgi))
1572  {
1573  argv_printf_cat(&argv, "dev %s", rgi->iface);
1574  }
1575  else
1576  {
1577  argv_printf_cat(&argv, "via %s", gateway);
1578  }
1579 #else /* ifdef ENABLE_IPROUTE */
1580  argv_printf(&argv, "%s add -net %s netmask %s",
1581  ROUTE_PATH,
1582  network,
1583  netmask);
1584  if (r->flags & RT_METRIC_DEFINED)
1585  {
1586  argv_printf_cat(&argv, "metric %d", r->metric);
1587  }
1588  if (is_on_link(is_local_route, flags, rgi))
1589  {
1590  argv_printf_cat(&argv, "dev %s", rgi->iface);
1591  }
1592  else
1593  {
1594  argv_printf_cat(&argv, "gw %s", gateway);
1595  }
1596 
1597 #endif /*ENABLE_IPROUTE*/
1598  argv_msg(D_ROUTE, &argv);
1599  status = openvpn_execve_check(&argv, es, 0, "ERROR: Linux route add command failed");
1600 
1601 #elif defined (TARGET_ANDROID)
1602  char out[128];
1603 
1604  if (rgi)
1605  {
1606  openvpn_snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface);
1607  }
1608  else
1609  {
1610  openvpn_snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway);
1611  }
1612  management_android_control(management, "ROUTE", out);
1613 
1614 #elif defined (_WIN32)
1615  {
1616  DWORD ai = TUN_ADAPTER_INDEX_INVALID;
1617  argv_printf(&argv, "%s%sc ADD %s MASK %s %s",
1618  get_win_sys_path(),
1620  network,
1621  netmask,
1622  gateway);
1623  if (r->flags & RT_METRIC_DEFINED)
1624  {
1625  argv_printf_cat(&argv, "METRIC %d", r->metric);
1626  }
1627  if (is_on_link(is_local_route, flags, rgi))
1628  {
1629  ai = rgi->adapter_index;
1630  argv_printf_cat(&argv, "IF %lu", ai);
1631  }
1632 
1633  argv_msg(D_ROUTE, &argv);
1634 
1635  if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_SERVICE)
1636  {
1637  status = add_route_service(r, tt);
1638  msg(D_ROUTE, "Route addition via service %s", status ? "succeeded" : "failed");
1639  }
1640  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
1641  {
1642  status = add_route_ipapi(r, tt, ai);
1643  msg(D_ROUTE, "Route addition via IPAPI %s", status ? "succeeded" : "failed");
1644  }
1645  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
1646  {
1648  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add command failed");
1650  }
1651  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
1652  {
1653  status = add_route_ipapi(r, tt, ai);
1654  msg(D_ROUTE, "Route addition via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
1655  if (!status)
1656  {
1657  msg(D_ROUTE, "Route addition fallback to route.exe");
1659  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add command failed [adaptive]");
1661  }
1662  }
1663  else
1664  {
1665  ASSERT(0);
1666  }
1667  }
1668 
1669 #elif defined (TARGET_SOLARIS)
1670 
1671  /* example: route add 192.0.2.32 -netmask 255.255.255.224 somegateway */
1672 
1673  argv_printf(&argv, "%s add",
1674  ROUTE_PATH);
1675 
1676  argv_printf_cat(&argv, "%s -netmask %s %s",
1677  network,
1678  netmask,
1679  gateway);
1680 
1681  /* Solaris can only distinguish between "metric 0" == "on-link on the
1682  * interface where the IP address given is configured" and "metric > 0"
1683  * == "use gateway specified" (no finer-grained route metrics available)
1684  *
1685  * More recent versions of Solaris can also do "-interface", but that
1686  * would break backwards compatibility with older versions for no gain.
1687  */
1688  if (r->flags & RT_METRIC_DEFINED)
1689  {
1690  argv_printf_cat(&argv, "%d", r->metric);
1691  }
1692 
1693  argv_msg(D_ROUTE, &argv);
1694  status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
1695 
1696 #elif defined(TARGET_FREEBSD)
1697 
1698  argv_printf(&argv, "%s add",
1699  ROUTE_PATH);
1700 
1701 #if 0
1702  if (r->flags & RT_METRIC_DEFINED)
1703  {
1704  argv_printf_cat(&argv, "-rtt %d", r->metric);
1705  }
1706 #endif
1707 
1708  argv_printf_cat(&argv, "-net %s %s %s",
1709  network,
1710  gateway,
1711  netmask);
1712 
1713  /* FIXME -- add on-link support for FreeBSD */
1714 
1715  argv_msg(D_ROUTE, &argv);
1716  status = openvpn_execve_check(&argv, es, 0, "ERROR: FreeBSD route add command failed");
1717 
1718 #elif defined(TARGET_DRAGONFLY)
1719 
1720  argv_printf(&argv, "%s add",
1721  ROUTE_PATH);
1722 
1723 #if 0
1724  if (r->flags & RT_METRIC_DEFINED)
1725  {
1726  argv_printf_cat(&argv, "-rtt %d", r->metric);
1727  }
1728 #endif
1729 
1730  argv_printf_cat(&argv, "-net %s %s %s",
1731  network,
1732  gateway,
1733  netmask);
1734 
1735  /* FIXME -- add on-link support for Dragonfly */
1736 
1737  argv_msg(D_ROUTE, &argv);
1738  status = openvpn_execve_check(&argv, es, 0, "ERROR: DragonFly route add command failed");
1739 
1740 #elif defined(TARGET_DARWIN)
1741 
1742  argv_printf(&argv, "%s add",
1743  ROUTE_PATH);
1744 
1745 #if 0
1746  if (r->flags & RT_METRIC_DEFINED)
1747  {
1748  argv_printf_cat(&argv, "-rtt %d", r->metric);
1749  }
1750 #endif
1751 
1752  if (is_on_link(is_local_route, flags, rgi))
1753  {
1754  /* Mac OS X route syntax for ON_LINK:
1755  * route add -cloning -net 10.10.0.1 -netmask 255.255.255.255 -interface en0 */
1756  argv_printf_cat(&argv, "-cloning -net %s -netmask %s -interface %s",
1757  network,
1758  netmask,
1759  rgi->iface);
1760  }
1761  else
1762  {
1763  argv_printf_cat(&argv, "-net %s %s %s",
1764  network,
1765  gateway,
1766  netmask);
1767  }
1768 
1769  argv_msg(D_ROUTE, &argv);
1770  status = openvpn_execve_check(&argv, es, 0, "ERROR: OS X route add command failed");
1771 
1772 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1773 
1774  argv_printf(&argv, "%s add",
1775  ROUTE_PATH);
1776 
1777 #if 0
1778  if (r->flags & RT_METRIC_DEFINED)
1779  {
1780  argv_printf_cat(&argv, "-rtt %d", r->metric);
1781  }
1782 #endif
1783 
1784  argv_printf_cat(&argv, "-net %s %s -netmask %s",
1785  network,
1786  gateway,
1787  netmask);
1788 
1789  /* FIXME -- add on-link support for OpenBSD/NetBSD */
1790 
1791  argv_msg(D_ROUTE, &argv);
1792  status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed");
1793 
1794 #elif defined(TARGET_AIX)
1795 
1796  {
1797  int netbits = netmask_to_netbits2(r->netmask);
1798  argv_printf(&argv, "%s add -net %s/%d %s",
1799  ROUTE_PATH,
1800  network, netbits, gateway);
1801  argv_msg(D_ROUTE, &argv);
1802  status = openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
1803  }
1804 
1805 #else /* if defined(TARGET_LINUX) */
1806  msg(M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1807 #endif /* if defined(TARGET_LINUX) */
1808 
1809 done:
1810  if (status)
1811  {
1812  r->flags |= RT_ADDED;
1813  }
1814  else
1815  {
1816  r->flags &= ~RT_ADDED;
1817  }
1818  argv_reset(&argv);
1819  gc_free(&gc);
1820 }
1821 
1822 
1823 void
1825 {
1826  /* clear host bit parts of route
1827  * (needed if routes are specified improperly, or if we need to
1828  * explicitely setup/clear the "connected" network routes on some OSes)
1829  */
1830  int byte = 15;
1831  int bits_to_clear = 128 - r6->netbits;
1832 
1833  while (byte >= 0 && bits_to_clear > 0)
1834  {
1835  if (bits_to_clear >= 8)
1836  {
1837  r6->network.s6_addr[byte--] = 0; bits_to_clear -= 8;
1838  }
1839  else
1840  {
1841  r6->network.s6_addr[byte--] &= (0xff << bits_to_clear); bits_to_clear = 0;
1842  }
1843  }
1844 }
1845 
1846 void
1847 add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1848 {
1849  struct gc_arena gc;
1850  struct argv argv = argv_new();
1851 
1852  const char *network;
1853  const char *gateway;
1854  bool status = false;
1855  const char *device = tt->actual_name;
1856 
1857  bool gateway_needed = false;
1858 
1859  if (!(r6->flags & RT_DEFINED) )
1860  {
1861  return;
1862  }
1863 
1864 #ifndef _WIN32
1865  if (r6->iface != NULL) /* vpn server special route */
1866  {
1867  device = r6->iface;
1868  if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
1869  {
1870  gateway_needed = true;
1871  }
1872  }
1873 #endif
1874 
1875  gc_init(&gc);
1876 
1878 
1879  network = print_in6_addr( r6->network, 0, &gc);
1880  gateway = print_in6_addr( r6->gateway, 0, &gc);
1881 
1882 #if defined(TARGET_DARWIN) \
1883  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
1884  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1885 
1886  /* the BSD platforms cannot specify gateway and interface independently,
1887  * but for link-local destinations, we MUST specify the interface, so
1888  * we build a combined "$gateway%$interface" gateway string
1889  */
1890  if (r6->iface != NULL && gateway_needed
1891  && IN6_IS_ADDR_LINKLOCAL(&r6->gateway) ) /* fe80::...%intf */
1892  {
1893  int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
1894  char *tmp = gc_malloc( len, true, &gc );
1895  snprintf( tmp, len, "%s%%%s", gateway, r6->iface );
1896  gateway = tmp;
1897  }
1898 #endif
1899 
1900  msg( M_INFO, "add_route_ipv6(%s/%d -> %s metric %d) dev %s",
1901  network, r6->netbits, gateway, r6->metric, device );
1902 
1903  /*
1904  * Filter out routes which are essentially no-ops
1905  * (not currently done for IPv6)
1906  */
1907 
1908  /* On "tun" interface, we never set a gateway if the operating system
1909  * can do "route to interface" - it does not add value, as the target
1910  * dev already fully qualifies the route destination on point-to-point
1911  * interfaces. OTOH, on "tap" interface, we must always set the
1912  * gateway unless the route is to be an on-link network
1913  */
1914  if (tt->type == DEV_TYPE_TAP
1915  && !( (r6->flags & RT_METRIC_DEFINED) && r6->metric == 0 ) )
1916  {
1917  gateway_needed = true;
1918  }
1919 
1920 #if defined(TARGET_LINUX)
1921 #ifdef ENABLE_IPROUTE
1922  argv_printf(&argv, "%s -6 route add %s/%d dev %s",
1923  iproute_path,
1924  network,
1925  r6->netbits,
1926  device);
1927  if (gateway_needed)
1928  {
1929  argv_printf_cat(&argv, "via %s", gateway);
1930  }
1931  if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0)
1932  {
1933  argv_printf_cat(&argv, " metric %d", r6->metric);
1934  }
1935 
1936 #else /* ifdef ENABLE_IPROUTE */
1937  argv_printf(&argv, "%s -A inet6 add %s/%d dev %s",
1938  ROUTE_PATH,
1939  network,
1940  r6->netbits,
1941  device);
1942  if (gateway_needed)
1943  {
1944  argv_printf_cat(&argv, "gw %s", gateway);
1945  }
1946  if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0)
1947  {
1948  argv_printf_cat(&argv, " metric %d", r6->metric);
1949  }
1950 #endif /*ENABLE_IPROUTE*/
1951  argv_msg(D_ROUTE, &argv);
1952  status = openvpn_execve_check(&argv, es, 0, "ERROR: Linux route -6/-A inet6 add command failed");
1953 
1954 #elif defined (TARGET_ANDROID)
1955  char out[64];
1956 
1957  openvpn_snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device);
1958 
1959  management_android_control(management, "ROUTE6", out);
1960 
1961 #elif defined (_WIN32)
1962 
1963  if (tt->options.msg_channel)
1964  {
1965  status = add_route_ipv6_service(r6, tt);
1966  }
1967  else
1968  {
1969  struct buffer out = alloc_buf_gc(64, &gc);
1970  if (r6->adapter_index) /* vpn server special route */
1971  {
1972  buf_printf(&out, "interface=%lu", r6->adapter_index );
1973  gateway_needed = true;
1974  }
1975  else
1976  {
1977  buf_printf(&out, "interface=%lu", tt->adapter_index );
1978  }
1979  device = buf_bptr(&out);
1980 
1981  /* netsh interface ipv6 add route 2001:db8::/32 MyTunDevice */
1982  argv_printf(&argv, "%s%sc interface ipv6 add route %s/%d %s",
1983  get_win_sys_path(),
1985  network,
1986  r6->netbits,
1987  device);
1988 
1989  /* next-hop depends on TUN or TAP mode:
1990  * - in TAP mode, we use the "real" next-hop
1991  * - in TUN mode we use a special-case link-local address that the tapdrvr
1992  * knows about and will answer ND (neighbor discovery) packets for
1993  */
1994  if (tt->type == DEV_TYPE_TUN && !gateway_needed)
1995  {
1996  argv_printf_cat( &argv, " %s", "fe80::8" );
1997  }
1998  else if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
1999  {
2000  argv_printf_cat( &argv, " %s", gateway );
2001  }
2002 
2003 #if 0
2004  if (r6->flags & RT_METRIC_DEFINED)
2005  {
2006  argv_printf_cat(&argv, " METRIC %d", r->metric);
2007  }
2008 #endif
2009 
2010  /* in some versions of Windows, routes are persistent across reboots by
2011  * default, unless "store=active" is set (pointed out by Tony Lim, thanks)
2012  */
2013  argv_printf_cat( &argv, " store=active" );
2014 
2015  argv_msg(D_ROUTE, &argv);
2016 
2018  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add ipv6 command failed");
2020  }
2021 
2022 #elif defined (TARGET_SOLARIS)
2023 
2024  /* example: route add -inet6 2001:db8::/32 somegateway 0 */
2025 
2026  /* for some reason, routes to tun/tap do not work for me unless I set
2027  * "metric 0" - otherwise, the routes will be nicely installed, but
2028  * packets will just disappear somewhere. So we always use "0" now,
2029  * unless the route points to "gateway on other interface"...
2030  *
2031  * (Note: OpenSolaris can not specify host%interface gateways, so we just
2032  * use the GW addresses - it seems to still work for fe80:: addresses,
2033  * however this is done internally. NUD maybe?)
2034  */
2035  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2036  ROUTE_PATH,
2037  network,
2038  r6->netbits,
2039  gateway );
2040 
2041  /* on tun/tap, not "elsewhere"? -> metric 0 */
2042  if (!r6->iface)
2043  {
2044  argv_printf_cat(&argv, "0");
2045  }
2046 
2047  argv_msg(D_ROUTE, &argv);
2048  status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
2049 
2050 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
2051 
2052  argv_printf(&argv, "%s add -inet6 %s/%d",
2053  ROUTE_PATH,
2054  network,
2055  r6->netbits);
2056 
2057  if (gateway_needed)
2058  {
2059  argv_printf_cat(&argv, "%s", gateway);
2060  }
2061  else
2062  {
2063  argv_printf_cat(&argv, "-iface %s", device);
2064  }
2065 
2066  argv_msg(D_ROUTE, &argv);
2067  status = openvpn_execve_check(&argv, es, 0, "ERROR: *BSD route add -inet6 command failed");
2068 
2069 #elif defined(TARGET_DARWIN)
2070 
2071  argv_printf(&argv, "%s add -inet6 %s -prefixlen %d",
2072  ROUTE_PATH,
2073  network, r6->netbits );
2074 
2075  if (gateway_needed)
2076  {
2077  argv_printf_cat(&argv, "%s", gateway);
2078  }
2079  else
2080  {
2081  argv_printf_cat(&argv, "-iface %s", device);
2082  }
2083 
2084  argv_msg(D_ROUTE, &argv);
2085  status = openvpn_execve_check(&argv, es, 0, "ERROR: MacOS X route add -inet6 command failed");
2086 
2087 #elif defined(TARGET_OPENBSD)
2088 
2089  argv_printf(&argv, "%s add -inet6 %s -prefixlen %d %s",
2090  ROUTE_PATH,
2091  network, r6->netbits, gateway );
2092 
2093  argv_msg(D_ROUTE, &argv);
2094  status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD route add -inet6 command failed");
2095 
2096 #elif defined(TARGET_NETBSD)
2097 
2098  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2099  ROUTE_PATH,
2100  network, r6->netbits, gateway );
2101 
2102  argv_msg(D_ROUTE, &argv);
2103  status = openvpn_execve_check(&argv, es, 0, "ERROR: NetBSD route add -inet6 command failed");
2104 
2105 #elif defined(TARGET_AIX)
2106 
2107  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2108  ROUTE_PATH,
2109  network, r6->netbits, gateway);
2110  argv_msg(D_ROUTE, &argv);
2111  status = openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
2112 
2113 #else /* if defined(TARGET_LINUX) */
2114  msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script");
2115 #endif /* if defined(TARGET_LINUX) */
2116 
2117  if (status)
2118  {
2119  r6->flags |= RT_ADDED;
2120  }
2121  else
2122  {
2123  r6->flags &= ~RT_ADDED;
2124  }
2125  argv_reset(&argv);
2126  gc_free(&gc);
2127 }
2128 
2129 static void
2131  const struct tuntap *tt,
2132  unsigned int flags,
2133  const struct route_gateway_info *rgi,
2134  const struct env_set *es)
2135 {
2136  struct gc_arena gc;
2137  struct argv argv = argv_new();
2138  const char *network;
2139 #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
2140  const char *netmask;
2141 #endif
2142 #if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID)
2143  const char *gateway;
2144 #endif
2145  int is_local_route;
2146 
2147  if ((r->flags & (RT_DEFINED|RT_ADDED)) != (RT_DEFINED|RT_ADDED))
2148  {
2149  return;
2150  }
2151 
2152  gc_init(&gc);
2153 
2154  network = print_in_addr_t(r->network, 0, &gc);
2155 #if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
2156  netmask = print_in_addr_t(r->netmask, 0, &gc);
2157 #endif
2158 #if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID)
2159  gateway = print_in_addr_t(r->gateway, 0, &gc);
2160 #endif
2161 
2162  is_local_route = local_route(r->network, r->netmask, r->gateway, rgi);
2163  if (is_local_route == LR_ERROR)
2164  {
2165  goto done;
2166  }
2167 
2168 #if defined(TARGET_LINUX)
2169 #ifdef ENABLE_IPROUTE
2170  argv_printf(&argv, "%s route del %s/%d",
2171  iproute_path,
2172  network,
2174 #else
2175  argv_printf(&argv, "%s del -net %s netmask %s",
2176  ROUTE_PATH,
2177  network,
2178  netmask);
2179 #endif /*ENABLE_IPROUTE*/
2180  if (r->flags & RT_METRIC_DEFINED)
2181  {
2182  argv_printf_cat(&argv, "metric %d", r->metric);
2183  }
2184  argv_msg(D_ROUTE, &argv);
2185  openvpn_execve_check(&argv, es, 0, "ERROR: Linux route delete command failed");
2186 
2187 #elif defined (_WIN32)
2188 
2189  argv_printf(&argv, "%s%sc DELETE %s MASK %s %s",
2190  get_win_sys_path(),
2192  network,
2193  netmask,
2194  gateway);
2195 
2196  argv_msg(D_ROUTE, &argv);
2197 
2198  if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_SERVICE)
2199  {
2200  const bool status = del_route_service(r, tt);
2201  msg(D_ROUTE, "Route deletion via service %s", status ? "succeeded" : "failed");
2202  }
2203  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
2204  {
2205  const bool status = del_route_ipapi(r, tt);
2206  msg(D_ROUTE, "Route deletion via IPAPI %s", status ? "succeeded" : "failed");
2207  }
2208  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
2209  {
2211  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete command failed");
2213  }
2214  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
2215  {
2216  const bool status = del_route_ipapi(r, tt);
2217  msg(D_ROUTE, "Route deletion via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
2218  if (!status)
2219  {
2220  msg(D_ROUTE, "Route deletion fallback to route.exe");
2222  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete command failed [adaptive]");
2224  }
2225  }
2226  else
2227  {
2228  ASSERT(0);
2229  }
2230 
2231 #elif defined (TARGET_SOLARIS)
2232 
2233  argv_printf(&argv, "%s delete %s -netmask %s %s",
2234  ROUTE_PATH,
2235  network,
2236  netmask,
2237  gateway);
2238 
2239  argv_msg(D_ROUTE, &argv);
2240  openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
2241 
2242 #elif defined(TARGET_FREEBSD)
2243 
2244  argv_printf(&argv, "%s delete -net %s %s %s",
2245  ROUTE_PATH,
2246  network,
2247  gateway,
2248  netmask);
2249 
2250  argv_msg(D_ROUTE, &argv);
2251  openvpn_execve_check(&argv, es, 0, "ERROR: FreeBSD route delete command failed");
2252 
2253 #elif defined(TARGET_DRAGONFLY)
2254 
2255  argv_printf(&argv, "%s delete -net %s %s %s",
2256  ROUTE_PATH,
2257  network,
2258  gateway,
2259  netmask);
2260 
2261  argv_msg(D_ROUTE, &argv);
2262  openvpn_execve_check(&argv, es, 0, "ERROR: DragonFly route delete command failed");
2263 
2264 #elif defined(TARGET_DARWIN)
2265 
2266  if (is_on_link(is_local_route, flags, rgi))
2267  {
2268  argv_printf(&argv, "%s delete -cloning -net %s -netmask %s -interface %s",
2269  ROUTE_PATH,
2270  network,
2271  netmask,
2272  rgi->iface);
2273  }
2274  else
2275  {
2276  argv_printf(&argv, "%s delete -net %s %s %s",
2277  ROUTE_PATH,
2278  network,
2279  gateway,
2280  netmask);
2281  }
2282 
2283  argv_msg(D_ROUTE, &argv);
2284  openvpn_execve_check(&argv, es, 0, "ERROR: OS X route delete command failed");
2285 
2286 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
2287 
2288  argv_printf(&argv, "%s delete -net %s %s -netmask %s",
2289  ROUTE_PATH,
2290  network,
2291  gateway,
2292  netmask);
2293 
2294  argv_msg(D_ROUTE, &argv);
2295  openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route delete command failed");
2296 
2297 #elif defined(TARGET_ANDROID)
2298  msg(M_NONFATAL, "Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.");
2299 
2300 #elif defined(TARGET_AIX)
2301 
2302  {
2303  int netbits = netmask_to_netbits2(r->netmask);
2304  argv_printf(&argv, "%s delete -net %s/%d %s",
2305  ROUTE_PATH,
2306  network, netbits, gateway);
2307  argv_msg(D_ROUTE, &argv);
2308  openvpn_execve_check(&argv, es, 0, "ERROR: AIX route delete command failed");
2309  }
2310 
2311 #else /* if defined(TARGET_LINUX) */
2312  msg(M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
2313 #endif /* if defined(TARGET_LINUX) */
2314 
2315 done:
2316  r->flags &= ~RT_ADDED;
2317  argv_reset(&argv);
2318  gc_free(&gc);
2319 }
2320 
2321 void
2322 delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
2323 {
2324  struct gc_arena gc;
2325  struct argv argv = argv_new();
2326  const char *network;
2327  const char *gateway;
2328  const char *device = tt->actual_name;
2329  bool gateway_needed = false;
2330 
2331  if ((r6->flags & (RT_DEFINED|RT_ADDED)) != (RT_DEFINED|RT_ADDED))
2332  {
2333  return;
2334  }
2335 
2336 #ifndef _WIN32
2337  if (r6->iface != NULL) /* vpn server special route */
2338  {
2339  device = r6->iface;
2340  gateway_needed = true;
2341  }
2342 #endif
2343 
2344  gc_init(&gc);
2345 
2346  network = print_in6_addr( r6->network, 0, &gc);
2347  gateway = print_in6_addr( r6->gateway, 0, &gc);
2348 
2349 #if defined(TARGET_DARWIN) \
2350  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
2351  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
2352 
2353  /* the BSD platforms cannot specify gateway and interface independently,
2354  * but for link-local destinations, we MUST specify the interface, so
2355  * we build a combined "$gateway%$interface" gateway string
2356  */
2357  if (r6->iface != NULL && gateway_needed
2358  && IN6_IS_ADDR_LINKLOCAL(&r6->gateway) ) /* fe80::...%intf */
2359  {
2360  int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
2361  char *tmp = gc_malloc( len, true, &gc );
2362  snprintf( tmp, len, "%s%%%s", gateway, r6->iface );
2363  gateway = tmp;
2364  }
2365 #endif
2366 
2367  msg( M_INFO, "delete_route_ipv6(%s/%d)", network, r6->netbits );
2368 
2369  /* if we used a gateway on "add route", we also need to specify it on
2370  * delete, otherwise some OSes will refuse to delete the route
2371  */
2372  if (tt->type == DEV_TYPE_TAP
2373  && !( (r6->flags & RT_METRIC_DEFINED) && r6->metric == 0 ) )
2374  {
2375  gateway_needed = true;
2376  }
2377 
2378 
2379 #if defined(TARGET_LINUX)
2380 #ifdef ENABLE_IPROUTE
2381  argv_printf(&argv, "%s -6 route del %s/%d dev %s",
2382  iproute_path,
2383  network,
2384  r6->netbits,
2385  device);
2386  if (gateway_needed)
2387  {
2388  argv_printf_cat(&argv, "via %s", gateway);
2389  }
2390 #else /* ifdef ENABLE_IPROUTE */
2391  argv_printf(&argv, "%s -A inet6 del %s/%d dev %s",
2392  ROUTE_PATH,
2393  network,
2394  r6->netbits,
2395  device);
2396  if (gateway_needed)
2397  {
2398  argv_printf_cat(&argv, "gw %s", gateway);
2399  }
2400  if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0)
2401  {
2402  argv_printf_cat(&argv, " metric %d", r6->metric);
2403  }
2404 #endif /*ENABLE_IPROUTE*/
2405  argv_msg(D_ROUTE, &argv);
2406  openvpn_execve_check(&argv, es, 0, "ERROR: Linux route -6/-A inet6 del command failed");
2407 
2408 #elif defined (_WIN32)
2409 
2410  if (tt->options.msg_channel)
2411  {
2412  del_route_ipv6_service(r6, tt);
2413  }
2414  else
2415  {
2416  struct buffer out = alloc_buf_gc(64, &gc);
2417  if (r6->adapter_index) /* vpn server special route */
2418  {
2419  buf_printf(&out, "interface=%lu", r6->adapter_index );
2420  gateway_needed = true;
2421  }
2422  else
2423  {
2424  buf_printf(&out, "interface=%lu", tt->adapter_index );
2425  }
2426  device = buf_bptr(&out);
2427 
2428  /* netsh interface ipv6 delete route 2001:db8::/32 MyTunDevice */
2429  argv_printf(&argv, "%s%sc interface ipv6 delete route %s/%d %s",
2430  get_win_sys_path(),
2432  network,
2433  r6->netbits,
2434  device);
2435 
2436  /* next-hop depends on TUN or TAP mode:
2437  * - in TAP mode, we use the "real" next-hop
2438  * - in TUN mode we use a special-case link-local address that the tapdrvr
2439  * knows about and will answer ND (neighbor discovery) packets for
2440  * (and "route deletion without specifying next-hop" does not work...)
2441  */
2442  if (tt->type == DEV_TYPE_TUN && !gateway_needed)
2443  {
2444  argv_printf_cat( &argv, " %s", "fe80::8" );
2445  }
2446  else if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
2447  {
2448  argv_printf_cat( &argv, " %s", gateway );
2449  }
2450 
2451 #if 0
2452  if (r6->flags & RT_METRIC_DEFINED)
2453  {
2454  argv_printf_cat(&argv, "METRIC %d", r->metric);
2455  }
2456 #endif
2457 
2458  /* Windows XP to 7 "just delete" routes, wherever they came from, but
2459  * in Windows 8(.1?), if you create them with "store=active", this is
2460  * how you should delete them as well (pointed out by Cedric Tabary)
2461  */
2462  argv_printf_cat( &argv, " store=active" );
2463 
2464  argv_msg(D_ROUTE, &argv);
2465 
2467  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete ipv6 command failed");
2469  }
2470 
2471 #elif defined (TARGET_SOLARIS)
2472 
2473  /* example: route delete -inet6 2001:db8::/32 somegateway */
2474 
2475  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2476  ROUTE_PATH,
2477  network,
2478  r6->netbits,
2479  gateway );
2480 
2481  argv_msg(D_ROUTE, &argv);
2482  openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
2483 
2484 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
2485 
2486  argv_printf(&argv, "%s delete -inet6 %s/%d",
2487  ROUTE_PATH,
2488  network,
2489  r6->netbits );
2490 
2491  if (gateway_needed)
2492  {
2493  argv_printf_cat(&argv, "%s", gateway);
2494  }
2495  else
2496  {
2497  argv_printf_cat(&argv, "-iface %s", device);
2498  }
2499 
2500  argv_msg(D_ROUTE, &argv);
2501  openvpn_execve_check(&argv, es, 0, "ERROR: *BSD route delete -inet6 command failed");
2502 
2503 #elif defined(TARGET_DARWIN)
2504 
2505  argv_printf(&argv, "%s delete -inet6 %s -prefixlen %d",
2506  ROUTE_PATH,
2507  network, r6->netbits );
2508 
2509  if (gateway_needed)
2510  {
2511  argv_printf_cat(&argv, "%s", gateway);
2512  }
2513  else
2514  {
2515  argv_printf_cat(&argv, "-iface %s", device);
2516  }
2517 
2518  argv_msg(D_ROUTE, &argv);
2519  openvpn_execve_check(&argv, es, 0, "ERROR: MacOS X route delete -inet6 command failed");
2520 
2521 #elif defined(TARGET_OPENBSD)
2522 
2523  argv_printf(&argv, "%s delete -inet6 %s -prefixlen %d %s",
2524  ROUTE_PATH,
2525  network, r6->netbits, gateway );
2526 
2527  argv_msg(D_ROUTE, &argv);
2528  openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD route delete -inet6 command failed");
2529 
2530 #elif defined(TARGET_NETBSD)
2531 
2532  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2533  ROUTE_PATH,
2534  network, r6->netbits, gateway );
2535 
2536  argv_msg(D_ROUTE, &argv);
2537  openvpn_execve_check(&argv, es, 0, "ERROR: NetBSD route delete -inet6 command failed");
2538 
2539 #elif defined(TARGET_AIX)
2540 
2541  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2542  ROUTE_PATH,
2543  network, r6->netbits, gateway);
2544  argv_msg(D_ROUTE, &argv);
2545  openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
2546 
2547 #else /* if defined(TARGET_LINUX) */
2548  msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-down script");
2549 #endif /* if defined(TARGET_LINUX) */
2550 
2551  argv_reset(&argv);
2552  gc_free(&gc);
2553 }
2554 
2555 /*
2556  * The --redirect-gateway option requires OS-specific code below
2557  * to get the current default gateway.
2558  */
2559 
2560 #if defined(_WIN32)
2561 
2562 static const MIB_IPFORWARDTABLE *
2564 {
2565  ULONG size = 0;
2566  PMIB_IPFORWARDTABLE rt = NULL;
2567  DWORD status;
2568 
2569  status = GetIpForwardTable(NULL, &size, TRUE);
2570  if (status == ERROR_INSUFFICIENT_BUFFER)
2571  {
2572  rt = (PMIB_IPFORWARDTABLE) gc_malloc(size, false, gc);
2573  status = GetIpForwardTable(rt, &size, TRUE);
2574  if (status != NO_ERROR)
2575  {
2576  msg(D_ROUTE, "NOTE: GetIpForwardTable returned error: %s (code=%u)",
2577  strerror_win32(status, gc),
2578  (unsigned int)status);
2579  rt = NULL;
2580  }
2581  }
2582  return rt;
2583 }
2584 
2585 static int
2586 test_route(const IP_ADAPTER_INFO *adapters,
2587  const in_addr_t gateway,
2588  DWORD *index)
2589 {
2590  int count = 0;
2591  DWORD i = adapter_index_of_ip(adapters, gateway, &count, NULL);
2592  if (index)
2593  {
2594  *index = i;
2595  }
2596  return count;
2597 }
2598 
2599 static void
2601  int *count,
2602  int *good,
2603  int *ambig,
2604  const IP_ADAPTER_INFO *adapters,
2605  const in_addr_t gateway)
2606 {
2607  int c;
2608 
2609  ++*count;
2610  c = test_route(adapters, gateway, NULL);
2611  if (c == 0)
2612  {
2613  *ret = false;
2614  }
2615  else
2616  {
2617  ++*good;
2618  }
2619  if (c > 1)
2620  {
2621  ++*ambig;
2622  }
2623 }
2624 
2625 /*
2626  * If we tried to add routes now, would we succeed?
2627  */
2628 bool
2629 test_routes(const struct route_list *rl, const struct tuntap *tt)
2630 {
2631  struct gc_arena gc = gc_new();
2632  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2633  bool ret = false;
2634  int count = 0;
2635  int good = 0;
2636  int ambig = 0;
2637  int len = -1;
2638  bool adapter_up = false;
2639 
2640  if (is_adapter_up(tt, adapters))
2641  {
2642  ret = true;
2643  adapter_up = true;
2644 
2645  /* we do this test only if we have IPv4 routes to install, and if
2646  * the tun/tap interface has seen IPv4 ifconfig - because if we
2647  * have no IPv4, the check will always fail, failing tun init
2648  */
2649  if (rl && tt->did_ifconfig_setup)
2650  {
2651  struct route_ipv4 *r;
2652  for (r = rl->routes, len = 0; r; r = r->next, ++len)
2653  {
2654  test_route_helper(&ret, &count, &good, &ambig, adapters, r->gateway);
2655  }
2656 
2657  if ((rl->flags & RG_ENABLE) && (rl->spec.flags & RTSA_REMOTE_ENDPOINT))
2658  {
2659  test_route_helper(&ret, &count, &good, &ambig, adapters, rl->spec.remote_endpoint);
2660  }
2661  }
2662  }
2663 
2664  msg(D_ROUTE, "TEST ROUTES: %d/%d succeeded len=%d ret=%d a=%d u/d=%s",
2665  good,
2666  count,
2667  len,
2668  (int)ret,
2669  ambig,
2670  adapter_up ? "up" : "down");
2671 
2672  gc_free(&gc);
2673  return ret;
2674 }
2675 
2676 static const MIB_IPFORWARDROW *
2677 get_default_gateway_row(const MIB_IPFORWARDTABLE *routes)
2678 {
2679  struct gc_arena gc = gc_new();
2680  DWORD lowest_metric = MAXDWORD;
2681  const MIB_IPFORWARDROW *ret = NULL;
2682  int i;
2683  int best = -1;
2684 
2685  if (routes)
2686  {
2687  for (i = 0; i < routes->dwNumEntries; ++i)
2688  {
2689  const MIB_IPFORWARDROW *row = &routes->table[i];
2690  const in_addr_t net = ntohl(row->dwForwardDest);
2691  const in_addr_t mask = ntohl(row->dwForwardMask);
2692  const DWORD index = row->dwForwardIfIndex;
2693  const DWORD metric = row->dwForwardMetric1;
2694 
2695  dmsg(D_ROUTE_DEBUG, "GDGR: route[%d] %s/%s i=%d m=%d",
2696  i,
2697  print_in_addr_t((in_addr_t) net, 0, &gc),
2698  print_in_addr_t((in_addr_t) mask, 0, &gc),
2699  (int)index,
2700  (int)metric);
2701 
2702  if (!net && !mask && metric < lowest_metric)
2703  {
2704  ret = row;
2705  lowest_metric = metric;
2706  best = i;
2707  }
2708  }
2709  }
2710 
2711  dmsg(D_ROUTE_DEBUG, "GDGR: best=%d lm=%u", best, (unsigned int)lowest_metric);
2712 
2713  gc_free(&gc);
2714  return ret;
2715 }
2716 
2717 void
2719 {
2720  struct gc_arena gc = gc_new();
2721 
2722  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2723  const MIB_IPFORWARDTABLE *routes = get_windows_routing_table(&gc);
2724  const MIB_IPFORWARDROW *row = get_default_gateway_row(routes);
2725  DWORD a_index;
2726  const IP_ADAPTER_INFO *ai;
2727 
2728  CLEAR(*rgi);
2729 
2730  if (row)
2731  {
2732  rgi->gateway.addr = ntohl(row->dwForwardNextHop);
2733  if (rgi->gateway.addr)
2734  {
2735  rgi->flags |= RGI_ADDR_DEFINED;
2736  a_index = adapter_index_of_ip(adapters, rgi->gateway.addr, NULL, &rgi->gateway.netmask);
2737  if (a_index != TUN_ADAPTER_INDEX_INVALID)
2738  {
2739  rgi->adapter_index = a_index;
2741  ai = get_adapter(adapters, a_index);
2742  if (ai)
2743  {
2744  memcpy(rgi->hwaddr, ai->Address, 6);
2745  rgi->flags |= RGI_HWADDR_DEFINED;
2746  }
2747  }
2748  }
2749  }
2750 
2751  gc_free(&gc);
2752 }
2753 
2754 static DWORD
2755 windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt)
2756 {
2757  struct gc_arena gc = gc_new();
2758  DWORD ret = TUN_ADAPTER_INDEX_INVALID;
2759  int count = 0;
2760  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2761  const IP_ADAPTER_INFO *tun_adapter = get_tun_adapter(tt, adapters);
2762  bool on_tun = false;
2763 
2764  /* first test on tun interface */
2765  if (is_ip_in_adapter_subnet(tun_adapter, r->gateway, NULL))
2766  {
2767  ret = tun_adapter->Index;
2768  count = 1;
2769  on_tun = true;
2770  }
2771  else /* test on other interfaces */
2772  {
2773  count = test_route(adapters, r->gateway, &ret);
2774  }
2775 
2776  if (count == 0)
2777  {
2778  msg(M_WARN, "Warning: route gateway is not reachable on any active network adapters: %s",
2779  print_in_addr_t(r->gateway, 0, &gc));
2781  }
2782  else if (count > 1)
2783  {
2784  msg(M_WARN, "Warning: route gateway is ambiguous: %s (%d matches)",
2785  print_in_addr_t(r->gateway, 0, &gc),
2786  count);
2787  }
2788 
2789  dmsg(D_ROUTE_DEBUG, "DEBUG: route find if: on_tun=%d count=%d index=%d",
2790  on_tun,
2791  count,
2792  (int)ret);
2793 
2794  gc_free(&gc);
2795  return ret;
2796 }
2797 
2798 /* IPv6 implementation using GetBestRoute2()
2799  * (TBD: dynamic linking so the binary can still run on XP?)
2800  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa365922(v=vs.85).aspx
2801  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa814411(v=vs.85).aspx
2802  */
2803 void
2805  const struct in6_addr *dest)
2806 {
2807  struct gc_arena gc = gc_new();
2808  MIB_IPFORWARD_ROW2 BestRoute;
2809  SOCKADDR_INET DestinationAddress, BestSourceAddress;
2810  DWORD BestIfIndex;
2811  DWORD status;
2812  NET_LUID InterfaceLuid;
2813 
2814  CLEAR(*rgi6);
2815  CLEAR(InterfaceLuid); /* cleared = not used for lookup */
2816  CLEAR(DestinationAddress);
2817 
2818  DestinationAddress.si_family = AF_INET6;
2819  if (dest)
2820  {
2821  DestinationAddress.Ipv6.sin6_addr = *dest;
2822  }
2823 
2824  status = GetBestInterfaceEx( &DestinationAddress, &BestIfIndex );
2825 
2826  if (status != NO_ERROR)
2827  {
2828  msg(D_ROUTE, "NOTE: GetBestInterfaceEx returned error: %s (code=%u)",
2829  strerror_win32(status, &gc),
2830  (unsigned int)status);
2831  goto done;
2832  }
2833 
2834  msg( D_ROUTE, "GetBestInterfaceEx() returned if=%d", (int) BestIfIndex );
2835 
2836  status = GetBestRoute2( &InterfaceLuid, BestIfIndex, NULL,
2837  &DestinationAddress, 0,
2838  &BestRoute, &BestSourceAddress );
2839 
2840  if (status != NO_ERROR)
2841  {
2842  msg(D_ROUTE, "NOTE: GetIpForwardEntry2 returned error: %s (code=%u)",
2843  strerror_win32(status, &gc),
2844  (unsigned int)status);
2845  goto done;
2846  }
2847 
2848  msg( D_ROUTE, "GDG6: II=%lu DP=%s/%d NH=%s",
2849  BestRoute.InterfaceIndex,
2850  print_in6_addr( BestRoute.DestinationPrefix.Prefix.Ipv6.sin6_addr, 0, &gc),
2851  BestRoute.DestinationPrefix.PrefixLength,
2852  print_in6_addr( BestRoute.NextHop.Ipv6.sin6_addr, 0, &gc) );
2853  msg( D_ROUTE, "GDG6: Metric=%d, Loopback=%d, AA=%d, I=%d",
2854  (int) BestRoute.Metric,
2855  (int) BestRoute.Loopback,
2856  (int) BestRoute.AutoconfigureAddress,
2857  (int) BestRoute.Immortal );
2858 
2859  rgi6->gateway.addr_ipv6 = BestRoute.NextHop.Ipv6.sin6_addr;
2860  rgi6->adapter_index = BestRoute.InterfaceIndex;
2862 
2863  /* on-link is signalled by receiving an empty (::) NextHop */
2864  if (IN6_IS_ADDR_UNSPECIFIED(&BestRoute.NextHop.Ipv6.sin6_addr) )
2865  {
2866  rgi6->flags |= RGI_ON_LINK;
2867  }
2868 
2869 done:
2870  gc_free(&gc);
2871 }
2872 
2873 bool
2874 add_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index)
2875 {
2876  struct gc_arena gc = gc_new();
2877  bool ret = false;
2878  DWORD status;
2879  const DWORD if_index = (adapter_index == TUN_ADAPTER_INDEX_INVALID) ? windows_route_find_if_index(r, tt) : adapter_index;
2880 
2881  if (if_index != TUN_ADAPTER_INDEX_INVALID)
2882  {
2883  MIB_IPFORWARDROW fr;
2884  CLEAR(fr);
2885  fr.dwForwardDest = htonl(r->network);
2886  fr.dwForwardMask = htonl(r->netmask);
2887  fr.dwForwardPolicy = 0;
2888  fr.dwForwardNextHop = htonl(r->gateway);
2889  fr.dwForwardIfIndex = if_index;
2890  fr.dwForwardType = 4; /* the next hop is not the final dest */
2891  fr.dwForwardProto = 3; /* PROTO_IP_NETMGMT */
2892  fr.dwForwardAge = 0;
2893  fr.dwForwardNextHopAS = 0;
2894  fr.dwForwardMetric1 = (r->flags & RT_METRIC_DEFINED) ? r->metric : 1;
2895  fr.dwForwardMetric2 = METRIC_NOT_USED;
2896  fr.dwForwardMetric3 = METRIC_NOT_USED;
2897  fr.dwForwardMetric4 = METRIC_NOT_USED;
2898  fr.dwForwardMetric5 = METRIC_NOT_USED;
2899 
2900  if ((r->network & r->netmask) != r->network)
2901  {
2902  msg(M_WARN, "Warning: address %s is not a network address in relation to netmask %s",
2903  print_in_addr_t(r->network, 0, &gc),
2904  print_in_addr_t(r->netmask, 0, &gc));
2905  }
2906 
2907  status = CreateIpForwardEntry(&fr);
2908 
2909  if (status == NO_ERROR)
2910  {
2911  ret = true;
2912  }
2913  else
2914  {
2915  /* failed, try increasing the metric to work around Vista issue */
2916  const unsigned int forward_metric_limit = 2048; /* iteratively retry higher metrics up to this limit */
2917 
2918  for (; fr.dwForwardMetric1 <= forward_metric_limit; ++fr.dwForwardMetric1)
2919  {
2920  /* try a different forward type=3 ("the next hop is the final dest") in addition to 4.
2921  * --redirect-gateway over RRAS seems to need this. */
2922  for (fr.dwForwardType = 4; fr.dwForwardType >= 3; --fr.dwForwardType)
2923  {
2924  status = CreateIpForwardEntry(&fr);
2925  if (status == NO_ERROR)
2926  {
2927  msg(D_ROUTE, "ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=%u and dwForwardType=%u",
2928  (unsigned int)fr.dwForwardMetric1,
2929  (unsigned int)fr.dwForwardType);
2930  ret = true;
2931  goto doublebreak;
2932  }
2933  else if (status != ERROR_BAD_ARGUMENTS)
2934  {
2935  goto doublebreak;
2936  }
2937  }
2938  }
2939 
2940 doublebreak:
2941  if (status != NO_ERROR)
2942  {
2943  msg(M_WARN, "ROUTE: route addition failed using CreateIpForwardEntry: %s [status=%u if_index=%u]",
2944  strerror_win32(status, &gc),
2945  (unsigned int)status,
2946  (unsigned int)if_index);
2947  }
2948  }
2949  }
2950 
2951  gc_free(&gc);
2952  return ret;
2953 }
2954 
2955 bool
2956 del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt)
2957 {
2958  struct gc_arena gc = gc_new();
2959  bool ret = false;
2960  DWORD status;
2961  const DWORD if_index = windows_route_find_if_index(r, tt);
2962 
2963  if (if_index != TUN_ADAPTER_INDEX_INVALID)
2964  {
2965  MIB_IPFORWARDROW fr;
2966  CLEAR(fr);
2967 
2968  fr.dwForwardDest = htonl(r->network);
2969  fr.dwForwardMask = htonl(r->netmask);
2970  fr.dwForwardPolicy = 0;
2971  fr.dwForwardNextHop = htonl(r->gateway);
2972  fr.dwForwardIfIndex = if_index;
2973 
2974  status = DeleteIpForwardEntry(&fr);
2975 
2976  if (status == NO_ERROR)
2977  {
2978  ret = true;
2979  }
2980  else
2981  {
2982  msg(M_WARN, "ROUTE: route deletion failed using DeleteIpForwardEntry: %s",
2983  strerror_win32(status, &gc));
2984  }
2985  }
2986 
2987  gc_free(&gc);
2988  return ret;
2989 }
2990 
2991 static bool
2992 do_route_service(const bool add, const route_message_t *rt, const size_t size, HANDLE pipe)
2993 {
2994  bool ret = false;
2995  ack_message_t ack;
2996  struct gc_arena gc = gc_new();
2997 
2998  if (!send_msg_iservice(pipe, rt, size, &ack, "ROUTE"))
2999  {
3000  goto out;
3001  }
3002 
3003  if (ack.error_number != NO_ERROR)
3004  {
3005  msg(M_WARN, "ROUTE: route %s failed using service: %s [status=%u if_index=%d]",
3006  (add ? "addition" : "deletion"), strerror_win32(ack.error_number, &gc),
3007  ack.error_number, rt->iface.index);
3008  goto out;
3009  }
3010 
3011  ret = true;
3012 
3013 out:
3014  gc_free(&gc);
3015  return ret;
3016 }
3017 
3018 static bool
3019 do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt)
3020 {
3021  DWORD if_index = windows_route_find_if_index(r, tt);
3022  if (if_index == ~0)
3023  {
3024  return false;
3025  }
3026 
3027  route_message_t msg = {
3028  .header = {
3029  (add ? msg_add_route : msg_del_route),
3030  sizeof(route_message_t),
3031  0
3032  },
3033  .family = AF_INET,
3034  .prefix.ipv4.s_addr = htonl(r->network),
3035  .gateway.ipv4.s_addr = htonl(r->gateway),
3036  .iface = { .index = if_index, .name = "" },
3037  .metric = (r->flags & RT_METRIC_DEFINED ? r->metric : -1)
3038  };
3039 
3041  if (msg.prefix_len == -1)
3042  {
3043  msg.prefix_len = 32;
3044  }
3045 
3046  return do_route_service(add, &msg, sizeof(msg), tt->options.msg_channel);
3047 }
3048 
3049 static bool
3050 do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct tuntap *tt)
3051 {
3052  bool status;
3053  route_message_t msg = {
3054  .header = {
3055  (add ? msg_add_route : msg_del_route),
3056  sizeof(route_message_t),
3057  0
3058  },
3059  .family = AF_INET6,
3060  .prefix.ipv6 = r->network,
3061  .prefix_len = r->netbits,
3062  .gateway.ipv6 = r->gateway,
3063  .iface = { .index = tt->adapter_index, .name = "" },
3064  .metric = ( (r->flags & RT_METRIC_DEFINED) ? r->metric : -1)
3065  };
3066 
3067  if (r->adapter_index) /* vpn server special route */
3068  {
3069  msg.iface.index = r->adapter_index;
3070  }
3071 
3072  /* In TUN mode we use a special link-local address as the next hop.
3073  * The tapdrvr knows about it and will answer neighbor discovery packets.
3074  * (only do this for routes actually using the tun/tap device)
3075  */
3076  if (tt->type == DEV_TYPE_TUN
3077  && msg.iface.index == tt->adapter_index )
3078  {
3079  inet_pton(AF_INET6, "fe80::8", &msg.gateway.ipv6);
3080  }
3081 
3083  {
3084  strncpy(msg.iface.name, tt->actual_name, sizeof(msg.iface.name));
3085  msg.iface.name[sizeof(msg.iface.name) - 1] = '\0';
3086  }
3087 
3088  status = do_route_service(add, &msg, sizeof(msg), tt->options.msg_channel);
3089  msg(D_ROUTE, "IPv6 route %s via service %s",
3090  add ? "addition" : "deletion",
3091  status ? "succeeded" : "failed");
3092  return status;
3093 }
3094 
3095 static bool
3096 add_route_service(const struct route_ipv4 *r, const struct tuntap *tt)
3097 {
3098  return do_route_ipv4_service(true, r, tt);
3099 }
3100 
3101 static bool
3102 del_route_service(const struct route_ipv4 *r, const struct tuntap *tt)
3103 {
3104  return do_route_ipv4_service(false, r, tt);
3105 }
3106 
3107 static bool
3108 add_route_ipv6_service(const struct route_ipv6 *r, const struct tuntap *tt)
3109 {
3110  return do_route_ipv6_service(true, r, tt);
3111 }
3112 
3113 static bool
3114 del_route_ipv6_service(const struct route_ipv6 *r, const struct tuntap *tt)
3115 {
3116  return do_route_ipv6_service(false, r, tt);
3117 }
3118 
3119 static const char *
3120 format_route_entry(const MIB_IPFORWARDROW *r, struct gc_arena *gc)
3121 {
3122  struct buffer out = alloc_buf_gc(256, gc);
3123  buf_printf(&out, "%s %s %s p=%d i=%d t=%d pr=%d a=%d h=%d m=%d/%d/%d/%d/%d",
3124  print_in_addr_t(r->dwForwardDest, IA_NET_ORDER, gc),
3125  print_in_addr_t(r->dwForwardMask, IA_NET_ORDER, gc),
3126  print_in_addr_t(r->dwForwardNextHop, IA_NET_ORDER, gc),
3127  (int)r->dwForwardPolicy,
3128  (int)r->dwForwardIfIndex,
3129  (int)r->dwForwardType,
3130  (int)r->dwForwardProto,
3131  (int)r->dwForwardAge,
3132  (int)r->dwForwardNextHopAS,
3133  (int)r->dwForwardMetric1,
3134  (int)r->dwForwardMetric2,
3135  (int)r->dwForwardMetric3,
3136  (int)r->dwForwardMetric4,
3137  (int)r->dwForwardMetric5);
3138  return BSTR(&out);
3139 }
3140 
3141 /*
3142  * Show current routing table
3143  */
3144 void
3145 show_routes(int msglev)
3146 {
3147  struct gc_arena gc = gc_new();
3148  int i;
3149 
3150  const MIB_IPFORWARDTABLE *rt = get_windows_routing_table(&gc);
3151 
3152  msg(msglev, "SYSTEM ROUTING TABLE");
3153  if (rt)
3154  {
3155  for (i = 0; i < rt->dwNumEntries; ++i)
3156  {
3157  msg(msglev, "%s", format_route_entry(&rt->table[i], &gc));
3158  }
3159  }
3160  gc_free(&gc);
3161 }
3162 
3163 #elif defined(TARGET_LINUX) || defined(TARGET_ANDROID)
3164 
3165 void
3167 {
3168  struct gc_arena gc = gc_new();
3169  int sd = -1;
3170  char best_name[16];
3171  best_name[0] = 0;
3172 
3173  CLEAR(*rgi);
3174 
3175 #ifndef TARGET_ANDROID
3176  /* get default gateway IP addr */
3177  {
3178  FILE *fp = fopen("/proc/net/route", "r");
3179  if (fp)
3180  {
3181  char line[256];
3182  int count = 0;
3183  unsigned int lowest_metric = UINT_MAX;
3184  in_addr_t best_gw = 0;
3185  bool found = false;
3186  while (fgets(line, sizeof(line), fp) != NULL)
3187  {
3188  if (count)
3189  {
3190  unsigned int net_x = 0;
3191  unsigned int mask_x = 0;
3192  unsigned int gw_x = 0;
3193  unsigned int metric = 0;
3194  unsigned int flags = 0;
3195  char name[16];
3196  name[0] = 0;
3197  const int np = sscanf(line, "%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x",
3198  name,
3199  &net_x,
3200  &gw_x,
3201  &flags,
3202  &metric,
3203  &mask_x);
3204  if (np == 6 && (flags & IFF_UP))
3205  {
3206  const in_addr_t net = ntohl(net_x);
3207  const in_addr_t mask = ntohl(mask_x);
3208  const in_addr_t gw = ntohl(gw_x);
3209 
3210  if (!net && !mask && metric < lowest_metric)
3211  {
3212  found = true;
3213  best_gw = gw;
3214  strcpy(best_name, name);
3215  lowest_metric = metric;
3216  }
3217  }
3218  }
3219  ++count;
3220  }
3221  fclose(fp);
3222 
3223  if (found)
3224  {
3225  rgi->gateway.addr = best_gw;
3226  rgi->flags |= RGI_ADDR_DEFINED;
3227  if (!rgi->gateway.addr && best_name[0])
3228  {
3229  rgi->flags |= RGI_ON_LINK;
3230  }
3231  }
3232  }
3233  }
3234 #else /* ifndef TARGET_ANDROID */
3235  /* Android, set some pseudo GW, addr is in host byte order,
3236  * Determining the default GW on Android 5.0+ is non trivial
3237  * and serves almost no purpose since OpenVPN only uses the
3238  * default GW address to add routes for networks that should
3239  * NOT be routed over the VPN. Using a well known address
3240  * (127.'d'.'g'.'w') for the default GW make detecting
3241  * these routes easier from the controlling app.
3242  */
3243  rgi->gateway.addr = 127 << 24 | 'd' << 16 | 'g' << 8 | 'w';
3244  rgi->flags |= RGI_ADDR_DEFINED;
3245  strcpy(best_name, "android-gw");
3246 
3247  /*
3248  * Skip scanning/fetching interface from loopback interface
3249  * It always fails and "ioctl(SIOCGIFCONF) failed" confuses users
3250  */
3251  goto done;
3252 #endif /* ifndef TARGET_ANDROID */
3253 
3254  /* scan adapter list */
3255  if (rgi->flags & RGI_ADDR_DEFINED)
3256  {
3257  struct ifreq *ifr, *ifend;
3258  in_addr_t addr, netmask;
3259  struct ifreq ifreq;
3260  struct ifconf ifc;
3261  struct ifreq ifs[20]; /* Maximum number of interfaces to scan */
3262 
3263  if ((sd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
3264  {
3265  msg(M_WARN, "GDG: socket() failed");
3266  goto done;
3267  }
3268  ifc.ifc_len = sizeof(ifs);
3269  ifc.ifc_req = ifs;
3270  if (ioctl(sd, SIOCGIFCONF, &ifc) < 0)
3271  {
3272  msg(M_WARN, "GDG: ioctl(SIOCGIFCONF) failed");
3273  goto done;
3274  }
3275 
3276  /* scan through interface list */
3277  ifend = ifs + (ifc.ifc_len / sizeof(struct ifreq));
3278  for (ifr = ifc.ifc_req; ifr < ifend; ifr++)
3279  {
3280  if (ifr->ifr_addr.sa_family == AF_INET)
3281  {
3282  /* get interface addr */
3283  addr = ntohl(((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr);
3284 
3285  /* get interface name */
3286  strncpynt(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name));
3287 
3288  /* check that the interface is up */
3289  if (ioctl(sd, SIOCGIFFLAGS, &ifreq) < 0)
3290  {
3291  continue;
3292  }
3293  if (!(ifreq.ifr_flags & IFF_UP))
3294  {
3295  continue;
3296  }
3297 
3298  if (rgi->flags & RGI_ON_LINK)
3299  {
3300  /* check that interface name of current interface
3301  * matches interface name of best default route */
3302  if (strcmp(ifreq.ifr_name, best_name))
3303  {
3304  continue;
3305  }
3306 #if 0
3307  /* if point-to-point link, use remote addr as route gateway */
3308  if ((ifreq.ifr_flags & IFF_POINTOPOINT) && ioctl(sd, SIOCGIFDSTADDR, &ifreq) >= 0)
3309  {
3310  rgi->gateway.addr = ntohl(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr);
3311  if (rgi->gateway.addr)
3312  {
3313  rgi->flags &= ~RGI_ON_LINK;
3314  }
3315  }
3316 #endif
3317  }
3318  else
3319  {
3320  /* get interface netmask */
3321  if (ioctl(sd, SIOCGIFNETMASK, &ifreq) < 0)
3322  {
3323  continue;
3324  }
3325  netmask = ntohl(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr);
3326 
3327  /* check that interface matches default route */
3328  if (((rgi->gateway.addr ^ addr) & netmask) != 0)
3329  {
3330  continue;
3331  }
3332 
3333  /* save netmask */
3334  rgi->gateway.netmask = netmask;
3335  rgi->flags |= RGI_NETMASK_DEFINED;
3336  }
3337 
3338  /* save iface name */
3339  strncpynt(rgi->iface, ifreq.ifr_name, sizeof(rgi->iface));
3340  rgi->flags |= RGI_IFACE_DEFINED;
3341 
3342  /* now get the hardware address. */
3343  memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
3344  if (ioctl(sd, SIOCGIFHWADDR, &ifreq) < 0)
3345  {
3346  msg(M_WARN, "GDG: SIOCGIFHWADDR(%s) failed", ifreq.ifr_name);
3347  goto done;
3348  }
3349  memcpy(rgi->hwaddr, &ifreq.ifr_hwaddr.sa_data, 6);
3350  rgi->flags |= RGI_HWADDR_DEFINED;
3351 
3352  break;
3353  }
3354  }
3355  }
3356 
3357 done:
3358  if (sd >= 0)
3359  {
3360  close(sd);
3361  }
3362  gc_free(&gc);
3363 }
3364 
3365 /* IPv6 implementation using netlink
3366  * http://www.linuxjournal.com/article/7356
3367  * netlink(3), netlink(7), rtnetlink(7)
3368  * http://www.virtualbox.org/svn/vbox/trunk/src/VBox/NetworkServices/NAT/rtmon_linux.c
3369  */
3370 struct rtreq {
3371  struct nlmsghdr nh;
3372  struct rtmsg rtm;
3373  char attrbuf[512];
3374 };
3375 
3376 void
3378  const struct in6_addr *dest)
3379 {
3380  int nls = -1;
3381  struct rtreq rtreq;
3382  struct rtattr *rta;
3383 
3384  char rtbuf[2000];
3385  ssize_t ssize;
3386 
3387  CLEAR(*rgi6);
3388 
3389  nls = socket( PF_NETLINK, SOCK_RAW, NETLINK_ROUTE );
3390  if (nls < 0)
3391  {
3392  msg(M_WARN|M_ERRNO, "GDG6: socket() failed" ); goto done;
3393  }
3394 
3395  /* bind() is not needed, no unsolicited msgs coming in */
3396 
3397  /* request best matching route, see netlink(7) for explanations
3398  */
3399  CLEAR(rtreq);
3400  rtreq.nh.nlmsg_type = RTM_GETROUTE;
3401  rtreq.nh.nlmsg_flags = NLM_F_REQUEST; /* best match only */
3402  rtreq.rtm.rtm_family = AF_INET6;
3403  rtreq.rtm.rtm_src_len = 0; /* not source dependent */
3404  rtreq.rtm.rtm_dst_len = 128; /* exact dst */
3405  rtreq.rtm.rtm_table = RT_TABLE_MAIN;
3406  rtreq.rtm.rtm_protocol = RTPROT_UNSPEC;
3407  rtreq.nh.nlmsg_len = NLMSG_SPACE(sizeof(rtreq.rtm));
3408 
3409  /* set RTA_DST for target IPv6 address we want */
3410  rta = (struct rtattr *)(((char *) &rtreq)+NLMSG_ALIGN(rtreq.nh.nlmsg_len));
3411  rta->rta_type = RTA_DST;
3412  rta->rta_len = RTA_LENGTH(16);
3413  rtreq.nh.nlmsg_len = NLMSG_ALIGN(rtreq.nh.nlmsg_len)
3414  +RTA_LENGTH(16);
3415 
3416  if (dest == NULL) /* ::, unspecified */
3417  {
3418  memset( RTA_DATA(rta), 0, 16 ); /* :: = all-zero */
3419  }
3420  else
3421  {
3422  memcpy( RTA_DATA(rta), (void *)dest, 16 );
3423  }
3424 
3425  /* send and receive reply */
3426  if (send( nls, &rtreq, rtreq.nh.nlmsg_len, 0 ) < 0)
3427  {
3428  msg(M_WARN|M_ERRNO, "GDG6: send() failed" ); goto done;
3429  }
3430 
3431  ssize = recv(nls, rtbuf, sizeof(rtbuf), MSG_TRUNC);
3432 
3433  if (ssize < 0)
3434  {
3435  msg(M_WARN|M_ERRNO, "GDG6: recv() failed" ); goto done;
3436  }
3437 
3438  if (ssize > sizeof(rtbuf))
3439  {
3440  msg(M_WARN, "get_default_gateway_ipv6: returned message too big for buffer (%d>%d)", (int)ssize, (int)sizeof(rtbuf) );
3441  goto done;
3442  }
3443 
3444  struct nlmsghdr *nh;
3445 
3446  for (nh = (struct nlmsghdr *)rtbuf;
3447  NLMSG_OK(nh, ssize);
3448  nh = NLMSG_NEXT(nh, ssize))
3449  {
3450  struct rtmsg *rtm;
3451  int attrlen;
3452 
3453  if (nh->nlmsg_type == NLMSG_DONE)
3454  {
3455  break;
3456  }
3457 
3458  if (nh->nlmsg_type == NLMSG_ERROR)
3459  {
3460  struct nlmsgerr *ne = (struct nlmsgerr *)NLMSG_DATA(nh);
3461 
3462  /* since linux-4.11 -ENETUNREACH is returned when no route can be
3463  * found. Don't print any error message in this case */
3464  if (ne->error != -ENETUNREACH)
3465  {
3466  msg(M_WARN, "GDG6: NLMSG_ERROR: error %s\n",
3467  strerror(-ne->error));
3468  }
3469  break;
3470  }
3471 
3472  if (nh->nlmsg_type != RTM_NEWROUTE)
3473  {
3474  /* shouldn't happen */
3475  msg(M_WARN, "GDG6: unexpected msg_type %d", nh->nlmsg_type );
3476  continue;
3477  }
3478 
3479  rtm = (struct rtmsg *)NLMSG_DATA(nh);
3480  attrlen = RTM_PAYLOAD(nh);
3481 
3482  /* we're only looking for routes in the main table, as "we have
3483  * no IPv6" will lead to a lookup result in "Local" (::/0 reject)
3484  */
3485  if (rtm->rtm_family != AF_INET6
3486  || rtm->rtm_table != RT_TABLE_MAIN)
3487  {
3488  continue;
3489  } /* we're not interested */
3490 
3491  for (rta = RTM_RTA(rtm);
3492  RTA_OK(rta, attrlen);
3493  rta = RTA_NEXT(rta, attrlen))
3494  {
3495  if (rta->rta_type == RTA_GATEWAY)
3496  {
3497  if (RTA_PAYLOAD(rta) != sizeof(struct in6_addr) )
3498  {
3499  msg(M_WARN, "GDG6: RTA_GW size mismatch"); continue;
3500  }
3501  rgi6->gateway.addr_ipv6 = *(struct in6_addr *) RTA_DATA(rta);
3502  rgi6->flags |= RGI_ADDR_DEFINED;
3503  }
3504  else if (rta->rta_type == RTA_OIF)
3505  {
3506  char ifname[IF_NAMESIZE+1];
3507  int oif;
3508  if (RTA_PAYLOAD(rta) != sizeof(oif) )
3509  {
3510  msg(M_WARN, "GDG6: oif size mismatch"); continue;
3511  }
3512 
3513  memcpy(&oif, RTA_DATA(rta), sizeof(oif));
3514  if_indextoname(oif,ifname);
3515  strncpy( rgi6->iface, ifname, sizeof(rgi6->iface)-1 );
3516  rgi6->flags |= RGI_IFACE_DEFINED;
3517  }
3518  }
3519  }
3520 
3521  /* if we have an interface but no gateway, the destination is on-link */
3522  if ( ( rgi6->flags & (RGI_IFACE_DEFINED|RGI_ADDR_DEFINED) ) ==
3524  {
3525  rgi6->flags |= (RGI_ADDR_DEFINED | RGI_ON_LINK);
3526  if (dest)
3527  {
3528  rgi6->gateway.addr_ipv6 = *dest;
3529  }
3530  }
3531 
3532 done:
3533  if (nls >= 0)
3534  {
3535  close(nls);
3536  }
3537 }
3538 
3539 #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \
3540  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
3541  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
3542 
3543 #include <sys/types.h>
3544 #include <sys/socket.h>
3545 #include <netinet/in.h>
3546 #include <net/route.h>
3547 #include <net/if_dl.h>
3548 
3549 struct rtmsg {
3550  struct rt_msghdr m_rtm;
3551  char m_space[512];
3552 };
3553 
3554 /* the route socket code is identical for all 4 supported BSDs and for
3555  * MacOS X (Darwin), with one crucial difference: when going from
3556  * 32 bit to 64 bit, the BSDs increased the structure size but kept
3557  * source code compatibility by keeping the use of "long", while
3558  * MacOS X decided to keep binary compatibility by *changing* the API
3559  * to use "uint32_t", thus 32 bit on all OS X variants
3560  *
3561  * We used to have a large amount of duplicate code here which really
3562  * differed only in this (long) vs. (uint32_t) - IMHO, worse than
3563  * having a combined block for all BSDs with this single #ifdef inside
3564  */
3565 
3566 #if defined(TARGET_DARWIN)
3567 #define ROUNDUP(a) \
3568  ((a) > 0 ? (1 + (((a) - 1) | (sizeof(uint32_t) - 1))) : sizeof(uint32_t))
3569 #else
3570 #define ROUNDUP(a) \
3571  ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
3572 #endif
3573 
3574 #if defined(TARGET_SOLARIS)
3575 #define NEXTADDR(w, u) \
3576  if (rtm_addrs & (w)) { \
3577  l = ROUNDUP(sizeof(u)); memmove(cp, &(u), l); cp += l; \
3578  }
3579 
3580 #define ADVANCE(x, n) (x += ROUNDUP(sizeof(struct sockaddr_in)))
3581 #else /* if defined(TARGET_SOLARIS) */
3582 #define NEXTADDR(w, u) \
3583  if (rtm_addrs & (w)) { \
3584  l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \
3585  }
3586 
3587 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
3588 #endif
3589 
3590 #define max(a,b) ((a) > (b) ? (a) : (b))
3591 
3592 void
3594 {
3595  struct gc_arena gc = gc_new();
3596  struct rtmsg m_rtmsg;
3597  int sockfd = -1;
3598  int seq, l, pid, rtm_addrs;
3599  unsigned int i;
3600  struct sockaddr so_dst, so_mask;
3601  char *cp = m_rtmsg.m_space;
3602  struct sockaddr *gate = NULL, *ifp = NULL, *sa;
3603  struct rt_msghdr *rtm_aux;
3604 
3605 #define rtm m_rtmsg.m_rtm
3606 
3607  CLEAR(*rgi);
3608 
3609  /* setup data to send to routing socket */
3610  pid = getpid();
3611  seq = 0;
3612  rtm_addrs = RTA_DST | RTA_NETMASK | RTA_IFP;
3613 
3614  bzero(&m_rtmsg, sizeof(m_rtmsg));
3615  bzero(&so_dst, sizeof(so_dst));
3616  bzero(&so_mask, sizeof(so_mask));
3617  bzero(&rtm, sizeof(struct rt_msghdr));
3618 
3619  rtm.rtm_type = RTM_GET;
3620  rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
3621  rtm.rtm_version = RTM_VERSION;
3622  rtm.rtm_seq = ++seq;
3623 #ifdef TARGET_OPENBSD
3624  rtm.rtm_tableid = getrtable();
3625 #endif
3626  rtm.rtm_addrs = rtm_addrs;
3627 
3628  so_dst.sa_family = AF_INET;
3629  so_mask.sa_family = AF_INET;
3630 
3631 #ifndef TARGET_SOLARIS
3632  so_dst.sa_len = sizeof(struct sockaddr_in);
3633  so_mask.sa_len = sizeof(struct sockaddr_in);
3634 #endif
3635 
3636  NEXTADDR(RTA_DST, so_dst);
3637  NEXTADDR(RTA_NETMASK, so_mask);
3638 
3639  rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
3640 
3641  /* transact with routing socket */
3642  sockfd = socket(PF_ROUTE, SOCK_RAW, 0);
3643  if (sockfd < 0)
3644  {
3645  msg(M_WARN, "GDG: socket #1 failed");
3646  goto done;
3647  }
3648  if (write(sockfd, (char *)&m_rtmsg, l) < 0)
3649  {
3650  msg(M_WARN, "GDG: problem writing to routing socket");
3651  goto done;
3652  }
3653  do
3654  {
3655  l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
3656  } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
3657  close(sockfd);
3658  sockfd = -1;
3659 
3660  /* extract return data from routing socket */
3661  rtm_aux = &rtm;
3662  cp = ((char *)(rtm_aux + 1));
3663  if (rtm_aux->rtm_addrs)
3664  {
3665  for (i = 1; i; i <<= 1)
3666  {
3667  if (i & rtm_aux->rtm_addrs)
3668  {
3669  sa = (struct sockaddr *)cp;
3670  if (i == RTA_GATEWAY)
3671  {
3672  gate = sa;
3673  }
3674  else if (i == RTA_IFP)
3675  {
3676  ifp = sa;
3677  }
3678  ADVANCE(cp, sa);
3679  }
3680  }
3681  }
3682  else
3683  {
3684  goto done;
3685  }
3686 
3687  /* get gateway addr and interface name */
3688  if (gate != NULL)
3689  {
3690  /* get default gateway addr */
3691  rgi->gateway.addr = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
3692  if (rgi->gateway.addr)
3693  {
3694  rgi->flags |= RGI_ADDR_DEFINED;
3695  }
3696 
3697  if (ifp)
3698  {
3699  /* get interface name */
3700  const struct sockaddr_dl *adl = (struct sockaddr_dl *) ifp;
3701  if (adl->sdl_nlen && adl->sdl_nlen < sizeof(rgi->iface))
3702  {
3703  memcpy(rgi->iface, adl->sdl_data, adl->sdl_nlen);
3704  rgi->iface[adl->sdl_nlen] = '\0';
3705  rgi->flags |= RGI_IFACE_DEFINED;
3706  }
3707  }
3708  }
3709 
3710  /* get netmask of interface that owns default gateway */
3711  if (rgi->flags & RGI_IFACE_DEFINED)
3712  {
3713  struct ifreq ifr;
3714 
3715  sockfd = socket(AF_INET, SOCK_DGRAM, 0);
3716  if (sockfd < 0)
3717  {
3718  msg(M_WARN, "GDG: socket #2 failed");
3719  goto done;
3720  }
3721 
3722  CLEAR(ifr);
3723  ifr.ifr_addr.sa_family = AF_INET;
3724  strncpynt(ifr.ifr_name, rgi->iface, IFNAMSIZ);
3725 
3726  if (ioctl(sockfd, SIOCGIFNETMASK, (char *)&ifr) < 0)
3727  {
3728  msg(M_WARN, "GDG: ioctl #1 failed");
3729  goto done;
3730  }
3731  close(sockfd);
3732  sockfd = -1;
3733 
3734  rgi->gateway.netmask = ntohl(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr);
3735  rgi->flags |= RGI_NETMASK_DEFINED;
3736  }
3737 
3738  /* try to read MAC addr associated with interface that owns default gateway */
3739  if (rgi->flags & RGI_IFACE_DEFINED)
3740  {
3741  struct ifconf ifc;
3742  struct ifreq *ifr;
3743  const int bufsize = 4096;
3744  char *buffer;
3745 
3746  buffer = (char *) gc_malloc(bufsize, true, &gc);
3747  sockfd = socket(AF_INET, SOCK_DGRAM, 0);
3748  if (sockfd < 0)
3749  {
3750  msg(M_WARN, "GDG: socket #3 failed");
3751  goto done;
3752  }
3753 
3754  ifc.ifc_len = bufsize;
3755  ifc.ifc_buf = buffer;
3756 
3757  if (ioctl(sockfd, SIOCGIFCONF, (char *)&ifc) < 0)
3758  {
3759  msg(M_WARN, "GDG: ioctl #2 failed");
3760  goto done;
3761  }
3762  close(sockfd);
3763  sockfd = -1;
3764 
3765  for (cp = buffer; cp <= buffer + ifc.ifc_len - sizeof(struct ifreq); )
3766  {
3767  ifr = (struct ifreq *)cp;
3768 #if defined(TARGET_SOLARIS)
3769  const size_t len = sizeof(ifr->ifr_name) + sizeof(ifr->ifr_addr);
3770 #else
3771  const size_t len = sizeof(ifr->ifr_name) + max(sizeof(ifr->ifr_addr), ifr->ifr_addr.sa_len);
3772 #endif
3773 
3774  if (!ifr->ifr_addr.sa_family)
3775  {
3776  break;
3777  }
3778  if (!strncmp(ifr->ifr_name, rgi->iface, IFNAMSIZ))
3779  {
3780  if (ifr->ifr_addr.sa_family == AF_LINK)
3781  {
3782  struct sockaddr_dl *sdl = (struct sockaddr_dl *)&ifr->ifr_addr;
3783  memcpy(rgi->hwaddr, LLADDR(sdl), 6);
3784  rgi->flags |= RGI_HWADDR_DEFINED;
3785  }
3786  }
3787  cp += len;
3788  }
3789  }
3790 
3791 done:
3792  if (sockfd >= 0)
3793  {
3794  close(sockfd);
3795  }
3796  gc_free(&gc);
3797 }
3798 
3799 /* BSD implementation using routing socket (as does IPv4)
3800  * (the code duplication is somewhat unavoidable if we want this to
3801  * work on OpenSolaris as well. *sigh*)
3802  */
3803 
3804 /* Solaris has no length field - this is ugly, but less #ifdef in total
3805  */
3806 #if defined(TARGET_SOLARIS)
3807 #undef ADVANCE
3808 #define ADVANCE(x, n) (x += ROUNDUP(sizeof(struct sockaddr_in6)))
3809 #endif
3810 
3811 void
3813  const struct in6_addr *dest)
3814 {
3815 
3816  struct rtmsg m_rtmsg;
3817  int sockfd = -1;
3818  int seq, l, pid, rtm_addrs;
3819  unsigned int i;
3820  struct sockaddr_in6 so_dst, so_mask;
3821  char *cp = m_rtmsg.m_space;
3822  struct sockaddr *gate = NULL, *ifp = NULL, *sa;
3823  struct rt_msghdr *rtm_aux;
3824 
3825  CLEAR(*rgi6);
3826 
3827  /* setup data to send to routing socket */
3828  pid = getpid();
3829  seq = 0;
3830  rtm_addrs = RTA_DST | RTA_NETMASK | RTA_IFP;
3831 
3832  bzero(&m_rtmsg, sizeof(m_rtmsg));
3833  bzero(&so_dst, sizeof(so_dst));
3834  bzero(&so_mask, sizeof(so_mask));
3835  bzero(&rtm, sizeof(struct rt_msghdr));
3836 
3837  rtm.rtm_type = RTM_GET;
3838  rtm.rtm_flags = RTF_UP;
3839  rtm.rtm_version = RTM_VERSION;
3840  rtm.rtm_seq = ++seq;
3841 #ifdef TARGET_OPENBSD
3842  rtm.rtm_tableid = getrtable();
3843 #endif
3844 
3845  so_dst.sin6_family = AF_INET6;
3846  so_mask.sin6_family = AF_INET6;
3847 
3848  if (dest != NULL /* specific host? */
3849  && !IN6_IS_ADDR_UNSPECIFIED(dest) )
3850  {
3851  so_dst.sin6_addr = *dest;
3852  /* :: needs /0 "netmask", host route wants "no netmask */
3853  rtm_addrs &= ~RTA_NETMASK;
3854  }
3855 
3856  rtm.rtm_addrs = rtm_addrs;
3857 
3858 #ifndef TARGET_SOLARIS
3859  so_dst.sin6_len = sizeof(struct sockaddr_in6);
3860  so_mask.sin6_len = sizeof(struct sockaddr_in6);
3861 #endif
3862 
3863  NEXTADDR(RTA_DST, so_dst);
3864  NEXTADDR(RTA_NETMASK, so_mask);
3865 
3866  rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
3867 
3868  /* transact with routing socket */
3869  sockfd = socket(PF_ROUTE, SOCK_RAW, 0);
3870  if (sockfd < 0)
3871  {
3872  msg(M_WARN, "GDG6: socket #1 failed");
3873  goto done;
3874  }
3875  if (write(sockfd, (char *)&m_rtmsg, l) < 0)
3876  {
3877  msg(M_WARN, "GDG6: problem writing to routing socket");
3878  goto done;
3879  }
3880 
3881  do
3882  {
3883  l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
3884  }
3885  while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
3886 
3887  close(sockfd);
3888  sockfd = -1;
3889 
3890  /* extract return data from routing socket */
3891  rtm_aux = &rtm;
3892  cp = ((char *)(rtm_aux + 1));
3893  if (rtm_aux->rtm_addrs)
3894  {
3895  for (i = 1; i; i <<= 1)
3896  {
3897  if (i & rtm_aux->rtm_addrs)
3898  {
3899  sa = (struct sockaddr *)cp;
3900  if (i == RTA_GATEWAY)
3901  {
3902  gate = sa;
3903  }
3904  else if (i == RTA_IFP)
3905  {
3906  ifp = sa;
3907  }
3908  ADVANCE(cp, sa);
3909  }
3910  }
3911  }
3912  else
3913  {
3914  goto done;
3915  }
3916 
3917  /* get gateway addr and interface name */
3918  if (gate != NULL)
3919  {
3920  struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)gate;
3921  struct in6_addr gw = s6->sin6_addr;
3922 
3923 #ifndef TARGET_SOLARIS
3924  /* You do not really want to know... from FreeBSD's route.c
3925  * (KAME encodes the 16 bit scope_id in s6_addr[2] + [3],
3926  * but for a correct link-local address these must be :0000: )
3927  */
3928  if (gate->sa_len == sizeof(struct sockaddr_in6)
3929  && IN6_IS_ADDR_LINKLOCAL(&gw) )
3930  {
3931  gw.s6_addr[2] = gw.s6_addr[3] = 0;
3932  }
3933 
3934  if (gate->sa_len != sizeof(struct sockaddr_in6)
3935  || IN6_IS_ADDR_UNSPECIFIED(&gw) )
3936  {
3937  rgi6->flags |= RGI_ON_LINK;
3938  }
3939  else
3940 #endif
3941 
3942  rgi6->gateway.addr_ipv6 = gw;
3943  rgi6->flags |= RGI_ADDR_DEFINED;
3944 
3945  if (ifp)
3946  {
3947  /* get interface name */
3948  const struct sockaddr_dl *adl = (struct sockaddr_dl *) ifp;
3949  if (adl->sdl_nlen && adl->sdl_nlen < sizeof(rgi6->iface))
3950  {
3951  memcpy(rgi6->iface, adl->sdl_data, adl->sdl_nlen);
3952  rgi6->flags |= RGI_IFACE_DEFINED;
3953  }
3954  }
3955  }
3956 
3957 done:
3958  if (sockfd >= 0)
3959  {
3960  close(sockfd);
3961  }
3962 }
3963 
3964 #undef max
3965 
3966 #else /* if defined(_WIN32) */
3967 
3968 /*
3969  * This is a platform-specific method that returns data about
3970  * the current default gateway. Return data is placed into
3971  * a struct route_gateway_info object provided by caller. The
3972  * implementation should CLEAR the structure before adding
3973  * data to it.
3974  *
3975  * Data returned includes:
3976  * 1. default gateway address (rgi->gateway.addr)
3977  * 2. netmask of interface that owns default gateway
3978  * (rgi->gateway.netmask)
3979  * 3. hardware address (i.e. MAC address) of interface that owns
3980  * default gateway (rgi->hwaddr)
3981  * 4. interface name (or adapter index on Windows) that owns default
3982  * gateway (rgi->iface or rgi->adapter_index)
3983  * 5. an array of additional address/netmask pairs defined by
3984  * interface that owns default gateway (rgi->addrs with length
3985  * given in rgi->n_addrs)
3986  *
3987  * The flags RGI_x_DEFINED may be used to indicate which of the data
3988  * members were successfully returned (set in rgi->flags). All of
3989  * the data members are optional, however certain OpenVPN functionality
3990  * may be disabled by missing items.
3991  */
3992 void
3994 {
3995  CLEAR(*rgi);
3996 }
3997 void
3999  const struct in6_addr *dest)
4000 {
4001  msg(D_ROUTE, "no support for get_default_gateway_ipv6() on this system");
4002  CLEAR(*rgi6);
4003 }
4004 
4005 #endif /* if defined(_WIN32) */
4006 
4007 bool
4008 netmask_to_netbits(const in_addr_t network, const in_addr_t netmask, int *netbits)
4009 {
4010  int i;
4011  const int addrlen = sizeof(in_addr_t) * 8;
4012 
4013  if ((network & netmask) == network)
4014  {
4015  for (i = 0; i <= addrlen; ++i)
4016  {
4017  in_addr_t mask = netbits_to_netmask(i);
4018  if (mask == netmask)
4019  {
4020  if (i == addrlen)
4021  {
4022  *netbits = -1;
4023  }
4024  else
4025  {
4026  *netbits = i;
4027  }
4028  return true;
4029  }
4030  }
4031  }
4032  return false;
4033 }
4034 
4035 /* similar to netmask_to_netbits(), but don't mess with base address
4036  * etc., just convert to netbits - non-mappable masks are returned as "-1"
4037  */
4038 int
4040 {
4041  int i;
4042  const int addrlen = sizeof(in_addr_t) * 8;
4043 
4044  for (i = 0; i <= addrlen; ++i)
4045  {
4046  in_addr_t mask = netbits_to_netmask(i);
4047  if (mask == netmask)
4048  {
4049  return i;
4050  }
4051  }
4052  return -1;
4053 }
4054 
4055 
4056 /*
4057  * get_bypass_addresses() is used by the redirect-gateway bypass-x
4058  * functions to build a route bypass to selected DHCP/DNS servers,
4059  * so that outgoing packets to these servers don't end up in the tunnel.
4060  */
4061 
4062 #if defined(_WIN32)
4063 
4064 static void
4066 {
4067  if (test_local_addr(addr, NULL) == TLA_NONLOCAL && addr != 0 && addr != IPV4_NETMASK_HOST)
4068  {
4069  add_bypass_address(rb, addr);
4070  }
4071 }
4072 
4073 static void
4074 add_host_route_array(struct route_bypass *rb, const IP_ADDR_STRING *iplist)
4075 {
4076  while (iplist)
4077  {
4078  bool succeed = false;
4079  const in_addr_t ip = getaddr(GETADDR_HOST_ORDER, iplist->IpAddress.String, 0, &succeed, NULL);
4080  if (succeed)
4081  {
4083  }
4084  iplist = iplist->Next;
4085  }
4086 }
4087 
4088 static void
4089 get_bypass_addresses(struct route_bypass *rb, const unsigned int flags)
4090 {
4091  struct gc_arena gc = gc_new();
4092  /*bool ret_bool = false;*/
4093 
4094  /* get full routing table */
4095  const MIB_IPFORWARDTABLE *routes = get_windows_routing_table(&gc);
4096 
4097  /* get the route which represents the default gateway */
4098  const MIB_IPFORWARDROW *row = get_default_gateway_row(routes);
4099 
4100  if (row)
4101  {
4102  /* get the adapter which the default gateway is associated with */
4103  const IP_ADAPTER_INFO *dgi = get_adapter_info(row->dwForwardIfIndex, &gc);
4104 
4105  /* get extra adapter info, such as DNS addresses */
4106  const IP_PER_ADAPTER_INFO *pai = get_per_adapter_info(row->dwForwardIfIndex, &gc);
4107 
4108  /* Bypass DHCP server address */
4109  if ((flags & RG_BYPASS_DHCP) && dgi && dgi->DhcpEnabled)
4110  {
4111  add_host_route_array(rb, &dgi->DhcpServer);
4112  }
4113 
4114  /* Bypass DNS server addresses */
4115  if ((flags & RG_BYPASS_DNS) && pai)
4116  {
4117  add_host_route_array(rb, &pai->DnsServerList);
4118  }
4119  }
4120 
4121  gc_free(&gc);
4122 }
4123 
4124 #else /* if defined(_WIN32) */
4125 
4126 static void
4127 get_bypass_addresses(struct route_bypass *rb, const unsigned int flags) /* PLATFORM-SPECIFIC */
4128 {
4129 }
4130 
4131 #endif /* if defined(_WIN32) */
4132 
4133 /*
4134  * Test if addr is reachable via a local interface (return ILA_LOCAL),
4135  * or if it needs to be routed via the default gateway (return
4136  * ILA_NONLOCAL). If the target platform doesn't implement this
4137  * function, return ILA_NOT_IMPLEMENTED.
4138  *
4139  * Used by redirect-gateway autolocal feature
4140  */
4141 
4142 #if defined(_WIN32)
4143 
4144 int
4145 test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi)
4146 {
4147  struct gc_arena gc = gc_new();
4148  const in_addr_t nonlocal_netmask = 0x80000000L; /* routes with netmask <= to this are considered non-local */
4149  int ret = TLA_NONLOCAL;
4150 
4151  /* get full routing table */
4152  const MIB_IPFORWARDTABLE *rt = get_windows_routing_table(&gc);
4153  if (rt)
4154  {
4155  int i;
4156  for (i = 0; i < rt->dwNumEntries; ++i)
4157  {
4158  const MIB_IPFORWARDROW *row = &rt->table[i];
4159  const in_addr_t net = ntohl(row->dwForwardDest);
4160  const in_addr_t mask = ntohl(row->dwForwardMask);
4161  if (mask > nonlocal_netmask && (addr & mask) == net)
4162  {
4163  ret = TLA_LOCAL;
4164  break;
4165  }
4166  }
4167  }
4168 
4169  gc_free(&gc);
4170  return ret;
4171 }
4172 
4173 #else /* if defined(_WIN32) */
4174 
4175 int
4176 test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi) /* PLATFORM-SPECIFIC */
4177 {
4178  if (rgi)
4179  {
4180  if (local_route(addr, 0xFFFFFFFF, rgi->gateway.addr, rgi))
4181  {
4182  return TLA_LOCAL;
4183  }
4184  else
4185  {
4186  return TLA_NONLOCAL;
4187  }
4188  }
4189  return TLA_NOT_IMPLEMENTED;
4190 }
4191 
4192 #endif /* if defined(_WIN32) */
static bool del_route_service(const struct route_ipv4 *, const struct tuntap *)
Definition: route.c:3102
#define RG_BYPASS_DNS
Definition: route.h:87
in_addr_t gateway
Definition: route.h:120
in_addr_t addr
Definition: route.h:141
static bool add_route_service(const struct route_ipv4 *, const struct tuntap *)
Definition: route.c:3096
struct route_gateway_address gateway
Definition: route.h:165
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
unsigned int spec_flags
Definition: route.h:217
Definition: tun.h:131
const IP_PER_ADAPTER_INFO * get_per_adapter_info(const DWORD index, struct gc_arena *gc)
Definition: tun.c:4034
struct route_bypass bypass
Definition: route.h:70
const IP_ADAPTER_INFO * get_adapter_info_list(struct gc_arena *gc)
Definition: tun.c:4007
struct in6_addr ipv6
Definition: openvpn-msg.h:52
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:436
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:525
static void print_route_option(const struct route_option *ro, int level)
Definition: route.c:1275
static void setenv_route_addr(struct env_set *es, const char *key, const in_addr_t addr, int i)
Definition: route.c:199
in_addr_t network
Definition: route.h:118
#define LR_ERROR
Definition: route.c:1479
#define D_ROUTE
Definition: errlevel.h:80
void gc_addspecial(void *addr, void(free_function)(void *), struct gc_arena *a)
Definition: buffer.c:477
#define RL_DID_LOCAL
Definition: route.h:203
static bool do_route_service(const bool add, const route_message_t *rt, const size_t size, HANDLE pipe)
Definition: route.c:2992
struct argv argv_new(void)
Definition: argv.c:52
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition: error.c:819
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition: socket.c:189
struct route_ipv6 * next
Definition: route.h:125
int n_bypass
Definition: route.h:55
unsigned int flags
Definition: route.h:65
static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es)
Definition: route.c:2130
#define IPV4_NETMASK_HOST
Definition: basic.h:35
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2988
void print_default_gateway(const int msglevel, const struct route_gateway_info *rgi, const struct route_ipv6_gateway_info *rgi6)
Definition: route.c:1301
#define M_INFO
Definition: errlevel.h:55
struct route_ipv6_option_list * new_route_ipv6_option_list(struct gc_arena *a)
Definition: route.c:119
static bool is_route_parm_defined(const char *parm)
Definition: route.c:185
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1022
unsigned int iflags
Definition: route.h:205
void check_subnet_conflict(const in_addr_t ip, const in_addr_t netmask, const char *prefix)
Definition: tun.c:424
struct in6_addr remote_host_ipv6
Definition: route.h:219
void print_route_options(const struct route_option_list *rol, int level)
Definition: route.c:1285
static void redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
Definition: route.c:982
struct in6_addr remote_endpoint_ipv6
Definition: route.h:218
static void setenv_route_ipv6(struct env_set *es, const struct route_ipv6 *r6, int i)
Definition: route.c:1428
struct route_option * routes
Definition: route.h:94
static void clear_route_list(struct route_list *rl)
Definition: route.c:522
unsigned int flags
Definition: route.h:126
#define ASSERT(x)
Definition: error.h:221
in_addr_t bypass[N_ROUTE_BYPASS]
Definition: route.h:56
struct route_ipv6_option_list * clone_route_ipv6_option_list(const struct route_ipv6_option_list *src, struct gc_arena *a)
Definition: route.c:144
const IP_ADAPTER_INFO * get_tun_adapter(const struct tuntap *tt, const IP_ADAPTER_INFO *list)
Definition: tun.c:4225
bool netmask_to_netbits(const in_addr_t network, const in_addr_t netmask, int *netbits)
Definition: route.c:4008
static void clear_route_ipv6_list(struct route_ipv6_list *rl6)
Definition: route.c:529
void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
Definition: route.c:1448
void add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
Definition: route.c:1167
static in_addr_t netbits_to_netmask(const int netbits)
Definition: route.h:369
in_addr_t netmask
Definition: route.h:142
static const MIB_IPFORWARDROW * get_default_gateway_row(const MIB_IPFORWARDTABLE *routes)
Definition: route.c:2677
const char * metric
Definition: route.h:102
#define M_FATAL
Definition: error.h:94
#define RT_METRIC_DEFINED
Definition: route.h:114
void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l, const char *prefix, const char *gateway, const char *metric)
Definition: route.c:507
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:245
static int test_route(const IP_ADAPTER_INFO *adapters, const in_addr_t gateway, DWORD *index)
Definition: route.c:2586
#define RL_ROUTES_ADDED
Definition: route.h:204
#define CLEAR(x)
Definition: basic.h:33
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:285
static void del_route3(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es)
Definition: route.c:916
#define in_addr_t
Definition: config-msvc.h:104
#define ROUTE_METHOD_SERVICE
Definition: route.h:42
struct route_gateway_info rgi
Definition: route.h:208
#define RL_DID_REDIRECT_DEFAULT_GATEWAY
Definition: route.h:202
static bool do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:3019
struct route_ipv6_gateway_info rgi6
Definition: route.h:222
const char * gateway
Definition: route.h:78
void add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
Definition: route.c:1847
void delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
Definition: route.c:2322
struct in6_addr network
Definition: route.h:127
struct route_ipv6_option * routes_ipv6
Definition: route.h:107
struct route_special_addr spec
Definition: route.h:207
bool test_routes(const struct route_list *rl, const struct tuntap *tt)
Definition: route.c:2629
#define IA_NET_ORDER
Definition: socket.h:394
static const char * route_string(const struct route_ipv4 *r, struct gc_arena *gc)
Definition: route.c:169
#define snprintf
Definition: config-msvc.h:97
static bool route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host)
Definition: route.c:730
unsigned int flags
Definition: route.h:223
struct tuntap_options options
Definition: tun.h:144
const struct route_option * option
Definition: route.h:117
#define N_ROUTE_BYPASS
Definition: route.h:54
struct route_ipv6 * routes_ipv6
Definition: route.h:224
void argv_msg(const int msglev, const struct argv *a)
Definition: argv.c:206
unsigned int flags
Definition: route.h:209
static void print_route(const struct route_ipv4 *r, int level)
Definition: route.c:1376
static bool add_bypass_address(struct route_bypass *rb, const in_addr_t a)
Definition: route.c:88
#define LR_NOMATCH
Definition: route.c:1477
void netcmd_semaphore_lock(void)
Definition: win32.c:860
#define ALLOC_OBJ_GC(dptr, type, gc)
Definition: buffer.h:1081
static bool add_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *)
Definition: route.c:3108
int add(int a, int b)
list flags
#define fail()
Definition: cmocka.h:1531
#define RG_ENABLE
Definition: route.h:83
int inet_pton(int af, const char *src, void *dst)
#define WIN_ROUTE_PATH_SUFFIX
Definition: win32.h:35
#define RGI_NETMASK_DEFINED
Definition: route.h:147
static void undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
Definition: route.c:1101
unsigned int netbits
Definition: route.h:128
#define RT_ADDED
Definition: route.h:113
void setenv_routes(struct env_set *es, const struct route_list *rl)
Definition: route.c:1417
in_addr_t netmask
Definition: route.h:119
#define IPV4_INVALID_ADDR
Definition: socket.h:428
#define ROUTE_REF_GW
Definition: route.h:50
void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, const struct in6_addr *dest)
Definition: route.c:2804
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:299
bool is_ip_in_adapter_subnet(const IP_ADAPTER_INFO *ai, const in_addr_t ip, in_addr_t *highest_netmask)
Definition: tun.c:4283
#define TLA_NONLOCAL
Definition: route.h:334
#define RG_LOCAL
Definition: route.h:84
bool is_special_addr(const char *addr_str)
Definition: route.c:286
#define RGI_ON_LINK
Definition: route.h:151
static const char * np(const char *str)
Definition: simple.c:108
inet_address_t gateway
Definition: openvpn-msg.h:73
static struct gc_arena gc_new(void)
Definition: buffer.h:1014
static void add_block_local(struct route_list *rl)
Definition: route.c:578
bool did_ifconfig_setup
Definition: tun.h:139
static bool is_on_link(const int is_local_route, const unsigned int flags, const struct route_gateway_info *rgi)
Definition: route.c:1518
static DWORD InterfaceLuid(const char *iface_name, PNET_LUID luid)
Definition: interactive.c:548
struct gc_arena gc
Definition: route.h:211
#define RGI_ADDR_DEFINED
Definition: route.h:146
#define PACKAGE_NAME
Definition: config.h:730
struct route_gateway_address addrs[RGI_N_ADDRESSES]
Definition: route.h:170
unsigned int iflags
Definition: route.h:215
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2968
#define OPENVPN_STATE_ADD_ROUTES
Definition: manage.h:485
#define TLA_LOCAL
Definition: route.h:335
#define METRIC_NOT_USED
Definition: route.c:54
#define DEV_TYPE_TUN
Definition: proto.h:37
int type
Definition: tun.h:134
static void gc_init(struct gc_arena *a)
Definition: buffer.h:1001
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:408
static DWORD windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:2755
void route_ipv6_clear_host_bits(struct route_ipv6 *r6)
Definition: route.c:1824
#define NETSH_PATH_SUFFIX
Definition: win32.h:34
#define ROUTE_DELETE_FIRST
Definition: route.h:49
unsigned int flags
Definition: route.h:152
static void gc_freeaddrinfo_callback(void *addr)
Definition: buffer.h:202
static bool get_special_addr(const struct route_list *rl, const char *string, in_addr_t *out, bool *status)
Definition: route.c:216
#define RT_DEFINED
Definition: route.h:112
struct gc_arena gc
Definition: route.h:225
#define RG_DEF1
Definition: route.h:85
#define RTSA_DEFAULT_METRIC
Definition: route.h:64
static void setenv_route(struct env_set *es, const struct route_ipv4 *r, int i)
Definition: route.c:1397
DWORD adapter_index
Definition: route.h:133
in_addr_t remote_endpoint
Definition: route.h:67
struct in6_addr addr_ipv6
Definition: route.h:174
#define RG_BYPASS_DHCP
Definition: route.h:86
#define ROUTE_METHOD_MASK
Definition: route.h:43
static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *)
Definition: route.c:3114
static SERVICE_STATUS status
Definition: automatic.c:43
void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest, const struct route_ipv6_option_list *src, struct gc_arena *a)
Definition: route.c:160
const char * netmask
Definition: route.h:77
DWORD adapter_index
Definition: route.h:156
static bool init_route_ipv6(struct route_ipv6 *r6, const struct route_ipv6_option *r6o, const struct route_ipv6_list *rl6)
Definition: route.c:428
void route_list_add_vpn_gateway(struct route_list *rl, struct env_set *es, const in_addr_t addr)
Definition: route.c:536
unsigned int flags
Definition: route.h:116
bool send_msg_iservice(HANDLE pipe, const void *data, size_t size, ack_message_t *ack, const char *context)
Definition: win32.c:1473
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
Definition: buffer.c:522
#define RGI_HWADDR_DEFINED
Definition: route.h:148
#define GETADDR_HOST_ORDER
Definition: socket.h:522
char * get_win_sys_path(void)
Definition: win32.c:1206
DWORD adapter_index
Definition: tun.h:175
#define dmsg
Definition: error.h:174
void add_route_to_option_list(struct route_option_list *l, const char *network, const char *netmask, const char *gateway, const char *metric)
Definition: route.c:489
unsigned int flags
Definition: route.h:180
const IP_ADAPTER_INFO * get_adapter_info(DWORD index, struct gc_arena *gc)
Definition: tun.c:4140
int netmask_to_netbits2(in_addr_t netmask)
Definition: route.c:4039
#define RTSA_REMOTE_ENDPOINT
Definition: route.h:62
struct route_ipv4 * next
Definition: route.h:115
static void add_host_route_if_nonlocal(struct route_bypass *rb, const in_addr_t addr)
Definition: route.c:4065
unsigned int flags
Definition: route.h:93
unsigned int flags
Definition: route.h:106
struct gc_arena * gc
Definition: route.h:108
struct in6_addr gateway
Definition: route.h:129
HANDLE msg_channel
Definition: tun.h:61
#define RTSA_REMOTE_HOST
Definition: route.h:63
static int local_route(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct route_gateway_info *rgi)
Definition: route.c:1482
int test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi)
Definition: route.c:4145
bool did_ifconfig_ipv6_setup
Definition: tun.h:140
struct route_ipv6_gateway_address gateway
Definition: route.h:193
#define RG_BLOCK_LOCAL
Definition: route.h:90
interface_t iface
Definition: openvpn-msg.h:74
int metric
Definition: route.h:130
const char * network
Definition: route.h:76
const char * metric
Definition: route.h:79
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition: buffer.h:1086
bool init_route_list(struct route_list *rl, const struct route_option_list *opt, const char *remote_endpoint, int default_metric, in_addr_t remote_host, struct env_set *es)
Definition: route.c:611
void argv_printf_cat(struct argv *a, const char *format,...)
Definition: argv.c:328
#define RG_REROUTE_GW
Definition: route.h:88
char name[256]
Definition: openvpn-msg.h:57
#define ROUTE_METHOD_IPAPI
Definition: route.h:40
#define ROUTE_METHOD_EXE
Definition: route.h:41
bool init_route_ipv6_list(struct route_ipv6_list *rl6, const struct route_ipv6_option_list *opt6, const char *remote_endpoint, int default_metric, const struct in6_addr *remote_host_ipv6, struct env_set *es)
Definition: route.c:766
#define IF_NAMESIZE
Definition: socket.c:2894
#define RG_AUTO_LOCAL
Definition: route.h:89
#define msg
Definition: error.h:173
struct route_ipv6_option * next
Definition: route.h:99
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:269
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
void show_routes(int msglev)
Definition: route.c:3145
struct gc_arena * gc
Definition: route.h:95
void delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
Definition: route.c:1223
bool add_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index)
Definition: route.c:2874
#define LR_MATCH
Definition: route.c:1478
static bool init_route(struct route_ipv4 *r, struct addrinfo **network_list, const struct route_option *ro, const struct route_list *rl)
Definition: route.c:299
void netcmd_semaphore_release(void)
Definition: win32.c:876
const char * prefix
Definition: route.h:100
#define TUN_ADAPTER_INDEX_INVALID
Definition: tun.h:42
static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags)
Definition: route.c:4089
#define TLA_NOT_IMPLEMENTED
Definition: route.h:333
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2663
struct route_option_list * clone_route_option_list(const struct route_option_list *src, struct gc_arena *a)
Definition: route.c:135
bool is_adapter_up(const struct tuntap *tt, const IP_ADAPTER_INFO *list)
Definition: tun.c:4238
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
uint8_t hwaddr[6]
Definition: route.h:162
DWORD adapter_index_of_ip(const IP_ADAPTER_INFO *list, const in_addr_t ip, int *count, in_addr_t *netmask)
Definition: tun.c:4316
#define ROUTE_PATH
Definition: config.h:757
static void add_host_route_array(struct route_bypass *rb, const IP_ADDR_STRING *iplist)
Definition: route.c:4074
static void add_route3(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es)
Definition: route.c:898
static uint8_t * buf_bptr(const struct buffer *buf)
Definition: buffer.h:227
bool get_ipv6_addr(const char *hostname, struct in6_addr *network, unsigned int *netbits, int msglevel)
Translate an IPv6 addr or hostname from string form to in6_addr.
Definition: socket.c:220
struct route_option * next
Definition: route.h:75
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
void get_default_gateway(struct route_gateway_info *rgi)
Definition: route.c:2718
void add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es)
Definition: route.c:1524
int remote_host_local
Definition: route.h:69
const char * gateway
Definition: route.h:101
static const char * format_route_entry(const MIB_IPFORWARDROW *r, struct gc_arena *gc)
Definition: route.c:3120
#define ROUTE_METHOD_ADAPTIVE
Definition: route.h:39
const IP_ADAPTER_INFO * get_adapter(const IP_ADAPTER_INFO *ai, DWORD index)
Definition: tun.c:4121
static void add_block_local_item(struct route_list *rl, const struct route_gateway_address *gateway, in_addr_t target)
Definition: route.c:547
void argv_reset(struct argv *a)
Definition: argv.c:60
#define BSTR(buf)
Definition: buffer.h:129
void copy_route_option_list(struct route_option_list *dest, const struct route_option_list *src, struct gc_arena *a)
Definition: route.c:153
struct route_option_list * new_route_option_list(struct gc_arena *a)
Definition: route.c:110
#define M_ERRNO
Definition: error.h:99
static void add_bypass_routes(struct route_bypass *rb, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es)
Definition: route.c:934
Definition: argv.h:35
bool openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition: run_command.c:174
char * actual_name
Definition: tun.h:146
struct route_ipv4 * routes
Definition: route.h:210
static const MIB_IPFORWARDTABLE * get_windows_routing_table(struct gc_arena *gc)
Definition: route.c:2563
#define M_NONFATAL
Definition: error.h:95
static bool do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct tuntap *tt)
Definition: route.c:3050
char * dest
Definition: compat-lz4.h:431
static void del_bypass_routes(struct route_bypass *rb, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es)
Definition: route.c:958
#define GETADDR_RESOLVE
Definition: socket.h:520
#define ssize_t
Definition: config-msvc.h:105
in_addr_t remote_host
Definition: route.h:68
uint8_t hwaddr[6]
Definition: route.h:190
void argv_printf(struct argv *a, const char *format,...)
Definition: argv.c:318
int default_metric
Definition: route.h:220
#define M_WARN
Definition: error.h:96
#define D_ROUTE_DEBUG
Definition: errlevel.h:129
static const char * show_opt(const char *option)
Definition: route.c:1262
#define RGI_IFACE_DEFINED
Definition: route.h:149
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
#define DEV_TYPE_TAP
Definition: proto.h:38
int default_metric
Definition: route.h:71
void print_routes(const struct route_list *rl, int level)
Definition: route.c:1387
static void test_route_helper(bool *ret, int *count, int *good, int *ambig, const IP_ADAPTER_INFO *adapters, const in_addr_t gateway)
Definition: route.c:2600
bool del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:2956
int metric
Definition: route.h:121