OpenVPN
route.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 /*
25  * Support routines for adding/deleting network routes.
26  */
27 
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #elif defined(_MSC_VER)
31 #include "config-msvc.h"
32 #endif
33 
34 #include "syshead.h"
35 
36 #include "common.h"
37 #include "error.h"
38 #include "route.h"
39 #include "run_command.h"
40 #include "socket.h"
41 #include "manage.h"
42 #include "win32.h"
43 #include "options.h"
44 #include "networking.h"
45 
46 #include "memdbg.h"
47 
48 #if defined(TARGET_LINUX) || defined(TARGET_ANDROID)
49 #include <linux/rtnetlink.h> /* RTM_GETROUTE etc. */
50 #endif
51 
52 #ifdef _WIN32
53 #include "openvpn-msg.h"
54 
55 #define METRIC_NOT_USED ((DWORD)-1)
56 static bool add_route_service(const struct route_ipv4 *, const struct tuntap *);
57 
58 static bool del_route_service(const struct route_ipv4 *, const struct tuntap *);
59 
60 static bool add_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *);
61 
62 static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *);
63 
64 #endif
65 
66 static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx);
67 
68 static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags);
69 
70 #ifdef ENABLE_DEBUG
71 
72 static void
73 print_bypass_addresses(const struct route_bypass *rb)
74 {
75  struct gc_arena gc = gc_new();
76  int i;
77  for (i = 0; i < rb->n_bypass; ++i)
78  {
79  msg(D_ROUTE, "ROUTE: bypass_host_route[%d]=%s",
80  i,
81  print_in_addr_t(rb->bypass[i], 0, &gc));
82  }
83  gc_free(&gc);
84 }
85 
86 #endif
87 
88 static bool
90 {
91  int i;
92  for (i = 0; i < rb->n_bypass; ++i)
93  {
94  if (a == rb->bypass[i]) /* avoid duplicates */
95  {
96  return true;
97  }
98  }
99  if (rb->n_bypass < N_ROUTE_BYPASS)
100  {
101  rb->bypass[rb->n_bypass++] = a;
102  return true;
103  }
104  else
105  {
106  return false;
107  }
108 }
109 
110 struct route_option_list *
112 {
113  struct route_option_list *ret;
114  ALLOC_OBJ_CLEAR_GC(ret, struct route_option_list, a);
115  ret->gc = a;
116  return ret;
117 }
118 
119 struct route_ipv6_option_list *
121 {
122  struct route_ipv6_option_list *ret;
124  ret->gc = a;
125  return ret;
126 }
127 
128 /*
129  * NOTE: structs are cloned/copied shallow by design.
130  * The routes list from src will stay intact since it is allocated using
131  * the options->gc. The cloned/copied lists will share this common tail
132  * to avoid copying the data around between pulls. Pulled routes use
133  * the c2->gc so they get freed immediately after a reconnect.
134  */
135 struct route_option_list *
137 {
138  struct route_option_list *ret;
139  ALLOC_OBJ_GC(ret, struct route_option_list, a);
140  *ret = *src;
141  return ret;
142 }
143 
144 struct route_ipv6_option_list *
146 {
147  struct route_ipv6_option_list *ret;
148  ALLOC_OBJ_GC(ret, struct route_ipv6_option_list, a);
149  *ret = *src;
150  return ret;
151 }
152 
153 void
155 {
156  *dest = *src;
157  dest->gc = a;
158 }
159 
160 void
162  const struct route_ipv6_option_list *src,
163  struct gc_arena *a)
164 {
165  *dest = *src;
166  dest->gc = a;
167 }
168 
169 static const char *
170 route_string(const struct route_ipv4 *r, struct gc_arena *gc)
171 {
172  struct buffer out = alloc_buf_gc(256, gc);
173  buf_printf(&out, "ROUTE network %s netmask %s gateway %s",
174  print_in_addr_t(r->network, 0, gc),
175  print_in_addr_t(r->netmask, 0, gc),
176  print_in_addr_t(r->gateway, 0, gc)
177  );
178  if (r->flags & RT_METRIC_DEFINED)
179  {
180  buf_printf(&out, " metric %d", r->metric);
181  }
182  return BSTR(&out);
183 }
184 
185 static bool
186 is_route_parm_defined(const char *parm)
187 {
188  if (!parm)
189  {
190  return false;
191  }
192  if (!strcmp(parm, "default"))
193  {
194  return false;
195  }
196  return true;
197 }
198 
199 static void
200 setenv_route_addr(struct env_set *es, const char *key, const in_addr_t addr, int i)
201 {
202  struct gc_arena gc = gc_new();
203  struct buffer name = alloc_buf_gc(256, &gc);
204  if (i >= 0)
205  {
206  buf_printf(&name, "route_%s_%d", key, i);
207  }
208  else
209  {
210  buf_printf(&name, "route_%s", key);
211  }
212  setenv_str(es, BSTR(&name), print_in_addr_t(addr, 0, &gc));
213  gc_free(&gc);
214 }
215 
216 static bool
217 get_special_addr(const struct route_list *rl,
218  const char *string,
219  in_addr_t *out,
220  bool *status)
221 {
222  if (status)
223  {
224  *status = true;
225  }
226  if (!strcmp(string, "vpn_gateway"))
227  {
228  if (rl)
229  {
230  if (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
231  {
232  *out = rl->spec.remote_endpoint;
233  }
234  else
235  {
236  msg(M_INFO, PACKAGE_NAME " ROUTE: vpn_gateway undefined");
237  if (status)
238  {
239  *status = false;
240  }
241  }
242  }
243  return true;
244  }
245  else if (!strcmp(string, "net_gateway"))
246  {
247  if (rl)
248  {
249  if (rl->rgi.flags & RGI_ADDR_DEFINED)
250  {
251  *out = rl->rgi.gateway.addr;
252  }
253  else
254  {
255  msg(M_INFO, PACKAGE_NAME " ROUTE: net_gateway undefined -- unable to get default gateway from system");
256  if (status)
257  {
258  *status = false;
259  }
260  }
261  }
262  return true;
263  }
264  else if (!strcmp(string, "remote_host"))
265  {
266  if (rl)
267  {
268  if (rl->spec.flags & RTSA_REMOTE_HOST)
269  {
270  *out = rl->spec.remote_host;
271  }
272  else
273  {
274  msg(M_INFO, PACKAGE_NAME " ROUTE: remote_host undefined");
275  if (status)
276  {
277  *status = false;
278  }
279  }
280  }
281  return true;
282  }
283  return false;
284 }
285 
286 bool
287 is_special_addr(const char *addr_str)
288 {
289  if (addr_str)
290  {
291  return get_special_addr(NULL, addr_str, NULL, NULL);
292  }
293  else
294  {
295  return false;
296  }
297 }
298 
299 static bool
301  struct addrinfo **network_list,
302  const struct route_option *ro,
303  const struct route_list *rl)
304 {
305  const in_addr_t default_netmask = IPV4_NETMASK_HOST;
306  bool status;
307  int ret;
308  struct in_addr special;
309 
310  CLEAR(*r);
311  r->option = ro;
312 
313  /* network */
314 
315  if (!is_route_parm_defined(ro->network))
316  {
317  goto fail;
318  }
319 
320 
321  /* get_special_addr replaces specialaddr with a special ip addr
322  * like gw. getaddrinfo is called to convert a a addrinfo struct */
323 
324  if (get_special_addr(rl, ro->network, (in_addr_t *) &special.s_addr, &status))
325  {
326  special.s_addr = htonl(special.s_addr);
327  ret = openvpn_getaddrinfo(0, inet_ntoa(special), NULL, 0, NULL,
328  AF_INET, network_list);
329  }
330  else
331  {
333  ro->network, NULL, 0, NULL, AF_INET, network_list);
334  }
335 
336  status = (ret == 0);
337 
338  if (!status)
339  {
340  goto fail;
341  }
342 
343  /* netmask */
344 
346  {
347  r->netmask = getaddr(
350  ro->netmask,
351  0,
352  &status,
353  NULL);
354  if (!status)
355  {
356  goto fail;
357  }
358  }
359  else
360  {
361  r->netmask = default_netmask;
362  }
363 
364  /* gateway */
365 
367  {
368  if (!get_special_addr(rl, ro->gateway, &r->gateway, &status))
369  {
370  r->gateway = getaddr(
374  ro->gateway,
375  0,
376  &status,
377  NULL);
378  }
379  if (!status)
380  {
381  goto fail;
382  }
383  }
384  else
385  {
386  if (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
387  {
388  r->gateway = rl->spec.remote_endpoint;
389  }
390  else
391  {
392  msg(M_WARN, PACKAGE_NAME " ROUTE: " PACKAGE_NAME " needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options");
393  goto fail;
394  }
395  }
396 
397  /* metric */
398 
399  r->metric = 0;
400  if (is_route_parm_defined(ro->metric))
401  {
402  r->metric = atoi(ro->metric);
403  if (r->metric < 0)
404  {
405  msg(M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) must be >= 0",
406  ro->network,
407  ro->metric);
408  goto fail;
409  }
410  r->flags |= RT_METRIC_DEFINED;
411  }
412  else if (rl->spec.flags & RTSA_DEFAULT_METRIC)
413  {
414  r->metric = rl->spec.default_metric;
415  r->flags |= RT_METRIC_DEFINED;
416  }
417 
418  r->flags |= RT_DEFINED;
419 
420  return true;
421 
422 fail:
423  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve route for host/network: %s",
424  ro->network);
425  return false;
426 }
427 
428 static bool
430  const struct route_ipv6_option *r6o,
431  const struct route_ipv6_list *rl6 )
432 {
433  CLEAR(*r6);
434 
435  if (!get_ipv6_addr( r6o->prefix, &r6->network, &r6->netbits, M_WARN ))
436  {
437  goto fail;
438  }
439 
440  /* gateway */
441  if (is_route_parm_defined(r6o->gateway))
442  {
443  if (inet_pton( AF_INET6, r6o->gateway, &r6->gateway ) != 1)
444  {
445  msg( M_WARN, PACKAGE_NAME "ROUTE6: cannot parse gateway spec '%s'", r6o->gateway );
446  }
447  }
448  else if (rl6->spec_flags & RTSA_REMOTE_ENDPOINT)
449  {
450  r6->gateway = rl6->remote_endpoint_ipv6;
451  }
452 
453  /* metric */
454 
455  r6->metric = -1;
456  if (is_route_parm_defined(r6o->metric))
457  {
458  r6->metric = atoi(r6o->metric);
459  if (r6->metric < 0)
460  {
461  msg(M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) must be >= 0",
462  r6o->prefix,
463  r6o->metric);
464  goto fail;
465  }
466  r6->flags |= RT_METRIC_DEFINED;
467  }
468  else if (rl6->spec_flags & RTSA_DEFAULT_METRIC)
469  {
470  r6->metric = rl6->default_metric;
471  r6->flags |= RT_METRIC_DEFINED;
472  }
473 
474  r6->flags |= RT_DEFINED;
475 
476  return true;
477 
478 fail:
479  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve route for host/network: %s",
480  r6o->prefix);
481  return false;
482 }
483 
484 void
486  const char *network,
487  const char *netmask,
488  const char *gateway,
489  const char *metric)
490 {
491  struct route_option *ro;
492  ALLOC_OBJ_GC(ro, struct route_option, l->gc);
493  ro->network = network;
494  ro->netmask = netmask;
495  ro->gateway = gateway;
496  ro->metric = metric;
497  ro->next = l->routes;
498  l->routes = ro;
499 
500 }
501 
502 void
504  const char *prefix,
505  const char *gateway,
506  const char *metric)
507 {
508  struct route_ipv6_option *ro;
509  ALLOC_OBJ_GC(ro, struct route_ipv6_option, l->gc);
510  ro->prefix = prefix;
511  ro->gateway = gateway;
512  ro->metric = metric;
513  ro->next = l->routes_ipv6;
514  l->routes_ipv6 = ro;
515 }
516 
517 static void
519 {
520  gc_free(&rl->gc);
521  CLEAR(*rl);
522 }
523 
524 static void
526 {
527  gc_free(&rl6->gc);
528  CLEAR(*rl6);
529 }
530 
531 void
533  struct env_set *es,
534  const in_addr_t addr)
535 {
536  ASSERT(rl);
537  rl->spec.remote_endpoint = addr;
539  setenv_route_addr(es, "vpn_gateway", rl->spec.remote_endpoint, -1);
540 }
541 
542 static void
544  const struct route_gateway_address *gateway,
545  in_addr_t target)
546 {
547  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED);
548  if ((rl->rgi.flags & rgi_needed) == rgi_needed
549  && rl->rgi.gateway.netmask < 0xFFFFFFFF)
550  {
551  struct route_ipv4 *r1, *r2;
552  unsigned int l2;
553 
554  ALLOC_OBJ_GC(r1, struct route_ipv4, &rl->gc);
555  ALLOC_OBJ_GC(r2, struct route_ipv4, &rl->gc);
556 
557  /* split a route into two smaller blocking routes, and direct them to target */
558  l2 = ((~gateway->netmask)+1)>>1;
559  r1->flags = RT_DEFINED;
560  r1->gateway = target;
561  r1->network = gateway->addr & gateway->netmask;
562  r1->netmask = ~(l2-1);
563  r1->next = rl->routes;
564  rl->routes = r1;
565 
566  *r2 = *r1;
567  r2->network += l2;
568  r2->next = rl->routes;
569  rl->routes = r2;
570  }
571 }
572 
573 static void
575 {
576  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED);
577  if ((rl->flags & RG_BLOCK_LOCAL)
578  && (rl->rgi.flags & rgi_needed) == rgi_needed
579  && (rl->spec.flags & RTSA_REMOTE_ENDPOINT)
580  && rl->spec.remote_host_local != TLA_LOCAL)
581  {
582  size_t i;
583 
584 #ifndef TARGET_ANDROID
585  /* add bypass for gateway addr */
587 #endif
588 
589  /* block access to local subnet */
591 
592  /* process additional subnets on gateway interface */
593  for (i = 0; i < rl->rgi.n_addrs; ++i)
594  {
595  const struct route_gateway_address *gwa = &rl->rgi.addrs[i];
596  /* omit the add/subnet in &rl->rgi which we processed above */
597  if (!((rl->rgi.gateway.addr & rl->rgi.gateway.netmask) == (gwa->addr & gwa->netmask)
598  && rl->rgi.gateway.netmask == gwa->netmask))
599  {
601  }
602  }
603  }
604 }
605 
606 bool
608  const struct route_option_list *opt,
609  const char *remote_endpoint,
610  int default_metric,
611  in_addr_t remote_host,
612  struct env_set *es,
613  openvpn_net_ctx_t *ctx)
614 {
615  struct gc_arena gc = gc_new();
616  bool ret = true;
617 
618  clear_route_list(rl);
619 
620  rl->flags = opt->flags;
621 
622  if (remote_host)
623  {
624  rl->spec.remote_host = remote_host;
625  rl->spec.flags |= RTSA_REMOTE_HOST;
626  }
627 
628  if (default_metric)
629  {
630  rl->spec.default_metric = default_metric;
632  }
633 
634  get_default_gateway(&rl->rgi, ctx);
635  if (rl->rgi.flags & RGI_ADDR_DEFINED)
636  {
637  setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1);
638 #if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL)
639  print_default_gateway(D_ROUTE, &rl->rgi, NULL);
640 #endif
641  }
642  else
643  {
644  dmsg(D_ROUTE, "ROUTE: default_gateway=UNDEF");
645  }
646 
647  if (rl->spec.flags & RTSA_REMOTE_HOST)
648  {
649  rl->spec.remote_host_local = test_local_addr(remote_host, &rl->rgi);
650  }
651 
652  if (is_route_parm_defined(remote_endpoint))
653  {
654  bool defined = false;
659  remote_endpoint,
660  0,
661  &defined,
662  NULL);
663 
664  if (defined)
665  {
666  setenv_route_addr(es, "vpn_gateway", rl->spec.remote_endpoint, -1);
668  }
669  else
670  {
671  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve default gateway: %s",
672  remote_endpoint);
673  ret = false;
674  }
675  }
676 
677  if (rl->flags & RG_ENABLE)
678  {
679  add_block_local(rl);
681 #ifdef ENABLE_DEBUG
682  print_bypass_addresses(&rl->spec.bypass);
683 #endif
684  }
685 
686  /* parse the routes from opt to rl */
687  {
688  struct route_option *ro;
689  for (ro = opt->routes; ro; ro = ro->next)
690  {
691  struct addrinfo *netlist = NULL;
692  struct route_ipv4 r;
693 
694  if (!init_route(&r, &netlist, ro, rl))
695  {
696  ret = false;
697  }
698  else
699  {
700  struct addrinfo *curele;
701  for (curele = netlist; curele; curele = curele->ai_next)
702  {
703  struct route_ipv4 *new;
704  ALLOC_OBJ_GC(new, struct route_ipv4, &rl->gc);
705  *new = r;
706  new->network = ntohl(((struct sockaddr_in *)curele->ai_addr)->sin_addr.s_addr);
707  new->next = rl->routes;
708  rl->routes = new;
709  }
710  }
711  if (netlist)
712  {
713  gc_addspecial(netlist, &gc_freeaddrinfo_callback, &gc);
714  }
715  }
716  }
717 
718  gc_free(&gc);
719  return ret;
720 }
721 
722 /* check whether an IPv6 host address is covered by a given route_ipv6
723  * (not the most beautiful implementation in the world, but portable and
724  * "good enough")
725  */
726 static bool
728  const struct in6_addr *host )
729 {
730  unsigned int bits = r6->netbits;
731  int i;
732  unsigned int mask;
733 
734  if (bits>128)
735  {
736  return false;
737  }
738 
739  for (i = 0; bits >= 8; i++, bits -= 8)
740  {
741  if (r6->network.s6_addr[i] != host->s6_addr[i])
742  {
743  return false;
744  }
745  }
746 
747  if (bits == 0)
748  {
749  return true;
750  }
751 
752  mask = 0xff << (8-bits);
753 
754  if ( (r6->network.s6_addr[i] & mask) == (host->s6_addr[i] & mask ))
755  {
756  return true;
757  }
758 
759  return false;
760 }
761 
762 bool
764  const struct route_ipv6_option_list *opt6,
765  const char *remote_endpoint,
766  int default_metric,
767  const struct in6_addr *remote_host_ipv6,
768  struct env_set *es,
769  openvpn_net_ctx_t *ctx)
770 {
771  struct gc_arena gc = gc_new();
772  bool ret = true;
773  bool need_remote_ipv6_route;
774 
776 
777  rl6->flags = opt6->flags;
778 
779  if (remote_host_ipv6)
780  {
781  rl6->remote_host_ipv6 = *remote_host_ipv6;
783  }
784 
785  if (default_metric >= 0)
786  {
787  rl6->default_metric = default_metric;
789  }
790 
791  msg(D_ROUTE, "GDG6: remote_host_ipv6=%s",
792  remote_host_ipv6 ? print_in6_addr(*remote_host_ipv6, 0, &gc) : "n/a" );
793 
794  get_default_gateway_ipv6(&rl6->rgi6, remote_host_ipv6, ctx);
795  if (rl6->rgi6.flags & RGI_ADDR_DEFINED)
796  {
797  setenv_str(es, "net_gateway_ipv6", print_in6_addr(rl6->rgi6.gateway.addr_ipv6, 0, &gc));
798 #if defined(ENABLE_DEBUG) && !defined(ENABLE_SMALL)
799  print_default_gateway(D_ROUTE, NULL, &rl6->rgi6);
800 #endif
801  }
802  else
803  {
804  dmsg(D_ROUTE, "ROUTE6: default_gateway=UNDEF");
805  }
806 
807  if (is_route_parm_defined( remote_endpoint ))
808  {
809  if (inet_pton( AF_INET6, remote_endpoint,
810  &rl6->remote_endpoint_ipv6) == 1)
811  {
813  }
814  else
815  {
816  msg(M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve VPN endpoint: %s", remote_endpoint);
817  ret = false;
818  }
819  }
820 
821  /* parse the routes from opt6 to rl6
822  * discovering potential overlaps with remote_host_ipv6 in the process
823  */
824  need_remote_ipv6_route = false;
825 
826  {
827  struct route_ipv6_option *ro6;
828  for (ro6 = opt6->routes_ipv6; ro6; ro6 = ro6->next)
829  {
830  struct route_ipv6 *r6;
831  ALLOC_OBJ_GC(r6, struct route_ipv6, &rl6->gc);
832  if (!init_route_ipv6(r6, ro6, rl6))
833  {
834  ret = false;
835  }
836  else
837  {
838  r6->next = rl6->routes_ipv6;
839  rl6->routes_ipv6 = r6;
840 
841 #ifndef TARGET_ANDROID
842  /* On Android the VPNService protect function call will take of
843  * avoiding routing loops, so ignore this part and let
844  * need_remote_ipv6_route always evaluate to false
845  */
846  if (remote_host_ipv6
847  && route_ipv6_match_host( r6, remote_host_ipv6 ) )
848  {
849  need_remote_ipv6_route = true;
850  msg(D_ROUTE, "ROUTE6: %s/%d overlaps IPv6 remote %s, adding host route to VPN endpoint",
851  print_in6_addr(r6->network, 0, &gc), r6->netbits,
852  print_in6_addr(*remote_host_ipv6, 0, &gc));
853  }
854 #endif
855  }
856  }
857  }
858 
859  /* add VPN server host route if needed */
860  if (need_remote_ipv6_route)
861  {
862  if ( (rl6->rgi6.flags & (RGI_ADDR_DEFINED|RGI_IFACE_DEFINED) ) ==
864  {
865  struct route_ipv6 *r6;
866  ALLOC_OBJ_CLEAR_GC(r6, struct route_ipv6, &rl6->gc);
867 
868  r6->network = *remote_host_ipv6;
869  r6->netbits = 128;
870  if (!(rl6->rgi6.flags & RGI_ON_LINK) )
871  {
872  r6->gateway = rl6->rgi6.gateway.addr_ipv6;
873  }
874  r6->metric = 1;
875 #ifdef _WIN32
876  r6->adapter_index = rl6->rgi6.adapter_index;
877 #else
878  r6->iface = rl6->rgi6.iface;
879 #endif
881 
882  r6->next = rl6->routes_ipv6;
883  rl6->routes_ipv6 = r6;
884  }
885  else
886  {
887  msg(M_WARN, "ROUTE6: IPv6 route overlaps with IPv6 remote address, but could not determine IPv6 gateway address + interface, expect failure\n" );
888  }
889  }
890 
891  gc_free(&gc);
892  return ret;
893 }
894 
895 static void
897  in_addr_t netmask,
899  const struct tuntap *tt,
900  unsigned int flags,
901  const struct route_gateway_info *rgi,
902  const struct env_set *es,
903  openvpn_net_ctx_t *ctx)
904 {
905  struct route_ipv4 r;
906  CLEAR(r);
907  r.flags = RT_DEFINED;
908  r.network = network;
909  r.netmask = netmask;
910  r.gateway = gateway;
911  add_route(&r, tt, flags, rgi, es, ctx);
912 }
913 
914 static void
918  const struct tuntap *tt,
919  unsigned int flags,
920  const struct route_gateway_info *rgi,
921  const struct env_set *es,
922  openvpn_net_ctx_t *ctx)
923 {
924  struct route_ipv4 r;
925  CLEAR(r);
927  r.network = network;
928  r.netmask = netmask;
929  r.gateway = gateway;
930  delete_route(&r, tt, flags, rgi, es, ctx);
931 }
932 
933 static void
936  const struct tuntap *tt,
937  unsigned int flags,
938  const struct route_gateway_info *rgi,
939  const struct env_set *es,
940  openvpn_net_ctx_t *ctx)
941 {
942  int i;
943  for (i = 0; i < rb->n_bypass; ++i)
944  {
945  if (rb->bypass[i])
946  {
947  add_route3(rb->bypass[i],
949  gateway,
950  tt,
951  flags | ROUTE_REF_GW,
952  rgi,
953  es,
954  ctx);
955  }
956  }
957 }
958 
959 static void
962  const struct tuntap *tt,
963  unsigned int flags,
964  const struct route_gateway_info *rgi,
965  const struct env_set *es,
966  openvpn_net_ctx_t *ctx)
967 {
968  int i;
969  for (i = 0; i < rb->n_bypass; ++i)
970  {
971  if (rb->bypass[i])
972  {
973  del_route3(rb->bypass[i],
975  gateway,
976  tt,
977  flags | ROUTE_REF_GW,
978  rgi,
979  es,
980  ctx);
981  }
982  }
983 }
984 
985 static void
986 redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt,
987  unsigned int flags, const struct env_set *es,
988  openvpn_net_ctx_t *ctx)
989 {
990  const char err[] = "NOTE: unable to redirect default gateway --";
991 
992  if (rl && rl->flags & RG_ENABLE)
993  {
994  bool local = rl->flags & RG_LOCAL;
995 
996  if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT) && (rl->flags & RG_REROUTE_GW))
997  {
998  msg(M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err);
999  }
1000  /*
1001  * check if a default route is defined, unless:
1002  * - we are connecting to a remote host in our network
1003  * - we are connecting to a non-IPv4 remote host (i.e. we use IPv6)
1004  */
1005  else if (!(rl->rgi.flags & RGI_ADDR_DEFINED) && !local
1006  && (rl->spec.remote_host != IPV4_INVALID_ADDR))
1007  {
1008  msg(M_WARN, "%s Cannot read current default gateway from system", err);
1009  }
1010  else if (!(rl->spec.flags & RTSA_REMOTE_HOST))
1011  {
1012  msg(M_WARN, "%s Cannot obtain current remote host address", err);
1013  }
1014  else
1015  {
1016 #ifndef TARGET_ANDROID
1017  if (rl->flags & RG_AUTO_LOCAL)
1018  {
1019  const int tla = rl->spec.remote_host_local;
1020  if (tla == TLA_NONLOCAL)
1021  {
1022  dmsg(D_ROUTE, "ROUTE remote_host is NOT LOCAL");
1023  local = false;
1024  }
1025  else if (tla == TLA_LOCAL)
1026  {
1027  dmsg(D_ROUTE, "ROUTE remote_host is LOCAL");
1028  local = true;
1029  }
1030  }
1031  if (!local)
1032  {
1033  /* route remote host to original default gateway */
1034  /* if remote_host is not ipv4 (ie: ipv6), just skip
1035  * adding this special /32 route */
1036  if (rl->spec.remote_host != IPV4_INVALID_ADDR)
1037  {
1040  rl->rgi.gateway.addr,
1041  tt,
1042  flags | ROUTE_REF_GW,
1043  &rl->rgi,
1044  es,
1045  ctx);
1046  rl->iflags |= RL_DID_LOCAL;
1047  }
1048  else
1049  {
1050  dmsg(D_ROUTE, "ROUTE remote_host protocol differs from tunneled");
1051  }
1052  }
1053 #endif /* ifndef TARGET_ANDROID */
1054 
1055  /* route DHCP/DNS server traffic through original default gateway */
1056  add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags,
1057  &rl->rgi, es, ctx);
1058 
1059  if (rl->flags & RG_REROUTE_GW)
1060  {
1061  if (rl->flags & RG_DEF1)
1062  {
1063  /* add new default route (1st component) */
1064  add_route3(0x00000000,
1065  0x80000000,
1066  rl->spec.remote_endpoint,
1067  tt,
1068  flags,
1069  &rl->rgi,
1070  es,
1071  ctx);
1072 
1073  /* add new default route (2nd component) */
1074  add_route3(0x80000000,
1075  0x80000000,
1076  rl->spec.remote_endpoint,
1077  tt,
1078  flags,
1079  &rl->rgi,
1080  es,
1081  ctx);
1082  }
1083  else
1084  {
1085  /* don't try to remove the def route if it does not exist */
1086  if (rl->rgi.flags & RGI_ADDR_DEFINED)
1087  {
1088  /* delete default route */
1089  del_route3(0, 0, rl->rgi.gateway.addr, tt,
1090  flags | ROUTE_REF_GW, &rl->rgi, es, ctx);
1091  }
1092 
1093  /* add new default route */
1094  add_route3(0,
1095  0,
1096  rl->spec.remote_endpoint,
1097  tt,
1098  flags,
1099  &rl->rgi,
1100  es,
1101  ctx);
1102  }
1103  }
1104 
1105  /* set a flag so we can undo later */
1107  }
1108  }
1109 }
1110 
1111 static void
1113  const struct tuntap *tt, unsigned int flags,
1114  const struct env_set *es,
1115  openvpn_net_ctx_t *ctx)
1116 {
1117  if (rl && rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY)
1118  {
1119  /* delete remote host route */
1120  if (rl->iflags & RL_DID_LOCAL)
1121  {
1124  rl->rgi.gateway.addr,
1125  tt,
1126  flags | ROUTE_REF_GW,
1127  &rl->rgi,
1128  es,
1129  ctx);
1130  rl->iflags &= ~RL_DID_LOCAL;
1131  }
1132 
1133  /* delete special DHCP/DNS bypass route */
1134  del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags,
1135  &rl->rgi, es, ctx);
1136 
1137  if (rl->flags & RG_REROUTE_GW)
1138  {
1139  if (rl->flags & RG_DEF1)
1140  {
1141  /* delete default route (1st component) */
1142  del_route3(0x00000000,
1143  0x80000000,
1144  rl->spec.remote_endpoint,
1145  tt,
1146  flags,
1147  &rl->rgi,
1148  es,
1149  ctx);
1150 
1151  /* delete default route (2nd component) */
1152  del_route3(0x80000000,
1153  0x80000000,
1154  rl->spec.remote_endpoint,
1155  tt,
1156  flags,
1157  &rl->rgi,
1158  es,
1159  ctx);
1160  }
1161  else
1162  {
1163  /* delete default route */
1164  del_route3(0,
1165  0,
1166  rl->spec.remote_endpoint,
1167  tt,
1168  flags,
1169  &rl->rgi,
1170  es,
1171  ctx);
1172  /* restore original default route if there was any */
1173  if (rl->rgi.flags & RGI_ADDR_DEFINED)
1174  {
1175  add_route3(0, 0, rl->rgi.gateway.addr, tt,
1176  flags | ROUTE_REF_GW, &rl->rgi, es, ctx);
1177  }
1178  }
1179  }
1180 
1182  }
1183 }
1184 
1185 void
1186 add_routes(struct route_list *rl, struct route_ipv6_list *rl6,
1187  const struct tuntap *tt, unsigned int flags,
1188  const struct env_set *es, openvpn_net_ctx_t *ctx)
1189 {
1190  redirect_default_route_to_vpn(rl, tt, flags, es, ctx);
1191  if (rl && !(rl->iflags & RL_ROUTES_ADDED) )
1192  {
1193  struct route_ipv4 *r;
1194 
1195 #ifdef ENABLE_MANAGEMENT
1196  if (management && rl->routes)
1197  {
1200  NULL,
1201  NULL,
1202  NULL,
1203  NULL,
1204  NULL);
1205  }
1206 #endif
1207 
1208  for (r = rl->routes; r; r = r->next)
1209  {
1210  check_subnet_conflict(r->network, r->netmask, "route");
1211  if (flags & ROUTE_DELETE_FIRST)
1212  {
1213  delete_route(r, tt, flags, &rl->rgi, es, ctx);
1214  }
1215  add_route(r, tt, flags, &rl->rgi, es, ctx);
1216  }
1217  rl->iflags |= RL_ROUTES_ADDED;
1218  }
1219  if (rl6 && !(rl6->iflags & RL_ROUTES_ADDED) )
1220  {
1221  struct route_ipv6 *r;
1222 
1223  if (!tt->did_ifconfig_ipv6_setup)
1224  {
1225  msg(M_INFO, "WARNING: OpenVPN was configured to add an IPv6 "
1226  "route over %s. However, no IPv6 has been configured for "
1227  "this interface, therefore the route installation may "
1228  "fail or may not work as expected.", tt->actual_name);
1229  }
1230 
1231  for (r = rl6->routes_ipv6; r; r = r->next)
1232  {
1233  if (flags & ROUTE_DELETE_FIRST)
1234  {
1235  delete_route_ipv6(r, tt, flags, es, ctx);
1236  }
1237  add_route_ipv6(r, tt, flags, es, ctx);
1238  }
1239  rl6->iflags |= RL_ROUTES_ADDED;
1240  }
1241 }
1242 
1243 void
1244 delete_routes(struct route_list *rl, struct route_ipv6_list *rl6,
1245  const struct tuntap *tt, unsigned int flags,
1246  const struct env_set *es, openvpn_net_ctx_t *ctx)
1247 {
1248  if (rl && rl->iflags & RL_ROUTES_ADDED)
1249  {
1250  struct route_ipv4 *r;
1251  for (r = rl->routes; r; r = r->next)
1252  {
1253  delete_route(r, tt, flags, &rl->rgi, es, ctx);
1254  }
1255  rl->iflags &= ~RL_ROUTES_ADDED;
1256  }
1257 
1258  undo_redirect_default_route_to_vpn(rl, tt, flags, es, ctx);
1259 
1260  if (rl)
1261  {
1262  clear_route_list(rl);
1263  }
1264 
1265  if (rl6 && (rl6->iflags & RL_ROUTES_ADDED) )
1266  {
1267  struct route_ipv6 *r6;
1268  for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
1269  {
1270  delete_route_ipv6(r6, tt, flags, es, ctx);
1271  }
1272  rl6->iflags &= ~RL_ROUTES_ADDED;
1273  }
1274 
1275  if (rl6)
1276  {
1277  clear_route_ipv6_list(rl6);
1278  }
1279 }
1280 
1281 #ifndef ENABLE_SMALL
1282 
1283 static const char *
1284 show_opt(const char *option)
1285 {
1286  if (!option)
1287  {
1288  return "default (not set)";
1289  }
1290  else
1291  {
1292  return option;
1293  }
1294 }
1295 
1296 static void
1297 print_route_option(const struct route_option *ro, int level)
1298 {
1299  msg(level, " route %s/%s/%s/%s",
1300  show_opt(ro->network),
1301  show_opt(ro->netmask),
1302  show_opt(ro->gateway),
1303  show_opt(ro->metric));
1304 }
1305 
1306 void
1308  int level)
1309 {
1310  struct route_option *ro;
1311  if (rol->flags & RG_ENABLE)
1312  {
1313  msg(level, " [redirect_default_gateway local=%d]",
1314  (rol->flags & RG_LOCAL) != 0);
1315  }
1316  for (ro = rol->routes; ro; ro = ro->next)
1317  {
1318  print_route_option(ro, level);
1319  }
1320 }
1321 
1322 void
1323 print_default_gateway(const int msglevel,
1324  const struct route_gateway_info *rgi,
1325  const struct route_ipv6_gateway_info *rgi6)
1326 {
1327  struct gc_arena gc = gc_new();
1328  if (rgi && (rgi->flags & RGI_ADDR_DEFINED))
1329  {
1330  struct buffer out = alloc_buf_gc(256, &gc);
1331  buf_printf(&out, "ROUTE_GATEWAY");
1332  if (rgi->flags & RGI_ON_LINK)
1333  {
1334  buf_printf(&out, " ON_LINK");
1335  }
1336  else
1337  {
1338  buf_printf(&out, " %s", print_in_addr_t(rgi->gateway.addr, 0, &gc));
1339  }
1340  if (rgi->flags & RGI_NETMASK_DEFINED)
1341  {
1342  buf_printf(&out, "/%s", print_in_addr_t(rgi->gateway.netmask, 0, &gc));
1343  }
1344 #ifdef _WIN32
1345  if (rgi->flags & RGI_IFACE_DEFINED)
1346  {
1347  buf_printf(&out, " I=%lu", rgi->adapter_index);
1348  }
1349 #else
1350  if (rgi->flags & RGI_IFACE_DEFINED)
1351  {
1352  buf_printf(&out, " IFACE=%s", rgi->iface);
1353  }
1354 #endif
1355  if (rgi->flags & RGI_HWADDR_DEFINED)
1356  {
1357  buf_printf(&out, " HWADDR=%s", format_hex_ex(rgi->hwaddr, 6, 0, 1, ":", &gc));
1358  }
1359  msg(msglevel, "%s", BSTR(&out));
1360  }
1361 
1362  if (rgi6 && (rgi6->flags & RGI_ADDR_DEFINED))
1363  {
1364  struct buffer out = alloc_buf_gc(256, &gc);
1365  buf_printf(&out, "ROUTE6_GATEWAY");
1366  buf_printf(&out, " %s", print_in6_addr(rgi6->gateway.addr_ipv6, 0, &gc));
1367  if (rgi6->flags & RGI_ON_LINK)
1368  {
1369  buf_printf(&out, " ON_LINK");
1370  }
1371  if (rgi6->flags & RGI_NETMASK_DEFINED)
1372  {
1373  buf_printf(&out, "/%d", rgi6->gateway.netbits_ipv6);
1374  }
1375 #ifdef _WIN32
1376  if (rgi6->flags & RGI_IFACE_DEFINED)
1377  {
1378  buf_printf(&out, " I=%lu", rgi6->adapter_index);
1379  }
1380 #else
1381  if (rgi6->flags & RGI_IFACE_DEFINED)
1382  {
1383  buf_printf(&out, " IFACE=%s", rgi6->iface);
1384  }
1385 #endif
1386  if (rgi6->flags & RGI_HWADDR_DEFINED)
1387  {
1388  buf_printf(&out, " HWADDR=%s", format_hex_ex(rgi6->hwaddr, 6, 0, 1, ":", &gc));
1389  }
1390  msg(msglevel, "%s", BSTR(&out));
1391  }
1392  gc_free(&gc);
1393 }
1394 
1395 #endif /* ifndef ENABLE_SMALL */
1396 
1397 static void
1398 print_route(const struct route_ipv4 *r, int level)
1399 {
1400  struct gc_arena gc = gc_new();
1401  if (r->flags & RT_DEFINED)
1402  {
1403  msg(level, "%s", route_string(r, &gc));
1404  }
1405  gc_free(&gc);
1406 }
1407 
1408 void
1409 print_routes(const struct route_list *rl, int level)
1410 {
1411  struct route_ipv4 *r;
1412  for (r = rl->routes; r; r = r->next)
1413  {
1414  print_route(r, level);
1415  }
1416 }
1417 
1418 static void
1419 setenv_route(struct env_set *es, const struct route_ipv4 *r, int i)
1420 {
1421  struct gc_arena gc = gc_new();
1422  if (r->flags & RT_DEFINED)
1423  {
1424  setenv_route_addr(es, "network", r->network, i);
1425  setenv_route_addr(es, "netmask", r->netmask, i);
1426  setenv_route_addr(es, "gateway", r->gateway, i);
1427 
1428  if (r->flags & RT_METRIC_DEFINED)
1429  {
1430  struct buffer name = alloc_buf_gc(256, &gc);
1431  buf_printf(&name, "route_metric_%d", i);
1432  setenv_int(es, BSTR(&name), r->metric);
1433  }
1434  }
1435  gc_free(&gc);
1436 }
1437 
1438 void
1439 setenv_routes(struct env_set *es, const struct route_list *rl)
1440 {
1441  int i = 1;
1442  struct route_ipv4 *r;
1443  for (r = rl->routes; r; r = r->next)
1444  {
1445  setenv_route(es, r, i++);
1446  }
1447 }
1448 
1449 static void
1450 setenv_route_ipv6(struct env_set *es, const struct route_ipv6 *r6, int i)
1451 {
1452  struct gc_arena gc = gc_new();
1453  if (r6->flags & RT_DEFINED)
1454  {
1455  struct buffer name1 = alloc_buf_gc( 256, &gc );
1456  struct buffer val = alloc_buf_gc( 256, &gc );
1457  struct buffer name2 = alloc_buf_gc( 256, &gc );
1458 
1459  buf_printf( &name1, "route_ipv6_network_%d", i );
1460  buf_printf( &val, "%s/%d", print_in6_addr( r6->network, 0, &gc ),
1461  r6->netbits );
1462  setenv_str( es, BSTR(&name1), BSTR(&val) );
1463 
1464  buf_printf( &name2, "route_ipv6_gateway_%d", i );
1465  setenv_str( es, BSTR(&name2), print_in6_addr( r6->gateway, 0, &gc ));
1466  }
1467  gc_free(&gc);
1468 }
1469 void
1470 setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
1471 {
1472  int i = 1;
1473  struct route_ipv6 *r6;
1474  for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
1475  {
1476  setenv_route_ipv6(es, r6, i++);
1477  }
1478 }
1479 
1480 /*
1481  * local_route() determines whether the gateway of a provided host
1482  * route is on the same interface that owns the default gateway.
1483  * It uses the data structure
1484  * returned by get_default_gateway() (struct route_gateway_info)
1485  * to determine this. If the route is local, LR_MATCH is returned.
1486  * When adding routes into the kernel, if LR_MATCH is defined for
1487  * a given route, the route should explicitly reference the default
1488  * gateway interface as the route destination. For example, here
1489  * is an example on Linux that uses LR_MATCH:
1490  *
1491  * route add -net 10.10.0.1 netmask 255.255.255.255 dev eth0
1492  *
1493  * This capability is needed by the "default-gateway block-local"
1494  * directive, to allow client access to the local subnet to be
1495  * blocked but still allow access to the local default gateway.
1496  */
1497 
1498 /* local_route() return values */
1499 #define LR_NOMATCH 0 /* route is not local */
1500 #define LR_MATCH 1 /* route is local */
1501 #define LR_ERROR 2 /* caller should abort adding route */
1502 
1503 static int
1505  in_addr_t netmask,
1507  const struct route_gateway_info *rgi)
1508 {
1509  /* set LR_MATCH on local host routes */
1510  const int rgi_needed = (RGI_ADDR_DEFINED|RGI_NETMASK_DEFINED|RGI_IFACE_DEFINED);
1511  if (rgi
1512  && (rgi->flags & rgi_needed) == rgi_needed
1513  && gateway == rgi->gateway.addr
1514  && netmask == 0xFFFFFFFF)
1515  {
1516  if (((network ^ rgi->gateway.addr) & rgi->gateway.netmask) == 0)
1517  {
1518  return LR_MATCH;
1519  }
1520  else
1521  {
1522  /* examine additional subnets on gateway interface */
1523  size_t i;
1524  for (i = 0; i < rgi->n_addrs; ++i)
1525  {
1526  const struct route_gateway_address *gwa = &rgi->addrs[i];
1527  if (((network ^ gwa->addr) & gwa->netmask) == 0)
1528  {
1529  return LR_MATCH;
1530  }
1531  }
1532  }
1533  }
1534  return LR_NOMATCH;
1535 }
1536 
1537 /* Return true if the "on-link" form of the route should be used. This is when the gateway for a
1538  * a route is specified as an interface rather than an address. */
1539 static inline bool
1540 is_on_link(const int is_local_route, const unsigned int flags, const struct route_gateway_info *rgi)
1541 {
1542  return rgi && (is_local_route == LR_MATCH || ((flags & ROUTE_REF_GW) && (rgi->flags & RGI_ON_LINK)));
1543 }
1544 
1545 void
1547  const struct tuntap *tt,
1548  unsigned int flags,
1549  const struct route_gateway_info *rgi, /* may be NULL */
1550  const struct env_set *es,
1551  openvpn_net_ctx_t *ctx)
1552 {
1553  struct gc_arena gc;
1554  struct argv argv = argv_new();
1555 #if !defined(TARGET_LINUX)
1556  const char *network;
1557 #if !defined(TARGET_AIX)
1558  const char *netmask;
1559 #endif
1560  const char *gateway;
1561 #endif
1562  bool status = false;
1563  int is_local_route;
1564 
1565  if (!(r->flags & RT_DEFINED))
1566  {
1567  return;
1568  }
1569 
1570  gc_init(&gc);
1571 
1572 #if !defined(TARGET_LINUX)
1573  network = print_in_addr_t(r->network, 0, &gc);
1574 #if !defined(TARGET_AIX)
1575  netmask = print_in_addr_t(r->netmask, 0, &gc);
1576 #endif
1577  gateway = print_in_addr_t(r->gateway, 0, &gc);
1578 #endif
1579 
1580  is_local_route = local_route(r->network, r->netmask, r->gateway, rgi);
1581  if (is_local_route == LR_ERROR)
1582  {
1583  goto done;
1584  }
1585 
1586 #if defined(TARGET_LINUX)
1587  const char *iface = NULL;
1588  int metric = -1;
1589 
1590  if (is_on_link(is_local_route, flags, rgi))
1591  {
1592  iface = rgi->iface;
1593  }
1594 
1595  if (r->flags & RT_METRIC_DEFINED)
1596  {
1597  metric = r->metric;
1598  }
1599 
1600  status = true;
1601  if (net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask),
1602  &r->gateway, iface, 0, metric) < 0)
1603  {
1604  msg(M_WARN, "ERROR: Linux route add command failed");
1605  status = false;
1606  }
1607 
1608 #elif defined (TARGET_ANDROID)
1609  char out[128];
1610 
1611  if (rgi)
1612  {
1613  openvpn_snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface);
1614  }
1615  else
1616  {
1617  openvpn_snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway);
1618  }
1619  management_android_control(management, "ROUTE", out);
1620 
1621 #elif defined (_WIN32)
1622  {
1623  DWORD ai = TUN_ADAPTER_INDEX_INVALID;
1624  argv_printf(&argv, "%s%sc ADD %s MASK %s %s",
1625  get_win_sys_path(),
1627  network,
1628  netmask,
1629  gateway);
1630  if (r->flags & RT_METRIC_DEFINED)
1631  {
1632  argv_printf_cat(&argv, "METRIC %d", r->metric);
1633  }
1634  if (is_on_link(is_local_route, flags, rgi))
1635  {
1636  ai = rgi->adapter_index;
1637  argv_printf_cat(&argv, "IF %lu", ai);
1638  }
1639 
1640  argv_msg(D_ROUTE, &argv);
1641 
1642  if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_SERVICE)
1643  {
1644  status = add_route_service(r, tt);
1645  msg(D_ROUTE, "Route addition via service %s", status ? "succeeded" : "failed");
1646  }
1647  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
1648  {
1649  status = add_route_ipapi(r, tt, ai);
1650  msg(D_ROUTE, "Route addition via IPAPI %s", status ? "succeeded" : "failed");
1651  }
1652  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
1653  {
1655  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add command failed");
1657  }
1658  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
1659  {
1660  status = add_route_ipapi(r, tt, ai);
1661  msg(D_ROUTE, "Route addition via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
1662  if (!status)
1663  {
1664  msg(D_ROUTE, "Route addition fallback to route.exe");
1666  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add command failed [adaptive]");
1668  }
1669  }
1670  else
1671  {
1672  ASSERT(0);
1673  }
1674  }
1675 
1676 #elif defined (TARGET_SOLARIS)
1677 
1678  /* example: route add 192.0.2.32 -netmask 255.255.255.224 somegateway */
1679 
1680  argv_printf(&argv, "%s add",
1681  ROUTE_PATH);
1682 
1683  argv_printf_cat(&argv, "%s -netmask %s %s",
1684  network,
1685  netmask,
1686  gateway);
1687 
1688  /* Solaris can only distinguish between "metric 0" == "on-link on the
1689  * interface where the IP address given is configured" and "metric > 0"
1690  * == "use gateway specified" (no finer-grained route metrics available)
1691  *
1692  * More recent versions of Solaris can also do "-interface", but that
1693  * would break backwards compatibility with older versions for no gain.
1694  */
1695  if (r->flags & RT_METRIC_DEFINED)
1696  {
1697  argv_printf_cat(&argv, "%d", r->metric);
1698  }
1699 
1700  argv_msg(D_ROUTE, &argv);
1701  status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
1702 
1703 #elif defined(TARGET_FREEBSD)
1704 
1705  argv_printf(&argv, "%s add",
1706  ROUTE_PATH);
1707 
1708 #if 0
1709  if (r->flags & RT_METRIC_DEFINED)
1710  {
1711  argv_printf_cat(&argv, "-rtt %d", r->metric);
1712  }
1713 #endif
1714 
1715  argv_printf_cat(&argv, "-net %s %s %s",
1716  network,
1717  gateway,
1718  netmask);
1719 
1720  /* FIXME -- add on-link support for FreeBSD */
1721 
1722  argv_msg(D_ROUTE, &argv);
1723  status = openvpn_execve_check(&argv, es, 0, "ERROR: FreeBSD route add command failed");
1724 
1725 #elif defined(TARGET_DRAGONFLY)
1726 
1727  argv_printf(&argv, "%s add",
1728  ROUTE_PATH);
1729 
1730 #if 0
1731  if (r->flags & RT_METRIC_DEFINED)
1732  {
1733  argv_printf_cat(&argv, "-rtt %d", r->metric);
1734  }
1735 #endif
1736 
1737  argv_printf_cat(&argv, "-net %s %s %s",
1738  network,
1739  gateway,
1740  netmask);
1741 
1742  /* FIXME -- add on-link support for Dragonfly */
1743 
1744  argv_msg(D_ROUTE, &argv);
1745  status = openvpn_execve_check(&argv, es, 0, "ERROR: DragonFly route add command failed");
1746 
1747 #elif defined(TARGET_DARWIN)
1748 
1749  argv_printf(&argv, "%s add",
1750  ROUTE_PATH);
1751 
1752 #if 0
1753  if (r->flags & RT_METRIC_DEFINED)
1754  {
1755  argv_printf_cat(&argv, "-rtt %d", r->metric);
1756  }
1757 #endif
1758 
1759  if (is_on_link(is_local_route, flags, rgi))
1760  {
1761  /* Mac OS X route syntax for ON_LINK:
1762  * route add -cloning -net 10.10.0.1 -netmask 255.255.255.255 -interface en0 */
1763  argv_printf_cat(&argv, "-cloning -net %s -netmask %s -interface %s",
1764  network,
1765  netmask,
1766  rgi->iface);
1767  }
1768  else
1769  {
1770  argv_printf_cat(&argv, "-net %s %s %s",
1771  network,
1772  gateway,
1773  netmask);
1774  }
1775 
1776  argv_msg(D_ROUTE, &argv);
1777  status = openvpn_execve_check(&argv, es, 0, "ERROR: OS X route add command failed");
1778 
1779 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1780 
1781  argv_printf(&argv, "%s add",
1782  ROUTE_PATH);
1783 
1784 #if 0
1785  if (r->flags & RT_METRIC_DEFINED)
1786  {
1787  argv_printf_cat(&argv, "-rtt %d", r->metric);
1788  }
1789 #endif
1790 
1791  argv_printf_cat(&argv, "-net %s %s -netmask %s",
1792  network,
1793  gateway,
1794  netmask);
1795 
1796  /* FIXME -- add on-link support for OpenBSD/NetBSD */
1797 
1798  argv_msg(D_ROUTE, &argv);
1799  status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed");
1800 
1801 #elif defined(TARGET_AIX)
1802 
1803  {
1804  int netbits = netmask_to_netbits2(r->netmask);
1805  argv_printf(&argv, "%s add -net %s/%d %s",
1806  ROUTE_PATH,
1807  network, netbits, gateway);
1808  argv_msg(D_ROUTE, &argv);
1809  status = openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
1810  }
1811 
1812 #else /* if defined(TARGET_LINUX) */
1813  msg(M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1814 #endif /* if defined(TARGET_LINUX) */
1815 
1816 done:
1817  if (status)
1818  {
1819  r->flags |= RT_ADDED;
1820  }
1821  else
1822  {
1823  r->flags &= ~RT_ADDED;
1824  }
1825  argv_reset(&argv);
1826  gc_free(&gc);
1827  /* release resources potentially allocated during route setup */
1828  net_ctx_reset(ctx);
1829 }
1830 
1831 
1832 void
1834 {
1835  /* clear host bit parts of route
1836  * (needed if routes are specified improperly, or if we need to
1837  * explicitly setup/clear the "connected" network routes on some OSes)
1838  */
1839  int byte = 15;
1840  int bits_to_clear = 128 - r6->netbits;
1841 
1842  while (byte >= 0 && bits_to_clear > 0)
1843  {
1844  if (bits_to_clear >= 8)
1845  {
1846  r6->network.s6_addr[byte--] = 0; bits_to_clear -= 8;
1847  }
1848  else
1849  {
1850  r6->network.s6_addr[byte--] &= (0xff << bits_to_clear); bits_to_clear = 0;
1851  }
1852  }
1853 }
1854 
1855 void
1856 add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt,
1857  unsigned int flags, const struct env_set *es,
1858  openvpn_net_ctx_t *ctx)
1859 {
1860  struct gc_arena gc;
1861  struct argv argv = argv_new();
1862 
1863  const char *network;
1864  const char *gateway;
1865  bool status = false;
1866  const char *device = tt->actual_name;
1867 #if defined(TARGET_LINUX)
1868  int metric;
1869 #endif
1870  bool gateway_needed = false;
1871 
1872  if (!(r6->flags & RT_DEFINED) )
1873  {
1874  return;
1875  }
1876 
1877 #ifndef _WIN32
1878  if (r6->iface != NULL) /* vpn server special route */
1879  {
1880  device = r6->iface;
1881  if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
1882  {
1883  gateway_needed = true;
1884  }
1885  }
1886 #endif
1887 
1888  gc_init(&gc);
1889 
1891 
1892  network = print_in6_addr( r6->network, 0, &gc);
1893  gateway = print_in6_addr( r6->gateway, 0, &gc);
1894 
1895 #if defined(TARGET_DARWIN) \
1896  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
1897  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1898 
1899  /* the BSD platforms cannot specify gateway and interface independently,
1900  * but for link-local destinations, we MUST specify the interface, so
1901  * we build a combined "$gateway%$interface" gateway string
1902  */
1903  if (r6->iface != NULL && gateway_needed
1904  && IN6_IS_ADDR_LINKLOCAL(&r6->gateway) ) /* fe80::...%intf */
1905  {
1906  int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
1907  char *tmp = gc_malloc( len, true, &gc );
1908  snprintf( tmp, len, "%s%%%s", gateway, r6->iface );
1909  gateway = tmp;
1910  }
1911 #endif
1912 
1913  msg( M_INFO, "add_route_ipv6(%s/%d -> %s metric %d) dev %s",
1914  network, r6->netbits, gateway, r6->metric, device );
1915 
1916  /*
1917  * Filter out routes which are essentially no-ops
1918  * (not currently done for IPv6)
1919  */
1920 
1921  /* On "tun" interface, we never set a gateway if the operating system
1922  * can do "route to interface" - it does not add value, as the target
1923  * dev already fully qualifies the route destination on point-to-point
1924  * interfaces. OTOH, on "tap" interface, we must always set the
1925  * gateway unless the route is to be an on-link network
1926  */
1927  if (tt->type == DEV_TYPE_TAP
1928  && !( (r6->flags & RT_METRIC_DEFINED) && r6->metric == 0 ) )
1929  {
1930  gateway_needed = true;
1931  }
1932 
1933  if (gateway_needed && IN6_IS_ADDR_UNSPECIFIED(&r6->gateway))
1934  {
1935  msg(M_WARN, "ROUTE6 WARNING: " PACKAGE_NAME " needs a gateway "
1936  "parameter for a --route-ipv6 option and no default was set via "
1937  "--ifconfig-ipv6 or --route-ipv6-gateway option. Not installing "
1938  "IPv6 route to %s/%d.", network, r6->netbits);
1939  status = false;
1940  goto done;
1941  }
1942 
1943 #if defined(TARGET_LINUX)
1944  metric = -1;
1945  if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0))
1946  {
1947  metric = r6->metric;
1948  }
1949 
1950  status = true;
1951  if (net_route_v6_add(ctx, &r6->network, r6->netbits,
1952  gateway_needed ? &r6->gateway : NULL, device, 0,
1953  metric) < 0)
1954  {
1955  msg(M_WARN, "ERROR: Linux IPv6 route can't be added");
1956  status = false;
1957  }
1958 
1959 #elif defined (TARGET_ANDROID)
1960  char out[64];
1961 
1962  openvpn_snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device);
1963 
1964  management_android_control(management, "ROUTE6", out);
1965 
1966 #elif defined (_WIN32)
1967 
1968  if (tt->options.msg_channel)
1969  {
1970  status = add_route_ipv6_service(r6, tt);
1971  }
1972  else
1973  {
1974  struct buffer out = alloc_buf_gc(64, &gc);
1975  if (r6->adapter_index) /* vpn server special route */
1976  {
1977  buf_printf(&out, "interface=%lu", r6->adapter_index );
1978  gateway_needed = true;
1979  }
1980  else
1981  {
1982  buf_printf(&out, "interface=%lu", tt->adapter_index );
1983  }
1984  device = buf_bptr(&out);
1985 
1986  /* netsh interface ipv6 add route 2001:db8::/32 MyTunDevice */
1987  argv_printf(&argv, "%s%sc interface ipv6 add route %s/%d %s",
1988  get_win_sys_path(),
1990  network,
1991  r6->netbits,
1992  device);
1993 
1994  /* next-hop depends on TUN or TAP mode:
1995  * - in TAP mode, we use the "real" next-hop
1996  * - in TUN mode we use a special-case link-local address that the tapdrvr
1997  * knows about and will answer ND (neighbor discovery) packets for
1998  */
1999  if (tt->type == DEV_TYPE_TUN && !gateway_needed)
2000  {
2001  argv_printf_cat( &argv, " %s", "fe80::8" );
2002  }
2003  else if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
2004  {
2005  argv_printf_cat( &argv, " %s", gateway );
2006  }
2007 
2008 #if 0
2009  if (r6->flags & RT_METRIC_DEFINED)
2010  {
2011  argv_printf_cat(&argv, " METRIC %d", r->metric);
2012  }
2013 #endif
2014 
2015  /* in some versions of Windows, routes are persistent across reboots by
2016  * default, unless "store=active" is set (pointed out by Tony Lim, thanks)
2017  */
2018  argv_printf_cat( &argv, " store=active" );
2019 
2020  argv_msg(D_ROUTE, &argv);
2021 
2023  status = openvpn_execve_check(&argv, es, 0, "ERROR: Windows route add ipv6 command failed");
2025  }
2026 
2027 #elif defined (TARGET_SOLARIS)
2028 
2029  /* example: route add -inet6 2001:db8::/32 somegateway 0 */
2030 
2031  /* for some reason, routes to tun/tap do not work for me unless I set
2032  * "metric 0" - otherwise, the routes will be nicely installed, but
2033  * packets will just disappear somewhere. So we always use "0" now,
2034  * unless the route points to "gateway on other interface"...
2035  *
2036  * (Note: OpenSolaris can not specify host%interface gateways, so we just
2037  * use the GW addresses - it seems to still work for fe80:: addresses,
2038  * however this is done internally. NUD maybe?)
2039  */
2040  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2041  ROUTE_PATH,
2042  network,
2043  r6->netbits,
2044  gateway );
2045 
2046  /* on tun (not tap), not "elsewhere"? -> metric 0 */
2047  if (tt->type == DEV_TYPE_TUN && !r6->iface)
2048  {
2049  argv_printf_cat(&argv, "0");
2050  }
2051 
2052  argv_msg(D_ROUTE, &argv);
2053  status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
2054 
2055 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
2056 
2057  argv_printf(&argv, "%s add -inet6 %s/%d",
2058  ROUTE_PATH,
2059  network,
2060  r6->netbits);
2061 
2062  if (gateway_needed)
2063  {
2064  argv_printf_cat(&argv, "%s", gateway);
2065  }
2066  else
2067  {
2068  argv_printf_cat(&argv, "-iface %s", device);
2069  }
2070 
2071  argv_msg(D_ROUTE, &argv);
2072  status = openvpn_execve_check(&argv, es, 0, "ERROR: *BSD route add -inet6 command failed");
2073 
2074 #elif defined(TARGET_DARWIN)
2075 
2076  argv_printf(&argv, "%s add -inet6 %s -prefixlen %d",
2077  ROUTE_PATH,
2078  network, r6->netbits );
2079 
2080  if (gateway_needed)
2081  {
2082  argv_printf_cat(&argv, "%s", gateway);
2083  }
2084  else
2085  {
2086  argv_printf_cat(&argv, "-iface %s", device);
2087  }
2088 
2089  argv_msg(D_ROUTE, &argv);
2090  status = openvpn_execve_check(&argv, es, 0, "ERROR: MacOS X route add -inet6 command failed");
2091 
2092 #elif defined(TARGET_OPENBSD)
2093 
2094  argv_printf(&argv, "%s add -inet6 %s -prefixlen %d %s",
2095  ROUTE_PATH,
2096  network, r6->netbits, gateway );
2097 
2098  argv_msg(D_ROUTE, &argv);
2099  status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD route add -inet6 command failed");
2100 
2101 #elif defined(TARGET_NETBSD)
2102 
2103  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2104  ROUTE_PATH,
2105  network, r6->netbits, gateway );
2106 
2107  argv_msg(D_ROUTE, &argv);
2108  status = openvpn_execve_check(&argv, es, 0, "ERROR: NetBSD route add -inet6 command failed");
2109 
2110 #elif defined(TARGET_AIX)
2111 
2112  argv_printf(&argv, "%s add -inet6 %s/%d %s",
2113  ROUTE_PATH,
2114  network, r6->netbits, gateway);
2115  argv_msg(D_ROUTE, &argv);
2116  status = openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
2117 
2118 #else /* if defined(TARGET_LINUX) */
2119  msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script");
2120 #endif /* if defined(TARGET_LINUX) */
2121 
2122 done:
2123  if (status)
2124  {
2125  r6->flags |= RT_ADDED;
2126  }
2127  else
2128  {
2129  r6->flags &= ~RT_ADDED;
2130  }
2131  argv_reset(&argv);
2132  gc_free(&gc);
2133  /* release resources potentially allocated during route setup */
2134  net_ctx_reset(ctx);
2135 }
2136 
2137 static void
2139  const struct tuntap *tt,
2140  unsigned int flags,
2141  const struct route_gateway_info *rgi,
2142  const struct env_set *es,
2143  openvpn_net_ctx_t *ctx)
2144 {
2145  struct gc_arena gc;
2146  struct argv argv = argv_new();
2147 #if !defined(TARGET_LINUX)
2148  const char *network;
2149 #if !defined(TARGET_AIX)
2150  const char *netmask;
2151 #endif
2152 #if !defined(TARGET_ANDROID)
2153  const char *gateway;
2154 #endif
2155 #else
2156  int metric;
2157 #endif
2158  int is_local_route;
2159 
2160  if ((r->flags & (RT_DEFINED|RT_ADDED)) != (RT_DEFINED|RT_ADDED))
2161  {
2162  return;
2163  }
2164 
2165  gc_init(&gc);
2166 
2167 #if !defined(TARGET_LINUX)
2168  network = print_in_addr_t(r->network, 0, &gc);
2169 #if !defined(TARGET_AIX)
2170  netmask = print_in_addr_t(r->netmask, 0, &gc);
2171 #endif
2172 #if !defined(TARGET_ANDROID)
2173  gateway = print_in_addr_t(r->gateway, 0, &gc);
2174 #endif
2175 #endif
2176 
2177  is_local_route = local_route(r->network, r->netmask, r->gateway, rgi);
2178  if (is_local_route == LR_ERROR)
2179  {
2180  goto done;
2181  }
2182 
2183 #if defined(TARGET_LINUX)
2184  metric = -1;
2185  if (r->flags & RT_METRIC_DEFINED)
2186  {
2187  metric = r->metric;
2188  }
2189 
2190  if (net_route_v4_del(ctx, &r->network, netmask_to_netbits2(r->netmask),
2191  &r->gateway, NULL, 0, metric) < 0)
2192  {
2193  msg(M_WARN, "ERROR: Linux route delete command failed");
2194  }
2195 #elif defined (_WIN32)
2196 
2197  argv_printf(&argv, "%s%sc DELETE %s MASK %s %s",
2198  get_win_sys_path(),
2200  network,
2201  netmask,
2202  gateway);
2203 
2204  argv_msg(D_ROUTE, &argv);
2205 
2206  if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_SERVICE)
2207  {
2208  const bool status = del_route_service(r, tt);
2209  msg(D_ROUTE, "Route deletion via service %s", status ? "succeeded" : "failed");
2210  }
2211  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
2212  {
2213  const bool status = del_route_ipapi(r, tt);
2214  msg(D_ROUTE, "Route deletion via IPAPI %s", status ? "succeeded" : "failed");
2215  }
2216  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
2217  {
2219  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete command failed");
2221  }
2222  else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
2223  {
2224  const bool status = del_route_ipapi(r, tt);
2225  msg(D_ROUTE, "Route deletion via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
2226  if (!status)
2227  {
2228  msg(D_ROUTE, "Route deletion fallback to route.exe");
2230  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete command failed [adaptive]");
2232  }
2233  }
2234  else
2235  {
2236  ASSERT(0);
2237  }
2238 
2239 #elif defined (TARGET_SOLARIS)
2240 
2241  argv_printf(&argv, "%s delete %s -netmask %s %s",
2242  ROUTE_PATH,
2243  network,
2244  netmask,
2245  gateway);
2246 
2247  argv_msg(D_ROUTE, &argv);
2248  openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
2249 
2250 #elif defined(TARGET_FREEBSD)
2251 
2252  argv_printf(&argv, "%s delete -net %s %s %s",
2253  ROUTE_PATH,
2254  network,
2255  gateway,
2256  netmask);
2257 
2258  argv_msg(D_ROUTE, &argv);
2259  openvpn_execve_check(&argv, es, 0, "ERROR: FreeBSD route delete command failed");
2260 
2261 #elif defined(TARGET_DRAGONFLY)
2262 
2263  argv_printf(&argv, "%s delete -net %s %s %s",
2264  ROUTE_PATH,
2265  network,
2266  gateway,
2267  netmask);
2268 
2269  argv_msg(D_ROUTE, &argv);
2270  openvpn_execve_check(&argv, es, 0, "ERROR: DragonFly route delete command failed");
2271 
2272 #elif defined(TARGET_DARWIN)
2273 
2274  if (is_on_link(is_local_route, flags, rgi))
2275  {
2276  argv_printf(&argv, "%s delete -cloning -net %s -netmask %s -interface %s",
2277  ROUTE_PATH,
2278  network,
2279  netmask,
2280  rgi->iface);
2281  }
2282  else
2283  {
2284  argv_printf(&argv, "%s delete -net %s %s %s",
2285  ROUTE_PATH,
2286  network,
2287  gateway,
2288  netmask);
2289  }
2290 
2291  argv_msg(D_ROUTE, &argv);
2292  openvpn_execve_check(&argv, es, 0, "ERROR: OS X route delete command failed");
2293 
2294 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
2295 
2296  argv_printf(&argv, "%s delete -net %s %s -netmask %s",
2297  ROUTE_PATH,
2298  network,
2299  gateway,
2300  netmask);
2301 
2302  argv_msg(D_ROUTE, &argv);
2303  openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route delete command failed");
2304 
2305 #elif defined(TARGET_ANDROID)
2306  msg(M_NONFATAL, "Sorry, deleting routes on Android is not possible. The VpnService API allows routes to be set on connect only.");
2307 
2308 #elif defined(TARGET_AIX)
2309 
2310  {
2311  int netbits = netmask_to_netbits2(r->netmask);
2312  argv_printf(&argv, "%s delete -net %s/%d %s",
2313  ROUTE_PATH,
2314  network, netbits, gateway);
2315  argv_msg(D_ROUTE, &argv);
2316  openvpn_execve_check(&argv, es, 0, "ERROR: AIX route delete command failed");
2317  }
2318 
2319 #else /* if defined(TARGET_LINUX) */
2320  msg(M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
2321 #endif /* if defined(TARGET_LINUX) */
2322 
2323 done:
2324  r->flags &= ~RT_ADDED;
2325  argv_reset(&argv);
2326  gc_free(&gc);
2327  /* release resources potentially allocated during route cleanup */
2328  net_ctx_reset(ctx);
2329 }
2330 
2331 void
2332 delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt,
2333  unsigned int flags, const struct env_set *es,
2334  openvpn_net_ctx_t *ctx)
2335 {
2336  struct gc_arena gc;
2337  struct argv argv = argv_new();
2338  const char *network;
2339 #if !defined(TARGET_LINUX)
2340  const char *gateway;
2341 #else
2342  int metric;
2343 #endif
2344  const char *device = tt->actual_name;
2345  bool gateway_needed = false;
2346 
2347  if ((r6->flags & (RT_DEFINED|RT_ADDED)) != (RT_DEFINED|RT_ADDED))
2348  {
2349  return;
2350  }
2351 
2352 #ifndef _WIN32
2353  if (r6->iface != NULL) /* vpn server special route */
2354  {
2355  device = r6->iface;
2356  gateway_needed = true;
2357  }
2358 #endif
2359 
2360  gc_init(&gc);
2361 
2362  network = print_in6_addr( r6->network, 0, &gc);
2363 #if !defined(TARGET_LINUX)
2364  gateway = print_in6_addr( r6->gateway, 0, &gc);
2365 #endif
2366 
2367 #if defined(TARGET_DARWIN) \
2368  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
2369  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
2370 
2371  /* the BSD platforms cannot specify gateway and interface independently,
2372  * but for link-local destinations, we MUST specify the interface, so
2373  * we build a combined "$gateway%$interface" gateway string
2374  */
2375  if (r6->iface != NULL && gateway_needed
2376  && IN6_IS_ADDR_LINKLOCAL(&r6->gateway) ) /* fe80::...%intf */
2377  {
2378  int len = strlen(gateway) + 1 + strlen(r6->iface)+1;
2379  char *tmp = gc_malloc( len, true, &gc );
2380  snprintf( tmp, len, "%s%%%s", gateway, r6->iface );
2381  gateway = tmp;
2382  }
2383 #endif
2384 
2385  msg( M_INFO, "delete_route_ipv6(%s/%d)", network, r6->netbits );
2386 
2387  /* if we used a gateway on "add route", we also need to specify it on
2388  * delete, otherwise some OSes will refuse to delete the route
2389  */
2390  if (tt->type == DEV_TYPE_TAP
2391  && !( (r6->flags & RT_METRIC_DEFINED) && r6->metric == 0 ) )
2392  {
2393  gateway_needed = true;
2394  }
2395 
2396 #if defined(TARGET_LINUX)
2397  metric = -1;
2398  if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0))
2399  {
2400  metric = r6->metric;
2401  }
2402 
2403  if (net_route_v6_del(ctx, &r6->network, r6->netbits,
2404  gateway_needed ? &r6->gateway : NULL, device, 0,
2405  metric) < 0)
2406  {
2407  msg(M_WARN, "ERROR: Linux route v6 delete command failed");
2408  }
2409 
2410 #elif defined (_WIN32)
2411 
2412  if (tt->options.msg_channel)
2413  {
2414  del_route_ipv6_service(r6, tt);
2415  }
2416  else
2417  {
2418  struct buffer out = alloc_buf_gc(64, &gc);
2419  if (r6->adapter_index) /* vpn server special route */
2420  {
2421  buf_printf(&out, "interface=%lu", r6->adapter_index );
2422  gateway_needed = true;
2423  }
2424  else
2425  {
2426  buf_printf(&out, "interface=%lu", tt->adapter_index );
2427  }
2428  device = buf_bptr(&out);
2429 
2430  /* netsh interface ipv6 delete route 2001:db8::/32 MyTunDevice */
2431  argv_printf(&argv, "%s%sc interface ipv6 delete route %s/%d %s",
2432  get_win_sys_path(),
2434  network,
2435  r6->netbits,
2436  device);
2437 
2438  /* next-hop depends on TUN or TAP mode:
2439  * - in TAP mode, we use the "real" next-hop
2440  * - in TUN mode we use a special-case link-local address that the tapdrvr
2441  * knows about and will answer ND (neighbor discovery) packets for
2442  * (and "route deletion without specifying next-hop" does not work...)
2443  */
2444  if (tt->type == DEV_TYPE_TUN && !gateway_needed)
2445  {
2446  argv_printf_cat( &argv, " %s", "fe80::8" );
2447  }
2448  else if (!IN6_IS_ADDR_UNSPECIFIED(&r6->gateway) )
2449  {
2450  argv_printf_cat( &argv, " %s", gateway );
2451  }
2452 
2453 #if 0
2454  if (r6->flags & RT_METRIC_DEFINED)
2455  {
2456  argv_printf_cat(&argv, "METRIC %d", r->metric);
2457  }
2458 #endif
2459 
2460  /* Windows XP to 7 "just delete" routes, wherever they came from, but
2461  * in Windows 8(.1?), if you create them with "store=active", this is
2462  * how you should delete them as well (pointed out by Cedric Tabary)
2463  */
2464  argv_printf_cat( &argv, " store=active" );
2465 
2466  argv_msg(D_ROUTE, &argv);
2467 
2469  openvpn_execve_check(&argv, es, 0, "ERROR: Windows route delete ipv6 command failed");
2471  }
2472 
2473 #elif defined (TARGET_SOLARIS)
2474 
2475  /* example: route delete -inet6 2001:db8::/32 somegateway */
2476 
2477  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2478  ROUTE_PATH,
2479  network,
2480  r6->netbits,
2481  gateway );
2482 
2483  argv_msg(D_ROUTE, &argv);
2484  openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
2485 
2486 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
2487 
2488  argv_printf(&argv, "%s delete -inet6 %s/%d",
2489  ROUTE_PATH,
2490  network,
2491  r6->netbits );
2492 
2493  if (gateway_needed)
2494  {
2495  argv_printf_cat(&argv, "%s", gateway);
2496  }
2497  else
2498  {
2499  argv_printf_cat(&argv, "-iface %s", device);
2500  }
2501 
2502  argv_msg(D_ROUTE, &argv);
2503  openvpn_execve_check(&argv, es, 0, "ERROR: *BSD route delete -inet6 command failed");
2504 
2505 #elif defined(TARGET_DARWIN)
2506 
2507  argv_printf(&argv, "%s delete -inet6 %s -prefixlen %d",
2508  ROUTE_PATH,
2509  network, r6->netbits );
2510 
2511  if (gateway_needed)
2512  {
2513  argv_printf_cat(&argv, "%s", gateway);
2514  }
2515  else
2516  {
2517  argv_printf_cat(&argv, "-iface %s", device);
2518  }
2519 
2520  argv_msg(D_ROUTE, &argv);
2521  openvpn_execve_check(&argv, es, 0, "ERROR: MacOS X route delete -inet6 command failed");
2522 
2523 #elif defined(TARGET_OPENBSD)
2524 
2525  argv_printf(&argv, "%s delete -inet6 %s -prefixlen %d %s",
2526  ROUTE_PATH,
2527  network, r6->netbits, gateway );
2528 
2529  argv_msg(D_ROUTE, &argv);
2530  openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD route delete -inet6 command failed");
2531 
2532 #elif defined(TARGET_NETBSD)
2533 
2534  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2535  ROUTE_PATH,
2536  network, r6->netbits, gateway );
2537 
2538  argv_msg(D_ROUTE, &argv);
2539  openvpn_execve_check(&argv, es, 0, "ERROR: NetBSD route delete -inet6 command failed");
2540 
2541 #elif defined(TARGET_AIX)
2542 
2543  argv_printf(&argv, "%s delete -inet6 %s/%d %s",
2544  ROUTE_PATH,
2545  network, r6->netbits, gateway);
2546  argv_msg(D_ROUTE, &argv);
2547  openvpn_execve_check(&argv, es, 0, "ERROR: AIX route add command failed");
2548 
2549 #else /* if defined(TARGET_LINUX) */
2550  msg(M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-down script");
2551 #endif /* if defined(TARGET_LINUX) */
2552 
2553  argv_reset(&argv);
2554  gc_free(&gc);
2555  /* release resources potentially allocated during route cleanup */
2556  net_ctx_reset(ctx);
2557 }
2558 
2559 /*
2560  * The --redirect-gateway option requires OS-specific code below
2561  * to get the current default gateway.
2562  */
2563 
2564 #if defined(_WIN32)
2565 
2566 static const MIB_IPFORWARDTABLE *
2568 {
2569  ULONG size = 0;
2570  PMIB_IPFORWARDTABLE rt = NULL;
2571  DWORD status;
2572 
2573  status = GetIpForwardTable(NULL, &size, TRUE);
2574  if (status == ERROR_INSUFFICIENT_BUFFER)
2575  {
2576  rt = (PMIB_IPFORWARDTABLE) gc_malloc(size, false, gc);
2577  status = GetIpForwardTable(rt, &size, TRUE);
2578  if (status != NO_ERROR)
2579  {
2580  msg(D_ROUTE, "NOTE: GetIpForwardTable returned error: %s (code=%u)",
2581  strerror_win32(status, gc),
2582  (unsigned int)status);
2583  rt = NULL;
2584  }
2585  }
2586  return rt;
2587 }
2588 
2589 static int
2590 test_route(const IP_ADAPTER_INFO *adapters,
2591  const in_addr_t gateway,
2592  DWORD *index)
2593 {
2594  int count = 0;
2595  DWORD i = adapter_index_of_ip(adapters, gateway, &count, NULL);
2596  if (index)
2597  {
2598  *index = i;
2599  }
2600  return count;
2601 }
2602 
2603 static void
2605  int *count,
2606  int *good,
2607  int *ambig,
2608  const IP_ADAPTER_INFO *adapters,
2609  const in_addr_t gateway)
2610 {
2611  int c;
2612 
2613  ++*count;
2614  c = test_route(adapters, gateway, NULL);
2615  if (c == 0)
2616  {
2617  *ret = false;
2618  }
2619  else
2620  {
2621  ++*good;
2622  }
2623  if (c > 1)
2624  {
2625  ++*ambig;
2626  }
2627 }
2628 
2629 /*
2630  * If we tried to add routes now, would we succeed?
2631  */
2632 bool
2633 test_routes(const struct route_list *rl, const struct tuntap *tt)
2634 {
2635  struct gc_arena gc = gc_new();
2636  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2637  bool ret = false;
2638  int count = 0;
2639  int good = 0;
2640  int ambig = 0;
2641  int len = -1;
2642  bool adapter_up = false;
2643 
2644  if (is_adapter_up(tt, adapters))
2645  {
2646  ret = true;
2647  adapter_up = true;
2648 
2649  /* we do this test only if we have IPv4 routes to install, and if
2650  * the tun/tap interface has seen IPv4 ifconfig - because if we
2651  * have no IPv4, the check will always fail, failing tun init
2652  */
2653  if (rl && tt->did_ifconfig_setup)
2654  {
2655  struct route_ipv4 *r;
2656  for (r = rl->routes, len = 0; r; r = r->next, ++len)
2657  {
2658  test_route_helper(&ret, &count, &good, &ambig, adapters, r->gateway);
2659  }
2660 
2661  if ((rl->flags & RG_ENABLE) && (rl->spec.flags & RTSA_REMOTE_ENDPOINT))
2662  {
2663  test_route_helper(&ret, &count, &good, &ambig, adapters, rl->spec.remote_endpoint);
2664  }
2665  }
2666  }
2667 
2668  msg(D_ROUTE, "TEST ROUTES: %d/%d succeeded len=%d ret=%d a=%d u/d=%s",
2669  good,
2670  count,
2671  len,
2672  (int)ret,
2673  ambig,
2674  adapter_up ? "up" : "down");
2675 
2676  gc_free(&gc);
2677  return ret;
2678 }
2679 
2680 static const MIB_IPFORWARDROW *
2681 get_default_gateway_row(const MIB_IPFORWARDTABLE *routes)
2682 {
2683  struct gc_arena gc = gc_new();
2684  DWORD lowest_metric = MAXDWORD;
2685  const MIB_IPFORWARDROW *ret = NULL;
2686  int i;
2687  int best = -1;
2688 
2689  if (routes)
2690  {
2691  for (i = 0; i < routes->dwNumEntries; ++i)
2692  {
2693  const MIB_IPFORWARDROW *row = &routes->table[i];
2694  const in_addr_t net = ntohl(row->dwForwardDest);
2695  const in_addr_t mask = ntohl(row->dwForwardMask);
2696  const DWORD index = row->dwForwardIfIndex;
2697  const DWORD metric = row->dwForwardMetric1;
2698 
2699  dmsg(D_ROUTE_DEBUG, "GDGR: route[%d] %s/%s i=%d m=%d",
2700  i,
2701  print_in_addr_t((in_addr_t) net, 0, &gc),
2702  print_in_addr_t((in_addr_t) mask, 0, &gc),
2703  (int)index,
2704  (int)metric);
2705 
2706  if (!net && !mask && metric < lowest_metric)
2707  {
2708  ret = row;
2709  lowest_metric = metric;
2710  best = i;
2711  }
2712  }
2713  }
2714 
2715  dmsg(D_ROUTE_DEBUG, "GDGR: best=%d lm=%u", best, (unsigned int)lowest_metric);
2716 
2717  gc_free(&gc);
2718  return ret;
2719 }
2720 
2721 void
2723 {
2724  struct gc_arena gc = gc_new();
2725 
2726  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2727  const MIB_IPFORWARDTABLE *routes = get_windows_routing_table(&gc);
2728  const MIB_IPFORWARDROW *row = get_default_gateway_row(routes);
2729  DWORD a_index;
2730  const IP_ADAPTER_INFO *ai;
2731 
2732  CLEAR(*rgi);
2733 
2734  if (row)
2735  {
2736  rgi->gateway.addr = ntohl(row->dwForwardNextHop);
2737  if (rgi->gateway.addr)
2738  {
2739  rgi->flags |= RGI_ADDR_DEFINED;
2740  a_index = adapter_index_of_ip(adapters, rgi->gateway.addr, NULL, &rgi->gateway.netmask);
2741  if (a_index != TUN_ADAPTER_INDEX_INVALID)
2742  {
2743  rgi->adapter_index = a_index;
2745  ai = get_adapter(adapters, a_index);
2746  if (ai)
2747  {
2748  memcpy(rgi->hwaddr, ai->Address, 6);
2749  rgi->flags |= RGI_HWADDR_DEFINED;
2750  }
2751  }
2752  }
2753  }
2754 
2755  gc_free(&gc);
2756 }
2757 
2758 static DWORD
2759 windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt)
2760 {
2761  struct gc_arena gc = gc_new();
2762  DWORD ret = TUN_ADAPTER_INDEX_INVALID;
2763  int count = 0;
2764  const IP_ADAPTER_INFO *adapters = get_adapter_info_list(&gc);
2765  const IP_ADAPTER_INFO *tun_adapter = get_tun_adapter(tt, adapters);
2766  bool on_tun = false;
2767 
2768  /* first test on tun interface */
2769  if (is_ip_in_adapter_subnet(tun_adapter, r->gateway, NULL))
2770  {
2771  ret = tun_adapter->Index;
2772  count = 1;
2773  on_tun = true;
2774  }
2775  else /* test on other interfaces */
2776  {
2777  count = test_route(adapters, r->gateway, &ret);
2778  }
2779 
2780  if (count == 0)
2781  {
2782  msg(M_WARN, "Warning: route gateway is not reachable on any active network adapters: %s",
2783  print_in_addr_t(r->gateway, 0, &gc));
2785  }
2786  else if (count > 1)
2787  {
2788  msg(M_WARN, "Warning: route gateway is ambiguous: %s (%d matches)",
2789  print_in_addr_t(r->gateway, 0, &gc),
2790  count);
2791  }
2792 
2793  dmsg(D_ROUTE_DEBUG, "DEBUG: route find if: on_tun=%d count=%d index=%d",
2794  on_tun,
2795  count,
2796  (int)ret);
2797 
2798  gc_free(&gc);
2799  return ret;
2800 }
2801 
2802 /* IPv6 implementation using GetBestRoute2()
2803  * (TBD: dynamic linking so the binary can still run on XP?)
2804  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa365922(v=vs.85).aspx
2805  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa814411(v=vs.85).aspx
2806  */
2807 void
2809  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
2810 {
2811  struct gc_arena gc = gc_new();
2812  MIB_IPFORWARD_ROW2 BestRoute;
2813  SOCKADDR_INET DestinationAddress, BestSourceAddress;
2814  DWORD BestIfIndex;
2815  DWORD status;
2816  NET_LUID InterfaceLuid;
2817 
2818  CLEAR(*rgi6);
2819  CLEAR(InterfaceLuid); /* cleared = not used for lookup */
2820  CLEAR(DestinationAddress);
2821 
2822  DestinationAddress.si_family = AF_INET6;
2823  if (dest)
2824  {
2825  DestinationAddress.Ipv6.sin6_addr = *dest;
2826  }
2827 
2828  status = GetBestInterfaceEx( &DestinationAddress, &BestIfIndex );
2829 
2830  if (status != NO_ERROR)
2831  {
2832  msg(D_ROUTE, "NOTE: GetBestInterfaceEx returned error: %s (code=%u)",
2833  strerror_win32(status, &gc),
2834  (unsigned int)status);
2835  goto done;
2836  }
2837 
2838  msg( D_ROUTE, "GetBestInterfaceEx() returned if=%d", (int) BestIfIndex );
2839 
2840  status = GetBestRoute2( &InterfaceLuid, BestIfIndex, NULL,
2841  &DestinationAddress, 0,
2842  &BestRoute, &BestSourceAddress );
2843 
2844  if (status != NO_ERROR)
2845  {
2846  msg(D_ROUTE, "NOTE: GetIpForwardEntry2 returned error: %s (code=%u)",
2847  strerror_win32(status, &gc),
2848  (unsigned int)status);
2849  goto done;
2850  }
2851 
2852  msg( D_ROUTE, "GDG6: II=%lu DP=%s/%d NH=%s",
2853  BestRoute.InterfaceIndex,
2854  print_in6_addr( BestRoute.DestinationPrefix.Prefix.Ipv6.sin6_addr, 0, &gc),
2855  BestRoute.DestinationPrefix.PrefixLength,
2856  print_in6_addr( BestRoute.NextHop.Ipv6.sin6_addr, 0, &gc) );
2857  msg( D_ROUTE, "GDG6: Metric=%d, Loopback=%d, AA=%d, I=%d",
2858  (int) BestRoute.Metric,
2859  (int) BestRoute.Loopback,
2860  (int) BestRoute.AutoconfigureAddress,
2861  (int) BestRoute.Immortal );
2862 
2863  rgi6->gateway.addr_ipv6 = BestRoute.NextHop.Ipv6.sin6_addr;
2864  rgi6->adapter_index = BestRoute.InterfaceIndex;
2866 
2867  /* on-link is signalled by receiving an empty (::) NextHop */
2868  if (IN6_IS_ADDR_UNSPECIFIED(&BestRoute.NextHop.Ipv6.sin6_addr) )
2869  {
2870  rgi6->flags |= RGI_ON_LINK;
2871  }
2872 
2873 done:
2874  gc_free(&gc);
2875 }
2876 
2877 bool
2878 add_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index)
2879 {
2880  struct gc_arena gc = gc_new();
2881  bool ret = false;
2882  DWORD status;
2883  const DWORD if_index = (adapter_index == TUN_ADAPTER_INDEX_INVALID) ? windows_route_find_if_index(r, tt) : adapter_index;
2884 
2885  if (if_index != TUN_ADAPTER_INDEX_INVALID)
2886  {
2887  MIB_IPFORWARDROW fr;
2888  CLEAR(fr);
2889  fr.dwForwardDest = htonl(r->network);
2890  fr.dwForwardMask = htonl(r->netmask);
2891  fr.dwForwardPolicy = 0;
2892  fr.dwForwardNextHop = htonl(r->gateway);
2893  fr.dwForwardIfIndex = if_index;
2894  fr.dwForwardType = 4; /* the next hop is not the final dest */
2895  fr.dwForwardProto = 3; /* PROTO_IP_NETMGMT */
2896  fr.dwForwardAge = 0;
2897  fr.dwForwardNextHopAS = 0;
2898  fr.dwForwardMetric1 = (r->flags & RT_METRIC_DEFINED) ? r->metric : 1;
2899  fr.dwForwardMetric2 = METRIC_NOT_USED;
2900  fr.dwForwardMetric3 = METRIC_NOT_USED;
2901  fr.dwForwardMetric4 = METRIC_NOT_USED;
2902  fr.dwForwardMetric5 = METRIC_NOT_USED;
2903 
2904  if ((r->network & r->netmask) != r->network)
2905  {
2906  msg(M_WARN, "Warning: address %s is not a network address in relation to netmask %s",
2907  print_in_addr_t(r->network, 0, &gc),
2908  print_in_addr_t(r->netmask, 0, &gc));
2909  }
2910 
2911  status = CreateIpForwardEntry(&fr);
2912 
2913  if (status == NO_ERROR)
2914  {
2915  ret = true;
2916  }
2917  else
2918  {
2919  /* failed, try increasing the metric to work around Vista issue */
2920  const unsigned int forward_metric_limit = 2048; /* iteratively retry higher metrics up to this limit */
2921 
2922  for (; fr.dwForwardMetric1 <= forward_metric_limit; ++fr.dwForwardMetric1)
2923  {
2924  /* try a different forward type=3 ("the next hop is the final dest") in addition to 4.
2925  * --redirect-gateway over RRAS seems to need this. */
2926  for (fr.dwForwardType = 4; fr.dwForwardType >= 3; --fr.dwForwardType)
2927  {
2928  status = CreateIpForwardEntry(&fr);
2929  if (status == NO_ERROR)
2930  {
2931  msg(D_ROUTE, "ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=%u and dwForwardType=%u",
2932  (unsigned int)fr.dwForwardMetric1,
2933  (unsigned int)fr.dwForwardType);
2934  ret = true;
2935  goto doublebreak;
2936  }
2937  else if (status != ERROR_BAD_ARGUMENTS)
2938  {
2939  goto doublebreak;
2940  }
2941  }
2942  }
2943 
2944 doublebreak:
2945  if (status != NO_ERROR)
2946  {
2947  msg(M_WARN, "ROUTE: route addition failed using CreateIpForwardEntry: %s [status=%u if_index=%u]",
2948  strerror_win32(status, &gc),
2949  (unsigned int)status,
2950  (unsigned int)if_index);
2951  }
2952  }
2953  }
2954 
2955  gc_free(&gc);
2956  return ret;
2957 }
2958 
2959 bool
2960 del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt)
2961 {
2962  struct gc_arena gc = gc_new();
2963  bool ret = false;
2964  DWORD status;
2965  const DWORD if_index = windows_route_find_if_index(r, tt);
2966 
2967  if (if_index != TUN_ADAPTER_INDEX_INVALID)
2968  {
2969  MIB_IPFORWARDROW fr;
2970  CLEAR(fr);
2971 
2972  fr.dwForwardDest = htonl(r->network);
2973  fr.dwForwardMask = htonl(r->netmask);
2974  fr.dwForwardPolicy = 0;
2975  fr.dwForwardNextHop = htonl(r->gateway);
2976  fr.dwForwardIfIndex = if_index;
2977 
2978  status = DeleteIpForwardEntry(&fr);
2979 
2980  if (status == NO_ERROR)
2981  {
2982  ret = true;
2983  }
2984  else
2985  {
2986  msg(M_WARN, "ROUTE: route deletion failed using DeleteIpForwardEntry: %s",
2987  strerror_win32(status, &gc));
2988  }
2989  }
2990 
2991  gc_free(&gc);
2992  return ret;
2993 }
2994 
2995 static bool
2996 do_route_service(const bool add, const route_message_t *rt, const size_t size, HANDLE pipe)
2997 {
2998  bool ret = false;
2999  ack_message_t ack;
3000  struct gc_arena gc = gc_new();
3001 
3002  if (!send_msg_iservice(pipe, rt, size, &ack, "ROUTE"))
3003  {
3004  goto out;
3005  }
3006 
3007  if (ack.error_number != NO_ERROR)
3008  {
3009  msg(M_WARN, "ROUTE: route %s failed using service: %s [status=%u if_index=%d]",
3010  (add ? "addition" : "deletion"), strerror_win32(ack.error_number, &gc),
3011  ack.error_number, rt->iface.index);
3012  goto out;
3013  }
3014 
3015  ret = true;
3016 
3017 out:
3018  gc_free(&gc);
3019  return ret;
3020 }
3021 
3022 static bool
3023 do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt)
3024 {
3025  DWORD if_index = windows_route_find_if_index(r, tt);
3026  if (if_index == ~0)
3027  {
3028  return false;
3029  }
3030 
3031  route_message_t msg = {
3032  .header = {
3033  (add ? msg_add_route : msg_del_route),
3034  sizeof(route_message_t),
3035  0
3036  },
3037  .family = AF_INET,
3038  .prefix.ipv4.s_addr = htonl(r->network),
3039  .gateway.ipv4.s_addr = htonl(r->gateway),
3040  .iface = { .index = if_index, .name = "" },
3041  .metric = (r->flags & RT_METRIC_DEFINED ? r->metric : -1)
3042  };
3043 
3045  if (msg.prefix_len == -1)
3046  {
3047  msg.prefix_len = 32;
3048  }
3049 
3050  return do_route_service(add, &msg, sizeof(msg), tt->options.msg_channel);
3051 }
3052 
3053 static bool
3054 do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct tuntap *tt)
3055 {
3056  bool status;
3057  route_message_t msg = {
3058  .header = {
3059  (add ? msg_add_route : msg_del_route),
3060  sizeof(route_message_t),
3061  0
3062  },
3063  .family = AF_INET6,
3064  .prefix.ipv6 = r->network,
3065  .prefix_len = r->netbits,
3066  .gateway.ipv6 = r->gateway,
3067  .iface = { .index = tt->adapter_index, .name = "" },
3068  .metric = ( (r->flags & RT_METRIC_DEFINED) ? r->metric : -1)
3069  };
3070 
3071  if (r->adapter_index) /* vpn server special route */
3072  {
3073  msg.iface.index = r->adapter_index;
3074  }
3075 
3076  /* In TUN mode we use a special link-local address as the next hop.
3077  * The tapdrvr knows about it and will answer neighbor discovery packets.
3078  * (only do this for routes actually using the tun/tap device)
3079  */
3080  if (tt->type == DEV_TYPE_TUN
3081  && msg.iface.index == tt->adapter_index)
3082  {
3083  inet_pton(AF_INET6, "fe80::8", &msg.gateway.ipv6);
3084  }
3085 
3087  {
3088  strncpy(msg.iface.name, tt->actual_name, sizeof(msg.iface.name));
3089  msg.iface.name[sizeof(msg.iface.name) - 1] = '\0';
3090  }
3091 
3092  status = do_route_service(add, &msg, sizeof(msg), tt->options.msg_channel);
3093  msg(D_ROUTE, "IPv6 route %s via service %s",
3094  add ? "addition" : "deletion",
3095  status ? "succeeded" : "failed");
3096  return status;
3097 }
3098 
3099 static bool
3100 add_route_service(const struct route_ipv4 *r, const struct tuntap *tt)
3101 {
3102  return do_route_ipv4_service(true, r, tt);
3103 }
3104 
3105 static bool
3106 del_route_service(const struct route_ipv4 *r, const struct tuntap *tt)
3107 {
3108  return do_route_ipv4_service(false, r, tt);
3109 }
3110 
3111 static bool
3112 add_route_ipv6_service(const struct route_ipv6 *r, const struct tuntap *tt)
3113 {
3114  return do_route_ipv6_service(true, r, tt);
3115 }
3116 
3117 static bool
3118 del_route_ipv6_service(const struct route_ipv6 *r, const struct tuntap *tt)
3119 {
3120  return do_route_ipv6_service(false, r, tt);
3121 }
3122 
3123 static const char *
3124 format_route_entry(const MIB_IPFORWARDROW *r, struct gc_arena *gc)
3125 {
3126  struct buffer out = alloc_buf_gc(256, gc);
3127  buf_printf(&out, "%s %s %s p=%d i=%d t=%d pr=%d a=%d h=%d m=%d/%d/%d/%d/%d",
3128  print_in_addr_t(r->dwForwardDest, IA_NET_ORDER, gc),
3129  print_in_addr_t(r->dwForwardMask, IA_NET_ORDER, gc),
3130  print_in_addr_t(r->dwForwardNextHop, IA_NET_ORDER, gc),
3131  (int)r->dwForwardPolicy,
3132  (int)r->dwForwardIfIndex,
3133  (int)r->dwForwardType,
3134  (int)r->dwForwardProto,
3135  (int)r->dwForwardAge,
3136  (int)r->dwForwardNextHopAS,
3137  (int)r->dwForwardMetric1,
3138  (int)r->dwForwardMetric2,
3139  (int)r->dwForwardMetric3,
3140  (int)r->dwForwardMetric4,
3141  (int)r->dwForwardMetric5);
3142  return BSTR(&out);
3143 }
3144 
3145 /*
3146  * Show current routing table
3147  */
3148 void
3149 show_routes(int msglev)
3150 {
3151  struct gc_arena gc = gc_new();
3152  int i;
3153 
3154  const MIB_IPFORWARDTABLE *rt = get_windows_routing_table(&gc);
3155 
3156  msg(msglev, "SYSTEM ROUTING TABLE");
3157  if (rt)
3158  {
3159  for (i = 0; i < rt->dwNumEntries; ++i)
3160  {
3161  msg(msglev, "%s", format_route_entry(&rt->table[i], &gc));
3162  }
3163  }
3164  gc_free(&gc);
3165 }
3166 
3167 #elif defined(TARGET_ANDROID)
3168 
3169 void
3171 {
3172  /* Android, set some pseudo GW, addr is in host byte order,
3173  * Determining the default GW on Android 5.0+ is non trivial
3174  * and serves almost no purpose since OpenVPN only uses the
3175  * default GW address to add routes for networks that should
3176  * NOT be routed over the VPN. Using a well known address
3177  * (127.'d'.'g'.'w') for the default GW make detecting
3178  * these routes easier from the controlling app.
3179  */
3180  CLEAR(*rgi);
3181 
3182  rgi->gateway.addr = 127 << 24 | 'd' << 16 | 'g' << 8 | 'w';
3184  strcpy(rgi->iface, "android-gw");
3185 
3186  /* Skip scanning/fetching interface from loopback interface we do
3187  * normally on Linux.
3188  * It always fails and "ioctl(SIOCGIFCONF) failed" confuses users
3189  */
3190 
3191 }
3192 
3193 void
3195  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
3196 {
3197  /* Same for ipv6 */
3198 
3199  CLEAR(*rgi6);
3200 
3201  /* Use a fake link-local address */
3202  ASSERT(inet_pton(AF_INET6, "fe80::ad", &rgi6->addrs->addr_ipv6) == 1);
3203  rgi6->addrs->netbits_ipv6 = 64;
3205  strcpy(rgi6->iface, "android-gw");
3206 }
3207 
3208 #elif defined(TARGET_LINUX)
3209 
3210 void
3212 {
3213  struct gc_arena gc = gc_new();
3214  int sd = -1;
3215  char best_name[IFNAMSIZ];
3216 
3217  CLEAR(*rgi);
3218  CLEAR(best_name);
3219 
3220  /* get default gateway IP addr */
3221  if (net_route_v4_best_gw(ctx, NULL, &rgi->gateway.addr, best_name) == 0)
3222  {
3223  rgi->flags |= RGI_ADDR_DEFINED;
3224  if (!rgi->gateway.addr && best_name[0])
3225  {
3226  rgi->flags |= RGI_ON_LINK;
3227  }
3228  }
3229 
3230  /* scan adapter list */
3231  if (rgi->flags & RGI_ADDR_DEFINED)
3232  {
3233  struct ifreq *ifr, *ifend;
3234  in_addr_t addr, netmask;
3235  struct ifreq ifreq;
3236  struct ifconf ifc;
3237  struct ifreq ifs[20]; /* Maximum number of interfaces to scan */
3238 
3239  if ((sd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
3240  {
3241  msg(M_WARN, "GDG: socket() failed");
3242  goto done;
3243  }
3244  ifc.ifc_len = sizeof(ifs);
3245  ifc.ifc_req = ifs;
3246  if (ioctl(sd, SIOCGIFCONF, &ifc) < 0)
3247  {
3248  msg(M_WARN, "GDG: ioctl(SIOCGIFCONF) failed");
3249  goto done;
3250  }
3251 
3252  /* scan through interface list */
3253  ifend = ifs + (ifc.ifc_len / sizeof(struct ifreq));
3254  for (ifr = ifc.ifc_req; ifr < ifend; ifr++)
3255  {
3256  if (ifr->ifr_addr.sa_family == AF_INET)
3257  {
3258  /* get interface addr */
3259  addr = ntohl(((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr);
3260 
3261  /* get interface name */
3262  strncpynt(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name));
3263 
3264  /* check that the interface is up */
3265  if (ioctl(sd, SIOCGIFFLAGS, &ifreq) < 0)
3266  {
3267  continue;
3268  }
3269  if (!(ifreq.ifr_flags & IFF_UP))
3270  {
3271  continue;
3272  }
3273 
3274  if (rgi->flags & RGI_ON_LINK)
3275  {
3276  /* check that interface name of current interface
3277  * matches interface name of best default route */
3278  if (strcmp(ifreq.ifr_name, best_name))
3279  {
3280  continue;
3281  }
3282 #if 0
3283  /* if point-to-point link, use remote addr as route gateway */
3284  if ((ifreq.ifr_flags & IFF_POINTOPOINT) && ioctl(sd, SIOCGIFDSTADDR, &ifreq) >= 0)
3285  {
3286  rgi->gateway.addr = ntohl(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr);
3287  if (rgi->gateway.addr)
3288  {
3289  rgi->flags &= ~RGI_ON_LINK;
3290  }
3291  }
3292 #endif
3293  }
3294  else
3295  {
3296  /* get interface netmask */
3297  if (ioctl(sd, SIOCGIFNETMASK, &ifreq) < 0)
3298  {
3299  continue;
3300  }
3301  netmask = ntohl(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr);
3302 
3303  /* check that interface matches default route */
3304  if (((rgi->gateway.addr ^ addr) & netmask) != 0)
3305  {
3306  continue;
3307  }
3308 
3309  /* save netmask */
3310  rgi->gateway.netmask = netmask;
3311  rgi->flags |= RGI_NETMASK_DEFINED;
3312  }
3313 
3314  /* save iface name */
3315  strncpynt(rgi->iface, ifreq.ifr_name, sizeof(rgi->iface));
3316  rgi->flags |= RGI_IFACE_DEFINED;
3317 
3318  /* now get the hardware address. */
3319  memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
3320  if (ioctl(sd, SIOCGIFHWADDR, &ifreq) < 0)
3321  {
3322  msg(M_WARN, "GDG: SIOCGIFHWADDR(%s) failed", ifreq.ifr_name);
3323  goto done;
3324  }
3325  memcpy(rgi->hwaddr, &ifreq.ifr_hwaddr.sa_data, 6);
3326  rgi->flags |= RGI_HWADDR_DEFINED;
3327 
3328  break;
3329  }
3330  }
3331  }
3332 
3333 done:
3334  if (sd >= 0)
3335  {
3336  close(sd);
3337  }
3338  gc_free(&gc);
3339 }
3340 
3341 /* IPv6 implementation using netlink
3342  * http://www.linuxjournal.com/article/7356
3343  * netlink(3), netlink(7), rtnetlink(7)
3344  * http://www.virtualbox.org/svn/vbox/trunk/src/VBox/NetworkServices/NAT/rtmon_linux.c
3345  */
3346 struct rtreq {
3347  struct nlmsghdr nh;
3348  struct rtmsg rtm;
3349  char attrbuf[512];
3350 };
3351 
3352 void
3354  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
3355 {
3356  int flags;
3357 
3358  CLEAR(*rgi6);
3359 
3360  if (net_route_v6_best_gw(ctx, dest, &rgi6->gateway.addr_ipv6,
3361  rgi6->iface) == 0)
3362  {
3363  if (!IN6_IS_ADDR_UNSPECIFIED(rgi6->gateway.addr_ipv6.s6_addr))
3364  {
3365  rgi6->flags |= RGI_ADDR_DEFINED;
3366  }
3367 
3368  if (strlen(rgi6->iface) > 0)
3369  {
3370  rgi6->flags |= RGI_IFACE_DEFINED;
3371  }
3372  }
3373 
3374  /* if we have an interface but no gateway, the destination is on-link */
3375  flags = rgi6->flags & (RGI_IFACE_DEFINED | RGI_ADDR_DEFINED);
3376  if (flags == RGI_IFACE_DEFINED)
3377  {
3378  rgi6->flags |= (RGI_ADDR_DEFINED | RGI_ON_LINK);
3379  if (dest)
3380  {
3381  rgi6->gateway.addr_ipv6 = *dest;
3382  }
3383  }
3384 }
3385 
3386 #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \
3387  || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
3388  || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
3389 
3390 #include <sys/types.h>
3391 #include <sys/socket.h>
3392 #include <netinet/in.h>
3393 #include <net/route.h>
3394 #include <net/if_dl.h>
3395 
3396 struct rtmsg {
3397  struct rt_msghdr m_rtm;
3398  char m_space[512];
3399 };
3400 
3401 /* the route socket code is identical for all 4 supported BSDs and for
3402  * MacOS X (Darwin), with one crucial difference: when going from
3403  * 32 bit to 64 bit, the BSDs increased the structure size but kept
3404  * source code compatibility by keeping the use of "long", while
3405  * MacOS X decided to keep binary compatibility by *changing* the API
3406  * to use "uint32_t", thus 32 bit on all OS X variants
3407  *
3408  * We used to have a large amount of duplicate code here which really
3409  * differed only in this (long) vs. (uint32_t) - IMHO, worse than
3410  * having a combined block for all BSDs with this single #ifdef inside
3411  */
3412 
3413 #if defined(TARGET_DARWIN)
3414 #define ROUNDUP(a) \
3415  ((a) > 0 ? (1 + (((a) - 1) | (sizeof(uint32_t) - 1))) : sizeof(uint32_t))
3416 #else
3417 #define ROUNDUP(a) \
3418  ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
3419 #endif
3420 
3421 #if defined(TARGET_SOLARIS)
3422 #define NEXTADDR(w, u) \
3423  if (rtm_addrs & (w)) { \
3424  l = ROUNDUP(sizeof(u)); memmove(cp, &(u), l); cp += l; \
3425  }
3426 
3427 #define ADVANCE(x, n) (x += ROUNDUP(sizeof(struct sockaddr_in)))
3428 #else /* if defined(TARGET_SOLARIS) */
3429 #define NEXTADDR(w, u) \
3430  if (rtm_addrs & (w)) { \
3431  l = ROUNDUP( ((struct sockaddr *)&(u))->sa_len); memmove(cp, &(u), l); cp += l; \
3432  }
3433 
3434 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
3435 #endif
3436 
3437 #define max(a,b) ((a) > (b) ? (a) : (b))
3438 
3439 void
3441 {
3442  struct gc_arena gc = gc_new();
3443  struct rtmsg m_rtmsg;
3444  int sockfd = -1;
3445  int seq, l, pid, rtm_addrs;
3446  unsigned int i;
3447  struct sockaddr so_dst, so_mask;
3448  char *cp = m_rtmsg.m_space;
3449  struct sockaddr *gate = NULL, *ifp = NULL, *sa;
3450  struct rt_msghdr *rtm_aux;
3451 
3452 #define rtm m_rtmsg.m_rtm
3453 
3454  CLEAR(*rgi);
3455 
3456  /* setup data to send to routing socket */
3457  pid = getpid();
3458  seq = 0;
3459  rtm_addrs = RTA_DST | RTA_NETMASK | RTA_IFP;
3460 
3461  bzero(&m_rtmsg, sizeof(m_rtmsg));
3462  bzero(&so_dst, sizeof(so_dst));
3463  bzero(&so_mask, sizeof(so_mask));
3464  bzero(&rtm, sizeof(struct rt_msghdr));
3465 
3466  rtm.rtm_type = RTM_GET;
3467  rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
3468  rtm.rtm_version = RTM_VERSION;
3469  rtm.rtm_seq = ++seq;
3470 #ifdef TARGET_OPENBSD
3471  rtm.rtm_tableid = getrtable();
3472 #endif
3473  rtm.rtm_addrs = rtm_addrs;
3474 
3475  so_dst.sa_family = AF_INET;
3476  so_mask.sa_family = AF_INET;
3477 
3478 #ifndef TARGET_SOLARIS
3479  so_dst.sa_len = sizeof(struct sockaddr_in);
3480  so_mask.sa_len = sizeof(struct sockaddr_in);
3481 #endif
3482 
3483  NEXTADDR(RTA_DST, so_dst);
3484  NEXTADDR(RTA_NETMASK, so_mask);
3485 
3486  rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
3487 
3488  /* transact with routing socket */
3489  sockfd = socket(PF_ROUTE, SOCK_RAW, 0);
3490  if (sockfd < 0)
3491  {
3492  msg(M_WARN, "GDG: socket #1 failed");
3493  goto done;
3494  }
3495  if (write(sockfd, (char *)&m_rtmsg, l) < 0)
3496  {
3497  msg(M_WARN, "GDG: problem writing to routing socket");
3498  goto done;
3499  }
3500  do
3501  {
3502  l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
3503  } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
3504  close(sockfd);
3505  sockfd = -1;
3506 
3507  /* extract return data from routing socket */
3508  rtm_aux = &rtm;
3509  cp = ((char *)(rtm_aux + 1));
3510  if (rtm_aux->rtm_addrs)
3511  {
3512  for (i = 1; i; i <<= 1)
3513  {
3514  if (i & rtm_aux->rtm_addrs)
3515  {
3516  sa = (struct sockaddr *)cp;
3517  if (i == RTA_GATEWAY)
3518  {
3519  gate = sa;
3520  }
3521  else if (i == RTA_IFP)
3522  {
3523  ifp = sa;
3524  }
3525  ADVANCE(cp, sa);
3526  }
3527  }
3528  }
3529  else
3530  {
3531  goto done;
3532  }
3533 
3534  /* get gateway addr and interface name */
3535  if (gate != NULL)
3536  {
3537  /* get default gateway addr */
3538  rgi->gateway.addr = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
3539  if (rgi->gateway.addr)
3540  {
3541  rgi->flags |= RGI_ADDR_DEFINED;
3542  }
3543 
3544  if (ifp)
3545  {
3546  /* get interface name */
3547  const struct sockaddr_dl *adl = (struct sockaddr_dl *) ifp;
3548  if (adl->sdl_nlen && adl->sdl_nlen < sizeof(rgi->iface))
3549  {
3550  memcpy(rgi->iface, adl->sdl_data, adl->sdl_nlen);
3551  rgi->iface[adl->sdl_nlen] = '\0';
3552  rgi->flags |= RGI_IFACE_DEFINED;
3553  }
3554  }
3555  }
3556 
3557  /* get netmask of interface that owns default gateway */
3558  if (rgi->flags & RGI_IFACE_DEFINED)
3559  {
3560  struct ifreq ifr;
3561 
3562  sockfd = socket(AF_INET, SOCK_DGRAM, 0);
3563  if (sockfd < 0)
3564  {
3565  msg(M_WARN, "GDG: socket #2 failed");
3566  goto done;
3567  }
3568 
3569  CLEAR(ifr);
3570  ifr.ifr_addr.sa_family = AF_INET;
3571  strncpynt(ifr.ifr_name, rgi->iface, IFNAMSIZ);
3572 
3573  if (ioctl(sockfd, SIOCGIFNETMASK, (char *)&ifr) < 0)
3574  {
3575  msg(M_WARN, "GDG: ioctl #1 failed");
3576  goto done;
3577  }
3578  close(sockfd);
3579  sockfd = -1;
3580 
3581  rgi->gateway.netmask = ntohl(((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr);
3582  rgi->flags |= RGI_NETMASK_DEFINED;
3583  }
3584 
3585  /* try to read MAC addr associated with interface that owns default gateway */
3586  if (rgi->flags & RGI_IFACE_DEFINED)
3587  {
3588  struct ifconf ifc;
3589  struct ifreq *ifr;
3590  const int bufsize = 4096;
3591  char *buffer;
3592 
3593  buffer = (char *) gc_malloc(bufsize, true, &gc);
3594  sockfd = socket(AF_INET, SOCK_DGRAM, 0);
3595  if (sockfd < 0)
3596  {
3597  msg(M_WARN, "GDG: socket #3 failed");
3598  goto done;
3599  }
3600 
3601  ifc.ifc_len = bufsize;
3602  ifc.ifc_buf = buffer;
3603 
3604  if (ioctl(sockfd, SIOCGIFCONF, (char *)&ifc) < 0)
3605  {
3606  msg(M_WARN, "GDG: ioctl #2 failed");
3607  goto done;
3608  }
3609  close(sockfd);
3610  sockfd = -1;
3611 
3612  for (cp = buffer; cp <= buffer + ifc.ifc_len - sizeof(struct ifreq); )
3613  {
3614  ifr = (struct ifreq *)cp;
3615 #if defined(TARGET_SOLARIS)
3616  const size_t len = sizeof(ifr->ifr_name) + sizeof(ifr->ifr_addr);
3617 #else
3618  const size_t len = sizeof(ifr->ifr_name) + max(sizeof(ifr->ifr_addr), ifr->ifr_addr.sa_len);
3619 #endif
3620 
3621  if (!ifr->ifr_addr.sa_family)
3622  {
3623  break;
3624  }
3625  if (!strncmp(ifr->ifr_name, rgi->iface, IFNAMSIZ))
3626  {
3627  if (ifr->ifr_addr.sa_family == AF_LINK)
3628  {
3629  struct sockaddr_dl *sdl = (struct sockaddr_dl *)&ifr->ifr_addr;
3630  memcpy(rgi->hwaddr, LLADDR(sdl), 6);
3631  rgi->flags |= RGI_HWADDR_DEFINED;
3632  }
3633  }
3634  cp += len;
3635  }
3636  }
3637 
3638 done:
3639  if (sockfd >= 0)
3640  {
3641  close(sockfd);
3642  }
3643  gc_free(&gc);
3644 }
3645 
3646 /* BSD implementation using routing socket (as does IPv4)
3647  * (the code duplication is somewhat unavoidable if we want this to
3648  * work on OpenSolaris as well. *sigh*)
3649  */
3650 
3651 /* Solaris has no length field - this is ugly, but less #ifdef in total
3652  */
3653 #if defined(TARGET_SOLARIS)
3654 #undef ADVANCE
3655 #define ADVANCE(x, n) (x += ROUNDUP(sizeof(struct sockaddr_in6)))
3656 #endif
3657 
3658 void
3660  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
3661 {
3662 
3663  struct rtmsg m_rtmsg;
3664  int sockfd = -1;
3665  int seq, l, pid, rtm_addrs;
3666  unsigned int i;
3667  struct sockaddr_in6 so_dst, so_mask;
3668  char *cp = m_rtmsg.m_space;
3669  struct sockaddr *gate = NULL, *ifp = NULL, *sa;
3670  struct rt_msghdr *rtm_aux;
3671 
3672  CLEAR(*rgi6);
3673 
3674  /* setup data to send to routing socket */
3675  pid = getpid();
3676  seq = 0;
3677  rtm_addrs = RTA_DST | RTA_NETMASK | RTA_IFP;
3678 
3679  bzero(&m_rtmsg, sizeof(m_rtmsg));
3680  bzero(&so_dst, sizeof(so_dst));
3681  bzero(&so_mask, sizeof(so_mask));
3682  bzero(&rtm, sizeof(struct rt_msghdr));
3683 
3684  rtm.rtm_type = RTM_GET;
3685  rtm.rtm_flags = RTF_UP;
3686  rtm.rtm_version = RTM_VERSION;
3687  rtm.rtm_seq = ++seq;
3688 #ifdef TARGET_OPENBSD
3689  rtm.rtm_tableid = getrtable();
3690 #endif
3691 
3692  so_dst.sin6_family = AF_INET6;
3693  so_mask.sin6_family = AF_INET6;
3694 
3695  if (dest != NULL /* specific host? */
3696  && !IN6_IS_ADDR_UNSPECIFIED(dest) )
3697  {
3698  so_dst.sin6_addr = *dest;
3699  /* :: needs /0 "netmask", host route wants "no netmask */
3700  rtm_addrs &= ~RTA_NETMASK;
3701  }
3702 
3703  rtm.rtm_addrs = rtm_addrs;
3704 
3705 #ifndef TARGET_SOLARIS
3706  so_dst.sin6_len = sizeof(struct sockaddr_in6);
3707  so_mask.sin6_len = sizeof(struct sockaddr_in6);
3708 #endif
3709 
3710  NEXTADDR(RTA_DST, so_dst);
3711  NEXTADDR(RTA_NETMASK, so_mask);
3712 
3713  rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
3714 
3715  /* transact with routing socket */
3716  sockfd = socket(PF_ROUTE, SOCK_RAW, 0);
3717  if (sockfd < 0)
3718  {
3719  msg(M_WARN, "GDG6: socket #1 failed");
3720  goto done;
3721  }
3722  if (write(sockfd, (char *)&m_rtmsg, l) < 0)
3723  {
3724  msg(M_WARN, "GDG6: problem writing to routing socket");
3725  goto done;
3726  }
3727 
3728  do
3729  {
3730  l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
3731  }
3732  while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
3733 
3734  close(sockfd);
3735  sockfd = -1;
3736 
3737  /* extract return data from routing socket */
3738  rtm_aux = &rtm;
3739  cp = ((char *)(rtm_aux + 1));
3740  if (rtm_aux->rtm_addrs)
3741  {
3742  for (i = 1; i; i <<= 1)
3743  {
3744  if (i & rtm_aux->rtm_addrs)
3745  {
3746  sa = (struct sockaddr *)cp;
3747  if (i == RTA_GATEWAY)
3748  {
3749  gate = sa;
3750  }
3751  else if (i == RTA_IFP)
3752  {
3753  ifp = sa;
3754  }
3755  ADVANCE(cp, sa);
3756  }
3757  }
3758  }
3759  else
3760  {
3761  goto done;
3762  }
3763 
3764  /* get gateway addr and interface name */
3765  if (gate != NULL)
3766  {
3767  struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)gate;
3768  struct in6_addr gw = s6->sin6_addr;
3769 
3770 #ifndef TARGET_SOLARIS
3771  /* You do not really want to know... from FreeBSD's route.c
3772  * (KAME encodes the 16 bit scope_id in s6_addr[2] + [3],
3773  * but for a correct link-local address these must be :0000: )
3774  */
3775  if (gate->sa_len == sizeof(struct sockaddr_in6)
3776  && IN6_IS_ADDR_LINKLOCAL(&gw) )
3777  {
3778  gw.s6_addr[2] = gw.s6_addr[3] = 0;
3779  }
3780 
3781  if (gate->sa_len != sizeof(struct sockaddr_in6)
3782  || IN6_IS_ADDR_UNSPECIFIED(&gw) )
3783  {
3784  rgi6->flags |= RGI_ON_LINK;
3785  }
3786  else
3787 #endif
3788 
3789  rgi6->gateway.addr_ipv6 = gw;
3790  rgi6->flags |= RGI_ADDR_DEFINED;
3791 
3792  if (ifp)
3793  {
3794  /* get interface name */
3795  const struct sockaddr_dl *adl = (struct sockaddr_dl *) ifp;
3796  if (adl->sdl_nlen && adl->sdl_nlen < sizeof(rgi6->iface))
3797  {
3798  memcpy(rgi6->iface, adl->sdl_data, adl->sdl_nlen);
3799  rgi6->flags |= RGI_IFACE_DEFINED;
3800  }
3801  }
3802  }
3803 
3804 done:
3805  if (sockfd >= 0)
3806  {
3807  close(sockfd);
3808  }
3809 }
3810 
3811 #undef max
3812 
3813 #else /* if defined(_WIN32) */
3814 
3815 /*
3816  * This is a platform-specific method that returns data about
3817  * the current default gateway. Return data is placed into
3818  * a struct route_gateway_info object provided by caller. The
3819  * implementation should CLEAR the structure before adding
3820  * data to it.
3821  *
3822  * Data returned includes:
3823  * 1. default gateway address (rgi->gateway.addr)
3824  * 2. netmask of interface that owns default gateway
3825  * (rgi->gateway.netmask)
3826  * 3. hardware address (i.e. MAC address) of interface that owns
3827  * default gateway (rgi->hwaddr)
3828  * 4. interface name (or adapter index on Windows) that owns default
3829  * gateway (rgi->iface or rgi->adapter_index)
3830  * 5. an array of additional address/netmask pairs defined by
3831  * interface that owns default gateway (rgi->addrs with length
3832  * given in rgi->n_addrs)
3833  *
3834  * The flags RGI_x_DEFINED may be used to indicate which of the data
3835  * members were successfully returned (set in rgi->flags). All of
3836  * the data members are optional, however certain OpenVPN functionality
3837  * may be disabled by missing items.
3838  */
3839 void
3841 {
3842  CLEAR(*rgi);
3843 }
3844 void
3846  const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
3847 {
3848  msg(D_ROUTE, "no support for get_default_gateway_ipv6() on this system");
3849  CLEAR(*rgi6);
3850 }
3851 
3852 #endif /* if defined(_WIN32) */
3853 
3854 bool
3855 netmask_to_netbits(const in_addr_t network, const in_addr_t netmask, int *netbits)
3856 {
3857  int i;
3858  const int addrlen = sizeof(in_addr_t) * 8;
3859 
3860  if ((network & netmask) == network)
3861  {
3862  for (i = 0; i <= addrlen; ++i)
3863  {
3864  in_addr_t mask = netbits_to_netmask(i);
3865  if (mask == netmask)
3866  {
3867  if (i == addrlen)
3868  {
3869  *netbits = -1;
3870  }
3871  else
3872  {
3873  *netbits = i;
3874  }
3875  return true;
3876  }
3877  }
3878  }
3879  return false;
3880 }
3881 
3882 /* similar to netmask_to_netbits(), but don't mess with base address
3883  * etc., just convert to netbits - non-mappable masks are returned as "-1"
3884  */
3885 int
3887 {
3888  int i;
3889  const int addrlen = sizeof(in_addr_t) * 8;
3890 
3891  for (i = 0; i <= addrlen; ++i)
3892  {
3893  in_addr_t mask = netbits_to_netmask(i);
3894  if (mask == netmask)
3895  {
3896  return i;
3897  }
3898  }
3899  return -1;
3900 }
3901 
3902 
3903 /*
3904  * get_bypass_addresses() is used by the redirect-gateway bypass-x
3905  * functions to build a route bypass to selected DHCP/DNS servers,
3906  * so that outgoing packets to these servers don't end up in the tunnel.
3907  */
3908 
3909 #if defined(_WIN32)
3910 
3911 static void
3913 {
3914  if (test_local_addr(addr, NULL) == TLA_NONLOCAL && addr != 0 && addr != IPV4_NETMASK_HOST)
3915  {
3916  add_bypass_address(rb, addr);
3917  }
3918 }
3919 
3920 static void
3921 add_host_route_array(struct route_bypass *rb, const IP_ADDR_STRING *iplist)
3922 {
3923  while (iplist)
3924  {
3925  bool succeed = false;
3926  const in_addr_t ip = getaddr(GETADDR_HOST_ORDER, iplist->IpAddress.String, 0, &succeed, NULL);
3927  if (succeed)
3928  {
3930  }
3931  iplist = iplist->Next;
3932  }
3933 }
3934 
3935 static void
3936 get_bypass_addresses(struct route_bypass *rb, const unsigned int flags)
3937 {
3938  struct gc_arena gc = gc_new();
3939  /*bool ret_bool = false;*/
3940 
3941  /* get full routing table */
3942  const MIB_IPFORWARDTABLE *routes = get_windows_routing_table(&gc);
3943 
3944  /* get the route which represents the default gateway */
3945  const MIB_IPFORWARDROW *row = get_default_gateway_row(routes);
3946 
3947  if (row)
3948  {
3949  /* get the adapter which the default gateway is associated with */
3950  const IP_ADAPTER_INFO *dgi = get_adapter_info(row->dwForwardIfIndex, &gc);
3951 
3952  /* get extra adapter info, such as DNS addresses */
3953  const IP_PER_ADAPTER_INFO *pai = get_per_adapter_info(row->dwForwardIfIndex, &gc);
3954 
3955  /* Bypass DHCP server address */
3956  if ((flags & RG_BYPASS_DHCP) && dgi && dgi->DhcpEnabled)
3957  {
3958  add_host_route_array(rb, &dgi->DhcpServer);
3959  }
3960 
3961  /* Bypass DNS server addresses */
3962  if ((flags & RG_BYPASS_DNS) && pai)
3963  {
3964  add_host_route_array(rb, &pai->DnsServerList);
3965  }
3966  }
3967 
3968  gc_free(&gc);
3969 }
3970 
3971 #else /* if defined(_WIN32) */
3972 
3973 static void
3974 get_bypass_addresses(struct route_bypass *rb, const unsigned int flags) /* PLATFORM-SPECIFIC */
3975 {
3976 }
3977 
3978 #endif /* if defined(_WIN32) */
3979 
3980 /*
3981  * Test if addr is reachable via a local interface (return ILA_LOCAL),
3982  * or if it needs to be routed via the default gateway (return
3983  * ILA_NONLOCAL). If the target platform doesn't implement this
3984  * function, return ILA_NOT_IMPLEMENTED.
3985  *
3986  * Used by redirect-gateway autolocal feature
3987  */
3988 
3989 #if defined(_WIN32)
3990 
3991 int
3992 test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi)
3993 {
3994  struct gc_arena gc = gc_new();
3995  const in_addr_t nonlocal_netmask = 0x80000000L; /* routes with netmask <= to this are considered non-local */
3996  int ret = TLA_NONLOCAL;
3997 
3998  /* get full routing table */
3999  const MIB_IPFORWARDTABLE *rt = get_windows_routing_table(&gc);
4000  if (rt)
4001  {
4002  int i;
4003  for (i = 0; i < rt->dwNumEntries; ++i)
4004  {
4005  const MIB_IPFORWARDROW *row = &rt->table[i];
4006  const in_addr_t net = ntohl(row->dwForwardDest);
4007  const in_addr_t mask = ntohl(row->dwForwardMask);
4008  if (mask > nonlocal_netmask && (addr & mask) == net)
4009  {
4010  ret = TLA_LOCAL;
4011  break;
4012  }
4013  }
4014  }
4015 
4016  gc_free(&gc);
4017  return ret;
4018 }
4019 
4020 #else /* if defined(_WIN32) */
4021 
4022 int
4023 test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi) /* PLATFORM-SPECIFIC */
4024 {
4025  if (rgi)
4026  {
4027  if (local_route(addr, 0xFFFFFFFF, rgi->gateway.addr, rgi))
4028  {
4029  return TLA_LOCAL;
4030  }
4031  else
4032  {
4033  return TLA_NONLOCAL;
4034  }
4035  }
4036  return TLA_NOT_IMPLEMENTED;
4037 }
4038 
4039 #endif /* if defined(_WIN32) */
static bool del_route_service(const struct route_ipv4 *, const struct tuntap *)
Definition: route.c:3106
#define M_NONFATAL
Definition: error.h:95
#define RG_BYPASS_DNS
Definition: route.h:88
in_addr_t gateway
Definition: route.h:121
in_addr_t addr
Definition: route.h:142
static bool add_route_service(const struct route_ipv4 *, const struct tuntap *)
Definition: route.c:3100
struct route_gateway_address gateway
Definition: route.h:166
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition: buffer.h:348
unsigned int spec_flags
Definition: route.h:222
Definition: tun.h:132
const IP_PER_ADAPTER_INFO * get_per_adapter_info(const DWORD index, struct gc_arena *gc)
Definition: tun.c:4051
struct route_bypass bypass
Definition: route.h:71
const IP_ADAPTER_INFO * get_adapter_info_list(struct gc_arena *gc)
Definition: tun.c:4024
struct in6_addr ipv6
Definition: openvpn-msg.h:52
int openvpn_getaddrinfo(unsigned int flags, const char *hostname, const char *servname, int resolve_retry_seconds, volatile int *signal_received, int ai_family, struct addrinfo **res)
Definition: socket.c:440
#define GETADDR_WARN_ON_SIGNAL
Definition: socket.h:525
static void print_route_option(const struct route_option *ro, int level)
Definition: route.c:1297
static void setenv_route_addr(struct env_set *es, const char *key, const in_addr_t addr, int i)
Definition: route.c:200
in_addr_t network
Definition: route.h:119
#define LR_ERROR
Definition: route.c:1501
#define D_ROUTE
Definition: errlevel.h:80
void gc_addspecial(void *addr, void(free_function)(void *), struct gc_arena *a)
Definition: buffer.c:477
#define RL_DID_LOCAL
Definition: route.h:208
static bool do_route_service(const bool add, const route_message_t *rt, const size_t size, HANDLE pipe)
Definition: route.c:2996
struct argv argv_new(void)
Definition: argv.c:52
void add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1186
static void del_route3(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:915
in_addr_t getaddr(unsigned int flags, const char *hostname, int resolve_retry_seconds, bool *succeeded, volatile int *signal_received)
Translate an IPv4 addr or hostname from string form to in_addr_t.
Definition: socket.c:193
struct route_ipv6 * next
Definition: route.h:126
int n_bypass
Definition: route.h:56
unsigned int flags
Definition: route.h:66
const char * print_in6_addr(struct in6_addr a6, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2992
void print_default_gateway(const int msglevel, const struct route_gateway_info *rgi, const struct route_ipv6_gateway_info *rgi6)
Definition: route.c:1323
#define M_INFO
Definition: errlevel.h:55
struct route_ipv6_option_list * new_route_ipv6_option_list(struct gc_arena *a)
Definition: route.c:120
void add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1546
static bool is_route_parm_defined(const char *parm)
Definition: route.c:186
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
unsigned int iflags
Definition: route.h:210
void check_subnet_conflict(const in_addr_t ip, const in_addr_t netmask, const char *prefix)
Definition: tun.c:425
#define dmsg
Definition: error.h:174
struct in6_addr remote_host_ipv6
Definition: route.h:224
void print_route_options(const struct route_option_list *rol, int level)
Definition: route.c:1307
struct in6_addr remote_endpoint_ipv6
Definition: route.h:223
static void setenv_route_ipv6(struct env_set *es, const struct route_ipv6 *r6, int i)
Definition: route.c:1450
struct route_option * routes
Definition: route.h:95
static void clear_route_list(struct route_list *rl)
Definition: route.c:518
unsigned int flags
Definition: route.h:127
void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6, const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
Definition: route.c:2808
in_addr_t bypass[N_ROUTE_BYPASS]
Definition: route.h:57
struct route_ipv6_option_list * clone_route_ipv6_option_list(const struct route_ipv6_option_list *src, struct gc_arena *a)
Definition: route.c:145
const IP_ADAPTER_INFO * get_tun_adapter(const struct tuntap *tt, const IP_ADAPTER_INFO *list)
Definition: tun.c:4242
bool netmask_to_netbits(const in_addr_t network, const in_addr_t netmask, int *netbits)
Definition: route.c:3855
static void clear_route_ipv6_list(struct route_ipv6_list *rl6)
Definition: route.c:525
void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
Definition: route.c:1470
static in_addr_t netbits_to_netmask(const int netbits)
Definition: route.h:381
in_addr_t netmask
Definition: route.h:143
static const MIB_IPFORWARDROW * get_default_gateway_row(const MIB_IPFORWARDTABLE *routes)
Definition: route.c:2681
const char * metric
Definition: route.h:103
static char * iface
static void add_bypass_routes(struct route_bypass *rb, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:934
#define RT_METRIC_DEFINED
Definition: route.h:115
void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l, const char *prefix, const char *gateway, const char *metric)
Definition: route.c:503
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:245
static int test_route(const IP_ADAPTER_INFO *adapters, const in_addr_t gateway, DWORD *index)
Definition: route.c:2590
#define RL_ROUTES_ADDED
Definition: route.h:209
struct route_ipv6_gateway_address addrs[RGI_N_ADDRESSES]
Definition: route.h:203
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition: env_set.c:285
#define in_addr_t
Definition: config-msvc.h:104
#define ROUTE_METHOD_SERVICE
Definition: route.h:43
struct route_gateway_info rgi
Definition: route.h:213
#define RL_DID_REDIRECT_DEFAULT_GATEWAY
Definition: route.h:207
static bool do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:3023
struct route_ipv6_gateway_info rgi6
Definition: route.h:227
const char * gateway
Definition: route.h:79
void * openvpn_net_ctx_t
Definition: networking.h:26
struct in6_addr network
Definition: route.h:128
struct route_ipv6_option * routes_ipv6
Definition: route.h:108
struct route_special_addr spec
Definition: route.h:212
bool test_routes(const struct route_list *rl, const struct tuntap *tt)
Definition: route.c:2633
#define ASSERT(x)
Definition: error.h:221
#define IA_NET_ORDER
Definition: socket.h:394
static const char * route_string(const struct route_ipv4 *r, struct gc_arena *gc)
Definition: route.c:170
static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:2138
#define snprintf
Definition: config-msvc.h:97
static bool route_ipv6_match_host(const struct route_ipv6 *r6, const struct in6_addr *host)
Definition: route.c:727
unsigned int flags
Definition: route.h:228
struct tuntap_options options
Definition: tun.h:145
const struct route_option * option
Definition: route.h:118
#define N_ROUTE_BYPASS
Definition: route.h:55
struct route_ipv6 * routes_ipv6
Definition: route.h:229
void argv_msg(const int msglev, const struct argv *a)
Definition: argv.c:206
unsigned int flags
Definition: route.h:214
static void print_route(const struct route_ipv4 *r, int level)
Definition: route.c:1398
static bool add_bypass_address(struct route_bypass *rb, const in_addr_t a)
Definition: route.c:89
#define LR_NOMATCH
Definition: route.c:1499
void netcmd_semaphore_lock(void)
Definition: win32.c:859
#define ALLOC_OBJ_GC(dptr, type, gc)
Definition: buffer.h:1082
static bool add_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *)
Definition: route.c:3112
int add(int a, int b)
list flags
#define fail()
Definition: cmocka.h:1531
#define RG_ENABLE
Definition: route.h:84
int inet_pton(int af, const char *src, void *dst)
#define WIN_ROUTE_PATH_SUFFIX
Definition: win32.h:35
#define RGI_NETMASK_DEFINED
Definition: route.h:148
unsigned int netbits
Definition: route.h:129
#define RT_ADDED
Definition: route.h:114
void setenv_routes(struct env_set *es, const struct route_list *rl)
Definition: route.c:1439
in_addr_t netmask
Definition: route.h:120
#define CLEAR(x)
Definition: basic.h:33
#define IPV4_INVALID_ADDR
Definition: socket.h:428
#define ROUTE_REF_GW
Definition: route.h:51
void get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx)
Definition: route.c:2722
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:299
bool is_ip_in_adapter_subnet(const IP_ADAPTER_INFO *ai, const in_addr_t ip, in_addr_t *highest_netmask)
Definition: tun.c:4300
#define TLA_NONLOCAL
Definition: route.h:346
#define RG_LOCAL
Definition: route.h:85
bool is_special_addr(const char *addr_str)
Definition: route.c:287
#define RGI_ON_LINK
Definition: route.h:152
inet_address_t gateway
Definition: openvpn-msg.h:73
bool init_route_list(struct route_list *rl, const struct route_option_list *opt, const char *remote_endpoint, int default_metric, in_addr_t remote_host, struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:607
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
static void add_block_local(struct route_list *rl)
Definition: route.c:574
bool did_ifconfig_setup
Definition: tun.h:140
static bool is_on_link(const int is_local_route, const unsigned int flags, const struct route_gateway_info *rgi)
Definition: route.c:1540
static DWORD InterfaceLuid(const char *iface_name, PNET_LUID luid)
Definition: interactive.c:548
struct gc_arena gc
Definition: route.h:216
#define RGI_ADDR_DEFINED
Definition: route.h:147
#define PACKAGE_NAME
Definition: config.h:730
struct route_gateway_address addrs[RGI_N_ADDRESSES]
Definition: route.h:171
unsigned int iflags
Definition: route.h:220
const char * print_in_addr_t(in_addr_t addr, unsigned int flags, struct gc_arena *gc)
Definition: socket.c:2972
#define OPENVPN_STATE_ADD_ROUTES
Definition: manage.h:485
#define TLA_LOCAL
Definition: route.h:347
#define METRIC_NOT_USED
Definition: route.c:55
#define DEV_TYPE_TUN
Definition: proto.h:37
int type
Definition: tun.h:135
static void gc_init(struct gc_arena *a)
Definition: buffer.h:1002
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:408
static void undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1112
static DWORD windows_route_find_if_index(const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:2759
void route_ipv6_clear_host_bits(struct route_ipv6 *r6)
Definition: route.c:1833
#define NETSH_PATH_SUFFIX
Definition: win32.h:34
#define ROUTE_DELETE_FIRST
Definition: route.h:50
unsigned int flags
Definition: route.h:153
void delete_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1244
static void gc_freeaddrinfo_callback(void *addr)
Definition: buffer.h:202
static bool get_special_addr(const struct route_list *rl, const char *string, in_addr_t *out, bool *status)
Definition: route.c:217
#define RT_DEFINED
Definition: route.h:113
struct gc_arena gc
Definition: route.h:230
#define RG_DEF1
Definition: route.h:86
#define RTSA_DEFAULT_METRIC
Definition: route.h:65
static void setenv_route(struct env_set *es, const struct route_ipv4 *r, int i)
Definition: route.c:1419
DWORD adapter_index
Definition: route.h:134
in_addr_t remote_endpoint
Definition: route.h:68
struct in6_addr addr_ipv6
Definition: route.h:175
#define RG_BYPASS_DHCP
Definition: route.h:87
#define ROUTE_METHOD_MASK
Definition: route.h:44
static bool del_route_ipv6_service(const struct route_ipv6 *, const struct tuntap *)
Definition: route.c:3118
static SERVICE_STATUS status
Definition: automatic.c:43
void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest, const struct route_ipv6_option_list *src, struct gc_arena *a)
Definition: route.c:161
const char * netmask
Definition: route.h:78
DWORD adapter_index
Definition: route.h:157
static bool init_route_ipv6(struct route_ipv6 *r6, const struct route_ipv6_option *r6o, const struct route_ipv6_list *rl6)
Definition: route.c:429
void route_list_add_vpn_gateway(struct route_list *rl, struct env_set *es, const in_addr_t addr)
Definition: route.c:532
unsigned int flags
Definition: route.h:117
bool send_msg_iservice(HANDLE pipe, const void *data, size_t size, ack_message_t *ack, const char *context)
Definition: win32.c:1476
#define msg
Definition: error.h:173
char * format_hex_ex(const uint8_t *data, int size, int maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
Definition: buffer.c:522
#define RGI_HWADDR_DEFINED
Definition: route.h:149
#define GETADDR_HOST_ORDER
Definition: socket.h:522
char * get_win_sys_path(void)
Definition: win32.c:1209
DWORD adapter_index
Definition: tun.h:176
void add_route_to_option_list(struct route_option_list *l, const char *network, const char *netmask, const char *gateway, const char *metric)
Definition: route.c:485
const char * strerror_win32(DWORD errnum, struct gc_arena *gc)
Definition: error.c:819
unsigned int flags
Definition: route.h:181
const IP_ADAPTER_INFO * get_adapter_info(DWORD index, struct gc_arena *gc)
Definition: tun.c:4157
int netmask_to_netbits2(in_addr_t netmask)
Definition: route.c:3886
#define RTSA_REMOTE_ENDPOINT
Definition: route.h:63
struct route_ipv4 * next
Definition: route.h:116
static void add_host_route_if_nonlocal(struct route_bypass *rb, const in_addr_t addr)
Definition: route.c:3912
unsigned int flags
Definition: route.h:94
unsigned int flags
Definition: route.h:107
struct gc_arena * gc
Definition: route.h:109
struct in6_addr gateway
Definition: route.h:130
HANDLE msg_channel
Definition: tun.h:62
#define RTSA_REMOTE_HOST
Definition: route.h:64
static int local_route(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct route_gateway_info *rgi)
Definition: route.c:1504
int test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi)
Definition: route.c:3992
bool did_ifconfig_ipv6_setup
Definition: tun.h:141
struct route_ipv6_gateway_address gateway
Definition: route.h:198
#define RG_BLOCK_LOCAL
Definition: route.h:91
interface_t iface
Definition: openvpn-msg.h:74
int metric
Definition: route.h:131
const char * network
Definition: route.h:77
const char * metric
Definition: route.h:80
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition: buffer.h:1087
void argv_printf_cat(struct argv *a, const char *format,...)
Definition: argv.c:328
#define RG_REROUTE_GW
Definition: route.h:89
char name[256]
Definition: openvpn-msg.h:57
#define ROUTE_METHOD_IPAPI
Definition: route.h:41
#define ROUTE_METHOD_EXE
Definition: route.h:42
#define RG_AUTO_LOCAL
Definition: route.h:90
struct route_ipv6_option * next
Definition: route.h:100
void setenv_int(struct env_set *es, const char *name, int value)
Definition: env_set.c:269
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_FATAL
Definition: error.h:94
void show_routes(int msglev)
Definition: route.c:3149
struct gc_arena * gc
Definition: route.h:96
bool add_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index)
Definition: route.c:2878
#define LR_MATCH
Definition: route.c:1500
static bool init_route(struct route_ipv4 *r, struct addrinfo **network_list, const struct route_option *ro, const struct route_list *rl)
Definition: route.c:300
void netcmd_semaphore_release(void)
Definition: win32.c:875
const char * prefix
Definition: route.h:101
#define TUN_ADAPTER_INDEX_INVALID
Definition: tun.h:43
static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags)
Definition: route.c:3936
#define TLA_NOT_IMPLEMENTED
Definition: route.h:345
bool init_route_ipv6_list(struct route_ipv6_list *rl6, const struct route_ipv6_option_list *opt6, const char *remote_endpoint, int default_metric, const struct in6_addr *remote_host_ipv6, struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:763
void management_set_state(struct management *man, const int state, const char *detail, const in_addr_t *tun_local_ip, const struct in6_addr *tun_local_ip6, const struct openvpn_sockaddr *local, const struct openvpn_sockaddr *remote)
Definition: manage.c:2663
struct route_option_list * clone_route_option_list(const struct route_option_list *src, struct gc_arena *a)
Definition: route.c:136
bool is_adapter_up(const struct tuntap *tt, const IP_ADAPTER_INFO *list)
Definition: tun.c:4255
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
uint8_t hwaddr[6]
Definition: route.h:163
void delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:2332
DWORD adapter_index_of_ip(const IP_ADAPTER_INFO *list, const in_addr_t ip, int *count, in_addr_t *netmask)
Definition: tun.c:4333
static void add_route3(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:896
#define M_WARN
Definition: error.h:96
#define ROUTE_PATH
Definition: config.h:757
static void add_host_route_array(struct route_bypass *rb, const IP_ADDR_STRING *iplist)
Definition: route.c:3921
static uint8_t * buf_bptr(const struct buffer *buf)
Definition: buffer.h:227
bool get_ipv6_addr(const char *hostname, struct in6_addr *network, unsigned int *netbits, int msglevel)
Translate an IPv6 addr or hostname from string form to in6_addr.
Definition: socket.c:224
struct route_option * next
Definition: route.h:76
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
int remote_host_local
Definition: route.h:70
const char * gateway
Definition: route.h:102
static void net_ctx_reset(openvpn_net_ctx_t *ctx)
Definition: networking.h:44
static const char * format_route_entry(const MIB_IPFORWARDROW *r, struct gc_arena *gc)
Definition: route.c:3124
#define ROUTE_METHOD_ADAPTIVE
Definition: route.h:40
const IP_ADAPTER_INFO * get_adapter(const IP_ADAPTER_INFO *ai, DWORD index)
Definition: tun.c:4138
static void add_block_local_item(struct route_list *rl, const struct route_gateway_address *gateway, in_addr_t target)
Definition: route.c:543
void argv_reset(struct argv *a)
Definition: argv.c:60
#define BSTR(buf)
Definition: buffer.h:129
void copy_route_option_list(struct route_option_list *dest, const struct route_option_list *src, struct gc_arena *a)
Definition: route.c:154
struct route_option_list * new_route_option_list(struct gc_arena *a)
Definition: route.c:111
static void del_bypass_routes(struct route_bypass *rb, in_addr_t gateway, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:960
Definition: argv.h:35
bool openvpn_execve_check(const struct argv *a, const struct env_set *es, const unsigned int flags, const char *error_message)
Definition: run_command.c:195
char * actual_name
Definition: tun.h:147
struct route_ipv4 * routes
Definition: route.h:215
static const MIB_IPFORWARDTABLE * get_windows_routing_table(struct gc_arena *gc)
Definition: route.c:2567
static bool do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct tuntap *tt)
Definition: route.c:3054
char * dest
Definition: compat-lz4.h:431
#define GETADDR_RESOLVE
Definition: socket.h:520
static void redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:986
#define IPV4_NETMASK_HOST
Definition: basic.h:35
in_addr_t remote_host
Definition: route.h:69
uint8_t hwaddr[6]
Definition: route.h:195
void argv_printf(struct argv *a, const char *format,...)
Definition: argv.c:318
int default_metric
Definition: route.h:225
#define D_ROUTE_DEBUG
Definition: errlevel.h:130
static const char * show_opt(const char *option)
Definition: route.c:1284
void add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx)
Definition: route.c:1856
#define RGI_IFACE_DEFINED
Definition: route.h:150
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
#define DEV_TYPE_TAP
Definition: proto.h:38
int default_metric
Definition: route.h:72
void print_routes(const struct route_list *rl, int level)
Definition: route.c:1409
static void test_route_helper(bool *ret, int *count, int *good, int *ambig, const IP_ADAPTER_INFO *adapters, const in_addr_t gateway)
Definition: route.c:2604
bool del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt)
Definition: route.c:2960
int metric
Definition: route.h:122