2
* OpenVPN -- An application to securely tunnel IP networks
3
* over a single TCP/UDP port, with support for SSL/TLS-based
4
* session authentication and key exchange,
5
* packet encryption, packet authentication, and
8
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License version 2
12
* as published by the Free Software Foundation.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program (see the file COPYING included with this
21
* distribution); if not, write to the Free Software Foundation, Inc.,
22
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26
* Support routines for adding/deleting network routes.
41
static void delete_route (const struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es);
42
static void get_bypass_addresses (struct route_bypass *rb, const unsigned int flags);
47
print_bypass_addresses (const struct route_bypass *rb)
49
struct gc_arena gc = gc_new ();
51
for (i = 0; i < rb->n_bypass; ++i)
53
msg (D_ROUTE, "ROUTE: bypass_host_route[%d]=%s",
55
print_in_addr_t (rb->bypass[i], 0, &gc));
63
add_bypass_address (struct route_bypass *rb, const in_addr_t a)
66
for (i = 0; i < rb->n_bypass; ++i)
68
if (a == rb->bypass[i]) /* avoid duplicates */
71
if (rb->n_bypass < N_ROUTE_BYPASS)
73
rb->bypass[rb->n_bypass++] = a;
82
struct route_option_list *
83
new_route_option_list (const int max_routes, struct gc_arena *a)
85
struct route_option_list *ret;
86
ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_option_list, struct route_option, max_routes, a);
87
ret->capacity = max_routes;
91
struct route_option_list *
92
clone_route_option_list (const struct route_option_list *src, struct gc_arena *a)
94
const size_t rl_size = array_mult_safe (sizeof(struct route_option), src->capacity, sizeof(struct route_option_list));
95
struct route_option_list *ret = gc_malloc (rl_size, false, a);
96
memcpy (ret, src, rl_size);
101
copy_route_option_list (struct route_option_list *dest, const struct route_option_list *src)
103
const size_t src_size = array_mult_safe (sizeof(struct route_option), src->capacity, sizeof(struct route_option_list));
104
if (src->n > dest->capacity)
105
msg (M_FATAL, PACKAGE_NAME " ROUTE: (copy) number of route options in src (%d) is greater than route list capacity in dest (%d)", src->n, dest->capacity);
106
memcpy (dest, src, src_size);
110
new_route_list (const int max_routes, struct gc_arena *a)
112
struct route_list *ret;
113
ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_list, struct route, max_routes, a);
114
ret->capacity = max_routes;
119
route_string (const struct route *r, struct gc_arena *gc)
121
struct buffer out = alloc_buf_gc (256, gc);
122
buf_printf (&out, "ROUTE network %s netmask %s gateway %s",
123
print_in_addr_t (r->network, 0, gc),
124
print_in_addr_t (r->netmask, 0, gc),
125
print_in_addr_t (r->gateway, 0, gc)
127
if (r->metric_defined)
128
buf_printf (&out, " metric %d", r->metric);
133
is_route_parm_defined (const char *parm)
137
if (!strcmp (parm, "default"))
143
setenv_route_addr (struct env_set *es, const char *key, const in_addr_t addr, int i)
145
struct gc_arena gc = gc_new ();
146
struct buffer name = alloc_buf_gc (256, &gc);
148
buf_printf (&name, "route_%s_%d", key, i);
150
buf_printf (&name, "route_%s", key);
151
setenv_str (es, BSTR (&name), print_in_addr_t (addr, 0, &gc));
156
get_special_addr (const struct route_special_addr *spec,
163
if (!strcmp (string, "vpn_gateway"))
167
if (spec->remote_endpoint_defined)
168
*out = spec->remote_endpoint;
171
msg (M_INFO, PACKAGE_NAME " ROUTE: vpn_gateway undefined");
178
else if (!strcmp (string, "net_gateway"))
182
if (spec->net_gateway_defined)
183
*out = spec->net_gateway;
186
msg (M_INFO, PACKAGE_NAME " ROUTE: net_gateway undefined -- unable to get default gateway from system");
193
else if (!strcmp (string, "remote_host"))
197
if (spec->remote_host_defined)
198
*out = spec->remote_host;
201
msg (M_INFO, PACKAGE_NAME " ROUTE: remote_host undefined");
212
is_special_addr (const char *addr_str)
215
return get_special_addr (NULL, addr_str, NULL, NULL);
221
init_route (struct route *r,
222
struct resolve_list *network_list,
223
const struct route_option *ro,
224
const struct route_special_addr *spec)
226
const in_addr_t default_netmask = ~0;
234
if (!is_route_parm_defined (ro->network))
239
if (!get_special_addr (spec, ro->network, &r->network, &status))
241
r->network = getaddr_multi (
244
| GETADDR_WARN_ON_SIGNAL,
257
if (is_route_parm_defined (ro->netmask))
259
r->netmask = getaddr (
261
| GETADDR_WARN_ON_SIGNAL,
270
r->netmask = default_netmask;
274
if (is_route_parm_defined (ro->gateway))
276
if (!get_special_addr (spec, ro->gateway, &r->gateway, &status))
278
r->gateway = getaddr (
281
| GETADDR_WARN_ON_SIGNAL,
292
if (spec->remote_endpoint_defined)
293
r->gateway = spec->remote_endpoint;
296
msg (M_WARN, PACKAGE_NAME " ROUTE: " PACKAGE_NAME " needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options");
303
r->metric_defined = false;
305
if (is_route_parm_defined (ro->metric))
307
r->metric = atoi (ro->metric);
310
msg (M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) must be >= 0",
315
r->metric_defined = true;
317
else if (spec->default_metric_defined)
319
r->metric = spec->default_metric;
320
r->metric_defined = true;
328
msg (M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve route for host/network: %s",
335
add_route_to_option_list (struct route_option_list *l,
341
struct route_option *ro;
342
if (l->n >= l->capacity)
343
msg (M_FATAL, PACKAGE_NAME " ROUTE: cannot add more than %d routes -- please increase the max-routes option in the client configuration file",
345
ro = &l->routes[l->n];
346
ro->network = network;
347
ro->netmask = netmask;
348
ro->gateway = gateway;
354
clear_route_list (struct route_list *rl)
356
const int capacity = rl->capacity;
357
const size_t rl_size = array_mult_safe (sizeof(struct route), capacity, sizeof(struct route_list));
358
memset(rl, 0, rl_size);
359
rl->capacity = capacity;
363
route_list_add_default_gateway (struct route_list *rl,
365
const in_addr_t addr)
367
rl->spec.remote_endpoint = addr;
368
rl->spec.remote_endpoint_defined = true;
369
setenv_route_addr (es, "vpn_gateway", rl->spec.remote_endpoint, -1);
373
init_route_list (struct route_list *rl,
374
const struct route_option_list *opt,
375
const char *remote_endpoint,
377
in_addr_t remote_host,
380
struct gc_arena gc = gc_new ();
383
clear_route_list (rl);
385
rl->flags = opt->flags;
389
rl->spec.remote_host = remote_host;
390
rl->spec.remote_host_defined = true;
395
rl->spec.default_metric = default_metric;
396
rl->spec.default_metric_defined = true;
399
rl->spec.net_gateway_defined = get_default_gateway (&rl->spec.net_gateway, NULL);
400
if (rl->spec.net_gateway_defined)
402
setenv_route_addr (es, "net_gateway", rl->spec.net_gateway, -1);
403
dmsg (D_ROUTE, "ROUTE default_gateway=%s", print_in_addr_t (rl->spec.net_gateway, 0, &gc));
407
dmsg (D_ROUTE, "ROUTE: default_gateway=UNDEF");
410
if (rl->flags & RG_ENABLE)
412
get_bypass_addresses (&rl->spec.bypass, rl->flags);
414
print_bypass_addresses (&rl->spec.bypass);
418
if (is_route_parm_defined (remote_endpoint))
420
rl->spec.remote_endpoint = getaddr (
423
| GETADDR_WARN_ON_SIGNAL,
426
&rl->spec.remote_endpoint_defined,
429
if (rl->spec.remote_endpoint_defined)
431
setenv_route_addr (es, "vpn_gateway", rl->spec.remote_endpoint, -1);
435
msg (M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve default gateway: %s",
441
rl->spec.remote_endpoint_defined = false;
443
/* parse the routes from opt to rl */
447
for (i = 0; i < opt->n; ++i)
449
struct resolve_list netlist;
462
netlist.data[0] = r.network;
465
for (k = 0; k < netlist.len; ++k)
467
if (j < rl->capacity)
469
r.network = netlist.data[k];
476
msg (M_WARN, PACKAGE_NAME " ROUTE: routes dropped because number of expanded routes is greater than route list capacity (%d)", rl->capacity);
491
add_route3 (in_addr_t network,
494
const struct tuntap *tt,
496
const struct env_set *es)
504
add_route (&r, tt, flags, es);
508
del_route3 (in_addr_t network,
511
const struct tuntap *tt,
513
const struct env_set *es)
521
delete_route (&r, tt, flags, es);
525
add_bypass_routes (struct route_bypass *rb,
527
const struct tuntap *tt,
529
const struct env_set *es)
532
for (i = 0; i < rb->n_bypass; ++i)
534
if (rb->bypass[i] != gateway)
535
add_route3 (rb->bypass[i],
545
del_bypass_routes (struct route_bypass *rb,
547
const struct tuntap *tt,
549
const struct env_set *es)
552
for (i = 0; i < rb->n_bypass; ++i)
554
if (rb->bypass[i] != gateway)
555
del_route3 (rb->bypass[i],
565
redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
567
const char err[] = "NOTE: unable to redirect default gateway --";
569
if (rl->flags & RG_ENABLE)
571
if (!rl->spec.remote_endpoint_defined)
573
msg (M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err);
575
else if (!rl->spec.net_gateway_defined)
577
msg (M_WARN, "%s Cannot read current default gateway from system", err);
579
else if (!rl->spec.remote_host_defined)
581
msg (M_WARN, "%s Cannot obtain current remote host address", err);
585
bool local = BOOL_CAST(rl->flags & RG_LOCAL);
586
if (rl->flags & RG_AUTO_LOCAL) {
587
const int tla = test_local_addr (rl->spec.remote_host);
588
if (tla == TLA_NONLOCAL)
590
dmsg (D_ROUTE, "ROUTE remote_host is NOT LOCAL");
593
else if (tla == TLA_LOCAL)
595
dmsg (D_ROUTE, "ROUTE remote_host is LOCAL");
601
/* route remote host to original default gateway */
603
/* if remote_host is not ipv4 (ie: ipv6), just skip
604
* adding this special /32 route */
605
if (rl->spec.remote_host != IPV4_INVALID_ADDR) {
607
add_route3 (rl->spec.remote_host,
609
rl->spec.net_gateway,
613
rl->did_local = true;
616
dmsg (D_ROUTE, "ROUTE remote_host protocol differs from tunneled");
621
/* route DHCP/DNS server traffic through original default gateway */
622
add_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es);
624
if (rl->flags & RG_REROUTE_GW)
626
if (rl->flags & RG_DEF1)
628
/* add new default route (1st component) */
629
add_route3 (0x00000000,
631
rl->spec.remote_endpoint,
636
/* add new default route (2nd component) */
637
add_route3 (0x80000000,
639
rl->spec.remote_endpoint,
646
/* delete default route */
649
rl->spec.net_gateway,
654
/* add new default route */
657
rl->spec.remote_endpoint,
664
/* set a flag so we can undo later */
665
rl->did_redirect_default_gateway = true;
671
undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
673
if (rl->did_redirect_default_gateway)
675
/* delete remote host route */
678
del_route3 (rl->spec.remote_host,
680
rl->spec.net_gateway,
684
rl->did_local = false;
687
/* delete special DHCP/DNS bypass route */
688
del_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es);
690
if (rl->flags & RG_REROUTE_GW)
692
if (rl->flags & RG_DEF1)
694
/* delete default route (1st component) */
695
del_route3 (0x00000000,
697
rl->spec.remote_endpoint,
702
/* delete default route (2nd component) */
703
del_route3 (0x80000000,
705
rl->spec.remote_endpoint,
712
/* delete default route */
715
rl->spec.remote_endpoint,
720
/* restore original default route */
723
rl->spec.net_gateway,
730
rl->did_redirect_default_gateway = false;
735
add_routes (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
737
redirect_default_route_to_vpn (rl, tt, flags, es);
738
if (!rl->routes_added)
742
#ifdef ENABLE_MANAGEMENT
743
if (management && rl->n)
745
management_set_state (management,
746
OPENVPN_STATE_ADD_ROUTES,
753
for (i = 0; i < rl->n; ++i)
755
struct route *r = &rl->routes[i];
756
check_subnet_conflict (r->network, r->netmask, "route");
757
if (flags & ROUTE_DELETE_FIRST)
758
delete_route (r, tt, flags, es);
759
add_route (r, tt, flags, es);
761
rl->routes_added = true;
766
delete_routes (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
768
if (rl->routes_added)
771
for (i = rl->n - 1; i >= 0; --i)
773
const struct route *r = &rl->routes[i];
774
delete_route (r, tt, flags, es);
776
rl->routes_added = false;
778
undo_redirect_default_route_to_vpn (rl, tt, flags, es);
780
clear_route_list (rl);
786
show_opt (const char *option)
795
print_route_option (const struct route_option *ro, int level)
797
msg (level, " route %s/%s/%s/%s",
798
show_opt (ro->network),
799
show_opt (ro->netmask),
800
show_opt (ro->gateway),
801
show_opt (ro->metric));
805
print_route_options (const struct route_option_list *rol,
809
if (rol->flags & RG_ENABLE)
810
msg (level, " [redirect_default_gateway local=%d]",
811
(rol->flags & RG_LOCAL) != 0);
812
for (i = 0; i < rol->n; ++i)
813
print_route_option (&rol->routes[i], level);
819
print_route (const struct route *r, int level)
821
struct gc_arena gc = gc_new ();
823
msg (level, "%s", route_string (r, &gc));
828
print_routes (const struct route_list *rl, int level)
831
for (i = 0; i < rl->n; ++i)
832
print_route (&rl->routes[i], level);
836
setenv_route (struct env_set *es, const struct route *r, int i)
838
struct gc_arena gc = gc_new ();
841
setenv_route_addr (es, "network", r->network, i);
842
setenv_route_addr (es, "netmask", r->netmask, i);
843
setenv_route_addr (es, "gateway", r->gateway, i);
845
if (r->metric_defined)
847
struct buffer name = alloc_buf_gc (256, &gc);
848
buf_printf (&name, "route_metric_%d", i);
849
setenv_int (es, BSTR (&name), r->metric);
856
setenv_routes (struct env_set *es, const struct route_list *rl)
859
for (i = 0; i < rl->n; ++i)
860
setenv_route (es, &rl->routes[i], i + 1);
864
add_route (struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
879
network = print_in_addr_t (r->network, 0, &gc);
880
netmask = print_in_addr_t (r->netmask, 0, &gc);
881
gateway = print_in_addr_t (r->gateway, 0, &gc);
884
* Filter out routes which are essentially no-ops
886
if (r->network == r->gateway && r->netmask == 0xFFFFFFFF)
888
msg (M_INFO, PACKAGE_NAME " ROUTE: omitted no-op route: %s/%s -> %s",
889
network, netmask, gateway);
893
#if defined(TARGET_LINUX)
894
#ifdef CONFIG_FEATURE_IPROUTE
895
argv_printf (&argv, "%s route add %s/%d via %s",
898
count_netmask_bits(netmask),
900
if (r->metric_defined)
901
argv_printf_cat (&argv, "metric %d", r->metric);
904
argv_printf (&argv, "%s add -net %s netmask %s gw %s",
909
if (r->metric_defined)
910
argv_printf_cat (&argv, "metric %d", r->metric);
911
#endif /*CONFIG_FEATURE_IPROUTE*/
912
argv_msg (D_ROUTE, &argv);
913
status = openvpn_execve_check (&argv, es, 0, "ERROR: Linux route add command failed");
915
#elif defined (WIN32)
917
argv_printf (&argv, "%s%sc ADD %s MASK %s %s",
919
WIN_ROUTE_PATH_SUFFIX,
923
if (r->metric_defined)
924
argv_printf_cat (&argv, "METRIC %d", r->metric);
926
argv_msg (D_ROUTE, &argv);
928
if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
930
status = add_route_ipapi (r, tt);
931
msg (D_ROUTE, "Route addition via IPAPI %s", status ? "succeeded" : "failed");
933
else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
935
netcmd_semaphore_lock ();
936
status = openvpn_execve_check (&argv, es, 0, "ERROR: Windows route add command failed");
937
netcmd_semaphore_release ();
939
else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
941
status = add_route_ipapi (r, tt);
942
msg (D_ROUTE, "Route addition via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
945
msg (D_ROUTE, "Route addition fallback to route.exe");
946
netcmd_semaphore_lock ();
947
status = openvpn_execve_check (&argv, es, 0, "ERROR: Windows route add command failed [adaptive]");
948
netcmd_semaphore_release ();
956
#elif defined (TARGET_SOLARIS)
958
/* example: route add 192.0.2.32 -netmask 255.255.255.224 somegateway */
960
argv_printf (&argv, "%s add",
964
if (r->metric_defined)
965
argv_printf_cat (&argv, "-rtt %d", r->metric);
968
argv_printf_cat (&argv, "%s -netmask %s %s",
973
argv_msg (D_ROUTE, &argv);
974
status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add command failed");
976
#elif defined(TARGET_FREEBSD)
978
argv_printf (&argv, "%s add",
982
if (r->metric_defined)
983
argv_printf_cat (&argv, "-rtt %d", r->metric);
986
argv_printf_cat (&argv, "-net %s %s %s",
991
argv_msg (D_ROUTE, &argv);
992
status = openvpn_execve_check (&argv, es, 0, "ERROR: FreeBSD route add command failed");
994
#elif defined(TARGET_DRAGONFLY)
996
argv_printf (&argv, "%s add",
1000
if (r->metric_defined)
1001
argv_printf_cat (&argv, "-rtt %d", r->metric);
1004
argv_printf_cat (&argv, "-net %s %s %s",
1009
argv_msg (D_ROUTE, &argv);
1010
status = openvpn_execve_check (&argv, es, 0, "ERROR: DragonFly route add command failed");
1012
#elif defined(TARGET_DARWIN)
1014
argv_printf (&argv, "%s add",
1018
if (r->metric_defined)
1019
argv_printf_cat (&argv, "-rtt %d", r->metric);
1022
argv_printf_cat (&argv, "-net %s %s %s",
1027
argv_msg (D_ROUTE, &argv);
1028
status = openvpn_execve_check (&argv, es, 0, "ERROR: OS X route add command failed");
1030
#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1032
argv_printf (&argv, "%s add",
1036
if (r->metric_defined)
1037
argv_printf_cat (&argv, "-rtt %d", r->metric);
1040
argv_printf_cat (&argv, "-net %s %s -netmask %s",
1045
argv_msg (D_ROUTE, &argv);
1046
status = openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed");
1049
msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1053
r->defined = status;
1059
delete_route (const struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1063
const char *network;
1064
const char *netmask;
1065
const char *gateway;
1073
network = print_in_addr_t (r->network, 0, &gc);
1074
netmask = print_in_addr_t (r->netmask, 0, &gc);
1075
gateway = print_in_addr_t (r->gateway, 0, &gc);
1077
#if defined(TARGET_LINUX)
1078
#ifdef CONFIG_FEATURE_IPROUTE
1079
argv_printf (&argv, "%s route del %s/%d",
1082
count_netmask_bits(netmask));
1085
argv_printf (&argv, "%s del -net %s netmask %s",
1089
#endif /*CONFIG_FEATURE_IPROUTE*/
1090
if (r->metric_defined)
1091
argv_printf_cat (&argv, "metric %d", r->metric);
1092
argv_msg (D_ROUTE, &argv);
1093
openvpn_execve_check (&argv, es, 0, "ERROR: Linux route delete command failed");
1095
#elif defined (WIN32)
1097
argv_printf (&argv, "%s%sc DELETE %s MASK %s %s",
1099
WIN_ROUTE_PATH_SUFFIX,
1104
argv_msg (D_ROUTE, &argv);
1106
if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
1108
const bool status = del_route_ipapi (r, tt);
1109
msg (D_ROUTE, "Route deletion via IPAPI %s", status ? "succeeded" : "failed");
1111
else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
1113
netcmd_semaphore_lock ();
1114
openvpn_execve_check (&argv, es, 0, "ERROR: Windows route delete command failed");
1115
netcmd_semaphore_release ();
1117
else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
1119
const bool status = del_route_ipapi (r, tt);
1120
msg (D_ROUTE, "Route deletion via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
1123
msg (D_ROUTE, "Route deletion fallback to route.exe");
1124
netcmd_semaphore_lock ();
1125
openvpn_execve_check (&argv, es, 0, "ERROR: Windows route delete command failed [adaptive]");
1126
netcmd_semaphore_release ();
1134
#elif defined (TARGET_SOLARIS)
1136
argv_printf (&argv, "%s delete %s -netmask %s %s",
1142
argv_msg (D_ROUTE, &argv);
1143
openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route delete command failed");
1145
#elif defined(TARGET_FREEBSD)
1147
argv_printf (&argv, "%s delete -net %s %s %s",
1153
argv_msg (D_ROUTE, &argv);
1154
openvpn_execve_check (&argv, es, 0, "ERROR: FreeBSD route delete command failed");
1156
#elif defined(TARGET_DRAGONFLY)
1158
argv_printf (&argv, "%s delete -net %s %s %s",
1164
argv_msg (D_ROUTE, &argv);
1165
openvpn_execve_check (&argv, es, 0, "ERROR: DragonFly route delete command failed");
1167
#elif defined(TARGET_DARWIN)
1169
argv_printf (&argv, "%s delete -net %s %s %s",
1175
argv_msg (D_ROUTE, &argv);
1176
openvpn_execve_check (&argv, es, 0, "ERROR: OS X route delete command failed");
1178
#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1180
argv_printf (&argv, "%s delete -net %s %s -netmask %s",
1186
argv_msg (D_ROUTE, &argv);
1187
openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD/NetBSD route delete command failed");
1190
msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1198
* The --redirect-gateway option requires OS-specific code below
1199
* to get the current default gateway.
1204
static const MIB_IPFORWARDTABLE *
1205
get_windows_routing_table (struct gc_arena *gc)
1208
PMIB_IPFORWARDTABLE rt = NULL;
1211
status = GetIpForwardTable (NULL, &size, TRUE);
1212
if (status == ERROR_INSUFFICIENT_BUFFER)
1214
rt = (PMIB_IPFORWARDTABLE) gc_malloc (size, false, gc);
1215
status = GetIpForwardTable (rt, &size, TRUE);
1216
if (status != NO_ERROR)
1218
msg (D_ROUTE, "NOTE: GetIpForwardTable returned error: %s (code=%u)",
1219
strerror_win32 (status, gc),
1220
(unsigned int)status);
1228
test_route (const IP_ADAPTER_INFO *adapters,
1229
const in_addr_t gateway,
1233
DWORD i = adapter_index_of_ip (adapters, gateway, &count, NULL);
1240
test_route_helper (bool *ret,
1244
const IP_ADAPTER_INFO *adapters,
1245
const in_addr_t gateway)
1250
c = test_route (adapters, gateway, NULL);
1260
* If we tried to add routes now, would we succeed?
1263
test_routes (const struct route_list *rl, const struct tuntap *tt)
1265
struct gc_arena gc = gc_new ();
1266
const IP_ADAPTER_INFO *adapters = get_adapter_info_list (&gc);
1271
bool adapter_up = false;
1273
if (is_adapter_up (tt, adapters))
1281
for (i = 0; i < rl->n; ++i)
1282
test_route_helper (&ret, &count, &good, &ambig, adapters, rl->routes[i].gateway);
1284
if ((rl->flags & RG_ENABLE) && rl->spec.remote_endpoint_defined)
1285
test_route_helper (&ret, &count, &good, &ambig, adapters, rl->spec.remote_endpoint);
1289
msg (D_ROUTE, "TEST ROUTES: %d/%d succeeded len=%d ret=%d a=%d u/d=%s",
1295
adapter_up ? "up" : "down");
1301
static const MIB_IPFORWARDROW *
1302
get_default_gateway_row (const MIB_IPFORWARDTABLE *routes)
1304
struct gc_arena gc = gc_new ();
1305
DWORD lowest_metric = ~0;
1306
const MIB_IPFORWARDROW *ret = NULL;
1312
for (i = 0; i < routes->dwNumEntries; ++i)
1314
const MIB_IPFORWARDROW *row = &routes->table[i];
1315
const in_addr_t net = ntohl (row->dwForwardDest);
1316
const in_addr_t mask = ntohl (row->dwForwardMask);
1317
const DWORD index = row->dwForwardIfIndex;
1318
const DWORD metric = row->dwForwardMetric1;
1320
dmsg (D_ROUTE_DEBUG, "GDGR: route[%d] %s/%s i=%d m=%d",
1322
print_in_addr_t ((in_addr_t) net, 0, &gc),
1323
print_in_addr_t ((in_addr_t) mask, 0, &gc),
1327
if (!net && !mask && metric < lowest_metric)
1330
lowest_metric = metric;
1336
dmsg (D_ROUTE_DEBUG, "GDGR: best=%d lm=%u", best, (unsigned int)lowest_metric);
1343
get_default_gateway (in_addr_t *gw, in_addr_t *netmask)
1345
struct gc_arena gc = gc_new ();
1346
bool ret_bool = false;
1348
const IP_ADAPTER_INFO *adapters = get_adapter_info_list (&gc);
1349
const MIB_IPFORWARDTABLE *routes = get_windows_routing_table (&gc);
1350
const MIB_IPFORWARDROW *row = get_default_gateway_row (routes);
1354
*gw = ntohl (row->dwForwardNextHop);
1357
if (adapter_index_of_ip (adapters, *gw, NULL, netmask) == ~0)
1368
windows_route_find_if_index (const struct route *r, const struct tuntap *tt)
1370
struct gc_arena gc = gc_new ();
1373
const IP_ADAPTER_INFO *adapters = get_adapter_info_list (&gc);
1374
const IP_ADAPTER_INFO *tun_adapter = get_tun_adapter (tt, adapters);
1375
bool on_tun = false;
1377
/* first test on tun interface */
1378
if (is_ip_in_adapter_subnet (tun_adapter, r->gateway, NULL))
1380
ret = tun_adapter->Index;
1384
else /* test on other interfaces */
1386
count = test_route (adapters, r->gateway, &ret);
1391
msg (M_WARN, "Warning: route gateway is not reachable on any active network adapters: %s",
1392
print_in_addr_t (r->gateway, 0, &gc));
1397
msg (M_WARN, "Warning: route gateway is ambiguous: %s (%d matches)",
1398
print_in_addr_t (r->gateway, 0, &gc),
1403
dmsg (D_ROUTE_DEBUG, "DEBUG: route find if: on_tun=%d count=%d index=%d",
1413
add_route_ipapi (const struct route *r, const struct tuntap *tt)
1415
struct gc_arena gc = gc_new ();
1418
const DWORD if_index = windows_route_find_if_index (r, tt);
1422
MIB_IPFORWARDROW fr;
1424
fr.dwForwardDest = htonl (r->network);
1425
fr.dwForwardMask = htonl (r->netmask);
1426
fr.dwForwardPolicy = 0;
1427
fr.dwForwardNextHop = htonl (r->gateway);
1428
fr.dwForwardIfIndex = if_index;
1429
fr.dwForwardType = 4; /* the next hop is not the final dest */
1430
fr.dwForwardProto = 3; /* PROTO_IP_NETMGMT */
1431
fr.dwForwardAge = 0;
1432
fr.dwForwardNextHopAS = 0;
1433
fr.dwForwardMetric1 = r->metric_defined ? r->metric : 1;
1434
fr.dwForwardMetric2 = ~0;
1435
fr.dwForwardMetric3 = ~0;
1436
fr.dwForwardMetric4 = ~0;
1437
fr.dwForwardMetric5 = ~0;
1439
if ((r->network & r->netmask) != r->network)
1440
msg (M_WARN, "Warning: address %s is not a network address in relation to netmask %s",
1441
print_in_addr_t (r->network, 0, &gc),
1442
print_in_addr_t (r->netmask, 0, &gc));
1444
status = CreateIpForwardEntry (&fr);
1446
if (status == NO_ERROR)
1450
/* failed, try increasing the metric to work around Vista issue */
1451
const unsigned int forward_metric_limit = 2048; /* iteratively retry higher metrics up to this limit */
1453
for ( ; fr.dwForwardMetric1 <= forward_metric_limit; ++fr.dwForwardMetric1)
1455
/* try a different forward type=3 ("the next hop is the final dest") in addition to 4.
1456
--redirect-gateway over RRAS seems to need this. */
1457
for (fr.dwForwardType = 4; fr.dwForwardType >= 3; --fr.dwForwardType)
1459
status = CreateIpForwardEntry (&fr);
1460
if (status == NO_ERROR)
1462
msg (D_ROUTE, "ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=%u and dwForwardType=%u",
1463
(unsigned int)fr.dwForwardMetric1,
1464
(unsigned int)fr.dwForwardType);
1468
else if (status != ERROR_BAD_ARGUMENTS)
1474
if (status != NO_ERROR)
1475
msg (M_WARN, "ROUTE: route addition failed using CreateIpForwardEntry: %s [status=%u if_index=%u]",
1476
strerror_win32 (status, &gc),
1477
(unsigned int)status,
1478
(unsigned int)if_index);
1487
del_route_ipapi (const struct route *r, const struct tuntap *tt)
1489
struct gc_arena gc = gc_new ();
1492
const DWORD if_index = windows_route_find_if_index (r, tt);
1496
MIB_IPFORWARDROW fr;
1499
fr.dwForwardDest = htonl (r->network);
1500
fr.dwForwardMask = htonl (r->netmask);
1501
fr.dwForwardPolicy = 0;
1502
fr.dwForwardNextHop = htonl (r->gateway);
1503
fr.dwForwardIfIndex = if_index;
1505
status = DeleteIpForwardEntry (&fr);
1507
if (status == NO_ERROR)
1510
msg (M_WARN, "ROUTE: route deletion failed using DeleteIpForwardEntry: %s",
1511
strerror_win32 (status, &gc));
1519
format_route_entry (const MIB_IPFORWARDROW *r, struct gc_arena *gc)
1521
struct buffer out = alloc_buf_gc (256, gc);
1522
buf_printf (&out, "%s %s %s p=%d i=%d t=%d pr=%d a=%d h=%d m=%d/%d/%d/%d/%d",
1523
print_in_addr_t (r->dwForwardDest, IA_NET_ORDER, gc),
1524
print_in_addr_t (r->dwForwardMask, IA_NET_ORDER, gc),
1525
print_in_addr_t (r->dwForwardNextHop, IA_NET_ORDER, gc),
1526
(int)r->dwForwardPolicy,
1527
(int)r->dwForwardIfIndex,
1528
(int)r->dwForwardType,
1529
(int)r->dwForwardProto,
1530
(int)r->dwForwardAge,
1531
(int)r->dwForwardNextHopAS,
1532
(int)r->dwForwardMetric1,
1533
(int)r->dwForwardMetric2,
1534
(int)r->dwForwardMetric3,
1535
(int)r->dwForwardMetric4,
1536
(int)r->dwForwardMetric5);
1541
* Show current routing table
1544
show_routes (int msglev)
1546
struct gc_arena gc = gc_new ();
1549
const MIB_IPFORWARDTABLE *rt = get_windows_routing_table (&gc);
1551
msg (msglev, "SYSTEM ROUTING TABLE");
1554
for (i = 0; i < rt->dwNumEntries; ++i)
1556
msg (msglev, "%s", format_route_entry (&rt->table[i], &gc));
1562
#elif defined(TARGET_LINUX)
1565
get_default_gateway (in_addr_t *gateway, in_addr_t *netmask)
1567
struct gc_arena gc = gc_new ();
1569
FILE *fp = fopen ("/proc/net/route", "r");
1575
unsigned int lowest_metric = ~0;
1576
in_addr_t best_gw = 0;
1577
while (fgets (line, sizeof (line), fp) != NULL)
1581
unsigned int net_x = 0;
1582
unsigned int mask_x = 0;
1583
unsigned int gw_x = 0;
1584
unsigned int metric = 0;
1585
const int np = sscanf (line, "%*s\t%x\t%x\t%*s\t%*s\t%*s\t%d\t%x",
1592
const in_addr_t net = ntohl (net_x);
1593
const in_addr_t mask = ntohl (mask_x);
1594
const in_addr_t gw = ntohl (gw_x);
1596
dmsg (D_ROUTE_DEBUG, "GDG: route[%d] %s/%s/%s m=%u",
1598
print_in_addr_t ((in_addr_t) net, 0, &gc),
1599
print_in_addr_t ((in_addr_t) mask, 0, &gc),
1600
print_in_addr_t ((in_addr_t) gw, 0, &gc),
1603
if (!net && !mask && metric < lowest_metric)
1606
lowest_metric = metric;
1620
*netmask = 0xFFFFFF00; /* FIXME -- get the real netmask of the adapter containing the default gateway */
1625
dmsg (D_ROUTE_DEBUG, "GDG: best=%s[%d] lm=%u",
1626
print_in_addr_t ((in_addr_t) best_gw, 0, &gc),
1628
(unsigned int)lowest_metric);
1635
#elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
1637
#include <sys/types.h>
1638
#include <sys/socket.h>
1639
#include <netinet/in.h>
1641
/* all of this is taken from <net/route.h> in FreeBSD */
1643
#define RTA_GATEWAY 0x2
1644
#define RTA_NETMASK 0x4
1647
#define RTM_VERSION 5
1650
#define RTF_GATEWAY 0x2
1653
* These numbers are used by reliable protocols for determining
1654
* retransmission behavior and are included in the routing structure.
1657
u_long rmx_locks; /* Kernel must leave these values alone */
1658
u_long rmx_mtu; /* MTU for this path */
1659
u_long rmx_hopcount; /* max hops expected */
1660
u_long rmx_expire; /* lifetime for route, e.g. redirect */
1661
u_long rmx_recvpipe; /* inbound delay-bandwidth product */
1662
u_long rmx_sendpipe; /* outbound delay-bandwidth product */
1663
u_long rmx_ssthresh; /* outbound gateway buffer limit */
1664
u_long rmx_rtt; /* estimated round trip time */
1665
u_long rmx_rttvar; /* estimated rtt variance */
1666
u_long rmx_pksent; /* packets sent using this route */
1667
u_long rmx_filler[4]; /* will be used for T/TCP later */
1671
* Structures for routing messages.
1674
u_short rtm_msglen; /* to skip over non-understood messages */
1675
u_char rtm_version; /* future binary compatibility */
1676
u_char rtm_type; /* message type */
1677
u_short rtm_index; /* index for associated ifp */
1678
int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
1679
int rtm_addrs; /* bitmask identifying sockaddrs in msg */
1680
pid_t rtm_pid; /* identify sender */
1681
int rtm_seq; /* for sender to identify action */
1682
int rtm_errno; /* why failed */
1683
int rtm_use; /* from rtentry */
1684
u_long rtm_inits; /* which metrics we are initializing */
1685
struct rt_metrics rtm_rmx; /* metrics themselves */
1689
struct rt_msghdr m_rtm;
1693
#define ROUNDUP(a) \
1694
((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
1697
get_default_gateway (in_addr_t *ret, in_addr_t *netmask)
1699
struct gc_arena gc = gc_new ();
1700
int s, seq, l, pid, rtm_addrs, i;
1701
struct sockaddr so_dst, so_mask;
1702
char *cp = m_rtmsg.m_space;
1703
struct sockaddr *gate = NULL, *sa;
1704
struct rt_msghdr *rtm_aux;
1706
#define NEXTADDR(w, u) \
1707
if (rtm_addrs & (w)) {\
1708
l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
1711
#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
1713
#define rtm m_rtmsg.m_rtm
1717
rtm_addrs = RTA_DST | RTA_NETMASK;
1719
bzero(&so_dst, sizeof(so_dst));
1720
bzero(&so_mask, sizeof(so_mask));
1721
bzero(&rtm, sizeof(struct rt_msghdr));
1723
rtm.rtm_type = RTM_GET;
1724
rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
1725
rtm.rtm_version = RTM_VERSION;
1726
rtm.rtm_seq = ++seq;
1727
rtm.rtm_addrs = rtm_addrs;
1729
so_dst.sa_family = AF_INET;
1730
so_dst.sa_len = sizeof(struct sockaddr_in);
1731
so_mask.sa_family = AF_INET;
1732
so_mask.sa_len = sizeof(struct sockaddr_in);
1734
NEXTADDR(RTA_DST, so_dst);
1735
NEXTADDR(RTA_NETMASK, so_mask);
1737
rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
1739
s = socket(PF_ROUTE, SOCK_RAW, 0);
1741
if (write(s, (char *)&m_rtmsg, l) < 0)
1743
warn("writing to routing socket");
1750
l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
1751
} while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
1757
cp = ((char *)(rtm_aux + 1));
1758
if (rtm_aux->rtm_addrs) {
1759
for (i = 1; i; i <<= 1)
1760
if (i & rtm_aux->rtm_addrs) {
1761
sa = (struct sockaddr *)cp;
1762
if (i == RTA_GATEWAY )
1776
*ret = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
1778
msg (M_INFO, "gw %s",
1779
print_in_addr_t ((in_addr_t) *ret, 0, &gc));
1784
*netmask = 0xFFFFFF00; // FIXME -- get the real netmask of the adapter containing the default gateway
1797
#elif defined(TARGET_DARWIN)
1799
#include <sys/types.h>
1800
#include <sys/socket.h>
1801
#include <netinet/in.h>
1803
/* all of this is taken from <net/route.h> in Darwin */
1805
#define RTA_GATEWAY 0x2
1806
#define RTA_NETMASK 0x4
1809
#define RTM_VERSION 5
1812
#define RTF_GATEWAY 0x2
1815
* These numbers are used by reliable protocols for determining
1816
* retransmission behavior and are included in the routing structure.
1819
u_long rmx_locks; /* Kernel must leave these values alone */
1820
u_long rmx_mtu; /* MTU for this path */
1821
u_long rmx_hopcount; /* max hops expected */
1822
u_long rmx_expire; /* lifetime for route, e.g. redirect */
1823
u_long rmx_recvpipe; /* inbound delay-bandwidth product */
1824
u_long rmx_sendpipe; /* outbound delay-bandwidth product */
1825
u_long rmx_ssthresh; /* outbound gateway buffer limit */
1826
u_long rmx_rtt; /* estimated round trip time */
1827
u_long rmx_rttvar; /* estimated rtt variance */
1828
u_long rmx_pksent; /* packets sent using this route */
1829
u_long rmx_filler[4]; /* will be used for T/TCP later */
1833
* Structures for routing messages.
1836
u_short rtm_msglen; /* to skip over non-understood messages */
1837
u_char rtm_version; /* future binary compatibility */
1838
u_char rtm_type; /* message type */
1839
u_short rtm_index; /* index for associated ifp */
1840
int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
1841
int rtm_addrs; /* bitmask identifying sockaddrs in msg */
1842
pid_t rtm_pid; /* identify sender */
1843
int rtm_seq; /* for sender to identify action */
1844
int rtm_errno; /* why failed */
1845
int rtm_use; /* from rtentry */
1846
u_long rtm_inits; /* which metrics we are initializing */
1847
struct rt_metrics rtm_rmx; /* metrics themselves */
1851
struct rt_msghdr m_rtm;
1855
#define ROUNDUP(a) \
1856
((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
1859
get_default_gateway (in_addr_t *ret, in_addr_t *netmask)
1861
struct gc_arena gc = gc_new ();
1862
int s, seq, l, pid, rtm_addrs, i;
1863
struct sockaddr so_dst, so_mask;
1864
char *cp = m_rtmsg.m_space;
1865
struct sockaddr *gate = NULL, *sa;
1866
struct rt_msghdr *rtm_aux;
1868
#define NEXTADDR(w, u) \
1869
if (rtm_addrs & (w)) {\
1870
l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
1873
#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
1875
#define rtm m_rtmsg.m_rtm
1879
rtm_addrs = RTA_DST | RTA_NETMASK;
1881
bzero(&so_dst, sizeof(so_dst));
1882
bzero(&so_mask, sizeof(so_mask));
1883
bzero(&rtm, sizeof(struct rt_msghdr));
1885
rtm.rtm_type = RTM_GET;
1886
rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
1887
rtm.rtm_version = RTM_VERSION;
1888
rtm.rtm_seq = ++seq;
1889
rtm.rtm_addrs = rtm_addrs;
1891
so_dst.sa_family = AF_INET;
1892
so_dst.sa_len = sizeof(struct sockaddr_in);
1893
so_mask.sa_family = AF_INET;
1894
so_mask.sa_len = sizeof(struct sockaddr_in);
1896
NEXTADDR(RTA_DST, so_dst);
1897
NEXTADDR(RTA_NETMASK, so_mask);
1899
rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
1901
s = socket(PF_ROUTE, SOCK_RAW, 0);
1903
if (write(s, (char *)&m_rtmsg, l) < 0)
1905
msg (M_WARN, "ROUTE: problem writing to routing socket");
1912
l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
1913
} while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
1919
cp = ((char *)(rtm_aux + 1));
1920
if (rtm_aux->rtm_addrs) {
1921
for (i = 1; i; i <<= 1)
1922
if (i & rtm_aux->rtm_addrs) {
1923
sa = (struct sockaddr *)cp;
1924
if (i == RTA_GATEWAY )
1938
*ret = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
1940
msg (M_INFO, "gw %s",
1941
print_in_addr_t ((in_addr_t) *ret, 0, &gc));
1946
*netmask = 0xFFFFFF00; // FIXME -- get the real netmask of the adapter containing the default gateway
1959
#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1961
#include <sys/types.h>
1962
#include <sys/socket.h>
1963
#include <netinet/in.h>
1965
/* all of this is taken from <net/route.h> in OpenBSD 3.6 */
1966
#define RTA_DST 0x1 /* destination sockaddr present */
1967
#define RTA_GATEWAY 0x2 /* gateway sockaddr present */
1968
#define RTA_NETMASK 0x4 /* netmask sockaddr present */
1970
#define RTM_GET 0x4 /* Report Metrics */
1972
#define RTM_VERSION 3 /* Up the ante and ignore older versions */
1974
#define RTF_UP 0x1 /* route usable */
1975
#define RTF_GATEWAY 0x2 /* destination is a gateway */
1978
* Huge version for userland compatibility.
1981
u_long rmx_locks; /* Kernel must leave these values alone */
1982
u_long rmx_mtu; /* MTU for this path */
1983
u_long rmx_hopcount; /* max hops expected */
1984
u_long rmx_expire; /* lifetime for route, e.g. redirect */
1985
u_long rmx_recvpipe; /* inbound delay-bandwidth product */
1986
u_long rmx_sendpipe; /* outbound delay-bandwidth product */
1987
u_long rmx_ssthresh; /* outbound gateway buffer limit */
1988
u_long rmx_rtt; /* estimated round trip time */
1989
u_long rmx_rttvar; /* estimated rtt variance */
1990
u_long rmx_pksent; /* packets sent using this route */
1994
* Structures for routing messages.
1997
u_short rtm_msglen; /* to skip over non-understood messages */
1998
u_char rtm_version; /* future binary compatibility */
1999
u_char rtm_type; /* message type */
2000
u_short rtm_index; /* index for associated ifp */
2001
int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
2002
int rtm_addrs; /* bitmask identifying sockaddrs in msg */
2003
pid_t rtm_pid; /* identify sender */
2004
int rtm_seq; /* for sender to identify action */
2005
int rtm_errno; /* why failed */
2006
int rtm_use; /* from rtentry */
2007
u_long rtm_inits; /* which metrics we are initializing */
2008
struct rt_metrics rtm_rmx; /* metrics themselves */
2012
struct rt_msghdr m_rtm;
2016
#define ROUNDUP(a) \
2017
((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
2020
get_default_gateway (in_addr_t *ret, in_addr_t *netmask)
2022
struct gc_arena gc = gc_new ();
2023
int s, seq, l, rtm_addrs, i;
2025
struct sockaddr so_dst, so_mask;
2026
char *cp = m_rtmsg.m_space;
2027
struct sockaddr *gate = NULL, *sa;
2028
struct rt_msghdr *rtm_aux;
2030
#define NEXTADDR(w, u) \
2031
if (rtm_addrs & (w)) {\
2032
l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
2035
#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
2037
#define rtm m_rtmsg.m_rtm
2041
rtm_addrs = RTA_DST | RTA_NETMASK;
2043
bzero(&so_dst, sizeof(so_dst));
2044
bzero(&so_mask, sizeof(so_mask));
2045
bzero(&rtm, sizeof(struct rt_msghdr));
2047
rtm.rtm_type = RTM_GET;
2048
rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
2049
rtm.rtm_version = RTM_VERSION;
2050
rtm.rtm_seq = ++seq;
2051
rtm.rtm_addrs = rtm_addrs;
2053
so_dst.sa_family = AF_INET;
2054
so_dst.sa_len = sizeof(struct sockaddr_in);
2055
so_mask.sa_family = AF_INET;
2056
so_mask.sa_len = sizeof(struct sockaddr_in);
2058
NEXTADDR(RTA_DST, so_dst);
2059
NEXTADDR(RTA_NETMASK, so_mask);
2061
rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
2063
s = socket(PF_ROUTE, SOCK_RAW, 0);
2065
if (write(s, (char *)&m_rtmsg, l) < 0)
2067
warn("writing to routing socket");
2074
l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
2075
} while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
2081
cp = ((char *)(rtm_aux + 1));
2082
if (rtm_aux->rtm_addrs) {
2083
for (i = 1; i; i <<= 1)
2084
if (i & rtm_aux->rtm_addrs) {
2085
sa = (struct sockaddr *)cp;
2086
if (i == RTA_GATEWAY )
2100
*ret = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
2102
msg (M_INFO, "gw %s",
2103
print_in_addr_t ((in_addr_t) *ret, 0, &gc));
2108
*netmask = 0xFFFFFF00; // FIXME -- get the real netmask of the adapter containing the default gateway
2124
get_default_gateway (in_addr_t *ret, in_addr_t *netmask) /* PLATFORM-SPECIFIC */
2132
netmask_to_netbits (const in_addr_t network, const in_addr_t netmask, int *netbits)
2135
const int addrlen = sizeof (in_addr_t) * 8;
2137
if ((network & netmask) == network)
2139
for (i = 0; i <= addrlen; ++i)
2141
in_addr_t mask = netbits_to_netmask (i);
2142
if (mask == netmask)
2156
* get_bypass_addresses() is used by the redirect-gateway bypass-x
2157
* functions to build a route bypass to selected DHCP/DNS servers,
2158
* so that outgoing packets to these servers don't end up in the tunnel.
2164
add_host_route_if_nonlocal (struct route_bypass *rb, const in_addr_t addr)
2166
if (test_local_addr(addr) == TLA_NONLOCAL && addr != 0 && addr != ~0)
2167
add_bypass_address (rb, addr);
2171
add_host_route_array (struct route_bypass *rb, const IP_ADDR_STRING *iplist)
2175
bool succeed = false;
2176
const in_addr_t ip = getaddr (GETADDR_HOST_ORDER, iplist->IpAddress.String, 0, &succeed, NULL);
2179
add_host_route_if_nonlocal (rb, ip);
2181
iplist = iplist->Next;
2186
get_bypass_addresses (struct route_bypass *rb, const unsigned int flags)
2188
struct gc_arena gc = gc_new ();
2189
/*bool ret_bool = false;*/
2191
/* get full routing table */
2192
const MIB_IPFORWARDTABLE *routes = get_windows_routing_table (&gc);
2194
/* get the route which represents the default gateway */
2195
const MIB_IPFORWARDROW *row = get_default_gateway_row (routes);
2199
/* get the adapter which the default gateway is associated with */
2200
const IP_ADAPTER_INFO *dgi = get_adapter_info (row->dwForwardIfIndex, &gc);
2202
/* get extra adapter info, such as DNS addresses */
2203
const IP_PER_ADAPTER_INFO *pai = get_per_adapter_info (row->dwForwardIfIndex, &gc);
2205
/* Bypass DHCP server address */
2206
if ((flags & RG_BYPASS_DHCP) && dgi && dgi->DhcpEnabled)
2207
add_host_route_array (rb, &dgi->DhcpServer);
2209
/* Bypass DNS server addresses */
2210
if ((flags & RG_BYPASS_DNS) && pai)
2211
add_host_route_array (rb, &pai->DnsServerList);
2220
get_bypass_addresses (struct route_bypass *rb, const unsigned int flags) /* PLATFORM-SPECIFIC */
2226
#if AUTO_USERID || defined(ENABLE_PUSH_PEER_INFO)
2228
#if defined(TARGET_LINUX)
2231
get_default_gateway_mac_addr (unsigned char *macaddr)
2233
struct ifreq *ifr, *ifend;
2234
in_addr_t ina, mask;
2237
struct ifreq ifs[20]; // Maximum number of interfaces to scan
2242
if (!get_default_gateway (&gwip, NULL))
2244
msg (M_WARN, "GDGMA: get_default_gateway failed");
2248
if ((sd = socket (AF_INET, SOCK_DGRAM, 0)) < 0)
2250
msg (M_WARN, "GDGMA: socket() failed");
2254
ifc.ifc_len = sizeof (ifs);
2256
if (ioctl (sd, SIOCGIFCONF, &ifc) < 0)
2258
msg (M_WARN, "GDGMA: ioctl(SIOCGIFCONF) failed");
2262
/* scan through interface list */
2263
ifend = ifs + (ifc.ifc_len / sizeof (struct ifreq));
2264
for (ifr = ifc.ifc_req; ifr < ifend; ifr++)
2266
if (ifr->ifr_addr.sa_family == AF_INET)
2268
ina = ntohl(((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr);
2269
strncpynt (ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name));
2271
dmsg (D_AUTO_USERID, "GDGMA: %s", ifreq.ifr_name);
2273
/* check that the interface is up, and not point-to-point or loopback */
2274
if (ioctl (sd, SIOCGIFFLAGS, &ifreq) < 0)
2276
dmsg (D_AUTO_USERID, "GDGMA: SIOCGIFFLAGS(%s) failed", ifreq.ifr_name);
2280
if ((ifreq.ifr_flags & (IFF_UP|IFF_LOOPBACK)) != IFF_UP)
2282
dmsg (D_AUTO_USERID, "GDGMA: interface %s is down or loopback", ifreq.ifr_name);
2286
/* get interface netmask and check for correct subnet */
2287
if (ioctl (sd, SIOCGIFNETMASK, &ifreq) < 0)
2289
dmsg (D_AUTO_USERID, "GDGMA: SIOCGIFNETMASK(%s) failed", ifreq.ifr_name);
2293
mask = ntohl(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr);
2294
if (((gwip ^ ina) & mask) != 0)
2296
dmsg (D_AUTO_USERID, "GDGMA: gwip=0x%08x ina=0x%08x mask=0x%08x",
2299
(unsigned int)mask);
2307
msg (M_WARN, "GDGMA: couldn't find gw interface");
2311
/* now get the hardware address. */
2312
memset (&ifreq.ifr_hwaddr, 0, sizeof (struct sockaddr));
2313
if (ioctl (sd, SIOCGIFHWADDR, &ifreq) < 0)
2315
msg (M_WARN, "GDGMA: SIOCGIFHWADDR(%s) failed", ifreq.ifr_name);
2319
memcpy (macaddr, &ifreq.ifr_hwaddr.sa_data, 6);
2328
#elif defined(WIN32)
2331
get_default_gateway_mac_addr (unsigned char *macaddr)
2333
struct gc_arena gc = gc_new ();
2334
const IP_ADAPTER_INFO *adapters = get_adapter_info_list (&gc);
2337
const IP_ADAPTER_INFO *ai;
2339
if (!get_default_gateway (&gwip, NULL))
2341
msg (M_WARN, "GDGMA: get_default_gateway failed");
2345
a_index = adapter_index_of_ip (adapters, gwip, NULL, NULL);
2346
ai = get_adapter (adapters, a_index);
2350
msg (M_WARN, "GDGMA: couldn't find gw interface");
2354
memcpy (macaddr, ai->Address, 6);
2367
get_default_gateway_mac_addr (unsigned char *macaddr) /* PLATFORM-SPECIFIC */
2373
#endif /* AUTO_USERID */
2376
* Test if addr is reachable via a local interface (return ILA_LOCAL),
2377
* or if it needs to be routed via the default gateway (return
2378
* ILA_NONLOCAL). If the target platform doesn't implement this
2379
* function, return ILA_NOT_IMPLEMENTED.
2381
* Used by redirect-gateway autolocal feature
2387
test_local_addr (const in_addr_t addr)
2389
struct gc_arena gc = gc_new ();
2390
const in_addr_t nonlocal_netmask = 0x80000000L; /* routes with netmask <= to this are considered non-local */
2391
bool ret = TLA_NONLOCAL;
2393
/* get full routing table */
2394
const MIB_IPFORWARDTABLE *rt = get_windows_routing_table (&gc);
2398
for (i = 0; i < rt->dwNumEntries; ++i)
2400
const MIB_IPFORWARDROW *row = &rt->table[i];
2401
const in_addr_t net = ntohl (row->dwForwardDest);
2402
const in_addr_t mask = ntohl (row->dwForwardMask);
2403
if (mask > nonlocal_netmask && (addr & mask) == net)
2419
test_local_addr (const in_addr_t addr) /* PLATFORM-SPECIFIC */
2421
return TLA_NOT_IMPLEMENTED;