search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fixes, fully translated tomato, with english dictionary and Polish translation
[tomato.git] / release / src / router / openvpn / route.c
blob24d4bd8f7aaae0d289bece8d35f95169e7cc4727
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25 /*
26 * Support routines for adding/deleting network routes.
27 */
28
29 #include "syshead.h"
30
31 #include "common.h"
32 #include "error.h"
33 #include "route.h"
34 #include "misc.h"
35 #include "socket.h"
36 #include "manage.h"
37 #include "win32.h"
38
39 #include "memdbg.h"
40
41 static void delete_route (const struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es);
42 static void get_bypass_addresses (struct route_bypass *rb, const unsigned int flags);
43
44 #ifdef ENABLE_DEBUG
45
46 static void
47 print_bypass_addresses (const struct route_bypass *rb)
48 {
49 struct gc_arena gc = gc_new ();
50 int i;
51 for (i = 0; i < rb->n_bypass; ++i)
52 {
53 msg (D_ROUTE, "ROUTE: bypass_host_route[%d]=%s",
54 i,
55 print_in_addr_t (rb->bypass[i], 0, &gc));
56 }
57 gc_free (&gc);
58 }
59
60 #endif
61
62 static bool
63 add_bypass_address (struct route_bypass *rb, const in_addr_t a)
64 {
65 int i;
66 for (i = 0; i < rb->n_bypass; ++i)
67 {
68 if (a == rb->bypass[i]) /* avoid duplicates */
69 return true;
70 }
71 if (rb->n_bypass < N_ROUTE_BYPASS)
72 {
73 rb->bypass[rb->n_bypass++] = a;
74 return true;
75 }
76 else
77 {
78 return false;
79 }
80 }
81
82 struct route_option_list *
83 new_route_option_list (const int max_routes, struct gc_arena *a)
84 {
85 struct route_option_list *ret;
86 ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_option_list, struct route_option, max_routes, a);
87 ret->capacity = max_routes;
88 return ret;
89 }
90
91 struct route_option_list *
92 clone_route_option_list (const struct route_option_list *src, struct gc_arena *a)
93 {
94 const size_t rl_size = array_mult_safe (sizeof(struct route_option), src->capacity, sizeof(struct route_option_list));
95 struct route_option_list *ret = gc_malloc (rl_size, false, a);
96 memcpy (ret, src, rl_size);
97 return ret;
98 }
99
100 void
101 copy_route_option_list (struct route_option_list *dest, const struct route_option_list *src)
102 {
103 const size_t src_size = array_mult_safe (sizeof(struct route_option), src->capacity, sizeof(struct route_option_list));
104 if (src->n > dest->capacity)
105 msg (M_FATAL, PACKAGE_NAME " ROUTE: (copy) number of route options in src (%d) is greater than route list capacity in dest (%d)", src->n, dest->capacity);
106 memcpy (dest, src, src_size);
107 }
108
109 struct route_list *
110 new_route_list (const int max_routes, struct gc_arena *a)
111 {
112 struct route_list *ret;
113 ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_list, struct route, max_routes, a);
114 ret->capacity = max_routes;
115 return ret;
116 }
117
118 static const char *
119 route_string (const struct route *r, struct gc_arena *gc)
120 {
121 struct buffer out = alloc_buf_gc (256, gc);
122 buf_printf (&out, "ROUTE network %s netmask %s gateway %s",
123 print_in_addr_t (r->network, 0, gc),
124 print_in_addr_t (r->netmask, 0, gc),
125 print_in_addr_t (r->gateway, 0, gc)
126 );
127 if (r->metric_defined)
128 buf_printf (&out, " metric %d", r->metric);
129 return BSTR (&out);
130 }
131
132 static bool
133 is_route_parm_defined (const char *parm)
134 {
135 if (!parm)
136 return false;
137 if (!strcmp (parm, "default"))
138 return false;
139 return true;
140 }
141
142 static void
143 setenv_route_addr (struct env_set *es, const char *key, const in_addr_t addr, int i)
144 {
145 struct gc_arena gc = gc_new ();
146 struct buffer name = alloc_buf_gc (256, &gc);
147 if (i >= 0)
148 buf_printf (&name, "route_%s_%d", key, i);
149 else
150 buf_printf (&name, "route_%s", key);
151 setenv_str (es, BSTR (&name), print_in_addr_t (addr, 0, &gc));
152 gc_free (&gc);
153 }
154
155 static bool
156 get_special_addr (const struct route_special_addr *spec,
157 const char *string,
158 in_addr_t *out,
159 bool *status)
160 {
161 if (status)
162 *status = true;
163 if (!strcmp (string, "vpn_gateway"))
164 {
165 if (spec)
166 {
167 if (spec->remote_endpoint_defined)
168 *out = spec->remote_endpoint;
169 else
170 {
171 msg (M_INFO, PACKAGE_NAME " ROUTE: vpn_gateway undefined");
172 if (status)
173 *status = false;
174 }
175 }
176 return true;
177 }
178 else if (!strcmp (string, "net_gateway"))
179 {
180 if (spec)
181 {
182 if (spec->net_gateway_defined)
183 *out = spec->net_gateway;
184 else
185 {
186 msg (M_INFO, PACKAGE_NAME " ROUTE: net_gateway undefined -- unable to get default gateway from system");
187 if (status)
188 *status = false;
189 }
190 }
191 return true;
192 }
193 else if (!strcmp (string, "remote_host"))
194 {
195 if (spec)
196 {
197 if (spec->remote_host_defined)
198 *out = spec->remote_host;
199 else
200 {
201 msg (M_INFO, PACKAGE_NAME " ROUTE: remote_host undefined");
202 if (status)
203 *status = false;
204 }
205 }
206 return true;
207 }
208 return false;
209 }
210
211 bool
212 is_special_addr (const char *addr_str)
213 {
214 if (addr_str)
215 return get_special_addr (NULL, addr_str, NULL, NULL);
216 else
217 return false;
218 }
219
220 static bool
221 init_route (struct route *r,
222 const struct route_option *ro,
223 const struct route_special_addr *spec)
224 {
225 const in_addr_t default_netmask = ~0;
226 bool status;
227
228 r->option = ro;
229 r->defined = false;
230
231 /* network */
232
233 if (!is_route_parm_defined (ro->network))
234 {
235 goto fail;
236 }
237
238 if (!get_special_addr (spec, ro->network, &r->network, &status))
239 {
240 r->network = getaddr (
241 GETADDR_RESOLVE
242 | GETADDR_HOST_ORDER
243 | GETADDR_WARN_ON_SIGNAL,
244 ro->network,
245 0,
246 &status,
247 NULL);
248 }
249
250 if (!status)
251 goto fail;
252
253 /* netmask */
254
255 if (is_route_parm_defined (ro->netmask))
256 {
257 r->netmask = getaddr (
258 GETADDR_HOST_ORDER
259 | GETADDR_WARN_ON_SIGNAL,
260 ro->netmask,
261 0,
262 &status,
263 NULL);
264 if (!status)
265 goto fail;
266 }
267 else
268 r->netmask = default_netmask;
269
270 /* gateway */
271
272 if (is_route_parm_defined (ro->gateway))
273 {
274 if (!get_special_addr (spec, ro->gateway, &r->gateway, &status))
275 {
276 r->gateway = getaddr (
277 GETADDR_RESOLVE
278 | GETADDR_HOST_ORDER
279 | GETADDR_WARN_ON_SIGNAL,
280 ro->gateway,
281 0,
282 &status,
283 NULL);
284 }
285 if (!status)
286 goto fail;
287 }
288 else
289 {
290 if (spec->remote_endpoint_defined)
291 r->gateway = spec->remote_endpoint;
292 else
293 {
294 msg (M_WARN, PACKAGE_NAME " ROUTE: " PACKAGE_NAME " needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options");
295 goto fail;
296 }
297 }
298
299 /* metric */
300
301 r->metric_defined = false;
302 r->metric = 0;
303 if (is_route_parm_defined (ro->metric))
304 {
305 r->metric = atoi (ro->metric);
306 if (r->metric < 0)
307 {
308 msg (M_WARN, PACKAGE_NAME " ROUTE: route metric for network %s (%s) must be >= 0",
309 ro->network,
310 ro->metric);
311 goto fail;
312 }
313 r->metric_defined = true;
314 }
315 else if (spec->default_metric_defined)
316 {
317 r->metric = spec->default_metric;
318 r->metric_defined = true;
319 }
320
321 r->defined = true;
322
323 return true;
324
325 fail:
326 msg (M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve route for host/network: %s",
327 ro->network);
328 r->defined = false;
329 return false;
330 }
331
332 void
333 add_route_to_option_list (struct route_option_list *l,
334 const char *network,
335 const char *netmask,
336 const char *gateway,
337 const char *metric)
338 {
339 struct route_option *ro;
340 if (l->n >= l->capacity)
341 msg (M_FATAL, PACKAGE_NAME " ROUTE: cannot add more than %d routes -- please increase the max-routes option in the client configuration file",
342 l->capacity);
343 ro = &l->routes[l->n];
344 ro->network = network;
345 ro->netmask = netmask;
346 ro->gateway = gateway;
347 ro->metric = metric;
348 ++l->n;
349 }
350
351 void
352 clear_route_list (struct route_list *rl)
353 {
354 const int capacity = rl->capacity;
355 const size_t rl_size = array_mult_safe (sizeof(struct route), capacity, sizeof(struct route_list));
356 memset(rl, 0, rl_size);
357 rl->capacity = capacity;
358 }
359
360 void
361 route_list_add_default_gateway (struct route_list *rl,
362 struct env_set *es,
363 const in_addr_t addr)
364 {
365 rl->spec.remote_endpoint = addr;
366 rl->spec.remote_endpoint_defined = true;
367 setenv_route_addr (es, "vpn_gateway", rl->spec.remote_endpoint, -1);
368 }
369
370 bool
371 init_route_list (struct route_list *rl,
372 const struct route_option_list *opt,
373 const char *remote_endpoint,
374 int default_metric,
375 in_addr_t remote_host,
376 struct env_set *es)
377 {
378 struct gc_arena gc = gc_new ();
379 bool ret = true;
380
381 clear_route_list (rl);
382
383 rl->flags = opt->flags;
384
385 if (remote_host)
386 {
387 rl->spec.remote_host = remote_host;
388 rl->spec.remote_host_defined = true;
389 }
390
391 if (default_metric)
392 {
393 rl->spec.default_metric = default_metric;
394 rl->spec.default_metric_defined = true;
395 }
396
397 rl->spec.net_gateway_defined = get_default_gateway (&rl->spec.net_gateway, NULL);
398 if (rl->spec.net_gateway_defined)
399 {
400 setenv_route_addr (es, "net_gateway", rl->spec.net_gateway, -1);
401 dmsg (D_ROUTE, "ROUTE default_gateway=%s", print_in_addr_t (rl->spec.net_gateway, 0, &gc));
402 }
403 else
404 {
405 dmsg (D_ROUTE, "ROUTE: default_gateway=UNDEF");
406 }
407
408 if (rl->flags & RG_ENABLE)
409 {
410 get_bypass_addresses (&rl->spec.bypass, rl->flags);
411 #ifdef ENABLE_DEBUG
412 print_bypass_addresses (&rl->spec.bypass);
413 #endif
414 }
415
416 if (is_route_parm_defined (remote_endpoint))
417 {
418 rl->spec.remote_endpoint = getaddr (
419 GETADDR_RESOLVE
420 | GETADDR_HOST_ORDER
421 | GETADDR_WARN_ON_SIGNAL,
422 remote_endpoint,
423 0,
424 &rl->spec.remote_endpoint_defined,
425 NULL);
426
427 if (rl->spec.remote_endpoint_defined)
428 {
429 setenv_route_addr (es, "vpn_gateway", rl->spec.remote_endpoint, -1);
430 }
431 else
432 {
433 msg (M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve default gateway: %s",
434 remote_endpoint);
435 ret = false;
436 }
437 }
438 else
439 rl->spec.remote_endpoint_defined = false;
440
441 if (!(opt->n >= 0 && opt->n <= rl->capacity))
442 msg (M_FATAL, PACKAGE_NAME " ROUTE: (init) number of route options (%d) is greater than route list capacity (%d)", opt->n, rl->capacity);
443
444 /* parse the routes from opt to rl */
445 {
446 int i, j = 0;
447 for (i = 0; i < opt->n; ++i)
448 {
449 if (!init_route (&rl->routes[j],
450 &opt->routes[i],
451 &rl->spec))
452 ret = false;
453 else
454 ++j;
455 }
456 rl->n = j;
457 }
458
459 gc_free (&gc);
460 return ret;
461 }
462
463 static void
464 add_route3 (in_addr_t network,
465 in_addr_t netmask,
466 in_addr_t gateway,
467 const struct tuntap *tt,
468 unsigned int flags,
469 const struct env_set *es)
470 {
471 struct route r;
472 CLEAR (r);
473 r.defined = true;
474 r.network = network;
475 r.netmask = netmask;
476 r.gateway = gateway;
477 add_route (&r, tt, flags, es);
478 }
479
480 static void
481 del_route3 (in_addr_t network,
482 in_addr_t netmask,
483 in_addr_t gateway,
484 const struct tuntap *tt,
485 unsigned int flags,
486 const struct env_set *es)
487 {
488 struct route r;
489 CLEAR (r);
490 r.defined = true;
491 r.network = network;
492 r.netmask = netmask;
493 r.gateway = gateway;
494 delete_route (&r, tt, flags, es);
495 }
496
497 static void
498 add_bypass_routes (struct route_bypass *rb,
499 in_addr_t gateway,
500 const struct tuntap *tt,
501 unsigned int flags,
502 const struct env_set *es)
503 {
504 int i;
505 for (i = 0; i < rb->n_bypass; ++i)
506 {
507 if (rb->bypass[i] != gateway)
508 add_route3 (rb->bypass[i],
509 ~0,
510 gateway,
511 tt,
512 flags,
513 es);
514 }
515 }
516
517 static void
518 del_bypass_routes (struct route_bypass *rb,
519 in_addr_t gateway,
520 const struct tuntap *tt,
521 unsigned int flags,
522 const struct env_set *es)
523 {
524 int i;
525 for (i = 0; i < rb->n_bypass; ++i)
526 {
527 if (rb->bypass[i] != gateway)
528 del_route3 (rb->bypass[i],
529 ~0,
530 gateway,
531 tt,
532 flags,
533 es);
534 }
535 }
536
537 static void
538 redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
539 {
540 const char err[] = "NOTE: unable to redirect default gateway --";
541
542 if (rl->flags & RG_ENABLE)
543 {
544 if (!rl->spec.remote_endpoint_defined)
545 {
546 msg (M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err);
547 }
548 else if (!rl->spec.net_gateway_defined)
549 {
550 msg (M_WARN, "%s Cannot read current default gateway from system", err);
551 }
552 else if (!rl->spec.remote_host_defined)
553 {
554 msg (M_WARN, "%s Cannot obtain current remote host address", err);
555 }
556 else
557 {
558 bool local = BOOL_CAST(rl->flags & RG_LOCAL);
559 if (rl->flags & RG_AUTO_LOCAL) {
560 const int tla = test_local_addr (rl->spec.remote_host);
561 if (tla == TLA_NONLOCAL)
562 {
563 dmsg (D_ROUTE, "ROUTE remote_host is NOT LOCAL");
564 local = false;
565 }
566 else if (tla == TLA_LOCAL)
567 {
568 dmsg (D_ROUTE, "ROUTE remote_host is LOCAL");
569 local = true;
570 }
571 }
572 if (!local)
573 {
574 /* route remote host to original default gateway */
575 add_route3 (rl->spec.remote_host,
576 ~0,
577 rl->spec.net_gateway,
578 tt,
579 flags,
580 es);
581 rl->did_local = true;
582 }
583
584 /* route DHCP/DNS server traffic through original default gateway */
585 add_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es);
586
587 if (rl->flags & RG_REROUTE_GW)
588 {
589 if (rl->flags & RG_DEF1)
590 {
591 /* add new default route (1st component) */
592 add_route3 (0x00000000,
593 0x80000000,
594 rl->spec.remote_endpoint,
595 tt,
596 flags,
597 es);
598
599 /* add new default route (2nd component) */
600 add_route3 (0x80000000,
601 0x80000000,
602 rl->spec.remote_endpoint,
603 tt,
604 flags,
605 es);
606 }
607 else
608 {
609 /* delete default route */
610 del_route3 (0,
611 0,
612 rl->spec.net_gateway,
613 tt,
614 flags,
615 es);
616
617 /* add new default route */
618 add_route3 (0,
619 0,
620 rl->spec.remote_endpoint,
621 tt,
622 flags,
623 es);
624 }
625 }
626
627 /* set a flag so we can undo later */
628 rl->did_redirect_default_gateway = true;
629 }
630 }
631 }
632
633 static void
634 undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
635 {
636 if (rl->did_redirect_default_gateway)
637 {
638 /* delete remote host route */
639 if (rl->did_local)
640 {
641 del_route3 (rl->spec.remote_host,
642 ~0,
643 rl->spec.net_gateway,
644 tt,
645 flags,
646 es);
647 rl->did_local = false;
648 }
649
650 /* delete special DHCP/DNS bypass route */
651 del_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es);
652
653 if (rl->flags & RG_REROUTE_GW)
654 {
655 if (rl->flags & RG_DEF1)
656 {
657 /* delete default route (1st component) */
658 del_route3 (0x00000000,
659 0x80000000,
660 rl->spec.remote_endpoint,
661 tt,
662 flags,
663 es);
664
665 /* delete default route (2nd component) */
666 del_route3 (0x80000000,
667 0x80000000,
668 rl->spec.remote_endpoint,
669 tt,
670 flags,
671 es);
672 }
673 else
674 {
675 /* delete default route */
676 del_route3 (0,
677 0,
678 rl->spec.remote_endpoint,
679 tt,
680 flags,
681 es);
682
683 /* restore original default route */
684 add_route3 (0,
685 0,
686 rl->spec.net_gateway,
687 tt,
688 flags,
689 es);
690 }
691 }
692
693 rl->did_redirect_default_gateway = false;
694 }
695 }
696
697 void
698 add_routes (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
699 {
700 redirect_default_route_to_vpn (rl, tt, flags, es);
701 if (!rl->routes_added)
702 {
703 int i;
704
705 #ifdef ENABLE_MANAGEMENT
706 if (management && rl->n)
707 {
708 management_set_state (management,
709 OPENVPN_STATE_ADD_ROUTES,
710 NULL,
711 0,
712 0);
713 }
714 #endif
715
716 for (i = 0; i < rl->n; ++i)
717 {
718 struct route *r = &rl->routes[i];
719 check_subnet_conflict (r->network, r->netmask, "route");
720 if (flags & ROUTE_DELETE_FIRST)
721 delete_route (r, tt, flags, es);
722 add_route (r, tt, flags, es);
723 }
724 rl->routes_added = true;
725 }
726 }
727
728 void
729 delete_routes (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
730 {
731 if (rl->routes_added)
732 {
733 int i;
734 for (i = rl->n - 1; i >= 0; --i)
735 {
736 const struct route *r = &rl->routes[i];
737 delete_route (r, tt, flags, es);
738 }
739 rl->routes_added = false;
740 }
741 undo_redirect_default_route_to_vpn (rl, tt, flags, es);
742
743 clear_route_list (rl);
744 }
745
746 #ifdef ENABLE_DEBUG
747
748 static const char *
749 show_opt (const char *option)
750 {
751 if (!option)
752 return "nil";
753 else
754 return option;
755 }
756
757 static void
758 print_route_option (const struct route_option *ro, int level)
759 {
760 msg (level, " route %s/%s/%s/%s",
761 show_opt (ro->network),
762 show_opt (ro->netmask),
763 show_opt (ro->gateway),
764 show_opt (ro->metric));
765 }
766
767 void
768 print_route_options (const struct route_option_list *rol,
769 int level)
770 {
771 int i;
772 if (rol->flags & RG_ENABLE)
773 msg (level, " [redirect_default_gateway local=%d]",
774 (rol->flags & RG_LOCAL) != 0);
775 for (i = 0; i < rol->n; ++i)
776 print_route_option (&rol->routes[i], level);
777 }
778
779 #endif
780
781 static void
782 print_route (const struct route *r, int level)
783 {
784 struct gc_arena gc = gc_new ();
785 if (r->defined)
786 msg (level, "%s", route_string (r, &gc));
787 gc_free (&gc);
788 }
789
790 void
791 print_routes (const struct route_list *rl, int level)
792 {
793 int i;
794 for (i = 0; i < rl->n; ++i)
795 print_route (&rl->routes[i], level);
796 }
797
798 static void
799 setenv_route (struct env_set *es, const struct route *r, int i)
800 {
801 struct gc_arena gc = gc_new ();
802 if (r->defined)
803 {
804 setenv_route_addr (es, "network", r->network, i);
805 setenv_route_addr (es, "netmask", r->netmask, i);
806 setenv_route_addr (es, "gateway", r->gateway, i);
807
808 if (r->metric_defined)
809 {
810 struct buffer name = alloc_buf_gc (256, &gc);
811 buf_printf (&name, "route_metric_%d", i);
812 setenv_int (es, BSTR (&name), r->metric);
813 }
814 }
815 gc_free (&gc);
816 }
817
818 void
819 setenv_routes (struct env_set *es, const struct route_list *rl)
820 {
821 int i;
822 for (i = 0; i < rl->n; ++i)
823 setenv_route (es, &rl->routes[i], i + 1);
824 }
825
826 void
827 add_route (struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
828 {
829 struct gc_arena gc;
830 struct argv argv;
831 const char *network;
832 const char *netmask;
833 const char *gateway;
834 bool status = false;
835
836 if (!r->defined)
837 return;
838
839 gc_init (&gc);
840 argv_init (&argv);
841
842 network = print_in_addr_t (r->network, 0, &gc);
843 netmask = print_in_addr_t (r->netmask, 0, &gc);
844 gateway = print_in_addr_t (r->gateway, 0, &gc);
845
846 /*
847 * Filter out routes which are essentially no-ops
848 */
849 if (r->network == r->gateway && r->netmask == 0xFFFFFFFF)
850 {
851 msg (M_INFO, PACKAGE_NAME " ROUTE: omitted no-op route: %s/%s -> %s",
852 network, netmask, gateway);
853 goto done;
854 }
855
856 #if defined(TARGET_LINUX)
857 #ifdef CONFIG_FEATURE_IPROUTE
858 argv_printf (&argv, "%s route add %s/%d via %s",
859 iproute_path,
860 network,
861 count_netmask_bits(netmask),
862 gateway);
863 if (r->metric_defined)
864 argv_printf_cat (&argv, "metric %d", r->metric);
865
866 #else
867 argv_printf (&argv, "%s add -net %s netmask %s gw %s",
868 ROUTE_PATH,
869 network,
870 netmask,
871 gateway);
872 if (r->metric_defined)
873 argv_printf_cat (&argv, "metric %d", r->metric);
874 #endif /*CONFIG_FEATURE_IPROUTE*/
875 argv_msg (D_ROUTE, &argv);
876 status = openvpn_execve_check (&argv, es, 0, "ERROR: Linux route add command failed");
877
878 #elif defined (WIN32)
879
880 argv_printf (&argv, "%s%sc ADD %s MASK %s %s",
881 get_win_sys_path(),
882 WIN_ROUTE_PATH_SUFFIX,
883 network,
884 netmask,
885 gateway);
886 if (r->metric_defined)
887 argv_printf_cat (&argv, "METRIC %d", r->metric);
888
889 argv_msg (D_ROUTE, &argv);
890
891 if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
892 {
893 status = add_route_ipapi (r, tt);
894 msg (D_ROUTE, "Route addition via IPAPI %s", status ? "succeeded" : "failed");
895 }
896 else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
897 {
898 netcmd_semaphore_lock ();
899 status = openvpn_execve_check (&argv, es, 0, "ERROR: Windows route add command failed");
900 netcmd_semaphore_release ();
901 }
902 else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
903 {
904 status = add_route_ipapi (r, tt);
905 msg (D_ROUTE, "Route addition via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
906 if (!status)
907 {
908 msg (D_ROUTE, "Route addition fallback to route.exe");
909 netcmd_semaphore_lock ();
910 status = openvpn_execve_check (&argv, es, 0, "ERROR: Windows route add command failed [adaptive]");
911 netcmd_semaphore_release ();
912 }
913 }
914 else
915 {
916 ASSERT (0);
917 }
918
919 #elif defined (TARGET_SOLARIS)
920
921 /* example: route add 192.0.2.32 -netmask 255.255.255.224 somegateway */
922
923 argv_printf (&argv, "%s add",
924 ROUTE_PATH);
925
926 #if 0
927 if (r->metric_defined)
928 argv_printf_cat (&argv, "-rtt %d", r->metric);
929 #endif
930
931 argv_printf_cat (&argv, "%s -netmask %s %s",
932 network,
933 netmask,
934 gateway);
935
936 argv_msg (D_ROUTE, &argv);
937 status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add command failed");
938
939 #elif defined(TARGET_FREEBSD)
940
941 argv_printf (&argv, "%s add",
942 ROUTE_PATH);
943
944 #if 0
945 if (r->metric_defined)
946 argv_printf_cat (&argv, "-rtt %d", r->metric);
947 #endif
948
949 argv_printf_cat (&argv, "-net %s %s %s",
950 network,
951 gateway,
952 netmask);
953
954 argv_msg (D_ROUTE, &argv);
955 status = openvpn_execve_check (&argv, es, 0, "ERROR: FreeBSD route add command failed");
956
957 #elif defined(TARGET_DRAGONFLY)
958
959 argv_printf (&argv, "%s add",
960 ROUTE_PATH);
961
962 #if 0
963 if (r->metric_defined)
964 argv_printf_cat (&argv, "-rtt %d", r->metric);
965 #endif
966
967 argv_printf_cat (&argv, "-net %s %s %s",
968 network,
969 gateway,
970 netmask);
971
972 argv_msg (D_ROUTE, &argv);
973 status = openvpn_execve_check (&argv, es, 0, "ERROR: DragonFly route add command failed");
974
975 #elif defined(TARGET_DARWIN)
976
977 argv_printf (&argv, "%s add",
978 ROUTE_PATH);
979
980 #if 0
981 if (r->metric_defined)
982 argv_printf_cat (&argv, "-rtt %d", r->metric);
983 #endif
984
985 argv_printf_cat (&argv, "-net %s %s %s",
986 network,
987 gateway,
988 netmask);
989
990 argv_msg (D_ROUTE, &argv);
991 status = openvpn_execve_check (&argv, es, 0, "ERROR: OS X route add command failed");
992
993 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
994
995 argv_printf (&argv, "%s add",
996 ROUTE_PATH);
997
998 #if 0
999 if (r->metric_defined)
1000 argv_printf_cat (&argv, "-rtt %d", r->metric);
1001 #endif
1002
1003 argv_printf_cat (&argv, "-net %s %s -netmask %s",
1004 network,
1005 gateway,
1006 netmask);
1007
1008 argv_msg (D_ROUTE, &argv);
1009 status = openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed");
1010
1011 #else
1012 msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1013 #endif
1014
1015 done:
1016 r->defined = status;
1017 argv_reset (&argv);
1018 gc_free (&gc);
1019 }
1020
1021 static void
1022 delete_route (const struct route *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1023 {
1024 struct gc_arena gc;
1025 struct argv argv;
1026 const char *network;
1027 const char *netmask;
1028 const char *gateway;
1029
1030 if (!r->defined)
1031 return;
1032
1033 gc_init (&gc);
1034 argv_init (&argv);
1035
1036 network = print_in_addr_t (r->network, 0, &gc);
1037 netmask = print_in_addr_t (r->netmask, 0, &gc);
1038 gateway = print_in_addr_t (r->gateway, 0, &gc);
1039
1040 #if defined(TARGET_LINUX)
1041 #ifdef CONFIG_FEATURE_IPROUTE
1042 argv_printf (&argv, "%s route del %s/%d",
1043 iproute_path,
1044 network,
1045 count_netmask_bits(netmask));
1046 #else
1047
1048 argv_printf (&argv, "%s del -net %s netmask %s",
1049 ROUTE_PATH,
1050 network,
1051 netmask);
1052 #endif /*CONFIG_FEATURE_IPROUTE*/
1053 if (r->metric_defined)
1054 argv_printf_cat (&argv, "metric %d", r->metric);
1055 argv_msg (D_ROUTE, &argv);
1056 openvpn_execve_check (&argv, es, 0, "ERROR: Linux route delete command failed");
1057
1058 #elif defined (WIN32)
1059
1060 argv_printf (&argv, "%s%sc DELETE %s MASK %s %s",
1061 get_win_sys_path(),
1062 WIN_ROUTE_PATH_SUFFIX,
1063 network,
1064 netmask,
1065 gateway);
1066
1067 argv_msg (D_ROUTE, &argv);
1068
1069 if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_IPAPI)
1070 {
1071 const bool status = del_route_ipapi (r, tt);
1072 msg (D_ROUTE, "Route deletion via IPAPI %s", status ? "succeeded" : "failed");
1073 }
1074 else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_EXE)
1075 {
1076 netcmd_semaphore_lock ();
1077 openvpn_execve_check (&argv, es, 0, "ERROR: Windows route delete command failed");
1078 netcmd_semaphore_release ();
1079 }
1080 else if ((flags & ROUTE_METHOD_MASK) == ROUTE_METHOD_ADAPTIVE)
1081 {
1082 const bool status = del_route_ipapi (r, tt);
1083 msg (D_ROUTE, "Route deletion via IPAPI %s [adaptive]", status ? "succeeded" : "failed");
1084 if (!status)
1085 {
1086 msg (D_ROUTE, "Route deletion fallback to route.exe");
1087 netcmd_semaphore_lock ();
1088 openvpn_execve_check (&argv, es, 0, "ERROR: Windows route delete command failed [adaptive]");
1089 netcmd_semaphore_release ();
1090 }
1091 }
1092 else
1093 {
1094 ASSERT (0);
1095 }
1096
1097 #elif defined (TARGET_SOLARIS)
1098
1099 argv_printf (&argv, "%s delete %s -netmask %s %s",
1100 ROUTE_PATH,
1101 network,
1102 netmask,
1103 gateway);
1104
1105 argv_msg (D_ROUTE, &argv);
1106 openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route delete command failed");
1107
1108 #elif defined(TARGET_FREEBSD)
1109
1110 argv_printf (&argv, "%s delete -net %s %s %s",
1111 ROUTE_PATH,
1112 network,
1113 gateway,
1114 netmask);
1115
1116 argv_msg (D_ROUTE, &argv);
1117 openvpn_execve_check (&argv, es, 0, "ERROR: FreeBSD route delete command failed");
1118
1119 #elif defined(TARGET_DRAGONFLY)
1120
1121 argv_printf (&argv, "%s delete -net %s %s %s",
1122 ROUTE_PATH,
1123 network,
1124 gateway,
1125 netmask);
1126
1127 argv_msg (D_ROUTE, &argv);
1128 openvpn_execve_check (&argv, es, 0, "ERROR: DragonFly route delete command failed");
1129
1130 #elif defined(TARGET_DARWIN)
1131
1132 argv_printf (&argv, "%s delete -net %s %s %s",
1133 ROUTE_PATH,
1134 network,
1135 gateway,
1136 netmask);
1137
1138 argv_msg (D_ROUTE, &argv);
1139 openvpn_execve_check (&argv, es, 0, "ERROR: OS X route delete command failed");
1140
1141 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1142
1143 argv_printf (&argv, "%s delete -net %s %s -netmask %s",
1144 ROUTE_PATH,
1145 network,
1146 gateway,
1147 netmask);
1148
1149 argv_msg (D_ROUTE, &argv);
1150 openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD/NetBSD route delete command failed");
1151
1152 #else
1153 msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1154 #endif
1155
1156 argv_reset (&argv);
1157 gc_free (&gc);
1158 }
1159
1160 /*
1161 * The --redirect-gateway option requires OS-specific code below
1162 * to get the current default gateway.
1163 */
1164
1165 #if defined(WIN32)
1166
1167 static const MIB_IPFORWARDTABLE *
1168 get_windows_routing_table (struct gc_arena *gc)
1169 {
1170 ULONG size = 0;
1171 PMIB_IPFORWARDTABLE rt = NULL;
1172 DWORD status;
1173
1174 status = GetIpForwardTable (NULL, &size, TRUE);
1175 if (status == ERROR_INSUFFICIENT_BUFFER)
1176 {
1177 rt = (PMIB_IPFORWARDTABLE) gc_malloc (size, false, gc);
1178 status = GetIpForwardTable (rt, &size, TRUE);
1179 if (status != NO_ERROR)
1180 {
1181 msg (D_ROUTE, "NOTE: GetIpForwardTable returned error: %s (code=%u)",
1182 strerror_win32 (status, gc),
1183 (unsigned int)status);
1184 rt = NULL;
1185 }
1186 }
1187 return rt;
1188 }
1189
1190 static int
1191 test_route (const IP_ADAPTER_INFO *adapters,
1192 const in_addr_t gateway,
1193 DWORD *index)
1194 {
1195 int count = 0;
1196 DWORD i = adapter_index_of_ip (adapters, gateway, &count, NULL);
1197 if (index)
1198 *index = i;
1199 return count;
1200 }
1201
1202 static void
1203 test_route_helper (bool *ret,
1204 int *count,
1205 int *good,
1206 int *ambig,
1207 const IP_ADAPTER_INFO *adapters,
1208 const in_addr_t gateway)
1209 {
1210 int c;
1211
1212 ++*count;
1213 c = test_route (adapters, gateway, NULL);
1214 if (c == 0)
1215 *ret = false;
1216 else
1217 ++*good;
1218 if (c > 1)
1219 ++*ambig;
1220 }
1221
1222 /*
1223 * If we tried to add routes now, would we succeed?
1224 */
1225 bool
1226 test_routes (const struct route_list *rl, const struct tuntap *tt)
1227 {
1228 struct gc_arena gc = gc_new ();
1229 const IP_ADAPTER_INFO *adapters = get_adapter_info_list (&gc);
1230 bool ret = false;
1231 int count = 0;
1232 int good = 0;
1233 int ambig = 0;
1234 bool adapter_up = false;
1235
1236 if (is_adapter_up (tt, adapters))
1237 {
1238 ret = true;
1239 adapter_up = true;
1240
1241 if (rl)
1242 {
1243 int i;
1244 for (i = 0; i < rl->n; ++i)
1245 test_route_helper (&ret, &count, &good, &ambig, adapters, rl->routes[i].gateway);
1246
1247 if ((rl->flags & RG_ENABLE) && rl->spec.remote_endpoint_defined)
1248 test_route_helper (&ret, &count, &good, &ambig, adapters, rl->spec.remote_endpoint);
1249 }
1250 }
1251
1252 msg (D_ROUTE, "TEST ROUTES: %d/%d succeeded len=%d ret=%d a=%d u/d=%s",
1253 good,
1254 count,
1255 rl ? rl->n : -1,
1256 (int)ret,
1257 ambig,
1258 adapter_up ? "up" : "down");
1259
1260 gc_free (&gc);
1261 return ret;
1262 }
1263
1264 static const MIB_IPFORWARDROW *
1265 get_default_gateway_row (const MIB_IPFORWARDTABLE *routes)
1266 {
1267 struct gc_arena gc = gc_new ();
1268 DWORD lowest_metric = ~0;
1269 const MIB_IPFORWARDROW *ret = NULL;
1270 int i;
1271 int best = -1;
1272
1273 if (routes)
1274 {
1275 for (i = 0; i < routes->dwNumEntries; ++i)
1276 {
1277 const MIB_IPFORWARDROW *row = &routes->table[i];
1278 const in_addr_t net = ntohl (row->dwForwardDest);
1279 const in_addr_t mask = ntohl (row->dwForwardMask);
1280 const DWORD index = row->dwForwardIfIndex;
1281 const DWORD metric = row->dwForwardMetric1;
1282
1283 dmsg (D_ROUTE_DEBUG, "GDGR: route[%d] %s/%s i=%d m=%d",
1284 i,
1285 print_in_addr_t ((in_addr_t) net, 0, &gc),
1286 print_in_addr_t ((in_addr_t) mask, 0, &gc),
1287 (int)index,
1288 (int)metric);
1289
1290 if (!net && !mask && metric < lowest_metric)
1291 {
1292 ret = row;
1293 lowest_metric = metric;
1294 best = i;
1295 }
1296 }
1297 }
1298
1299 dmsg (D_ROUTE_DEBUG, "GDGR: best=%d lm=%u", best, (unsigned int)lowest_metric);
1300
1301 gc_free (&gc);
1302 return ret;
1303 }
1304
1305 bool
1306 get_default_gateway (in_addr_t *gw, in_addr_t *netmask)
1307 {
1308 struct gc_arena gc = gc_new ();
1309 bool ret_bool = false;
1310
1311 const IP_ADAPTER_INFO *adapters = get_adapter_info_list (&gc);
1312 const MIB_IPFORWARDTABLE *routes = get_windows_routing_table (&gc);
1313 const MIB_IPFORWARDROW *row = get_default_gateway_row (routes);
1314
1315 if (row)
1316 {
1317 *gw = ntohl (row->dwForwardNextHop);
1318 if (netmask)
1319 {
1320 if (adapter_index_of_ip (adapters, *gw, NULL, netmask) == ~0)
1321 *netmask = ~0;
1322 }
1323 ret_bool = true;
1324 }
1325
1326 gc_free (&gc);
1327 return ret_bool;
1328 }
1329
1330 static DWORD
1331 windows_route_find_if_index (const struct route *r, const struct tuntap *tt)
1332 {
1333 struct gc_arena gc = gc_new ();
1334 DWORD ret = ~0;
1335 int count = 0;
1336 const IP_ADAPTER_INFO *adapters = get_adapter_info_list (&gc);
1337 const IP_ADAPTER_INFO *tun_adapter = get_tun_adapter (tt, adapters);
1338 bool on_tun = false;
1339
1340 /* first test on tun interface */
1341 if (is_ip_in_adapter_subnet (tun_adapter, r->gateway, NULL))
1342 {
1343 ret = tun_adapter->Index;
1344 count = 1;
1345 on_tun = true;
1346 }
1347 else /* test on other interfaces */
1348 {
1349 count = test_route (adapters, r->gateway, &ret);
1350 }
1351
1352 if (count == 0)
1353 {
1354 msg (M_WARN, "Warning: route gateway is not reachable on any active network adapters: %s",
1355 print_in_addr_t (r->gateway, 0, &gc));
1356 ret = ~0;
1357 }
1358 else if (count > 1)
1359 {
1360 msg (M_WARN, "Warning: route gateway is ambiguous: %s (%d matches)",
1361 print_in_addr_t (r->gateway, 0, &gc),
1362 count);
1363 ret = ~0;
1364 }
1365
1366 dmsg (D_ROUTE_DEBUG, "DEBUG: route find if: on_tun=%d count=%d index=%d",
1367 on_tun,
1368 count,
1369 (int)ret);
1370
1371 gc_free (&gc);
1372 return ret;
1373 }
1374
1375 bool
1376 add_route_ipapi (const struct route *r, const struct tuntap *tt)
1377 {
1378 struct gc_arena gc = gc_new ();
1379 bool ret = false;
1380 DWORD status;
1381 const DWORD if_index = windows_route_find_if_index (r, tt);
1382
1383 if (if_index != ~0)
1384 {
1385 MIB_IPFORWARDROW fr;
1386 CLEAR (fr);
1387 fr.dwForwardDest = htonl (r->network);
1388 fr.dwForwardMask = htonl (r->netmask);
1389 fr.dwForwardPolicy = 0;
1390 fr.dwForwardNextHop = htonl (r->gateway);
1391 fr.dwForwardIfIndex = if_index;
1392 fr.dwForwardType = 4; /* the next hop is not the final dest */
1393 fr.dwForwardProto = 3; /* PROTO_IP_NETMGMT */
1394 fr.dwForwardAge = 0;
1395 fr.dwForwardNextHopAS = 0;
1396 fr.dwForwardMetric1 = r->metric_defined ? r->metric : 1;
1397 fr.dwForwardMetric2 = ~0;
1398 fr.dwForwardMetric3 = ~0;
1399 fr.dwForwardMetric4 = ~0;
1400 fr.dwForwardMetric5 = ~0;
1401
1402 if ((r->network & r->netmask) != r->network)
1403 msg (M_WARN, "Warning: address %s is not a network address in relation to netmask %s",
1404 print_in_addr_t (r->network, 0, &gc),
1405 print_in_addr_t (r->netmask, 0, &gc));
1406
1407 status = CreateIpForwardEntry (&fr);
1408
1409 if (status == NO_ERROR)
1410 ret = true;
1411 else
1412 {
1413 /* failed, try increasing the metric to work around Vista issue */
1414 const unsigned int forward_metric_limit = 2048; /* iteratively retry higher metrics up to this limit */
1415
1416 for ( ; fr.dwForwardMetric1 <= forward_metric_limit; ++fr.dwForwardMetric1)
1417 {
1418 /* try a different forward type=3 ("the next hop is the final dest") in addition to 4.
1419 --redirect-gateway over RRAS seems to need this. */
1420 for (fr.dwForwardType = 4; fr.dwForwardType >= 3; --fr.dwForwardType)
1421 {
1422 status = CreateIpForwardEntry (&fr);
1423 if (status == NO_ERROR)
1424 {
1425 msg (D_ROUTE, "ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=%u and dwForwardType=%u",
1426 (unsigned int)fr.dwForwardMetric1,
1427 (unsigned int)fr.dwForwardType);
1428 ret = true;
1429 goto doublebreak;
1430 }
1431 else if (status != ERROR_BAD_ARGUMENTS)
1432 goto doublebreak;
1433 }
1434 }
1435
1436 doublebreak:
1437 if (status != NO_ERROR)
1438 msg (M_WARN, "ROUTE: route addition failed using CreateIpForwardEntry: %s [status=%u if_index=%u]",
1439 strerror_win32 (status, &gc),
1440 (unsigned int)status,
1441 (unsigned int)if_index);
1442 }
1443 }
1444
1445 gc_free (&gc);
1446 return ret;
1447 }
1448
1449 bool
1450 del_route_ipapi (const struct route *r, const struct tuntap *tt)
1451 {
1452 struct gc_arena gc = gc_new ();
1453 bool ret = false;
1454 DWORD status;
1455 const DWORD if_index = windows_route_find_if_index (r, tt);
1456
1457 if (if_index != ~0)
1458 {
1459 MIB_IPFORWARDROW fr;
1460 CLEAR (fr);
1461
1462 fr.dwForwardDest = htonl (r->network);
1463 fr.dwForwardMask = htonl (r->netmask);
1464 fr.dwForwardPolicy = 0;
1465 fr.dwForwardNextHop = htonl (r->gateway);
1466 fr.dwForwardIfIndex = if_index;
1467
1468 status = DeleteIpForwardEntry (&fr);
1469
1470 if (status == NO_ERROR)
1471 ret = true;
1472 else
1473 msg (M_WARN, "ROUTE: route deletion failed using DeleteIpForwardEntry: %s",
1474 strerror_win32 (status, &gc));
1475 }
1476
1477 gc_free (&gc);
1478 return ret;
1479 }
1480
1481 static const char *
1482 format_route_entry (const MIB_IPFORWARDROW *r, struct gc_arena *gc)
1483 {
1484 struct buffer out = alloc_buf_gc (256, gc);
1485 buf_printf (&out, "%s %s %s p=%d i=%d t=%d pr=%d a=%d h=%d m=%d/%d/%d/%d/%d",
1486 print_in_addr_t (r->dwForwardDest, IA_NET_ORDER, gc),
1487 print_in_addr_t (r->dwForwardMask, IA_NET_ORDER, gc),
1488 print_in_addr_t (r->dwForwardNextHop, IA_NET_ORDER, gc),
1489 (int)r->dwForwardPolicy,
1490 (int)r->dwForwardIfIndex,
1491 (int)r->dwForwardType,
1492 (int)r->dwForwardProto,
1493 (int)r->dwForwardAge,
1494 (int)r->dwForwardNextHopAS,
1495 (int)r->dwForwardMetric1,
1496 (int)r->dwForwardMetric2,
1497 (int)r->dwForwardMetric3,
1498 (int)r->dwForwardMetric4,
1499 (int)r->dwForwardMetric5);
1500 return BSTR (&out);
1501 }
1502
1503 /*
1504 * Show current routing table
1505 */
1506 void
1507 show_routes (int msglev)
1508 {
1509 struct gc_arena gc = gc_new ();
1510 int i;
1511
1512 const MIB_IPFORWARDTABLE *rt = get_windows_routing_table (&gc);
1513
1514 msg (msglev, "SYSTEM ROUTING TABLE");
1515 if (rt)
1516 {
1517 for (i = 0; i < rt->dwNumEntries; ++i)
1518 {
1519 msg (msglev, "%s", format_route_entry (&rt->table[i], &gc));
1520 }
1521 }
1522 gc_free (&gc);
1523 }
1524
1525 #elif defined(TARGET_LINUX)
1526
1527 bool
1528 get_default_gateway (in_addr_t *gateway, in_addr_t *netmask)
1529 {
1530 struct gc_arena gc = gc_new ();
1531 bool ret = false;
1532 FILE *fp = fopen ("/proc/net/route", "r");
1533 if (fp)
1534 {
1535 char line[256];
1536 int count = 0;
1537 int best_count = 0;
1538 unsigned int lowest_metric = ~0;
1539 in_addr_t best_gw = 0;
1540 while (fgets (line, sizeof (line), fp) != NULL)
1541 {
1542 if (count)
1543 {
1544 unsigned int net_x = 0;
1545 unsigned int mask_x = 0;
1546 unsigned int gw_x = 0;
1547 unsigned int metric = 0;
1548 const int np = sscanf (line, "%*s\t%x\t%x\t%*s\t%*s\t%*s\t%d\t%x",
1549 &net_x,
1550 &gw_x,
1551 &metric,
1552 &mask_x);
1553 if (np == 4)
1554 {
1555 const in_addr_t net = ntohl (net_x);
1556 const in_addr_t mask = ntohl (mask_x);
1557 const in_addr_t gw = ntohl (gw_x);
1558
1559 dmsg (D_ROUTE_DEBUG, "GDG: route[%d] %s/%s/%s m=%u",
1560 count,
1561 print_in_addr_t ((in_addr_t) net, 0, &gc),
1562 print_in_addr_t ((in_addr_t) mask, 0, &gc),
1563 print_in_addr_t ((in_addr_t) gw, 0, &gc),
1564 metric);
1565
1566 if (!net && !mask && metric < lowest_metric)
1567 {
1568 best_gw = gw;
1569 lowest_metric = metric;
1570 best_count = count;
1571 }
1572 }
1573 }
1574 ++count;
1575 }
1576 fclose (fp);
1577
1578 if (best_gw)
1579 {
1580 *gateway = best_gw;
1581 if (netmask)
1582 {
1583 *netmask = 0xFFFFFF00; /* FIXME -- get the real netmask of the adapter containing the default gateway */
1584 }
1585 ret = true;
1586 }
1587
1588 dmsg (D_ROUTE_DEBUG, "GDG: best=%s[%d] lm=%u",
1589 print_in_addr_t ((in_addr_t) best_gw, 0, &gc),
1590 best_count,
1591 (unsigned int)lowest_metric);
1592 }
1593
1594 gc_free (&gc);
1595 return ret;
1596 }
1597
1598 #elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
1599
1600 #include <sys/types.h>
1601 #include <sys/socket.h>
1602 #include <netinet/in.h>
1603
1604 /* all of this is taken from <net/route.h> in FreeBSD */
1605 #define RTA_DST 0x1
1606 #define RTA_GATEWAY 0x2
1607 #define RTA_NETMASK 0x4
1608
1609 #define RTM_GET 0x4
1610 #define RTM_VERSION 5
1611
1612 #define RTF_UP 0x1
1613 #define RTF_GATEWAY 0x2
1614
1615 /*
1616 * These numbers are used by reliable protocols for determining
1617 * retransmission behavior and are included in the routing structure.
1618 */
1619 struct rt_metrics {
1620 u_long rmx_locks; /* Kernel must leave these values alone */
1621 u_long rmx_mtu; /* MTU for this path */
1622 u_long rmx_hopcount; /* max hops expected */
1623 u_long rmx_expire; /* lifetime for route, e.g. redirect */
1624 u_long rmx_recvpipe; /* inbound delay-bandwidth product */
1625 u_long rmx_sendpipe; /* outbound delay-bandwidth product */
1626 u_long rmx_ssthresh; /* outbound gateway buffer limit */
1627 u_long rmx_rtt; /* estimated round trip time */
1628 u_long rmx_rttvar; /* estimated rtt variance */
1629 u_long rmx_pksent; /* packets sent using this route */
1630 u_long rmx_filler[4]; /* will be used for T/TCP later */
1631 };
1632
1633 /*
1634 * Structures for routing messages.
1635 */
1636 struct rt_msghdr {
1637 u_short rtm_msglen; /* to skip over non-understood messages */
1638 u_char rtm_version; /* future binary compatibility */
1639 u_char rtm_type; /* message type */
1640 u_short rtm_index; /* index for associated ifp */
1641 int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
1642 int rtm_addrs; /* bitmask identifying sockaddrs in msg */
1643 pid_t rtm_pid; /* identify sender */
1644 int rtm_seq; /* for sender to identify action */
1645 int rtm_errno; /* why failed */
1646 int rtm_use; /* from rtentry */
1647 u_long rtm_inits; /* which metrics we are initializing */
1648 struct rt_metrics rtm_rmx; /* metrics themselves */
1649 };
1650
1651 struct {
1652 struct rt_msghdr m_rtm;
1653 char m_space[512];
1654 } m_rtmsg;
1655
1656 #define ROUNDUP(a) \
1657 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
1658
1659 bool
1660 get_default_gateway (in_addr_t *ret, in_addr_t *netmask)
1661 {
1662 struct gc_arena gc = gc_new ();
1663 int s, seq, l, pid, rtm_addrs, i;
1664 struct sockaddr so_dst, so_mask;
1665 char *cp = m_rtmsg.m_space;
1666 struct sockaddr *gate = NULL, *sa;
1667 struct rt_msghdr *rtm_aux;
1668
1669 #define NEXTADDR(w, u) \
1670 if (rtm_addrs & (w)) {\
1671 l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
1672 }
1673
1674 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
1675
1676 #define rtm m_rtmsg.m_rtm
1677
1678 pid = getpid();
1679 seq = 0;
1680 rtm_addrs = RTA_DST | RTA_NETMASK;
1681
1682 bzero(&so_dst, sizeof(so_dst));
1683 bzero(&so_mask, sizeof(so_mask));
1684 bzero(&rtm, sizeof(struct rt_msghdr));
1685
1686 rtm.rtm_type = RTM_GET;
1687 rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
1688 rtm.rtm_version = RTM_VERSION;
1689 rtm.rtm_seq = ++seq;
1690 rtm.rtm_addrs = rtm_addrs;
1691
1692 so_dst.sa_family = AF_INET;
1693 so_dst.sa_len = sizeof(struct sockaddr_in);
1694 so_mask.sa_family = AF_INET;
1695 so_mask.sa_len = sizeof(struct sockaddr_in);
1696
1697 NEXTADDR(RTA_DST, so_dst);
1698 NEXTADDR(RTA_NETMASK, so_mask);
1699
1700 rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
1701
1702 s = socket(PF_ROUTE, SOCK_RAW, 0);
1703
1704 if (write(s, (char *)&m_rtmsg, l) < 0)
1705 {
1706 warn("writing to routing socket");
1707 gc_free (&gc);
1708 close(s);
1709 return false;
1710 }
1711
1712 do {
1713 l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
1714 } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
1715
1716 close(s);
1717
1718 rtm_aux = &rtm;
1719
1720 cp = ((char *)(rtm_aux + 1));
1721 if (rtm_aux->rtm_addrs) {
1722 for (i = 1; i; i <<= 1)
1723 if (i & rtm_aux->rtm_addrs) {
1724 sa = (struct sockaddr *)cp;
1725 if (i == RTA_GATEWAY )
1726 gate = sa;
1727 ADVANCE(cp, sa);
1728 }
1729 }
1730 else
1731 {
1732 gc_free (&gc);
1733 return false;
1734 }
1735
1736
1737 if (gate != NULL )
1738 {
1739 *ret = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
1740 #if 0
1741 msg (M_INFO, "gw %s",
1742 print_in_addr_t ((in_addr_t) *ret, 0, &gc));
1743 #endif
1744
1745 if (netmask)
1746 {
1747 *netmask = 0xFFFFFF00; // FIXME -- get the real netmask of the adapter containing the default gateway
1748 }
1749
1750 gc_free (&gc);
1751 return true;
1752 }
1753 else
1754 {
1755 gc_free (&gc);
1756 return false;
1757 }
1758 }
1759
1760 #elif defined(TARGET_DARWIN)
1761
1762 #include <sys/types.h>
1763 #include <sys/socket.h>
1764 #include <netinet/in.h>
1765
1766 /* all of this is taken from <net/route.h> in Darwin */
1767 #define RTA_DST 0x1
1768 #define RTA_GATEWAY 0x2
1769 #define RTA_NETMASK 0x4
1770
1771 #define RTM_GET 0x4
1772 #define RTM_VERSION 5
1773
1774 #define RTF_UP 0x1
1775 #define RTF_GATEWAY 0x2
1776
1777 /*
1778 * These numbers are used by reliable protocols for determining
1779 * retransmission behavior and are included in the routing structure.
1780 */
1781 struct rt_metrics {
1782 u_long rmx_locks; /* Kernel must leave these values alone */
1783 u_long rmx_mtu; /* MTU for this path */
1784 u_long rmx_hopcount; /* max hops expected */
1785 u_long rmx_expire; /* lifetime for route, e.g. redirect */
1786 u_long rmx_recvpipe; /* inbound delay-bandwidth product */
1787 u_long rmx_sendpipe; /* outbound delay-bandwidth product */
1788 u_long rmx_ssthresh; /* outbound gateway buffer limit */
1789 u_long rmx_rtt; /* estimated round trip time */
1790 u_long rmx_rttvar; /* estimated rtt variance */
1791 u_long rmx_pksent; /* packets sent using this route */
1792 u_long rmx_filler[4]; /* will be used for T/TCP later */
1793 };
1794
1795 /*
1796 * Structures for routing messages.
1797 */
1798 struct rt_msghdr {
1799 u_short rtm_msglen; /* to skip over non-understood messages */
1800 u_char rtm_version; /* future binary compatibility */
1801 u_char rtm_type; /* message type */
1802 u_short rtm_index; /* index for associated ifp */
1803 int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
1804 int rtm_addrs; /* bitmask identifying sockaddrs in msg */
1805 pid_t rtm_pid; /* identify sender */
1806 int rtm_seq; /* for sender to identify action */
1807 int rtm_errno; /* why failed */
1808 int rtm_use; /* from rtentry */
1809 u_long rtm_inits; /* which metrics we are initializing */
1810 struct rt_metrics rtm_rmx; /* metrics themselves */
1811 };
1812
1813 struct {
1814 struct rt_msghdr m_rtm;
1815 char m_space[512];
1816 } m_rtmsg;
1817
1818 #define ROUNDUP(a) \
1819 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
1820
1821 bool
1822 get_default_gateway (in_addr_t *ret, in_addr_t *netmask)
1823 {
1824 struct gc_arena gc = gc_new ();
1825 int s, seq, l, pid, rtm_addrs, i;
1826 struct sockaddr so_dst, so_mask;
1827 char *cp = m_rtmsg.m_space;
1828 struct sockaddr *gate = NULL, *sa;
1829 struct rt_msghdr *rtm_aux;
1830
1831 #define NEXTADDR(w, u) \
1832 if (rtm_addrs & (w)) {\
1833 l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
1834 }
1835
1836 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
1837
1838 #define rtm m_rtmsg.m_rtm
1839
1840 pid = getpid();
1841 seq = 0;
1842 rtm_addrs = RTA_DST | RTA_NETMASK;
1843
1844 bzero(&so_dst, sizeof(so_dst));
1845 bzero(&so_mask, sizeof(so_mask));
1846 bzero(&rtm, sizeof(struct rt_msghdr));
1847
1848 rtm.rtm_type = RTM_GET;
1849 rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
1850 rtm.rtm_version = RTM_VERSION;
1851 rtm.rtm_seq = ++seq;
1852 rtm.rtm_addrs = rtm_addrs;
1853
1854 so_dst.sa_family = AF_INET;
1855 so_dst.sa_len = sizeof(struct sockaddr_in);
1856 so_mask.sa_family = AF_INET;
1857 so_mask.sa_len = sizeof(struct sockaddr_in);
1858
1859 NEXTADDR(RTA_DST, so_dst);
1860 NEXTADDR(RTA_NETMASK, so_mask);
1861
1862 rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
1863
1864 s = socket(PF_ROUTE, SOCK_RAW, 0);
1865
1866 if (write(s, (char *)&m_rtmsg, l) < 0)
1867 {
1868 msg (M_WARN, "ROUTE: problem writing to routing socket");
1869 gc_free (&gc);
1870 close(s);
1871 return false;
1872 }
1873
1874 do {
1875 l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
1876 } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
1877
1878 close(s);
1879
1880 rtm_aux = &rtm;
1881
1882 cp = ((char *)(rtm_aux + 1));
1883 if (rtm_aux->rtm_addrs) {
1884 for (i = 1; i; i <<= 1)
1885 if (i & rtm_aux->rtm_addrs) {
1886 sa = (struct sockaddr *)cp;
1887 if (i == RTA_GATEWAY )
1888 gate = sa;
1889 ADVANCE(cp, sa);
1890 }
1891 }
1892 else
1893 {
1894 gc_free (&gc);
1895 return false;
1896 }
1897
1898
1899 if (gate != NULL )
1900 {
1901 *ret = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
1902 #if 0
1903 msg (M_INFO, "gw %s",
1904 print_in_addr_t ((in_addr_t) *ret, 0, &gc));
1905 #endif
1906
1907 if (netmask)
1908 {
1909 *netmask = 0xFFFFFF00; // FIXME -- get the real netmask of the adapter containing the default gateway
1910 }
1911
1912 gc_free (&gc);
1913 return true;
1914 }
1915 else
1916 {
1917 gc_free (&gc);
1918 return false;
1919 }
1920 }
1921
1922 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1923
1924 #include <sys/types.h>
1925 #include <sys/socket.h>
1926 #include <netinet/in.h>
1927
1928 /* all of this is taken from <net/route.h> in OpenBSD 3.6 */
1929 #define RTA_DST 0x1 /* destination sockaddr present */
1930 #define RTA_GATEWAY 0x2 /* gateway sockaddr present */
1931 #define RTA_NETMASK 0x4 /* netmask sockaddr present */
1932
1933 #define RTM_GET 0x4 /* Report Metrics */
1934
1935 #define RTM_VERSION 3 /* Up the ante and ignore older versions */
1936
1937 #define RTF_UP 0x1 /* route usable */
1938 #define RTF_GATEWAY 0x2 /* destination is a gateway */
1939
1940 /*
1941 * Huge version for userland compatibility.
1942 */
1943 struct rt_metrics {
1944 u_long rmx_locks; /* Kernel must leave these values alone */
1945 u_long rmx_mtu; /* MTU for this path */
1946 u_long rmx_hopcount; /* max hops expected */
1947 u_long rmx_expire; /* lifetime for route, e.g. redirect */
1948 u_long rmx_recvpipe; /* inbound delay-bandwidth product */
1949 u_long rmx_sendpipe; /* outbound delay-bandwidth product */
1950 u_long rmx_ssthresh; /* outbound gateway buffer limit */
1951 u_long rmx_rtt; /* estimated round trip time */
1952 u_long rmx_rttvar; /* estimated rtt variance */
1953 u_long rmx_pksent; /* packets sent using this route */
1954 };
1955
1956 /*
1957 * Structures for routing messages.
1958 */
1959 struct rt_msghdr {
1960 u_short rtm_msglen; /* to skip over non-understood messages */
1961 u_char rtm_version; /* future binary compatibility */
1962 u_char rtm_type; /* message type */
1963 u_short rtm_index; /* index for associated ifp */
1964 int rtm_flags; /* flags, incl. kern & message, e.g. DONE */
1965 int rtm_addrs; /* bitmask identifying sockaddrs in msg */
1966 pid_t rtm_pid; /* identify sender */
1967 int rtm_seq; /* for sender to identify action */
1968 int rtm_errno; /* why failed */
1969 int rtm_use; /* from rtentry */
1970 u_long rtm_inits; /* which metrics we are initializing */
1971 struct rt_metrics rtm_rmx; /* metrics themselves */
1972 };
1973
1974 struct {
1975 struct rt_msghdr m_rtm;
1976 char m_space[512];
1977 } m_rtmsg;
1978
1979 #define ROUNDUP(a) \
1980 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
1981
1982 bool
1983 get_default_gateway (in_addr_t *ret, in_addr_t *netmask)
1984 {
1985 struct gc_arena gc = gc_new ();
1986 int s, seq, l, rtm_addrs, i;
1987 pid_t pid;
1988 struct sockaddr so_dst, so_mask;
1989 char *cp = m_rtmsg.m_space;
1990 struct sockaddr *gate = NULL, *sa;
1991 struct rt_msghdr *rtm_aux;
1992
1993 #define NEXTADDR(w, u) \
1994 if (rtm_addrs & (w)) {\
1995 l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
1996 }
1997
1998 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
1999
2000 #define rtm m_rtmsg.m_rtm
2001
2002 pid = getpid();
2003 seq = 0;
2004 rtm_addrs = RTA_DST | RTA_NETMASK;
2005
2006 bzero(&so_dst, sizeof(so_dst));
2007 bzero(&so_mask, sizeof(so_mask));
2008 bzero(&rtm, sizeof(struct rt_msghdr));
2009
2010 rtm.rtm_type = RTM_GET;
2011 rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
2012 rtm.rtm_version = RTM_VERSION;
2013 rtm.rtm_seq = ++seq;
2014 rtm.rtm_addrs = rtm_addrs;
2015
2016 so_dst.sa_family = AF_INET;
2017 so_dst.sa_len = sizeof(struct sockaddr_in);
2018 so_mask.sa_family = AF_INET;
2019 so_mask.sa_len = sizeof(struct sockaddr_in);
2020
2021 NEXTADDR(RTA_DST, so_dst);
2022 NEXTADDR(RTA_NETMASK, so_mask);
2023
2024 rtm.rtm_msglen = l = cp - (char *)&m_rtmsg;
2025
2026 s = socket(PF_ROUTE, SOCK_RAW, 0);
2027
2028 if (write(s, (char *)&m_rtmsg, l) < 0)
2029 {
2030 warn("writing to routing socket");
2031 gc_free (&gc);
2032 close(s);
2033 return false;
2034 }
2035
2036 do {
2037 l = read(s, (char *)&m_rtmsg, sizeof(m_rtmsg));
2038 } while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
2039
2040 close(s);
2041
2042 rtm_aux = &rtm;
2043
2044 cp = ((char *)(rtm_aux + 1));
2045 if (rtm_aux->rtm_addrs) {
2046 for (i = 1; i; i <<= 1)
2047 if (i & rtm_aux->rtm_addrs) {
2048 sa = (struct sockaddr *)cp;
2049 if (i == RTA_GATEWAY )
2050 gate = sa;
2051 ADVANCE(cp, sa);
2052 }
2053 }
2054 else
2055 {
2056 gc_free (&gc);
2057 return false;
2058 }
2059
2060
2061 if (gate != NULL )
2062 {
2063 *ret = ntohl(((struct sockaddr_in *)gate)->sin_addr.s_addr);
2064 #if 0
2065 msg (M_INFO, "gw %s",
2066 print_in_addr_t ((in_addr_t) *ret, 0, &gc));
2067 #endif
2068
2069 if (netmask)
2070 {
2071 *netmask = 0xFFFFFF00; // FIXME -- get the real netmask of the adapter containing the default gateway
2072 }
2073
2074 gc_free (&gc);
2075 return true;
2076 }
2077 else
2078 {
2079 gc_free (&gc);
2080 return false;
2081 }
2082 }
2083
2084 #else
2085
2086 bool
2087 get_default_gateway (in_addr_t *ret, in_addr_t *netmask) /* PLATFORM-SPECIFIC */
2088 {
2089 return false;
2090 }
2091
2092 #endif
2093
2094 bool
2095 netmask_to_netbits (const in_addr_t network, const in_addr_t netmask, int *netbits)
2096 {
2097 int i;
2098 const int addrlen = sizeof (in_addr_t) * 8;
2099
2100 if ((network & netmask) == network)
2101 {
2102 for (i = 0; i <= addrlen; ++i)
2103 {
2104 in_addr_t mask = netbits_to_netmask (i);
2105 if (mask == netmask)
2106 {
2107 if (i == addrlen)
2108 *netbits = -1;
2109 else
2110 *netbits = i;
2111 return true;
2112 }
2113 }
2114 }
2115 return false;
2116 }
2117
2118 /*
2119 * get_bypass_addresses() is used by the redirect-gateway bypass-x
2120 * functions to build a route bypass to selected DHCP/DNS servers,
2121 * so that outgoing packets to these servers don't end up in the tunnel.
2122 */
2123
2124 #if defined(WIN32)
2125
2126 static void
2127 add_host_route_if_nonlocal (struct route_bypass *rb, const in_addr_t addr)
2128 {
2129 if (test_local_addr(addr) == TLA_NONLOCAL && addr != 0 && addr != ~0)
2130 add_bypass_address (rb, addr);
2131 }
2132
2133 static void
2134 add_host_route_array (struct route_bypass *rb, const IP_ADDR_STRING *iplist)
2135 {
2136 while (iplist)
2137 {
2138 bool succeed = false;
2139 const in_addr_t ip = getaddr (GETADDR_HOST_ORDER, iplist->IpAddress.String, 0, &succeed, NULL);
2140 if (succeed)
2141 {
2142 add_host_route_if_nonlocal (rb, ip);
2143 }
2144 iplist = iplist->Next;
2145 }
2146 }
2147
2148 static void
2149 get_bypass_addresses (struct route_bypass *rb, const unsigned int flags)
2150 {
2151 struct gc_arena gc = gc_new ();
2152 /*bool ret_bool = false;*/
2153
2154 /* get full routing table */
2155 const MIB_IPFORWARDTABLE *routes = get_windows_routing_table (&gc);
2156
2157 /* get the route which represents the default gateway */
2158 const MIB_IPFORWARDROW *row = get_default_gateway_row (routes);
2159
2160 if (row)
2161 {
2162 /* get the adapter which the default gateway is associated with */
2163 const IP_ADAPTER_INFO *dgi = get_adapter_info (row->dwForwardIfIndex, &gc);
2164
2165 /* get extra adapter info, such as DNS addresses */
2166 const IP_PER_ADAPTER_INFO *pai = get_per_adapter_info (row->dwForwardIfIndex, &gc);
2167
2168 /* Bypass DHCP server address */
2169 if ((flags & RG_BYPASS_DHCP) && dgi && dgi->DhcpEnabled)
2170 add_host_route_array (rb, &dgi->DhcpServer);
2171
2172 /* Bypass DNS server addresses */
2173 if ((flags & RG_BYPASS_DNS) && pai)
2174 add_host_route_array (rb, &pai->DnsServerList);
2175 }
2176
2177 gc_free (&gc);
2178 }
2179
2180 #else
2181
2182 static void
2183 get_bypass_addresses (struct route_bypass *rb, const unsigned int flags) /* PLATFORM-SPECIFIC */
2184 {
2185 }
2186
2187 #endif
2188
2189 #if AUTO_USERID
2190
2191 #if defined(TARGET_LINUX)
2192
2193 bool
2194 get_default_gateway_mac_addr (unsigned char *macaddr)
2195 {
2196 struct ifreq *ifr, *ifend;
2197 in_addr_t ina, mask;
2198 struct ifreq ifreq;
2199 struct ifconf ifc;
2200 struct ifreq ifs[20]; // Maximum number of interfaces to scan
2201 int sd = -1;
2202 in_addr_t gwip = 0;
2203 bool ret = false;
2204
2205 if (!get_default_gateway (&gwip, NULL))
2206 {
2207 msg (M_WARN, "GDGMA: get_default_gateway failed");
2208 goto err;
2209 }
2210
2211 if ((sd = socket (AF_INET, SOCK_DGRAM, 0)) < 0)
2212 {
2213 msg (M_WARN, "GDGMA: socket() failed");
2214 goto err;
2215 }
2216
2217 ifc.ifc_len = sizeof (ifs);
2218 ifc.ifc_req = ifs;
2219 if (ioctl (sd, SIOCGIFCONF, &ifc) < 0)
2220 {
2221 msg (M_WARN, "GDGMA: ioctl(SIOCGIFCONF) failed");
2222 goto err;
2223 }
2224
2225 /* scan through interface list */
2226 ifend = ifs + (ifc.ifc_len / sizeof (struct ifreq));
2227 for (ifr = ifc.ifc_req; ifr < ifend; ifr++)
2228 {
2229 if (ifr->ifr_addr.sa_family == AF_INET)
2230 {
2231 ina = ntohl(((struct sockaddr_in *) &ifr->ifr_addr)->sin_addr.s_addr);
2232 strncpynt (ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name));
2233
2234 dmsg (D_AUTO_USERID, "GDGMA: %s", ifreq.ifr_name);
2235
2236 /* check that the interface is up, and not point-to-point or loopback */
2237 if (ioctl (sd, SIOCGIFFLAGS, &ifreq) < 0)
2238 {
2239 dmsg (D_AUTO_USERID, "GDGMA: SIOCGIFFLAGS(%s) failed", ifreq.ifr_name);
2240 continue;
2241 }
2242
2243 if ((ifreq.ifr_flags & (IFF_UP|IFF_LOOPBACK)) != IFF_UP)
2244 {
2245 dmsg (D_AUTO_USERID, "GDGMA: interface %s is down or loopback", ifreq.ifr_name);
2246 continue;
2247 }
2248
2249 /* get interface netmask and check for correct subnet */
2250 if (ioctl (sd, SIOCGIFNETMASK, &ifreq) < 0)
2251 {
2252 dmsg (D_AUTO_USERID, "GDGMA: SIOCGIFNETMASK(%s) failed", ifreq.ifr_name);
2253 continue;
2254 }
2255
2256 mask = ntohl(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr.s_addr);
2257 if (((gwip ^ ina) & mask) != 0)
2258 {
2259 dmsg (D_AUTO_USERID, "GDGMA: gwip=0x%08x ina=0x%08x mask=0x%08x",
2260 (unsigned int)gwip,
2261 (unsigned int)ina,
2262 (unsigned int)mask);
2263 continue;
2264 }
2265 break;
2266 }
2267 }
2268 if (ifr >= ifend)
2269 {
2270 msg (M_WARN, "GDGMA: couldn't find gw interface");
2271 goto err;
2272 }
2273
2274 /* now get the hardware address. */
2275 memset (&ifreq.ifr_hwaddr, 0, sizeof (struct sockaddr));
2276 if (ioctl (sd, SIOCGIFHWADDR, &ifreq) < 0)
2277 {
2278 msg (M_WARN, "GDGMA: SIOCGIFHWADDR(%s) failed", ifreq.ifr_name);
2279 goto err;
2280 }
2281
2282 memcpy (macaddr, &ifreq.ifr_hwaddr.sa_data, 6);
2283 ret = true;
2284
2285 err:
2286 if (sd >= 0)
2287 close (sd);
2288 return ret;
2289 }
2290
2291 #elif defined(WIN32)
2292
2293 bool
2294 get_default_gateway_mac_addr (unsigned char *macaddr)
2295 {
2296 struct gc_arena gc = gc_new ();
2297 const IP_ADAPTER_INFO *adapters = get_adapter_info_list (&gc);
2298 in_addr_t gwip = 0;
2299 DWORD a_index;
2300 const IP_ADAPTER_INFO *ai;
2301
2302 if (!get_default_gateway (&gwip, NULL))
2303 {
2304 msg (M_WARN, "GDGMA: get_default_gateway failed");
2305 goto err;
2306 }
2307
2308 a_index = adapter_index_of_ip (adapters, gwip, NULL, NULL);
2309 ai = get_adapter (adapters, a_index);
2310
2311 if (!ai)
2312 {
2313 msg (M_WARN, "GDGMA: couldn't find gw interface");
2314 goto err;
2315 }
2316
2317 memcpy (macaddr, ai->Address, 6);
2318
2319 gc_free (&gc);
2320 return true;
2321
2322 err:
2323 gc_free (&gc);
2324 return false;
2325 }
2326
2327 #else
2328
2329 bool
2330 get_default_gateway_mac_addr (unsigned char *macaddr) /* PLATFORM-SPECIFIC */
2331 {
2332 return false;
2333 }
2334
2335 #endif
2336 #endif /* AUTO_USERID */
2337
2338 /*
2339 * Test if addr is reachable via a local interface (return ILA_LOCAL),
2340 * or if it needs to be routed via the default gateway (return
2341 * ILA_NONLOCAL). If the target platform doesn't implement this
2342 * function, return ILA_NOT_IMPLEMENTED.
2343 *
2344 * Used by redirect-gateway autolocal feature
2345 */
2346
2347 #if defined(WIN32)
2348
2349 int
2350 test_local_addr (const in_addr_t addr)
2351 {
2352 struct gc_arena gc = gc_new ();
2353 const in_addr_t nonlocal_netmask = 0x80000000L; /* routes with netmask <= to this are considered non-local */
2354 bool ret = TLA_NONLOCAL;
2355
2356 /* get full routing table */
2357 const MIB_IPFORWARDTABLE *rt = get_windows_routing_table (&gc);
2358 if (rt)
2359 {
2360 int i;
2361 for (i = 0; i < rt->dwNumEntries; ++i)
2362 {
2363 const MIB_IPFORWARDROW *row = &rt->table[i];
2364 const in_addr_t net = ntohl (row->dwForwardDest);
2365 const in_addr_t mask = ntohl (row->dwForwardMask);
2366 if (mask > nonlocal_netmask && (addr & mask) == net)
2367 {
2368 ret = TLA_LOCAL;
2369 break;
2370 }
2371 }
2372 }
2373
2374 gc_free (&gc);
2375 return ret;
2376 }
2377
2378 #else
2379
2380
2381 int
2382 test_local_addr (const in_addr_t addr) /* PLATFORM-SPECIFIC */
2383 {
2384 return TLA_NOT_IMPLEMENTED;
2385 }
2386
2387 #endif
Tomato firmware and modifications.