| blob | dd69d8ed001c9a1c5b57ccfb77cdc82096d52cdb |
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
25 /*
26 * Support routines for adding/deleting network routes.
27 */
29 #ifdef HAVE_CONFIG_H
31 #elif defined(_MSC_VER)
33 #endif
48 #ifdef WIN32
49 #define METRIC_NOT_USED ((DWORD)-1)
50 #endif
52 static void delete_route (struct route *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es);
56 #ifdef ENABLE_DEBUG
58 static void
60 {
64 {
66 i,
68 }
70 }
72 #endif
74 static bool
76 {
79 {
82 }
84 {
87 }
88 else
89 {
91 }
92 }
96 {
101 }
105 {
107 ALLOC_VAR_ARRAY_CLEAR_GC (ret, struct route_ipv6_option_list, struct route_ipv6_option, max_routes, a);
110 }
114 {
115 const size_t rl_size = array_mult_safe (sizeof(struct route_option), src->capacity, sizeof(struct route_option_list));
119 }
123 {
124 const size_t rl_size = array_mult_safe (sizeof(struct route_ipv6_option), src->capacity, sizeof(struct route_ipv6_option_list));
128 }
130 void
132 {
133 const size_t src_size = array_mult_safe (sizeof(struct route_option), src->capacity, sizeof(struct route_option_list));
135 msg (M_FATAL, PACKAGE_NAME " ROUTE: (copy) number of route options in src (%d) is greater than route list capacity in dest (%d)", src->capacity, dest->capacity);
137 }
139 void
142 {
143 const size_t src_size = array_mult_safe (sizeof(struct route_ipv6_option), src->capacity, sizeof(struct route_ipv6_option_list));
145 msg (M_FATAL, PACKAGE_NAME " ROUTE: (copy) number of route options in src (%d) is greater than route list capacity in dest (%d)", src->capacity, dest->capacity);
147 }
151 {
156 }
160 {
165 }
169 {
175 );
179 }
181 static bool
183 {
189 }
191 static void
193 {
198 else
202 }
204 static bool
209 {
213 {
215 {
218 else
219 {
223 }
224 }
226 }
228 {
230 {
233 else
234 {
235 msg (M_INFO, PACKAGE_NAME " ROUTE: net_gateway undefined -- unable to get default gateway from system");
238 }
239 }
241 }
243 {
245 {
248 else
249 {
253 }
254 }
256 }
258 }
260 bool
262 {
265 else
267 }
269 static bool
274 {
283 /* network */
286 {
288 }
291 /* get_special_addr replaces specialaddr with a special ip addr
292 like gw. getaddrinfo is called to convert a a addrinfo struct */
295 {
299 }
300 else
309 /* netmask */
312 {
314 GETADDR_HOST_ORDER
319 NULL);
322 }
323 else
326 /* gateway */
329 {
331 {
333 GETADDR_RESOLVE
334 | GETADDR_HOST_ORDER
339 NULL);
340 }
343 }
344 else
345 {
348 else
349 {
350 msg (M_WARN, PACKAGE_NAME " ROUTE: " PACKAGE_NAME " needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options");
352 }
353 }
355 /* metric */
359 {
362 {
367 }
369 }
371 {
374 }
380 fail:
384 }
386 static bool
390 {
396 /* gateway */
398 {
400 {
402 }
403 }
405 {
407 }
408 else
409 {
410 msg (M_WARN, PACKAGE_NAME " ROUTE6: " PACKAGE_NAME " needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options");
412 }
414 /* metric */
419 {
422 {
427 }
429 }
431 {
434 }
440 fail:
445 }
447 void
453 {
456 msg (M_FATAL, PACKAGE_NAME " ROUTE: cannot add more than %d routes -- please increase the max-routes option in the client configuration file",
464 }
466 void
471 {
474 msg (M_FATAL, PACKAGE_NAME " ROUTE: cannot add more than %d IPv6 routes -- please increase the max-routes option in the client configuration file",
481 }
483 void
485 {
487 const size_t rl_size = array_mult_safe (sizeof(struct route), capacity, sizeof(struct route_list));
490 }
492 void
494 {
496 const size_t rl6_size = array_mult_safe (sizeof(struct route_ipv6), capacity, sizeof(struct route_ipv6_list));
499 }
501 void
505 {
509 }
511 static void
514 in_addr_t target)
515 {
520 {
524 /* split a route into two smaller blocking routes, and direct them to target */
534 }
535 }
537 static void
539 {
545 {
548 /* add bypass for gateway addr */
551 /* block access to local subnet */
554 /* process additional subnets on gateway interface */
556 {
558 /* omit the add/subnet in &rl->rgi which we processed above */
562 }
563 }
564 }
566 bool
571 in_addr_t remote_host,
573 {
582 {
585 }
588 {
591 }
595 {
597 #ifdef ENABLE_DEBUG
599 #endif
600 }
601 else
602 {
604 }
610 {
613 GETADDR_RESOLVE
614 | GETADDR_HOST_ORDER
616 remote_endpoint,
619 NULL);
622 {
625 }
626 else
627 {
629 remote_endpoint);
631 }
632 }
635 {
638 #ifdef ENABLE_DEBUG
640 #endif
641 }
643 /* parse the routes from opt to rl */
644 {
649 {
656 rl))
658 else
659 {
662 {
664 {
667 }
668 else
669 {
671 {
672 msg (M_WARN, PACKAGE_NAME " ROUTE: routes dropped because number of expanded routes is greater than route list capacity (%d)", rl->capacity);
674 }
675 }
676 }
678 }
679 }
681 }
685 }
687 bool
693 {
702 {
705 }
707 /* "default_gateway" is stuff for "redirect-gateway", which we don't
708 * do for IPv6 yet -> TODO
709 */
710 {
712 }
715 {
718 {
720 }
721 else
722 {
723 msg (M_WARN, PACKAGE_NAME " ROUTE: failed to parse/resolve default gateway: %s", remote_endpoint);
725 }
726 }
727 else
732 msg (M_FATAL, PACKAGE_NAME " ROUTE6: (init) number of route options (%d) is greater than route list capacity (%d)", opt6->n, rl6->capacity);
734 /* parse the routes from opt to rl6 */
735 {
738 {
741 rl6 ))
743 else
745 }
747 }
751 }
753 static void
755 in_addr_t netmask,
756 in_addr_t gateway,
761 {
769 }
771 static void
773 in_addr_t netmask,
774 in_addr_t gateway,
779 {
787 }
789 static void
791 in_addr_t gateway,
796 {
799 {
802 IPV4_NETMASK_HOST,
803 gateway,
804 tt,
806 rgi,
807 es);
808 }
809 }
811 static void
813 in_addr_t gateway,
818 {
821 {
824 IPV4_NETMASK_HOST,
825 gateway,
826 tt,
828 rgi,
829 es);
830 }
831 }
833 static void
834 redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
835 {
839 {
841 {
843 }
845 {
847 }
849 {
851 }
852 else
853 {
858 {
861 }
863 {
866 }
867 }
869 {
870 /* route remote host to original default gateway */
871 /* if remote_host is not ipv4 (ie: ipv6), just skip
872 * adding this special /32 route */
875 IPV4_NETMASK_HOST,
877 tt,
880 es);
884 }
885 }
887 /* route DHCP/DNS server traffic through original default gateway */
891 {
893 {
894 /* add new default route (1st component) */
898 tt,
899 flags,
901 es);
903 /* add new default route (2nd component) */
907 tt,
908 flags,
910 es);
911 }
912 else
913 {
914 /* delete default route */
918 tt,
921 es);
923 /* add new default route */
927 tt,
928 flags,
930 es);
931 }
932 }
934 /* set a flag so we can undo later */
936 }
937 }
938 }
940 static void
941 undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
942 {
944 {
945 /* delete remote host route */
947 {
949 IPV4_NETMASK_HOST,
951 tt,
954 es);
956 }
958 /* delete special DHCP/DNS bypass route */
962 {
964 {
965 /* delete default route (1st component) */
969 tt,
970 flags,
972 es);
974 /* delete default route (2nd component) */
978 tt,
979 flags,
981 es);
982 }
983 else
984 {
985 /* delete default route */
989 tt,
990 flags,
992 es);
994 /* restore original default route */
998 tt,
1001 es);
1002 }
1003 }
1006 }
1007 }
1009 void
1010 add_routes (struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1011 {
1014 {
1017 #ifdef ENABLE_MANAGEMENT
1019 {
1021 OPENVPN_STATE_ADD_ROUTES,
1022 NULL,
1025 }
1026 #endif
1029 {
1035 }
1037 }
1039 {
1043 {
1048 }
1050 }
1051 }
1053 void
1056 {
1058 {
1061 {
1064 }
1066 }
1071 {
1073 }
1076 {
1079 {
1082 }
1084 }
1087 {
1089 }
1090 }
1092 #ifdef ENABLE_DEBUG
1096 {
1099 else
1101 }
1103 static void
1105 {
1111 }
1113 void
1116 {
1123 }
1125 void
1127 {
1130 {
1135 else
1139 #ifdef WIN32
1142 #else
1145 #endif
1149 }
1151 }
1153 #endif
1155 static void
1157 {
1162 }
1164 void
1166 {
1170 }
1172 static void
1174 {
1177 {
1183 {
1187 }
1188 }
1190 }
1192 void
1194 {
1198 }
1200 static void
1202 {
1205 {
1217 }
1219 }
1220 void
1222 {
1226 }
1228 /*
1229 * local_route() determines whether the gateway of a provided host
1230 * route is on the same interface that owns the default gateway.
1231 * It uses the data structure
1232 * returned by get_default_gateway() (struct route_gateway_info)
1233 * to determine this. If the route is local, LR_MATCH is returned.
1234 * When adding routes into the kernel, if LR_MATCH is defined for
1235 * a given route, the route should explicitly reference the default
1236 * gateway interface as the route destination. For example, here
1237 * is an example on Linux that uses LR_MATCH:
1238 *
1239 * route add -net 10.10.0.1 netmask 255.255.255.255 dev eth0
1240 *
1241 * This capability is needed by the "default-gateway block-local"
1242 * directive, to allow client access to the local subnet to be
1243 * blocked but still allow access to the local default gateway.
1244 */
1246 /* local_route() return values */
1251 static int
1253 in_addr_t netmask,
1254 in_addr_t gateway,
1256 {
1257 /* set LR_MATCH on local host routes */
1263 {
1266 else
1267 {
1268 /* examine additional subnets on gateway interface */
1271 {
1275 }
1276 }
1277 }
1279 }
1281 /* Return true if the "on-link" form of the route should be used. This is when the gateway for a
1282 a route is specified as an interface rather than an address. */
1284 is_on_link (const int is_local_route, const unsigned int flags, const struct route_gateway_info *rgi)
1285 {
1286 return rgi && (is_local_route == LR_MATCH || ((flags & ROUTE_REF_GW) && (rgi->flags & RGI_ON_LINK)));
1287 }
1289 void
1295 {
1318 #if defined(TARGET_LINUX)
1319 #ifdef ENABLE_IPROUTE
1320 /* FIXME -- add on-link support for ENABLE_IPROUTE */
1322 iproute_path,
1323 network,
1325 gateway);
1329 #else
1331 ROUTE_PATH,
1332 network,
1333 netmask);
1338 else
1345 #elif defined (WIN32)
1346 {
1350 WIN_ROUTE_PATH_SUFFIX,
1351 network,
1352 netmask,
1353 gateway);
1357 {
1360 }
1365 {
1368 }
1370 {
1374 }
1376 {
1380 {
1383 status = openvpn_execve_check (&argv, es, 0, "ERROR: Windows route add command failed [adaptive]");
1385 }
1386 }
1387 else
1388 {
1390 }
1391 }
1393 #elif defined (TARGET_SOLARIS)
1395 /* example: route add 192.0.2.32 -netmask 255.255.255.224 somegateway */
1398 ROUTE_PATH);
1400 #if 0
1403 #endif
1406 network,
1407 netmask,
1408 gateway);
1410 /* FIXME -- add on-link support for Solaris */
1415 #elif defined(TARGET_FREEBSD)
1418 ROUTE_PATH);
1420 #if 0
1423 #endif
1426 network,
1427 gateway,
1428 netmask);
1430 /* FIXME -- add on-link support for FreeBSD */
1435 #elif defined(TARGET_DRAGONFLY)
1438 ROUTE_PATH);
1440 #if 0
1443 #endif
1446 network,
1447 gateway,
1448 netmask);
1450 /* FIXME -- add on-link support for Dragonfly */
1455 #elif defined(TARGET_DARWIN)
1458 ROUTE_PATH);
1460 #if 0
1463 #endif
1466 {
1467 /* Mac OS X route syntax for ON_LINK:
1468 route add -cloning -net 10.10.0.1 -netmask 255.255.255.255 -interface en0 */
1470 network,
1471 netmask,
1473 }
1474 else
1475 {
1477 network,
1478 gateway,
1479 netmask);
1480 }
1485 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1488 ROUTE_PATH);
1490 #if 0
1493 #endif
1496 network,
1497 gateway,
1498 netmask);
1500 /* FIXME -- add on-link support for OpenBSD/NetBSD */
1503 status = openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed");
1505 #else
1506 msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1507 #endif
1509 done:
1512 else
1516 }
1522 {
1523 /* clear host bit parts of route
1524 * (needed if routes are specified improperly, or if we need to
1525 * explicitely setup/clear the "connected" network routes on some OSes)
1526 */
1531 {
1534 else
1536 }
1539 }
1541 void
1542 add_route_ipv6 (struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1543 {
1564 {
1568 }
1573 /*
1574 * Filter out routes which are essentially no-ops
1575 * (not currently done for IPv6)
1576 */
1578 /* On "tun" interface, we never set a gateway if the operating system
1579 * can do "route to interface" - it does not add value, as the target
1580 * dev already fully qualifies the route destination on point-to-point
1581 * interfaces. OTOH, on "tap" interface, we must always set the
1582 * gateway unless the route is to be an on-link network
1583 */
1586 {
1588 }
1590 #if defined(TARGET_LINUX)
1591 #ifdef ENABLE_IPROUTE
1593 iproute_path,
1594 network,
1596 device);
1602 #else
1604 ROUTE_PATH,
1605 network,
1607 device);
1614 status = openvpn_execve_check (&argv, es, 0, "ERROR: Linux route -6/-A inet6 add command failed");
1616 #elif defined (WIN32)
1618 /* netsh interface ipv6 add route 2001:db8::/32 MyTunDevice */
1621 NETSH_PATH_SUFFIX,
1622 network,
1624 device);
1626 /* next-hop depends on TUN or TAP mode:
1627 * - in TAP mode, we use the "real" next-hop
1628 * - in TUN mode we use a special-case link-local address that the tapdrvr
1629 * knows about and will answer ND (neighbor discovery) packets for
1630 */
1633 else
1636 #if 0
1639 #endif
1641 /* in some versions of Windows, routes are persistent across reboots by
1642 * default, unless "store=active" is set (pointed out by Tony Lim, thanks)
1643 */
1652 #elif defined (TARGET_SOLARIS)
1654 /* example: route add -inet6 2001:db8::/32 somegateway 0 */
1656 /* for some weird reason, this does not work for me unless I set
1657 * "metric 0" - otherwise, the routes will be nicely installed, but
1658 * packets will just disappear somewhere. So we use "0" now...
1659 */
1662 ROUTE_PATH,
1663 network,
1665 gateway );
1668 status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
1670 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
1673 ROUTE_PATH,
1674 network,
1679 else
1685 #elif defined(TARGET_DARWIN)
1688 ROUTE_PATH,
1693 else
1697 status = openvpn_execve_check (&argv, es, 0, "ERROR: MacOS X route add -inet6 command failed");
1699 #elif defined(TARGET_OPENBSD)
1702 ROUTE_PATH,
1706 status = openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD route add -inet6 command failed");
1708 #elif defined(TARGET_NETBSD)
1711 ROUTE_PATH,
1717 #else
1718 msg (M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-up script");
1719 #endif
1724 }
1726 static void
1732 {
1754 #if defined(TARGET_LINUX)
1755 #ifdef ENABLE_IPROUTE
1757 iproute_path,
1758 network,
1760 #else
1762 ROUTE_PATH,
1763 network,
1764 netmask);
1771 #elif defined (WIN32)
1775 WIN_ROUTE_PATH_SUFFIX,
1776 network,
1777 netmask,
1778 gateway);
1783 {
1786 }
1788 {
1792 }
1794 {
1798 {
1803 }
1804 }
1805 else
1806 {
1808 }
1810 #elif defined (TARGET_SOLARIS)
1813 ROUTE_PATH,
1814 network,
1815 netmask,
1816 gateway);
1821 #elif defined(TARGET_FREEBSD)
1824 ROUTE_PATH,
1825 network,
1826 gateway,
1827 netmask);
1832 #elif defined(TARGET_DRAGONFLY)
1835 ROUTE_PATH,
1836 network,
1837 gateway,
1838 netmask);
1843 #elif defined(TARGET_DARWIN)
1846 {
1848 ROUTE_PATH,
1849 network,
1850 netmask,
1852 }
1853 else
1854 {
1856 ROUTE_PATH,
1857 network,
1858 gateway,
1859 netmask);
1860 }
1865 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
1868 ROUTE_PATH,
1869 network,
1870 gateway,
1871 netmask);
1876 #else
1877 msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script");
1878 #endif
1880 done:
1884 }
1886 void
1887 delete_route_ipv6 (const struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
1888 {
1906 {
1910 }
1914 /* if we used a gateway on "add route", we also need to specify it on
1915 * delete, otherwise some OSes will refuse to delete the route
1916 */
1919 {
1921 }
1924 #if defined(TARGET_LINUX)
1925 #ifdef ENABLE_IPROUTE
1927 iproute_path,
1928 network,
1930 device);
1933 #else
1935 ROUTE_PATH,
1936 network,
1938 device);
1947 #elif defined (WIN32)
1949 /* netsh interface ipv6 delete route 2001:db8::/32 MyTunDevice */
1952 NETSH_PATH_SUFFIX,
1953 network,
1955 device);
1957 /* next-hop depends on TUN or TAP mode:
1958 * - in TAP mode, we use the "real" next-hop
1959 * - in TUN mode we use a special-case link-local address that the tapdrvr
1960 * knows about and will answer ND (neighbor discovery) packets for
1961 * (and "route deletion without specifying next-hop" does not work...)
1962 */
1965 else
1968 #if 0
1971 #endif
1979 #elif defined (TARGET_SOLARIS)
1981 /* example: route delete -inet6 2001:db8::/32 somegateway */
1982 /* GERT-TODO: this is untested, but should work */
1985 ROUTE_PATH,
1986 network,
1988 gateway );
1993 #elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
1996 ROUTE_PATH,
1997 network,
2002 else
2008 #elif defined(TARGET_DARWIN)
2011 ROUTE_PATH,
2016 else
2022 #elif defined(TARGET_OPENBSD)
2025 ROUTE_PATH,
2031 #elif defined(TARGET_NETBSD)
2034 ROUTE_PATH,
2040 #else
2041 msg (M_FATAL, "Sorry, but I don't know how to do 'route ipv6' commands on this operating system. Try putting your routes in a --route-down script");
2042 #endif
2046 }
2048 /*
2049 * The --redirect-gateway option requires OS-specific code below
2050 * to get the current default gateway.
2051 */
2053 #if defined(WIN32)
2057 {
2060 DWORD status;
2064 {
2068 {
2073 }
2074 }
2076 }
2078 static int
2082 {
2088 }
2090 static void
2097 {
2104 else
2108 }
2110 /*
2111 * If we tried to add routes now, would we succeed?
2112 */
2113 bool
2115 {
2125 {
2130 {
2137 }
2138 }
2141 good,
2142 count,
2145 ambig,
2150 }
2154 {
2162 {
2164 {
2172 i,
2179 {
2183 }
2184 }
2185 }
2191 }
2193 void
2195 {
2201 DWORD a_index;
2207 {
2210 {
2214 {
2219 {
2222 }
2223 }
2224 }
2225 }
2228 }
2230 static DWORD
2232 {
2240 /* first test on tun interface */
2242 {
2246 }
2248 {
2250 }
2253 {
2257 }
2259 {
2262 count);
2264 }
2267 on_tun,
2268 count,
2273 }
2275 bool
2277 {
2280 DWORD status;
2281 const DWORD if_index = (adapter_index == TUN_ADAPTER_INDEX_INVALID) ? windows_route_find_if_index (r, tt) : adapter_index;
2284 {
2285 MIB_IPFORWARDROW fr;
2311 else
2312 {
2313 /* failed, try increasing the metric to work around Vista issue */
2314 const unsigned int forward_metric_limit = 2048; /* iteratively retry higher metrics up to this limit */
2317 {
2318 /* try a different forward type=3 ("the next hop is the final dest") in addition to 4.
2319 --redirect-gateway over RRAS seems to need this. */
2321 {
2324 {
2325 msg (D_ROUTE, "ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=%u and dwForwardType=%u",
2330 }
2333 }
2334 }
2336 doublebreak:
2338 msg (M_WARN, "ROUTE: route addition failed using CreateIpForwardEntry: %s [status=%u if_index=%u]",
2342 }
2343 }
2347 }
2349 bool
2351 {
2354 DWORD status;
2358 {
2359 MIB_IPFORWARDROW fr;
2372 else
2375 }
2379 }
2383 {
2401 }
2403 /*
2404 * Show current routing table
2405 */
2406 void
2408 {
2416 {
2418 {
2420 }
2421 }
2423 }
2425 #elif defined(TARGET_LINUX)
2427 void
2429 {
2437 /* get default gateway IP addr */
2438 {
2441 {
2448 {
2450 {
2459 name,
2466 {
2472 {
2477 }
2478 }
2479 }
2481 }
2485 {
2490 }
2491 }
2492 }
2494 /* scan adapter list */
2496 {
2504 {
2507 }
2511 {
2514 }
2516 /* scan through interface list */
2519 {
2521 {
2522 /* get interface addr */
2525 /* get interface name */
2528 /* check that the interface is up */
2535 {
2536 /* check that interface name of current interface
2537 matches interface name of best default route */
2540 #if 0
2541 /* if point-to-point link, use remote addr as route gateway */
2543 {
2547 }
2548 #endif
2549 }
2550 else
2551 {
2552 /* get interface netmask */
2557 /* check that interface matches default route */
2561 /* save netmask */
2564 }
2566 /* save iface name */
2570 /* now get the hardware address. */
2573 {
2576 }
2581 }
2582 }
2583 }
2585 done:
2589 }
2591 #elif defined(TARGET_FREEBSD)||defined(TARGET_DRAGONFLY)
2593 #include <sys/types.h>
2594 #include <sys/socket.h>
2595 #include <netinet/in.h>
2597 /* all of this is taken from <net/route.h> in FreeBSD */
2598 #define RTA_DST 0x1
2599 #define RTA_GATEWAY 0x2
2600 #define RTA_NETMASK 0x4
2602 #define RTM_GET 0x4
2603 #define RTM_VERSION 5
2605 #define RTF_UP 0x1
2606 #define RTF_GATEWAY 0x2
2608 /*
2609 * These numbers are used by reliable protocols for determining
2610 * retransmission behavior and are included in the routing structure.
2611 */
2624 };
2626 /*
2627 * Structures for routing messages.
2628 */
2642 };
2649 #define ROUNDUP(a) \
2650 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
2652 /*
2653 * FIXME -- add support for netmask, hwaddr, and iface
2654 */
2655 void
2657 {
2665 #define NEXTADDR(w, u) \
2666 if (rtm_addrs & (w)) {\
2667 l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
2668 }
2670 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
2672 #define rtm m_rtmsg.m_rtm
2703 {
2708 }
2726 }
2727 }
2728 else
2729 {
2732 }
2736 {
2741 }
2742 else
2743 {
2745 }
2746 }
2748 #elif defined(TARGET_DARWIN)
2750 #include <sys/types.h>
2751 #include <sys/socket.h>
2752 #include <netinet/in.h>
2753 #include <net/route.h>
2754 #include <net/if_dl.h>
2759 };
2761 #define ROUNDUP(a) \
2762 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(uint32_t) - 1))) : sizeof(uint32_t))
2764 #define NEXTADDR(w, u) \
2765 if (rtm_addrs & (w)) {\
2766 l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
2767 }
2769 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
2771 #define max(a,b) ((a) > (b) ? (a) : (b))
2773 void
2775 {
2785 # define rtm m_rtmsg.m_rtm
2789 /* setup data to send to routing socket */
2815 /* transact with routing socket */
2818 {
2821 }
2823 {
2826 }
2833 /* extract return data from routing socket */
2837 {
2839 {
2841 {
2848 }
2849 }
2850 }
2851 else
2854 /* get gateway addr and interface name */
2856 {
2857 /* get default gateway addr */
2863 {
2864 /* get interface name */
2868 {
2872 }
2873 }
2874 }
2876 /* get netmask of interface that owns default gateway */
2882 {
2885 }
2892 {
2895 }
2901 }
2903 /* try to read MAC addr associated with interface that owns default gateway */
2905 {
2914 {
2917 }
2923 {
2926 }
2931 {
2937 {
2939 {
2943 }
2944 }
2946 }
2947 }
2949 done:
2953 }
2955 #undef max
2957 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
2959 #include <sys/types.h>
2960 #include <sys/socket.h>
2961 #include <netinet/in.h>
2963 /* all of this is taken from <net/route.h> in OpenBSD 3.6 */
2975 /*
2976 * Huge version for userland compatibility.
2977 */
2989 };
2991 /*
2992 * Structures for routing messages.
2993 */
3007 };
3014 #define ROUNDUP(a) \
3015 ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
3017 /*
3018 * FIXME -- add support for netmask, hwaddr, and iface
3019 */
3020 void
3022 {
3025 pid_t pid;
3031 #define NEXTADDR(w, u) \
3032 if (rtm_addrs & (w)) {\
3033 l = ROUNDUP(u.sa_len); memmove(cp, &(u), l); cp += l;\
3034 }
3036 #define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
3038 #define rtm m_rtmsg.m_rtm
3069 {
3074 }
3092 }
3093 }
3094 else
3095 {
3098 }
3102 {
3107 }
3108 else
3109 {
3111 }
3112 }
3114 #else
3116 /*
3117 * This is a platform-specific method that returns data about
3118 * the current default gateway. Return data is placed into
3119 * a struct route_gateway_info object provided by caller. The
3120 * implementation should CLEAR the structure before adding
3121 * data to it.
3122 *
3123 * Data returned includes:
3124 * 1. default gateway address (rgi->gateway.addr)
3125 * 2. netmask of interface that owns default gateway
3126 * (rgi->gateway.netmask)
3127 * 3. hardware address (i.e. MAC address) of interface that owns
3128 * default gateway (rgi->hwaddr)
3129 * 4. interface name (or adapter index on Windows) that owns default
3130 * gateway (rgi->iface or rgi->adapter_index)
3131 * 5. an array of additional address/netmask pairs defined by
3132 * interface that owns default gateway (rgi->addrs with length
3133 * given in rgi->n_addrs)
3134 *
3135 * The flags RGI_x_DEFINED may be used to indicate which of the data
3136 * members were successfully returned (set in rgi->flags). All of
3137 * the data members are optional, however certain OpenVPN functionality
3138 * may be disabled by missing items.
3139 */
3140 void
3142 {
3144 }
3146 #endif
3148 bool
3150 {
3155 {
3157 {
3160 {
3163 else
3166 }
3167 }
3168 }
3170 }
3172 /*
3173 * get_bypass_addresses() is used by the redirect-gateway bypass-x
3174 * functions to build a route bypass to selected DHCP/DNS servers,
3175 * so that outgoing packets to these servers don't end up in the tunnel.
3176 */
3178 #if defined(WIN32)
3180 static void
3182 {
3185 }
3187 static void
3189 {
3191 {
3193 const in_addr_t ip = getaddr (GETADDR_HOST_ORDER, iplist->IpAddress.String, 0, &succeed, NULL);
3195 {
3197 }
3199 }
3200 }
3202 static void
3204 {
3206 /*bool ret_bool = false;*/
3208 /* get full routing table */
3211 /* get the route which represents the default gateway */
3215 {
3216 /* get the adapter which the default gateway is associated with */
3219 /* get extra adapter info, such as DNS addresses */
3222 /* Bypass DHCP server address */
3226 /* Bypass DNS server addresses */
3229 }
3232 }
3234 #else
3236 static void
3237 get_bypass_addresses (struct route_bypass *rb, const unsigned int flags) /* PLATFORM-SPECIFIC */
3238 {
3239 }
3241 #endif
3243 /*
3244 * Test if addr is reachable via a local interface (return ILA_LOCAL),
3245 * or if it needs to be routed via the default gateway (return
3246 * ILA_NONLOCAL). If the target platform doesn't implement this
3247 * function, return ILA_NOT_IMPLEMENTED.
3248 *
3249 * Used by redirect-gateway autolocal feature
3250 */
3252 #if defined(WIN32)
3254 int
3256 {
3258 const in_addr_t nonlocal_netmask = 0x80000000L; /* routes with netmask <= to this are considered non-local */
3261 /* get full routing table */
3264 {
3267 {
3272 {
3275 }
3276 }
3277 }
3281 }
3283 #else
3285 int
3286 test_local_addr (const in_addr_t addr, const struct route_gateway_info *rgi) /* PLATFORM-SPECIFIC */
3287 {
3289 {
3292 else
3294 }
3296 }
3298 #endif