#include "manage.h"
#include "win32.h"
#include "options.h"
+#include "networking.h"
#include "memdbg.h"
#endif
-static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es);
+static void delete_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, openvpn_net_ctx_t *ctx);
static void get_bypass_addresses(struct route_bypass *rb, const unsigned int flags);
const char *remote_endpoint,
int default_metric,
in_addr_t remote_host,
- struct env_set *es)
+ struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
struct gc_arena gc = gc_new();
bool ret = true;
rl->spec.flags |= RTSA_DEFAULT_METRIC;
}
- get_default_gateway(&rl->rgi);
+ get_default_gateway(&rl->rgi, ctx);
if (rl->rgi.flags & RGI_ADDR_DEFINED)
{
setenv_route_addr(es, "net_gateway", rl->rgi.gateway.addr, -1);
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi,
- const struct env_set *es)
+ const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
struct route_ipv4 r;
CLEAR(r);
r.network = network;
r.netmask = netmask;
r.gateway = gateway;
- add_route(&r, tt, flags, rgi, es);
+ add_route(&r, tt, flags, rgi, es, ctx);
}
static void
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi,
- const struct env_set *es)
+ const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
struct route_ipv4 r;
CLEAR(r);
r.network = network;
r.netmask = netmask;
r.gateway = gateway;
- delete_route(&r, tt, flags, rgi, es);
+ delete_route(&r, tt, flags, rgi, es, ctx);
}
static void
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi,
- const struct env_set *es)
+ const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
int i;
for (i = 0; i < rb->n_bypass; ++i)
tt,
flags | ROUTE_REF_GW,
rgi,
- es);
+ es,
+ ctx);
}
}
}
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi,
- const struct env_set *es)
+ const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
int i;
for (i = 0; i < rb->n_bypass; ++i)
tt,
flags | ROUTE_REF_GW,
rgi,
- es);
+ es,
+ ctx);
}
}
}
static void
-redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
+redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt,
+ unsigned int flags, const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
const char err[] = "NOTE: unable to redirect default gateway --";
tt,
flags | ROUTE_REF_GW,
&rl->rgi,
- es);
+ es,
+ ctx);
rl->iflags |= RL_DID_LOCAL;
}
else
#endif /* ifndef TARGET_ANDROID */
/* route DHCP/DNS server traffic through original default gateway */
- add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, &rl->rgi, es);
+ add_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags,
+ &rl->rgi, es, ctx);
if (rl->flags & RG_REROUTE_GW)
{
tt,
flags,
&rl->rgi,
- es);
+ es,
+ ctx);
/* add new default route (2nd component) */
add_route3(0x80000000,
tt,
flags,
&rl->rgi,
- es);
+ es,
+ ctx);
}
else
{
{
/* delete default route */
del_route3(0, 0, rl->rgi.gateway.addr, tt,
- flags | ROUTE_REF_GW, &rl->rgi, es);
+ flags | ROUTE_REF_GW, &rl->rgi, es, ctx);
}
/* add new default route */
tt,
flags,
&rl->rgi,
- es);
+ es,
+ ctx);
}
}
}
static void
-undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
+undo_redirect_default_route_to_vpn(struct route_list *rl,
+ const struct tuntap *tt, unsigned int flags,
+ const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
if (rl && rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY)
{
tt,
flags | ROUTE_REF_GW,
&rl->rgi,
- es);
+ es,
+ ctx);
rl->iflags &= ~RL_DID_LOCAL;
}
/* delete special DHCP/DNS bypass route */
- del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags, &rl->rgi, es);
+ del_bypass_routes(&rl->spec.bypass, rl->rgi.gateway.addr, tt, flags,
+ &rl->rgi, es, ctx);
if (rl->flags & RG_REROUTE_GW)
{
tt,
flags,
&rl->rgi,
- es);
+ es,
+ ctx);
/* delete default route (2nd component) */
del_route3(0x80000000,
tt,
flags,
&rl->rgi,
- es);
+ es,
+ ctx);
}
else
{
tt,
flags,
&rl->rgi,
- es);
+ es,
+ ctx);
/* restore original default route if there was any */
if (rl->rgi.flags & RGI_ADDR_DEFINED)
{
add_route3(0, 0, rl->rgi.gateway.addr, tt,
- flags | ROUTE_REF_GW, &rl->rgi, es);
+ flags | ROUTE_REF_GW, &rl->rgi, es, ctx);
}
}
}
}
void
-add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
+add_routes(struct route_list *rl, struct route_ipv6_list *rl6,
+ const struct tuntap *tt, unsigned int flags,
+ const struct env_set *es, openvpn_net_ctx_t *ctx)
{
- redirect_default_route_to_vpn(rl, tt, flags, es);
+ redirect_default_route_to_vpn(rl, tt, flags, es, ctx);
if (rl && !(rl->iflags & RL_ROUTES_ADDED) )
{
struct route_ipv4 *r;
check_subnet_conflict(r->network, r->netmask, "route");
if (flags & ROUTE_DELETE_FIRST)
{
- delete_route(r, tt, flags, &rl->rgi, es);
+ delete_route(r, tt, flags, &rl->rgi, es, ctx);
}
- add_route(r, tt, flags, &rl->rgi, es);
+ add_route(r, tt, flags, &rl->rgi, es, ctx);
}
rl->iflags |= RL_ROUTES_ADDED;
}
{
if (flags & ROUTE_DELETE_FIRST)
{
- delete_route_ipv6(r, tt, flags, es);
+ delete_route_ipv6(r, tt, flags, es, ctx);
}
- add_route_ipv6(r, tt, flags, es);
+ add_route_ipv6(r, tt, flags, es, ctx);
}
rl6->iflags |= RL_ROUTES_ADDED;
}
void
delete_routes(struct route_list *rl, struct route_ipv6_list *rl6,
- const struct tuntap *tt, unsigned int flags, const struct env_set *es)
+ const struct tuntap *tt, unsigned int flags,
+ const struct env_set *es, openvpn_net_ctx_t *ctx)
{
if (rl && rl->iflags & RL_ROUTES_ADDED)
{
struct route_ipv4 *r;
for (r = rl->routes; r; r = r->next)
{
- delete_route(r, tt, flags, &rl->rgi, es);
+ delete_route(r, tt, flags, &rl->rgi, es, ctx);
}
rl->iflags &= ~RL_ROUTES_ADDED;
}
- undo_redirect_default_route_to_vpn(rl, tt, flags, es);
+ undo_redirect_default_route_to_vpn(rl, tt, flags, es, ctx);
if (rl)
{
struct route_ipv6 *r6;
for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
{
- delete_route_ipv6(r6, tt, flags, es);
+ delete_route_ipv6(r6, tt, flags, es, ctx);
}
rl6->iflags &= ~RL_ROUTES_ADDED;
}
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi, /* may be NULL */
- const struct env_set *es)
+ const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
struct gc_arena gc;
struct argv argv = argv_new();
+#if !defined(TARGET_LINUX)
const char *network;
#if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
const char *netmask;
#endif
const char *gateway;
+#else
+ const char *iface;
+ int metric;
+#endif
bool status = false;
int is_local_route;
gc_init(&gc);
+#if !defined(TARGET_LINUX)
network = print_in_addr_t(r->network, 0, &gc);
#if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
netmask = print_in_addr_t(r->netmask, 0, &gc);
#endif
gateway = print_in_addr_t(r->gateway, 0, &gc);
+#endif
is_local_route = local_route(r->network, r->netmask, r->gateway, rgi);
if (is_local_route == LR_ERROR)
}
#if defined(TARGET_LINUX)
-#ifdef ENABLE_IPROUTE
- argv_printf(&argv, "%s route add %s/%d",
- iproute_path,
- network,
- netmask_to_netbits2(r->netmask));
-
- if (r->flags & RT_METRIC_DEFINED)
- {
- argv_printf_cat(&argv, "metric %d", r->metric);
- }
-
+ iface = NULL;
if (is_on_link(is_local_route, flags, rgi))
{
- argv_printf_cat(&argv, "dev %s", rgi->iface);
+ iface = rgi->iface;
}
- else
- {
- argv_printf_cat(&argv, "via %s", gateway);
- }
-#else /* ifdef ENABLE_IPROUTE */
- argv_printf(&argv, "%s add -net %s netmask %s",
- ROUTE_PATH,
- network,
- netmask);
+
+ metric = -1;
if (r->flags & RT_METRIC_DEFINED)
{
- argv_printf_cat(&argv, "metric %d", r->metric);
+ metric = r->metric;
}
- if (is_on_link(is_local_route, flags, rgi))
- {
- argv_printf_cat(&argv, "dev %s", rgi->iface);
- }
- else
+
+ status = true;
+ if (net_route_v4_add(ctx, &r->network, netmask_to_netbits2(r->netmask),
+ &r->gateway, iface, 0, metric) < 0)
{
- argv_printf_cat(&argv, "gw %s", gateway);
+ msg(M_WARN, "ERROR: Linux route add command failed");
+ status = false;
}
-#endif /*ENABLE_IPROUTE*/
- argv_msg(D_ROUTE, &argv);
- status = openvpn_execve_check(&argv, es, 0, "ERROR: Linux route add command failed");
-
#elif defined (TARGET_ANDROID)
char out[128];
}
void
-add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
+add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt,
+ unsigned int flags, const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
struct gc_arena gc;
struct argv argv = argv_new();
const char *gateway;
bool status = false;
const char *device = tt->actual_name;
-
+#if defined(TARGET_LINUX)
+ int metric;
+#endif
bool gateway_needed = false;
if (!(r6->flags & RT_DEFINED) )
}
#if defined(TARGET_LINUX)
-#ifdef ENABLE_IPROUTE
- argv_printf(&argv, "%s -6 route add %s/%d dev %s",
- iproute_path,
- network,
- r6->netbits,
- device);
- if (gateway_needed)
- {
- argv_printf_cat(&argv, "via %s", gateway);
- }
- if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0)
+ metric = -1;
+ if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0))
{
- argv_printf_cat(&argv, " metric %d", r6->metric);
+ metric = r6->metric;
}
-#else /* ifdef ENABLE_IPROUTE */
- argv_printf(&argv, "%s -A inet6 add %s/%d dev %s",
- ROUTE_PATH,
- network,
- r6->netbits,
- device);
- if (gateway_needed)
+ status = true;
+ if (net_route_v6_add(ctx, &r6->network, r6->netbits,
+ gateway_needed ? &r6->gateway : NULL, device, 0,
+ metric) < 0)
{
- argv_printf_cat(&argv, "gw %s", gateway);
- }
- if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0)
- {
- argv_printf_cat(&argv, " metric %d", r6->metric);
+ msg(M_WARN, "ERROR: Linux IPv6 route can't be added");
+ status = false;
}
-#endif /*ENABLE_IPROUTE*/
- argv_msg(D_ROUTE, &argv);
- status = openvpn_execve_check(&argv, es, 0, "ERROR: Linux route -6/-A inet6 add command failed");
#elif defined (TARGET_ANDROID)
char out[64];
const struct tuntap *tt,
unsigned int flags,
const struct route_gateway_info *rgi,
- const struct env_set *es)
+ const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
struct gc_arena gc;
struct argv argv = argv_new();
+#if !defined(TARGET_LINUX)
const char *network;
#if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
const char *netmask;
#endif
#if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID)
const char *gateway;
+#endif
+#else
+ int metric;
#endif
int is_local_route;
gc_init(&gc);
+#if !defined(TARGET_LINUX)
network = print_in_addr_t(r->network, 0, &gc);
#if !defined(ENABLE_IPROUTE) && !defined(TARGET_AIX)
netmask = print_in_addr_t(r->netmask, 0, &gc);
#endif
#if !defined(TARGET_LINUX) && !defined(TARGET_ANDROID)
gateway = print_in_addr_t(r->gateway, 0, &gc);
+#endif
#endif
is_local_route = local_route(r->network, r->netmask, r->gateway, rgi);
}
#if defined(TARGET_LINUX)
-#ifdef ENABLE_IPROUTE
- argv_printf(&argv, "%s route del %s/%d",
- iproute_path,
- network,
- netmask_to_netbits2(r->netmask));
-#else
- argv_printf(&argv, "%s del -net %s netmask %s",
- ROUTE_PATH,
- network,
- netmask);
-#endif /*ENABLE_IPROUTE*/
+ metric = -1;
if (r->flags & RT_METRIC_DEFINED)
{
- argv_printf_cat(&argv, "metric %d", r->metric);
+ metric = r->metric;
}
- argv_msg(D_ROUTE, &argv);
- openvpn_execve_check(&argv, es, 0, "ERROR: Linux route delete command failed");
+ if (net_route_v4_del(ctx, &r->network, netmask_to_netbits2(r->netmask),
+ &r->gateway, NULL, 0, metric) < 0)
+ {
+ msg(M_WARN, "ERROR: Linux route delete command failed");
+ }
#elif defined (_WIN32)
argv_printf(&argv, "%s%sc DELETE %s MASK %s %s",
}
void
-delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flags, const struct env_set *es)
+delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt,
+ unsigned int flags, const struct env_set *es,
+ openvpn_net_ctx_t *ctx)
{
struct gc_arena gc;
struct argv argv = argv_new();
const char *network;
+#if !defined(TARGET_LINUX)
const char *gateway;
+#else
+ int metric;
+#endif
const char *device = tt->actual_name;
bool gateway_needed = false;
gc_init(&gc);
network = print_in6_addr( r6->network, 0, &gc);
+#if !defined(TARGET_LINUX)
gateway = print_in6_addr( r6->gateway, 0, &gc);
+#endif
#if defined(TARGET_DARWIN) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
gateway_needed = true;
}
-
#if defined(TARGET_LINUX)
-#ifdef ENABLE_IPROUTE
- argv_printf(&argv, "%s -6 route del %s/%d dev %s",
- iproute_path,
- network,
- r6->netbits,
- device);
- if (gateway_needed)
- {
- argv_printf_cat(&argv, "via %s", gateway);
- }
-#else /* ifdef ENABLE_IPROUTE */
- argv_printf(&argv, "%s -A inet6 del %s/%d dev %s",
- ROUTE_PATH,
- network,
- r6->netbits,
- device);
- if (gateway_needed)
+ metric = -1;
+ if ((r6->flags & RT_METRIC_DEFINED) && (r6->metric > 0))
{
- argv_printf_cat(&argv, "gw %s", gateway);
+ metric = r6->metric;
}
- if ( (r6->flags & RT_METRIC_DEFINED) && r6->metric > 0)
+
+ if (net_route_v6_del(ctx, &r6->network, r6->netbits,
+ gateway_needed ? &r6->gateway : NULL, device, 0,
+ metric) < 0)
{
- argv_printf_cat(&argv, " metric %d", r6->metric);
+ msg(M_WARN, "ERROR: Linux route v6 delete command failed");
}
-#endif /*ENABLE_IPROUTE*/
- argv_msg(D_ROUTE, &argv);
- openvpn_execve_check(&argv, es, 0, "ERROR: Linux route -6/-A inet6 del command failed");
#elif defined (_WIN32)
}
void
-get_default_gateway(struct route_gateway_info *rgi)
+get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx)
{
struct gc_arena gc = gc_new();
*/
void
get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6,
- const struct in6_addr *dest)
+ const struct in6_addr *dest, openvpn_net_ctx_t *ctx)
{
struct gc_arena gc = gc_new();
MIB_IPFORWARD_ROW2 BestRoute;
#elif defined(TARGET_LINUX) || defined(TARGET_ANDROID)
void
-get_default_gateway(struct route_gateway_info *rgi)
+get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx)
{
struct gc_arena gc = gc_new();
int sd = -1;
- char best_name[16];
- best_name[0] = 0;
+ char best_name[IFNAMSIZ];
CLEAR(*rgi);
+ CLEAR(best_name);
#ifndef TARGET_ANDROID
/* get default gateway IP addr */
+ if (net_route_v4_best_gw(ctx, NULL, 0, &rgi->gateway.addr, best_name) == 0)
{
- FILE *fp = fopen("/proc/net/route", "r");
- if (fp)
+ rgi->flags |= RGI_ADDR_DEFINED;
+ if (!rgi->gateway.addr && best_name[0])
{
- char line[256];
- int count = 0;
- unsigned int lowest_metric = UINT_MAX;
- in_addr_t best_gw = 0;
- bool found = false;
- while (fgets(line, sizeof(line), fp) != NULL)
- {
- if (count)
- {
- unsigned int net_x = 0;
- unsigned int mask_x = 0;
- unsigned int gw_x = 0;
- unsigned int metric = 0;
- unsigned int flags = 0;
- char name[16];
- name[0] = 0;
- const int np = sscanf(line, "%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x",
- name,
- &net_x,
- &gw_x,
- &flags,
- &metric,
- &mask_x);
- if (np == 6 && (flags & IFF_UP))
- {
- const in_addr_t net = ntohl(net_x);
- const in_addr_t mask = ntohl(mask_x);
- const in_addr_t gw = ntohl(gw_x);
-
- if (!net && !mask && metric < lowest_metric)
- {
- found = true;
- best_gw = gw;
- strcpy(best_name, name);
- lowest_metric = metric;
- }
- }
- }
- ++count;
- }
- fclose(fp);
-
- if (found)
- {
- rgi->gateway.addr = best_gw;
- rgi->flags |= RGI_ADDR_DEFINED;
- if (!rgi->gateway.addr && best_name[0])
- {
- rgi->flags |= RGI_ON_LINK;
- }
- }
+ rgi->flags |= RGI_ON_LINK;
}
}
#else /* ifndef TARGET_ANDROID */
#define max(a,b) ((a) > (b) ? (a) : (b))
void
-get_default_gateway(struct route_gateway_info *rgi)
+get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx)
{
struct gc_arena gc = gc_new();
struct rtmsg m_rtmsg;
* may be disabled by missing items.
*/
void
-get_default_gateway(struct route_gateway_info *rgi)
+get_default_gateway(struct route_gateway_info *rgi, openvpn_net_ctx_t *ctx)
{
CLEAR(*rgi);
}
projects / thirdparty / openvpn.git / commitdiff
