1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23
24 /*
25 * Support routines for adding/deleting network routes.
26 */
27
28 #ifndef ROUTE_H
29 #define ROUTE_H
30
31 #include "basic.h"
32 #include "tun.h"
33 #include "misc.h"
34 #include "networking.h"
35
36 #ifdef _WIN32
37 /*
38 * Windows route methods
39 */
40 #define ROUTE_METHOD_ADAPTIVE 0 /* try IP helper first then route.exe */
41 #define ROUTE_METHOD_IPAPI 1 /* use IP helper API */
42 #define ROUTE_METHOD_EXE 2 /* use route.exe */
43 #define ROUTE_METHOD_SERVICE 3 /* use the privileged Windows service */
44 #define ROUTE_METHOD_MASK 3
45 #endif
46
47 /*
48 * Route add/delete flags (must stay clear of ROUTE_METHOD bits)
49 */
50 #define ROUTE_DELETE_FIRST (1<<2)
51 #define ROUTE_REF_GW (1<<3)
52
53 struct route_bypass
54 {
55 #define N_ROUTE_BYPASS 8
56 int n_bypass;
57 in_addr_t bypass[N_ROUTE_BYPASS];
58 };
59
60 struct route_special_addr
61 {
62 /* bits indicating which members below are defined */
63 #define RTSA_REMOTE_ENDPOINT (1<<0)
64 #define RTSA_REMOTE_HOST (1<<1)
65 #define RTSA_DEFAULT_METRIC (1<<2)
66 unsigned int flags;
67
68 in_addr_t remote_endpoint;
69 in_addr_t remote_host;
70 int remote_host_local; /* TLA_x value */
71 struct route_bypass bypass;
72 int default_metric;
73 };
74
75 struct route_option {
76 struct route_option *next;
77 const char *network;
78 const char *netmask;
79 const char *gateway;
80 const char *metric;
81 };
82
83 /* redirect-gateway flags */
84 #define RG_ENABLE (1<<0)
85 #define RG_LOCAL (1<<1)
86 #define RG_DEF1 (1<<2)
87 #define RG_BYPASS_DHCP (1<<3)
88 #define RG_BYPASS_DNS (1<<4)
89 #define RG_REROUTE_GW (1<<5)
90 #define RG_AUTO_LOCAL (1<<6)
91 #define RG_BLOCK_LOCAL (1<<7)
92
93 struct route_option_list {
94 unsigned int flags; /* RG_x flags */
95 struct route_option *routes;
96 struct gc_arena *gc;
97 };
98
99 struct route_ipv6_option {
100 struct route_ipv6_option *next;
101 const char *prefix; /* e.g. "2001:db8:1::/64" */
102 const char *gateway; /* e.g. "2001:db8:0::2" */
103 const char *metric; /* e.g. "5" */
104 };
105
106 struct route_ipv6_option_list {
107 unsigned int flags; /* RG_x flags, see route_option-list */
108 struct route_ipv6_option *routes_ipv6;
109 struct gc_arena *gc;
110 };
111
112 struct route_ipv4 {
113 #define RT_DEFINED (1<<0)
114 #define RT_ADDED (1<<1)
115 #define RT_METRIC_DEFINED (1<<2)
116 struct route_ipv4 *next;
117 unsigned int flags;
118 const struct route_option *option;
119 in_addr_t network;
120 in_addr_t netmask;
121 in_addr_t gateway;
122 int metric;
123 };
124
125 struct route_ipv6 {
126 struct route_ipv6 *next;
127 unsigned int flags; /* RT_ flags, see route_ipv4 */
128 struct in6_addr network;
129 unsigned int netbits;
130 struct in6_addr gateway;
131 int metric;
132 /* gateway interface */
133 #ifdef _WIN32
134 DWORD adapter_index; /* interface or ~0 if undefined */
135 #else
136 char *iface; /* interface name (null terminated) */
137 #endif
138 };
139
140
141 struct route_gateway_address {
142 in_addr_t addr;
143 in_addr_t netmask;
144 };
145
146 struct route_gateway_info {
147 #define RGI_ADDR_DEFINED (1<<0) /* set if gateway.addr defined */
148 #define RGI_NETMASK_DEFINED (1<<1) /* set if gateway.netmask defined */
149 #define RGI_HWADDR_DEFINED (1<<2) /* set if hwaddr is defined */
150 #define RGI_IFACE_DEFINED (1<<3) /* set if iface is defined */
151 #define RGI_OVERFLOW (1<<4) /* set if more interface addresses than will fit in addrs */
152 #define RGI_ON_LINK (1<<5)
153 unsigned int flags;
154
155 /* gateway interface */
156 #ifdef _WIN32
157 DWORD adapter_index; /* interface or ~0 if undefined */
158 #else
159 char iface[16]; /* interface name (null terminated), may be empty */
160 #endif
161
162 /* gateway interface hardware address */
163 uint8_t hwaddr[6];
164
165 /* gateway/router address */
166 struct route_gateway_address gateway;
167
168 /* address/netmask pairs bound to interface */
169 #define RGI_N_ADDRESSES 8
170 int n_addrs; /* len of addrs, may be 0 */
171 struct route_gateway_address addrs[RGI_N_ADDRESSES]; /* local addresses attached to iface */
172 };
173
174 struct route_ipv6_gateway_address {
175 struct in6_addr addr_ipv6;
176 int netbits_ipv6;
177 };
178
179 struct route_ipv6_gateway_info {
180 /* RGI_ flags used as in route_gateway_info */
181 unsigned int flags;
182
183 /* gateway interface */
184 #ifdef _WIN32
185 DWORD adapter_index; /* interface or ~0 if undefined */
186 #else
187 /* non linux platform don't have this constant defined */
188 #ifndef IFNAMSIZ
189 #define IFNAMSIZ 16
190 #endif
191 char iface[IFNAMSIZ]; /* interface name (null terminated), may be empty */
192 #endif
193
194 /* gateway interface hardware address */
195 uint8_t hwaddr[6];
196
197 /* gateway/router address */
198 struct route_ipv6_gateway_address gateway;
199
200 /* address/netmask pairs bound to interface */
201 #define RGI_N_ADDRESSES 8
202 int n_addrs; /* len of addrs, may be 0 */
203 struct route_ipv6_gateway_address addrs[RGI_N_ADDRESSES]; /* local addresses attached to iface */
204 };
205
206 struct route_list {
207 #define RL_DID_REDIRECT_DEFAULT_GATEWAY (1<<0)
208 #define RL_DID_LOCAL (1<<1)
209 #define RL_ROUTES_ADDED (1<<2)
210 unsigned int iflags;
211
212 struct route_special_addr spec;
213 struct route_gateway_info rgi;
214 unsigned int flags; /* RG_x flags */
215 struct route_ipv4 *routes;
216 struct gc_arena gc;
217 };
218
219 struct route_ipv6_list {
220 unsigned int iflags; /* RL_ flags, see route_list */
221
222 unsigned int spec_flags; /* RTSA_ flags, route_special_addr */
223 struct in6_addr remote_endpoint_ipv6; /* inside tun */
224 struct in6_addr remote_host_ipv6; /* --remote address */
225 int default_metric;
226
227 struct route_ipv6_gateway_info rgi6;
228 unsigned int flags; /* RG_x flags, see route_option_list */
229 struct route_ipv6 *routes_ipv6;
230 struct gc_arena gc;
231 };
232
233 /* internal OpenVPN route */
234 struct iroute {
235 in_addr_t network;
236 int netbits;
237 struct iroute *next;
238 };
239
240 struct iroute_ipv6 {
241 struct in6_addr network;
242 unsigned int netbits;
243 struct iroute_ipv6 *next;
244 };
245
246 struct route_option_list *new_route_option_list(struct gc_arena *a);
247
248 struct route_ipv6_option_list *new_route_ipv6_option_list(struct gc_arena *a);
249
250 struct route_option_list *clone_route_option_list(const struct route_option_list *src, struct gc_arena *a);
251
252 struct route_ipv6_option_list *clone_route_ipv6_option_list(const struct route_ipv6_option_list *src, struct gc_arena *a);
253
254 void copy_route_option_list(struct route_option_list *dest, const struct route_option_list *src, struct gc_arena *a);
255
256 void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest,
257 const struct route_ipv6_option_list *src,
258 struct gc_arena *a);
259
260 void route_ipv6_clear_host_bits( struct route_ipv6 *r6 );
261
262 void add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx);
263
264 void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx);
265
266 void add_route(struct route_ipv4 *r,
267 const struct tuntap *tt,
268 unsigned int flags,
269 const struct route_gateway_info *rgi,
270 const struct env_set *es,
271 openvpn_net_ctx_t *ctx);
272
273 void add_route_to_option_list(struct route_option_list *l,
274 const char *network,
275 const char *netmask,
276 const char *gateway,
277 const char *metric);
278
279 void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l,
280 const char *prefix,
281 const char *gateway,
282 const char *metric);
283
284 bool init_route_list(struct route_list *rl,
285 const struct route_option_list *opt,
286 const char *remote_endpoint,
287 int default_metric,
288 in_addr_t remote_host,
289 struct env_set *es,
290 openvpn_net_ctx_t *ctx);
291
292 bool init_route_ipv6_list(struct route_ipv6_list *rl6,
293 const struct route_ipv6_option_list *opt6,
294 const char *remote_endpoint,
295 int default_metric,
296 const struct in6_addr *remote_host,
297 struct env_set *es,
298 openvpn_net_ctx_t *ctx);
299
300 void route_list_add_vpn_gateway(struct route_list *rl,
301 struct env_set *es,
302 const in_addr_t addr);
303
304 void add_routes(struct route_list *rl,
305 struct route_ipv6_list *rl6,
306 const struct tuntap *tt,
307 unsigned int flags,
308 const struct env_set *es,
309 openvpn_net_ctx_t *ctx);
310
311 void delete_routes(struct route_list *rl,
312 struct route_ipv6_list *rl6,
313 const struct tuntap *tt,
314 unsigned int flags,
315 const struct env_set *es,
316 openvpn_net_ctx_t *ctx);
317
318 void setenv_routes(struct env_set *es, const struct route_list *rl);
319
320 void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6);
321
322 bool is_special_addr(const char *addr_str);
323
324 void get_default_gateway(struct route_gateway_info *rgi,
325 openvpn_net_ctx_t *ctx);
326
327 void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi,
328 const struct in6_addr *dest,
329 openvpn_net_ctx_t *ctx);
330
331 void print_default_gateway(const int msglevel,
332 const struct route_gateway_info *rgi,
333 const struct route_ipv6_gateway_info *rgi6);
334
335 /*
336 * Test if addr is reachable via a local interface (return ILA_LOCAL),
337 * or if it needs to be routed via the default gateway (return
338 * ILA_NONLOCAL). If the current platform doesn't implement this
339 * function, return ILA_NOT_IMPLEMENTED.
340 */
341 #define TLA_NOT_IMPLEMENTED 0
342 #define TLA_NONLOCAL 1
343 #define TLA_LOCAL 2
344 int test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi);
345
346 #ifndef ENABLE_SMALL
347 void print_route_options(const struct route_option_list *rol,
348 int level);
349
350 #endif
351
352 void print_routes(const struct route_list *rl, int level);
353
354 #ifdef _WIN32
355
356 void show_routes(int msglev);
357
358 bool test_routes(const struct route_list *rl, const struct tuntap *tt);
359
360 bool add_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index);
361
362 bool del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt);
363
364 #else /* ifdef _WIN32 */
365 static inline bool
test_routes(const struct route_list * rl,const struct tuntap * tt)366 test_routes(const struct route_list *rl, const struct tuntap *tt)
367 {
368 return true;
369 }
370 #endif
371
372 bool netmask_to_netbits(const in_addr_t network, const in_addr_t netmask, int *netbits);
373
374 int netmask_to_netbits2(in_addr_t netmask);
375
376 static inline in_addr_t
netbits_to_netmask(const int netbits)377 netbits_to_netmask(const int netbits)
378 {
379 const int addrlen = sizeof(in_addr_t) * 8;
380 in_addr_t mask = 0;
381 if (netbits > 0 && netbits <= addrlen)
382 {
383 mask = IPV4_NETMASK_HOST << (addrlen-netbits);
384 }
385 return mask;
386 }
387
388 static inline bool
route_list_vpn_gateway_needed(const struct route_list * rl)389 route_list_vpn_gateway_needed(const struct route_list *rl)
390 {
391 if (!rl)
392 {
393 return false;
394 }
395 else
396 {
397 return !(rl->spec.flags & RTSA_REMOTE_ENDPOINT);
398 }
399 }
400
401 static inline int
route_did_redirect_default_gateway(const struct route_list * rl)402 route_did_redirect_default_gateway(const struct route_list *rl)
403 {
404 return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY);
405 }
406
407 #endif /* ifndef ROUTE_H */
408