diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2009-05-23 10:30:10 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2009-05-23 10:30:10 +0000 |
commit | b723833ba8038765bb22f273ad0de183329df25b (patch) | |
tree | 59073b5be0a1fa6dc426cf032f0cf2867b148e6d /route.c | |
parent | Fixed race condition in management interface recv code on (diff) | |
download | openvpn-b723833ba8038765bb22f273ad0de183329df25b.tar.xz |
Added "redirect-private" option which allows private subnets
to be pushed to the client in such a way that they don't accidently
obscure critical local addresses such as the DHCP server address and
DNS server addresses.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@4436 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'route.c')
-rw-r--r-- | route.c | 138 |
1 files changed, 72 insertions, 66 deletions
@@ -543,18 +543,83 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u /* route DHCP/DNS server traffic through original default gateway */ add_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); + if (rl->flags & RG_REROUTE_GW) + { + if (rl->flags & RG_DEF1) + { + /* add new default route (1st component) */ + add_route3 (0x00000000, + 0x80000000, + rl->spec.remote_endpoint, + tt, + flags, + es); + + /* add new default route (2nd component) */ + add_route3 (0x80000000, + 0x80000000, + rl->spec.remote_endpoint, + tt, + flags, + es); + } + else + { + /* delete default route */ + del_route3 (0, + 0, + rl->spec.net_gateway, + tt, + flags, + es); + + /* add new default route */ + add_route3 (0, + 0, + rl->spec.remote_endpoint, + tt, + flags, + es); + } + } + + /* set a flag so we can undo later */ + rl->did_redirect_default_gateway = true; + } + } +} + +static void +undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) +{ + if (rl->did_redirect_default_gateway) + { + /* delete remote host route */ + if (!(rl->flags & RG_LOCAL)) + del_route3 (rl->spec.remote_host, + ~0, + rl->spec.net_gateway, + tt, + flags, + es); + + /* delete special DHCP/DNS bypass route */ + del_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); + + if (rl->flags & RG_REROUTE_GW) + { if (rl->flags & RG_DEF1) { - /* add new default route (1st component) */ - add_route3 (0x00000000, + /* delete default route (1st component) */ + del_route3 (0x00000000, 0x80000000, rl->spec.remote_endpoint, tt, flags, es); - /* add new default route (2nd component) */ - add_route3 (0x80000000, + /* delete default route (2nd component) */ + del_route3 (0x80000000, 0x80000000, rl->spec.remote_endpoint, tt, @@ -566,78 +631,19 @@ redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, u /* delete default route */ del_route3 (0, 0, - rl->spec.net_gateway, + rl->spec.remote_endpoint, tt, flags, es); - /* add new default route */ + /* restore original default route */ add_route3 (0, 0, - rl->spec.remote_endpoint, + rl->spec.net_gateway, tt, flags, es); } - - /* set a flag so we can undo later */ - rl->did_redirect_default_gateway = true; - } - } -} - -static void -undo_redirect_default_route_to_vpn (struct route_list *rl, const struct tuntap *tt, unsigned int flags, const struct env_set *es) -{ - if (rl->did_redirect_default_gateway) - { - /* delete remote host route */ - if (!(rl->flags & RG_LOCAL)) - del_route3 (rl->spec.remote_host, - ~0, - rl->spec.net_gateway, - tt, - flags, - es); - - /* delete special DHCP/DNS bypass route */ - del_bypass_routes (&rl->spec.bypass, rl->spec.net_gateway, tt, flags, es); - - if (rl->flags & RG_DEF1) - { - /* delete default route (1st component) */ - del_route3 (0x00000000, - 0x80000000, - rl->spec.remote_endpoint, - tt, - flags, - es); - - /* delete default route (2nd component) */ - del_route3 (0x80000000, - 0x80000000, - rl->spec.remote_endpoint, - tt, - flags, - es); - } - else - { - /* delete default route */ - del_route3 (0, - 0, - rl->spec.remote_endpoint, - tt, - flags, - es); - - /* restore original default route */ - add_route3 (0, - 0, - rl->spec.net_gateway, - tt, - flags, - es); } rl->did_redirect_default_gateway = false; |