/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

/*
 * Support routines for adding/deleting network routes.
 */

#ifndef ROUTE_H
#define ROUTE_H

#include "basic.h"
#include "tun.h"
#include "misc.h"
#include "networking.h"

#ifdef _WIN32
/*
 * Windows route methods
 */
#define ROUTE_METHOD_ADAPTIVE  0  /* try IP helper first then route.exe */
#define ROUTE_METHOD_IPAPI     1  /* use IP helper API */
#define ROUTE_METHOD_EXE       2  /* use route.exe */
#define ROUTE_METHOD_SERVICE   3  /* use the privileged Windows service */
#define ROUTE_METHOD_MASK      3
#endif

/*
 * Route add/delete flags (must stay clear of ROUTE_METHOD bits)
 */
#define ROUTE_DELETE_FIRST  (1<<2)
#define ROUTE_REF_GW        (1<<3)

struct route_bypass
{
#define N_ROUTE_BYPASS 8
    int n_bypass;
    in_addr_t bypass[N_ROUTE_BYPASS];
};

struct route_special_addr
{
    /* bits indicating which members below are defined */
#define RTSA_REMOTE_ENDPOINT  (1<<0)
#define RTSA_REMOTE_HOST      (1<<1)
#define RTSA_DEFAULT_METRIC   (1<<2)
    unsigned int flags;

    in_addr_t remote_endpoint;
    in_addr_t remote_host;
    int remote_host_local; /* TLA_x value */
    struct route_bypass bypass;
    int default_metric;
};

struct route_option {
    struct route_option *next;
    const char *network;
    const char *netmask;
    const char *gateway;
    const char *metric;
};

/* redirect-gateway flags */
#define RG_ENABLE         (1<<0)
#define RG_LOCAL          (1<<1)
#define RG_DEF1           (1<<2)
#define RG_BYPASS_DHCP    (1<<3)
#define RG_BYPASS_DNS     (1<<4)
#define RG_REROUTE_GW     (1<<5)
#define RG_AUTO_LOCAL     (1<<6)
#define RG_BLOCK_LOCAL    (1<<7)

struct route_option_list {
    unsigned int flags; /* RG_x flags */
    struct route_option *routes;
    struct gc_arena *gc;
};

struct route_ipv6_option {
    struct route_ipv6_option *next;
    const char *prefix;         /* e.g. "2001:db8:1::/64" */
    const char *gateway;        /* e.g. "2001:db8:0::2" */
    const char *metric;         /* e.g. "5" */
};

struct route_ipv6_option_list {
    unsigned int flags;         /* RG_x flags, see route_option-list */
    struct route_ipv6_option *routes_ipv6;
    struct gc_arena *gc;
};

struct route_ipv4 {
#define RT_DEFINED        (1<<0)
#define RT_ADDED          (1<<1)
#define RT_METRIC_DEFINED (1<<2)
    struct route_ipv4 *next;
    unsigned int flags;
    const struct route_option *option;
    in_addr_t network;
    in_addr_t netmask;
    in_addr_t gateway;
    int metric;
};

struct route_ipv6 {
    struct route_ipv6 *next;
    unsigned int flags;                         /* RT_ flags, see route_ipv4 */
    struct in6_addr network;
    unsigned int netbits;
    struct in6_addr gateway;
    int metric;
    /* gateway interface */
#ifdef _WIN32
    DWORD adapter_index;        /* interface or ~0 if undefined */
#else
    char *iface;                /* interface name (null terminated) */
#endif
};


struct route_gateway_address {
    in_addr_t addr;
    in_addr_t netmask;
};

struct route_gateway_info {
#define RGI_ADDR_DEFINED     (1<<0)  /* set if gateway.addr defined */
#define RGI_NETMASK_DEFINED  (1<<1)  /* set if gateway.netmask defined */
#define RGI_HWADDR_DEFINED   (1<<2)  /* set if hwaddr is defined */
#define RGI_IFACE_DEFINED    (1<<3)  /* set if iface is defined */
#define RGI_OVERFLOW         (1<<4)  /* set if more interface addresses than will fit in addrs */
#define RGI_ON_LINK          (1<<5)
    unsigned int flags;

    /* gateway interface */
#ifdef _WIN32
    DWORD adapter_index; /* interface or ~0 if undefined */
#else
    char iface[16]; /* interface name (null terminated), may be empty */
#endif

    /* gateway interface hardware address */
    uint8_t hwaddr[6];

    /* gateway/router address */
    struct route_gateway_address gateway;

    /* address/netmask pairs bound to interface */
#define RGI_N_ADDRESSES 8
    int n_addrs; /* len of addrs, may be 0 */
    struct route_gateway_address addrs[RGI_N_ADDRESSES]; /* local addresses attached to iface */
};

struct route_ipv6_gateway_address {
    struct in6_addr addr_ipv6;
    int netbits_ipv6;
};

struct route_ipv6_gateway_info {
/* RGI_ flags used as in route_gateway_info */
    unsigned int flags;

    /* gateway interface */
#ifdef _WIN32
    DWORD adapter_index; /* interface or ~0 if undefined */
#else
    /* non linux platform don't have this constant defined */
#ifndef IFNAMSIZ
#define IFNAMSIZ 16
#endif
    char iface[IFNAMSIZ]; /* interface name (null terminated), may be empty */
#endif

    /* gateway interface hardware address */
    uint8_t hwaddr[6];

    /* gateway/router address */
    struct route_ipv6_gateway_address gateway;

    /* address/netmask pairs bound to interface */
#define RGI_N_ADDRESSES 8
    int n_addrs; /* len of addrs, may be 0 */
    struct route_ipv6_gateway_address addrs[RGI_N_ADDRESSES]; /* local addresses attached to iface */
};

struct route_list {
#define RL_DID_REDIRECT_DEFAULT_GATEWAY (1<<0)
#define RL_DID_LOCAL                    (1<<1)
#define RL_ROUTES_ADDED                 (1<<2)
    unsigned int iflags;

    struct route_special_addr spec;
    struct route_gateway_info rgi;
    unsigned int flags;   /* RG_x flags */
    struct route_ipv4 *routes;
    struct gc_arena gc;
};

struct route_ipv6_list {
    unsigned int iflags;                /* RL_ flags, see route_list */

    unsigned int spec_flags;            /* RTSA_ flags, route_special_addr */
    struct in6_addr remote_endpoint_ipv6; /* inside tun */
    struct in6_addr remote_host_ipv6;   /* --remote address */
    int default_metric;

    struct route_ipv6_gateway_info rgi6;
    unsigned int flags;                 /* RG_x flags, see route_option_list */
    struct route_ipv6 *routes_ipv6;
    struct gc_arena gc;
};

#if P2MP
/* internal OpenVPN route */
struct iroute {
    in_addr_t network;
    int netbits;
    struct iroute *next;
};

struct iroute_ipv6 {
    struct in6_addr network;
    unsigned int netbits;
    struct iroute_ipv6 *next;
};
#endif

struct route_option_list *new_route_option_list(struct gc_arena *a);

struct route_ipv6_option_list *new_route_ipv6_option_list(struct gc_arena *a);

struct route_option_list *clone_route_option_list(const struct route_option_list *src, struct gc_arena *a);

struct route_ipv6_option_list *clone_route_ipv6_option_list(const struct route_ipv6_option_list *src, struct gc_arena *a);

void copy_route_option_list(struct route_option_list *dest, const struct route_option_list *src, struct gc_arena *a);

void copy_route_ipv6_option_list(struct route_ipv6_option_list *dest,
                                 const struct route_ipv6_option_list *src,
                                 struct gc_arena *a);

void route_ipv6_clear_host_bits( struct route_ipv6 *r6 );

void add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx);

void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx);

void add_route(struct route_ipv4 *r,
               const struct tuntap *tt,
               unsigned int flags,
               const struct route_gateway_info *rgi,
               const struct env_set *es,
               openvpn_net_ctx_t *ctx);

void add_route_to_option_list(struct route_option_list *l,
                              const char *network,
                              const char *netmask,
                              const char *gateway,
                              const char *metric);

void add_route_ipv6_to_option_list(struct route_ipv6_option_list *l,
                                   const char *prefix,
                                   const char *gateway,
                                   const char *metric);

bool init_route_list(struct route_list *rl,
                     const struct route_option_list *opt,
                     const char *remote_endpoint,
                     int default_metric,
                     in_addr_t remote_host,
                     struct env_set *es,
                     openvpn_net_ctx_t *ctx);

bool init_route_ipv6_list(struct route_ipv6_list *rl6,
                          const struct route_ipv6_option_list *opt6,
                          const char *remote_endpoint,
                          int default_metric,
                          const struct in6_addr *remote_host,
                          struct env_set *es,
                          openvpn_net_ctx_t *ctx);

void route_list_add_vpn_gateway(struct route_list *rl,
                                struct env_set *es,
                                const in_addr_t addr);

void add_routes(struct route_list *rl,
                struct route_ipv6_list *rl6,
                const struct tuntap *tt,
                unsigned int flags,
                const struct env_set *es,
                openvpn_net_ctx_t *ctx);

void delete_routes(struct route_list *rl,
                   struct route_ipv6_list *rl6,
                   const struct tuntap *tt,
                   unsigned int flags,
                   const struct env_set *es,
                   openvpn_net_ctx_t *ctx);

void setenv_routes(struct env_set *es, const struct route_list *rl);

void setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6);

bool is_special_addr(const char *addr_str);

void get_default_gateway(struct route_gateway_info *rgi,
                         openvpn_net_ctx_t *ctx);

void get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi,
                              const struct in6_addr *dest,
                              openvpn_net_ctx_t *ctx);

void print_default_gateway(const int msglevel,
                           const struct route_gateway_info *rgi,
                           const struct route_ipv6_gateway_info *rgi6);

/*
 * Test if addr is reachable via a local interface (return ILA_LOCAL),
 * or if it needs to be routed via the default gateway (return
 * ILA_NONLOCAL).  If the current platform doesn't implement this
 * function, return ILA_NOT_IMPLEMENTED.
 */
#define TLA_NOT_IMPLEMENTED 0
#define TLA_NONLOCAL        1
#define TLA_LOCAL           2
int test_local_addr(const in_addr_t addr, const struct route_gateway_info *rgi);

#ifndef ENABLE_SMALL
void print_route_options(const struct route_option_list *rol,
                         int level);

#endif

void print_routes(const struct route_list *rl, int level);

#ifdef _WIN32

void show_routes(int msglev);

bool test_routes(const struct route_list *rl, const struct tuntap *tt);

bool add_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt, DWORD adapter_index);

bool del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt);

#else  /* ifdef _WIN32 */
static inline bool
test_routes(const struct route_list *rl, const struct tuntap *tt)
{
    return true;
}
#endif

bool netmask_to_netbits(const in_addr_t network, const in_addr_t netmask, int *netbits);

int netmask_to_netbits2(in_addr_t netmask);

static inline in_addr_t
netbits_to_netmask(const int netbits)
{
    const int addrlen = sizeof(in_addr_t) * 8;
    in_addr_t mask = 0;
    if (netbits > 0 && netbits <= addrlen)
    {
        mask = IPV4_NETMASK_HOST << (addrlen-netbits);
    }
    return mask;
}

static inline bool
route_list_vpn_gateway_needed(const struct route_list *rl)
{
    if (!rl)
    {
        return false;
    }
    else
    {
        return !(rl->spec.flags & RTSA_REMOTE_ENDPOINT);
    }
}

static inline int
route_did_redirect_default_gateway(const struct route_list *rl)
{
    return rl && BOOL_CAST(rl->iflags & RL_DID_REDIRECT_DEFAULT_GATEWAY);
}

#endif /* ifndef ROUTE_H */