2 This file is part of GNUnet.
3 (C) 2010, 2011, 2012 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file exit/gnunet-helper-exit.c
23 * @brief the helper for exit nodes. Opens a virtual network-interface,
24 * sends data received on the if to stdout, sends data received on stdin to the
26 * @author Philipp Tölke
29 * - need to add code to setup ip_forwarding and NAT (for IPv4) so that
30 * users don't need to ALSO do admin work; this is what will set
31 * gnunet-helper-exit.c apart from gnunet-helper-vpn.c
33 * The following list of people have reviewed this code and considered
34 * it safe since the last modification (if you reviewed it, please
35 * have your name added to the list):
40 #include <linux/if_tun.h>
43 * Need 'struct GNUNET_MessageHeader'.
45 #include "gnunet_common.h"
48 * Need VPN message types.
50 #include "gnunet_protocols.h"
53 * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE)
55 #define MAX_SIZE 65536
59 * This is in linux/include/net/ipv6.h, but not always exported...
63 struct in6_addr ifr6_addr;
64 uint32_t ifr6_prefixlen;
65 unsigned int ifr6_ifindex;
71 * Creates a tun-interface called dev;
73 * @param dev is asumed to point to a char[IFNAMSIZ]
74 * if *dev == '\\0', uses the name supplied by the kernel;
75 * @return the fd to the tun or -1 on error
89 if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
91 fprintf (stderr, "Error opening `%s': %s\n", "/dev/net/tun",
98 fprintf (stderr, "File descriptor to large: %d", fd);
102 memset (&ifr, 0, sizeof (ifr));
103 ifr.ifr_flags = IFF_TUN;
106 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
108 if (-1 == ioctl (fd, TUNSETIFF, (void *) &ifr))
110 fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun",
115 strcpy (dev, ifr.ifr_name);
121 * @brief Sets the IPv6-Address given in address on the interface dev
123 * @param dev the interface to configure
124 * @param address the IPv6-Address
125 * @param prefix_len the length of the network-prefix
128 set_address6 (const char *dev, const char *address, unsigned long prefix_len)
131 struct in6_ifreq ifr6;
132 struct sockaddr_in6 sa6;
136 * parse the new address
138 memset (&sa6, 0, sizeof (struct sockaddr_in6));
139 sa6.sin6_family = AF_INET6;
140 if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
142 fprintf (stderr, "Failed to parse address `%s': %s\n", address,
147 if (-1 == (fd = socket (PF_INET6, SOCK_DGRAM, 0)))
149 fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
153 memset (&ifr, 0, sizeof (struct ifreq));
155 * Get the index of the if
157 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
158 if (-1 == ioctl (fd, SIOGIFINDEX, &ifr))
160 fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
165 memset (&ifr6, 0, sizeof (struct in6_ifreq));
166 ifr6.ifr6_addr = sa6.sin6_addr;
167 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
168 ifr6.ifr6_prefixlen = prefix_len;
173 if (-1 == ioctl (fd, SIOCSIFADDR, &ifr6))
175 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
184 if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
186 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
193 * Add the UP and RUNNING flags
195 ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
196 if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
198 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
206 fprintf (stderr, "close failed: %s\n", strerror (errno));
213 * @brief Sets the IPv4-Address given in address on the interface dev
215 * @param dev the interface to configure
216 * @param address the IPv4-Address
217 * @param mask the netmask
220 set_address4 (const char *dev, const char *address, const char *mask)
223 struct sockaddr_in *addr;
226 memset (&ifr, 0, sizeof (struct ifreq));
227 addr = (struct sockaddr_in *) &(ifr.ifr_addr);
228 addr->sin_family = AF_INET;
233 if (1 != inet_pton (AF_INET, address, &addr->sin_addr.s_addr))
235 fprintf (stderr, "Failed to parse address `%s': %s\n", address,
240 if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
242 fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
246 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
251 if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
253 fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
261 addr = (struct sockaddr_in *) &(ifr.ifr_netmask);
262 if (1 != inet_pton (AF_INET, mask, &addr->sin_addr.s_addr))
264 fprintf (stderr, "Failed to parse address `%s': %s\n", mask,
273 if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr))
275 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
284 if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
286 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
293 * Add the UP and RUNNING flags
295 ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
296 if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
298 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
306 fprintf (stderr, "close failed: %s\n", strerror (errno));
314 * Start forwarding to and from the tunnel.
316 * @param fd_tun tunnel FD
322 * The buffer filled by reading from fd_tun
324 unsigned char buftun[MAX_SIZE];
325 ssize_t buftun_size = 0;
326 unsigned char *buftun_read = NULL;
329 * The buffer filled by reading from stdin
331 unsigned char bufin[MAX_SIZE];
332 ssize_t bufin_size = 0;
333 size_t bufin_rpos = 0;
334 unsigned char *bufin_read = NULL;
339 /* read refers to reading from fd_tun, writing to stdout */
342 /* write refers to reading from stdin, writing to fd_tun */
345 while ((1 == read_open) || (1 == write_open))
351 * We are supposed to read and the buffer is empty
352 * -> select on read from tun
354 if (read_open && (0 == buftun_size))
355 FD_SET (fd_tun, &fds_r);
358 * We are supposed to read and the buffer is not empty
359 * -> select on write to stdout
361 if (read_open && (0 != buftun_size))
365 * We are supposed to write and the buffer is empty
366 * -> select on read from stdin
368 if (write_open && (NULL == bufin_read))
372 * We are supposed to write and the buffer is not empty
373 * -> select on write to tun
375 if (write_open && (NULL != bufin_read))
376 FD_SET (fd_tun, &fds_w);
378 int r = select (fd_tun + 1, &fds_r, &fds_w, NULL, NULL);
384 fprintf (stderr, "select failed: %s\n", strerror (errno));
390 if (FD_ISSET (fd_tun, &fds_r))
393 read (fd_tun, buftun + sizeof (struct GNUNET_MessageHeader),
394 MAX_SIZE - sizeof (struct GNUNET_MessageHeader));
395 if (-1 == buftun_size)
397 fprintf (stderr, "read-error: %s\n", strerror (errno));
398 shutdown (fd_tun, SHUT_RD);
399 shutdown (1, SHUT_WR);
403 else if (0 == buftun_size)
405 fprintf (stderr, "EOF on tun\n");
406 shutdown (fd_tun, SHUT_RD);
407 shutdown (1, SHUT_WR);
413 buftun_read = buftun;
414 struct GNUNET_MessageHeader *hdr =
415 (struct GNUNET_MessageHeader *) buftun;
416 buftun_size += sizeof (struct GNUNET_MessageHeader);
417 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
418 hdr->size = htons (buftun_size);
421 else if (FD_ISSET (1, &fds_w))
423 ssize_t written = write (1, buftun_read, buftun_size);
427 fprintf (stderr, "write-error to stdout: %s\n", strerror (errno));
428 shutdown (fd_tun, SHUT_RD);
429 shutdown (1, SHUT_WR);
433 else if (0 == written)
435 fprintf (stderr, "write returned 0!?\n");
440 buftun_size -= written;
441 buftun_read += written;
445 if (FD_ISSET (0, &fds_r))
447 bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
448 if (-1 == bufin_size)
450 fprintf (stderr, "read-error: %s\n", strerror (errno));
451 shutdown (0, SHUT_RD);
452 shutdown (fd_tun, SHUT_WR);
456 else if (0 == bufin_size)
458 fprintf (stderr, "EOF on stdin\n");
459 shutdown (0, SHUT_RD);
460 shutdown (fd_tun, SHUT_WR);
466 struct GNUNET_MessageHeader *hdr;
469 bufin_rpos += bufin_size;
470 if (bufin_rpos < sizeof (struct GNUNET_MessageHeader))
472 hdr = (struct GNUNET_MessageHeader *) bufin;
473 if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
475 fprintf (stderr, "protocol violation!\n");
478 if (ntohs (hdr->size) > bufin_rpos)
480 bufin_read = bufin + sizeof (struct GNUNET_MessageHeader);
481 bufin_size = ntohs (hdr->size) - sizeof (struct GNUNET_MessageHeader);
482 bufin_rpos -= bufin_size + sizeof (struct GNUNET_MessageHeader);
485 else if (FD_ISSET (fd_tun, &fds_w))
487 ssize_t written = write (fd_tun, bufin_read, bufin_size);
491 fprintf (stderr, "write-error to tun: %s\n", strerror (errno));
492 shutdown (0, SHUT_RD);
493 shutdown (fd_tun, SHUT_WR);
497 else if (0 == written)
499 fprintf (stderr, "write returned 0!?\n");
504 bufin_size -= written;
505 bufin_read += written;
508 memmove (bufin, bufin_read, bufin_rpos);
509 bufin_read = NULL; /* start reading again */
521 * Open VPN tunnel interface.
523 * @param argc must be 6
524 * @param argv 0: binary name (gnunet-helper-vpn)
525 * 1: tunnel interface name (gnunet-vpn)
526 * 2: IPv6 address (::1)
527 * 3: IPv6 netmask length in bits (64)
528 * 4: IPv4 address (1.2.3.4)
529 * 5: IPv4 netmask (255.255.0.0)
532 main (int argc, char **argv)
540 fprintf (stderr, "Fatal: must supply 5 arguments!\n");
544 strncpy (dev, argv[1], IFNAMSIZ);
545 dev[IFNAMSIZ - 1] = '\0';
547 if (-1 == (fd_tun = init_tun (dev)))
549 fprintf (stderr, "Fatal: could not initialize tun-interface\n");
554 const char *address = argv[2];
555 long prefix_len = atol (argv[3]);
557 if ((prefix_len < 1) || (prefix_len > 127))
559 fprintf (stderr, "Fatal: prefix_len out of range\n");
563 set_address6 (dev, address, prefix_len);
567 const char *address = argv[4];
568 const char *mask = argv[5];
570 set_address4 (dev, address, mask);
573 uid_t uid = getuid ();
574 #ifdef HAVE_SETRESUID
575 if (0 != setresuid (uid, uid, uid))
577 fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
582 if (0 != (setuid (uid) | seteuid (uid)))
584 fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
590 if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
592 fprintf (stderr, "Failed to protect against SIGPIPE: %s\n",
594 /* no exit, we might as well die with SIGPIPE should it ever happen */