2 This file is part of GNUnet.
3 (C) 2010 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 * @file vpn/gnunet-daemon-vpn.c
23 * @brief the helper for various vpn-daemons. Opens a virtual network-interface,
24 * sends data received on the if to stdout, sends data received on stdin to the
26 * @author Philipp Tölke
28 * The following list of people have reviewed this code and considered
29 * it safe since the last modification (if you reviewed it, please
30 * have your name added to the list):
35 #include <linux/if_tun.h>
38 * Need 'struct GNUNET_MessageHeader'.
40 #include "gnunet_common.h"
43 * Need VPN message types.
45 #include "gnunet_protocols.h"
48 * Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE)
50 #define MAX_SIZE 65536
54 * This is in linux/include/net/ipv6.h, but not always exported...
58 struct in6_addr ifr6_addr;
59 uint32_t ifr6_prefixlen;
60 unsigned int ifr6_ifindex;
65 * Creates a tun-interface called dev;
66 * @param dev is asumed to point to a char[IFNAMSIZ]
67 * if *dev == '\\0', uses the name supplied by the kernel
68 * @return the fd to the tun or -1 on error
82 if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
85 "Error opening `%s': %s\n", "/dev/net/tun", strerror (errno));
91 fprintf (stderr, "File descriptor to large: %d", fd);
95 memset (&ifr, 0, sizeof (ifr));
96 ifr.ifr_flags = IFF_TUN;
99 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
101 if (-1 == ioctl (fd, TUNSETIFF, (void *) &ifr))
104 "Error with ioctl on `%s': %s\n",
105 "/dev/net/tun", strerror (errno));
109 strcpy (dev, ifr.ifr_name);
115 * @brief Sets the IPv6-Address given in address on the interface dev
117 * @param dev the interface to configure
118 * @param address the IPv6-Address
119 * @param prefix_len the length of the network-prefix
122 set_address6 (const char *dev, const char *address, unsigned long prefix_len)
125 struct in6_ifreq ifr6;
126 struct sockaddr_in6 sa6;
130 * parse the new address
132 memset (&sa6, 0, sizeof (struct sockaddr_in6));
133 if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
136 "Failed to parse address `%s': %s\n", address, strerror (errno));
140 if (-1 == (fd = socket (PF_INET6, SOCK_DGRAM, 0)))
142 fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
146 sa6.sin6_family = AF_INET6;
147 memcpy (&ifr6.ifr6_addr, &sa6.sin6_addr, sizeof (struct in6_addr));
151 * Get the index of the if
153 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
154 if (-1 == ioctl (fd, SIOGIFINDEX, &ifr))
156 fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
159 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
161 ifr6.ifr6_prefixlen = prefix_len;
166 if (-1 == ioctl (fd, SIOCSIFADDR, &ifr6))
169 "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
176 if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
179 "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
184 * Add the UP and RUNNING flags
186 ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
187 if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
190 "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
196 fprintf (stderr, "close failed: %s\n", strerror (errno));
203 * @brief Sets the IPv4-Address given in address on the interface dev
205 * @param dev the interface to configure
206 * @param address the IPv4-Address
207 * @param mask the netmask
210 set_address4 (const char *dev, const char *address, const char *mask)
213 struct sockaddr_in *addr;
216 memset (&ifr, 0, sizeof (struct ifreq));
217 addr = (struct sockaddr_in *) &(ifr.ifr_addr);
218 memset (addr, 0, sizeof (struct sockaddr_in));
219 addr->sin_family = AF_INET;
220 addr->sin_addr.s_addr = inet_addr (address);
225 if (1 != inet_pton (AF_INET, address, &addr->sin_addr.s_addr))
228 "Failed to parse address `%s': %s\n", address, strerror (errno));
233 if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
235 fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
239 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
244 if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
246 fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
253 addr = (struct sockaddr_in *) &(ifr.ifr_netmask);
254 if (1 != inet_pton (AF_INET, mask, &addr->sin_addr.s_addr))
257 "Failed to parse address `%s': %s\n", mask, strerror (errno));
264 if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr))
267 "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
274 if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
277 "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
282 * Add the UP and RUNNING flags
284 ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
285 if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
288 "ioctl failed at line %d: %s\n", __LINE__, strerror (errno));
294 fprintf (stderr, "close failed: %s\n", strerror (errno));
304 * The buffer filled by reading from fd_tun
306 unsigned char buftun[MAX_SIZE];
307 ssize_t buftun_size = 0;
308 unsigned char *buftun_read;
311 * The buffer filled by reading from stdin
313 unsigned char bufin[MAX_SIZE];
314 ssize_t bufin_size = 0;
315 size_t bufin_rpos = 0;
316 unsigned char *bufin_read = NULL;
321 /* read refers to reading from fd_tun, writing to stdout */
324 /* write refers to reading from stdin, writing to fd_tun */
327 while ((1 == read_open) || (1 == write_open))
333 * We are supposed to read and the buffer is empty
334 * -> select on read from tun
336 if (read_open && (0 == buftun_size))
337 FD_SET (fd_tun, &fds_r);
340 * We are supposed to read and the buffer is not empty
341 * -> select on write to stdout
343 if (read_open && (0 != buftun_size))
347 * We are supposed to write and the buffer is empty
348 * -> select on read from stdin
350 if (write_open && (NULL == bufin_read))
354 * We are supposed to write and the buffer is not empty
355 * -> select on write to tun
357 if (write_open && (NULL != bufin_read))
358 FD_SET (fd_tun, &fds_w);
360 int r = select (fd_tun + 1, &fds_r, &fds_w, NULL, NULL);
366 fprintf (stderr, "select failed: %s\n", strerror (errno));
372 if (FD_ISSET (fd_tun, &fds_r))
375 read (fd_tun, buftun + sizeof (struct GNUNET_MessageHeader),
376 MAX_SIZE - sizeof (struct GNUNET_MessageHeader));
377 if (-1 == buftun_size)
379 fprintf (stderr, "read-error: %s\n", strerror (errno));
380 shutdown (fd_tun, SHUT_RD);
381 shutdown (1, SHUT_WR);
385 else if (0 == buftun_size)
387 fprintf (stderr, "EOF on tun\n");
388 shutdown (fd_tun, SHUT_RD);
389 shutdown (1, SHUT_WR);
395 buftun_read = buftun;
396 struct GNUNET_MessageHeader *hdr =
397 (struct GNUNET_MessageHeader *) buftun;
398 buftun_size += sizeof (struct GNUNET_MessageHeader);
399 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
400 hdr->size = htons (buftun_size);
403 else if (FD_ISSET (1, &fds_w))
405 ssize_t written = write (1, buftun_read, buftun_size);
409 fprintf (stderr, "write-error to stdout: %s\n", strerror (errno));
410 shutdown (fd_tun, SHUT_RD);
411 shutdown (1, SHUT_WR);
415 else if (0 == written)
417 fprintf (stderr, "write returned 0!?\n");
422 buftun_size -= written;
423 buftun_read += written;
427 if (FD_ISSET (0, &fds_r))
429 bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
430 if (-1 == bufin_size)
432 fprintf (stderr, "read-error: %s\n", strerror (errno));
433 shutdown (0, SHUT_RD);
434 shutdown (fd_tun, SHUT_WR);
438 else if (0 == bufin_size)
440 fprintf (stderr, "EOF on stdin\n");
441 shutdown (0, SHUT_RD);
442 shutdown (fd_tun, SHUT_WR);
448 struct GNUNET_MessageHeader *hdr;
451 bufin_rpos += bufin_size;
452 if (bufin_rpos < sizeof (struct GNUNET_MessageHeader))
454 hdr = (struct GNUNET_MessageHeader *) bufin;
455 if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
457 fprintf (stderr, "protocol violation!\n");
460 if (ntohs (hdr->size) > bufin_rpos)
462 bufin_read = bufin + sizeof (struct GNUNET_MessageHeader);
463 bufin_size = ntohs (hdr->size) - sizeof (struct GNUNET_MessageHeader);
464 bufin_rpos -= bufin_size + sizeof (struct GNUNET_MessageHeader);
467 else if (FD_ISSET (fd_tun, &fds_w))
469 ssize_t written = write (fd_tun, bufin_read, bufin_size);
473 fprintf (stderr, "write-error to tun: %s\n", strerror (errno));
474 shutdown (0, SHUT_RD);
475 shutdown (fd_tun, SHUT_WR);
479 else if (0 == written)
481 fprintf (stderr, "write returned 0!?\n");
486 bufin_size -= written;
487 bufin_read += written;
490 memmove (bufin, bufin_read, bufin_rpos);
491 bufin_read = NULL; /* start reading again */
503 main (int argc, char **argv)
510 fprintf (stderr, "Fatal: must supply 5 arguments!\n");
514 strncpy (dev, argv[1], IFNAMSIZ);
515 dev[IFNAMSIZ - 1] = '\0';
517 if (-1 == (fd_tun = init_tun (dev)))
519 fprintf (stderr, "Fatal: could not initialize tun-interface\n");
524 const char *address = argv[2];
525 long prefix_len = atol (argv[3]);
527 if ((prefix_len < 1) || (prefix_len > 127))
529 fprintf (stderr, "Fatal: prefix_len out of range\n");
533 set_address6 (dev, address, prefix_len);
537 const char *address = argv[4];
538 const char *mask = argv[5];
540 set_address4 (dev, address, mask);
543 uid_t uid = getuid ();
545 if (0 != setresuid (uid, uid, uid))
546 fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
547 if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
549 "Failed to protect against SIGPIPE: %s\n", strerror (errno));