2 This file is part of GNUnet.
3 Copyright (C) 2010, 2012 Christian Grothoff
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @file vpn/gnunet-helper-vpn.c
23 * @brief the helper for the VPN service. Opens a virtual network-interface,
24 * sends data received on the if to stdout, sends data received on stdin to the
26 * @author Philipp Tölke
27 * @author Christian Grothoff
29 * The following list of people have reviewed this code and considered
30 * it safe since the last modification (if you reviewed it, please
31 * have your name added to the list):
41 * Need 'struct GNUNET_MessageHeader'.
43 #include "gnunet_crypto_lib.h"
44 #include "gnunet_common.h"
47 * Need VPN message types.
49 #include "gnunet_protocols.h"
52 * Should we print (interesting|debug) messages that can happen during
55 #define DEBUG GNUNET_NO
58 * Maximum size of a GNUnet message (GNUNET_MAX_MESSAGE_SIZE)
60 #define MAX_SIZE 65536
62 #if ! defined(__ANDROID__)
65 * This is in linux/include/net/ipv6.h, but not always exported...
69 struct in6_addr ifr6_addr;
70 uint32_t ifr6_prefixlen;
71 unsigned int ifr6_ifindex;
78 * Creates a tun-interface called dev;
80 * @param dev is asumed to point to a char[IFNAMSIZ]
81 * if *dev == '\\0', uses the name supplied by the kernel;
82 * @return the fd to the tun or -1 on error
96 if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
99 "Error opening `%s': %s\n",
105 if (fd >= FD_SETSIZE)
108 "File descriptor to large: %d",
114 memset (&ifr, 0, sizeof(ifr));
115 ifr.ifr_flags = IFF_TUN;
118 strncpy (ifr.ifr_name,
127 "Error with ioctl on `%s': %s\n",
133 strcpy (dev, ifr.ifr_name);
139 * @brief Sets the IPv6-Address given in address on the interface dev
141 * @param dev the interface to configure
142 * @param address the IPv6-Address
143 * @param prefix_len the length of the network-prefix
146 set_address6 (const char *dev,
148 unsigned long prefix_len)
151 struct in6_ifreq ifr6;
152 struct sockaddr_in6 sa6;
156 * parse the new address
158 memset (&sa6, 0, sizeof(struct sockaddr_in6));
159 sa6.sin6_family = AF_INET6;
160 if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
163 "Failed to parse IPv6 address `%s'\n",
168 if (-1 == (fd = socket (PF_INET6, SOCK_DGRAM, 0)))
171 "Error creating socket: %s\n",
176 memset (&ifr, 0, sizeof(struct ifreq));
178 * Get the index of the if
180 strncpy (ifr.ifr_name,
188 "ioctl failed at %d: %s\n",
195 memset (&ifr6, 0, sizeof(struct in6_ifreq));
196 ifr6.ifr6_addr = sa6.sin6_addr;
197 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
198 ifr6.ifr6_prefixlen = prefix_len;
208 "ioctl failed at line %d: %s\n",
223 "ioctl failed at line %d: %s\n",
231 * Add the UP and RUNNING flags
233 ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
239 "ioctl failed at line %d: %s\n",
249 "close failed: %s\n",
257 * @brief Sets the IPv4-Address given in address on the interface dev
259 * @param dev the interface to configure
260 * @param address the IPv4-Address
261 * @param mask the netmask
264 set_address4 (const char *dev,
269 struct sockaddr_in *addr;
272 memset (&ifr, 0, sizeof(struct ifreq));
273 addr = (struct sockaddr_in *) &(ifr.ifr_addr);
274 addr->sin_family = AF_INET;
279 if (1 != inet_pton (AF_INET,
281 &addr->sin_addr.s_addr))
284 "Failed to parse IPv4 address `%s'\n",
289 if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
292 "Error creating socket: %s\n",
297 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
302 if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
305 "ioctl failed at %d: %s\n",
315 addr = (struct sockaddr_in *) &(ifr.ifr_netmask);
316 if (1 != inet_pton (AF_INET,
318 &addr->sin_addr.s_addr))
321 "Failed to parse IPv4 address mask `%s'\n",
330 if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr))
333 "ioctl failed at line %d: %s\n",
343 if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
346 "ioctl failed at line %d: %s\n",
354 * Add the UP and RUNNING flags
356 ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
357 if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
360 "ioctl failed at line %d: %s\n",
370 "close failed: %s\n",
379 * Start forwarding to and from the tunnel.
381 * @param fd_tun tunnel FD
387 * The buffer filled by reading from fd_tun
389 unsigned char buftun[MAX_SIZE];
390 ssize_t buftun_size = 0;
391 unsigned char *buftun_read = NULL;
394 * The buffer filled by reading from stdin
396 unsigned char bufin[MAX_SIZE];
397 ssize_t bufin_size = 0;
398 size_t bufin_rpos = 0;
399 unsigned char *bufin_read = NULL;
404 /* read refers to reading from fd_tun, writing to stdout */
407 /* write refers to reading from stdin, writing to fd_tun */
410 while ((1 == read_open) && (1 == write_open))
416 * We are supposed to read and the buffer is empty
417 * -> select on read from tun
419 if (read_open && (0 == buftun_size))
420 FD_SET (fd_tun, &fds_r);
423 * We are supposed to read and the buffer is not empty
424 * -> select on write to stdout
426 if (read_open && (0 != buftun_size))
430 * We are supposed to write and the buffer is empty
431 * -> select on read from stdin
433 if (write_open && (NULL == bufin_read))
437 * We are supposed to write and the buffer is not empty
438 * -> select on write to tun
440 if (write_open && (NULL != bufin_read))
441 FD_SET (fd_tun, &fds_w);
443 int r = select (fd_tun + 1, &fds_r, &fds_w, NULL, NULL);
450 "select failed: %s\n",
457 if (FD_ISSET (fd_tun, &fds_r))
460 read (fd_tun, buftun + sizeof(struct GNUNET_MessageHeader),
461 MAX_SIZE - sizeof(struct GNUNET_MessageHeader));
462 if (-1 == buftun_size)
467 shutdown (fd_tun, SHUT_RD);
468 shutdown (1, SHUT_WR);
472 else if (0 == buftun_size)
474 fprintf (stderr, "EOF on tun\n");
475 shutdown (fd_tun, SHUT_RD);
476 shutdown (1, SHUT_WR);
482 buftun_read = buftun;
483 struct GNUNET_MessageHeader *hdr =
484 (struct GNUNET_MessageHeader *) buftun;
485 buftun_size += sizeof(struct GNUNET_MessageHeader);
486 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
487 hdr->size = htons (buftun_size);
490 else if (FD_ISSET (1, &fds_w))
492 ssize_t written = write (1,
502 "write-error to stdout: %s\n",
504 shutdown (fd_tun, SHUT_RD);
505 shutdown (1, SHUT_WR);
509 else if (0 == written)
512 "write returned 0!?\n");
517 buftun_size -= written;
518 buftun_read += written;
522 if (FD_ISSET (0, &fds_r))
524 bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
525 if (-1 == bufin_size)
530 shutdown (0, SHUT_RD);
531 shutdown (fd_tun, SHUT_WR);
535 else if (0 == bufin_size)
538 fprintf (stderr, "EOF on stdin\n");
540 shutdown (0, SHUT_RD);
541 shutdown (fd_tun, SHUT_WR);
547 struct GNUNET_MessageHeader *hdr;
550 bufin_rpos += bufin_size;
551 if (bufin_rpos < sizeof(struct GNUNET_MessageHeader))
553 hdr = (struct GNUNET_MessageHeader *) bufin;
554 if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
557 "protocol violation!\n");
560 if (ntohs (hdr->size) > bufin_rpos)
562 bufin_read = bufin + sizeof(struct GNUNET_MessageHeader);
563 bufin_size = ntohs (hdr->size) - sizeof(struct GNUNET_MessageHeader);
564 bufin_rpos -= bufin_size + sizeof(struct GNUNET_MessageHeader);
567 else if (FD_ISSET (fd_tun, &fds_w))
569 ssize_t written = write (fd_tun,
576 "write-error to tun: %s\n",
578 shutdown (0, SHUT_RD);
579 shutdown (fd_tun, SHUT_WR);
583 else if (0 == written)
585 fprintf (stderr, "write returned 0!?\n");
590 bufin_size -= written;
591 bufin_read += written;
594 memmove (bufin, bufin_read, bufin_rpos);
595 bufin_read = NULL; /* start reading again */
607 * Open VPN tunnel interface.
609 * @param argc must be 6
610 * @param argv 0: binary name (gnunet-helper-vpn)
611 * 1: tunnel interface name (gnunet-vpn)
612 * 2: IPv6 address (::1), "-" to disable
613 * 3: IPv6 netmask length in bits (64), ignored if #2 is "-"
614 * 4: IPv4 address (1.2.3.4), "-" to disable
615 * 5: IPv4 netmask (255.255.0.0), ignored if #4 is "-"
618 main (int argc, char **argv)
626 fprintf (stderr, "Fatal: must supply 5 arguments!\n");
633 dev[IFNAMSIZ - 1] = '\0';
635 if (-1 == (fd_tun = init_tun (dev)))
638 "Fatal: could not initialize tun-interface `%s' with IPv6 %s/%s and IPv4 %s/%s\n",
647 if (0 != strcmp (argv[2], "-"))
649 const char *address = argv[2];
650 long prefix_len = atol (argv[3]);
652 if ((prefix_len < 1) || (prefix_len > 127))
655 "Fatal: prefix_len out of range\n");
665 if (0 != strcmp (argv[4], "-"))
667 const char *address = argv[4];
668 const char *mask = argv[5];
670 set_address4 (dev, address, mask);
673 uid_t uid = getuid ();
674 #ifdef HAVE_SETRESUID
675 if (0 != setresuid (uid, uid, uid))
678 "Failed to setresuid: %s\n",
684 if (0 != (setuid (uid) | seteuid (uid)))
687 "Failed to setuid: %s\n",
694 if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
697 "Failed to protect against SIGPIPE: %s\n",
699 /* no exit, we might as well die with SIGPIPE should it ever happen */