WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
SPDX-License-Identifier: AGPL3.0-or-later
-*/
+ */
/**
* @file dns/gnunet-helper-dns.c
/**
* This is in linux/include/net/ipv6.h, but not always exported...
*/
-struct in6_ifreq
-{
+struct in6_ifreq {
struct in6_addr ifr6_addr;
uint32_t ifr6_prefixlen;
unsigned int ifr6_ifindex;
* @param signal signal number of the signal (not used)
*/
static void
-signal_handler (int signal)
+signal_handler(int signal)
{
/* ignore return value, as the signal handler could theoretically
be called many times before the shutdown can actually happen */
- (void) write (cpipe[1], "K", 1);
+ (void)write(cpipe[1], "K", 1);
}
* @param flags open flags (O_RDONLY, O_WRONLY)
*/
static void
-open_dev_null (int target_fd,
- int flags)
+open_dev_null(int target_fd,
+ int flags)
{
int fd;
- fd = open ("/dev/null", flags);
+ fd = open("/dev/null", flags);
if (-1 == fd)
- abort ();
+ abort();
if (fd == target_fd)
return;
- if (-1 == dup2 (fd, target_fd))
- {
- (void) close (fd);
- abort ();
- }
- (void) close (fd);
+ if (-1 == dup2(fd, target_fd))
+ {
+ (void)close(fd);
+ abort();
+ }
+ (void)close(fd);
}
* @return 0 on success, 1 on any error
*/
static int
-fork_and_exec (const char *file,
- char *const cmd[])
+fork_and_exec(const char *file,
+ char *const cmd[])
{
int status;
pid_t pid;
pid_t ret;
- pid = fork ();
+ pid = fork();
if (-1 == pid)
- {
- fprintf (stderr,
- "fork failed: %s\n",
- strerror (errno));
- return 1;
- }
+ {
+ fprintf(stderr,
+ "fork failed: %s\n",
+ strerror(errno));
+ return 1;
+ }
if (0 == pid)
- {
- /* we are the child process */
- /* close stdin/stdout to not cause interference
- with the helper's main protocol! */
- (void) close (0);
- open_dev_null (0, O_RDONLY);
- (void) close (1);
- open_dev_null (1, O_WRONLY);
- (void) execv (file, cmd);
- /* can only get here on error */
- fprintf (stderr,
- "exec `%s' failed: %s\n",
- file,
- strerror (errno));
- _exit (1);
- }
+ {
+ /* we are the child process */
+ /* close stdin/stdout to not cause interference
+ with the helper's main protocol! */
+ (void)close(0);
+ open_dev_null(0, O_RDONLY);
+ (void)close(1);
+ open_dev_null(1, O_WRONLY);
+ (void)execv(file, cmd);
+ /* can only get here on error */
+ fprintf(stderr,
+ "exec `%s' failed: %s\n",
+ file,
+ strerror(errno));
+ _exit(1);
+ }
/* keep running waitpid as long as the only error we get is 'EINTR' */
- while ( (-1 == (ret = waitpid (pid, &status, 0))) &&
- (errno == EINTR) );
+ while ((-1 == (ret = waitpid(pid, &status, 0))) &&
+ (errno == EINTR))
+ ;
if (-1 == ret)
- {
- fprintf (stderr,
- "waitpid failed: %s\n",
- strerror (errno));
- return 1;
- }
- if (! (WIFEXITED (status) && (0 == WEXITSTATUS (status))))
+ {
+ fprintf(stderr,
+ "waitpid failed: %s\n",
+ strerror(errno));
+ return 1;
+ }
+ if (!(WIFEXITED(status) && (0 == WEXITSTATUS(status))))
return 1;
/* child process completed and returned success, we're happy */
return 0;
* @return the fd to the tun or -1 on error
*/
static int
-init_tun (char *dev)
+init_tun(char *dev)
{
struct ifreq ifr;
int fd;
if (NULL == dev)
- {
- errno = EINVAL;
- return -1;
- }
+ {
+ errno = EINVAL;
+ return -1;
+ }
- if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
- {
- fprintf (stderr, "Error opening `%s': %s\n", "/dev/net/tun",
- strerror (errno));
- return -1;
- }
+ if (-1 == (fd = open("/dev/net/tun", O_RDWR)))
+ {
+ fprintf(stderr, "Error opening `%s': %s\n", "/dev/net/tun",
+ strerror(errno));
+ return -1;
+ }
if (fd >= FD_SETSIZE)
- {
- fprintf (stderr, "File descriptor to large: %d", fd);
- (void) close (fd);
- return -1;
- }
+ {
+ fprintf(stderr, "File descriptor to large: %d", fd);
+ (void)close(fd);
+ return -1;
+ }
- memset (&ifr, 0, sizeof (ifr));
+ memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = IFF_TUN;
if ('\0' != *dev)
- strncpy (ifr.ifr_name, dev, IFNAMSIZ);
+ strncpy(ifr.ifr_name, dev, IFNAMSIZ);
- if (-1 == ioctl (fd, TUNSETIFF, (void *) &ifr))
- {
- fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun",
- strerror (errno));
- (void) close (fd);
- return -1;
- }
- strcpy (dev, ifr.ifr_name);
+ if (-1 == ioctl(fd, TUNSETIFF, (void *)&ifr))
+ {
+ fprintf(stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun",
+ strerror(errno));
+ (void)close(fd);
+ return -1;
+ }
+ strcpy(dev, ifr.ifr_name);
return fd;
}
* @param prefix_len the length of the network-prefix
*/
static void
-set_address6 (const char *dev, const char *address, unsigned long prefix_len)
+set_address6(const char *dev, const char *address, unsigned long prefix_len)
{
struct ifreq ifr;
struct in6_ifreq ifr6;
/*
* parse the new address
*/
- memset (&sa6, 0, sizeof (struct sockaddr_in6));
+ memset(&sa6, 0, sizeof(struct sockaddr_in6));
sa6.sin6_family = AF_INET6;
- if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
- {
- fprintf (stderr,
- "Failed to parse IPv6 address `%s': %s\n",
- address,
- strerror (errno));
- exit (1);
- }
+ if (1 != inet_pton(AF_INET6, address, sa6.sin6_addr.s6_addr))
+ {
+ fprintf(stderr,
+ "Failed to parse IPv6 address `%s': %s\n",
+ address,
+ strerror(errno));
+ exit(1);
+ }
- if (-1 == (fd = socket (PF_INET6, SOCK_DGRAM, 0)))
- {
- fprintf (stderr,
- "Error creating IPv6 socket: %s (ignored)\n",
- strerror (errno));
- /* ignore error, maybe only IPv4 works on this system! */
- return;
- }
+ if (-1 == (fd = socket(PF_INET6, SOCK_DGRAM, 0)))
+ {
+ fprintf(stderr,
+ "Error creating IPv6 socket: %s (ignored)\n",
+ strerror(errno));
+ /* ignore error, maybe only IPv4 works on this system! */
+ return;
+ }
- memset (&ifr, 0, sizeof (struct ifreq));
+ memset(&ifr, 0, sizeof(struct ifreq));
/*
* Get the index of the if
*/
- strncpy (ifr.ifr_name, dev, IFNAMSIZ);
- if (-1 == ioctl (fd, SIOGIFINDEX, &ifr))
- {
- fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ strncpy(ifr.ifr_name, dev, IFNAMSIZ);
+ if (-1 == ioctl(fd, SIOGIFINDEX, &ifr))
+ {
+ fprintf(stderr, "ioctl failed at %d: %s\n", __LINE__, strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
- memset (&ifr6, 0, sizeof (struct in6_ifreq));
+ memset(&ifr6, 0, sizeof(struct in6_ifreq));
ifr6.ifr6_addr = sa6.sin6_addr;
ifr6.ifr6_ifindex = ifr.ifr_ifindex;
ifr6.ifr6_prefixlen = prefix_len;
/*
* Set the address
*/
- if (-1 == ioctl (fd, SIOCSIFADDR, &ifr6))
- {
- fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
- strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ if (-1 == ioctl(fd, SIOCSIFADDR, &ifr6))
+ {
+ fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__,
+ strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
/*
* Get the flags
*/
- if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
- {
- fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
- strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ if (-1 == ioctl(fd, SIOCGIFFLAGS, &ifr))
+ {
+ fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__,
+ strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
/*
* Add the UP and RUNNING flags
*/
ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
- if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
- {
- fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
- strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ if (-1 == ioctl(fd, SIOCSIFFLAGS, &ifr))
+ {
+ fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__,
+ strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
- if (0 != close (fd))
- {
- fprintf (stderr, "close failed: %s\n", strerror (errno));
- exit (1);
- }
+ if (0 != close(fd))
+ {
+ fprintf(stderr, "close failed: %s\n", strerror(errno));
+ exit(1);
+ }
}
* @param mask the netmask
*/
static void
-set_address4 (const char *dev, const char *address, const char *mask)
+set_address4(const char *dev, const char *address, const char *mask)
{
int fd;
struct sockaddr_in *addr;
struct ifreq ifr;
- memset (&ifr, 0, sizeof (struct ifreq));
- addr = (struct sockaddr_in *) &(ifr.ifr_addr);
+ memset(&ifr, 0, sizeof(struct ifreq));
+ addr = (struct sockaddr_in *)&(ifr.ifr_addr);
addr->sin_family = AF_INET;
/*
* Parse the address
*/
- if (1 != inet_pton (AF_INET, address, &addr->sin_addr.s_addr))
- {
- fprintf (stderr,
- "Failed to parse IPv4 address `%s': %s\n",
- address,
- strerror (errno));
- exit (1);
- }
+ if (1 != inet_pton(AF_INET, address, &addr->sin_addr.s_addr))
+ {
+ fprintf(stderr,
+ "Failed to parse IPv4 address `%s': %s\n",
+ address,
+ strerror(errno));
+ exit(1);
+ }
- if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
- {
- fprintf (stderr,
- "Error creating IPv4 socket: %s\n",
- strerror (errno));
- exit (1);
- }
+ if (-1 == (fd = socket(PF_INET, SOCK_DGRAM, 0)))
+ {
+ fprintf(stderr,
+ "Error creating IPv4 socket: %s\n",
+ strerror(errno));
+ exit(1);
+ }
- strncpy (ifr.ifr_name, dev, IFNAMSIZ);
+ strncpy(ifr.ifr_name, dev, IFNAMSIZ);
/*
* Set the address
*/
- if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
- {
- fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ if (-1 == ioctl(fd, SIOCSIFADDR, &ifr))
+ {
+ fprintf(stderr, "ioctl failed at %d: %s\n", __LINE__, strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
/*
* Parse the netmask
*/
- addr = (struct sockaddr_in *) &(ifr.ifr_netmask);
- if (1 != inet_pton (AF_INET, mask, &addr->sin_addr.s_addr))
- {
- fprintf (stderr, "Failed to parse address `%s': %s\n", mask,
- strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ addr = (struct sockaddr_in *)&(ifr.ifr_netmask);
+ if (1 != inet_pton(AF_INET, mask, &addr->sin_addr.s_addr))
+ {
+ fprintf(stderr, "Failed to parse address `%s': %s\n", mask,
+ strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
/*
* Set the netmask
*/
- if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr))
- {
- fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
- strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ if (-1 == ioctl(fd, SIOCSIFNETMASK, &ifr))
+ {
+ fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__,
+ strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
/*
* Get the flags
*/
- if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
- {
- fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
- strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ if (-1 == ioctl(fd, SIOCGIFFLAGS, &ifr))
+ {
+ fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__,
+ strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
/*
* Add the UP and RUNNING flags
*/
ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
- if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
- {
- fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
- strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ if (-1 == ioctl(fd, SIOCSIFFLAGS, &ifr))
+ {
+ fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__,
+ strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
- if (0 != close (fd))
- {
- fprintf (stderr, "close failed: %s\n", strerror (errno));
- (void) close (fd);
- exit (1);
- }
+ if (0 != close(fd))
+ {
+ fprintf(stderr, "close failed: %s\n", strerror(errno));
+ (void)close(fd);
+ exit(1);
+ }
}
* @param fd_tun tunnel FD
*/
static void
-run (int fd_tun)
+run(int fd_tun)
{
/*
* The buffer filled by reading from fd_tun
int max;
while (1)
- {
- FD_ZERO (&fds_w);
- FD_ZERO (&fds_r);
-
- /*
- * We are supposed to read and the buffer is empty
- * -> select on read from tun
- */
- if (0 == buftun_size)
- FD_SET (fd_tun, &fds_r);
-
- /*
- * We are supposed to read and the buffer is not empty
- * -> select on write to stdout
- */
- if (0 < buftun_size)
- FD_SET (1, &fds_w);
-
- /*
- * We are supposed to write and the buffer is empty
- * -> select on read from stdin
- */
- if (NULL == bufin_read)
- FD_SET (0, &fds_r);
-
- /*
- * We are supposed to write and the buffer is not empty
- * -> select on write to tun
- */
- if (NULL != bufin_read)
- FD_SET (fd_tun, &fds_w);
-
- FD_SET (cpipe[0], &fds_r);
- max = (fd_tun > cpipe[0]) ? fd_tun : cpipe[0];
-
- int r = select (max + 1, &fds_r, &fds_w, NULL, NULL);
-
- if (-1 == r)
- {
- if (EINTR == errno)
- continue;
- fprintf (stderr, "select failed: %s\n", strerror (errno));
- return;
- }
-
- if (r > 0)
{
- if (FD_ISSET (cpipe[0], &fds_r))
- return; /* aborted by signal */
-
- if (FD_ISSET (fd_tun, &fds_r))
- {
- buftun_size =
- read (fd_tun, buftun + sizeof (struct GNUNET_MessageHeader),
- MAX_SIZE - sizeof (struct GNUNET_MessageHeader));
- if (-1 == buftun_size)
- {
- if ( (errno == EINTR) ||
- (errno == EAGAIN) )
- {
- buftun_size = 0;
- continue;
- }
- fprintf (stderr, "read-error: %s\n", strerror (errno));
- return;
- }
- if (0 == buftun_size)
- {
- fprintf (stderr, "EOF on tun\n");
- return;
- }
- buftun_read = buftun;
- {
- struct GNUNET_MessageHeader *hdr =
- (struct GNUNET_MessageHeader *) buftun;
- buftun_size += sizeof (struct GNUNET_MessageHeader);
- hdr->type = htons (GNUNET_MESSAGE_TYPE_DNS_HELPER);
- hdr->size = htons (buftun_size);
- }
- }
- else if (FD_ISSET (1, &fds_w))
- {
- ssize_t written = write (1, buftun_read, buftun_size);
-
- if (-1 == written)
- {
- if ( (errno == EINTR) ||
- (errno == EAGAIN) )
- continue;
- fprintf (stderr, "write-error to stdout: %s\n", strerror (errno));
- return;
- }
- if (0 == written)
+ FD_ZERO(&fds_w);
+ FD_ZERO(&fds_r);
+
+ /*
+ * We are supposed to read and the buffer is empty
+ * -> select on read from tun
+ */
+ if (0 == buftun_size)
+ FD_SET(fd_tun, &fds_r);
+
+ /*
+ * We are supposed to read and the buffer is not empty
+ * -> select on write to stdout
+ */
+ if (0 < buftun_size)
+ FD_SET(1, &fds_w);
+
+ /*
+ * We are supposed to write and the buffer is empty
+ * -> select on read from stdin
+ */
+ if (NULL == bufin_read)
+ FD_SET(0, &fds_r);
+
+ /*
+ * We are supposed to write and the buffer is not empty
+ * -> select on write to tun
+ */
+ if (NULL != bufin_read)
+ FD_SET(fd_tun, &fds_w);
+
+ FD_SET(cpipe[0], &fds_r);
+ max = (fd_tun > cpipe[0]) ? fd_tun : cpipe[0];
+
+ int r = select(max + 1, &fds_r, &fds_w, NULL, NULL);
+
+ if (-1 == r)
{
- fprintf (stderr, "write returned 0\n");
+ if (EINTR == errno)
+ continue;
+ fprintf(stderr, "select failed: %s\n", strerror(errno));
return;
}
- buftun_size -= written;
- buftun_read += written;
- }
- if (FD_ISSET (0, &fds_r))
- {
- bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
- if (-1 == bufin_size)
+ if (r > 0)
{
- bufin_read = NULL;
- if ( (errno == EINTR) ||
- (errno == EAGAIN) )
- continue;
- fprintf (stderr, "read-error: %s\n", strerror (errno));
- return;
- }
- if (0 == bufin_size)
- {
- bufin_read = NULL;
- fprintf (stderr, "EOF on stdin\n");
- return;
- }
- {
- struct GNUNET_MessageHeader *hdr;
+ if (FD_ISSET(cpipe[0], &fds_r))
+ return; /* aborted by signal */
+
+ if (FD_ISSET(fd_tun, &fds_r))
+ {
+ buftun_size =
+ read(fd_tun, buftun + sizeof(struct GNUNET_MessageHeader),
+ MAX_SIZE - sizeof(struct GNUNET_MessageHeader));
+ if (-1 == buftun_size)
+ {
+ if ((errno == EINTR) ||
+ (errno == EAGAIN))
+ {
+ buftun_size = 0;
+ continue;
+ }
+ fprintf(stderr, "read-error: %s\n", strerror(errno));
+ return;
+ }
+ if (0 == buftun_size)
+ {
+ fprintf(stderr, "EOF on tun\n");
+ return;
+ }
+ buftun_read = buftun;
+ {
+ struct GNUNET_MessageHeader *hdr =
+ (struct GNUNET_MessageHeader *)buftun;
+ buftun_size += sizeof(struct GNUNET_MessageHeader);
+ hdr->type = htons(GNUNET_MESSAGE_TYPE_DNS_HELPER);
+ hdr->size = htons(buftun_size);
+ }
+ }
+ else if (FD_ISSET(1, &fds_w))
+ {
+ ssize_t written = write(1, buftun_read, buftun_size);
+
+ if (-1 == written)
+ {
+ if ((errno == EINTR) ||
+ (errno == EAGAIN))
+ continue;
+ fprintf(stderr, "write-error to stdout: %s\n", strerror(errno));
+ return;
+ }
+ if (0 == written)
+ {
+ fprintf(stderr, "write returned 0\n");
+ return;
+ }
+ buftun_size -= written;
+ buftun_read += written;
+ }
+
+ if (FD_ISSET(0, &fds_r))
+ {
+ bufin_size = read(0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
+ if (-1 == bufin_size)
+ {
+ bufin_read = NULL;
+ if ((errno == EINTR) ||
+ (errno == EAGAIN))
+ continue;
+ fprintf(stderr, "read-error: %s\n", strerror(errno));
+ return;
+ }
+ if (0 == bufin_size)
+ {
+ bufin_read = NULL;
+ fprintf(stderr, "EOF on stdin\n");
+ return;
+ }
+ {
+ struct GNUNET_MessageHeader *hdr;
PROCESS_BUFFER:
- bufin_rpos += bufin_size;
- if (bufin_rpos < sizeof (struct GNUNET_MessageHeader))
- continue;
- hdr = (struct GNUNET_MessageHeader *) bufin;
- if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_DNS_HELPER)
- {
- fprintf (stderr, "protocol violation!\n");
- return;
- }
- if (ntohs (hdr->size) > bufin_rpos)
- continue;
- bufin_read = bufin + sizeof (struct GNUNET_MessageHeader);
- bufin_size = ntohs (hdr->size) - sizeof (struct GNUNET_MessageHeader);
- bufin_rpos -= bufin_size + sizeof (struct GNUNET_MessageHeader);
+ bufin_rpos += bufin_size;
+ if (bufin_rpos < sizeof(struct GNUNET_MessageHeader))
+ continue;
+ hdr = (struct GNUNET_MessageHeader *)bufin;
+ if (ntohs(hdr->type) != GNUNET_MESSAGE_TYPE_DNS_HELPER)
+ {
+ fprintf(stderr, "protocol violation!\n");
+ return;
+ }
+ if (ntohs(hdr->size) > bufin_rpos)
+ continue;
+ bufin_read = bufin + sizeof(struct GNUNET_MessageHeader);
+ bufin_size = ntohs(hdr->size) - sizeof(struct GNUNET_MessageHeader);
+ bufin_rpos -= bufin_size + sizeof(struct GNUNET_MessageHeader);
+ }
+ }
+ else if (FD_ISSET(fd_tun, &fds_w))
+ {
+ ssize_t written = write(fd_tun, bufin_read, bufin_size);
+
+ if (-1 == written)
+ {
+ if ((errno == EINTR) ||
+ (errno == EAGAIN))
+ continue;
+ fprintf(stderr, "write-error to tun: %s\n", strerror(errno));
+ return;
+ }
+ if (0 == written)
+ {
+ fprintf(stderr, "write returned 0\n");
+ return;
+ }
+ {
+ bufin_size -= written;
+ bufin_read += written;
+ if (0 == bufin_size)
+ {
+ memmove(bufin, bufin_read, bufin_rpos);
+ bufin_read = NULL; /* start reading again */
+ bufin_size = 0;
+ goto PROCESS_BUFFER;
+ }
+ }
+ }
}
- }
- else if (FD_ISSET (fd_tun, &fds_w))
- {
- ssize_t written = write (fd_tun, bufin_read, bufin_size);
-
- if (-1 == written)
- {
- if ( (errno == EINTR) ||
- (errno == EAGAIN) )
- continue;
- fprintf (stderr, "write-error to tun: %s\n", strerror (errno));
- return;
- }
- if (0 == written)
- {
- fprintf (stderr, "write returned 0\n");
- return;
- }
- {
- bufin_size -= written;
- bufin_read += written;
- if (0 == bufin_size)
- {
- memmove (bufin, bufin_read, bufin_rpos);
- bufin_read = NULL; /* start reading again */
- bufin_size = 0;
- goto PROCESS_BUFFER;
- }
- }
- }
}
- }
}
* 255 failed to handle kill signal properly
*/
int
-main (int argc, char *const*argv)
+main(int argc, char *const*argv)
{
int r;
char dev[IFNAMSIZ];
int nortsetup = 0;
if (7 != argc)
- {
- fprintf (stderr, "Fatal: must supply 6 arguments!\n");
- return 1;
- }
+ {
+ fprintf(stderr, "Fatal: must supply 6 arguments!\n");
+ return 1;
+ }
/* assert privs so we can modify the firewall rules! */
- uid = getuid ();
+ uid = getuid();
#ifdef HAVE_SETRESUID
- if (0 != setresuid (uid, 0, 0))
- {
- fprintf (stderr, "Failed to setresuid to root: %s\n", strerror (errno));
- return 254;
- }
+ if (0 != setresuid(uid, 0, 0))
+ {
+ fprintf(stderr, "Failed to setresuid to root: %s\n", strerror(errno));
+ return 254;
+ }
#else
- if (0 != seteuid (0))
- {
- fprintf (stderr, "Failed to seteuid back to root: %s\n", strerror (errno));
- return 254;
- }
+ if (0 != seteuid(0))
+ {
+ fprintf(stderr, "Failed to seteuid back to root: %s\n", strerror(errno));
+ return 254;
+ }
#endif
- if (0 == strncmp (argv[6], "1", 2))
+ if (0 == strncmp(argv[6], "1", 2))
nortsetup = 1;
if (0 == nortsetup)
- {
- /* verify that the binaries we care about are executable */
- if (0 == access ("/sbin/iptables", X_OK))
- sbin_iptables = "/sbin/iptables";
- else if (0 == access ("/usr/sbin/iptables", X_OK))
- sbin_iptables = "/usr/sbin/iptables";
- else
- {
- fprintf (stderr,
- "Fatal: executable iptables not found in approved directories: %s\n",
- strerror (errno));
- return 3;
- }
- if (0 == access ("/sbin/ip6tables", X_OK))
- sbin_ip6tables = "/sbin/ip6tables";
- else if (0 == access ("/usr/sbin/ip6tables", X_OK))
- sbin_ip6tables = "/usr/sbin/ip6tables";
- else
- {
- fprintf (stderr,
- "Fatal: executable ip6tables not found in approved directories: %s\n",
- strerror (errno));
- return 3;
- }
- if (0 == access ("/sbin/ip", X_OK))
- sbin_ip = "/sbin/ip";
- else if (0 == access ("/usr/sbin/ip", X_OK))
- sbin_ip = "/usr/sbin/ip";
- else if (0 == access ("/bin/ip", X_OK)) /* gentoo has it there */
- sbin_ip = "/bin/ip";
- else
- {
- fprintf (stderr,
- "Fatal: executable ip not found in approved directories: %s\n",
- strerror (errno));
- return 4;
- }
- if (0 == access ("/sbin/sysctl", X_OK))
- sbin_sysctl = "/sbin/sysctl";
- else if (0 == access ("/usr/sbin/sysctl", X_OK))
- sbin_sysctl = "/usr/sbin/sysctl";
- else
{
- fprintf (stderr,
- "Fatal: executable sysctl not found in approved directories: %s\n",
- strerror (errno));
- return 5;
+ /* verify that the binaries we care about are executable */
+#ifdef IPTABLES
+ if (0 == access(IPTABLES, X_OK))
+ sbin_iptables = IPTABLES;
+ else
+#endif
+ if (0 == access("/sbin/iptables", X_OK))
+ sbin_iptables = "/sbin/iptables";
+ else if (0 == access("/usr/sbin/iptables", X_OK))
+ sbin_iptables = "/usr/sbin/iptables";
+ else
+ {
+ fprintf(stderr,
+ "Fatal: executable iptables not found in approved directories: %s\n",
+ strerror(errno));
+ return 3;
+ }
+#ifdef IP6TABLES
+ if (0 == access(IP6TABLES, X_OK))
+ sbin_ip6tables = IP6TABLES;
+ else
+#endif
+ if (0 == access("/sbin/ip6tables", X_OK))
+ sbin_ip6tables = "/sbin/ip6tables";
+ else if (0 == access("/usr/sbin/ip6tables", X_OK))
+ sbin_ip6tables = "/usr/sbin/ip6tables";
+ else
+ {
+ fprintf(stderr,
+ "Fatal: executable ip6tables not found in approved directories: %s\n",
+ strerror(errno));
+ return 3;
+ }
+#ifdef PATH_TO_IP
+ if (0 == access(PATH_TO_IP, X_OK))
+ sbin_ip = PATH_TO_IP;
+ else
+#endif
+ if (0 == access("/sbin/ip", X_OK))
+ sbin_ip = "/sbin/ip";
+ else if (0 == access("/usr/sbin/ip", X_OK))
+ sbin_ip = "/usr/sbin/ip";
+ else if (0 == access("/bin/ip", X_OK)) /* gentoo has it there */
+ sbin_ip = "/bin/ip";
+ else
+ {
+ fprintf(stderr,
+ "Fatal: executable ip not found in approved directories: %s\n",
+ strerror(errno));
+ return 4;
+ }
+#ifdef SYSCTL
+ if (0 == access(SYSCTL, X_OK))
+ sbin_sysctl = SYSCTL;
+ else
+#endif
+ if (0 == access("/sbin/sysctl", X_OK))
+ sbin_sysctl = "/sbin/sysctl";
+ else if (0 == access("/usr/sbin/sysctl", X_OK))
+ sbin_sysctl = "/usr/sbin/sysctl";
+ else
+ {
+ fprintf(stderr,
+ "Fatal: executable sysctl not found in approved directories: %s\n",
+ strerror(errno));
+ return 5;
+ }
}
- }
/* setup 'mygid' string */
- snprintf (mygid, sizeof (mygid), "%d", (int) getegid());
+ snprintf(mygid, sizeof(mygid), "%d", (int)getegid());
/* do not die on SIGPIPE */
- if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
- {
- fprintf (stderr, "Failed to protect against SIGPIPE: %s\n",
- strerror (errno));
- return 7;
- }
+ if (SIG_ERR == signal(SIGPIPE, SIG_IGN))
+ {
+ fprintf(stderr, "Failed to protect against SIGPIPE: %s\n",
+ strerror(errno));
+ return 7;
+ }
/* setup pipe to shutdown nicely on SIGINT */
- if (0 != pipe (cpipe))
- {
- fprintf (stderr,
- "Fatal: could not setup control pipe: %s\n",
- strerror (errno));
- return 6;
- }
- if (cpipe[0] >= FD_SETSIZE)
- {
- fprintf (stderr, "Pipe file descriptor to large: %d", cpipe[0]);
- (void) close (cpipe[0]);
- (void) close (cpipe[1]);
- return 6;
- }
- {
- /* make pipe non-blocking, as we theoretically could otherwise block
- in the signal handler */
- int flags = fcntl (cpipe[1], F_GETFL);
- if (-1 == flags)
+ if (0 != pipe(cpipe))
{
- fprintf (stderr, "Failed to read flags for pipe: %s", strerror (errno));
- (void) close (cpipe[0]);
- (void) close (cpipe[1]);
+ fprintf(stderr,
+ "Fatal: could not setup control pipe: %s\n",
+ strerror(errno));
return 6;
}
- flags |= O_NONBLOCK;
- if (0 != fcntl (cpipe[1], F_SETFL, flags))
+ if (cpipe[0] >= FD_SETSIZE)
{
- fprintf (stderr, "Failed to make pipe non-blocking: %s", strerror (errno));
- (void) close (cpipe[0]);
- (void) close (cpipe[1]);
+ fprintf(stderr, "Pipe file descriptor to large: %d", cpipe[0]);
+ (void)close(cpipe[0]);
+ (void)close(cpipe[1]);
return 6;
}
+ {
+ /* make pipe non-blocking, as we theoretically could otherwise block
+ in the signal handler */
+ int flags = fcntl(cpipe[1], F_GETFL);
+ if (-1 == flags)
+ {
+ fprintf(stderr, "Failed to read flags for pipe: %s", strerror(errno));
+ (void)close(cpipe[0]);
+ (void)close(cpipe[1]);
+ return 6;
+ }
+ flags |= O_NONBLOCK;
+ if (0 != fcntl(cpipe[1], F_SETFL, flags))
+ {
+ fprintf(stderr, "Failed to make pipe non-blocking: %s", strerror(errno));
+ (void)close(cpipe[0]);
+ (void)close(cpipe[1]);
+ return 6;
+ }
}
- if ( (SIG_ERR == signal (SIGTERM, &signal_handler)) ||
+ if ((SIG_ERR == signal(SIGTERM, &signal_handler)) ||
#if (SIGTERM != GNUNET_TERM_SIG)
- (SIG_ERR == signal (GNUNET_TERM_SIG, &signal_handler)) ||
+ (SIG_ERR == signal(GNUNET_TERM_SIG, &signal_handler)) ||
#endif
- (SIG_ERR == signal (SIGINT, &signal_handler)) ||
- (SIG_ERR == signal (SIGHUP, &signal_handler)) )
- {
- fprintf (stderr,
- "Fatal: could not initialize signal handler: %s\n",
- strerror (errno));
- (void) close (cpipe[0]);
- (void) close (cpipe[1]);
- return 7;
- }
+ (SIG_ERR == signal(SIGINT, &signal_handler)) ||
+ (SIG_ERR == signal(SIGHUP, &signal_handler)))
+ {
+ fprintf(stderr,
+ "Fatal: could not initialize signal handler: %s\n",
+ strerror(errno));
+ (void)close(cpipe[0]);
+ (void)close(cpipe[1]);
+ return 7;
+ }
/* get interface name */
- strncpy (dev, argv[1], IFNAMSIZ);
+ strncpy(dev, argv[1], IFNAMSIZ);
dev[IFNAMSIZ - 1] = '\0';
/* Disable rp filtering */
if (0 == nortsetup)
- {
- char *const sysctl_args[] = {"sysctl", "-w",
- "net.ipv4.conf.all.rp_filter=0", NULL};
- char *const sysctl_args2[] = {"sysctl", "-w",
- "net.ipv4.conf.default.rp_filter=0", NULL};
- if ((0 != fork_and_exec (sbin_sysctl, sysctl_args)) ||
- (0 != fork_and_exec (sbin_sysctl, sysctl_args2)))
{
- fprintf (stderr,
- "Failed to disable rp filtering.\n");
- return 5;
+ char *const sysctl_args[] = { "sysctl", "-w",
+ "net.ipv4.conf.all.rp_filter=0", NULL };
+ char *const sysctl_args2[] = { "sysctl", "-w",
+ "net.ipv4.conf.default.rp_filter=0", NULL };
+ if ((0 != fork_and_exec(sbin_sysctl, sysctl_args)) ||
+ (0 != fork_and_exec(sbin_sysctl, sysctl_args2)))
+ {
+ fprintf(stderr,
+ "Failed to disable rp filtering.\n");
+ return 5;
+ }
}
- }
/* now open virtual interface (first part that requires root) */
- if (-1 == (fd_tun = init_tun (dev)))
- {
- fprintf (stderr, "Fatal: could not initialize tun-interface\n");
- (void) signal (SIGTERM, SIG_IGN);
+ if (-1 == (fd_tun = init_tun(dev)))
+ {
+ fprintf(stderr, "Fatal: could not initialize tun-interface\n");
+ (void)signal(SIGTERM, SIG_IGN);
#if (SIGTERM != GNUNET_TERM_SIG)
- (void) signal (GNUNET_TERM_SIG, SIG_IGN);
+ (void)signal(GNUNET_TERM_SIG, SIG_IGN);
#endif
- (void) signal (SIGINT, SIG_IGN);
- (void) signal (SIGHUP, SIG_IGN);
- (void) close (cpipe[0]);
- (void) close (cpipe[1]);
- return 5;
- }
+ (void)signal(SIGINT, SIG_IGN);
+ (void)signal(SIGHUP, SIG_IGN);
+ (void)close(cpipe[0]);
+ (void)close(cpipe[1]);
+ return 5;
+ }
/* now set interface addresses */
{
const char *address = argv[2];
- long prefix_len = atol (argv[3]);
+ long prefix_len = atol(argv[3]);
if ((prefix_len < 1) || (prefix_len > 127))
- {
- fprintf (stderr, "Fatal: prefix_len out of range\n");
- (void) signal (SIGTERM, SIG_IGN);
+ {
+ fprintf(stderr, "Fatal: prefix_len out of range\n");
+ (void)signal(SIGTERM, SIG_IGN);
#if (SIGTERM != GNUNET_TERM_SIG)
- (void) signal (GNUNET_TERM_SIG, SIG_IGN);
+ (void)signal(GNUNET_TERM_SIG, SIG_IGN);
#endif
- (void) signal (SIGINT, SIG_IGN);
- (void) signal (SIGHUP, SIG_IGN);
- (void) close (cpipe[0]);
- (void) close (cpipe[1]);
- return 2;
- }
- set_address6 (dev, address, prefix_len);
+ (void)signal(SIGINT, SIG_IGN);
+ (void)signal(SIGHUP, SIG_IGN);
+ (void)close(cpipe[0]);
+ (void)close(cpipe[1]);
+ return 2;
+ }
+ set_address6(dev, address, prefix_len);
}
{
const char *address = argv[4];
const char *mask = argv[5];
- set_address4 (dev, address, mask);
+ set_address4(dev, address, mask);
}
by the 'gnunet-service-dns') and with destination
to port 53 on UDP, without hijacking */
if (0 == nortsetup)
- {
- r = 8; /* failed to fully setup routing table */
{
- char *const mangle_args[] =
+ r = 8; /* failed to fully setup routing table */
+ {
+ char *const mangle_args[] =
{
- "iptables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p",
- "udp", "--gid-owner", mygid, "--dport", DNS_PORT, "-j",
- "ACCEPT", NULL
+ "iptables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p",
+ "udp", "--gid-owner", mygid, "--dport", DNS_PORT, "-j",
+ "ACCEPT", NULL
};
- if (0 != fork_and_exec (sbin_iptables, mangle_args))
- goto cleanup_rest;
- }
- {
- char *const mangle_args[] =
+ if (0 != fork_and_exec(sbin_iptables, mangle_args))
+ goto cleanup_rest;
+ }
+ {
+ char *const mangle_args[] =
{
- "ip6tables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p",
- "udp", "--gid-owner", mygid, "--dport", DNS_PORT, "-j",
- "ACCEPT", NULL
+ "ip6tables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p",
+ "udp", "--gid-owner", mygid, "--dport", DNS_PORT, "-j",
+ "ACCEPT", NULL
};
- if (0 != fork_and_exec (sbin_ip6tables, mangle_args))
- goto cleanup_mangle_1b;
- }
- /* Mark all of the other DNS traffic using our mark DNS_MARK,
- unless it is on a link-local IPv6 address, which we cannot support. */
- {
- char *const mark_args[] =
+ if (0 != fork_and_exec(sbin_ip6tables, mangle_args))
+ goto cleanup_mangle_1b;
+ }
+ /* Mark all of the other DNS traffic using our mark DNS_MARK,
+ unless it is on a link-local IPv6 address, which we cannot support. */
+ {
+ char *const mark_args[] =
{
- "iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p",
- "udp", "--dport", DNS_PORT,
- "-j", "MARK", "--set-mark", DNS_MARK,
- NULL
+ "iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p",
+ "udp", "--dport", DNS_PORT,
+ "-j", "MARK", "--set-mark", DNS_MARK,
+ NULL
};
- if (0 != fork_and_exec (sbin_iptables, mark_args))
- goto cleanup_mangle_1;
- }
- {
- char *const mark_args[] =
+ if (0 != fork_and_exec(sbin_iptables, mark_args))
+ goto cleanup_mangle_1;
+ }
+ {
+ char *const mark_args[] =
{
- "ip6tables", "-t", "mangle", "-I", "OUTPUT", "2", "-p",
- "udp", "--dport", DNS_PORT,
- "!", "-s", "fe80::/10", /* this line excludes link-local traffic */
- "-j", "MARK", "--set-mark", DNS_MARK,
- NULL
+ "ip6tables", "-t", "mangle", "-I", "OUTPUT", "2", "-p",
+ "udp", "--dport", DNS_PORT,
+ "!", "-s", "fe80::/10", /* this line excludes link-local traffic */
+ "-j", "MARK", "--set-mark", DNS_MARK,
+ NULL
};
- if (0 != fork_and_exec (sbin_ip6tables, mark_args))
- goto cleanup_mark_2b;
- }
- /* Forward all marked DNS traffic to our DNS_TABLE */
- {
- char *const forward_args[] =
+ if (0 != fork_and_exec(sbin_ip6tables, mark_args))
+ goto cleanup_mark_2b;
+ }
+ /* Forward all marked DNS traffic to our DNS_TABLE */
+ {
+ char *const forward_args[] =
{
- "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL
+ "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL
};
- if (0 != fork_and_exec (sbin_ip, forward_args))
- goto cleanup_mark_2;
- }
- {
- char *const forward_args[] =
+ if (0 != fork_and_exec(sbin_ip, forward_args))
+ goto cleanup_mark_2;
+ }
+ {
+ char *const forward_args[] =
{
"ip", "-6", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL
};
- if (0 != fork_and_exec (sbin_ip, forward_args))
- goto cleanup_forward_3b;
- }
- /* Finally, add rule in our forwarding table to pass to our virtual interface */
- {
- char *const route_args[] =
+ if (0 != fork_and_exec(sbin_ip, forward_args))
+ goto cleanup_forward_3b;
+ }
+ /* Finally, add rule in our forwarding table to pass to our virtual interface */
+ {
+ char *const route_args[] =
{
- "ip", "route", "add", "default", "dev", dev,
- "table", DNS_TABLE, NULL
+ "ip", "route", "add", "default", "dev", dev,
+ "table", DNS_TABLE, NULL
};
- if (0 != fork_and_exec (sbin_ip, route_args))
- goto cleanup_forward_3;
- }
- {
- char *const route_args[] =
+ if (0 != fork_and_exec(sbin_ip, route_args))
+ goto cleanup_forward_3;
+ }
+ {
+ char *const route_args[] =
{
"ip", "-6", "route", "add", "default", "dev", dev,
"table", DNS_TABLE, NULL
};
- if (0 != fork_and_exec (sbin_ip, route_args))
- goto cleanup_route_4b;
+ if (0 != fork_and_exec(sbin_ip, route_args))
+ goto cleanup_route_4b;
+ }
}
- }
/* drop privs *except* for the saved UID; this is not perfect, but better
than doing nothing */
#ifdef HAVE_SETRESUID
- if (0 != setresuid (uid, uid, 0))
- {
- fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
- r = 24;
- goto cleanup_route_4;
- }
+ if (0 != setresuid(uid, uid, 0))
+ {
+ fprintf(stderr, "Failed to setresuid: %s\n", strerror(errno));
+ r = 24;
+ goto cleanup_route_4;
+ }
#else
/* Note: no 'setuid' here as we must keep our saved UID as root */
- if (0 != seteuid (uid))
- {
- fprintf (stderr, "Failed to seteuid: %s\n", strerror (errno));
- r = 24;
- goto cleanup_route_4;
- }
+ if (0 != seteuid(uid))
+ {
+ fprintf(stderr, "Failed to seteuid: %s\n", strerror(errno));
+ r = 24;
+ goto cleanup_route_4;
+ }
#endif
r = 0; /* did fully setup routing table (if nothing else happens, we were successful!) */
/* now forward until we hit a problem */
- run (fd_tun);
+ run(fd_tun);
/* now need to regain privs so we can remove the firewall rules we added! */
#ifdef HAVE_SETRESUID
- if (0 != setresuid (uid, 0, 0))
- {
- fprintf (stderr, "Failed to setresuid back to root: %s\n", strerror (errno));
- r = 40;
- goto cleanup_route_4;
- }
+ if (0 != setresuid(uid, 0, 0))
+ {
+ fprintf(stderr, "Failed to setresuid back to root: %s\n", strerror(errno));
+ r = 40;
+ goto cleanup_route_4;
+ }
#else
- if (0 != seteuid (0))
- {
- fprintf (stderr, "Failed to seteuid back to root: %s\n", strerror (errno));
- r = 40;
- goto cleanup_route_4;
- }
+ if (0 != seteuid(0))
+ {
+ fprintf(stderr, "Failed to seteuid back to root: %s\n", strerror(errno));
+ r = 40;
+ goto cleanup_route_4;
+ }
#endif
/* update routing tables again -- this is why we could not fully drop privs */
/* now undo updating of routing tables; normal exit or clean-up-on-error case */
- cleanup_route_4:
+cleanup_route_4:
if (0 == nortsetup)
- {
- char *const route_clean_args[] =
+ {
+ char *const route_clean_args[] =
{
- "ip", "-6", "route", "del", "default", "dev", dev,
- "table", DNS_TABLE, NULL
+ "ip", "-6", "route", "del", "default", "dev", dev,
+ "table", DNS_TABLE, NULL
};
- if (0 != fork_and_exec (sbin_ip, route_clean_args))
- r += 1;
- }
- cleanup_route_4b:
+ if (0 != fork_and_exec(sbin_ip, route_clean_args))
+ r += 1;
+ }
+cleanup_route_4b:
if (0 == nortsetup)
- {
- char *const route_clean_args[] =
+ {
+ char *const route_clean_args[] =
{
- "ip", "route", "del", "default", "dev", dev,
- "table", DNS_TABLE, NULL
+ "ip", "route", "del", "default", "dev", dev,
+ "table", DNS_TABLE, NULL
};
- if (0 != fork_and_exec (sbin_ip, route_clean_args))
- r += 1;
- }
- cleanup_forward_3:
+ if (0 != fork_and_exec(sbin_ip, route_clean_args))
+ r += 1;
+ }
+cleanup_forward_3:
if (0 == nortsetup)
- {
- char *const forward_clean_args[] =
+ {
+ char *const forward_clean_args[] =
{
- "ip", "-6", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL
+ "ip", "-6", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL
};
- if (0 != fork_and_exec (sbin_ip, forward_clean_args))
- r += 2;
- }
- cleanup_forward_3b:
+ if (0 != fork_and_exec(sbin_ip, forward_clean_args))
+ r += 2;
+ }
+cleanup_forward_3b:
if (0 == nortsetup)
- {
- char *const forward_clean_args[] =
+ {
+ char *const forward_clean_args[] =
{
- "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL
+ "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL
};
- if (0 != fork_and_exec (sbin_ip, forward_clean_args))
- r += 2;
- }
- cleanup_mark_2:
+ if (0 != fork_and_exec(sbin_ip, forward_clean_args))
+ r += 2;
+ }
+cleanup_mark_2:
if (0 == nortsetup)
- {
- char *const mark_clean_args[] =
+ {
+ char *const mark_clean_args[] =
{
- "ip6tables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
- "--dport", DNS_PORT,
+ "ip6tables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
+ "--dport", DNS_PORT,
"!", "-s", "fe80::/10", /* this line excludes link-local traffic */
"-j", "MARK", "--set-mark", DNS_MARK, NULL
};
- if (0 != fork_and_exec (sbin_ip6tables, mark_clean_args))
- r += 4;
- }
- cleanup_mark_2b:
+ if (0 != fork_and_exec(sbin_ip6tables, mark_clean_args))
+ r += 4;
+ }
+cleanup_mark_2b:
if (0 == nortsetup)
- {
- char *const mark_clean_args[] =
+ {
+ char *const mark_clean_args[] =
{
- "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
- "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL
+ "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
+ "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL
};
- if (0 != fork_and_exec (sbin_iptables, mark_clean_args))
- r += 4;
- }
- cleanup_mangle_1:
+ if (0 != fork_and_exec(sbin_iptables, mark_clean_args))
+ r += 4;
+ }
+cleanup_mangle_1:
if (0 == nortsetup)
- {
- char *const mangle_clean_args[] =
+ {
+ char *const mangle_clean_args[] =
{
- "ip6tables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
- "--gid-owner", mygid, "--dport", DNS_PORT, "-j", "ACCEPT",
- NULL
+ "ip6tables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
+ "--gid-owner", mygid, "--dport", DNS_PORT, "-j", "ACCEPT",
+ NULL
};
- if (0 != fork_and_exec (sbin_ip6tables, mangle_clean_args))
- r += 8;
- }
- cleanup_mangle_1b:
+ if (0 != fork_and_exec(sbin_ip6tables, mangle_clean_args))
+ r += 8;
+ }
+cleanup_mangle_1b:
if (0 == nortsetup)
- {
- char *const mangle_clean_args[] =
+ {
+ char *const mangle_clean_args[] =
{
- "iptables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
- "--gid-owner", mygid, "--dport", DNS_PORT, "-j", "ACCEPT",
- NULL
+ "iptables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
+ "--gid-owner", mygid, "--dport", DNS_PORT, "-j", "ACCEPT",
+ NULL
};
- if (0 != fork_and_exec (sbin_iptables, mangle_clean_args))
- r += 8;
- }
+ if (0 != fork_and_exec(sbin_iptables, mangle_clean_args))
+ r += 8;
+ }
- cleanup_rest:
+cleanup_rest:
/* close virtual interface */
- (void) close (fd_tun);
+ (void)close(fd_tun);
/* remove signal handler so we can close the pipes */
- (void) signal (SIGTERM, SIG_IGN);
+ (void)signal(SIGTERM, SIG_IGN);
#if (SIGTERM != GNUNET_TERM_SIG)
- (void) signal (GNUNET_TERM_SIG, SIG_IGN);
+ (void)signal(GNUNET_TERM_SIG, SIG_IGN);
#endif
- (void) signal (SIGINT, SIG_IGN);
- (void) signal (SIGHUP, SIG_IGN);
- (void) close (cpipe[0]);
- (void) close (cpipe[1]);
+ (void)signal(SIGINT, SIG_IGN);
+ (void)signal(SIGHUP, SIG_IGN);
+ (void)close(cpipe[0]);
+ (void)close(cpipe[1]);
return r;
}
projects / oweals / gnunet.git / blobdiff