/*
This file is part of GNUnet.
- (C) 2010 Christian Grothoff
+ (C) 2010, 2012 Christian Grothoff
GNUnet is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published
*/
/**
- * @file vpn/gnunet-daemon-vpn.c
- * @brief the helper for various vpn-daemons. Opens a virtual network-interface,
+ * @file vpn/gnunet-helper-vpn.c
+ * @brief the helper for the VPN service. Opens a virtual network-interface,
* sends data received on the if to stdout, sends data received on stdin to the
* interface
* @author Philipp Tölke
+ * @author Christian Grothoff
*
* The following list of people have reviewed this code and considered
* it safe since the last modification (if you reviewed it, please
*/
#include "gnunet_protocols.h"
+/**
+ * Should we print (interesting|debug) messages that can happen during
+ * normal operation?
+ */
+#define DEBUG GNUNET_NO
+
/**
* Maximum size of a GNUnet message (GNUNET_SERVER_MAX_MESSAGE_SIZE)
*/
};
#endif
+
/**
* Creates a tun-interface called dev;
+ *
* @param dev is asumed to point to a char[IFNAMSIZ]
- * if *dev == '\\0', uses the name supplied by the kernel
+ * if *dev == '\\0', uses the name supplied by the kernel;
* @return the fd to the tun or -1 on error
*/
static int
if (fd >= FD_SETSIZE)
{
fprintf (stderr, "File descriptor to large: %d", fd);
+ (void) close (fd);
return -1;
}
{
fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun",
strerror (errno));
- close (fd);
+ (void) close (fd);
return -1;
}
strcpy (dev, ifr.ifr_name);
* parse the new address
*/
memset (&sa6, 0, sizeof (struct sockaddr_in6));
+ sa6.sin6_family = AF_INET6;
if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
{
fprintf (stderr, "Failed to parse address `%s': %s\n", address,
exit (1);
}
- sa6.sin6_family = AF_INET6;
- memcpy (&ifr6.ifr6_addr, &sa6.sin6_addr, sizeof (struct in6_addr));
-
-
+ memset (&ifr, 0, sizeof (struct ifreq));
/*
* Get the index of the if
*/
if (-1 == ioctl (fd, SIOGIFINDEX, &ifr))
{
fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
+ (void) close (fd);
exit (1);
}
- ifr6.ifr6_ifindex = ifr.ifr_ifindex;
+ memset (&ifr6, 0, sizeof (struct in6_ifreq));
+ ifr6.ifr6_addr = sa6.sin6_addr;
+ ifr6.ifr6_ifindex = ifr.ifr_ifindex;
ifr6.ifr6_prefixlen = prefix_len;
/*
{
fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
strerror (errno));
+ (void) close (fd);
+ exit (1);
}
/*
{
fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
strerror (errno));
+ (void) close (fd);
exit (1);
}
{
fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
strerror (errno));
+ (void) close (fd);
exit (1);
}
memset (&ifr, 0, sizeof (struct ifreq));
addr = (struct sockaddr_in *) &(ifr.ifr_addr);
- memset (addr, 0, sizeof (struct sockaddr_in));
addr->sin_family = AF_INET;
- addr->sin_addr.s_addr = inet_addr (address);
/*
* Parse the address
exit (1);
}
-
if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
{
fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
{
fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
+ (void) close (fd);
exit (1);
}
{
fprintf (stderr, "Failed to parse address `%s': %s\n", mask,
strerror (errno));
+ (void) close (fd);
exit (1);
}
{
fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
strerror (errno));
+ (void) close (fd);
exit (1);
}
{
fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
strerror (errno));
+ (void) close (fd);
exit (1);
}
{
fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
strerror (errno));
+ (void) close (fd);
exit (1);
}
if (0 != close (fd))
{
fprintf (stderr, "close failed: %s\n", strerror (errno));
+ (void) close (fd);
exit (1);
}
}
+/**
+ * Start forwarding to and from the tunnel.
+ *
+ * @param fd_tun tunnel FD
+ */
static void
run (int fd_tun)
{
if (-1 == written)
{
- fprintf (stderr, "write-error to stdout: %s\n", strerror (errno));
+#if !DEBUG
+ if (errno != EPIPE)
+#endif
+ fprintf (stderr, "write-error to stdout: %s\n", strerror (errno));
shutdown (fd_tun, SHUT_RD);
shutdown (1, SHUT_WR);
read_open = 0;
}
else if (0 == bufin_size)
{
+#if DEBUG
fprintf (stderr, "EOF on stdin\n");
+#endif
shutdown (0, SHUT_RD);
shutdown (fd_tun, SHUT_WR);
write_open = 0;
}
+/**
+ * Open VPN tunnel interface.
+ *
+ * @param argc must be 6
+ * @param argv 0: binary name (gnunet-helper-vpn)
+ * 1: tunnel interface name (gnunet-vpn)
+ * 2: IPv6 address (::1), "-" to disable
+ * 3: IPv6 netmask length in bits (64), ignored if #2 is "-"
+ * 4: IPv4 address (1.2.3.4), "-" to disable
+ * 5: IPv4 netmask (255.255.0.0), ignored if #4 is "-"
+ */
int
main (int argc, char **argv)
{
char dev[IFNAMSIZ];
int fd_tun;
+ int global_ret;
if (6 != argc)
{
if (-1 == (fd_tun = init_tun (dev)))
{
- fprintf (stderr, "Fatal: could not initialize tun-interface\n");
+ fprintf (stderr, "Fatal: could not initialize tun-interface `%s' with IPv6 %s/%s and IPv4 %s/%s\n",
+ dev,
+ argv[2],
+ argv[3],
+ argv[4],
+ argv[5]);
return 1;
}
+ if (0 != strcmp (argv[2], "-"))
{
const char *address = argv[2];
long prefix_len = atol (argv[3]);
set_address6 (dev, address, prefix_len);
}
+ if (0 != strcmp (argv[4], "-"))
{
const char *address = argv[4];
const char *mask = argv[5];
set_address4 (dev, address, mask);
}
-
+
uid_t uid = getuid ();
-
+#ifdef HAVE_SETRESUID
if (0 != setresuid (uid, uid, uid))
+ {
fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
+ global_ret = 2;
+ goto cleanup;
+ }
+#else
+ if (0 != (setuid (uid) | seteuid (uid)))
+ {
+ fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
+ global_ret = 2;
+ goto cleanup;
+ }
+#endif
+
if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
+ {
fprintf (stderr, "Failed to protect against SIGPIPE: %s\n",
strerror (errno));
+ /* no exit, we might as well die with SIGPIPE should it ever happen */
+ }
run (fd_tun);
+ global_ret = 0;
+ cleanup:
close (fd_tun);
- return 0;
+ return global_ret;
}
projects / oweals / gnunet.git / blobdiff