[oweals/gnunet.git] / src / vpn / gnunet-helper-hijack-dns.c

/*
   This file is part of GNUnet.
   (C) 2010 Christian Grothoff

   GNUnet is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published
   by the Free Software Foundation; either version 3, or (at your
   option) any later version.

   GNUnet is distributed in the hope that it will be useful, but
   WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with GNUnet; see the file COPYING.  If not, write to the
   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
   */

/**
 * @file vpn/gnunet-helper-hijack-dns.c
 * @brief
 * @author Philipp Tölke
 */
#include <platform.h>

#include "gnunet_common.h"

int fork_and_exec(char* file, char* cmd[]) {
        pid_t pid = fork();
        if (pid < 0) {
                fprintf(stderr, "could not fork: %s\n", strerror(errno));
                return GNUNET_SYSERR;
        }

        int st = 0;

        if (pid == 0) {
                execv(file, cmd);
        } else {
                waitpid(pid, &st, 0);
        }
        return WIFEXITED(st) && (WEXITSTATUS(st) == 0);
}

int main(int argc, char** argv) {
        int delete = 0;
        int port = 0;
        char* virt_dns;
        if (argc < 3) return GNUNET_SYSERR;

        if (strncmp(argv[1], "-d", 2) == 0) {
                if (argc < 3) return GNUNET_SYSERR;
                delete = 1;
                port = atoi(argv[2]);
                virt_dns = argv[3];
        } else {
                port = atoi(argv[1]);
                virt_dns = argv[2];
        }

        if (port == 0) return GNUNET_SYSERR;

        struct stat s;
        if (stat("/sbin/iptables", &s) < 0) {
                fprintf(stderr, "stat on /sbin/iptables failed: %s\n", strerror(errno));
                return GNUNET_SYSERR;
        }
        if (stat("/sbin/ip", &s) < 0) {
                fprintf(stderr, "stat on /sbin/ip failed: %s\n", strerror(errno));
                return GNUNET_SYSERR;
        }

        char localport[7];
        snprintf(localport, 7, "%d", port);

        int r;
        if (delete) {
e4:
                r = fork_and_exec("/sbin/ip", (char*[]){"ip", "route", "del", "default", "via", virt_dns,"table","2", NULL});
e3:
                r = fork_and_exec("/sbin/ip", (char*[]){"ip", "rule", "del", "fwmark", "3", "table","2", NULL});
e2:
                r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", "--dport", "53", "-j", "MARK", "--set-mark", "3", NULL});
e1:
                r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", "--sport", localport, "--dport", "53", "-j", "ACCEPT", NULL});
                if (!delete) r = 0;
        } else {
                r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "mangle", "-I", "OUTPUT", "1", "-p", "udp", "--sport", localport, "--dport", "53", "-j", "ACCEPT", NULL});
                if (!r) goto e1;
                r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p", "udp", "--dport", "53", "-j", "MARK", "--set-mark", "3", NULL});
                if (!r) goto e2;
                r = fork_and_exec("/sbin/ip", (char*[]){"ip", "rule", "add", "fwmark", "3", "table","2", NULL});
                if (!r) goto e3;
                r = fork_and_exec("/sbin/ip", (char*[]){"ip", "route", "add", "default", "via", virt_dns, "table","2", NULL});
                if (!r) goto e4;
        }
        if (r) return GNUNET_YES;
        return GNUNET_SYSERR;
}