diff options
author | Christian Grothoff <christian@grothoff.org> | 2012-01-02 12:46:53 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2012-01-02 12:46:53 +0000 |
commit | 95a6725304173fdc6c4e932cbbfd0497fc19ae18 (patch) | |
tree | b7bc59da6cf06c8818b31137957c5522cc90354b /src/dns/gnunet-helper-dns.c | |
parent | a13fa3b05f5022c58f1d80b5159c170bb2a7db03 (diff) | |
download | gnunet-95a6725304173fdc6c4e932cbbfd0497fc19ae18.tar.gz gnunet-95a6725304173fdc6c4e932cbbfd0497fc19ae18.zip |
-fix shutdown order
Diffstat (limited to 'src/dns/gnunet-helper-dns.c')
-rw-r--r-- | src/dns/gnunet-helper-dns.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c index 54006eedb..07cc9647c 100644 --- a/src/dns/gnunet-helper-dns.c +++ b/src/dns/gnunet-helper-dns.c | |||
@@ -662,7 +662,7 @@ PROCESS_BUFFER: | |||
662 | * 5 failed to initialize tunnel interface | 662 | * 5 failed to initialize tunnel interface |
663 | * 6 failed to initialize control pipe | 663 | * 6 failed to initialize control pipe |
664 | * 8 failed to change routing table, cleanup successful | 664 | * 8 failed to change routing table, cleanup successful |
665 | * 9-23 failed to undo some changes to routing table | 665 | * 9-23 failed to change routing table and failed to undo some changes to routing table |
666 | * 24 failed to drop privs | 666 | * 24 failed to drop privs |
667 | * 25-39 failed to drop privs and then failed to undo some changes to routing table | 667 | * 25-39 failed to drop privs and then failed to undo some changes to routing table |
668 | * 40 failed to regain privs | 668 | * 40 failed to regain privs |
@@ -760,7 +760,7 @@ main (int argc, char *const*argv) | |||
760 | return 6; | 760 | return 6; |
761 | } | 761 | } |
762 | } | 762 | } |
763 | if (SIG_ERR == signal (SIGINT, &signal_handler)) | 763 | if (SIG_ERR == signal (SIGTERM, &signal_handler)) |
764 | { | 764 | { |
765 | fprintf (stderr, | 765 | fprintf (stderr, |
766 | "Fatal: could not initialize signal handler: %s\n", | 766 | "Fatal: could not initialize signal handler: %s\n", |
@@ -820,18 +820,18 @@ main (int argc, char *const*argv) | |||
820 | "ACCEPT", NULL | 820 | "ACCEPT", NULL |
821 | }; | 821 | }; |
822 | if (0 != fork_and_exec (SBIN_IPTABLES, mangle_args)) | 822 | if (0 != fork_and_exec (SBIN_IPTABLES, mangle_args)) |
823 | goto cleanup_mangle_1; | 823 | goto cleanup_rest; |
824 | } | 824 | } |
825 | /* Mark all of the other DNS traffic using our mark DNS_MARK */ | 825 | /* Mark all of the other DNS traffic using our mark DNS_MARK */ |
826 | { | 826 | { |
827 | char *const mark_args[] = | 827 | char *const mark_args[] = |
828 | { | 828 | { |
829 | "iptables", "-t", "mangle", "-I", "OUTPUT", DNS_TABLE, "-p", | 829 | "iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p", |
830 | "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, | 830 | "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, |
831 | NULL | 831 | NULL |
832 | }; | 832 | }; |
833 | if (0 != fork_and_exec (SBIN_IPTABLES, mark_args)) | 833 | if (0 != fork_and_exec (SBIN_IPTABLES, mark_args)) |
834 | goto cleanup_mark_2; | 834 | goto cleanup_mangle_1; |
835 | } | 835 | } |
836 | /* Forward all marked DNS traffic to our DNS_TABLE */ | 836 | /* Forward all marked DNS traffic to our DNS_TABLE */ |
837 | { | 837 | { |
@@ -840,17 +840,17 @@ main (int argc, char *const*argv) | |||
840 | "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | 840 | "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL |
841 | }; | 841 | }; |
842 | if (0 != fork_and_exec (SBIN_IP, forward_args)) | 842 | if (0 != fork_and_exec (SBIN_IP, forward_args)) |
843 | goto cleanup_forward_3; | 843 | goto cleanup_mark_2; |
844 | } | 844 | } |
845 | /* Finally, add rule in our forwarding table to pass to our virtual interface */ | 845 | /* Finally, add rule in our forwarding table to pass to our virtual interface */ |
846 | { | 846 | { |
847 | char *const route_args[] = | 847 | char *const route_args[] = |
848 | { | 848 | { |
849 | "ip", "route", "add", "default", "via", dev, | 849 | "ip", "route", "add", "default", "dev", dev, |
850 | "table", DNS_TABLE, NULL | 850 | "table", DNS_TABLE, NULL |
851 | }; | 851 | }; |
852 | if (0 != fork_and_exec (SBIN_IP, route_args)) | 852 | if (0 != fork_and_exec (SBIN_IP, route_args)) |
853 | goto cleanup_route_4; | 853 | goto cleanup_forward_3; |
854 | } | 854 | } |
855 | 855 | ||
856 | /* drop privs *except* for the saved UID; this is not perfect, but better | 856 | /* drop privs *except* for the saved UID; this is not perfect, but better |
@@ -877,7 +877,6 @@ main (int argc, char *const*argv) | |||
877 | 877 | ||
878 | /* now forward until we hit a problem */ | 878 | /* now forward until we hit a problem */ |
879 | run (fd_tun); | 879 | run (fd_tun); |
880 | (void) close (fd_tun); | ||
881 | 880 | ||
882 | /* now need to regain privs so we can remove the firewall rules we added! */ | 881 | /* now need to regain privs so we can remove the firewall rules we added! */ |
883 | #ifdef HAVE_SETRESUID | 882 | #ifdef HAVE_SETRESUID |
@@ -902,7 +901,7 @@ main (int argc, char *const*argv) | |||
902 | { | 901 | { |
903 | char *const route_clean_args[] = | 902 | char *const route_clean_args[] = |
904 | { | 903 | { |
905 | "ip", "route", "del", "default", "via", dev, | 904 | "ip", "route", "del", "default", "dev", dev, |
906 | "table", DNS_TABLE, NULL | 905 | "table", DNS_TABLE, NULL |
907 | }; | 906 | }; |
908 | if (0 != fork_and_exec (SBIN_IP, route_clean_args)) | 907 | if (0 != fork_and_exec (SBIN_IP, route_clean_args)) |
@@ -939,6 +938,9 @@ main (int argc, char *const*argv) | |||
939 | r += 8; | 938 | r += 8; |
940 | } | 939 | } |
941 | 940 | ||
941 | cleanup_rest: | ||
942 | /* close virtual interface */ | ||
943 | (void) close (fd_tun); | ||
942 | /* remove SIGINT handler so we can close the pipes */ | 944 | /* remove SIGINT handler so we can close the pipes */ |
943 | (void) signal (SIGINT, SIG_IGN); | 945 | (void) signal (SIGINT, SIG_IGN); |
944 | (void) close (cpipe[0]); | 946 | (void) close (cpipe[0]); |