aboutsummaryrefslogtreecommitdiff
path: root/src/dns/gnunet-helper-dns.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2012-01-02 12:46:53 +0000
committerChristian Grothoff <christian@grothoff.org>2012-01-02 12:46:53 +0000
commit95a6725304173fdc6c4e932cbbfd0497fc19ae18 (patch)
treeb7bc59da6cf06c8818b31137957c5522cc90354b /src/dns/gnunet-helper-dns.c
parenta13fa3b05f5022c58f1d80b5159c170bb2a7db03 (diff)
downloadgnunet-95a6725304173fdc6c4e932cbbfd0497fc19ae18.tar.gz
gnunet-95a6725304173fdc6c4e932cbbfd0497fc19ae18.zip
-fix shutdown order
Diffstat (limited to 'src/dns/gnunet-helper-dns.c')
-rw-r--r--src/dns/gnunet-helper-dns.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c
index 54006eedb..07cc9647c 100644
--- a/src/dns/gnunet-helper-dns.c
+++ b/src/dns/gnunet-helper-dns.c
@@ -662,7 +662,7 @@ PROCESS_BUFFER:
662 * 5 failed to initialize tunnel interface 662 * 5 failed to initialize tunnel interface
663 * 6 failed to initialize control pipe 663 * 6 failed to initialize control pipe
664 * 8 failed to change routing table, cleanup successful 664 * 8 failed to change routing table, cleanup successful
665 * 9-23 failed to undo some changes to routing table 665 * 9-23 failed to change routing table and failed to undo some changes to routing table
666 * 24 failed to drop privs 666 * 24 failed to drop privs
667 * 25-39 failed to drop privs and then failed to undo some changes to routing table 667 * 25-39 failed to drop privs and then failed to undo some changes to routing table
668 * 40 failed to regain privs 668 * 40 failed to regain privs
@@ -760,7 +760,7 @@ main (int argc, char *const*argv)
760 return 6; 760 return 6;
761 } 761 }
762 } 762 }
763 if (SIG_ERR == signal (SIGINT, &signal_handler)) 763 if (SIG_ERR == signal (SIGTERM, &signal_handler))
764 { 764 {
765 fprintf (stderr, 765 fprintf (stderr,
766 "Fatal: could not initialize signal handler: %s\n", 766 "Fatal: could not initialize signal handler: %s\n",
@@ -820,18 +820,18 @@ main (int argc, char *const*argv)
820 "ACCEPT", NULL 820 "ACCEPT", NULL
821 }; 821 };
822 if (0 != fork_and_exec (SBIN_IPTABLES, mangle_args)) 822 if (0 != fork_and_exec (SBIN_IPTABLES, mangle_args))
823 goto cleanup_mangle_1; 823 goto cleanup_rest;
824 } 824 }
825 /* Mark all of the other DNS traffic using our mark DNS_MARK */ 825 /* Mark all of the other DNS traffic using our mark DNS_MARK */
826 { 826 {
827 char *const mark_args[] = 827 char *const mark_args[] =
828 { 828 {
829 "iptables", "-t", "mangle", "-I", "OUTPUT", DNS_TABLE, "-p", 829 "iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p",
830 "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, 830 "udp", "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK,
831 NULL 831 NULL
832 }; 832 };
833 if (0 != fork_and_exec (SBIN_IPTABLES, mark_args)) 833 if (0 != fork_and_exec (SBIN_IPTABLES, mark_args))
834 goto cleanup_mark_2; 834 goto cleanup_mangle_1;
835 } 835 }
836 /* Forward all marked DNS traffic to our DNS_TABLE */ 836 /* Forward all marked DNS traffic to our DNS_TABLE */
837 { 837 {
@@ -840,17 +840,17 @@ main (int argc, char *const*argv)
840 "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL 840 "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL
841 }; 841 };
842 if (0 != fork_and_exec (SBIN_IP, forward_args)) 842 if (0 != fork_and_exec (SBIN_IP, forward_args))
843 goto cleanup_forward_3; 843 goto cleanup_mark_2;
844 } 844 }
845 /* Finally, add rule in our forwarding table to pass to our virtual interface */ 845 /* Finally, add rule in our forwarding table to pass to our virtual interface */
846 { 846 {
847 char *const route_args[] = 847 char *const route_args[] =
848 { 848 {
849 "ip", "route", "add", "default", "via", dev, 849 "ip", "route", "add", "default", "dev", dev,
850 "table", DNS_TABLE, NULL 850 "table", DNS_TABLE, NULL
851 }; 851 };
852 if (0 != fork_and_exec (SBIN_IP, route_args)) 852 if (0 != fork_and_exec (SBIN_IP, route_args))
853 goto cleanup_route_4; 853 goto cleanup_forward_3;
854 } 854 }
855 855
856 /* drop privs *except* for the saved UID; this is not perfect, but better 856 /* drop privs *except* for the saved UID; this is not perfect, but better
@@ -877,7 +877,6 @@ main (int argc, char *const*argv)
877 877
878 /* now forward until we hit a problem */ 878 /* now forward until we hit a problem */
879 run (fd_tun); 879 run (fd_tun);
880 (void) close (fd_tun);
881 880
882 /* now need to regain privs so we can remove the firewall rules we added! */ 881 /* now need to regain privs so we can remove the firewall rules we added! */
883#ifdef HAVE_SETRESUID 882#ifdef HAVE_SETRESUID
@@ -902,7 +901,7 @@ main (int argc, char *const*argv)
902 { 901 {
903 char *const route_clean_args[] = 902 char *const route_clean_args[] =
904 { 903 {
905 "ip", "route", "del", "default", "via", dev, 904 "ip", "route", "del", "default", "dev", dev,
906 "table", DNS_TABLE, NULL 905 "table", DNS_TABLE, NULL
907 }; 906 };
908 if (0 != fork_and_exec (SBIN_IP, route_clean_args)) 907 if (0 != fork_and_exec (SBIN_IP, route_clean_args))
@@ -939,6 +938,9 @@ main (int argc, char *const*argv)
939 r += 8; 938 r += 8;
940 } 939 }
941 940
941 cleanup_rest:
942 /* close virtual interface */
943 (void) close (fd_tun);
942 /* remove SIGINT handler so we can close the pipes */ 944 /* remove SIGINT handler so we can close the pipes */
943 (void) signal (SIGINT, SIG_IGN); 945 (void) signal (SIGINT, SIG_IGN);
944 (void) close (cpipe[0]); 946 (void) close (cpipe[0]);
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-27 09:47:24 +0000