diff options
| author | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-03-21 16:44:05 +0000 |
|---|---|---|
| committer | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-03-21 16:44:05 +0000 |
| commit | 338678fcc6fccaf292d68413b6fe5ea33d83c49a (patch) | |
| tree | 081f0c1cae55ef71abb09a465d7cfc13035822ae /src/exit | |
| parent | f68053300aed234517d51729fa2f84be4f2cd2f3 (diff) | |
| download | gnunet-338678fcc6fccaf292d68413b6fe5ea33d83c49a.tar.gz gnunet-338678fcc6fccaf292d68413b6fe5ea33d83c49a.zip | |
* replaced no-nat delimiter which was % (reserved char on windows) with - for exit-helper-windows and exit-helper.
* added ipv4 NAPT and removal functionality to exit-helper-windows
* moved a few variables
* next todo: ipv6 forwarding rules for netsh
Diffstat (limited to 'src/exit')
| -rw-r--r-- | src/exit/gnunet-daemon-exit.c | 2 | ||||
| -rw-r--r-- | src/exit/gnunet-helper-exit-windows.c | 83 | ||||
| -rw-r--r-- | src/exit/gnunet-helper-exit.c | 4 |
3 files changed, 67 insertions, 22 deletions
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 92f38665b..877630fa8 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c | |||
| @@ -3459,7 +3459,7 @@ run (void *cls, char *const *args GNUNET_UNUSED, | |||
| 3459 | } | 3459 | } |
| 3460 | else | 3460 | else |
| 3461 | { | 3461 | { |
| 3462 | exit_argv[2] = GNUNET_strdup ("%"); | 3462 | exit_argv[2] = GNUNET_strdup ("-"); |
| 3463 | } | 3463 | } |
| 3464 | 3464 | ||
| 3465 | 3465 | ||
diff --git a/src/exit/gnunet-helper-exit-windows.c b/src/exit/gnunet-helper-exit-windows.c index c4519fb1c..aade15790 100644 --- a/src/exit/gnunet-helper-exit-windows.c +++ b/src/exit/gnunet-helper-exit-windows.c | |||
| @@ -1454,7 +1454,7 @@ teardown_final: | |||
| 1454 | * @param argc must be 6 | 1454 | * @param argc must be 6 |
| 1455 | * @param argv 0: binary name ("gnunet-helper-exit") | 1455 | * @param argv 0: binary name ("gnunet-helper-exit") |
| 1456 | * 1: tunnel interface name ("gnunet-exit") | 1456 | * 1: tunnel interface name ("gnunet-exit") |
| 1457 | * 2: IPv4 "physical" interface name ("eth0"), or "%" to not do IPv4 NAT | 1457 | * 2: IPv4 "physical" interface name ("eth0"), or "-" to not do IPv4 NAT |
| 1458 | * 3: IPv6 address ("::1"), or "-" to skip IPv6 | 1458 | * 3: IPv6 address ("::1"), or "-" to skip IPv6 |
| 1459 | * 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] | 1459 | * 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] |
| 1460 | * 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 | 1460 | * 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 |
| @@ -1465,10 +1465,12 @@ main (int argc, char **argv) | |||
| 1465 | { | 1465 | { |
| 1466 | char hwid[LINE_LEN]; | 1466 | char hwid[LINE_LEN]; |
| 1467 | HANDLE handle; | 1467 | HANDLE handle; |
| 1468 | int global_ret = 0; | 1468 | int global_ret = 1; |
| 1469 | int local_ret = EINVAL; | ||
| 1469 | BOOL have_ip4 = FALSE; | 1470 | BOOL have_ip4 = FALSE; |
| 1470 | BOOL have_ip6 = FALSE; | 1471 | BOOL have_ip6 = FALSE; |
| 1471 | 1472 | BOOL have_nat44 = FALSE; | |
| 1473 | |||
| 1472 | if (6 != argc) | 1474 | if (6 != argc) |
| 1473 | { | 1475 | { |
| 1474 | fprintf (stderr, "FATAL: must supply 5 arguments\nUsage:\ngnunet-helper-vpn <if name prefix> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n", argv[0]); | 1476 | fprintf (stderr, "FATAL: must supply 5 arguments\nUsage:\ngnunet-helper-vpn <if name prefix> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n", argv[0]); |
| @@ -1528,31 +1530,74 @@ main (int argc, char **argv) | |||
| 1528 | if (0 != (global_ret = set_address4 (address, mask))) | 1530 | if (0 != (global_ret = set_address4 (address, mask))) |
| 1529 | goto cleanup; | 1531 | goto cleanup; |
| 1530 | 1532 | ||
| 1531 | // setup NAT, if possible | 1533 | // setup NAPT, if possible |
| 1532 | if (0 != strcmp (argv[2], "%")) | 1534 | /* MS has REMOVED the routing/nat capabilities from Vista+, thus |
| 1533 | { | 1535 | * we can not setup NAT like in XP or on the server. Actually the |
| 1534 | /* TODO: " Windows Firewall with Advanced Security" (lol) | 1536 | * the only feasible solution seems to be to use |
| 1535 | * | 1537 | * Internet Connection Sharing, which introduces a horde of problems |
| 1536 | * MS has REMOVED the routing/nat capabilities since Vista, thus | 1538 | * such as sending out rogue-RAs on the external interface in an ipv6 |
| 1537 | * we can not setup NAT like in XP. Our best bet is | 1539 | * network. |
| 1538 | * to determine if we are running on XP, if we do, use netsh routing | 1540 | * Thus, below stuff ONLY works on |
| 1539 | * else we need to use WFAS and do things ourselfs | 1541 | * WinXP SP3 |
| 1540 | */ | 1542 | * Win Server 2003 SP1+ |
| 1543 | * Win Server 2008 | ||
| 1544 | * ... | ||
| 1545 | * else we need to use WFAS and do things ourselfs | ||
| 1546 | */ | ||
| 1547 | have_ip4 = TRUE; | ||
| 1548 | if (0 != strcmp(argv[2], "-")) { | ||
| 1549 | char command[LINE_LEN]; | ||
| 1550 | |||
| 1551 | /* install our the windows NAT module*/ | ||
| 1552 | fprintf (stderr, "DEBUG: Adding NAPT/Masquerading between external IF %s and mine.\n",argv[2]); | ||
| 1553 | local_ret = execute_shellcommand("netsh routing ip nat install"); | ||
| 1554 | if (0 != local_ret){ | ||
| 1555 | fprintf(stderr, "FATAL: Could not install NAPT support via Netsh: %s\n", strerror(local_ret)); | ||
| 1556 | goto cleanup; | ||
| 1557 | } | ||
| 1558 | /* external IF */ | ||
| 1559 | snprintf(command, LINE_LEN, | ||
| 1560 | "netsh routing ip nat add interface \"%s\" full", /*full = NAPT (addr+port)*/ | ||
| 1561 | argv[2]); | ||
| 1562 | local_ret = execute_shellcommand (command); | ||
| 1563 | if (0 != local_ret){ | ||
| 1564 | fprintf(stderr, "FATAL: IPv4-NAPT on external interface failed: %s\n", strerror(local_ret)); | ||
| 1565 | goto cleanup; | ||
| 1566 | } | ||
| 1567 | /* private/internal/virtual IF */ | ||
| 1568 | snprintf(command, LINE_LEN, | ||
| 1569 | "netsh routing ip nat add interface \"%s\" private", | ||
| 1570 | device_visible_name); | ||
| 1571 | local_ret = execute_shellcommand(command); | ||
| 1572 | if (0 != local_ret){ | ||
| 1573 | fprintf(stderr, "FATAL: IPv4-NAPT on internal interface failed: %s\n", strerror(local_ret)); | ||
| 1574 | goto cleanup; | ||
| 1575 | |||
| 1576 | have_nat44 = TRUE; | ||
| 1577 | } | ||
| 1541 | } | 1578 | } |
| 1542 | |||
| 1543 | have_ip4 = TRUE; | ||
| 1544 | } | 1579 | } |
| 1545 | 1580 | ||
| 1546 | run (handle); | 1581 | run (handle); |
| 1547 | global_ret = 0; | 1582 | global_ret = 0; |
| 1548 | cleanup: | 1583 | cleanup: |
| 1549 | 1584 | ||
| 1550 | if (have_ip4) | 1585 | if (have_ip4) { |
| 1551 | { | ||
| 1552 | const char *address = argv[5]; | 1586 | const char *address = argv[5]; |
| 1553 | fprintf (stderr, "DEBUG: Removing IP4 address\n"); | 1587 | if (have_nat44) { |
| 1588 | char command[LINE_LEN]; | ||
| 1589 | fprintf(stderr, "DEBUG: removing IP4 NAPT from virtual interface \n"); | ||
| 1590 | snprintf(command, LINE_LEN, | ||
| 1591 | "netsh routing ip nat del interface \"%s\"", | ||
| 1592 | device_visible_name); | ||
| 1593 | local_ret = execute_shellcommand(command); | ||
| 1594 | if (0 != local_ret) | ||
| 1595 | fprintf(stderr, "WARNING: Could not remove IPv4-NAPT from internal interface, hopefully this will have no effect in future runs: %s\n", strerror(local_ret)); | ||
| 1596 | } | ||
| 1597 | |||
| 1598 | fprintf(stderr, "DEBUG: Removing IP4 address\n"); | ||
| 1554 | remove_address4 (address); | 1599 | remove_address4 (address); |
| 1555 | } | 1600 | } |
| 1556 | if (have_ip6) | 1601 | if (have_ip6) |
| 1557 | { | 1602 | { |
| 1558 | const char *address = argv[3]; | 1603 | const char *address = argv[3]; |
diff --git a/src/exit/gnunet-helper-exit.c b/src/exit/gnunet-helper-exit.c index 882778b3f..149241d9d 100644 --- a/src/exit/gnunet-helper-exit.c +++ b/src/exit/gnunet-helper-exit.c | |||
| @@ -638,7 +638,7 @@ PROCESS_BUFFER: | |||
| 638 | * @param argc must be 6 | 638 | * @param argc must be 6 |
| 639 | * @param argv 0: binary name ("gnunet-helper-exit") | 639 | * @param argv 0: binary name ("gnunet-helper-exit") |
| 640 | * 1: tunnel interface name ("gnunet-exit") | 640 | * 1: tunnel interface name ("gnunet-exit") |
| 641 | * 2: IPv4 "physical" interface name ("eth0"), or "%" to not do IPv4 NAT | 641 | * 2: IPv4 "physical" interface name ("eth0"), or "-" to not do IPv4 NAT |
| 642 | * 3: IPv6 address ("::1"), or "-" to skip IPv6 | 642 | * 3: IPv6 address ("::1"), or "-" to skip IPv6 |
| 643 | * 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] | 643 | * 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] |
| 644 | * 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 | 644 | * 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 |
| @@ -747,7 +747,7 @@ main (int argc, char **argv) | |||
| 747 | "Failed to enable IPv4 forwarding. Will continue anyway.\n"); | 747 | "Failed to enable IPv4 forwarding. Will continue anyway.\n"); |
| 748 | } | 748 | } |
| 749 | } | 749 | } |
| 750 | if (0 != strcmp (argv[2], "%")) | 750 | if (0 != strcmp (argv[2], "-")) |
| 751 | { | 751 | { |
| 752 | char *const iptables_args[] = | 752 | char *const iptables_args[] = |
| 753 | { | 753 | { |