diff options
author | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-03-21 16:44:05 +0000 |
---|---|---|
committer | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-03-21 16:44:05 +0000 |
commit | 338678fcc6fccaf292d68413b6fe5ea33d83c49a (patch) | |
tree | 081f0c1cae55ef71abb09a465d7cfc13035822ae /src/exit | |
parent | f68053300aed234517d51729fa2f84be4f2cd2f3 (diff) | |
download | gnunet-338678fcc6fccaf292d68413b6fe5ea33d83c49a.tar.gz gnunet-338678fcc6fccaf292d68413b6fe5ea33d83c49a.zip |
* replaced no-nat delimiter which was % (reserved char on windows) with - for exit-helper-windows and exit-helper.
* added ipv4 NAPT and removal functionality to exit-helper-windows
* moved a few variables
* next todo: ipv6 forwarding rules for netsh
Diffstat (limited to 'src/exit')
-rw-r--r-- | src/exit/gnunet-daemon-exit.c | 2 | ||||
-rw-r--r-- | src/exit/gnunet-helper-exit-windows.c | 83 | ||||
-rw-r--r-- | src/exit/gnunet-helper-exit.c | 4 |
3 files changed, 67 insertions, 22 deletions
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 92f38665b..877630fa8 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c | |||
@@ -3459,7 +3459,7 @@ run (void *cls, char *const *args GNUNET_UNUSED, | |||
3459 | } | 3459 | } |
3460 | else | 3460 | else |
3461 | { | 3461 | { |
3462 | exit_argv[2] = GNUNET_strdup ("%"); | 3462 | exit_argv[2] = GNUNET_strdup ("-"); |
3463 | } | 3463 | } |
3464 | 3464 | ||
3465 | 3465 | ||
diff --git a/src/exit/gnunet-helper-exit-windows.c b/src/exit/gnunet-helper-exit-windows.c index c4519fb1c..aade15790 100644 --- a/src/exit/gnunet-helper-exit-windows.c +++ b/src/exit/gnunet-helper-exit-windows.c | |||
@@ -1454,7 +1454,7 @@ teardown_final: | |||
1454 | * @param argc must be 6 | 1454 | * @param argc must be 6 |
1455 | * @param argv 0: binary name ("gnunet-helper-exit") | 1455 | * @param argv 0: binary name ("gnunet-helper-exit") |
1456 | * 1: tunnel interface name ("gnunet-exit") | 1456 | * 1: tunnel interface name ("gnunet-exit") |
1457 | * 2: IPv4 "physical" interface name ("eth0"), or "%" to not do IPv4 NAT | 1457 | * 2: IPv4 "physical" interface name ("eth0"), or "-" to not do IPv4 NAT |
1458 | * 3: IPv6 address ("::1"), or "-" to skip IPv6 | 1458 | * 3: IPv6 address ("::1"), or "-" to skip IPv6 |
1459 | * 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] | 1459 | * 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] |
1460 | * 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 | 1460 | * 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 |
@@ -1465,10 +1465,12 @@ main (int argc, char **argv) | |||
1465 | { | 1465 | { |
1466 | char hwid[LINE_LEN]; | 1466 | char hwid[LINE_LEN]; |
1467 | HANDLE handle; | 1467 | HANDLE handle; |
1468 | int global_ret = 0; | 1468 | int global_ret = 1; |
1469 | int local_ret = EINVAL; | ||
1469 | BOOL have_ip4 = FALSE; | 1470 | BOOL have_ip4 = FALSE; |
1470 | BOOL have_ip6 = FALSE; | 1471 | BOOL have_ip6 = FALSE; |
1471 | 1472 | BOOL have_nat44 = FALSE; | |
1473 | |||
1472 | if (6 != argc) | 1474 | if (6 != argc) |
1473 | { | 1475 | { |
1474 | fprintf (stderr, "FATAL: must supply 5 arguments\nUsage:\ngnunet-helper-vpn <if name prefix> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n", argv[0]); | 1476 | fprintf (stderr, "FATAL: must supply 5 arguments\nUsage:\ngnunet-helper-vpn <if name prefix> <address6 or \"-\"> <netbits6> <address4 or \"-\"> <netmask4>\n", argv[0]); |
@@ -1528,31 +1530,74 @@ main (int argc, char **argv) | |||
1528 | if (0 != (global_ret = set_address4 (address, mask))) | 1530 | if (0 != (global_ret = set_address4 (address, mask))) |
1529 | goto cleanup; | 1531 | goto cleanup; |
1530 | 1532 | ||
1531 | // setup NAT, if possible | 1533 | // setup NAPT, if possible |
1532 | if (0 != strcmp (argv[2], "%")) | 1534 | /* MS has REMOVED the routing/nat capabilities from Vista+, thus |
1533 | { | 1535 | * we can not setup NAT like in XP or on the server. Actually the |
1534 | /* TODO: " Windows Firewall with Advanced Security" (lol) | 1536 | * the only feasible solution seems to be to use |
1535 | * | 1537 | * Internet Connection Sharing, which introduces a horde of problems |
1536 | * MS has REMOVED the routing/nat capabilities since Vista, thus | 1538 | * such as sending out rogue-RAs on the external interface in an ipv6 |
1537 | * we can not setup NAT like in XP. Our best bet is | 1539 | * network. |
1538 | * to determine if we are running on XP, if we do, use netsh routing | 1540 | * Thus, below stuff ONLY works on |
1539 | * else we need to use WFAS and do things ourselfs | 1541 | * WinXP SP3 |
1540 | */ | 1542 | * Win Server 2003 SP1+ |
1543 | * Win Server 2008 | ||
1544 | * ... | ||
1545 | * else we need to use WFAS and do things ourselfs | ||
1546 | */ | ||
1547 | have_ip4 = TRUE; | ||
1548 | if (0 != strcmp(argv[2], "-")) { | ||
1549 | char command[LINE_LEN]; | ||
1550 | |||
1551 | /* install our the windows NAT module*/ | ||
1552 | fprintf (stderr, "DEBUG: Adding NAPT/Masquerading between external IF %s and mine.\n",argv[2]); | ||
1553 | local_ret = execute_shellcommand("netsh routing ip nat install"); | ||
1554 | if (0 != local_ret){ | ||
1555 | fprintf(stderr, "FATAL: Could not install NAPT support via Netsh: %s\n", strerror(local_ret)); | ||
1556 | goto cleanup; | ||
1557 | } | ||
1558 | /* external IF */ | ||
1559 | snprintf(command, LINE_LEN, | ||
1560 | "netsh routing ip nat add interface \"%s\" full", /*full = NAPT (addr+port)*/ | ||
1561 | argv[2]); | ||
1562 | local_ret = execute_shellcommand (command); | ||
1563 | if (0 != local_ret){ | ||
1564 | fprintf(stderr, "FATAL: IPv4-NAPT on external interface failed: %s\n", strerror(local_ret)); | ||
1565 | goto cleanup; | ||
1566 | } | ||
1567 | /* private/internal/virtual IF */ | ||
1568 | snprintf(command, LINE_LEN, | ||
1569 | "netsh routing ip nat add interface \"%s\" private", | ||
1570 | device_visible_name); | ||
1571 | local_ret = execute_shellcommand(command); | ||
1572 | if (0 != local_ret){ | ||
1573 | fprintf(stderr, "FATAL: IPv4-NAPT on internal interface failed: %s\n", strerror(local_ret)); | ||
1574 | goto cleanup; | ||
1575 | |||
1576 | have_nat44 = TRUE; | ||
1577 | } | ||
1541 | } | 1578 | } |
1542 | |||
1543 | have_ip4 = TRUE; | ||
1544 | } | 1579 | } |
1545 | 1580 | ||
1546 | run (handle); | 1581 | run (handle); |
1547 | global_ret = 0; | 1582 | global_ret = 0; |
1548 | cleanup: | 1583 | cleanup: |
1549 | 1584 | ||
1550 | if (have_ip4) | 1585 | if (have_ip4) { |
1551 | { | ||
1552 | const char *address = argv[5]; | 1586 | const char *address = argv[5]; |
1553 | fprintf (stderr, "DEBUG: Removing IP4 address\n"); | 1587 | if (have_nat44) { |
1588 | char command[LINE_LEN]; | ||
1589 | fprintf(stderr, "DEBUG: removing IP4 NAPT from virtual interface \n"); | ||
1590 | snprintf(command, LINE_LEN, | ||
1591 | "netsh routing ip nat del interface \"%s\"", | ||
1592 | device_visible_name); | ||
1593 | local_ret = execute_shellcommand(command); | ||
1594 | if (0 != local_ret) | ||
1595 | fprintf(stderr, "WARNING: Could not remove IPv4-NAPT from internal interface, hopefully this will have no effect in future runs: %s\n", strerror(local_ret)); | ||
1596 | } | ||
1597 | |||
1598 | fprintf(stderr, "DEBUG: Removing IP4 address\n"); | ||
1554 | remove_address4 (address); | 1599 | remove_address4 (address); |
1555 | } | 1600 | } |
1556 | if (have_ip6) | 1601 | if (have_ip6) |
1557 | { | 1602 | { |
1558 | const char *address = argv[3]; | 1603 | const char *address = argv[3]; |
diff --git a/src/exit/gnunet-helper-exit.c b/src/exit/gnunet-helper-exit.c index 882778b3f..149241d9d 100644 --- a/src/exit/gnunet-helper-exit.c +++ b/src/exit/gnunet-helper-exit.c | |||
@@ -638,7 +638,7 @@ PROCESS_BUFFER: | |||
638 | * @param argc must be 6 | 638 | * @param argc must be 6 |
639 | * @param argv 0: binary name ("gnunet-helper-exit") | 639 | * @param argv 0: binary name ("gnunet-helper-exit") |
640 | * 1: tunnel interface name ("gnunet-exit") | 640 | * 1: tunnel interface name ("gnunet-exit") |
641 | * 2: IPv4 "physical" interface name ("eth0"), or "%" to not do IPv4 NAT | 641 | * 2: IPv4 "physical" interface name ("eth0"), or "-" to not do IPv4 NAT |
642 | * 3: IPv6 address ("::1"), or "-" to skip IPv6 | 642 | * 3: IPv6 address ("::1"), or "-" to skip IPv6 |
643 | * 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] | 643 | * 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] |
644 | * 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 | 644 | * 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 |
@@ -747,7 +747,7 @@ main (int argc, char **argv) | |||
747 | "Failed to enable IPv4 forwarding. Will continue anyway.\n"); | 747 | "Failed to enable IPv4 forwarding. Will continue anyway.\n"); |
748 | } | 748 | } |
749 | } | 749 | } |
750 | if (0 != strcmp (argv[2], "%")) | 750 | if (0 != strcmp (argv[2], "-")) |
751 | { | 751 | { |
752 | char *const iptables_args[] = | 752 | char *const iptables_args[] = |
753 | { | 753 | { |