diff options
author | Philipp Tölke <toelke@in.tum.de> | 2010-08-03 18:59:14 +0000 |
---|---|---|
committer | Philipp Tölke <toelke@in.tum.de> | 2010-08-03 18:59:14 +0000 |
commit | 1da6888188fb9f1db06151240c2aa4b2a6c4c18b (patch) | |
tree | db83948740e0c6c84047d7731fa7f832654e8311 /src | |
parent | ae7b11f726ecce35865163d2b90209a9a98d25d5 (diff) | |
download | gnunet-1da6888188fb9f1db06151240c2aa4b2a6c4c18b.tar.gz gnunet-1da6888188fb9f1db06151240c2aa4b2a6c4c18b.zip |
helper-program to use iptables
Diffstat (limited to 'src')
-rw-r--r-- | src/vpn/Makefile.am | 14 | ||||
-rw-r--r-- | src/vpn/gnunet-helper-hijack-dns.c | 91 |
2 files changed, 97 insertions, 8 deletions
diff --git a/src/vpn/Makefile.am b/src/vpn/Makefile.am index 8af6af749..77e49e098 100644 --- a/src/vpn/Makefile.am +++ b/src/vpn/Makefile.am | |||
@@ -10,16 +10,19 @@ endif | |||
10 | 10 | ||
11 | if LINUX | 11 | if LINUX |
12 | VPNBIN = gnunet-helper-vpn | 12 | VPNBIN = gnunet-helper-vpn |
13 | HIJACKBIN = gnunet-helper-hijack-dns | ||
13 | install-exec-hook: | 14 | install-exec-hook: |
14 | chown root $(bindir)/gnunet-helper-vpn || true | 15 | chown root $(bindir)/gnunet-helper-vpn || true |
15 | chmod u+s $(bindir)/gnunet-helper-vpn || true | 16 | chmod u+s $(bindir)/gnunet-helper-vpn || true |
17 | chown root $(bindir)/gnunet-helper-hijack-dns || true | ||
18 | chmod u+s $(bindir)/gnunet-helper-hijack-dns || true | ||
16 | else | 19 | else |
17 | install-exec-hook: | 20 | install-exec-hook: |
18 | endif | 21 | endif |
19 | 22 | ||
20 | 23 | ||
21 | bin_PROGRAMS = \ | 24 | bin_PROGRAMS = \ |
22 | gnunet-daemon-vpn $(VPNBIN) | 25 | gnunet-daemon-vpn $(VPNBIN) $(HIJACKBIN) |
23 | 26 | ||
24 | 27 | ||
25 | gnunet_helper_vpn_SOURCES = \ | 28 | gnunet_helper_vpn_SOURCES = \ |
@@ -27,13 +30,8 @@ gnunet_helper_vpn_SOURCES = \ | |||
27 | gnunet-vpn-helper-p.h \ | 30 | gnunet-vpn-helper-p.h \ |
28 | gnunet-vpn-tun.h gnunet-vpn-tun.c | 31 | gnunet-vpn-tun.h gnunet-vpn-tun.c |
29 | 32 | ||
30 | # debug.c debug.h \ | 33 | gnunet_helper_hijack_dns_SOURCES = \ |
31 | # packet.h packet.c \ | 34 | gnunet-helper-hijack-dns.c |
32 | # pretty-print.c pretty-print.h \ | ||
33 | # tcp.c tcp.h \ | ||
34 | # test.c \ | ||
35 | # tun.c tun.h \ | ||
36 | # udp.c udp.h | ||
37 | 35 | ||
38 | gnunet_daemon_vpn_SOURCES = \ | 36 | gnunet_daemon_vpn_SOURCES = \ |
39 | gnunet-daemon-vpn.c gnunet-vpn-pretty-print.c | 37 | gnunet-daemon-vpn.c gnunet-vpn-pretty-print.c |
diff --git a/src/vpn/gnunet-helper-hijack-dns.c b/src/vpn/gnunet-helper-hijack-dns.c new file mode 100644 index 000000000..7add2cc3e --- /dev/null +++ b/src/vpn/gnunet-helper-hijack-dns.c | |||
@@ -0,0 +1,91 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2010 Christian Grothoff | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file vpn/gnunet-helper-hijack-dns.c | ||
23 | * @brief | ||
24 | * @author Philipp Tölke | ||
25 | */ | ||
26 | #define _GNU_SOURCE | ||
27 | |||
28 | #include <arpa/inet.h> | ||
29 | |||
30 | #include <string.h> | ||
31 | #include <sys/types.h> | ||
32 | #include <sys/wait.h> | ||
33 | #include <sys/stat.h> | ||
34 | |||
35 | #include <stdlib.h> | ||
36 | #include <stdio.h> | ||
37 | #include <unistd.h> | ||
38 | #include <gnunet_common.h> | ||
39 | |||
40 | int fork_and_exec(char* file, char* cmd[]) { | ||
41 | pid_t pid = fork(); | ||
42 | if (pid < 0) { | ||
43 | fprintf(stderr, "could not fork: %m\n"); | ||
44 | return GNUNET_SYSERR; | ||
45 | } | ||
46 | |||
47 | int st = 0; | ||
48 | |||
49 | if (pid == 0) { | ||
50 | execv(file, cmd); | ||
51 | } else { | ||
52 | waitpid(pid, &st, 0); | ||
53 | } | ||
54 | return WIFEXITED(st) && (WEXITSTATUS(st) == 0); | ||
55 | } | ||
56 | |||
57 | int main(int argc, char** argv) { | ||
58 | int delete = 0; | ||
59 | int port = 0; | ||
60 | if (argc < 2) return GNUNET_SYSERR; | ||
61 | |||
62 | if (strncmp(argv[1], "-d", 2) == 0) { | ||
63 | if (argc < 3) return GNUNET_SYSERR; | ||
64 | delete = 1; | ||
65 | port = atoi(argv[2]); | ||
66 | } else { | ||
67 | port = atoi(argv[1]); | ||
68 | } | ||
69 | |||
70 | if (port == 0) return GNUNET_SYSERR; | ||
71 | |||
72 | struct stat s; | ||
73 | if (stat("/sbin/iptables", &s) < 0) { | ||
74 | fprintf(stderr, "stat on /sbin/iptables failed: %m\n"); | ||
75 | return GNUNET_SYSERR; | ||
76 | } | ||
77 | |||
78 | char localport[7]; | ||
79 | snprintf(localport, 7, "%d", port); | ||
80 | |||
81 | int r; | ||
82 | if (delete) { | ||
83 | r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-D", "OUTPUT", "-p", "udp", "--sport", localport, "--dport", "53", "-j", "ACCEPT", NULL}); | ||
84 | r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-D", "OUTPUT", "-p", "udp", "--dport", "53", "-j", "DNAT", "--to-destination", "10.10.10.2:53", NULL}); | ||
85 | } else { | ||
86 | r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-I", "OUTPUT", "1", "-p", "udp", "--sport", localport, "--dport", "53", "-j", "ACCEPT", NULL}); | ||
87 | r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-I", "OUTPUT", "2", "-p", "udp", "--dport", "53", "-j", "DNAT", "--to-destination", "10.10.10.2:53", NULL}); | ||
88 | } | ||
89 | if (r) return GNUNET_YES; | ||
90 | return GNUNET_SYSERR; | ||
91 | } | ||