helper-program to use iptables

author: Philipp Tölke <toelke@in.tum.de> 2010-08-03 18:59:14 +0000
committer: Philipp Tölke <toelke@in.tum.de> 2010-08-03 18:59:14 +0000
commit: 1da6888188fb9f1db06151240c2aa4b2a6c4c18b (patch)
tree: db83948740e0c6c84047d7731fa7f832654e8311 /src
parent: ae7b11f726ecce35865163d2b90209a9a98d25d5 (diff)
download: gnunet-1da6888188fb9f1db06151240c2aa4b2a6c4c18b.tar.gz
gnunet-1da6888188fb9f1db06151240c2aa4b2a6c4c18b.zip
2 files changed, 97 insertions, 8 deletions
diff --git a/src/vpn/Makefile.am b/src/vpn/Makefile.am
index 8af6af749..77e49e098 100644
--- a/src/vpn/Makefile.am
+++ b/src/vpn/Makefile.am
@@ -10,16 +10,19 @@ endif
 if LINUX
 VPNBIN = gnunet-helper-vpn
+HIJACKBIN = gnunet-helper-hijack-dns
 install-exec-hook:
        chown root $(bindir)/gnunet-helper-vpn || true
        chmod u+s $(bindir)/gnunet-helper-vpn || true
+        chown root $(bindir)/gnunet-helper-hijack-dns || true
+        chmod u+s $(bindir)/gnunet-helper-hijack-dns || true
 else
 install-exec-hook:
 endif
 bin_PROGRAMS = \
- gnunet-daemon-vpn $(VPNBIN)
+ gnunet-daemon-vpn $(VPNBIN) $(HIJACKBIN)
 gnunet_helper_vpn_SOURCES = \
@@ -27,13 +30,8 @@ gnunet_helper_vpn_SOURCES = \
 gnunet-vpn-helper-p.h \
 gnunet-vpn-tun.h gnunet-vpn-tun.c
-# debug.c  debug.h \
+gnunet_helper_hijack_dns_SOURCES = \
-# packet.h packet.c \
+ gnunet-helper-hijack-dns.c
-# pretty-print.c  pretty-print.h \
-# tcp.c  tcp.h \
-# test.c \
-# tun.c  tun.h \
-# udp.c udp.h
 gnunet_daemon_vpn_SOURCES = \
 gnunet-daemon-vpn.c gnunet-vpn-pretty-print.c
diff --git a/src/vpn/gnunet-helper-hijack-dns.c b/src/vpn/gnunet-helper-hijack-dns.c
new file mode 100644
index 000000000..7add2cc3e
--- /dev/null
+++ b/src/vpn/gnunet-helper-hijack-dns.c
@@ -0,0 +1,91 @@
+/*
+   This file is part of GNUnet.
+   (C) 2010 Christian Grothoff
+   GNUnet is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published
+   by the Free Software Foundation; either version 3, or (at your
+   option) any later version.
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+   You should have received a copy of the GNU General Public License
+   along with GNUnet; see the file COPYING.  If not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+   */
+/**
+ * @file vpn/gnunet-helper-hijack-dns.c
+ * @brief
+ * @author Philipp Tölke
+ */
+#define _GNU_SOURCE
+#include <arpa/inet.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <gnunet_common.h>
+int fork_and_exec(char* file, char* cmd[]) {
+        pid_t pid = fork();
+        if (pid < 0) {
+                fprintf(stderr, "could not fork: %m\n");
+                return GNUNET_SYSERR;
+        }
+        int st = 0;
+        if (pid == 0) {
+                execv(file, cmd);
+        } else {
+                waitpid(pid, &st, 0);
+        }
+        return WIFEXITED(st) && (WEXITSTATUS(st) == 0);
+}
+int main(int argc, char** argv) {
+        int delete = 0;
+        int port = 0;
+        if (argc < 2) return GNUNET_SYSERR;
+        if (strncmp(argv[1], "-d", 2) == 0) {
+                if (argc < 3) return GNUNET_SYSERR;
+                delete = 1;
+                port = atoi(argv[2]);
+        } else {
+                port = atoi(argv[1]);
+        }
+        if (port == 0) return GNUNET_SYSERR;
+        struct stat s;
+        if (stat("/sbin/iptables", &s) < 0) {
+                fprintf(stderr, "stat on /sbin/iptables failed: %m\n");
+                return GNUNET_SYSERR;
+        }
+        char localport[7];
+        snprintf(localport, 7, "%d", port);
+        int r;
+        if (delete) {
+                r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-D", "OUTPUT", "-p", "udp", "--sport", localport, "--dport", "53", "-j", "ACCEPT", NULL});
+                r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-D", "OUTPUT", "-p", "udp", "--dport", "53", "-j", "DNAT", "--to-destination", "10.10.10.2:53", NULL});
+        } else {
+                r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-I", "OUTPUT", "1", "-p", "udp", "--sport", localport, "--dport", "53", "-j", "ACCEPT", NULL});
+                r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-I", "OUTPUT", "2", "-p", "udp", "--dport", "53", "-j", "DNAT", "--to-destination", "10.10.10.2:53", NULL});
+        }
+        if (r) return GNUNET_YES;
+        return GNUNET_SYSERR;
+}
author	Philipp Tölke <toelke@in.tum.de>	2010-08-03 18:59:14 +0000
committer	Philipp Tölke <toelke@in.tum.de>	2010-08-03 18:59:14 +0000
commit	1da6888188fb9f1db06151240c2aa4b2a6c4c18b (patch)
tree	db83948740e0c6c84047d7731fa7f832654e8311 /src
parent	ae7b11f726ecce35865163d2b90209a9a98d25d5 (diff)
download	gnunet-1da6888188fb9f1db06151240c2aa4b2a6c4c18b.tar.gz gnunet-1da6888188fb9f1db06151240c2aa4b2a6c4c18b.zip

diff --git a/src/vpn/Makefile.am b/src/vpn/Makefile.am index 8af6af749..77e49e098 100644 --- a/src/vpn/Makefile.am +++ b/src/vpn/Makefile.am
@@ -10,16 +10,19 @@ endif
10		10
11	if LINUX	11	if LINUX
12	VPNBIN = gnunet-helper-vpn	12	VPNBIN = gnunet-helper-vpn
		13	HIJACKBIN = gnunet-helper-hijack-dns
13	install-exec-hook:	14	install-exec-hook:
14	chown root $(bindir)/gnunet-helper-vpn \|\| true	15	chown root $(bindir)/gnunet-helper-vpn \|\| true
15	chmod u+s $(bindir)/gnunet-helper-vpn \|\| true	16	chmod u+s $(bindir)/gnunet-helper-vpn \|\| true
		17	chown root $(bindir)/gnunet-helper-hijack-dns \|\| true
		18	chmod u+s $(bindir)/gnunet-helper-hijack-dns \|\| true
16	else	19	else
17	install-exec-hook:	20	install-exec-hook:
18	endif	21	endif
19		22
20		23
21	bin_PROGRAMS = \	24	bin_PROGRAMS = \
22	gnunet-daemon-vpn $(VPNBIN)	25	gnunet-daemon-vpn $(VPNBIN) $(HIJACKBIN)
23		26
24		27
25	gnunet_helper_vpn_SOURCES = \	28	gnunet_helper_vpn_SOURCES = \
@@ -27,13 +30,8 @@ gnunet_helper_vpn_SOURCES = \
27	gnunet-vpn-helper-p.h \	30	gnunet-vpn-helper-p.h \
28	gnunet-vpn-tun.h gnunet-vpn-tun.c	31	gnunet-vpn-tun.h gnunet-vpn-tun.c
29		32
30	# debug.c debug.h \	33	gnunet_helper_hijack_dns_SOURCES = \
31	# packet.h packet.c \	34	gnunet-helper-hijack-dns.c
32	# pretty-print.c pretty-print.h \
33	# tcp.c tcp.h \
34	# test.c \
35	# tun.c tun.h \
36	# udp.c udp.h
37		35
38	gnunet_daemon_vpn_SOURCES = \	36	gnunet_daemon_vpn_SOURCES = \
39	gnunet-daemon-vpn.c gnunet-vpn-pretty-print.c	37	gnunet-daemon-vpn.c gnunet-vpn-pretty-print.c


diff --git a/src/vpn/gnunet-helper-hijack-dns.c b/src/vpn/gnunet-helper-hijack-dns.c new file mode 100644 index 000000000..7add2cc3e --- /dev/null +++ b/src/vpn/gnunet-helper-hijack-dns.c
@@ -0,0 +1,91 @@
		1	/*
		2	This file is part of GNUnet.
		3	(C) 2010 Christian Grothoff
		4
		5	GNUnet is free software; you can redistribute it and/or modify
		6	it under the terms of the GNU General Public License as published
		7	by the Free Software Foundation; either version 3, or (at your
		8	option) any later version.
		9
		10	GNUnet is distributed in the hope that it will be useful, but
		11	WITHOUT ANY WARRANTY; without even the implied warranty of
		12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		13	General Public License for more details.
		14
		15	You should have received a copy of the GNU General Public License
		16	along with GNUnet; see the file COPYING. If not, write to the
		17	Free Software Foundation, Inc., 59 Temple Place - Suite 330,
		18	Boston, MA 02111-1307, USA.
		19	*/
		20
		21	/**
		22	* @file vpn/gnunet-helper-hijack-dns.c
		23	* @brief
		24	* @author Philipp Tölke
		25	*/
		26	#define _GNU_SOURCE
		27
		28	#include <arpa/inet.h>
		29
		30	#include <string.h>
		31	#include <sys/types.h>
		32	#include <sys/wait.h>
		33	#include <sys/stat.h>
		34
		35	#include <stdlib.h>
		36	#include <stdio.h>
		37	#include <unistd.h>
		38	#include <gnunet_common.h>
		39
		40	int fork_and_exec(char* file, char* cmd[]) {
		41	pid_t pid = fork();
		42	if (pid < 0) {
		43	fprintf(stderr, "could not fork: %m\n");
		44	return GNUNET_SYSERR;
		45	}
		46
		47	int st = 0;
		48
		49	if (pid == 0) {
		50	execv(file, cmd);
		51	} else {
		52	waitpid(pid, &st, 0);
		53	}
		54	return WIFEXITED(st) && (WEXITSTATUS(st) == 0);
		55	}
		56
		57	int main(int argc, char** argv) {
		58	int delete = 0;
		59	int port = 0;
		60	if (argc < 2) return GNUNET_SYSERR;
		61
		62	if (strncmp(argv[1], "-d", 2) == 0) {
		63	if (argc < 3) return GNUNET_SYSERR;
		64	delete = 1;
		65	port = atoi(argv[2]);
		66	} else {
		67	port = atoi(argv[1]);
		68	}
		69
		70	if (port == 0) return GNUNET_SYSERR;
		71
		72	struct stat s;
		73	if (stat("/sbin/iptables", &s) < 0) {
		74	fprintf(stderr, "stat on /sbin/iptables failed: %m\n");
		75	return GNUNET_SYSERR;
		76	}
		77
		78	char localport[7];
		79	snprintf(localport, 7, "%d", port);
		80
		81	int r;
		82	if (delete) {
		83	r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-D", "OUTPUT", "-p", "udp", "--sport", localport, "--dport", "53", "-j", "ACCEPT", NULL});
		84	r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-D", "OUTPUT", "-p", "udp", "--dport", "53", "-j", "DNAT", "--to-destination", "10.10.10.2:53", NULL});
		85	} else {
		86	r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-I", "OUTPUT", "1", "-p", "udp", "--sport", localport, "--dport", "53", "-j", "ACCEPT", NULL});
		87	r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", "nat", "-I", "OUTPUT", "2", "-p", "udp", "--dport", "53", "-j", "DNAT", "--to-destination", "10.10.10.2:53", NULL});
		88	}
		89	if (r) return GNUNET_YES;
		90	return GNUNET_SYSERR;
		91	}