diff options
Diffstat (limited to 'src/dns/gnunet-helper-dns.c')
-rw-r--r-- | src/dns/gnunet-helper-dns.c | 1373 |
1 files changed, 680 insertions, 693 deletions
diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c index e837d81c6..eceb278d2 100644 --- a/src/dns/gnunet-helper-dns.c +++ b/src/dns/gnunet-helper-dns.c | |||
@@ -83,11 +83,12 @@ | |||
83 | */ | 83 | */ |
84 | #define MAX_SIZE 65536 | 84 | #define MAX_SIZE 65536 |
85 | 85 | ||
86 | #if !HAVE_DECL_STRUCT_IN6_IFREQ | 86 | #if ! HAVE_DECL_STRUCT_IN6_IFREQ |
87 | /** | 87 | /** |
88 | * This is in linux/include/net/ipv6.h, but not always exported... | 88 | * This is in linux/include/net/ipv6.h, but not always exported... |
89 | */ | 89 | */ |
90 | struct in6_ifreq { | 90 | struct in6_ifreq |
91 | { | ||
91 | struct in6_addr ifr6_addr; | 92 | struct in6_addr ifr6_addr; |
92 | uint32_t ifr6_prefixlen; | 93 | uint32_t ifr6_prefixlen; |
93 | unsigned int ifr6_ifindex; | 94 | unsigned int ifr6_ifindex; |
@@ -151,11 +152,11 @@ static int cpipe[2]; | |||
151 | * @param signal signal number of the signal (not used) | 152 | * @param signal signal number of the signal (not used) |
152 | */ | 153 | */ |
153 | static void | 154 | static void |
154 | signal_handler(int signal) | 155 | signal_handler (int signal) |
155 | { | 156 | { |
156 | /* ignore return value, as the signal handler could theoretically | 157 | /* ignore return value, as the signal handler could theoretically |
157 | be called many times before the shutdown can actually happen */ | 158 | be called many times before the shutdown can actually happen */ |
158 | (void)write(cpipe[1], "K", 1); | 159 | (void) write (cpipe[1], "K", 1); |
159 | } | 160 | } |
160 | 161 | ||
161 | 162 | ||
@@ -167,22 +168,22 @@ signal_handler(int signal) | |||
167 | * @param flags open flags (O_RDONLY, O_WRONLY) | 168 | * @param flags open flags (O_RDONLY, O_WRONLY) |
168 | */ | 169 | */ |
169 | static void | 170 | static void |
170 | open_dev_null(int target_fd, | 171 | open_dev_null (int target_fd, |
171 | int flags) | 172 | int flags) |
172 | { | 173 | { |
173 | int fd; | 174 | int fd; |
174 | 175 | ||
175 | fd = open("/dev/null", flags); | 176 | fd = open ("/dev/null", flags); |
176 | if (-1 == fd) | 177 | if (-1 == fd) |
177 | abort(); | 178 | abort (); |
178 | if (fd == target_fd) | 179 | if (fd == target_fd) |
179 | return; | 180 | return; |
180 | if (-1 == dup2(fd, target_fd)) | 181 | if (-1 == dup2 (fd, target_fd)) |
181 | { | 182 | { |
182 | (void)close(fd); | 183 | (void) close (fd); |
183 | abort(); | 184 | abort (); |
184 | } | 185 | } |
185 | (void)close(fd); | 186 | (void) close (fd); |
186 | } | 187 | } |
187 | 188 | ||
188 | 189 | ||
@@ -194,50 +195,50 @@ open_dev_null(int target_fd, | |||
194 | * @return 0 on success, 1 on any error | 195 | * @return 0 on success, 1 on any error |
195 | */ | 196 | */ |
196 | static int | 197 | static int |
197 | fork_and_exec(const char *file, | 198 | fork_and_exec (const char *file, |
198 | char *const cmd[]) | 199 | char *const cmd[]) |
199 | { | 200 | { |
200 | int status; | 201 | int status; |
201 | pid_t pid; | 202 | pid_t pid; |
202 | pid_t ret; | 203 | pid_t ret; |
203 | 204 | ||
204 | pid = fork(); | 205 | pid = fork (); |
205 | if (-1 == pid) | 206 | if (-1 == pid) |
206 | { | 207 | { |
207 | fprintf(stderr, | 208 | fprintf (stderr, |
208 | "fork failed: %s\n", | 209 | "fork failed: %s\n", |
209 | strerror(errno)); | 210 | strerror (errno)); |
210 | return 1; | 211 | return 1; |
211 | } | 212 | } |
212 | if (0 == pid) | 213 | if (0 == pid) |
213 | { | 214 | { |
214 | /* we are the child process */ | 215 | /* we are the child process */ |
215 | /* close stdin/stdout to not cause interference | 216 | /* close stdin/stdout to not cause interference |
216 | with the helper's main protocol! */ | 217 | with the helper's main protocol! */ |
217 | (void)close(0); | 218 | (void) close (0); |
218 | open_dev_null(0, O_RDONLY); | 219 | open_dev_null (0, O_RDONLY); |
219 | (void)close(1); | 220 | (void) close (1); |
220 | open_dev_null(1, O_WRONLY); | 221 | open_dev_null (1, O_WRONLY); |
221 | (void)execv(file, cmd); | 222 | (void) execv (file, cmd); |
222 | /* can only get here on error */ | 223 | /* can only get here on error */ |
223 | fprintf(stderr, | 224 | fprintf (stderr, |
224 | "exec `%s' failed: %s\n", | 225 | "exec `%s' failed: %s\n", |
225 | file, | 226 | file, |
226 | strerror(errno)); | 227 | strerror (errno)); |
227 | _exit(1); | 228 | _exit (1); |
228 | } | 229 | } |
229 | /* keep running waitpid as long as the only error we get is 'EINTR' */ | 230 | /* keep running waitpid as long as the only error we get is 'EINTR' */ |
230 | while ((-1 == (ret = waitpid(pid, &status, 0))) && | 231 | while ((-1 == (ret = waitpid (pid, &status, 0))) && |
231 | (errno == EINTR)) | 232 | (errno == EINTR)) |
232 | ; | 233 | ; |
233 | if (-1 == ret) | 234 | if (-1 == ret) |
234 | { | 235 | { |
235 | fprintf(stderr, | 236 | fprintf (stderr, |
236 | "waitpid failed: %s\n", | 237 | "waitpid failed: %s\n", |
237 | strerror(errno)); | 238 | strerror (errno)); |
238 | return 1; | 239 | return 1; |
239 | } | 240 | } |
240 | if (!(WIFEXITED(status) && (0 == WEXITSTATUS(status)))) | 241 | if (! (WIFEXITED (status) && (0 == WEXITSTATUS (status)))) |
241 | return 1; | 242 | return 1; |
242 | /* child process completed and returned success, we're happy */ | 243 | /* child process completed and returned success, we're happy */ |
243 | return 0; | 244 | return 0; |
@@ -252,45 +253,45 @@ fork_and_exec(const char *file, | |||
252 | * @return the fd to the tun or -1 on error | 253 | * @return the fd to the tun or -1 on error |
253 | */ | 254 | */ |
254 | static int | 255 | static int |
255 | init_tun(char *dev) | 256 | init_tun (char *dev) |
256 | { | 257 | { |
257 | struct ifreq ifr; | 258 | struct ifreq ifr; |
258 | int fd; | 259 | int fd; |
259 | 260 | ||
260 | if (NULL == dev) | 261 | if (NULL == dev) |
261 | { | 262 | { |
262 | errno = EINVAL; | 263 | errno = EINVAL; |
263 | return -1; | 264 | return -1; |
264 | } | 265 | } |
265 | 266 | ||
266 | if (-1 == (fd = open("/dev/net/tun", O_RDWR))) | 267 | if (-1 == (fd = open ("/dev/net/tun", O_RDWR))) |
267 | { | 268 | { |
268 | fprintf(stderr, "Error opening `%s': %s\n", "/dev/net/tun", | 269 | fprintf (stderr, "Error opening `%s': %s\n", "/dev/net/tun", |
269 | strerror(errno)); | 270 | strerror (errno)); |
270 | return -1; | 271 | return -1; |
271 | } | 272 | } |
272 | 273 | ||
273 | if (fd >= FD_SETSIZE) | 274 | if (fd >= FD_SETSIZE) |
274 | { | 275 | { |
275 | fprintf(stderr, "File descriptor to large: %d", fd); | 276 | fprintf (stderr, "File descriptor to large: %d", fd); |
276 | (void)close(fd); | 277 | (void) close (fd); |
277 | return -1; | 278 | return -1; |
278 | } | 279 | } |
279 | 280 | ||
280 | memset(&ifr, 0, sizeof(ifr)); | 281 | memset (&ifr, 0, sizeof(ifr)); |
281 | ifr.ifr_flags = IFF_TUN; | 282 | ifr.ifr_flags = IFF_TUN; |
282 | 283 | ||
283 | if ('\0' != *dev) | 284 | if ('\0' != *dev) |
284 | strncpy(ifr.ifr_name, dev, IFNAMSIZ); | 285 | strncpy (ifr.ifr_name, dev, IFNAMSIZ); |
285 | 286 | ||
286 | if (-1 == ioctl(fd, TUNSETIFF, (void *)&ifr)) | 287 | if (-1 == ioctl (fd, TUNSETIFF, (void *) &ifr)) |
287 | { | 288 | { |
288 | fprintf(stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun", | 289 | fprintf (stderr, "Error with ioctl on `%s': %s\n", "/dev/net/tun", |
289 | strerror(errno)); | 290 | strerror (errno)); |
290 | (void)close(fd); | 291 | (void) close (fd); |
291 | return -1; | 292 | return -1; |
292 | } | 293 | } |
293 | strcpy(dev, ifr.ifr_name); | 294 | strcpy (dev, ifr.ifr_name); |
294 | return fd; | 295 | return fd; |
295 | } | 296 | } |
296 | 297 | ||
@@ -303,7 +304,7 @@ init_tun(char *dev) | |||
303 | * @param prefix_len the length of the network-prefix | 304 | * @param prefix_len the length of the network-prefix |
304 | */ | 305 | */ |
305 | static void | 306 | static void |
306 | set_address6(const char *dev, const char *address, unsigned long prefix_len) | 307 | set_address6 (const char *dev, const char *address, unsigned long prefix_len) |
307 | { | 308 | { |
308 | struct ifreq ifr; | 309 | struct ifreq ifr; |
309 | struct in6_ifreq ifr6; | 310 | struct in6_ifreq ifr6; |
@@ -313,39 +314,39 @@ set_address6(const char *dev, const char *address, unsigned long prefix_len) | |||
313 | /* | 314 | /* |
314 | * parse the new address | 315 | * parse the new address |
315 | */ | 316 | */ |
316 | memset(&sa6, 0, sizeof(struct sockaddr_in6)); | 317 | memset (&sa6, 0, sizeof(struct sockaddr_in6)); |
317 | sa6.sin6_family = AF_INET6; | 318 | sa6.sin6_family = AF_INET6; |
318 | if (1 != inet_pton(AF_INET6, address, sa6.sin6_addr.s6_addr)) | 319 | if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr)) |
319 | { | 320 | { |
320 | fprintf(stderr, | 321 | fprintf (stderr, |
321 | "Failed to parse IPv6 address `%s': %s\n", | 322 | "Failed to parse IPv6 address `%s': %s\n", |
322 | address, | 323 | address, |
323 | strerror(errno)); | 324 | strerror (errno)); |
324 | exit(1); | 325 | exit (1); |
325 | } | 326 | } |
326 | 327 | ||
327 | if (-1 == (fd = socket(PF_INET6, SOCK_DGRAM, 0))) | 328 | if (-1 == (fd = socket (PF_INET6, SOCK_DGRAM, 0))) |
328 | { | 329 | { |
329 | fprintf(stderr, | 330 | fprintf (stderr, |
330 | "Error creating IPv6 socket: %s (ignored)\n", | 331 | "Error creating IPv6 socket: %s (ignored)\n", |
331 | strerror(errno)); | 332 | strerror (errno)); |
332 | /* ignore error, maybe only IPv4 works on this system! */ | 333 | /* ignore error, maybe only IPv4 works on this system! */ |
333 | return; | 334 | return; |
334 | } | 335 | } |
335 | 336 | ||
336 | memset(&ifr, 0, sizeof(struct ifreq)); | 337 | memset (&ifr, 0, sizeof(struct ifreq)); |
337 | /* | 338 | /* |
338 | * Get the index of the if | 339 | * Get the index of the if |
339 | */ | 340 | */ |
340 | strncpy(ifr.ifr_name, dev, IFNAMSIZ); | 341 | strncpy (ifr.ifr_name, dev, IFNAMSIZ); |
341 | if (-1 == ioctl(fd, SIOGIFINDEX, &ifr)) | 342 | if (-1 == ioctl (fd, SIOGIFINDEX, &ifr)) |
342 | { | 343 | { |
343 | fprintf(stderr, "ioctl failed at %d: %s\n", __LINE__, strerror(errno)); | 344 | fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno)); |
344 | (void)close(fd); | 345 | (void) close (fd); |
345 | exit(1); | 346 | exit (1); |
346 | } | 347 | } |
347 | 348 | ||
348 | memset(&ifr6, 0, sizeof(struct in6_ifreq)); | 349 | memset (&ifr6, 0, sizeof(struct in6_ifreq)); |
349 | ifr6.ifr6_addr = sa6.sin6_addr; | 350 | ifr6.ifr6_addr = sa6.sin6_addr; |
350 | ifr6.ifr6_ifindex = ifr.ifr_ifindex; | 351 | ifr6.ifr6_ifindex = ifr.ifr_ifindex; |
351 | ifr6.ifr6_prefixlen = prefix_len; | 352 | ifr6.ifr6_prefixlen = prefix_len; |
@@ -353,42 +354,42 @@ set_address6(const char *dev, const char *address, unsigned long prefix_len) | |||
353 | /* | 354 | /* |
354 | * Set the address | 355 | * Set the address |
355 | */ | 356 | */ |
356 | if (-1 == ioctl(fd, SIOCSIFADDR, &ifr6)) | 357 | if (-1 == ioctl (fd, SIOCSIFADDR, &ifr6)) |
357 | { | 358 | { |
358 | fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__, | 359 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
359 | strerror(errno)); | 360 | strerror (errno)); |
360 | (void)close(fd); | 361 | (void) close (fd); |
361 | exit(1); | 362 | exit (1); |
362 | } | 363 | } |
363 | 364 | ||
364 | /* | 365 | /* |
365 | * Get the flags | 366 | * Get the flags |
366 | */ | 367 | */ |
367 | if (-1 == ioctl(fd, SIOCGIFFLAGS, &ifr)) | 368 | if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr)) |
368 | { | 369 | { |
369 | fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__, | 370 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
370 | strerror(errno)); | 371 | strerror (errno)); |
371 | (void)close(fd); | 372 | (void) close (fd); |
372 | exit(1); | 373 | exit (1); |
373 | } | 374 | } |
374 | 375 | ||
375 | /* | 376 | /* |
376 | * Add the UP and RUNNING flags | 377 | * Add the UP and RUNNING flags |
377 | */ | 378 | */ |
378 | ifr.ifr_flags |= IFF_UP | IFF_RUNNING; | 379 | ifr.ifr_flags |= IFF_UP | IFF_RUNNING; |
379 | if (-1 == ioctl(fd, SIOCSIFFLAGS, &ifr)) | 380 | if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr)) |
380 | { | 381 | { |
381 | fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__, | 382 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
382 | strerror(errno)); | 383 | strerror (errno)); |
383 | (void)close(fd); | 384 | (void) close (fd); |
384 | exit(1); | 385 | exit (1); |
385 | } | 386 | } |
386 | 387 | ||
387 | if (0 != close(fd)) | 388 | if (0 != close (fd)) |
388 | { | 389 | { |
389 | fprintf(stderr, "close failed: %s\n", strerror(errno)); | 390 | fprintf (stderr, "close failed: %s\n", strerror (errno)); |
390 | exit(1); | 391 | exit (1); |
391 | } | 392 | } |
392 | } | 393 | } |
393 | 394 | ||
394 | 395 | ||
@@ -400,100 +401,100 @@ set_address6(const char *dev, const char *address, unsigned long prefix_len) | |||
400 | * @param mask the netmask | 401 | * @param mask the netmask |
401 | */ | 402 | */ |
402 | static void | 403 | static void |
403 | set_address4(const char *dev, const char *address, const char *mask) | 404 | set_address4 (const char *dev, const char *address, const char *mask) |
404 | { | 405 | { |
405 | int fd; | 406 | int fd; |
406 | struct sockaddr_in *addr; | 407 | struct sockaddr_in *addr; |
407 | struct ifreq ifr; | 408 | struct ifreq ifr; |
408 | 409 | ||
409 | memset(&ifr, 0, sizeof(struct ifreq)); | 410 | memset (&ifr, 0, sizeof(struct ifreq)); |
410 | addr = (struct sockaddr_in *)&(ifr.ifr_addr); | 411 | addr = (struct sockaddr_in *) &(ifr.ifr_addr); |
411 | addr->sin_family = AF_INET; | 412 | addr->sin_family = AF_INET; |
412 | 413 | ||
413 | /* | 414 | /* |
414 | * Parse the address | 415 | * Parse the address |
415 | */ | 416 | */ |
416 | if (1 != inet_pton(AF_INET, address, &addr->sin_addr.s_addr)) | 417 | if (1 != inet_pton (AF_INET, address, &addr->sin_addr.s_addr)) |
417 | { | 418 | { |
418 | fprintf(stderr, | 419 | fprintf (stderr, |
419 | "Failed to parse IPv4 address `%s': %s\n", | 420 | "Failed to parse IPv4 address `%s': %s\n", |
420 | address, | 421 | address, |
421 | strerror(errno)); | 422 | strerror (errno)); |
422 | exit(1); | 423 | exit (1); |
423 | } | 424 | } |
424 | 425 | ||
425 | if (-1 == (fd = socket(PF_INET, SOCK_DGRAM, 0))) | 426 | if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0))) |
426 | { | 427 | { |
427 | fprintf(stderr, | 428 | fprintf (stderr, |
428 | "Error creating IPv4 socket: %s\n", | 429 | "Error creating IPv4 socket: %s\n", |
429 | strerror(errno)); | 430 | strerror (errno)); |
430 | exit(1); | 431 | exit (1); |
431 | } | 432 | } |
432 | 433 | ||
433 | strncpy(ifr.ifr_name, dev, IFNAMSIZ); | 434 | strncpy (ifr.ifr_name, dev, IFNAMSIZ); |
434 | 435 | ||
435 | /* | 436 | /* |
436 | * Set the address | 437 | * Set the address |
437 | */ | 438 | */ |
438 | if (-1 == ioctl(fd, SIOCSIFADDR, &ifr)) | 439 | if (-1 == ioctl (fd, SIOCSIFADDR, &ifr)) |
439 | { | 440 | { |
440 | fprintf(stderr, "ioctl failed at %d: %s\n", __LINE__, strerror(errno)); | 441 | fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno)); |
441 | (void)close(fd); | 442 | (void) close (fd); |
442 | exit(1); | 443 | exit (1); |
443 | } | 444 | } |
444 | 445 | ||
445 | /* | 446 | /* |
446 | * Parse the netmask | 447 | * Parse the netmask |
447 | */ | 448 | */ |
448 | addr = (struct sockaddr_in *)&(ifr.ifr_netmask); | 449 | addr = (struct sockaddr_in *) &(ifr.ifr_netmask); |
449 | if (1 != inet_pton(AF_INET, mask, &addr->sin_addr.s_addr)) | 450 | if (1 != inet_pton (AF_INET, mask, &addr->sin_addr.s_addr)) |
450 | { | 451 | { |
451 | fprintf(stderr, "Failed to parse address `%s': %s\n", mask, | 452 | fprintf (stderr, "Failed to parse address `%s': %s\n", mask, |
452 | strerror(errno)); | 453 | strerror (errno)); |
453 | (void)close(fd); | 454 | (void) close (fd); |
454 | exit(1); | 455 | exit (1); |
455 | } | 456 | } |
456 | 457 | ||
457 | /* | 458 | /* |
458 | * Set the netmask | 459 | * Set the netmask |
459 | */ | 460 | */ |
460 | if (-1 == ioctl(fd, SIOCSIFNETMASK, &ifr)) | 461 | if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr)) |
461 | { | 462 | { |
462 | fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__, | 463 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
463 | strerror(errno)); | 464 | strerror (errno)); |
464 | (void)close(fd); | 465 | (void) close (fd); |
465 | exit(1); | 466 | exit (1); |
466 | } | 467 | } |
467 | 468 | ||
468 | /* | 469 | /* |
469 | * Get the flags | 470 | * Get the flags |
470 | */ | 471 | */ |
471 | if (-1 == ioctl(fd, SIOCGIFFLAGS, &ifr)) | 472 | if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr)) |
472 | { | 473 | { |
473 | fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__, | 474 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
474 | strerror(errno)); | 475 | strerror (errno)); |
475 | (void)close(fd); | 476 | (void) close (fd); |
476 | exit(1); | 477 | exit (1); |
477 | } | 478 | } |
478 | 479 | ||
479 | /* | 480 | /* |
480 | * Add the UP and RUNNING flags | 481 | * Add the UP and RUNNING flags |
481 | */ | 482 | */ |
482 | ifr.ifr_flags |= IFF_UP | IFF_RUNNING; | 483 | ifr.ifr_flags |= IFF_UP | IFF_RUNNING; |
483 | if (-1 == ioctl(fd, SIOCSIFFLAGS, &ifr)) | 484 | if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr)) |
484 | { | 485 | { |
485 | fprintf(stderr, "ioctl failed at line %d: %s\n", __LINE__, | 486 | fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__, |
486 | strerror(errno)); | 487 | strerror (errno)); |
487 | (void)close(fd); | 488 | (void) close (fd); |
488 | exit(1); | 489 | exit (1); |
489 | } | 490 | } |
490 | 491 | ||
491 | if (0 != close(fd)) | 492 | if (0 != close (fd)) |
492 | { | 493 | { |
493 | fprintf(stderr, "close failed: %s\n", strerror(errno)); | 494 | fprintf (stderr, "close failed: %s\n", strerror (errno)); |
494 | (void)close(fd); | 495 | (void) close (fd); |
495 | exit(1); | 496 | exit (1); |
496 | } | 497 | } |
497 | } | 498 | } |
498 | 499 | ||
499 | 500 | ||
@@ -505,7 +506,7 @@ set_address4(const char *dev, const char *address, const char *mask) | |||
505 | * @param fd_tun tunnel FD | 506 | * @param fd_tun tunnel FD |
506 | */ | 507 | */ |
507 | static void | 508 | static void |
508 | run(int fd_tun) | 509 | run (int fd_tun) |
509 | { | 510 | { |
510 | /* | 511 | /* |
511 | * The buffer filled by reading from fd_tun | 512 | * The buffer filled by reading from fd_tun |
@@ -526,176 +527,176 @@ run(int fd_tun) | |||
526 | int max; | 527 | int max; |
527 | 528 | ||
528 | while (1) | 529 | while (1) |
530 | { | ||
531 | FD_ZERO (&fds_w); | ||
532 | FD_ZERO (&fds_r); | ||
533 | |||
534 | /* | ||
535 | * We are supposed to read and the buffer is empty | ||
536 | * -> select on read from tun | ||
537 | */ | ||
538 | if (0 == buftun_size) | ||
539 | FD_SET (fd_tun, &fds_r); | ||
540 | |||
541 | /* | ||
542 | * We are supposed to read and the buffer is not empty | ||
543 | * -> select on write to stdout | ||
544 | */ | ||
545 | if (0 < buftun_size) | ||
546 | FD_SET (1, &fds_w); | ||
547 | |||
548 | /* | ||
549 | * We are supposed to write and the buffer is empty | ||
550 | * -> select on read from stdin | ||
551 | */ | ||
552 | if (NULL == bufin_read) | ||
553 | FD_SET (0, &fds_r); | ||
554 | |||
555 | /* | ||
556 | * We are supposed to write and the buffer is not empty | ||
557 | * -> select on write to tun | ||
558 | */ | ||
559 | if (NULL != bufin_read) | ||
560 | FD_SET (fd_tun, &fds_w); | ||
561 | |||
562 | FD_SET (cpipe[0], &fds_r); | ||
563 | max = (fd_tun > cpipe[0]) ? fd_tun : cpipe[0]; | ||
564 | |||
565 | int r = select (max + 1, &fds_r, &fds_w, NULL, NULL); | ||
566 | |||
567 | if (-1 == r) | ||
568 | { | ||
569 | if (EINTR == errno) | ||
570 | continue; | ||
571 | fprintf (stderr, "select failed: %s\n", strerror (errno)); | ||
572 | return; | ||
573 | } | ||
574 | |||
575 | if (r > 0) | ||
529 | { | 576 | { |
530 | FD_ZERO(&fds_w); | 577 | if (FD_ISSET (cpipe[0], &fds_r)) |
531 | FD_ZERO(&fds_r); | 578 | return; /* aborted by signal */ |
532 | 579 | ||
533 | /* | 580 | if (FD_ISSET (fd_tun, &fds_r)) |
534 | * We are supposed to read and the buffer is empty | 581 | { |
535 | * -> select on read from tun | 582 | buftun_size = |
536 | */ | 583 | read (fd_tun, buftun + sizeof(struct GNUNET_MessageHeader), |
537 | if (0 == buftun_size) | 584 | MAX_SIZE - sizeof(struct GNUNET_MessageHeader)); |
538 | FD_SET(fd_tun, &fds_r); | 585 | if (-1 == buftun_size) |
539 | 586 | { | |
540 | /* | 587 | if ((errno == EINTR) || |
541 | * We are supposed to read and the buffer is not empty | 588 | (errno == EAGAIN)) |
542 | * -> select on write to stdout | 589 | { |
543 | */ | 590 | buftun_size = 0; |
544 | if (0 < buftun_size) | 591 | continue; |
545 | FD_SET(1, &fds_w); | 592 | } |
546 | 593 | fprintf (stderr, "read-error: %s\n", strerror (errno)); | |
547 | /* | 594 | return; |
548 | * We are supposed to write and the buffer is empty | 595 | } |
549 | * -> select on read from stdin | 596 | if (0 == buftun_size) |
550 | */ | 597 | { |
551 | if (NULL == bufin_read) | 598 | fprintf (stderr, "EOF on tun\n"); |
552 | FD_SET(0, &fds_r); | 599 | return; |
553 | 600 | } | |
554 | /* | 601 | buftun_read = buftun; |
555 | * We are supposed to write and the buffer is not empty | ||
556 | * -> select on write to tun | ||
557 | */ | ||
558 | if (NULL != bufin_read) | ||
559 | FD_SET(fd_tun, &fds_w); | ||
560 | |||
561 | FD_SET(cpipe[0], &fds_r); | ||
562 | max = (fd_tun > cpipe[0]) ? fd_tun : cpipe[0]; | ||
563 | |||
564 | int r = select(max + 1, &fds_r, &fds_w, NULL, NULL); | ||
565 | |||
566 | if (-1 == r) | ||
567 | { | 602 | { |
568 | if (EINTR == errno) | 603 | struct GNUNET_MessageHeader *hdr = |
604 | (struct GNUNET_MessageHeader *) buftun; | ||
605 | buftun_size += sizeof(struct GNUNET_MessageHeader); | ||
606 | hdr->type = htons (GNUNET_MESSAGE_TYPE_DNS_HELPER); | ||
607 | hdr->size = htons (buftun_size); | ||
608 | } | ||
609 | } | ||
610 | else if (FD_ISSET (1, &fds_w)) | ||
611 | { | ||
612 | ssize_t written = write (1, buftun_read, buftun_size); | ||
613 | |||
614 | if (-1 == written) | ||
615 | { | ||
616 | if ((errno == EINTR) || | ||
617 | (errno == EAGAIN)) | ||
569 | continue; | 618 | continue; |
570 | fprintf(stderr, "select failed: %s\n", strerror(errno)); | 619 | fprintf (stderr, "write-error to stdout: %s\n", strerror (errno)); |
571 | return; | 620 | return; |
572 | } | 621 | } |
622 | if (0 == written) | ||
623 | { | ||
624 | fprintf (stderr, "write returned 0\n"); | ||
625 | return; | ||
626 | } | ||
627 | buftun_size -= written; | ||
628 | buftun_read += written; | ||
629 | } | ||
573 | 630 | ||
574 | if (r > 0) | 631 | if (FD_ISSET (0, &fds_r)) |
632 | { | ||
633 | bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos); | ||
634 | if (-1 == bufin_size) | ||
635 | { | ||
636 | bufin_read = NULL; | ||
637 | if ((errno == EINTR) || | ||
638 | (errno == EAGAIN)) | ||
639 | continue; | ||
640 | fprintf (stderr, "read-error: %s\n", strerror (errno)); | ||
641 | return; | ||
642 | } | ||
643 | if (0 == bufin_size) | ||
644 | { | ||
645 | bufin_read = NULL; | ||
646 | fprintf (stderr, "EOF on stdin\n"); | ||
647 | return; | ||
648 | } | ||
575 | { | 649 | { |
576 | if (FD_ISSET(cpipe[0], &fds_r)) | 650 | struct GNUNET_MessageHeader *hdr; |
577 | return; /* aborted by signal */ | ||
578 | |||
579 | if (FD_ISSET(fd_tun, &fds_r)) | ||
580 | { | ||
581 | buftun_size = | ||
582 | read(fd_tun, buftun + sizeof(struct GNUNET_MessageHeader), | ||
583 | MAX_SIZE - sizeof(struct GNUNET_MessageHeader)); | ||
584 | if (-1 == buftun_size) | ||
585 | { | ||
586 | if ((errno == EINTR) || | ||
587 | (errno == EAGAIN)) | ||
588 | { | ||
589 | buftun_size = 0; | ||
590 | continue; | ||
591 | } | ||
592 | fprintf(stderr, "read-error: %s\n", strerror(errno)); | ||
593 | return; | ||
594 | } | ||
595 | if (0 == buftun_size) | ||
596 | { | ||
597 | fprintf(stderr, "EOF on tun\n"); | ||
598 | return; | ||
599 | } | ||
600 | buftun_read = buftun; | ||
601 | { | ||
602 | struct GNUNET_MessageHeader *hdr = | ||
603 | (struct GNUNET_MessageHeader *)buftun; | ||
604 | buftun_size += sizeof(struct GNUNET_MessageHeader); | ||
605 | hdr->type = htons(GNUNET_MESSAGE_TYPE_DNS_HELPER); | ||
606 | hdr->size = htons(buftun_size); | ||
607 | } | ||
608 | } | ||
609 | else if (FD_ISSET(1, &fds_w)) | ||
610 | { | ||
611 | ssize_t written = write(1, buftun_read, buftun_size); | ||
612 | |||
613 | if (-1 == written) | ||
614 | { | ||
615 | if ((errno == EINTR) || | ||
616 | (errno == EAGAIN)) | ||
617 | continue; | ||
618 | fprintf(stderr, "write-error to stdout: %s\n", strerror(errno)); | ||
619 | return; | ||
620 | } | ||
621 | if (0 == written) | ||
622 | { | ||
623 | fprintf(stderr, "write returned 0\n"); | ||
624 | return; | ||
625 | } | ||
626 | buftun_size -= written; | ||
627 | buftun_read += written; | ||
628 | } | ||
629 | |||
630 | if (FD_ISSET(0, &fds_r)) | ||
631 | { | ||
632 | bufin_size = read(0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos); | ||
633 | if (-1 == bufin_size) | ||
634 | { | ||
635 | bufin_read = NULL; | ||
636 | if ((errno == EINTR) || | ||
637 | (errno == EAGAIN)) | ||
638 | continue; | ||
639 | fprintf(stderr, "read-error: %s\n", strerror(errno)); | ||
640 | return; | ||
641 | } | ||
642 | if (0 == bufin_size) | ||
643 | { | ||
644 | bufin_read = NULL; | ||
645 | fprintf(stderr, "EOF on stdin\n"); | ||
646 | return; | ||
647 | } | ||
648 | { | ||
649 | struct GNUNET_MessageHeader *hdr; | ||
650 | 651 | ||
651 | PROCESS_BUFFER: | 652 | PROCESS_BUFFER: |
652 | bufin_rpos += bufin_size; | 653 | bufin_rpos += bufin_size; |
653 | if (bufin_rpos < sizeof(struct GNUNET_MessageHeader)) | 654 | if (bufin_rpos < sizeof(struct GNUNET_MessageHeader)) |
654 | continue; | 655 | continue; |
655 | hdr = (struct GNUNET_MessageHeader *)bufin; | 656 | hdr = (struct GNUNET_MessageHeader *) bufin; |
656 | if (ntohs(hdr->type) != GNUNET_MESSAGE_TYPE_DNS_HELPER) | 657 | if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_DNS_HELPER) |
657 | { | 658 | { |
658 | fprintf(stderr, "protocol violation!\n"); | 659 | fprintf (stderr, "protocol violation!\n"); |
659 | return; | 660 | return; |
660 | } | 661 | } |
661 | if (ntohs(hdr->size) > bufin_rpos) | 662 | if (ntohs (hdr->size) > bufin_rpos) |
662 | continue; | 663 | continue; |
663 | bufin_read = bufin + sizeof(struct GNUNET_MessageHeader); | 664 | bufin_read = bufin + sizeof(struct GNUNET_MessageHeader); |
664 | bufin_size = ntohs(hdr->size) - sizeof(struct GNUNET_MessageHeader); | 665 | bufin_size = ntohs (hdr->size) - sizeof(struct GNUNET_MessageHeader); |
665 | bufin_rpos -= bufin_size + sizeof(struct GNUNET_MessageHeader); | 666 | bufin_rpos -= bufin_size + sizeof(struct GNUNET_MessageHeader); |
666 | } | ||
667 | } | ||
668 | else if (FD_ISSET(fd_tun, &fds_w)) | ||
669 | { | ||
670 | ssize_t written = write(fd_tun, bufin_read, bufin_size); | ||
671 | |||
672 | if (-1 == written) | ||
673 | { | ||
674 | if ((errno == EINTR) || | ||
675 | (errno == EAGAIN)) | ||
676 | continue; | ||
677 | fprintf(stderr, "write-error to tun: %s\n", strerror(errno)); | ||
678 | return; | ||
679 | } | ||
680 | if (0 == written) | ||
681 | { | ||
682 | fprintf(stderr, "write returned 0\n"); | ||
683 | return; | ||
684 | } | ||
685 | { | ||
686 | bufin_size -= written; | ||
687 | bufin_read += written; | ||
688 | if (0 == bufin_size) | ||
689 | { | ||
690 | memmove(bufin, bufin_read, bufin_rpos); | ||
691 | bufin_read = NULL; /* start reading again */ | ||
692 | bufin_size = 0; | ||
693 | goto PROCESS_BUFFER; | ||
694 | } | ||
695 | } | ||
696 | } | ||
697 | } | 667 | } |
668 | } | ||
669 | else if (FD_ISSET (fd_tun, &fds_w)) | ||
670 | { | ||
671 | ssize_t written = write (fd_tun, bufin_read, bufin_size); | ||
672 | |||
673 | if (-1 == written) | ||
674 | { | ||
675 | if ((errno == EINTR) || | ||
676 | (errno == EAGAIN)) | ||
677 | continue; | ||
678 | fprintf (stderr, "write-error to tun: %s\n", strerror (errno)); | ||
679 | return; | ||
680 | } | ||
681 | if (0 == written) | ||
682 | { | ||
683 | fprintf (stderr, "write returned 0\n"); | ||
684 | return; | ||
685 | } | ||
686 | { | ||
687 | bufin_size -= written; | ||
688 | bufin_read += written; | ||
689 | if (0 == bufin_size) | ||
690 | { | ||
691 | memmove (bufin, bufin_read, bufin_rpos); | ||
692 | bufin_read = NULL; /* start reading again */ | ||
693 | bufin_size = 0; | ||
694 | goto PROCESS_BUFFER; | ||
695 | } | ||
696 | } | ||
697 | } | ||
698 | } | 698 | } |
699 | } | ||
699 | } | 700 | } |
700 | 701 | ||
701 | 702 | ||
@@ -732,7 +733,7 @@ PROCESS_BUFFER: | |||
732 | * 255 failed to handle kill signal properly | 733 | * 255 failed to handle kill signal properly |
733 | */ | 734 | */ |
734 | int | 735 | int |
735 | main(int argc, char *const*argv) | 736 | main (int argc, char *const*argv) |
736 | { | 737 | { |
737 | int r; | 738 | int r; |
738 | char dev[IFNAMSIZ]; | 739 | char dev[IFNAMSIZ]; |
@@ -742,224 +743,225 @@ main(int argc, char *const*argv) | |||
742 | int nortsetup = 0; | 743 | int nortsetup = 0; |
743 | 744 | ||
744 | if (7 != argc) | 745 | if (7 != argc) |
745 | { | 746 | { |
746 | fprintf(stderr, "Fatal: must supply 6 arguments!\n"); | 747 | fprintf (stderr, "Fatal: must supply 6 arguments!\n"); |
747 | return 1; | 748 | return 1; |
748 | } | 749 | } |
749 | 750 | ||
750 | /* assert privs so we can modify the firewall rules! */ | 751 | /* assert privs so we can modify the firewall rules! */ |
751 | uid = getuid(); | 752 | uid = getuid (); |
752 | #ifdef HAVE_SETRESUID | 753 | #ifdef HAVE_SETRESUID |
753 | if (0 != setresuid(uid, 0, 0)) | 754 | if (0 != setresuid (uid, 0, 0)) |
754 | { | 755 | { |
755 | fprintf(stderr, "Failed to setresuid to root: %s\n", strerror(errno)); | 756 | fprintf (stderr, "Failed to setresuid to root: %s\n", strerror (errno)); |
756 | return 254; | 757 | return 254; |
757 | } | 758 | } |
758 | #else | 759 | #else |
759 | if (0 != seteuid(0)) | 760 | if (0 != seteuid (0)) |
760 | { | 761 | { |
761 | fprintf(stderr, "Failed to seteuid back to root: %s\n", strerror(errno)); | 762 | fprintf (stderr, "Failed to seteuid back to root: %s\n", strerror (errno)); |
762 | return 254; | 763 | return 254; |
763 | } | 764 | } |
764 | #endif | 765 | #endif |
765 | if (0 == strncmp(argv[6], "1", 2)) | 766 | if (0 == strncmp (argv[6], "1", 2)) |
766 | nortsetup = 1; | 767 | nortsetup = 1; |
767 | 768 | ||
768 | if (0 == nortsetup) | 769 | if (0 == nortsetup) |
769 | { | 770 | { |
770 | /* verify that the binaries we care about are executable */ | 771 | /* verify that the binaries we care about are executable */ |
771 | #ifdef IPTABLES | 772 | #ifdef IPTABLES |
772 | if (0 == access(IPTABLES, X_OK)) | 773 | if (0 == access (IPTABLES, X_OK)) |
773 | sbin_iptables = IPTABLES; | 774 | sbin_iptables = IPTABLES; |
774 | else | 775 | else |
775 | #endif | 776 | #endif |
776 | if (0 == access("/sbin/iptables", X_OK)) | 777 | if (0 == access ("/sbin/iptables", X_OK)) |
777 | sbin_iptables = "/sbin/iptables"; | 778 | sbin_iptables = "/sbin/iptables"; |
778 | else if (0 == access("/usr/sbin/iptables", X_OK)) | 779 | else if (0 == access ("/usr/sbin/iptables", X_OK)) |
779 | sbin_iptables = "/usr/sbin/iptables"; | 780 | sbin_iptables = "/usr/sbin/iptables"; |
780 | else | 781 | else |
781 | { | 782 | { |
782 | fprintf(stderr, | 783 | fprintf (stderr, |
783 | "Fatal: executable iptables not found in approved directories: %s\n", | 784 | "Fatal: executable iptables not found in approved directories: %s\n", |
784 | strerror(errno)); | 785 | strerror (errno)); |
785 | return 3; | 786 | return 3; |
786 | } | 787 | } |
787 | #ifdef IP6TABLES | 788 | #ifdef IP6TABLES |
788 | if (0 == access(IP6TABLES, X_OK)) | 789 | if (0 == access (IP6TABLES, X_OK)) |
789 | sbin_ip6tables = IP6TABLES; | 790 | sbin_ip6tables = IP6TABLES; |
790 | else | 791 | else |
791 | #endif | 792 | #endif |
792 | if (0 == access("/sbin/ip6tables", X_OK)) | 793 | if (0 == access ("/sbin/ip6tables", X_OK)) |
793 | sbin_ip6tables = "/sbin/ip6tables"; | 794 | sbin_ip6tables = "/sbin/ip6tables"; |
794 | else if (0 == access("/usr/sbin/ip6tables", X_OK)) | 795 | else if (0 == access ("/usr/sbin/ip6tables", X_OK)) |
795 | sbin_ip6tables = "/usr/sbin/ip6tables"; | 796 | sbin_ip6tables = "/usr/sbin/ip6tables"; |
796 | else | 797 | else |
797 | { | 798 | { |
798 | fprintf(stderr, | 799 | fprintf (stderr, |
799 | "Fatal: executable ip6tables not found in approved directories: %s\n", | 800 | "Fatal: executable ip6tables not found in approved directories: %s\n", |
800 | strerror(errno)); | 801 | strerror (errno)); |
801 | return 3; | 802 | return 3; |
802 | } | 803 | } |
803 | #ifdef PATH_TO_IP | 804 | #ifdef PATH_TO_IP |
804 | if (0 == access(PATH_TO_IP, X_OK)) | 805 | if (0 == access (PATH_TO_IP, X_OK)) |
805 | sbin_ip = PATH_TO_IP; | 806 | sbin_ip = PATH_TO_IP; |
806 | else | 807 | else |
807 | #endif | 808 | #endif |
808 | if (0 == access("/sbin/ip", X_OK)) | 809 | if (0 == access ("/sbin/ip", X_OK)) |
809 | sbin_ip = "/sbin/ip"; | 810 | sbin_ip = "/sbin/ip"; |
810 | else if (0 == access("/usr/sbin/ip", X_OK)) | 811 | else if (0 == access ("/usr/sbin/ip", X_OK)) |
811 | sbin_ip = "/usr/sbin/ip"; | 812 | sbin_ip = "/usr/sbin/ip"; |
812 | else if (0 == access("/bin/ip", X_OK)) /* gentoo has it there */ | 813 | else if (0 == access ("/bin/ip", X_OK)) /* gentoo has it there */ |
813 | sbin_ip = "/bin/ip"; | 814 | sbin_ip = "/bin/ip"; |
814 | else | 815 | else |
815 | { | 816 | { |
816 | fprintf(stderr, | 817 | fprintf (stderr, |
817 | "Fatal: executable ip not found in approved directories: %s\n", | 818 | "Fatal: executable ip not found in approved directories: %s\n", |
818 | strerror(errno)); | 819 | strerror (errno)); |
819 | return 4; | 820 | return 4; |
820 | } | 821 | } |
821 | #ifdef SYSCTL | 822 | #ifdef SYSCTL |
822 | if (0 == access(SYSCTL, X_OK)) | 823 | if (0 == access (SYSCTL, X_OK)) |
823 | sbin_sysctl = SYSCTL; | 824 | sbin_sysctl = SYSCTL; |
824 | else | 825 | else |
825 | #endif | 826 | #endif |
826 | if (0 == access("/sbin/sysctl", X_OK)) | 827 | if (0 == access ("/sbin/sysctl", X_OK)) |
827 | sbin_sysctl = "/sbin/sysctl"; | 828 | sbin_sysctl = "/sbin/sysctl"; |
828 | else if (0 == access("/usr/sbin/sysctl", X_OK)) | 829 | else if (0 == access ("/usr/sbin/sysctl", X_OK)) |
829 | sbin_sysctl = "/usr/sbin/sysctl"; | 830 | sbin_sysctl = "/usr/sbin/sysctl"; |
830 | else | 831 | else |
831 | { | 832 | { |
832 | fprintf(stderr, | 833 | fprintf (stderr, |
833 | "Fatal: executable sysctl not found in approved directories: %s\n", | 834 | "Fatal: executable sysctl not found in approved directories: %s\n", |
834 | strerror(errno)); | 835 | strerror (errno)); |
835 | return 5; | 836 | return 5; |
836 | } | ||
837 | } | 837 | } |
838 | } | ||
838 | 839 | ||
839 | /* setup 'mygid' string */ | 840 | /* setup 'mygid' string */ |
840 | snprintf(mygid, sizeof(mygid), "%d", (int)getegid()); | 841 | snprintf (mygid, sizeof(mygid), "%d", (int) getegid ()); |
841 | 842 | ||
842 | /* do not die on SIGPIPE */ | 843 | /* do not die on SIGPIPE */ |
843 | if (SIG_ERR == signal(SIGPIPE, SIG_IGN)) | 844 | if (SIG_ERR == signal (SIGPIPE, SIG_IGN)) |
844 | { | 845 | { |
845 | fprintf(stderr, "Failed to protect against SIGPIPE: %s\n", | 846 | fprintf (stderr, "Failed to protect against SIGPIPE: %s\n", |
846 | strerror(errno)); | 847 | strerror (errno)); |
847 | return 7; | 848 | return 7; |
848 | } | 849 | } |
849 | 850 | ||
850 | /* setup pipe to shutdown nicely on SIGINT */ | 851 | /* setup pipe to shutdown nicely on SIGINT */ |
851 | if (0 != pipe(cpipe)) | 852 | if (0 != pipe (cpipe)) |
852 | { | 853 | { |
853 | fprintf(stderr, | 854 | fprintf (stderr, |
854 | "Fatal: could not setup control pipe: %s\n", | 855 | "Fatal: could not setup control pipe: %s\n", |
855 | strerror(errno)); | 856 | strerror (errno)); |
856 | return 6; | 857 | return 6; |
857 | } | 858 | } |
858 | if (cpipe[0] >= FD_SETSIZE) | 859 | if (cpipe[0] >= FD_SETSIZE) |
859 | { | 860 | { |
860 | fprintf(stderr, "Pipe file descriptor to large: %d", cpipe[0]); | 861 | fprintf (stderr, "Pipe file descriptor to large: %d", cpipe[0]); |
861 | (void)close(cpipe[0]); | 862 | (void) close (cpipe[0]); |
862 | (void)close(cpipe[1]); | 863 | (void) close (cpipe[1]); |
863 | return 6; | 864 | return 6; |
864 | } | 865 | } |
865 | { | 866 | { |
866 | /* make pipe non-blocking, as we theoretically could otherwise block | 867 | /* make pipe non-blocking, as we theoretically could otherwise block |
867 | in the signal handler */ | 868 | in the signal handler */ |
868 | int flags = fcntl(cpipe[1], F_GETFL); | 869 | int flags = fcntl (cpipe[1], F_GETFL); |
869 | if (-1 == flags) | 870 | if (-1 == flags) |
870 | { | 871 | { |
871 | fprintf(stderr, "Failed to read flags for pipe: %s", strerror(errno)); | 872 | fprintf (stderr, "Failed to read flags for pipe: %s", strerror (errno)); |
872 | (void)close(cpipe[0]); | 873 | (void) close (cpipe[0]); |
873 | (void)close(cpipe[1]); | 874 | (void) close (cpipe[1]); |
874 | return 6; | 875 | return 6; |
875 | } | 876 | } |
876 | flags |= O_NONBLOCK; | 877 | flags |= O_NONBLOCK; |
877 | if (0 != fcntl(cpipe[1], F_SETFL, flags)) | 878 | if (0 != fcntl (cpipe[1], F_SETFL, flags)) |
878 | { | 879 | { |
879 | fprintf(stderr, "Failed to make pipe non-blocking: %s", strerror(errno)); | 880 | fprintf (stderr, "Failed to make pipe non-blocking: %s", strerror ( |
880 | (void)close(cpipe[0]); | 881 | errno)); |
881 | (void)close(cpipe[1]); | 882 | (void) close (cpipe[0]); |
882 | return 6; | 883 | (void) close (cpipe[1]); |
883 | } | 884 | return 6; |
885 | } | ||
884 | } | 886 | } |
885 | if ((SIG_ERR == signal(SIGTERM, &signal_handler)) || | 887 | if ((SIG_ERR == signal (SIGTERM, &signal_handler)) || |
886 | #if (SIGTERM != GNUNET_TERM_SIG) | 888 | #if (SIGTERM != GNUNET_TERM_SIG) |
887 | (SIG_ERR == signal(GNUNET_TERM_SIG, &signal_handler)) || | 889 | (SIG_ERR == signal (GNUNET_TERM_SIG, &signal_handler)) || |
888 | #endif | 890 | #endif |
889 | (SIG_ERR == signal(SIGINT, &signal_handler)) || | 891 | (SIG_ERR == signal (SIGINT, &signal_handler)) || |
890 | (SIG_ERR == signal(SIGHUP, &signal_handler))) | 892 | (SIG_ERR == signal (SIGHUP, &signal_handler))) |
891 | { | 893 | { |
892 | fprintf(stderr, | 894 | fprintf (stderr, |
893 | "Fatal: could not initialize signal handler: %s\n", | 895 | "Fatal: could not initialize signal handler: %s\n", |
894 | strerror(errno)); | 896 | strerror (errno)); |
895 | (void)close(cpipe[0]); | 897 | (void) close (cpipe[0]); |
896 | (void)close(cpipe[1]); | 898 | (void) close (cpipe[1]); |
897 | return 7; | 899 | return 7; |
898 | } | 900 | } |
899 | 901 | ||
900 | 902 | ||
901 | /* get interface name */ | 903 | /* get interface name */ |
902 | strncpy(dev, argv[1], IFNAMSIZ); | 904 | strncpy (dev, argv[1], IFNAMSIZ); |
903 | dev[IFNAMSIZ - 1] = '\0'; | 905 | dev[IFNAMSIZ - 1] = '\0'; |
904 | 906 | ||
905 | /* Disable rp filtering */ | 907 | /* Disable rp filtering */ |
906 | if (0 == nortsetup) | 908 | if (0 == nortsetup) |
909 | { | ||
910 | char *const sysctl_args[] = { "sysctl", "-w", | ||
911 | "net.ipv4.conf.all.rp_filter=0", NULL }; | ||
912 | char *const sysctl_args2[] = { "sysctl", "-w", | ||
913 | "net.ipv4.conf.default.rp_filter=0", NULL }; | ||
914 | if ((0 != fork_and_exec (sbin_sysctl, sysctl_args)) || | ||
915 | (0 != fork_and_exec (sbin_sysctl, sysctl_args2))) | ||
907 | { | 916 | { |
908 | char *const sysctl_args[] = { "sysctl", "-w", | 917 | fprintf (stderr, |
909 | "net.ipv4.conf.all.rp_filter=0", NULL }; | 918 | "Failed to disable rp filtering.\n"); |
910 | char *const sysctl_args2[] = { "sysctl", "-w", | 919 | return 5; |
911 | "net.ipv4.conf.default.rp_filter=0", NULL }; | ||
912 | if ((0 != fork_and_exec(sbin_sysctl, sysctl_args)) || | ||
913 | (0 != fork_and_exec(sbin_sysctl, sysctl_args2))) | ||
914 | { | ||
915 | fprintf(stderr, | ||
916 | "Failed to disable rp filtering.\n"); | ||
917 | return 5; | ||
918 | } | ||
919 | } | 920 | } |
921 | } | ||
920 | 922 | ||
921 | 923 | ||
922 | /* now open virtual interface (first part that requires root) */ | 924 | /* now open virtual interface (first part that requires root) */ |
923 | if (-1 == (fd_tun = init_tun(dev))) | 925 | if (-1 == (fd_tun = init_tun (dev))) |
924 | { | 926 | { |
925 | fprintf(stderr, "Fatal: could not initialize tun-interface\n"); | 927 | fprintf (stderr, "Fatal: could not initialize tun-interface\n"); |
926 | (void)signal(SIGTERM, SIG_IGN); | 928 | (void) signal (SIGTERM, SIG_IGN); |
927 | #if (SIGTERM != GNUNET_TERM_SIG) | 929 | #if (SIGTERM != GNUNET_TERM_SIG) |
928 | (void)signal(GNUNET_TERM_SIG, SIG_IGN); | 930 | (void) signal (GNUNET_TERM_SIG, SIG_IGN); |
929 | #endif | 931 | #endif |
930 | (void)signal(SIGINT, SIG_IGN); | 932 | (void) signal (SIGINT, SIG_IGN); |
931 | (void)signal(SIGHUP, SIG_IGN); | 933 | (void) signal (SIGHUP, SIG_IGN); |
932 | (void)close(cpipe[0]); | 934 | (void) close (cpipe[0]); |
933 | (void)close(cpipe[1]); | 935 | (void) close (cpipe[1]); |
934 | return 5; | 936 | return 5; |
935 | } | 937 | } |
936 | 938 | ||
937 | /* now set interface addresses */ | 939 | /* now set interface addresses */ |
938 | { | 940 | { |
939 | const char *address = argv[2]; | 941 | const char *address = argv[2]; |
940 | long prefix_len = atol(argv[3]); | 942 | long prefix_len = atol (argv[3]); |
941 | 943 | ||
942 | if ((prefix_len < 1) || (prefix_len > 127)) | 944 | if ((prefix_len < 1) || (prefix_len > 127)) |
943 | { | 945 | { |
944 | fprintf(stderr, "Fatal: prefix_len out of range\n"); | 946 | fprintf (stderr, "Fatal: prefix_len out of range\n"); |
945 | (void)signal(SIGTERM, SIG_IGN); | 947 | (void) signal (SIGTERM, SIG_IGN); |
946 | #if (SIGTERM != GNUNET_TERM_SIG) | 948 | #if (SIGTERM != GNUNET_TERM_SIG) |
947 | (void)signal(GNUNET_TERM_SIG, SIG_IGN); | 949 | (void) signal (GNUNET_TERM_SIG, SIG_IGN); |
948 | #endif | 950 | #endif |
949 | (void)signal(SIGINT, SIG_IGN); | 951 | (void) signal (SIGINT, SIG_IGN); |
950 | (void)signal(SIGHUP, SIG_IGN); | 952 | (void) signal (SIGHUP, SIG_IGN); |
951 | (void)close(cpipe[0]); | 953 | (void) close (cpipe[0]); |
952 | (void)close(cpipe[1]); | 954 | (void) close (cpipe[1]); |
953 | return 2; | 955 | return 2; |
954 | } | 956 | } |
955 | set_address6(dev, address, prefix_len); | 957 | set_address6 (dev, address, prefix_len); |
956 | } | 958 | } |
957 | 959 | ||
958 | { | 960 | { |
959 | const char *address = argv[4]; | 961 | const char *address = argv[4]; |
960 | const char *mask = argv[5]; | 962 | const char *mask = argv[5]; |
961 | 963 | ||
962 | set_address4(dev, address, mask); | 964 | set_address4 (dev, address, mask); |
963 | } | 965 | } |
964 | 966 | ||
965 | 967 | ||
@@ -968,237 +970,222 @@ main(int argc, char *const*argv) | |||
968 | by the 'gnunet-service-dns') and with destination | 970 | by the 'gnunet-service-dns') and with destination |
969 | to port 53 on UDP, without hijacking */ | 971 | to port 53 on UDP, without hijacking */ |
970 | if (0 == nortsetup) | 972 | if (0 == nortsetup) |
973 | { | ||
974 | r = 8; /* failed to fully setup routing table */ | ||
971 | { | 975 | { |
972 | r = 8; /* failed to fully setup routing table */ | 976 | char *const mangle_args[] = { |
973 | { | 977 | "iptables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p", |
974 | char *const mangle_args[] = | 978 | "udp", "--gid-owner", mygid, "--dport", DNS_PORT, "-j", |
975 | { | 979 | "ACCEPT", NULL |
976 | "iptables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p", | 980 | }; |
977 | "udp", "--gid-owner", mygid, "--dport", DNS_PORT, "-j", | 981 | if (0 != fork_and_exec (sbin_iptables, mangle_args)) |
978 | "ACCEPT", NULL | 982 | goto cleanup_rest; |
979 | }; | ||
980 | if (0 != fork_and_exec(sbin_iptables, mangle_args)) | ||
981 | goto cleanup_rest; | ||
982 | } | ||
983 | { | ||
984 | char *const mangle_args[] = | ||
985 | { | ||
986 | "ip6tables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p", | ||
987 | "udp", "--gid-owner", mygid, "--dport", DNS_PORT, "-j", | ||
988 | "ACCEPT", NULL | ||
989 | }; | ||
990 | if (0 != fork_and_exec(sbin_ip6tables, mangle_args)) | ||
991 | goto cleanup_mangle_1b; | ||
992 | } | ||
993 | /* Mark all of the other DNS traffic using our mark DNS_MARK, | ||
994 | unless it is on a link-local IPv6 address, which we cannot support. */ | ||
995 | { | ||
996 | char *const mark_args[] = | ||
997 | { | ||
998 | "iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p", | ||
999 | "udp", "--dport", DNS_PORT, | ||
1000 | "-j", "MARK", "--set-mark", DNS_MARK, | ||
1001 | NULL | ||
1002 | }; | ||
1003 | if (0 != fork_and_exec(sbin_iptables, mark_args)) | ||
1004 | goto cleanup_mangle_1; | ||
1005 | } | ||
1006 | { | ||
1007 | char *const mark_args[] = | ||
1008 | { | ||
1009 | "ip6tables", "-t", "mangle", "-I", "OUTPUT", "2", "-p", | ||
1010 | "udp", "--dport", DNS_PORT, | ||
1011 | "!", "-s", "fe80::/10", /* this line excludes link-local traffic */ | ||
1012 | "-j", "MARK", "--set-mark", DNS_MARK, | ||
1013 | NULL | ||
1014 | }; | ||
1015 | if (0 != fork_and_exec(sbin_ip6tables, mark_args)) | ||
1016 | goto cleanup_mark_2b; | ||
1017 | } | ||
1018 | /* Forward all marked DNS traffic to our DNS_TABLE */ | ||
1019 | { | ||
1020 | char *const forward_args[] = | ||
1021 | { | ||
1022 | "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | ||
1023 | }; | ||
1024 | if (0 != fork_and_exec(sbin_ip, forward_args)) | ||
1025 | goto cleanup_mark_2; | ||
1026 | } | ||
1027 | { | ||
1028 | char *const forward_args[] = | ||
1029 | { | ||
1030 | "ip", "-6", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | ||
1031 | }; | ||
1032 | if (0 != fork_and_exec(sbin_ip, forward_args)) | ||
1033 | goto cleanup_forward_3b; | ||
1034 | } | ||
1035 | /* Finally, add rule in our forwarding table to pass to our virtual interface */ | ||
1036 | { | ||
1037 | char *const route_args[] = | ||
1038 | { | ||
1039 | "ip", "route", "add", "default", "dev", dev, | ||
1040 | "table", DNS_TABLE, NULL | ||
1041 | }; | ||
1042 | if (0 != fork_and_exec(sbin_ip, route_args)) | ||
1043 | goto cleanup_forward_3; | ||
1044 | } | ||
1045 | { | ||
1046 | char *const route_args[] = | ||
1047 | { | ||
1048 | "ip", "-6", "route", "add", "default", "dev", dev, | ||
1049 | "table", DNS_TABLE, NULL | ||
1050 | }; | ||
1051 | if (0 != fork_and_exec(sbin_ip, route_args)) | ||
1052 | goto cleanup_route_4b; | ||
1053 | } | ||
1054 | } | 983 | } |
984 | { | ||
985 | char *const mangle_args[] = { | ||
986 | "ip6tables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p", | ||
987 | "udp", "--gid-owner", mygid, "--dport", DNS_PORT, "-j", | ||
988 | "ACCEPT", NULL | ||
989 | }; | ||
990 | if (0 != fork_and_exec (sbin_ip6tables, mangle_args)) | ||
991 | goto cleanup_mangle_1b; | ||
992 | } | ||
993 | /* Mark all of the other DNS traffic using our mark DNS_MARK, | ||
994 | unless it is on a link-local IPv6 address, which we cannot support. */ | ||
995 | { | ||
996 | char *const mark_args[] = { | ||
997 | "iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p", | ||
998 | "udp", "--dport", DNS_PORT, | ||
999 | "-j", "MARK", "--set-mark", DNS_MARK, | ||
1000 | NULL | ||
1001 | }; | ||
1002 | if (0 != fork_and_exec (sbin_iptables, mark_args)) | ||
1003 | goto cleanup_mangle_1; | ||
1004 | } | ||
1005 | { | ||
1006 | char *const mark_args[] = { | ||
1007 | "ip6tables", "-t", "mangle", "-I", "OUTPUT", "2", "-p", | ||
1008 | "udp", "--dport", DNS_PORT, | ||
1009 | "!", "-s", "fe80::/10", /* this line excludes link-local traffic */ | ||
1010 | "-j", "MARK", "--set-mark", DNS_MARK, | ||
1011 | NULL | ||
1012 | }; | ||
1013 | if (0 != fork_and_exec (sbin_ip6tables, mark_args)) | ||
1014 | goto cleanup_mark_2b; | ||
1015 | } | ||
1016 | /* Forward all marked DNS traffic to our DNS_TABLE */ | ||
1017 | { | ||
1018 | char *const forward_args[] = { | ||
1019 | "ip", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | ||
1020 | }; | ||
1021 | if (0 != fork_and_exec (sbin_ip, forward_args)) | ||
1022 | goto cleanup_mark_2; | ||
1023 | } | ||
1024 | { | ||
1025 | char *const forward_args[] = { | ||
1026 | "ip", "-6", "rule", "add", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | ||
1027 | }; | ||
1028 | if (0 != fork_and_exec (sbin_ip, forward_args)) | ||
1029 | goto cleanup_forward_3b; | ||
1030 | } | ||
1031 | /* Finally, add rule in our forwarding table to pass to our virtual interface */ | ||
1032 | { | ||
1033 | char *const route_args[] = { | ||
1034 | "ip", "route", "add", "default", "dev", dev, | ||
1035 | "table", DNS_TABLE, NULL | ||
1036 | }; | ||
1037 | if (0 != fork_and_exec (sbin_ip, route_args)) | ||
1038 | goto cleanup_forward_3; | ||
1039 | } | ||
1040 | { | ||
1041 | char *const route_args[] = { | ||
1042 | "ip", "-6", "route", "add", "default", "dev", dev, | ||
1043 | "table", DNS_TABLE, NULL | ||
1044 | }; | ||
1045 | if (0 != fork_and_exec (sbin_ip, route_args)) | ||
1046 | goto cleanup_route_4b; | ||
1047 | } | ||
1048 | } | ||
1055 | 1049 | ||
1056 | /* drop privs *except* for the saved UID; this is not perfect, but better | 1050 | /* drop privs *except* for the saved UID; this is not perfect, but better |
1057 | than doing nothing */ | 1051 | than doing nothing */ |
1058 | #ifdef HAVE_SETRESUID | 1052 | #ifdef HAVE_SETRESUID |
1059 | if (0 != setresuid(uid, uid, 0)) | 1053 | if (0 != setresuid (uid, uid, 0)) |
1060 | { | 1054 | { |
1061 | fprintf(stderr, "Failed to setresuid: %s\n", strerror(errno)); | 1055 | fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno)); |
1062 | r = 24; | 1056 | r = 24; |
1063 | goto cleanup_route_4; | 1057 | goto cleanup_route_4; |
1064 | } | 1058 | } |
1065 | #else | 1059 | #else |
1066 | /* Note: no 'setuid' here as we must keep our saved UID as root */ | 1060 | /* Note: no 'setuid' here as we must keep our saved UID as root */ |
1067 | if (0 != seteuid(uid)) | 1061 | if (0 != seteuid (uid)) |
1068 | { | 1062 | { |
1069 | fprintf(stderr, "Failed to seteuid: %s\n", strerror(errno)); | 1063 | fprintf (stderr, "Failed to seteuid: %s\n", strerror (errno)); |
1070 | r = 24; | 1064 | r = 24; |
1071 | goto cleanup_route_4; | 1065 | goto cleanup_route_4; |
1072 | } | 1066 | } |
1073 | #endif | 1067 | #endif |
1074 | 1068 | ||
1075 | r = 0; /* did fully setup routing table (if nothing else happens, we were successful!) */ | 1069 | r = 0; /* did fully setup routing table (if nothing else happens, we were successful!) */ |
1076 | 1070 | ||
1077 | /* now forward until we hit a problem */ | 1071 | /* now forward until we hit a problem */ |
1078 | run(fd_tun); | 1072 | run (fd_tun); |
1079 | 1073 | ||
1080 | /* now need to regain privs so we can remove the firewall rules we added! */ | 1074 | /* now need to regain privs so we can remove the firewall rules we added! */ |
1081 | #ifdef HAVE_SETRESUID | 1075 | #ifdef HAVE_SETRESUID |
1082 | if (0 != setresuid(uid, 0, 0)) | 1076 | if (0 != setresuid (uid, 0, 0)) |
1083 | { | 1077 | { |
1084 | fprintf(stderr, "Failed to setresuid back to root: %s\n", strerror(errno)); | 1078 | fprintf (stderr, "Failed to setresuid back to root: %s\n", strerror ( |
1085 | r = 40; | 1079 | errno)); |
1086 | goto cleanup_route_4; | 1080 | r = 40; |
1087 | } | 1081 | goto cleanup_route_4; |
1082 | } | ||
1088 | #else | 1083 | #else |
1089 | if (0 != seteuid(0)) | 1084 | if (0 != seteuid (0)) |
1090 | { | 1085 | { |
1091 | fprintf(stderr, "Failed to seteuid back to root: %s\n", strerror(errno)); | 1086 | fprintf (stderr, "Failed to seteuid back to root: %s\n", strerror (errno)); |
1092 | r = 40; | 1087 | r = 40; |
1093 | goto cleanup_route_4; | 1088 | goto cleanup_route_4; |
1094 | } | 1089 | } |
1095 | #endif | 1090 | #endif |
1096 | 1091 | ||
1097 | /* update routing tables again -- this is why we could not fully drop privs */ | 1092 | /* update routing tables again -- this is why we could not fully drop privs */ |
1098 | /* now undo updating of routing tables; normal exit or clean-up-on-error case */ | 1093 | /* now undo updating of routing tables; normal exit or clean-up-on-error case */ |
1099 | cleanup_route_4: | 1094 | cleanup_route_4: |
1100 | if (0 == nortsetup) | 1095 | if (0 == nortsetup) |
1101 | { | 1096 | { |
1102 | char *const route_clean_args[] = | 1097 | char *const route_clean_args[] = { |
1103 | { | 1098 | "ip", "-6", "route", "del", "default", "dev", dev, |
1104 | "ip", "-6", "route", "del", "default", "dev", dev, | 1099 | "table", DNS_TABLE, NULL |
1105 | "table", DNS_TABLE, NULL | 1100 | }; |
1106 | }; | 1101 | if (0 != fork_and_exec (sbin_ip, route_clean_args)) |
1107 | if (0 != fork_and_exec(sbin_ip, route_clean_args)) | 1102 | r += 1; |
1108 | r += 1; | 1103 | } |
1109 | } | ||
1110 | cleanup_route_4b: | 1104 | cleanup_route_4b: |
1111 | if (0 == nortsetup) | 1105 | if (0 == nortsetup) |
1112 | { | 1106 | { |
1113 | char *const route_clean_args[] = | 1107 | char *const route_clean_args[] = { |
1114 | { | 1108 | "ip", "route", "del", "default", "dev", dev, |
1115 | "ip", "route", "del", "default", "dev", dev, | 1109 | "table", DNS_TABLE, NULL |
1116 | "table", DNS_TABLE, NULL | 1110 | }; |
1117 | }; | 1111 | if (0 != fork_and_exec (sbin_ip, route_clean_args)) |
1118 | if (0 != fork_and_exec(sbin_ip, route_clean_args)) | 1112 | r += 1; |
1119 | r += 1; | 1113 | } |
1120 | } | ||
1121 | cleanup_forward_3: | 1114 | cleanup_forward_3: |
1122 | if (0 == nortsetup) | 1115 | if (0 == nortsetup) |
1123 | { | 1116 | { |
1124 | char *const forward_clean_args[] = | 1117 | char *const forward_clean_args[] = { |
1125 | { | 1118 | "ip", "-6", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL |
1126 | "ip", "-6", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | 1119 | }; |
1127 | }; | 1120 | if (0 != fork_and_exec (sbin_ip, forward_clean_args)) |
1128 | if (0 != fork_and_exec(sbin_ip, forward_clean_args)) | 1121 | r += 2; |
1129 | r += 2; | 1122 | } |
1130 | } | ||
1131 | cleanup_forward_3b: | 1123 | cleanup_forward_3b: |
1132 | if (0 == nortsetup) | 1124 | if (0 == nortsetup) |
1133 | { | 1125 | { |
1134 | char *const forward_clean_args[] = | 1126 | char *const forward_clean_args[] = { |
1135 | { | 1127 | "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL |
1136 | "ip", "rule", "del", "fwmark", DNS_MARK, "table", DNS_TABLE, NULL | 1128 | }; |
1137 | }; | 1129 | if (0 != fork_and_exec (sbin_ip, forward_clean_args)) |
1138 | if (0 != fork_and_exec(sbin_ip, forward_clean_args)) | 1130 | r += 2; |
1139 | r += 2; | 1131 | } |
1140 | } | ||
1141 | cleanup_mark_2: | 1132 | cleanup_mark_2: |
1142 | if (0 == nortsetup) | 1133 | if (0 == nortsetup) |
1143 | { | 1134 | { |
1144 | char *const mark_clean_args[] = | 1135 | char *const mark_clean_args[] = { |
1145 | { | 1136 | "ip6tables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", |
1146 | "ip6tables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", | 1137 | "--dport", DNS_PORT, |
1147 | "--dport", DNS_PORT, | 1138 | "!", "-s", "fe80::/10", /* this line excludes link-local traffic */ |
1148 | "!", "-s", "fe80::/10", /* this line excludes link-local traffic */ | 1139 | "-j", "MARK", "--set-mark", DNS_MARK, NULL |
1149 | "-j", "MARK", "--set-mark", DNS_MARK, NULL | 1140 | }; |
1150 | }; | 1141 | if (0 != fork_and_exec (sbin_ip6tables, mark_clean_args)) |
1151 | if (0 != fork_and_exec(sbin_ip6tables, mark_clean_args)) | 1142 | r += 4; |
1152 | r += 4; | 1143 | } |
1153 | } | ||
1154 | cleanup_mark_2b: | 1144 | cleanup_mark_2b: |
1155 | if (0 == nortsetup) | 1145 | if (0 == nortsetup) |
1156 | { | 1146 | { |
1157 | char *const mark_clean_args[] = | 1147 | char *const mark_clean_args[] = { |
1158 | { | 1148 | "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", |
1159 | "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", | 1149 | "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL |
1160 | "--dport", DNS_PORT, "-j", "MARK", "--set-mark", DNS_MARK, NULL | 1150 | }; |
1161 | }; | 1151 | if (0 != fork_and_exec (sbin_iptables, mark_clean_args)) |
1162 | if (0 != fork_and_exec(sbin_iptables, mark_clean_args)) | 1152 | r += 4; |
1163 | r += 4; | 1153 | } |
1164 | } | ||
1165 | cleanup_mangle_1: | 1154 | cleanup_mangle_1: |
1166 | if (0 == nortsetup) | 1155 | if (0 == nortsetup) |
1167 | { | 1156 | { |
1168 | char *const mangle_clean_args[] = | 1157 | char *const mangle_clean_args[] = { |
1169 | { | 1158 | "ip6tables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", |
1170 | "ip6tables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", | 1159 | "--gid-owner", mygid, "--dport", DNS_PORT, "-j", "ACCEPT", |
1171 | "--gid-owner", mygid, "--dport", DNS_PORT, "-j", "ACCEPT", | 1160 | NULL |
1172 | NULL | 1161 | }; |
1173 | }; | 1162 | if (0 != fork_and_exec (sbin_ip6tables, mangle_clean_args)) |
1174 | if (0 != fork_and_exec(sbin_ip6tables, mangle_clean_args)) | 1163 | r += 8; |
1175 | r += 8; | 1164 | } |
1176 | } | ||
1177 | cleanup_mangle_1b: | 1165 | cleanup_mangle_1b: |
1178 | if (0 == nortsetup) | 1166 | if (0 == nortsetup) |
1179 | { | 1167 | { |
1180 | char *const mangle_clean_args[] = | 1168 | char *const mangle_clean_args[] = { |
1181 | { | 1169 | "iptables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", |
1182 | "iptables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", | 1170 | "--gid-owner", mygid, "--dport", DNS_PORT, "-j", "ACCEPT", |
1183 | "--gid-owner", mygid, "--dport", DNS_PORT, "-j", "ACCEPT", | 1171 | NULL |
1184 | NULL | 1172 | }; |
1185 | }; | 1173 | if (0 != fork_and_exec (sbin_iptables, mangle_clean_args)) |
1186 | if (0 != fork_and_exec(sbin_iptables, mangle_clean_args)) | 1174 | r += 8; |
1187 | r += 8; | 1175 | } |
1188 | } | ||
1189 | 1176 | ||
1190 | cleanup_rest: | 1177 | cleanup_rest: |
1191 | /* close virtual interface */ | 1178 | /* close virtual interface */ |
1192 | (void)close(fd_tun); | 1179 | (void) close (fd_tun); |
1193 | /* remove signal handler so we can close the pipes */ | 1180 | /* remove signal handler so we can close the pipes */ |
1194 | (void)signal(SIGTERM, SIG_IGN); | 1181 | (void) signal (SIGTERM, SIG_IGN); |
1195 | #if (SIGTERM != GNUNET_TERM_SIG) | 1182 | #if (SIGTERM != GNUNET_TERM_SIG) |
1196 | (void)signal(GNUNET_TERM_SIG, SIG_IGN); | 1183 | (void) signal (GNUNET_TERM_SIG, SIG_IGN); |
1197 | #endif | 1184 | #endif |
1198 | (void)signal(SIGINT, SIG_IGN); | 1185 | (void) signal (SIGINT, SIG_IGN); |
1199 | (void)signal(SIGHUP, SIG_IGN); | 1186 | (void) signal (SIGHUP, SIG_IGN); |
1200 | (void)close(cpipe[0]); | 1187 | (void) close (cpipe[0]); |
1201 | (void)close(cpipe[1]); | 1188 | (void) close (cpipe[1]); |
1202 | return r; | 1189 | return r; |
1203 | } | 1190 | } |
1204 | 1191 | ||