1 files changed, 0 insertions, 707 deletions
diff --git a/src/vpn/gnunet-helper-vpn.c b/src/vpn/gnunet-helper-vpn.c
deleted file mode 100644
index 7686d51d5..000000000
--- a/src/vpn/gnunet-helper-vpn.c
+++ /dev/null
@@ -1,707 +0,0 @@
-/*
-     This file is part of GNUnet.
-     Copyright (C) 2010, 2012 Christian Grothoff
-     GNUnet is free software: you can redistribute it and/or modify it
-     under the terms of the GNU Affero General Public License as published
-     by the Free Software Foundation, either version 3 of the License,
-     or (at your option) any later version.
-     GNUnet is distributed in the hope that it will be useful, but
-     WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-     Affero General Public License for more details.
-     You should have received a copy of the GNU Affero General Public License
-     along with this program.  If not, see <http://www.gnu.org/licenses/>.
-     SPDX-License-Identifier: AGPL3.0-or-later
- */
-/**
- * @file vpn/gnunet-helper-vpn.c
- * @brief the helper for the VPN service. Opens a virtual network-interface,
- * sends data received on the if to stdout, sends data received on stdin to the
- * interface
- * @author Philipp Tölke
- * @author Christian Grothoff
- *
- * The following list of people have reviewed this code and considered
- * it safe since the last modification (if you reviewed it, please
- * have your name added to the list):
- *
- * - Philipp Tölke
- */
-#include "platform.h"
-#ifdef IF_TUN_HDR
-#include IF_TUN_HDR
-#endif
-/**
- * Need 'struct GNUNET_MessageHeader'.
- */
-#include "gnunet_crypto_lib.h"
-#include "gnunet_common.h"
-/**
- * Need VPN message types.
- */
-#include "gnunet_protocols.h"
-/**
- * Should we print (interesting|debug) messages that can happen during
- * normal operation?
- */
-#define DEBUG GNUNET_NO
-/**
- * Maximum size of a GNUnet message (GNUNET_MAX_MESSAGE_SIZE)
- */
-#define MAX_SIZE 65536
-#if ! defined(__ANDROID__)
-#ifndef _LINUX_IN6_H
-/**
- * This is in linux/include/net/ipv6.h, but not always exported...
- */
-struct in6_ifreq
-{
-  struct in6_addr ifr6_addr;
-  uint32_t ifr6_prefixlen;
-  unsigned int ifr6_ifindex;
-};
-#endif
-#endif
-/**
- * Creates a tun-interface called dev;
- *
- * @param dev is assumed to point to a char[IFNAMSIZ]
- *        if *dev == '\\0', uses the name supplied by the kernel;
- * @return the fd to the tun or -1 on error
- */
-static int
-init_tun (char *dev)
-{
-  struct ifreq ifr;
-  int fd;
-  if (NULL == dev)
-  {
-    errno = EINVAL;
-    return -1;
-  }
-  if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
-  {
-    fprintf (stderr,
-             "Error opening `%s': %s\n",
-             "/dev/net/tun",
-             strerror (errno));
-    return -1;
-  }
-  if (fd >= FD_SETSIZE)
-  {
-    fprintf (stderr,
-             "File descriptor to large: %d",
-             fd);
-    (void) close (fd);
-    return -1;
-  }
-  memset (&ifr, 0, sizeof(ifr));
-  ifr.ifr_flags = IFF_TUN;
-  if ('\0' != *dev)
-    strncpy (ifr.ifr_name,
-             dev,
-             IFNAMSIZ);
-  if (-1 == ioctl (fd,
-                   TUNSETIFF,
-                   (void *) &ifr))
-  {
-    fprintf (stderr,
-             "Error with ioctl on `%s': %s\n",
-             "/dev/net/tun",
-             strerror (errno));
-    (void) close (fd);
-    return -1;
-  }
-  strcpy (dev, ifr.ifr_name);
-  return fd;
-}
-/**
- * @brief Sets the IPv6-Address given in address on the interface dev
- *
- * @param dev the interface to configure
- * @param address the IPv6-Address
- * @param prefix_len the length of the network-prefix
- */
-static void
-set_address6 (const char *dev,
-              const char *address,
-              unsigned long prefix_len)
-{
-  struct ifreq ifr;
-  struct in6_ifreq ifr6;
-  struct sockaddr_in6 sa6;
-  int fd;
-  /*
-   * parse the new address
-   */
-  memset (&sa6, 0, sizeof(struct sockaddr_in6));
-  sa6.sin6_family = AF_INET6;
-  if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
-  {
-    fprintf (stderr,
-             "Failed to parse IPv6 address `%s'\n",
-             address);
-    exit (1);
-  }
-  if (-1 == (fd = socket (PF_INET6, SOCK_DGRAM, 0)))
-  {
-    fprintf (stderr,
-             "Error creating socket: %s\n",
-             strerror (errno));
-    exit (1);
-  }
-  memset (&ifr, 0, sizeof(struct ifreq));
-  /*
-   * Get the index of the if
-   */
-  strncpy (ifr.ifr_name,
-           dev,
-           IFNAMSIZ);
-  if (-1 == ioctl (fd,
-                   SIOGIFINDEX,
-                   &ifr))
-  {
-    fprintf (stderr,
-             "ioctl failed at %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    (void) close (fd);
-    exit (1);
-  }
-  memset (&ifr6, 0, sizeof(struct in6_ifreq));
-  ifr6.ifr6_addr = sa6.sin6_addr;
-  ifr6.ifr6_ifindex = ifr.ifr_ifindex;
-  ifr6.ifr6_prefixlen = prefix_len;
-  /*
-   * Set the address
-   */
-  if (-1 == ioctl (fd,
-                   SIOCSIFADDR,
-                   &ifr6))
-  {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    (void) close (fd);
-    exit (1);
-  }
-  /*
-   * Get the flags
-   */
-  if (-1 == ioctl (fd,
-                   SIOCGIFFLAGS,
-                   &ifr))
-  {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    (void) close (fd);
-    exit (1);
-  }
-  /*
-   * Add the UP and RUNNING flags
-   */
-  ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
-  if (-1 == ioctl (fd,
-                   SIOCSIFFLAGS,
-                   &ifr))
-  {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    (void) close (fd);
-    exit (1);
-  }
-  if (0 != close (fd))
-  {
-    fprintf (stderr,
-             "close failed at line %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    exit (1);
-  }
-}
-/**
- * @brief Sets the IPv4-Address given in address on the interface dev
- *
- * @param dev the interface to configure
- * @param address the IPv4-Address
- * @param mask the netmask
- */
-static void
-set_address4 (const char *dev,
-              const char *address,
-              const char *mask)
-{
-  int fd;
-  struct sockaddr_in *addr;
-  struct ifreq ifr;
-  memset (&ifr, 0, sizeof(struct ifreq));
-  addr = (struct sockaddr_in *) &(ifr.ifr_addr);
-  addr->sin_family = AF_INET;
-  /*
-   * Parse the address
-   */
-  if (1 != inet_pton (AF_INET,
-                      address,
-                      &addr->sin_addr.s_addr))
-  {
-    fprintf (stderr,
-             "Failed to parse IPv4 address `%s'\n",
-             address);
-    exit (1);
-  }
-  if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
-  {
-    fprintf (stderr,
-             "Error creating socket: %s\n",
-             strerror (errno));
-    exit (1);
-  }
-  strncpy (ifr.ifr_name, dev, IFNAMSIZ);
-  /*
-   * Set the address
-   */
-  if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
-  {
-    fprintf (stderr,
-             "ioctl failed at %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    (void) close (fd);
-    exit (1);
-  }
-  /*
-   * Parse the netmask
-   */
-  addr = (struct sockaddr_in *) &(ifr.ifr_netmask);
-  if (1 != inet_pton (AF_INET,
-                      mask,
-                      &addr->sin_addr.s_addr))
-  {
-    fprintf (stderr,
-             "Failed to parse IPv4 address mask `%s'\n",
-             mask);
-    (void) close (fd);
-    exit (1);
-  }
-  /*
-   * Set the netmask
-   */
-  if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr))
-  {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    (void) close (fd);
-    exit (1);
-  }
-  /*
-   * Get the flags
-   */
-  if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
-  {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    (void) close (fd);
-    exit (1);
-  }
-  /*
-   * Add the UP and RUNNING flags
-   */
-  ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
-  if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
-  {
-    fprintf (stderr,
-             "ioctl failed at line %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    (void) close (fd);
-    exit (1);
-  }
-  if (0 != close (fd))
-  {
-    fprintf (stderr,
-             "close failed at line %d: %s\n",
-             __LINE__,
-             strerror (errno));
-    exit (1);
-  }
-}
-/**
- * Start forwarding to and from the tunnel.
- *
- * @param fd_tun tunnel FD
- */
-static void
-run (int fd_tun)
-{
-  /*
-   * The buffer filled by reading from fd_tun
-   */
-  unsigned char buftun[MAX_SIZE];
-  ssize_t buftun_size = 0;
-  unsigned char *buftun_read = NULL;
-  /*
-   * The buffer filled by reading from stdin
-   */
-  unsigned char bufin[MAX_SIZE];
-  ssize_t bufin_size = 0;
-  size_t bufin_rpos = 0;
-  unsigned char *bufin_read = NULL;
-  fd_set fds_w;
-  fd_set fds_r;
-  /* read refers to reading from fd_tun, writing to stdout */
-  int read_open = 1;
-  /* write refers to reading from stdin, writing to fd_tun */
-  int write_open = 1;
-  while ((1 == read_open) && (1 == write_open))
-  {
-    FD_ZERO (&fds_w);
-    FD_ZERO (&fds_r);
-    /*
-     * We are supposed to read and the buffer is empty
-     * -> select on read from tun
-     */
-    if (read_open && (0 == buftun_size))
-      FD_SET (fd_tun, &fds_r);
-    /*
-     * We are supposed to read and the buffer is not empty
-     * -> select on write to stdout
-     */
-    if (read_open && (0 != buftun_size))
-      FD_SET (1, &fds_w);
-    /*
-     * We are supposed to write and the buffer is empty
-     * -> select on read from stdin
-     */
-    if (write_open && (NULL == bufin_read))
-      FD_SET (0, &fds_r);
-    /*
-     * We are supposed to write and the buffer is not empty
-     * -> select on write to tun
-     */
-    if (write_open && (NULL != bufin_read))
-      FD_SET (fd_tun, &fds_w);
-    int r = select (fd_tun + 1, &fds_r, &fds_w, NULL, NULL);
-    if (-1 == r)
-    {
-      if (EINTR == errno)
-        continue;
-      fprintf (stderr,
-               "select failed: %s\n",
-               strerror (errno));
-      exit (1);
-    }
-    if (r > 0)
-    {
-      if (FD_ISSET (fd_tun, &fds_r))
-      {
-        buftun_size =
-          read (fd_tun, buftun + sizeof(struct GNUNET_MessageHeader),
-                MAX_SIZE - sizeof(struct GNUNET_MessageHeader));
-        if (-1 == buftun_size)
-        {
-          fprintf (stderr,
-                   "read-error: %s\n",
-                   strerror (errno));
-          shutdown (fd_tun, SHUT_RD);
-          shutdown (1, SHUT_WR);
-          read_open = 0;
-          buftun_size = 0;
-        }
-        else if (0 == buftun_size)
-        {
-          fprintf (stderr, "EOF on tun\n");
-          shutdown (fd_tun, SHUT_RD);
-          shutdown (1, SHUT_WR);
-          read_open = 0;
-          buftun_size = 0;
-        }
-        else
-        {
-          buftun_read = buftun;
-          struct GNUNET_MessageHeader *hdr =
-            (struct GNUNET_MessageHeader *) buftun;
-          buftun_size += sizeof(struct GNUNET_MessageHeader);
-          hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
-          hdr->size = htons (buftun_size);
-        }
-      }
-      else if (FD_ISSET (1, &fds_w))
-      {
-        ssize_t written = write (1,
-                                 buftun_read,
-                                 buftun_size);
-        if (-1 == written)
-        {
-#if ! DEBUG
-          if (errno != EPIPE)
-#endif
-          fprintf (stderr,
-                   "write-error to stdout: %s\n",
-                   strerror (errno));
-          shutdown (fd_tun, SHUT_RD);
-          shutdown (1, SHUT_WR);
-          read_open = 0;
-          buftun_size = 0;
-        }
-        else if (0 == written)
-        {
-          fprintf (stderr,
-                   "write returned 0!?\n");
-          exit (1);
-        }
-        else
-        {
-          buftun_size -= written;
-          buftun_read += written;
-        }
-      }
-      if (FD_ISSET (0, &fds_r))
-      {
-        bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
-        if (-1 == bufin_size)
-        {
-          fprintf (stderr,
-                   "read-error: %s\n",
-                   strerror (errno));
-          shutdown (0, SHUT_RD);
-          shutdown (fd_tun, SHUT_WR);
-          write_open = 0;
-          bufin_size = 0;
-        }
-        else if (0 == bufin_size)
-        {
-#if DEBUG
-          fprintf (stderr, "EOF on stdin\n");
-#endif
-          shutdown (0, SHUT_RD);
-          shutdown (fd_tun, SHUT_WR);
-          write_open = 0;
-          bufin_size = 0;
-        }
-        else
-        {
-          struct GNUNET_MessageHeader *hdr;
-PROCESS_BUFFER:
-          bufin_rpos += bufin_size;
-          if (bufin_rpos < sizeof(struct GNUNET_MessageHeader))
-            continue;
-          hdr = (struct GNUNET_MessageHeader *) bufin;
-          if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
-          {
-            fprintf (stderr,
-                     "protocol violation!\n");
-            exit (1);
-          }
-          if (ntohs (hdr->size) > bufin_rpos)
-            continue;
-          bufin_read = bufin + sizeof(struct GNUNET_MessageHeader);
-          bufin_size = ntohs (hdr->size) - sizeof(struct GNUNET_MessageHeader);
-          bufin_rpos -= bufin_size + sizeof(struct GNUNET_MessageHeader);
-        }
-      }
-      else if (FD_ISSET (fd_tun, &fds_w))
-      {
-        ssize_t written = write (fd_tun,
-                                 bufin_read,
-                                 bufin_size);
-        if (-1 == written)
-        {
-          fprintf (stderr,
-                   "write-error to tun: %s\n",
-                   strerror (errno));
-          shutdown (0, SHUT_RD);
-          shutdown (fd_tun, SHUT_WR);
-          write_open = 0;
-          bufin_size = 0;
-        }
-        else if (0 == written)
-        {
-          fprintf (stderr, "write returned 0!?\n");
-          exit (1);
-        }
-        else
-        {
-          bufin_size -= written;
-          bufin_read += written;
-          if (0 == bufin_size)
-          {
-            memmove (bufin, bufin_read, bufin_rpos);
-            bufin_read = NULL;           /* start reading again */
-            bufin_size = 0;
-            goto PROCESS_BUFFER;
-          }
-        }
-      }
-    }
-  }
-}
-/**
- * Open VPN tunnel interface.
- *
- * @param argc must be 6
- * @param argv 0: binary name (gnunet-helper-vpn)
- *             1: tunnel interface name (gnunet-vpn)
- *             2: IPv6 address (::1), "-" to disable
- *             3: IPv6 netmask length in bits (64), ignored if #2 is "-"
- *             4: IPv4 address (1.2.3.4), "-" to disable
- *             5: IPv4 netmask (255.255.0.0), ignored if #4 is "-"
- */
-int
-main (int argc, char **argv)
-{
-  char dev[IFNAMSIZ];
-  int fd_tun;
-  int global_ret;
-  if (6 != argc)
-  {
-    fprintf (stderr, "Fatal: must supply 5 arguments!\n");
-    return 1;
-  }
-  strncpy (dev,
-           argv[1],
-           IFNAMSIZ);
-  dev[IFNAMSIZ - 1] = '\0';
-  if (-1 == (fd_tun = init_tun (dev)))
-  {
-    fprintf (stderr,
-             "Fatal: could not initialize tun-interface `%s'  with IPv6 %s/%s and IPv4 %s/%s\n",
-             dev,
-             argv[2],
-             argv[3],
-             argv[4],
-             argv[5]);
-    return 1;
-  }
-  if (0 != strcmp (argv[2], "-"))
-  {
-    const char *address = argv[2];
-    long prefix_len = atol (argv[3]);
-    if ((prefix_len < 1) || (prefix_len > 127))
-    {
-      fprintf (stderr,
-               "Fatal: prefix_len out of range\n");
-      (void) close (fd_tun);
-      return 1;
-    }
-    set_address6 (dev,
-                  address,
-                  prefix_len);
-  }
-  if (0 != strcmp (argv[4], "-"))
-  {
-    const char *address = argv[4];
-    const char *mask = argv[5];
-    set_address4 (dev, address, mask);
-  }
-  uid_t uid = getuid ();
-#ifdef HAVE_SETRESUID
-  if (0 != setresuid (uid, uid, uid))
-  {
-    fprintf (stderr,
-             "Failed to setresuid: %s\n",
-             strerror (errno));
-    global_ret = 2;
-    goto cleanup;
-  }
-#else
-  if (0 != (setuid (uid) | seteuid (uid)))
-  {
-    fprintf (stderr,
-             "Failed to setuid: %s\n",
-             strerror (errno));
-    global_ret = 2;
-    goto cleanup;
-  }
-#endif
-  if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
-  {
-    fprintf (stderr,
-             "Failed to protect against SIGPIPE: %s\n",
-             strerror (errno));
-    /* no exit, we might as well die with SIGPIPE should it ever happen */
-  }
-  run (fd_tun);
-  global_ret = 0;
-cleanup:
-  (void) close (fd_tun);
-  return global_ret;
-}

diff --git a/src/vpn/gnunet-helper-vpn.c b/src/vpn/gnunet-helper-vpn.c deleted file mode 100644 index 7686d51d5..000000000 --- a/src/vpn/gnunet-helper-vpn.c +++ /dev/null
@@ -1,707 +0,0 @@
1	/*
2	This file is part of GNUnet.
3	Copyright (C) 2010, 2012 Christian Grothoff
4
5	GNUnet is free software: you can redistribute it and/or modify it
6	under the terms of the GNU Affero General Public License as published
7	by the Free Software Foundation, either version 3 of the License,
8	or (at your option) any later version.
9
10	GNUnet is distributed in the hope that it will be useful, but
11	WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13	Affero General Public License for more details.
14
15	You should have received a copy of the GNU Affero General Public License
16	along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	SPDX-License-Identifier: AGPL3.0-or-later
19	*/
20
21	/**
22	* @file vpn/gnunet-helper-vpn.c
23	* @brief the helper for the VPN service. Opens a virtual network-interface,
24	* sends data received on the if to stdout, sends data received on stdin to the
25	* interface
26	* @author Philipp Tölke
27	* @author Christian Grothoff
28	*
29	* The following list of people have reviewed this code and considered
30	* it safe since the last modification (if you reviewed it, please
31	* have your name added to the list):
32	*
33	* - Philipp Tölke
34	*/
35	#include "platform.h"
36	#ifdef IF_TUN_HDR
37	#include IF_TUN_HDR
38	#endif
39
40	/**
41	* Need 'struct GNUNET_MessageHeader'.
42	*/
43	#include "gnunet_crypto_lib.h"
44	#include "gnunet_common.h"
45
46	/**
47	* Need VPN message types.
48	*/
49	#include "gnunet_protocols.h"
50
51	/**
52	* Should we print (interesting\|debug) messages that can happen during
53	* normal operation?
54	*/
55	#define DEBUG GNUNET_NO
56
57	/**
58	* Maximum size of a GNUnet message (GNUNET_MAX_MESSAGE_SIZE)
59	*/
60	#define MAX_SIZE 65536
61
62	#if ! defined(__ANDROID__)
63	#ifndef _LINUX_IN6_H
64	/**
65	* This is in linux/include/net/ipv6.h, but not always exported...
66	*/
67	struct in6_ifreq
68	{
69	struct in6_addr ifr6_addr;
70	uint32_t ifr6_prefixlen;
71	unsigned int ifr6_ifindex;
72	};
73	#endif
74	#endif
75
76
77	/**
78	* Creates a tun-interface called dev;
79	*
80	* @param dev is assumed to point to a char[IFNAMSIZ]
81	* if *dev == '\\0', uses the name supplied by the kernel;
82	* @return the fd to the tun or -1 on error
83	*/
84	static int
85	init_tun (char *dev)
86	{
87	struct ifreq ifr;
88	int fd;
89
90	if (NULL == dev)
91	{
92	errno = EINVAL;
93	return -1;
94	}
95
96	if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
97	{
98	fprintf (stderr,
99	"Error opening `%s': %s\n",
100	"/dev/net/tun",
101	strerror (errno));
102	return -1;
103	}
104
105	if (fd >= FD_SETSIZE)
106	{
107	fprintf (stderr,
108	"File descriptor to large: %d",
109	fd);
110	(void) close (fd);
111	return -1;
112	}
113
114	memset (&ifr, 0, sizeof(ifr));
115	ifr.ifr_flags = IFF_TUN;
116
117	if ('\0' != *dev)
118	strncpy (ifr.ifr_name,
119	dev,
120	IFNAMSIZ);
121
122	if (-1 == ioctl (fd,
123	TUNSETIFF,
124	(void *) &ifr))
125	{
126	fprintf (stderr,
127	"Error with ioctl on `%s': %s\n",
128	"/dev/net/tun",
129	strerror (errno));
130	(void) close (fd);
131	return -1;
132	}
133	strcpy (dev, ifr.ifr_name);
134	return fd;
135	}
136
137
138	/**
139	* @brief Sets the IPv6-Address given in address on the interface dev
140	*
141	* @param dev the interface to configure
142	* @param address the IPv6-Address
143	* @param prefix_len the length of the network-prefix
144	*/
145	static void
146	set_address6 (const char *dev,
147	const char *address,
148	unsigned long prefix_len)
149	{
150	struct ifreq ifr;
151	struct in6_ifreq ifr6;
152	struct sockaddr_in6 sa6;
153	int fd;
154
155	/*
156	* parse the new address
157	*/
158	memset (&sa6, 0, sizeof(struct sockaddr_in6));
159	sa6.sin6_family = AF_INET6;
160	if (1 != inet_pton (AF_INET6, address, sa6.sin6_addr.s6_addr))
161	{
162	fprintf (stderr,
163	"Failed to parse IPv6 address `%s'\n",
164	address);
165	exit (1);
166	}
167
168	if (-1 == (fd = socket (PF_INET6, SOCK_DGRAM, 0)))
169	{
170	fprintf (stderr,
171	"Error creating socket: %s\n",
172	strerror (errno));
173	exit (1);
174	}
175
176	memset (&ifr, 0, sizeof(struct ifreq));
177	/*
178	* Get the index of the if
179	*/
180	strncpy (ifr.ifr_name,
181	dev,
182	IFNAMSIZ);
183	if (-1 == ioctl (fd,
184	SIOGIFINDEX,
185	&ifr))
186	{
187	fprintf (stderr,
188	"ioctl failed at %d: %s\n",
189	__LINE__,
190	strerror (errno));
191	(void) close (fd);
192	exit (1);
193	}
194
195	memset (&ifr6, 0, sizeof(struct in6_ifreq));
196	ifr6.ifr6_addr = sa6.sin6_addr;
197	ifr6.ifr6_ifindex = ifr.ifr_ifindex;
198	ifr6.ifr6_prefixlen = prefix_len;
199
200	/*
201	* Set the address
202	*/
203	if (-1 == ioctl (fd,
204	SIOCSIFADDR,
205	&ifr6))
206	{
207	fprintf (stderr,
208	"ioctl failed at line %d: %s\n",
209	__LINE__,
210	strerror (errno));
211	(void) close (fd);
212	exit (1);
213	}
214
215	/*
216	* Get the flags
217	*/
218	if (-1 == ioctl (fd,
219	SIOCGIFFLAGS,
220	&ifr))
221	{
222	fprintf (stderr,
223	"ioctl failed at line %d: %s\n",
224	__LINE__,
225	strerror (errno));
226	(void) close (fd);
227	exit (1);
228	}
229
230	/*
231	* Add the UP and RUNNING flags
232	*/
233	ifr.ifr_flags \|= IFF_UP \| IFF_RUNNING;
234	if (-1 == ioctl (fd,
235	SIOCSIFFLAGS,
236	&ifr))
237	{
238	fprintf (stderr,
239	"ioctl failed at line %d: %s\n",
240	__LINE__,
241	strerror (errno));
242	(void) close (fd);
243	exit (1);
244	}
245
246	if (0 != close (fd))
247	{
248	fprintf (stderr,
249	"close failed at line %d: %s\n",
250	__LINE__,
251	strerror (errno));
252	exit (1);
253	}
254	}
255
256
257	/**
258	* @brief Sets the IPv4-Address given in address on the interface dev
259	*
260	* @param dev the interface to configure
261	* @param address the IPv4-Address
262	* @param mask the netmask
263	*/
264	static void
265	set_address4 (const char *dev,
266	const char *address,
267	const char *mask)
268	{
269	int fd;
270	struct sockaddr_in *addr;
271	struct ifreq ifr;
272
273	memset (&ifr, 0, sizeof(struct ifreq));
274	addr = (struct sockaddr_in *) &(ifr.ifr_addr);
275	addr->sin_family = AF_INET;
276
277	/*
278	* Parse the address
279	*/
280	if (1 != inet_pton (AF_INET,
281	address,
282	&addr->sin_addr.s_addr))
283	{
284	fprintf (stderr,
285	"Failed to parse IPv4 address `%s'\n",
286	address);
287	exit (1);
288	}
289
290	if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
291	{
292	fprintf (stderr,
293	"Error creating socket: %s\n",
294	strerror (errno));
295	exit (1);
296	}
297
298	strncpy (ifr.ifr_name, dev, IFNAMSIZ);
299
300	/*
301	* Set the address
302	*/
303	if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
304	{
305	fprintf (stderr,
306	"ioctl failed at %d: %s\n",
307	__LINE__,
308	strerror (errno));
309	(void) close (fd);
310	exit (1);
311	}
312
313	/*
314	* Parse the netmask
315	*/
316	addr = (struct sockaddr_in *) &(ifr.ifr_netmask);
317	if (1 != inet_pton (AF_INET,
318	mask,
319	&addr->sin_addr.s_addr))
320	{
321	fprintf (stderr,
322	"Failed to parse IPv4 address mask `%s'\n",
323	mask);
324	(void) close (fd);
325	exit (1);
326	}
327
328	/*
329	* Set the netmask
330	*/
331	if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr))
332	{
333	fprintf (stderr,
334	"ioctl failed at line %d: %s\n",
335	__LINE__,
336	strerror (errno));
337	(void) close (fd);
338	exit (1);
339	}
340
341	/*
342	* Get the flags
343	*/
344	if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
345	{
346	fprintf (stderr,
347	"ioctl failed at line %d: %s\n",
348	__LINE__,
349	strerror (errno));
350	(void) close (fd);
351	exit (1);
352	}
353
354	/*
355	* Add the UP and RUNNING flags
356	*/
357	ifr.ifr_flags \|= IFF_UP \| IFF_RUNNING;
358	if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
359	{
360	fprintf (stderr,
361	"ioctl failed at line %d: %s\n",
362	__LINE__,
363	strerror (errno));
364	(void) close (fd);
365	exit (1);
366	}
367
368	if (0 != close (fd))
369	{
370	fprintf (stderr,
371	"close failed at line %d: %s\n",
372	__LINE__,
373	strerror (errno));
374	exit (1);
375	}
376	}
377
378
379	/**
380	* Start forwarding to and from the tunnel.
381	*
382	* @param fd_tun tunnel FD
383	*/
384	static void
385	run (int fd_tun)
386	{
387	/*
388	* The buffer filled by reading from fd_tun
389	*/
390	unsigned char buftun[MAX_SIZE];
391	ssize_t buftun_size = 0;
392	unsigned char *buftun_read = NULL;
393
394	/*
395	* The buffer filled by reading from stdin
396	*/
397	unsigned char bufin[MAX_SIZE];
398	ssize_t bufin_size = 0;
399	size_t bufin_rpos = 0;
400	unsigned char *bufin_read = NULL;
401
402	fd_set fds_w;
403	fd_set fds_r;
404
405	/* read refers to reading from fd_tun, writing to stdout */
406	int read_open = 1;
407
408	/* write refers to reading from stdin, writing to fd_tun */
409	int write_open = 1;
410
411	while ((1 == read_open) && (1 == write_open))
412	{
413	FD_ZERO (&fds_w);
414	FD_ZERO (&fds_r);
415
416	/*
417	* We are supposed to read and the buffer is empty
418	* -> select on read from tun
419	*/
420	if (read_open && (0 == buftun_size))
421	FD_SET (fd_tun, &fds_r);
422
423	/*
424	* We are supposed to read and the buffer is not empty
425	* -> select on write to stdout
426	*/
427	if (read_open && (0 != buftun_size))
428	FD_SET (1, &fds_w);
429
430	/*
431	* We are supposed to write and the buffer is empty
432	* -> select on read from stdin
433	*/
434	if (write_open && (NULL == bufin_read))
435	FD_SET (0, &fds_r);
436
437	/*
438	* We are supposed to write and the buffer is not empty
439	* -> select on write to tun
440	*/
441	if (write_open && (NULL != bufin_read))
442	FD_SET (fd_tun, &fds_w);
443
444	int r = select (fd_tun + 1, &fds_r, &fds_w, NULL, NULL);
445
446	if (-1 == r)
447	{
448	if (EINTR == errno)
449	continue;
450	fprintf (stderr,
451	"select failed: %s\n",
452	strerror (errno));
453	exit (1);
454	}
455
456	if (r > 0)
457	{
458	if (FD_ISSET (fd_tun, &fds_r))
459	{
460	buftun_size =
461	read (fd_tun, buftun + sizeof(struct GNUNET_MessageHeader),
462	MAX_SIZE - sizeof(struct GNUNET_MessageHeader));
463	if (-1 == buftun_size)
464	{
465	fprintf (stderr,
466	"read-error: %s\n",
467	strerror (errno));
468	shutdown (fd_tun, SHUT_RD);
469	shutdown (1, SHUT_WR);
470	read_open = 0;
471	buftun_size = 0;
472	}
473	else if (0 == buftun_size)
474	{
475	fprintf (stderr, "EOF on tun\n");
476	shutdown (fd_tun, SHUT_RD);
477	shutdown (1, SHUT_WR);
478	read_open = 0;
479	buftun_size = 0;
480	}
481	else
482	{
483	buftun_read = buftun;
484	struct GNUNET_MessageHeader *hdr =
485	(struct GNUNET_MessageHeader *) buftun;
486	buftun_size += sizeof(struct GNUNET_MessageHeader);
487	hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
488	hdr->size = htons (buftun_size);
489	}
490	}
491	else if (FD_ISSET (1, &fds_w))
492	{
493	ssize_t written = write (1,
494	buftun_read,
495	buftun_size);
496
497	if (-1 == written)
498	{
499	#if ! DEBUG
500	if (errno != EPIPE)
501	#endif
502	fprintf (stderr,
503	"write-error to stdout: %s\n",
504	strerror (errno));
505	shutdown (fd_tun, SHUT_RD);
506	shutdown (1, SHUT_WR);
507	read_open = 0;
508	buftun_size = 0;
509	}
510	else if (0 == written)
511	{
512	fprintf (stderr,
513	"write returned 0!?\n");
514	exit (1);
515	}
516	else
517	{
518	buftun_size -= written;
519	buftun_read += written;
520	}
521	}
522
523	if (FD_ISSET (0, &fds_r))
524	{
525	bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
526	if (-1 == bufin_size)
527	{
528	fprintf (stderr,
529	"read-error: %s\n",
530	strerror (errno));
531	shutdown (0, SHUT_RD);
532	shutdown (fd_tun, SHUT_WR);
533	write_open = 0;
534	bufin_size = 0;
535	}
536	else if (0 == bufin_size)
537	{
538	#if DEBUG
539	fprintf (stderr, "EOF on stdin\n");
540	#endif
541	shutdown (0, SHUT_RD);
542	shutdown (fd_tun, SHUT_WR);
543	write_open = 0;
544	bufin_size = 0;
545	}
546	else
547	{
548	struct GNUNET_MessageHeader *hdr;
549
550	PROCESS_BUFFER:
551	bufin_rpos += bufin_size;
552	if (bufin_rpos < sizeof(struct GNUNET_MessageHeader))
553	continue;
554	hdr = (struct GNUNET_MessageHeader *) bufin;
555	if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
556	{
557	fprintf (stderr,
558	"protocol violation!\n");
559	exit (1);
560	}
561	if (ntohs (hdr->size) > bufin_rpos)
562	continue;
563	bufin_read = bufin + sizeof(struct GNUNET_MessageHeader);
564	bufin_size = ntohs (hdr->size) - sizeof(struct GNUNET_MessageHeader);
565	bufin_rpos -= bufin_size + sizeof(struct GNUNET_MessageHeader);
566	}
567	}
568	else if (FD_ISSET (fd_tun, &fds_w))
569	{
570	ssize_t written = write (fd_tun,
571	bufin_read,
572	bufin_size);
573
574	if (-1 == written)
575	{
576	fprintf (stderr,
577	"write-error to tun: %s\n",
578	strerror (errno));
579	shutdown (0, SHUT_RD);
580	shutdown (fd_tun, SHUT_WR);
581	write_open = 0;
582	bufin_size = 0;
583	}
584	else if (0 == written)
585	{
586	fprintf (stderr, "write returned 0!?\n");
587	exit (1);
588	}
589	else
590	{
591	bufin_size -= written;
592	bufin_read += written;
593	if (0 == bufin_size)
594	{
595	memmove (bufin, bufin_read, bufin_rpos);
596	bufin_read = NULL; /* start reading again */
597	bufin_size = 0;
598	goto PROCESS_BUFFER;
599	}
600	}
601	}
602	}
603	}
604	}
605
606
607	/**
608	* Open VPN tunnel interface.
609	*
610	* @param argc must be 6
611	* @param argv 0: binary name (gnunet-helper-vpn)
612	* 1: tunnel interface name (gnunet-vpn)
613	* 2: IPv6 address (::1), "-" to disable
614	* 3: IPv6 netmask length in bits (64), ignored if #2 is "-"
615	* 4: IPv4 address (1.2.3.4), "-" to disable
616	* 5: IPv4 netmask (255.255.0.0), ignored if #4 is "-"
617	*/
618	int
619	main (int argc, char **argv)
620	{
621	char dev[IFNAMSIZ];
622	int fd_tun;
623	int global_ret;
624
625	if (6 != argc)
626	{
627	fprintf (stderr, "Fatal: must supply 5 arguments!\n");
628	return 1;
629	}
630
631	strncpy (dev,
632	argv[1],
633	IFNAMSIZ);
634	dev[IFNAMSIZ - 1] = '\0';
635
636	if (-1 == (fd_tun = init_tun (dev)))
637	{
638	fprintf (stderr,
639	"Fatal: could not initialize tun-interface `%s' with IPv6 %s/%s and IPv4 %s/%s\n",
640	dev,
641	argv[2],
642	argv[3],
643	argv[4],
644	argv[5]);
645	return 1;
646	}
647
648	if (0 != strcmp (argv[2], "-"))
649	{
650	const char *address = argv[2];
651	long prefix_len = atol (argv[3]);
652
653	if ((prefix_len < 1) \|\| (prefix_len > 127))
654	{
655	fprintf (stderr,
656	"Fatal: prefix_len out of range\n");
657	(void) close (fd_tun);
658	return 1;
659	}
660
661	set_address6 (dev,
662	address,
663	prefix_len);
664	}
665
666	if (0 != strcmp (argv[4], "-"))
667	{
668	const char *address = argv[4];
669	const char *mask = argv[5];
670
671	set_address4 (dev, address, mask);
672	}
673
674	uid_t uid = getuid ();
675	#ifdef HAVE_SETRESUID
676	if (0 != setresuid (uid, uid, uid))
677	{
678	fprintf (stderr,
679	"Failed to setresuid: %s\n",
680	strerror (errno));
681	global_ret = 2;
682	goto cleanup;
683	}
684	#else
685	if (0 != (setuid (uid) \| seteuid (uid)))
686	{
687	fprintf (stderr,
688	"Failed to setuid: %s\n",
689	strerror (errno));
690	global_ret = 2;
691	goto cleanup;
692	}
693	#endif
694
695	if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
696	{
697	fprintf (stderr,
698	"Failed to protect against SIGPIPE: %s\n",
699	strerror (errno));
700	/* no exit, we might as well die with SIGPIPE should it ever happen */
701	}
702	run (fd_tun);
703	global_ret = 0;
704	cleanup:
705	(void) close (fd_tun);
706	return global_ret;
707	}