GNUnet 0.24.1-16-gbc519cf4b
Macros | Functions | Variables
gnunet-helper-exit.c File Reference

the helper for exit nodes. More...

#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_common.h"
#include "gnunet_protocols.h"
Include dependency graph for gnunet-helper-exit.c:

Go to the source code of this file.

Macros

#define DEBUG   GNUNET_NO
 Need 'struct GNUNET_MessageHeader'. More...
 
#define MAX_SIZE   65536
 Maximum size of a GNUnet message (GNUNET_MAX_MESSAGE_SIZE) More...
 
#define init_tun(dev)   open (dev, O_RDWR)
 Creates a tun-interface called dev;. More...
 

Functions

static void open_dev_null (int target_fd, int flags)
 Open '/dev/null' and make the result the given file descriptor. More...
 
static int fork_and_exec (const char *file, const char *const cmd[])
 Run the given command and wait for it to complete. More...
 
static void set_address6 (const char *dev, const char *address, unsigned long prefix_len)
 Sets the IPv6-Address given in address on the interface dev. More...
 
static void set_address4 (const char *dev, const char *address, const char *mask)
 Sets the IPv4-Address given in address on the interface dev. More...
 
static void run (int fd_tun)
 Start forwarding to and from the tunnel. More...
 
int main (int argc, char **argv)
 Open VPN tunnel interface. More...
 

Variables

static const char * sbin_sysctl
 Path to 'sysctl' binary. More...
 
static const char * sbin_iptables
 Path to 'iptables' binary. More...
 

Detailed Description

the helper for exit nodes.

Opens a virtual network-interface, sends data received on the if to stdout, sends data received on stdin to the interface. The code also enables IPv4/IPv6 forwarding and NAT on the current system (the latter on an interface specified on the command-line); these changes to the network configuration are NOT automatically undone when the program is stopped (this is because we cannot be sure that some other application didn't enable them before or after us; also, these changes should be mostly harmless as it simply turns the system into a router).

Author
Philipp Tölke
Christian Grothoff

The following list of people have reviewed this code and considered it safe since the last modification (if you reviewed it, please have your name added to the list):

  • Philipp Tölke

Definition in file gnunet-helper-exit.c.

Macro Definition Documentation

◆ DEBUG

#define DEBUG   GNUNET_NO

Need 'struct GNUNET_MessageHeader'.

Need VPN message types. Should we print (interesting|debug) messages that can happen during normal operation?

Definition at line 70 of file gnunet-helper-exit.c.

◆ MAX_SIZE

#define MAX_SIZE   65536

Maximum size of a GNUnet message (GNUNET_MAX_MESSAGE_SIZE)

Definition at line 75 of file gnunet-helper-exit.c.

◆ init_tun

#define init_tun (   dev)    open (dev, O_RDWR)

Creates a tun-interface called dev;.

Parameters
devis assumed to point to a char[IFNAMSIZ] if *dev == '\0', uses the name supplied by the kernel;
Returns
the fd to the tun or -1 on error

Definition at line 268 of file gnunet-helper-exit.c.

Function Documentation

◆ open_dev_null()

static void open_dev_null ( int  target_fd,
int  flags 
)
static

Open '/dev/null' and make the result the given file descriptor.

Parameters
target_fddesired FD to point to /dev/null
flagsopen flags (O_RDONLY, O_WRONLY)

Definition at line 111 of file gnunet-helper-exit.c.

113{
114 int fd;
115
116 fd = open ("/dev/null", flags);
117 if (-1 == fd)
118 abort ();
119 if (fd == target_fd)
120 return;
121 if (-1 == dup2 (fd, target_fd))
122 {
123 (void) close (fd);
124 abort ();
125 }
126 (void) close (fd);
127}

Referenced by fork_and_exec().

Here is the caller graph for this function:

◆ fork_and_exec()

static int fork_and_exec ( const char *  file,
const char *const  cmd[] 
)
static

Run the given command and wait for it to complete.

Parameters
filename of the binary to run
cmdcommand line arguments (as given to 'execv')
Returns
0 on success, 1 on any error

Definition at line 138 of file gnunet-helper-exit.c.

140{
141 int status;
142 pid_t pid;
143 pid_t ret;
144
145 pid = fork ();
146 if (-1 == pid)
147 {
148 fprintf (stderr,
149 "fork failed: %s\n",
150 strerror (errno));
151 return 1;
152 }
153 if (0 == pid)
154 {
155 /* we are the child process */
156 /* close stdin/stdout to not cause interference
157 with the helper's main protocol! */
158 (void) close (0);
159 open_dev_null (0, O_RDONLY);
160 (void) close (1);
161 open_dev_null (1, O_WRONLY);
162 (void) execv (file, (char *const *) cmd);
163 /* can only get here on error */
164 fprintf (stderr,
165 "exec `%s' failed: %s\n",
166 file,
167 strerror (errno));
168 _exit (1);
169 }
170 /* keep running waitpid as long as the only error we get is 'EINTR' */
171 while ((-1 == (ret = waitpid (pid, &status, 0))) &&
172 (errno == EINTR))
173 ;
174 if (-1 == ret)
175 {
176 fprintf (stderr,
177 "waitpid failed: %s\n",
178 strerror (errno));
179 return 1;
180 }
181 if (! (WIFEXITED (status) && (0 == WEXITSTATUS (status))))
182 return 1;
183 /* child process completed and returned success, we're happy */
184 return 0;
185}
ret
static int ret
Final status code.
Definition: gnunet-arm.c:93
open_dev_null
static void open_dev_null(int target_fd, int flags)
Open '/dev/null' and make the result the given file descriptor.
Definition: gnunet-helper-exit.c:111
status
static int status
The program status; 0 for success.
Definition: gnunet-nse.c:39
pid
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
Definition: gnunet-transport.c:283

References open_dev_null(), pid, ret, and status.

Referenced by main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_address6()

static void set_address6 ( const char *  dev,
const char *  address,
unsigned long  prefix_len 
)
static

Sets the IPv6-Address given in address on the interface dev.

Parameters
devthe interface to configure
addressthe IPv6-Address
prefix_lenthe length of the network-prefix

Definition at line 280 of file gnunet-helper-exit.c.

281{
282 struct ifreq ifr;
283 struct sockaddr_in6 sa6;
284 int fd;
285 struct in6_ifreq ifr6;
286
287 /*
288 * parse the new address
289 */
290 memset (&sa6, 0, sizeof(struct sockaddr_in6));
291 sa6.sin6_family = AF_INET6;
292 if (1 != inet_pton (AF_INET6, address, &sa6.sin6_addr))
293 {
294 fprintf (stderr, "Failed to parse address `%s': %s\n", address,
295 strerror (errno));
296 exit (1);
297 }
298
299 if (-1 == (fd = socket (PF_INET6, SOCK_DGRAM, 0)))
300 {
301 fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
302 exit (1);
303 }
304
305 memset (&ifr, 0, sizeof(struct ifreq));
306 /*
307 * Get the index of the if
308 */
309 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
310 if (-1 == ioctl (fd, SIOGIFINDEX, &ifr))
311 {
312 fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
313 (void) close (fd);
314 exit (1);
315 }
316
317 memset (&ifr6, 0, sizeof(struct in6_ifreq));
318 ifr6.ifr6_addr = sa6.sin6_addr;
319 ifr6.ifr6_ifindex = ifr.ifr_ifindex;
320 ifr6.ifr6_prefixlen = prefix_len;
321
322 /*
323 * Set the address
324 */
325 if (-1 == ioctl (fd, SIOCSIFADDR, &ifr6))
326 {
327 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
328 strerror (errno));
329 (void) close (fd);
330 exit (1);
331 }
332
333 /*
334 * Get the flags
335 */
336 if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
337 {
338 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
339 strerror (errno));
340 (void) close (fd);
341 exit (1);
342 }
343
344 /*
345 * Add the UP and RUNNING flags
346 */
347 ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
348 if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
349 {
350 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
351 strerror (errno));
352 (void) close (fd);
353 exit (1);
354 }
355
356 if (0 != close (fd))
357 {
358 fprintf (stderr, "close failed: %s\n", strerror (errno));
359 exit (1);
360 }
361}
address
static char * address
GNS address for this phone.
Definition: gnunet-conversation.c:225
in6_ifreq
This is in linux/include/net/ipv6.h, but not always exported...
Definition: gnunet-helper-dns.c:93

References address, in6_ifreq::ifr6_addr, in6_ifreq::ifr6_ifindex, and in6_ifreq::ifr6_prefixlen.

Referenced by main().

Here is the caller graph for this function:

◆ set_address4()

static void set_address4 ( const char *  dev,
const char *  address,
const char *  mask 
)
static

Sets the IPv4-Address given in address on the interface dev.

Parameters
devthe interface to configure
addressthe IPv4-Address
maskthe netmask

Definition at line 372 of file gnunet-helper-exit.c.

373{
374 int fd;
375 struct sockaddr_in *addr;
376 struct ifreq ifr;
377
378 memset (&ifr, 0, sizeof(struct ifreq));
379 addr = (struct sockaddr_in *) &(ifr.ifr_addr);
380 addr->sin_family = AF_INET;
381
382 /*
383 * Parse the address
384 */
385 if (1 != inet_pton (AF_INET, address, &addr->sin_addr.s_addr))
386 {
387 fprintf (stderr, "Failed to parse address `%s': %s\n", address,
388 strerror (errno));
389 exit (1);
390 }
391
392 if (-1 == (fd = socket (PF_INET, SOCK_DGRAM, 0)))
393 {
394 fprintf (stderr, "Error creating socket: %s\n", strerror (errno));
395 exit (1);
396 }
397
398 strncpy (ifr.ifr_name, dev, IFNAMSIZ);
399
400 /*
401 * Set the address
402 */
403 if (-1 == ioctl (fd, SIOCSIFADDR, &ifr))
404 {
405 fprintf (stderr, "ioctl failed at %d: %s\n", __LINE__, strerror (errno));
406 (void) close (fd);
407 exit (1);
408 }
409
410 /*
411 * Parse the netmask
412 */
413 addr = (struct sockaddr_in *) &(ifr.ifr_netmask);
414 if (1 != inet_pton (AF_INET, mask, &addr->sin_addr.s_addr))
415 {
416 fprintf (stderr, "Failed to parse address `%s': %s\n", mask,
417 strerror (errno));
418 (void) close (fd);
419 exit (1);
420 }
421
422 /*
423 * Set the netmask
424 */
425 if (-1 == ioctl (fd, SIOCSIFNETMASK, &ifr))
426 {
427 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
428 strerror (errno));
429 (void) close (fd);
430 exit (1);
431 }
432
433 /*
434 * Get the flags
435 */
436 if (-1 == ioctl (fd, SIOCGIFFLAGS, &ifr))
437 {
438 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
439 strerror (errno));
440 (void) close (fd);
441 exit (1);
442 }
443
444 /*
445 * Add the UP and RUNNING flags
446 */
447 ifr.ifr_flags |= IFF_UP | IFF_RUNNING;
448 if (-1 == ioctl (fd, SIOCSIFFLAGS, &ifr))
449 {
450 fprintf (stderr, "ioctl failed at line %d: %s\n", __LINE__,
451 strerror (errno));
452 (void) close (fd);
453 exit (1);
454 }
455
456 if (0 != close (fd))
457 {
458 fprintf (stderr, "close failed: %s\n", strerror (errno));
459 (void) close (fd);
460 exit (1);
461 }
462}

References address.

Referenced by main().

Here is the caller graph for this function:

◆ run()

static void run ( int  fd_tun)
static

Start forwarding to and from the tunnel.

Parameters
fd_tuntunnel FD

Definition at line 471 of file gnunet-helper-exit.c.

472{
473 /*
474 * The buffer filled by reading from fd_tun
475 */
476 unsigned char buftun[MAX_SIZE];
477 ssize_t buftun_size = 0;
478 unsigned char *buftun_read = NULL;
479
480 /*
481 * The buffer filled by reading from stdin
482 */
483 unsigned char bufin[MAX_SIZE];
484 ssize_t bufin_size = 0;
485 size_t bufin_rpos = 0;
486 unsigned char *bufin_read = NULL;
487
488 fd_set fds_w;
489 fd_set fds_r;
490
491 /* read refers to reading from fd_tun, writing to stdout */
492 int read_open = 1;
493
494 /* write refers to reading from stdin, writing to fd_tun */
495 int write_open = 1;
496 int r;
497
498 while ((1 == read_open) && (1 == write_open))
499 {
500 FD_ZERO (&fds_w);
501 FD_ZERO (&fds_r);
502
503 /*
504 * We are supposed to read and the buffer is empty
505 * -> select on read from tun
506 */
507 if (read_open && (0 == buftun_size))
508 FD_SET (fd_tun, &fds_r);
509
510 /*
511 * We are supposed to read and the buffer is not empty
512 * -> select on write to stdout
513 */
514 if (read_open && (0 != buftun_size))
515 FD_SET (1, &fds_w);
516
517 /*
518 * We are supposed to write and the buffer is empty
519 * -> select on read from stdin
520 */
521 if (write_open && (NULL == bufin_read))
522 FD_SET (0, &fds_r);
523
524 /*
525 * We are supposed to write and the buffer is not empty
526 * -> select on write to tun
527 */
528 if (write_open && (NULL != bufin_read))
529 FD_SET (fd_tun, &fds_w);
530
531 r = select (fd_tun + 1, &fds_r, &fds_w, NULL, NULL);
532
533 if (-1 == r)
534 {
535 if (EINTR == errno)
536 continue;
537 fprintf (stderr, "select failed: %s\n", strerror (errno));
538 exit (1);
539 }
540
541 if (r > 0)
542 {
543 if (FD_ISSET (fd_tun, &fds_r))
544 {
545 buftun_size =
546 read (fd_tun, buftun + sizeof(struct GNUNET_MessageHeader),
547 MAX_SIZE - sizeof(struct GNUNET_MessageHeader));
548 if (-1 == buftun_size)
549 {
550 fprintf (stderr,
551 "read-error: %s\n",
552 strerror (errno));
553 shutdown (fd_tun, SHUT_RD);
554 shutdown (1, SHUT_WR);
555 read_open = 0;
556 buftun_size = 0;
557 }
558 else if (0 == buftun_size)
559 {
560#if DEBUG
561 fprintf (stderr, "EOF on tun\n");
562#endif
563 shutdown (fd_tun, SHUT_RD);
564 shutdown (1, SHUT_WR);
565 read_open = 0;
566 buftun_size = 0;
567 }
568 else
569 {
570 struct GNUNET_MessageHeader *hdr =
571 (struct GNUNET_MessageHeader *) buftun;
572 buftun_read = buftun;
573 buftun_size += sizeof(struct GNUNET_MessageHeader);
574 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
575 hdr->size = htons (buftun_size);
576 }
577 }
578 else if (FD_ISSET (1, &fds_w))
579 {
580 ssize_t written = write (1, buftun_read, buftun_size);
581
582 if (-1 == written)
583 {
584#if ! DEBUG
585 if (errno != EPIPE)
586#endif
587 fprintf (stderr,
588 "write-error to stdout: %s\n",
589 strerror (errno));
590 shutdown (fd_tun, SHUT_RD);
591 shutdown (1, SHUT_WR);
592 read_open = 0;
593 buftun_size = 0;
594 }
595 else if (0 == written)
596 {
597 fprintf (stderr, "write returned 0!?\n");
598 exit (1);
599 }
600 else
601 {
602 buftun_size -= written;
603 buftun_read += written;
604 }
605 }
606
607 if (FD_ISSET (0, &fds_r))
608 {
609 bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
610 if (-1 == bufin_size)
611 {
612 fprintf (stderr, "read-error: %s\n", strerror (errno));
613 shutdown (0, SHUT_RD);
614 shutdown (fd_tun, SHUT_WR);
615 write_open = 0;
616 bufin_size = 0;
617 }
618 else if (0 == bufin_size)
619 {
620#if DEBUG
621 fprintf (stderr, "EOF on stdin\n");
622#endif
623 shutdown (0, SHUT_RD);
624 shutdown (fd_tun, SHUT_WR);
625 write_open = 0;
626 bufin_size = 0;
627 }
628 else
629 {
630 struct GNUNET_MessageHeader *hdr;
631
632PROCESS_BUFFER:
633 bufin_rpos += bufin_size;
634 if (bufin_rpos < sizeof(struct GNUNET_MessageHeader))
635 continue;
636 hdr = (struct GNUNET_MessageHeader *) bufin;
637 if (ntohs (hdr->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
638 {
639 fprintf (stderr, "protocol violation!\n");
640 exit (1);
641 }
642 if (ntohs (hdr->size) > bufin_rpos)
643 continue;
644 bufin_read = bufin + sizeof(struct GNUNET_MessageHeader);
645 bufin_size = ntohs (hdr->size) - sizeof(struct GNUNET_MessageHeader);
646 bufin_rpos -= bufin_size + sizeof(struct GNUNET_MessageHeader);
647 }
648 }
649 else if (FD_ISSET (fd_tun, &fds_w))
650 {
651 ssize_t written = write (fd_tun, bufin_read, bufin_size);
652
653 if (-1 == written)
654 {
655 fprintf (stderr, "write-error to tun: %s\n", strerror (errno));
656 shutdown (0, SHUT_RD);
657 shutdown (fd_tun, SHUT_WR);
658 write_open = 0;
659 bufin_size = 0;
660 }
661 else if (0 == written)
662 {
663 fprintf (stderr, "write returned 0!?\n");
664 exit (1);
665 }
666 else
667 {
668 bufin_size -= written;
669 bufin_read += written;
670 if (0 == bufin_size)
671 {
672 memmove (bufin, bufin_read, bufin_rpos);
673 bufin_read = NULL; /* start reading again */
674 bufin_size = 0;
675 goto PROCESS_BUFFER;
676 }
677 }
678 }
679 }
680 }
681}
MAX_SIZE
#define MAX_SIZE
Maximum size of a GNUnet message (GNUNET_MAX_MESSAGE_SIZE)
Definition: gnunet-helper-exit.c:75
GNUNET_MessageHeader::type
uint16_t type
The type of the message (GNUNET_MESSAGE_TYPE_XXXX), in big-endian format.
Definition: gnunet_common.h:330
GNUNET_MessageHeader::size
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format.
Definition: gnunet_common.h:325
GNUNET_MESSAGE_TYPE_VPN_HELPER
#define GNUNET_MESSAGE_TYPE_VPN_HELPER
Type of messages between the gnunet-vpn-helper and the daemon.
Definition: gnunet_protocols.h:751
GNUNET_MessageHeader
Header for all communications.
Definition: gnunet_common.h:320

References GNUNET_MESSAGE_TYPE_VPN_HELPER, MAX_SIZE, GNUNET_MessageHeader::size, and GNUNET_MessageHeader::type.

Referenced by main().

Here is the caller graph for this function:

◆ main()

int main ( int  argc,
char **  argv 
)

Open VPN tunnel interface.

Parameters
argcmust be 6
argv0: binary name ("gnunet-helper-exit") 1: tunnel interface name ("gnunet-exit") 2: "physical" interface name ("eth0"), or "-" to not setup NAT and routing 3: IPv6 address ("::1"), or "-" to skip IPv6 4: IPv6 netmask length in bits ("64") [ignored if #4 is "-"] 5: IPv4 address ("1.2.3.4"), or "-" to skip IPv4 6: IPv4 netmask ("255.255.0.0") [ignored if #4 is "-"]

Definition at line 698 of file gnunet-helper-exit.c.

699{
700 char dev[IFNAMSIZ];
701 int fd_tun;
702 int global_ret;
703
704 if (7 != argc)
705 {
706 fprintf (stderr, "Fatal: must supply 6 arguments!\n");
707 return 1;
708 }
709 if ((0 == strcmp (argv[3], "-")) &&
710 (0 == strcmp (argv[5], "-")))
711 {
712 fprintf (stderr, "Fatal: disabling both IPv4 and IPv6 makes no sense.\n");
713 return 1;
714 }
715 if (0 != strcmp (argv[2], "-"))
716 {
717#ifdef IPTABLES
718 if (0 == access (IPTABLES, X_OK))
719 sbin_iptables = IPTABLES;
720 else
721#endif
722 if (0 == access ("/sbin/iptables", X_OK))
723 sbin_iptables = "/sbin/iptables";
724 else if (0 == access ("/usr/sbin/iptables", X_OK))
725 sbin_iptables = "/usr/sbin/iptables";
726 else
727 {
728 fprintf (stderr,
729 "Fatal: executable iptables not found in approved directories: %s\n",
730 strerror (errno));
731 return 1;
732 }
733#ifdef SYSCTL
734 if (0 == access (SYSCTL, X_OK))
735 sbin_sysctl = SYSCTL;
736 else
737#endif
738 if (0 == access ("/sbin/sysctl", X_OK))
739 sbin_sysctl = "/sbin/sysctl";
740 else if (0 == access ("/usr/sbin/sysctl", X_OK))
741 sbin_sysctl = "/usr/sbin/sysctl";
742 else
743 {
744 fprintf (stderr,
745 "Fatal: executable sysctl not found in approved directories: %s\n",
746 strerror (errno));
747 return 1;
748 }
749 }
750
751 strncpy (dev, argv[1], IFNAMSIZ);
752 dev[IFNAMSIZ - 1] = '\0';
753
754 if (-1 == (fd_tun = init_tun (dev)))
755 {
756 fprintf (stderr,
757 "Fatal: could not initialize tun-interface `%s' with IPv6 %s/%s and IPv4 %s/%s\n",
758 dev,
759 argv[3],
760 argv[4],
761 argv[5],
762 argv[6]);
763 return 1;
764 }
765
766 if (0 != strcmp (argv[3], "-"))
767 {
768 {
769 const char *address = argv[3];
770 long prefix_len = atol (argv[4]);
771
772 if ((prefix_len < 1) || (prefix_len > 127))
773 {
774 fprintf (stderr, "Fatal: prefix_len out of range\n");
775 return 1;
776 }
777 set_address6 (dev, address, prefix_len);
778 }
779 if (0 != strcmp (argv[2], "-"))
780 {
781 const char *const sysctl_args[] = {
782 "sysctl", "-w", "net.ipv6.conf.all.forwarding=1", NULL
783 };
784 if (0 != fork_and_exec (sbin_sysctl,
785 sysctl_args))
786 {
787 fprintf (stderr,
788 "Failed to enable IPv6 forwarding. Will continue anyway.\n");
789 }
790 }
791 }
792
793 if (0 != strcmp (argv[5], "-"))
794 {
795 {
796 const char *address = argv[5];
797 const char *mask = argv[6];
798
799 set_address4 (dev, address, mask);
800 }
801 if (0 != strcmp (argv[2], "-"))
802 {
803 {
804 const char *const sysctl_args[] = {
805 "sysctl", "-w", "net.ipv4.ip_forward=1", NULL
806 };
807 if (0 != fork_and_exec (sbin_sysctl,
808 sysctl_args))
809 {
810 fprintf (stderr,
811 "Failed to enable IPv4 forwarding. Will continue anyway.\n")
812 ;
813 }
814 }
815 {
816 const char *const iptables_args[] = {
817 "iptables", "-t", "nat", "-A", "POSTROUTING", "-o", argv[2], "-j",
818 "MASQUERADE", NULL
819 };
820 if (0 != fork_and_exec (sbin_iptables,
821 iptables_args))
822 {
823 fprintf (stderr,
824 "Failed to enable IPv4 masquerading (NAT). Will continue anyway.\n");
825 }
826 }
827 }
828 }
829
830 {
831 uid_t uid = getuid ();
832#ifdef HAVE_SETRESUID
833 if (0 != setresuid (uid, uid, uid))
834 {
835 fprintf (stderr, "Failed to setresuid: %s\n", strerror (errno));
836 global_ret = 2;
837 goto cleanup;
838 }
839#else
840 if (0 != (setuid (uid) | seteuid (uid)))
841 {
842 fprintf (stderr, "Failed to setuid: %s\n", strerror (errno));
843 global_ret = 2;
844 goto cleanup;
845 }
846#endif
847 }
848
849 if (SIG_ERR == signal (SIGPIPE, SIG_IGN))
850 {
851 fprintf (stderr, "Failed to protect against SIGPIPE: %s\n",
852 strerror (errno));
853 /* no exit, we might as well die with SIGPIPE should it ever happen */
854 }
855 run (fd_tun);
856 global_ret = 0;
857cleanup:
858 (void) close (fd_tun);
859 return global_ret;
860}
global_ret
static int global_ret
Global status value.
Definition: gnunet-dht-hello.c:43
cleanup
static void cleanup(void *cls)
Disconnect and shutdown.
Definition: gnunet-did.c:131
sbin_sysctl
static const char * sbin_sysctl
Path to 'sysctl' binary.
Definition: gnunet-helper-exit.c:80
run
static void run(int fd_tun)
Start forwarding to and from the tunnel.
Definition: gnunet-helper-exit.c:471
fork_and_exec
static int fork_and_exec(const char *file, const char *const cmd[])
Run the given command and wait for it to complete.
Definition: gnunet-helper-exit.c:138
sbin_iptables
static const char * sbin_iptables
Path to 'iptables' binary.
Definition: gnunet-helper-exit.c:85
set_address4
static void set_address4(const char *dev, const char *address, const char *mask)
Sets the IPv4-Address given in address on the interface dev.
Definition: gnunet-helper-exit.c:372
set_address6
static void set_address6(const char *dev, const char *address, unsigned long prefix_len)
Sets the IPv6-Address given in address on the interface dev.
Definition: gnunet-helper-exit.c:280
init_tun
#define init_tun(dev)
Creates a tun-interface called dev;.
Definition: gnunet-helper-exit.c:268

References address, cleanup(), fork_and_exec(), global_ret, init_tun, run(), sbin_iptables, sbin_sysctl, set_address4(), and set_address6().

Here is the call graph for this function:

Variable Documentation

◆ sbin_sysctl

const char* sbin_sysctl
static

Path to 'sysctl' binary.

Definition at line 80 of file gnunet-helper-exit.c.

Referenced by main().

◆ sbin_iptables

const char* sbin_iptables
static

Path to 'iptables' binary.

Definition at line 85 of file gnunet-helper-exit.c.

Referenced by main().