[GNUnet-SVN] r12454 - gnunet/src/vpn

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r12454 - gnunet/src/vpn

From:	gnunet
Subject:	[GNUnet-SVN] r12454 - gnunet/src/vpn
Date:	Tue, 3 Aug 2010 20:59:14 +0200

Author: toelke
Date: 2010-08-03 20:59:14 +0200 (Tue, 03 Aug 2010)
New Revision: 12454

Added:
   gnunet/src/vpn/gnunet-helper-hijack-dns.c
Modified:
   gnunet/src/vpn/Makefile.am
Log:
helper-program to use iptables

Modified: gnunet/src/vpn/Makefile.am
===================================================================
--- gnunet/src/vpn/Makefile.am  2010-08-03 18:59:06 UTC (rev 12453)
+++ gnunet/src/vpn/Makefile.am  2010-08-03 18:59:14 UTC (rev 12454)
@@ -10,16 +10,19 @@
 
 if LINUX
 VPNBIN = gnunet-helper-vpn
+HIJACKBIN = gnunet-helper-hijack-dns
 install-exec-hook:
        chown root $(bindir)/gnunet-helper-vpn || true
        chmod u+s $(bindir)/gnunet-helper-vpn || true
+       chown root $(bindir)/gnunet-helper-hijack-dns || true
+       chmod u+s $(bindir)/gnunet-helper-hijack-dns || true
 else
 install-exec-hook:
 endif
 
 
 bin_PROGRAMS = \
- gnunet-daemon-vpn $(VPNBIN)
+ gnunet-daemon-vpn $(VPNBIN) $(HIJACKBIN)
 
 
 gnunet_helper_vpn_SOURCES = \
@@ -27,13 +30,8 @@
  gnunet-vpn-helper-p.h \
  gnunet-vpn-tun.h gnunet-vpn-tun.c
 
-# debug.c  debug.h \
-# packet.h packet.c \
-# pretty-print.c  pretty-print.h \
-# tcp.c  tcp.h \
-# test.c \
-# tun.c  tun.h \
-# udp.c udp.h
+gnunet_helper_hijack_dns_SOURCES = \
+ gnunet-helper-hijack-dns.c
 
 gnunet_daemon_vpn_SOURCES = \
  gnunet-daemon-vpn.c gnunet-vpn-pretty-print.c

Added: gnunet/src/vpn/gnunet-helper-hijack-dns.c
===================================================================
--- gnunet/src/vpn/gnunet-helper-hijack-dns.c                           (rev 0)
+++ gnunet/src/vpn/gnunet-helper-hijack-dns.c   2010-08-03 18:59:14 UTC (rev 
12454)
@@ -0,0 +1,91 @@
+/*
+   This file is part of GNUnet.
+   (C) 2010 Christian Grothoff
+
+   GNUnet is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published
+   by the Free Software Foundation; either version 3, or (at your
+   option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with GNUnet; see the file COPYING.  If not, write to the
+   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+   */
+
+/**
+ * @file vpn/gnunet-helper-hijack-dns.c
+ * @brief
+ * @author Philipp Tölke
+ */
+#define _GNU_SOURCE
+
+#include <arpa/inet.h>
+
+#include <string.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <gnunet_common.h>
+
+int fork_and_exec(char* file, char* cmd[]) {
+       pid_t pid = fork();
+       if (pid < 0) {
+               fprintf(stderr, "could not fork: %m\n");
+               return GNUNET_SYSERR;
+       }
+
+       int st = 0;
+
+       if (pid == 0) {
+               execv(file, cmd);
+       } else {
+               waitpid(pid, &st, 0);
+       }
+       return WIFEXITED(st) && (WEXITSTATUS(st) == 0);
+}
+
+int main(int argc, char** argv) {
+       int delete = 0;
+       int port = 0;
+       if (argc < 2) return GNUNET_SYSERR;
+
+       if (strncmp(argv[1], "-d", 2) == 0) {
+               if (argc < 3) return GNUNET_SYSERR;
+               delete = 1;
+               port = atoi(argv[2]);
+       } else {
+               port = atoi(argv[1]);
+       }
+
+       if (port == 0) return GNUNET_SYSERR;
+
+       struct stat s;
+       if (stat("/sbin/iptables", &s) < 0) {
+               fprintf(stderr, "stat on /sbin/iptables failed: %m\n");
+               return GNUNET_SYSERR;
+       }
+
+       char localport[7];
+       snprintf(localport, 7, "%d", port);
+
+       int r;
+       if (delete) {
+               r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", 
"nat", "-D", "OUTPUT", "-p", "udp", "--sport", localport, "--dport", "53", 
"-j", "ACCEPT", NULL});
+               r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", 
"nat", "-D", "OUTPUT", "-p", "udp", "--dport", "53", "-j", "DNAT", 
"--to-destination", "10.10.10.2:53", NULL});
+       } else {
+               r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", 
"nat", "-I", "OUTPUT", "1", "-p", "udp", "--sport", localport, "--dport", "53", 
"-j", "ACCEPT", NULL});
+               r = fork_and_exec("/sbin/iptables", (char*[]){"iptables", "-t", 
"nat", "-I", "OUTPUT", "2", "-p", "udp", "--dport", "53", "-j", "DNAT", 
"--to-destination", "10.10.10.2:53", NULL});
+       }
+       if (r) return GNUNET_YES;
+       return GNUNET_SYSERR;
+}

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r12454 - gnunet/src/vpn, gnunet <=

Prev by Date: [GNUnet-SVN] r12453 - gnunet/src/vpn
Next by Date: [GNUnet-SVN] r12455 - gnunet/src/vpn
Previous by thread: [GNUnet-SVN] r12453 - gnunet/src/vpn
Next by thread: [GNUnet-SVN] r12455 - gnunet/src/vpn
Index(es):
- Date
- Thread