ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/gvpe.C
(Generate patch)

Comparing gvpe/src/gvpe.C (file contents):
Revision 1.21 by root, Wed Oct 12 22:51:10 2011 UTC vs.
Revision 1.27 by root, Thu Oct 6 03:25:54 2022 UTC

1/* 1/*
2 gvpe.C -- the main file for gvpe 2 gvpe.C -- the main file for gvpe
3 Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> 3 Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl>
4 2000-2002 Guus Sliepen <guus@sliepen.eu.org> 4 2000-2002 Guus Sliepen <guus@sliepen.eu.org>
5 2003-2011 Marc Lehmann <gvpe@schmorp.de> 5 2003-2013 Marc Lehmann <gvpe@schmorp.de>
6 6
7 This file is part of GVPE. 7 This file is part of GVPE.
8 8
9 GVPE is free software; you can redistribute it and/or modify it 9 GVPE is free software; you can redistribute it and/or modify it
10 under the terms of the GNU General Public License as published by the 10 under the terms of the GNU General Public License as published by the
40#include <errno.h> 40#include <errno.h>
41#include <fcntl.h> 41#include <fcntl.h>
42#include <getopt.h> 42#include <getopt.h>
43#include <signal.h> 43#include <signal.h>
44#include <sys/types.h> 44#include <sys/types.h>
45#include <sys/stat.h>
45#include <unistd.h> 46#include <unistd.h>
46#include <signal.h> 47#include <signal.h>
47#include <termios.h> 48#include <termios.h>
48 49
49#if HAVE_SYS_MMAN_H 50#if HAVE_SYS_MMAN_H
59#include "conf.h" 60#include "conf.h"
60#include "slog.h" 61#include "slog.h"
61#include "util.h" 62#include "util.h"
62#include "vpn.h" 63#include "vpn.h"
63#include "ev_cpp.h" 64#include "ev_cpp.h"
65#include "hkdf.h"
64 66
65static loglevel llevel = L_NONE; 67static loglevel llevel = L_NONE;
66 68
67/* If nonzero, display usage information and exit. */ 69/* If nonzero, display usage information and exit. */
68static int show_help; 70static int show_help;
164 166
165 exit (c); 167 exit (c);
166} 168}
167 169
168// signal handlers 170// signal handlers
169static RETSIGTYPE 171static void
170sigterm_handler (int a) 172sigterm_handler (int a)
171{ 173{
172 network.events |= vpn::EVENT_SHUTDOWN; 174 network.events |= vpn::EVENT_SHUTDOWN;
173 network.event.start (); 175 network.event.start ();
174} 176}
175 177
176static RETSIGTYPE 178static void
177sighup_handler (int a) 179sighup_handler (int a)
178{ 180{
179 network.events |= vpn::EVENT_RECONNECT; 181 network.events |= vpn::EVENT_RECONNECT;
180 network.event.start (); 182 network.event.start ();
181} 183}
182 184
183static RETSIGTYPE 185static void
184sigusr1_handler (int a) 186sigusr1_handler (int a)
185{ 187{
186 network.dump_status (); 188 network.dump_status ();
187} 189}
188 190
189static RETSIGTYPE 191static void
190sigusr2_handler (int a) 192sigusr2_handler (int a)
191{ 193{
192} 194}
193 195
194static void 196static void
206 act.sa_flags = SA_RESETHAND; 208 act.sa_flags = SA_RESETHAND;
207 act.sa_handler = sigterm_handler; sigaction (SIGINT , &act, NULL); 209 act.sa_handler = sigterm_handler; sigaction (SIGINT , &act, NULL);
208 act.sa_handler = sigterm_handler; sigaction (SIGTERM, &act, NULL); 210 act.sa_handler = sigterm_handler; sigaction (SIGTERM, &act, NULL);
209} 211}
210 212
213static int rand_fd;
214
215// antique C++ requires external linkage :/
216void
217reseed_rng (ev::timer &w, int revents)
218{
219 char buf [SEED_SIZE];
220 int n = read (rand_fd, buf, sizeof (buf));
221
222 if (n > 0)
223 RAND_seed (buf, n);
224}
225
226static void
227setup_rng (void)
228{
229 if (!*conf.seed_dev)
230 return;
231
232#ifndef O_BINARY
233# define O_BINARY 0
234#endif
235#ifndef O_NONBLOCK
236# define O_NONBLOCK 0
237#endif
238
239 rand_fd = open (conf.seed_dev, O_RDONLY | O_NONBLOCK | O_BINARY);
240
241 if (rand_fd < 0)
242 {
243 slog (L_ERR, _("unable to open seed device '%s': %s, exiting."), conf.seed_dev, strerror (errno));
244 exit (EXIT_FAILURE);
245 }
246
247 static ev::timer reseed_timer;
248
249 if (conf.reseed)
250 {
251 reseed_timer.set<reseed_rng> ();
252 reseed_timer.set (conf.reseed, conf.reseed);
253 reseed_timer.start (EV_DEFAULT);
254 }
255
256 reseed_rng (reseed_timer, 0);
257}
258
211int 259int
212main (int argc, char **argv, char **envp) 260main (int argc, char **argv, char **envp)
213{ 261{
214 ERR_load_crypto_strings (); // we have the RAM 262 ERR_load_crypto_strings (); // we have the RAM
263
264 // m,ake sure openssl agrees with us on the important bits
265 require (EVP_MD_size (MAC_DIGEST ()) == HASH_SIZE (MAC_DIGEST ));
266 require (EVP_MD_size (AUTH_DIGEST ()) == HASH_SIZE (AUTH_DIGEST));
267 require (EVP_CIPHER_key_length (CIPHER ()) == KEY_SIZE (CIPHER ));
268 require (EVP_CIPHER_block_size (CIPHER ()) == BLOCK_SIZE (CIPHER ));
269 require (EVP_CIPHER_iv_length (CIPHER ()) == IV_SIZE (CIPHER ));
270 require (EVP_CIPHER_mode (CIPHER ()) == EVP_CIPH_CTR_MODE);
271
272 curve25519_verify ();
273 hkdf::verify ();
215 274
216 set_loglevel (L_INFO); 275 set_loglevel (L_INFO);
217 set_identity (argv[0]); 276 set_identity (argv[0]);
218 log_to (LOGTO_SYSLOG | LOGTO_STDERR); 277 log_to (LOGTO_SYSLOG | LOGTO_STDERR);
219 278
230 { 289 {
231 printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (), 290 printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (),
232 VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR); 291 VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR);
233 printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE); 292 printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE);
234 printf (_ 293 printf (_
235 ("Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> and others.\n" 294 ("Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de> and others.\n"
236 "See the AUTHORS file for a complete list.\n\n" 295 "See the AUTHORS file for a complete list.\n\n"
237 "GVPE comes with ABSOLUTELY NO WARRANTY. This is free software,\n" 296 "GVPE comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
238 "and you are welcome to redistribute it under certain conditions;\n" 297 "and you are welcome to redistribute it under certain conditions;\n"
239 "see the file COPYING for details.\n")); 298 "see the file COPYING for details.\n"));
240 299
270 configuration_parser (conf, true, argc, argv); 329 configuration_parser (conf, true, argc, argv);
271 } 330 }
272 331
273 set_loglevel (llevel != L_NONE ? llevel : conf.llevel); 332 set_loglevel (llevel != L_NONE ? llevel : conf.llevel);
274 333
275 RAND_load_file ("/dev/urandom", 1024); 334 setup_rng ();
276 335
277 if (!THISNODE) 336 if (!THISNODE)
278 { 337 {
279 slog (L_ERR, _("current node not set, or node '%s' not found in configfile, specify the nodename when starting gvpe."), 338 slog (L_ERR, _("current node not set, or node '%s' not found in configfile, specify the nodename when starting gvpe."),
280 thisnode ? thisnode : "<unset>"); 339 thisnode ? thisnode : "<unset>");
285 exit (EXIT_SUCCESS); 344 exit (EXIT_SUCCESS);
286 345
287 setup_signals (); 346 setup_signals ();
288 347
289 if (!network.setup ()) 348 if (!network.setup ())
349 if (network.drop_privileges ())
290 { 350 {
291 ev_run (EV_DEFAULT_ 0); 351 ev_run (EV_DEFAULT_ 0);
292 cleanup_and_exit (EXIT_FAILURE); 352 cleanup_and_exit (EXIT_FAILURE);
293 } 353 }
294 354
295 slog (L_ERR, _("unrecoverable error while setting up network, exiting.")); 355 slog (L_CRIT, _("unrecoverable error while setting up network, exiting."));
296 cleanup_and_exit (EXIT_FAILURE); 356 cleanup_and_exit (EXIT_FAILURE);
297} 357}
298 358

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines