ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/gvpe.C
(Generate patch)

Comparing gvpe/src/gvpe.C (file contents):
Revision 1.20 by root, Tue Mar 8 17:33:30 2011 UTC vs.
Revision 1.27 by root, Thu Oct 6 03:25:54 2022 UTC

1/* 1/*
2 gvpe.C -- the main file for gvpe 2 gvpe.C -- the main file for gvpe
3 Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> 3 Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl>
4 2000-2002 Guus Sliepen <guus@sliepen.eu.org> 4 2000-2002 Guus Sliepen <guus@sliepen.eu.org>
5 2003-2011 Marc Lehmann <gvpe@schmorp.de> 5 2003-2013 Marc Lehmann <gvpe@schmorp.de>
6 6
7 This file is part of GVPE. 7 This file is part of GVPE.
8 8
9 GVPE is free software; you can redistribute it and/or modify it 9 GVPE is free software; you can redistribute it and/or modify it
10 under the terms of the GNU General Public License as published by the 10 under the terms of the GNU General Public License as published by the
40#include <errno.h> 40#include <errno.h>
41#include <fcntl.h> 41#include <fcntl.h>
42#include <getopt.h> 42#include <getopt.h>
43#include <signal.h> 43#include <signal.h>
44#include <sys/types.h> 44#include <sys/types.h>
45#include <sys/stat.h>
45#include <unistd.h> 46#include <unistd.h>
46#include <signal.h> 47#include <signal.h>
47#include <termios.h> 48#include <termios.h>
48 49
49#if HAVE_SYS_MMAN_H 50#if HAVE_SYS_MMAN_H
59#include "conf.h" 60#include "conf.h"
60#include "slog.h" 61#include "slog.h"
61#include "util.h" 62#include "util.h"
62#include "vpn.h" 63#include "vpn.h"
63#include "ev_cpp.h" 64#include "ev_cpp.h"
65#include "hkdf.h"
64 66
65static loglevel llevel = L_NONE; 67static loglevel llevel = L_NONE;
66 68
67/* If nonzero, display usage information and exit. */ 69/* If nonzero, display usage information and exit. */
68static int show_help; 70static int show_help;
164 166
165 exit (c); 167 exit (c);
166} 168}
167 169
168// signal handlers 170// signal handlers
169static RETSIGTYPE 171static void
170sigterm_handler (int a) 172sigterm_handler (int a)
171{ 173{
172 network.events |= vpn::EVENT_SHUTDOWN; 174 network.events |= vpn::EVENT_SHUTDOWN;
173 network.event.start (); 175 network.event.start ();
174} 176}
175 177
176static RETSIGTYPE 178static void
177sighup_handler (int a) 179sighup_handler (int a)
178{ 180{
179 network.events |= vpn::EVENT_RECONNECT; 181 network.events |= vpn::EVENT_RECONNECT;
180 network.event.start (); 182 network.event.start ();
181} 183}
182 184
183static RETSIGTYPE 185static void
184sigusr1_handler (int a) 186sigusr1_handler (int a)
185{ 187{
186 network.dump_status (); 188 network.dump_status ();
187} 189}
188 190
189static RETSIGTYPE 191static void
190sigusr2_handler (int a) 192sigusr2_handler (int a)
191{ 193{
192} 194}
193 195
194static void 196static void
206 act.sa_flags = SA_RESETHAND; 208 act.sa_flags = SA_RESETHAND;
207 act.sa_handler = sigterm_handler; sigaction (SIGINT , &act, NULL); 209 act.sa_handler = sigterm_handler; sigaction (SIGINT , &act, NULL);
208 act.sa_handler = sigterm_handler; sigaction (SIGTERM, &act, NULL); 210 act.sa_handler = sigterm_handler; sigaction (SIGTERM, &act, NULL);
209} 211}
210 212
211struct Xob {//D 213static int rand_fd;
212 void wcbx () 214
215// antique C++ requires external linkage :/
216void
217reseed_rng (ev::timer &w, int revents)
218{
219 char buf [SEED_SIZE];
220 int n = read (rand_fd, buf, sizeof (buf));
221
222 if (n > 0)
223 RAND_seed (buf, n);
224}
225
226static void
227setup_rng (void)
228{
229 if (!*conf.seed_dev)
230 return;
231
232#ifndef O_BINARY
233# define O_BINARY 0
234#endif
235#ifndef O_NONBLOCK
236# define O_NONBLOCK 0
237#endif
238
239 rand_fd = open (conf.seed_dev, O_RDONLY | O_NONBLOCK | O_BINARY);
240
241 if (rand_fd < 0)
213 { 242 {
214 printf ("wcbx %p\n", pthread_self()); 243 slog (L_ERR, _("unable to open seed device '%s': %s, exiting."), conf.seed_dev, strerror (errno));
244 exit (EXIT_FAILURE);
215 } 245 }
216 void dcbx () 246
247 static ev::timer reseed_timer;
248
249 if (conf.reseed)
217 { 250 {
218 printf ("dcbx %p\n", pthread_self()); 251 reseed_timer.set<reseed_rng> ();
252 reseed_timer.set (conf.reseed, conf.reseed);
253 reseed_timer.start (EV_DEFAULT);
219 } 254 }
220}; 255
256 reseed_rng (reseed_timer, 0);
257}
221 258
222int 259int
223main (int argc, char **argv, char **envp) 260main (int argc, char **argv, char **envp)
224{ 261{
225 ERR_load_crypto_strings (); // we have the RAM 262 ERR_load_crypto_strings (); // we have the RAM
263
264 // m,ake sure openssl agrees with us on the important bits
265 require (EVP_MD_size (MAC_DIGEST ()) == HASH_SIZE (MAC_DIGEST ));
266 require (EVP_MD_size (AUTH_DIGEST ()) == HASH_SIZE (AUTH_DIGEST));
267 require (EVP_CIPHER_key_length (CIPHER ()) == KEY_SIZE (CIPHER ));
268 require (EVP_CIPHER_block_size (CIPHER ()) == BLOCK_SIZE (CIPHER ));
269 require (EVP_CIPHER_iv_length (CIPHER ()) == IV_SIZE (CIPHER ));
270 require (EVP_CIPHER_mode (CIPHER ()) == EVP_CIPH_CTR_MODE);
271
272 curve25519_verify ();
273 hkdf::verify ();
226 274
227 set_loglevel (L_INFO); 275 set_loglevel (L_INFO);
228 set_identity (argv[0]); 276 set_identity (argv[0]);
229 log_to (LOGTO_SYSLOG | LOGTO_STDERR); 277 log_to (LOGTO_SYSLOG | LOGTO_STDERR);
230 278
241 { 289 {
242 printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (), 290 printf (_("%s version %s (built %s %s, protocol version %d.%d)\n"), get_identity (),
243 VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR); 291 VERSION, __DATE__, __TIME__, PROTOCOL_MAJOR, PROTOCOL_MINOR);
244 printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE); 292 printf (_("Built with kernel interface %s/%s.\n"), IFTYPE, IFSUBTYPE);
245 printf (_ 293 printf (_
246 ("Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> and others.\n" 294 ("Copyright (C) 2003-2011 Marc Lehmann <gvpe@schmorp.de> and others.\n"
247 "See the AUTHORS file for a complete list.\n\n" 295 "See the AUTHORS file for a complete list.\n\n"
248 "GVPE comes with ABSOLUTELY NO WARRANTY. This is free software,\n" 296 "GVPE comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
249 "and you are welcome to redistribute it under certain conditions;\n" 297 "and you are welcome to redistribute it under certain conditions;\n"
250 "see the file COPYING for details.\n")); 298 "see the file COPYING for details.\n"));
251 299
281 configuration_parser (conf, true, argc, argv); 329 configuration_parser (conf, true, argc, argv);
282 } 330 }
283 331
284 set_loglevel (llevel != L_NONE ? llevel : conf.llevel); 332 set_loglevel (llevel != L_NONE ? llevel : conf.llevel);
285 333
286 RAND_load_file ("/dev/urandom", 1024); 334 setup_rng ();
287 335
288 if (!THISNODE) 336 if (!THISNODE)
289 { 337 {
290 slog (L_ERR, _("current node not set, or node '%s' not found in configfile, specify the nodename when starting gvpe."), 338 slog (L_ERR, _("current node not set, or node '%s' not found in configfile, specify the nodename when starting gvpe."),
291 thisnode ? thisnode : "<unset>"); 339 thisnode ? thisnode : "<unset>");
296 exit (EXIT_SUCCESS); 344 exit (EXIT_SUCCESS);
297 345
298 setup_signals (); 346 setup_signals ();
299 347
300 if (!network.setup ()) 348 if (!network.setup ())
349 if (network.drop_privileges ())
301 { 350 {
302 ev_run (EV_DEFAULT_ 0); 351 ev_run (EV_DEFAULT_ 0);
303 cleanup_and_exit (EXIT_FAILURE); 352 cleanup_and_exit (EXIT_FAILURE);
304 } 353 }
305 354
306 slog (L_ERR, _("unrecoverable error while setting up network, exiting.")); 355 slog (L_CRIT, _("unrecoverable error while setting up network, exiting."));
307 cleanup_and_exit (EXIT_FAILURE); 356 cleanup_and_exit (EXIT_FAILURE);
308} 357}
309 358

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines