iodine/src/iodine.c

768 lines
14 KiB
C
Raw Normal View History

2006-06-05 15:41:08 +03:00
/*
2007-03-21 02:00:27 +02:00
* Copyright (c) 2006-2007 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
2006-06-05 15:41:08 +03:00
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
2006-06-05 17:43:04 +03:00
#include <string.h>
2006-06-05 17:46:10 +03:00
#include <signal.h>
2006-06-05 18:13:30 +03:00
#include <unistd.h>
#include <netdb.h>
2006-08-13 21:58:54 +03:00
#include <netinet/in.h>
2006-06-05 18:13:30 +03:00
#include <sys/types.h>
2007-06-17 14:46:05 +03:00
#include <sys/time.h>
2006-06-11 22:54:38 +03:00
#include <sys/socket.h>
2006-06-06 02:34:23 +03:00
#include <fcntl.h>
2006-06-05 17:43:04 +03:00
#include <err.h>
#include <pwd.h>
2006-06-06 03:17:28 +03:00
#include <arpa/inet.h>
2006-06-06 20:59:24 +03:00
#include <zlib.h>
#include <arpa/nameser.h>
#ifdef DARWIN
#include <arpa/nameser8_compat.h>
#endif
#include <termios.h>
2006-06-05 15:41:08 +03:00
#include "common.h"
2007-06-09 19:18:59 +03:00
#include "encoding.h"
#include "base32.h"
2006-06-05 16:38:10 +03:00
#include "dns.h"
2006-11-18 18:08:47 +02:00
#include "login.h"
#include "tun.h"
#include "version.h"
2006-06-05 15:41:08 +03:00
static void send_ping(int fd);
2007-02-05 19:40:06 +02:00
static void send_chunk(int fd);
2007-06-07 21:57:18 +03:00
static int build_hostname(char *buf, size_t buflen,
const char *data, const size_t datalen,
2007-06-24 13:54:50 +03:00
const char *topdomain, struct encoder *encoder);
static int running = 1;
static char password[33];
2006-06-05 17:46:10 +03:00
static struct sockaddr_in peer;
static char *topdomain;
static uint16_t rand_seed;
/* Current IP packet */
static struct packet packet;
/* My userid at the server */
static char userid;
/* DNS id for next packet */
static uint16_t chunkid;
2007-06-24 13:54:50 +03:00
/* Base32 encoder used for non-data packets */
static struct encoder *b32;
2007-06-24 13:54:50 +03:00
/* The encoder used for data packets
* Defaults to Base32, can be changed after handshake */
static struct encoder *dataenc;
2007-06-09 19:18:59 +03:00
/* result of case preservation check done after login */
static int case_preserved;
2006-06-05 17:46:10 +03:00
static void
2007-02-04 19:00:20 +02:00
sighandler(int sig)
{
2006-06-05 17:46:10 +03:00
running = 0;
}
static void
2007-07-12 02:10:08 +03:00
send_query(int fd, char *hostname)
{
char packet[4096];
struct query q;
size_t len;
q.id = ++chunkid;
q.type = T_NULL;
2007-07-12 02:10:08 +03:00
len = dns_encode(packet, sizeof(packet), &q, QR_QUERY, hostname, strlen(hostname));
sendto(fd, packet, len, 0, (struct sockaddr*)&peer, sizeof(peer));
}
2007-07-12 02:10:08 +03:00
static void
send_packet(int fd, char cmd, const char *data, const size_t datalen)
{
char buf[4096];
buf[0] = cmd;
build_hostname(buf + 1, sizeof(buf) - 1, data, datalen, topdomain, b32);
send_query(fd, buf);
}
2007-06-07 21:57:18 +03:00
static int
build_hostname(char *buf, size_t buflen,
const char *data, const size_t datalen,
2007-06-24 13:54:50 +03:00
const char *topdomain, struct encoder *encoder)
2007-06-07 21:57:18 +03:00
{
2007-06-09 19:18:59 +03:00
int encsize;
2007-06-18 10:17:55 +03:00
size_t space;
2007-06-07 21:57:18 +03:00
char *b;
2007-06-09 19:18:59 +03:00
space = MIN(0xFF, buflen) - strlen(topdomain) - 2;
2007-06-24 13:54:50 +03:00
if (!encoder->places_dots())
2007-06-09 19:18:59 +03:00
space -= (space / 62); /* space for dots */
2007-06-07 21:57:18 +03:00
memset(buf, 0, buflen);
2007-06-24 13:54:50 +03:00
encsize = encoder->encode(buf, &space, data, datalen);
2007-06-09 19:18:59 +03:00
2007-06-24 13:54:50 +03:00
if (!encoder->places_dots())
2007-06-09 19:18:59 +03:00
inline_dotify(buf, buflen);
2007-06-07 21:57:18 +03:00
2007-06-09 19:18:59 +03:00
b = buf;
2007-06-07 21:57:18 +03:00
b += strlen(buf);
2007-06-09 19:18:59 +03:00
2007-06-07 21:57:18 +03:00
if (*b != '.')
*b++ = '.';
strncpy(b, topdomain, strlen(topdomain)+1);
2007-06-09 19:18:59 +03:00
return space;
2007-06-07 21:57:18 +03:00
}
int
2007-02-05 19:40:06 +02:00
is_sending()
{
return (packet.len != 0);
}
int
2007-02-05 19:40:06 +02:00
read_dns(int fd, char *buf, int buflen)
{
struct sockaddr_in from;
char data[64*1024];
socklen_t addrlen;
struct query q;
int rv;
int r;
addrlen = sizeof(struct sockaddr);
if ((r = recvfrom(fd, data, sizeof(data), 0,
(struct sockaddr*)&from, &addrlen)) == -1) {
2007-02-06 18:01:09 +02:00
warn("recvfrom");
return 0;
}
rv = dns_decode(buf, buflen, &q, QR_ANSWER, data, r);
2007-02-05 19:40:06 +02:00
if (is_sending() && chunkid == q.id) {
/* Got ACK on sent packet */
packet.offset += packet.sentlen;
if (packet.offset == packet.len) {
/* Packet completed */
packet.offset = 0;
packet.len = 0;
packet.sentlen = 0;
} else {
/* More to send */
2007-02-05 19:40:06 +02:00
send_chunk(fd);
}
}
return rv;
}
2006-06-05 17:43:04 +03:00
static int
tunnel_tun(int tun_fd, int dns_fd)
2006-06-05 17:43:04 +03:00
{
2007-02-04 18:06:53 +02:00
unsigned long outlen;
unsigned long inlen;
2007-02-06 18:01:09 +02:00
char out[64*1024];
char in[64*1024];
size_t read;
2007-02-06 18:01:09 +02:00
if ((read = read_tun(tun_fd, in, sizeof(in))) <= 0)
return -1;
2007-02-06 18:01:09 +02:00
outlen = sizeof(out);
inlen = read;
compress2((uint8_t*)out, &outlen, (uint8_t*)in, inlen, 9);
2007-02-06 18:01:09 +02:00
memcpy(packet.data, out, MIN(outlen, sizeof(packet.data)));
packet.sentlen = 0;
packet.offset = 0;
packet.len = outlen;
2007-02-06 18:01:09 +02:00
send_chunk(dns_fd);
return read;
}
static int
tunnel_dns(int tun_fd, int dns_fd)
{
2007-02-04 18:06:53 +02:00
unsigned long outlen;
unsigned long inlen;
2007-02-06 18:01:09 +02:00
char out[64*1024];
char in[64*1024];
size_t read;
2007-02-06 18:01:09 +02:00
if ((read = read_dns(dns_fd, in, sizeof(in))) <= 0)
return -1;
outlen = sizeof(out);
inlen = read;
if (uncompress((uint8_t*)out, &outlen, (uint8_t*)in, inlen) != Z_OK)
return -1;
2007-02-06 18:01:09 +02:00
write_tun(tun_fd, out, outlen);
if (!is_sending())
send_ping(dns_fd);
return read;
}
static int
tunnel(int tun_fd, int dns_fd)
{
2006-08-25 01:12:45 +03:00
struct timeval tv;
fd_set fds;
int rv;
int i;
2006-08-25 01:12:45 +03:00
rv = 0;
2006-06-06 02:34:23 +03:00
2006-06-05 17:46:10 +03:00
while (running) {
tv.tv_sec = 1;
tv.tv_usec = 0;
2006-06-05 17:43:04 +03:00
FD_ZERO(&fds);
2007-02-05 19:40:06 +02:00
if (!is_sending())
2006-06-05 23:05:11 +03:00
FD_SET(tun_fd, &fds);
2006-06-05 17:43:04 +03:00
FD_SET(dns_fd, &fds);
i = select(MAX(tun_fd, dns_fd) + 1, &fds, NULL, NULL, &tv);
if (running == 0)
break;
if (i < 0)
err(1, "select");
if (i == 0) /* timeout */
send_ping(dns_fd);
else {
if (FD_ISSET(tun_fd, &fds)) {
if (tunnel_tun(tun_fd, dns_fd) <= 0)
continue;
2006-06-05 17:43:04 +03:00
}
if (FD_ISSET(dns_fd, &fds)) {
if (tunnel_dns(tun_fd, dns_fd) <= 0)
continue;
2006-06-05 17:43:04 +03:00
}
}
2006-06-05 17:43:04 +03:00
}
2006-08-25 01:12:45 +03:00
return rv;
2006-06-05 17:43:04 +03:00
}
2007-02-05 19:40:06 +02:00
static void
send_chunk(int fd)
{
char hex[] = "0123456789ABCDEF";
2007-02-05 19:40:06 +02:00
char buf[4096];
int avail;
int code;
2007-02-05 19:40:06 +02:00
char *p;
p = packet.data;
p += packet.offset;
avail = packet.len - packet.offset;
2007-02-05 19:40:06 +02:00
packet.sentlen = build_hostname(buf + 1, sizeof(buf) - 1, p, avail, topdomain, dataenc);
if (packet.sentlen == avail)
code = 1;
else
code = 0;
2007-02-05 19:40:06 +02:00
code |= (userid << 1);
buf[0] = hex[code];
2007-02-05 19:40:06 +02:00
2007-07-12 02:10:08 +03:00
send_query(fd, buf);
2007-02-05 19:40:06 +02:00
}
void
send_login(int fd, char *login, int len)
{
char data[19];
memset(data, 0, sizeof(data));
data[0] = userid;
memcpy(&data[1], login, MIN(len, 16));
data[17] = (rand_seed >> 8) & 0xff;
data[18] = (rand_seed >> 0) & 0xff;
rand_seed++;
send_packet(fd, 'L', data, sizeof(data));
}
static void
send_ping(int fd)
{
char data[3];
2007-02-05 19:40:06 +02:00
if (is_sending()) {
packet.sentlen = 0;
packet.offset = 0;
packet.len = 0;
}
data[0] = userid;
data[1] = (rand_seed >> 8) & 0xff;
data[2] = (rand_seed >> 0) & 0xff;
rand_seed++;
send_packet(fd, 'P', data, sizeof(data));
}
void
send_version(int fd, uint32_t version)
{
char data[6];
data[0] = (version >> 24) & 0xff;
data[1] = (version >> 16) & 0xff;
data[2] = (version >> 8) & 0xff;
data[3] = (version >> 0) & 0xff;
data[4] = (rand_seed >> 8) & 0xff;
data[5] = (rand_seed >> 0) & 0xff;
rand_seed++;
send_packet(fd, 'V', data, sizeof(data));
}
void
send_case_check(int fd)
{
char buf[512] = "zZaAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyY123-4560789.";
strncat(buf, topdomain, 512 - strlen(buf));
send_query(fd, buf);
}
2006-06-11 19:13:40 +03:00
static int
handshake(int dns_fd)
{
2006-08-25 00:23:29 +03:00
struct timeval tv;
uint32_t payload;
2006-11-08 23:02:08 +02:00
char server[65];
char client[65];
2006-11-18 18:08:47 +02:00
char login[16];
2006-08-25 00:23:29 +03:00
char in[4096];
fd_set fds;
int read;
int mtu;
2006-11-18 18:08:47 +02:00
int seed;
2006-06-11 19:13:40 +03:00
int i;
int r;
for (i = 0; running && i < 5; i++) {
2006-11-18 18:08:47 +02:00
tv.tv_sec = i + 1;
2006-06-11 19:13:40 +03:00
tv.tv_usec = 0;
send_version(dns_fd, VERSION);
2006-06-11 19:13:40 +03:00
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2007-02-05 19:40:06 +02:00
read = read_dns(dns_fd, in, sizeof(in));
2006-06-11 19:13:40 +03:00
2006-06-11 21:07:26 +03:00
if(read < 0) {
warn("handshake read");
2006-06-11 19:13:40 +03:00
continue;
}
if (read >= 9) {
payload = (((in[4] & 0xff) << 24) |
((in[5] & 0xff) << 16) |
((in[6] & 0xff) << 8) |
((in[7] & 0xff)));
2006-11-18 18:08:47 +02:00
if (strncmp("VACK", in, 4) == 0) {
seed = payload;
userid = in[8];
printf("Version ok, both running 0x%08x. You are user #%d\n", VERSION, userid);
goto perform_login;
} else if (strncmp("VNAK", in, 4) == 0) {
errx(1, "you run 0x%08x, server runs 0x%08x. giving up\n",
VERSION, payload);
/* NOTREACHED */
} else if (strncmp("VFUL", in, 4) == 0) {
errx(1, "server full, all %d slots are taken. try again later\n", payload);
/* NOTREACHED */
2006-11-18 18:08:47 +02:00
}
} else
warnx("did not receive proper login challenge\n");
2006-11-18 18:08:47 +02:00
}
printf("Retrying version check...\n");
}
errx(1, "couldn't connect to server");
/* NOTREACHED */
2006-11-18 18:08:47 +02:00
perform_login:
2006-11-18 18:08:47 +02:00
login_calculate(login, 16, password, seed);
2006-11-18 18:08:47 +02:00
for (i=0; running && i<5 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
send_login(dns_fd, login, 16);
2006-11-18 18:08:47 +02:00
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
2007-02-05 19:40:06 +02:00
read = read_dns(dns_fd, in, sizeof(in));
2006-11-18 18:08:47 +02:00
if(read <= 0) {
warn("read");
2006-11-18 18:08:47 +02:00
continue;
}
if (read > 0) {
if (strncmp("LNAK", in, 4) == 0) {
printf("Bad password\n");
return 1;
} else if (sscanf(in, "%64[^-]-%64[^-]-%d",
2006-08-25 01:12:45 +03:00
server, client, &mtu) == 3) {
2006-11-08 23:02:08 +02:00
server[64] = 0;
client[64] = 0;
if (tun_setip(client) == 0 &&
tun_setmtu(mtu) == 0) {
goto perform_case_check;
2006-11-08 23:02:08 +02:00
} else {
warnx("Received handshake with bad data");
2006-11-08 23:02:08 +02:00
}
} else {
printf("Received bad handshake\n");
2006-06-11 22:54:38 +03:00
}
2006-06-11 21:07:26 +03:00
}
2006-06-11 19:13:40 +03:00
}
2006-11-18 18:08:47 +02:00
printf("Retrying login...\n");
2006-06-11 19:13:40 +03:00
}
errx(1, "couldn't login to server");
/* NOTREACHED */
perform_case_check:
case_preserved = 0;
for (i=0; running && i<5 ;i++) {
tv.tv_sec = i + 1;
tv.tv_usec = 0;
send_case_check(dns_fd);
FD_ZERO(&fds);
FD_SET(dns_fd, &fds);
r = select(dns_fd + 1, &fds, NULL, NULL, &tv);
if(r > 0) {
read = read_dns(dns_fd, in, sizeof(in));
if(read <= 0) {
warn("read");
continue;
}
if (read > 0) {
if (in[0] == 'z' || in[0] == 'Z') {
if (read < (26 * 2)) {
printf("Received short case reply...\n");
} else {
int k;
case_preserved = 1;
for (k = 0; k < 26 && case_preserved; k += 2) {
if (in[k] == in[k+1]) {
/* test string: zZaAbBcCdD... */
case_preserved = 0;
}
}
return 0;
}
} else {
printf("Received bad case check reply\n");
}
}
}
printf("Retrying case check...\n");
}
2006-06-11 19:13:40 +03:00
printf("No reply on case check, continuing\n");
return 0;
2006-06-11 19:13:40 +03:00
}
static char *
get_resolvconf_addr()
{
static char addr[16];
char buf[80];
char *rv;
FILE *fp;
rv = NULL;
if ((fp = fopen("/etc/resolv.conf", "r")) == NULL)
err(1, "/etc/resolve.conf");
while (feof(fp) == 0) {
fgets(buf, sizeof(buf), fp);
if (sscanf(buf, "nameserver %15s", addr) == 1) {
rv = addr;
break;
}
}
fclose(fp);
return rv;
}
2006-06-11 19:13:40 +03:00
static void
set_nameserver(const char *cp)
{
struct in_addr addr;
if (inet_aton(cp, &addr) != 1)
errx(1, "error parsing nameserver address: '%s'", cp);
memset(&peer, 0, sizeof(peer));
peer.sin_family = AF_INET;
peer.sin_port = htons(53);
peer.sin_addr = addr;
}
static void
read_password(char *buf, size_t len)
{
struct termios old;
struct termios tp;
char pwd[80];
tcgetattr(0, &tp);
old = tp;
tp.c_lflag &= (~ECHO);
tcsetattr(0, TCSANOW, &tp);
printf("Enter password: ");
fflush(stdout);
scanf("%79s", pwd);
printf("\n");
tcsetattr(0, TCSANOW, &old);
strncpy(buf, pwd, len);
buf[len-1] = '\0';
}
static void
usage() {
2006-08-25 00:23:29 +03:00
extern char *__progname;
2006-08-14 19:36:32 +03:00
printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] "
"[nameserver] topdomain\n", __progname);
exit(2);
}
2006-06-11 16:14:57 +03:00
static void
help() {
2006-08-25 00:23:29 +03:00
extern char *__progname;
2006-06-11 16:27:48 +03:00
printf("iodine IP over DNS tunneling client\n");
2006-06-24 13:31:16 +03:00
printf("Usage: %s [-v] [-h] [-f] [-u user] [-t chrootdir] [-d device] "
"[-P password] [nameserver] topdomain\n", __progname);
2006-06-12 01:02:26 +03:00
printf(" -v to print version info and exit\n");
printf(" -h to print this help and exit\n");
printf(" -f to keep running in foreground\n");
2006-06-11 16:14:57 +03:00
printf(" -u name to drop privileges and run as user 'name'\n");
2006-06-11 17:34:27 +03:00
printf(" -t dir to chroot to directory dir\n");
2006-06-24 13:28:24 +03:00
printf(" -d device to set tunnel device name\n");
2007-02-10 14:36:08 +02:00
printf(" -P password used for authentication (max 32 chars will be used)\n");
printf("nameserver is the IP number of the relaying nameserver, if absent /etc/resolv.conf is used\n");
2006-06-11 20:47:39 +03:00
printf("topdomain is the FQDN that is delegated to the tunnel endpoint.\n");
2007-02-06 18:01:09 +02:00
2006-06-11 16:14:57 +03:00
exit(0);
}
2006-06-11 16:27:48 +03:00
static void
version() {
2007-02-06 18:01:09 +02:00
char *svnver;
svnver = "$Rev$ from $Date$";
2006-06-11 16:27:48 +03:00
printf("iodine IP over DNS tunneling client\n");
printf("SVN version: %s\n", svnver);
2007-02-06 18:01:09 +02:00
2006-06-11 16:27:48 +03:00
exit(0);
}
2006-06-05 15:41:08 +03:00
int
main(int argc, char **argv)
2006-06-05 15:41:08 +03:00
{
char *nameserv_addr;
2006-08-25 00:23:29 +03:00
struct passwd *pw;
char *username;
2006-06-11 16:05:41 +03:00
int foreground;
2006-08-25 00:23:29 +03:00
char *newroot;
char *device;
int choice;
2006-08-25 01:12:45 +03:00
int tun_fd;
int dns_fd;
2006-11-18 18:08:47 +02:00
memset(password, 0, 33);
2007-02-06 18:01:09 +02:00
username = NULL;
2006-06-11 16:05:41 +03:00
foreground = 0;
2006-08-25 00:23:29 +03:00
newroot = NULL;
device = NULL;
2007-02-06 18:01:09 +02:00
chunkid = 0;
2007-06-09 19:18:59 +03:00
2007-06-24 13:54:50 +03:00
b32 = get_base32_encoder();
dataenc = get_base32_encoder();
2006-06-11 15:45:46 +03:00
2006-11-18 18:08:47 +02:00
while ((choice = getopt(argc, argv, "vfhu:t:d:P:")) != -1) {
switch(choice) {
2006-06-11 16:27:48 +03:00
case 'v':
version();
break;
2006-06-11 16:05:41 +03:00
case 'f':
foreground = 1;
break;
2006-06-11 16:14:57 +03:00
case 'h':
help();
break;
case 'u':
username = optarg;
break;
2006-06-11 17:29:36 +03:00
case 't':
newroot = optarg;
break;
2006-06-24 13:28:24 +03:00
case 'd':
device = optarg;
break;
2006-11-18 18:08:47 +02:00
case 'P':
strncpy(password, optarg, 32);
password[32] = 0;
/* XXX: find better way of cleaning up ps(1) */
memset(optarg, 0, strlen(optarg));
2006-11-18 18:08:47 +02:00
break;
default:
usage();
2007-02-04 19:00:20 +02:00
/* NOTREACHED */
}
}
if (geteuid() != 0) {
warnx("Run as root and you'll be happy.\n");
usage();
}
argc -= optind;
argv += optind;
switch (argc) {
case 1:
nameserv_addr = get_resolvconf_addr();
topdomain = strdup(argv[0]);
break;
case 2:
nameserv_addr = argv[0];
topdomain = strdup(argv[1]);
break;
default:
usage();
/* NOTREACHED */
}
set_nameserver(nameserv_addr);
if (strlen(topdomain) > 128 || topdomain[0] == '.') {
warnx("Use a topdomain max 128 chars long. Do not start it with a dot.\n");
usage();
}
if (username != NULL) {
if ((pw = getpwnam(username)) == NULL) {
warnx("User %s does not exist!\n", username);
2006-06-11 15:18:49 +03:00
usage();
}
}
2006-11-18 18:08:47 +02:00
if (strlen(password) == 0)
read_password(password, sizeof(password));
2006-06-11 15:18:49 +03:00
2006-06-24 13:28:24 +03:00
if ((tun_fd = open_tun(device)) == -1)
goto cleanup1;
if ((dns_fd = open_dns(0, INADDR_ANY)) == -1)
2006-06-11 17:42:19 +03:00
goto cleanup2;
2006-06-11 22:54:23 +03:00
2006-06-11 21:07:26 +03:00
signal(SIGINT, sighandler);
signal(SIGTERM, sighandler);
2006-06-11 17:29:36 +03:00
2006-06-11 19:13:40 +03:00
if(handshake(dns_fd))
goto cleanup2;
2006-11-18 18:08:47 +02:00
printf("Sending queries for %s to %s\n", argv[1], argv[0]);
2006-06-11 19:13:40 +03:00
if (newroot != NULL)
do_chroot(newroot);
2006-06-05 17:46:10 +03:00
if (username != NULL) {
if (setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
warnx("Could not switch to user %s!\n", username);
usage();
}
}
2007-03-01 23:41:17 +02:00
if (foreground == 0)
2007-03-01 23:41:17 +02:00
do_detach();
2006-06-05 17:43:04 +03:00
tunnel(tun_fd, dns_fd);
2006-06-05 15:41:08 +03:00
2006-06-11 17:42:19 +03:00
cleanup2:
2006-06-05 17:43:04 +03:00
close_dns(dns_fd);
close_tun(tun_fd);
cleanup1:
2006-06-05 15:41:08 +03:00
return 0;
}