Bug fix with tun/tap thread "on" action.

Author: root4root

README.md

@@ -1,21 +1,34 @@
 # tuninetd
 
-Simple yet powerful tun/tap event emitter. Could be used like VPN dispatcher...
+Simple yet powerful event emitter by **tun/tap** (with/without **pcap** filter) or **nflog** source. Could be used as: VPN dispatcher, simplified detection system, by demand services handler, etc...
 
-### How it works:
-You should create and configure tun/tap device, then run **tuninetd**. It starts listening on that interface until network traffic will be detected. After that, interface will be released and certain command executed. From now on daemon is in monitoring state.
-After N seconds of interface idle, tuninetd send "stop" command by path that you define and start listening interface by its own again.
- 
-Since **tuninetd** based on **libpcap**, you can specify filter to trigging "start" and monitoring iddle (i.e. cutoff unwanted traffic). To test/debug pcap rules you might use tcpdump which is based on the same library.
+### 1. How it works.
+#### tun/tap device: ####
+You should create and configure tun/tap device first, then run **tuninetd**. It starts listening on this interface, until network traffic will be detected. After that, interface immediately releasing and specified command (with -c) will execute. From now on, daemon in monitoring state.
 
-**! OR !**
+---
+>For example:
+```sh
+# tuninetd -i tun0 -c /path/to/launcher
+```
+>then "start" command from **tuninetd** will be:
+```sh
+# /path/to/launcher start > /dev/null 2>&1
+```
+>"stop" command in the same manner.
+---
 
-You can simply use netfilter nfgroup (*iptables NFLOG target*), for reading packets from. No need binding to tun/tap interface nor heavy libpcap sensor. This is more lightweight mode and because of that - more reliable. Option available since v1.1.0.
+After -t seconds of interface idle (no packets through), tuninetd send "stop" command by path that defined with -c, and start listening interface by itself again.
 
+Since **tuninetd** based on **libpcap**, you can specify capture filter. To test pcap rules might use tcpdump which is based on the same library.
 
-**tuninetd** allows deploy "VPN by demand" or any other "by demand" services, which is the main idea of the project.
+>**! Notice !** *Modern Linux distributions periodically send 'icmpv6 router solicitation' packets, which cause tuninetd keep or change state. This situation appears in tun/tap mode without pcap filter applied.*
 
-### Installation:
+#### NFLOG: ####
+
+In general, behavior the same as tun/tap in part of start/stop. You could simply use netfilter nfgroup (*iptables **NFLOG** target*) to reading packets from. No binding to tun/tap device nor libpcap sensor. This is more lightweight mode and, because of that, - more reliable.
+
+### 2. Installation:
 If you're using Debian/Ubuntu please check deb-packages folder. Choose appropriate architecture, then run following command with root privileges:
 ```sh
 # dpkg -i tuninetd_ver_arch.deb
@@ -27,9 +40,9 @@ To install from sources download src folder. In case Debian/Ubuntu, you should a
 # make
 ```
 
-Congrats! Tuninend is ready to use. Check ./bin folder. :)
+Congrats! Tuninend ready to use. Check ./bin folder.
 
-### Usage:
+### 3. Usage:
 
 tuninetd {-i \<ifname> | -n \<nflog-group>} -c \<path> [-m \<iftype>] [-f \<filter>] [-t \<ttl>] [-d]
 
@@ -40,12 +53,12 @@ tuninetd {-i \<ifname> | -n \<nflog-group>} -c \<path> [-m \<iftype>] [-f \<filt
 **-f \<filter>**: specify pcap filter, similar to tcpdump<br/>
 **-t \<ttl>**: seconds of interface (traffic) idle, before 'stop' command (default is 600).<br/>
 **-d**: demonize process<br/>
-**-h**: prints this help
+**-h**: print this help
 
 `--- If tuninetd stuck in start condition for any reason, you can reset to "standby" (i.e. stop state) with SIGHUP. ---`
 
-### Examples:
-Before launching as daemon make sure there is no errors occurs. In daemon mode tuninetd write status messages and errors to syslog.
+### 4. Examples:
+Before launching as a daemon make sure there is no errors. In daemon mode tuninetd write status messages and errors to syslog.
 
 ```sh
 # tuninetd -i tun0 -c /test/runtunnel.sh -f "! host 1.2.3.4" -t 3600 -d
@@ -56,13 +69,11 @@ Check ```example``` folder to find some shell scripts.
 
 To create and bring up ```tun``` device, could be used following commands:
 ```sh
-# ip tuntap add name tun0 mode tun
+# ip tuntap add dev tun0 mode tun
 # ip link set tun0 up
 ```
 
-For more information about routing and configuring net devices, I strongly suggest LARCT how-to.
-
-*! Notice ! Modern Linux distributions periodically send 'icmpv6 router solicitation' packets, which cause tuninetd keep or change its status (calling 'start' script for example). This situation appears in tun/tap mode without pcap filter applied.*
+For more information about routing and configuring network devices, I strongly suggest LARCT how-to.
 
 ### License:
 MIT

deb-packages/tuninetd_1.2.1_amd64.deb

@@ -1,6 +1,26 @@
-all: default
-default: main.c
+all: tuninetd
+tuninetd: main.o nflog.o pcap.o thread.o tun.o utils.o
 	[ -d ./bin ] || mkdir -p ./bin
-	gcc -o ./bin/tuninetd main.c -lpthread -lpcap -lnetfilter_log
+	gcc main.o nflog.o pcap.o thread.o tun.o utils.o -o ./bin/tuninetd -lpthread -lpcap -lnetfilter_log
+	
+main.o: main.c main.h
+	gcc -c main.c
+
+nflog.o: nflog.c main.h
+	gcc -c nflog.c
+	
+pcap.o: pcap.c main.h
+	gcc -c pcap.c
+	
+thread.o: thread.c main.h
+	gcc -c thread.c
+
+tun.o: tun.c main.h
+	gcc -c tun.c
+	
+utils.o: utils.c main.h
+	gcc -c utils.c
+	
 clean:
+	rm -f *.o tuninetd
 	rm -rf ./bin

src/Makefile

@@ -6,10 +6,12 @@ int main(int argc, char *argv[])
 
     struct timespec tim;
 
+    //debug = 1;
+
     tim.tv_sec = 1;
     tim.tv_nsec = 0;
 
-    static const char *optString = "i:t:c:f:m:n:dh";
+    static const char *optString = "i:t:c:f:m:n:dhv";
 
     curts = time(NULL);
 
@@ -24,6 +26,9 @@ int main(int argc, char *argv[])
 
     while( opt != -1 ) {
         switch( opt ) {
+            case 'v':
+                version();
+                exit(0);
             case 'i':
                 globcfg.dev_name = optarg;
                 break;
@@ -56,7 +61,7 @@ int main(int argc, char *argv[])
             case 'd':
                 globcfg.isdaemon = 1;
                 break;
-            case 'h':   /* намеренный проход в следующий case-блок */
+            case 'h':   //go to the next case, same behaviour.
             case '?':
                 usage();
                 break;
@@ -80,11 +85,6 @@ int main(int argc, char *argv[])
         exit(1);
     }
 
-    if (pthread_mutex_init(&lock, NULL) != 0)
-    {
-        my_err("Mutex init failed. Abort.");
-        exit(1);
-    }
 
     if (globcfg.isdaemon == 1) {
         globcfg.pid = fork();
@@ -110,28 +110,18 @@ int main(int argc, char *argv[])
     } else 
         my_info("Started with pid %d", getpid());    
 
-    
-    pthread_attr_init(&attr);
-    pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
-    
-    if (globcfg.nf_group < 0) {
-        my_info("Binding to interface %s", globcfg.dev_name);
-        pthread_create(&pcap_x_thread, &attr, pcap_x, &x);
-        pthread_create(&tun_x_thread, &attr, tun_x, &y);
-    } else {
-        my_info("Start listening nflog-group %i", globcfg.nf_group);
-        pthread_create(&nflog_x_thread, &attr, nflog_x, &y);
-    }
+    thread_init(); //Initialization our workers (thread.c)
 
     if (signal(SIGHUP, sig_handler) == SIG_ERR)
          my_info("Can't catch SIGHUP\n");
 
 
     while (1) {
 
-        nanosleep(&tim, NULL);
+        nanosleep(&tim, NULL); //Tick
 
         curts = time(NULL);
+        //do_debug("Tick %lu ...\n", curts);//
 
         if (ts != 0 && status == 1 && ((curts - ts) >= globcfg.ttl) ) {
             my_info("CORE: executing STOP command...");

src/main.c

@@ -1,33 +1,27 @@
+#ifndef H_TUNINETD_MAIN
+#define H_TUNINETD_MAIN
+
 #include <fcntl.h>
-#include <pthread.h>
-#include <pcap.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/ioctl.h>
 #include <net/if.h>
 #include <linux/if_tun.h>
-#include <sys/ioctl.h>
-#include <stdarg.h>
-#include <syslog.h>
 #include <unistd.h>
 #include <signal.h>
 #include <time.h>
 
-#include <libnetfilter_log/libnetfilter_log.h>
-
-
 #define BUFSIZE 2000
 #define ON 1
 #define OFF 0
+#define VERSION "\ntuninetd 1.2.1\n"
 
-int x, y;
-
-short int debug = 0;
-short int status = 0;
-unsigned long ts = 0;
-unsigned long curts = 0;
-
-char progname[] = "tuninetd";
+//global vars.
+short int debug;
+short int status;
+unsigned long ts;
+unsigned long curts;
 
 struct globcfg_t {
     short int isdaemon;
@@ -42,24 +36,21 @@ struct globcfg_t {
     int ttl;
 } globcfg;
 
-pthread_t pcap_x_thread;
-pthread_t tun_x_thread;
-pthread_t nflog_x_thread;
 
-pthread_attr_t attr;
-pthread_mutex_t lock;
-
+//from utils.c
 void do_debug(char *msg, ...);
 void my_err(char *msg, ...);
 void my_info(char *msg, ...);
-void switch_state(short action);
+void sig_handler(int signo);
+void usage();
+void version();
+
+//from thread.c
 void switch_guard(short action);
+void thread_init();
 
 void *tun_x(void *x_void_ptr);
 void *nflog_x(void *x_void_ptr);
 void *pcap_x(void *x_void_ptr);
 
-#include "utils.c"
-#include "tun.c"
-#include "pcap.c"
-#include "nflog.c"
+#endif

src/main.h

@@ -1,3 +1,6 @@
+#include "main.h"
+#include <libnetfilter_log/libnetfilter_log.h>
+
 static int callback(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg, struct nflog_data *ldata, void *data)
 {
     if (status == OFF) {

src/nflog.c

@@ -1,6 +1,10 @@
+#include "main.h"
+#include <pcap.h>
+
 static void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
 {
     ts = header->ts.tv_sec;
+    //do_debug("Packet timestamp %lu ...\n", ts);
 }
 
 void *pcap_x(void *x_void_ptr)

src/pcap.c

@@ -0,0 +1,64 @@
+#include "main.h"
+#include <pthread.h>
+
+static pthread_t pcap_x_thread;
+static pthread_t tun_x_thread;
+static pthread_t nflog_x_thread;
+
+static pthread_attr_t attr;
+static pthread_mutex_t lock;
+
+static int x, y;
+
+void thread_init()
+{
+    if (pthread_mutex_init(&lock, NULL) != 0) {
+        my_err("Mutex init failed. Abort.");
+        exit(1);
+    }
+
+    pthread_attr_init(&attr);
+    pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
+
+    if (globcfg.nf_group < 0) {
+        my_info("Binding to interface %s", globcfg.dev_name);
+        pthread_create(&pcap_x_thread, &attr, pcap_x, &x);
+        pthread_create(&tun_x_thread, &attr, tun_x, &y);
+    } else {
+        my_info("Start listening nflog-group %i", globcfg.nf_group);
+        pthread_create(&nflog_x_thread, &attr, nflog_x, &y);
+    }
+}
+
+void switch_state(short action)
+{
+    if (status == action) {
+        return;
+    }
+
+    ts = time(NULL);
+
+    if (action == ON) {
+        if (system(globcfg.cmd_path_start) != 0)
+            my_err("Warning! Executable command doesn't return 0 (%s)", globcfg.cmd_path_start);
+
+        status = ON;
+
+    } else {
+        if (system(globcfg.cmd_path_stop) != 0)
+            my_err("Warning! Executable command doesn't return 0 (%s)", globcfg.cmd_path_stop);
+
+        status = OFF;
+
+        if (globcfg.nf_group < 0)
+            pthread_create(&tun_x_thread, &attr, tun_x, &y);
+
+    }
+}
+
+void switch_guard(short action)
+{
+    pthread_mutex_lock(&lock);
+    switch_state(action);
+    pthread_mutex_unlock(&lock);
+}

src/thread.c

@@ -1,3 +1,5 @@
+#include "main.h"
+
 static int tun_alloc(char *dev, int flags) 
 {
     struct ifreq ifr;
@@ -46,7 +48,7 @@ void *tun_x(void *x_void_ptr)
     struct timespec tim;
 
     tim.tv_sec = 0;
-    tim.tv_nsec = 15000000;
+    tim.tv_nsec = 20000000;
 
 
     if ( (tap_fd = tun_alloc(globcfg.dev_name, globcfg.dev_mode | IFF_NO_PI)) < 0 ) {
@@ -59,9 +61,11 @@ void *tun_x(void *x_void_ptr)
 
         if (globcfg.pcap_filter != NULL) {
             nanosleep(&tim, NULL);
-            if ( (curts - ts) < 2 ) {
-                do_debug("Read %d bytes from the tap interface\n", nread);
+            if ( (long)(curts - ts) < 2 ) {
+                //do_debug("Read %d bytes from the tap interface\n", nread);
                 break;
+            } else {
+                //do_debug("Delta is not small enough...\n");
             } 
         } else {
              break;