From 30b1f6799012af470125591762d2482ad41de785 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Sat, 10 Jan 2015 23:02:05 +0300
Subject: [PATCH] Ability to call up and down scripts

Signed-off-by: Sergey Matveev <stargrave@stargrave.org>
---
 README   | 14 ++++++++++++++
 govpn.go | 25 +++++++++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/README b/README
index 058ef02..c529c3e 100644
--- a/README
+++ b/README
@@ -28,6 +28,10 @@ mutual zero-knowledge authentication and perfect-forward secrecy
 property. An attacker can not know anything from captured traffic, even
 if pre-shared key is compromised.
 
+Also you can provide up and down scripts that will be executed after
+either connection is initiated (up-script in background), or is went
+down. The first argument for them is an interface name.
+
 COMPARISON TO OpenVPN
 
 * Faster handshake
@@ -97,6 +101,16 @@ FreeBSD IPv6 client-server example:
     client% route -6 add default fc00::1
     client% while :; do govpn -key key.txt -iface tap10 -remote [fe80::1%me0]:1194; done
 
+Example up-script:
+
+    client% cat > up.sh <<EOF
+    #!/bin/sh
+    dhclient $1
+    rtsol $1
+    EOF
+    client% chmod +x up.sh
+    client% govpn -key key.txt -iface tap10 -remote [fe80::1%me0]:1194 -up ./up.sh
+
 If client won't finish handshake during -timeout, then it will exit.
 If no packets are received from remote side during timeout, then daemon
 will stop sending packets to the client and client will exit. In all
diff --git a/govpn.go b/govpn.go
index 89ccabf..1e15710 100644
--- a/govpn.go
+++ b/govpn.go
@@ -18,6 +18,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package main
 
 import (
+	"bytes"
 	"encoding/binary"
 	"encoding/hex"
 	"flag"
@@ -26,6 +27,9 @@ import (
 	"io/ioutil"
 	"log"
 	"net"
+	"os"
+	"os/exec"
+	"os/signal"
 	"time"
 
 	"code.google.com/p/go.crypto/poly1305"
@@ -37,6 +41,8 @@ var (
 	bindAddr   = flag.String("bind", "", "Bind to address")
 	ifaceName  = flag.String("iface", "tap0", "TAP network interface")
 	keyPath    = flag.String("key", "", "Path to authentication key file")
+	upPath     = flag.String("up", "", "Path to up-script")
+	downPath   = flag.String("down", "", "Path to down-script")
 	mtu        = flag.Int("mtu", 1500, "MTU")
 	timeoutP   = flag.Int("timeout", 60, "Timeout seconds")
 	verboseP   = flag.Bool("v", false, "Increase verbosity")
@@ -68,6 +74,18 @@ type UDPPkt struct {
 	size int
 }
 
+func ScriptCall(path *string) {
+	if *path == "" {
+		return
+	}
+	cmd := exec.Command(*path, *ifaceName)
+	var out bytes.Buffer
+	cmd.Stdout = &out
+	if err := cmd.Run(); err != nil {
+		fmt.Println(time.Now(), "script error: ", err.Error(), string(out.Bytes()))
+	}
+}
+
 func main() {
 	flag.Parse()
 	timeout := *timeoutP
@@ -187,12 +205,17 @@ func main() {
 	heartbeat := time.Tick(time.Second * time.Duration(timeout/3))
 	heartbeatMark := []byte(HeartBeatMark)
 
+	termSignal := make(chan os.Signal, 1)
+	signal.Notify(termSignal, os.Interrupt, os.Kill)
+
 	finished := false
 	for {
 		if finished {
 			break
 		}
 		select {
+		case <-termSignal:
+			finished = true
 		case <-heartbeat:
 			go func() { ethSink <- -1 }()
 		case udpPkt = <-udpSink:
@@ -227,6 +250,7 @@ func main() {
 					fmt.Print("[HS-OK]")
 					peer = p
 					delete(states, addr)
+					go ScriptCall(upPath)
 				}
 				continue
 			}
@@ -296,4 +320,5 @@ func main() {
 			}
 		}
 	}
+	ScriptCall(downPath)
 }
-- 
2.44.0