2 This file is part of GNUnet.
3 Copyright (C) 2010-2013 Christian Grothoff
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @file exit/gnunet-daemon-exit.c
23 * @brief tool to allow IP traffic exit from the GNUnet cadet to the Internet
24 * @author Philipp Toelke
25 * @author Christian Grothoff
31 * - which code should advertise services? the service model is right
32 * now a bit odd, especially as this code DOES the exit and knows
33 * the DNS "name", but OTOH this is clearly NOT the place to advertise
34 * the service's existence; maybe the daemon should turn into a
35 * service with an API to add local-exit services dynamically?
38 #include "gnunet_util_lib.h"
39 #include "gnunet_protocols.h"
40 #include "gnunet_applications.h"
41 #include "gnunet_dht_service.h"
42 #include "gnunet_cadet_service.h"
43 #include "gnunet_dnsparser_lib.h"
44 #include "gnunet_dnsstub_lib.h"
45 #include "gnunet_statistics_service.h"
46 #include "gnunet_constants.h"
47 #include "gnunet_signatures.h"
48 #include "gnunet_tun_lib.h"
49 #include "gnunet_regex_service.h"
51 #include "block_dns.h"
55 * Maximum path compression length for cadet regex announcing for IPv4 address
58 #define REGEX_MAX_PATH_LEN_IPV4 4
61 * Maximum path compression length for cadet regex announcing for IPv6 address
64 #define REGEX_MAX_PATH_LEN_IPV6 8
67 * How frequently do we re-announce the regex for the exit?
69 #define REGEX_REFRESH_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 30)
72 * How frequently do we re-announce the DNS exit in the DHT?
74 #define DHT_PUT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
77 * How long do we typically sign the DNS exit advertisement for?
79 #define DNS_ADVERTISEMENT_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 3)
83 * Generic logging shorthand
85 #define LOG(kind, ...) \
86 GNUNET_log_from (kind, "exit", __VA_ARGS__);
90 * Information about an address.
95 * AF_INET or AF_INET6.
100 * Remote address information.
105 * Address, if af is AF_INET.
110 * Address, if af is AF_INET6.
112 struct in6_addr ipv6;
116 * IPPROTO_TCP or IPPROTO_UDP;
121 * Remote port, in host byte order!
129 * This struct is saved into the services-hashmap to represent
130 * a service this peer is specifically offering an exit for
131 * (for a specific domain name).
137 * Remote address to use for the service.
139 struct SocketAddress address;
142 * Descriptor for the service (CADET port).
144 struct GNUNET_HashCode descriptor;
147 * DNS name of the service.
152 * Open port with CADET.
154 struct GNUNET_CADET_Port *port;
157 * #GNUNET_YES if this is a UDP service, otherwise TCP.
165 * Information we use to track a connection (the classical 6-tuple of
166 * IP-version, protocol, source-IP, destination-IP, source-port and
169 struct RedirectInformation
173 * Address information for the other party (equivalent of the
174 * arguments one would give to "connect").
176 struct SocketAddress remote_address;
179 * Address information we used locally (AF and proto must match
180 * "remote_address"). Equivalent of the arguments one would give to
183 struct SocketAddress local_address;
186 Note 1: additional information might be added here in the
187 future to support protocols that require special handling,
190 Note 2: we might also sometimes not match on all components
191 of the tuple, to support protocols where things do not always
198 * Queue of messages to a channel.
200 struct ChannelMessageQueue
203 * This is a doubly-linked list.
205 struct ChannelMessageQueue *next;
208 * This is a doubly-linked list.
210 struct ChannelMessageQueue *prev;
213 * Payload to send via the channel.
218 * Number of bytes in @e payload.
225 * This struct is saved into #connections_map to allow finding the
226 * right channel given an IP packet from TUN. It is also associated
227 * with the channel's closure so we can find it again for the next
228 * message from the channel.
233 * Cadet channel that is used for this connection.
235 struct GNUNET_CADET_Channel *channel;
238 * Who is the other end of this channel.
239 * FIXME is this needed? Only used for debugging messages
241 struct GNUNET_PeerIdentity peer;
244 * Active channel transmission request (or NULL).
246 struct GNUNET_CADET_TransmitHandle *th;
249 * #GNUNET_NO if this is a channel for TCP/UDP,
250 * #GNUNET_YES if this is a channel for DNS,
251 * #GNUNET_SYSERR if the channel is not yet initialized.
261 * Heap node for this state in the connections_heap.
263 struct GNUNET_CONTAINER_HeapNode *heap_node;
266 * Key this state has in the #connections_map.
268 struct GNUNET_HashCode state_key;
271 * Associated service record, or NULL for no service.
273 struct LocalService *serv;
276 * Head of DLL of messages for this channel.
278 struct ChannelMessageQueue *head;
281 * Tail of DLL of messages for this channel.
283 struct ChannelMessageQueue *tail;
286 * Primary redirection information for this connection.
288 struct RedirectInformation ri;
295 * DNS reply ready for transmission.
300 * Socket we are using to transmit this request (must match if we receive
303 struct GNUNET_DNSSTUB_RequestSocket *rs;
306 * Number of bytes in 'reply'.
311 * Original DNS request ID as used by the client.
313 uint16_t original_id;
316 * DNS request ID that we used for forwarding.
328 * Return value from 'main'.
330 static int global_ret;
333 * Handle to our regex announcement for IPv4.
335 static struct GNUNET_REGEX_Announcement *regex4;
338 * Handle to our regex announcement for IPv4.
340 static struct GNUNET_REGEX_Announcement *regex6;
343 * The handle to the configuration used throughout the process
345 static const struct GNUNET_CONFIGURATION_Handle *cfg;
348 * The handle to the helper
350 static struct GNUNET_HELPER_Handle *helper_handle;
353 * Arguments to the exit helper.
355 static char *exit_argv[8];
358 * IPv6 address of our TUN interface.
360 static struct in6_addr exit_ipv6addr;
363 * IPv6 prefix (0..127) from configuration file.
365 static unsigned long long ipv6prefix;
368 * IPv4 address of our TUN interface.
370 static struct in_addr exit_ipv4addr;
373 * IPv4 netmask of our TUN interface.
375 static struct in_addr exit_ipv4mask;
380 static struct GNUNET_STATISTICS_Handle *stats;
383 * The handle to cadet
385 static struct GNUNET_CADET_Handle *cadet_handle;
388 * This hashmaps contains the mapping from peer, service-descriptor,
389 * source-port and destination-port to a struct ChannelState
391 static struct GNUNET_CONTAINER_MultiHashMap *connections_map;
394 * Heap so we can quickly find "old" connections.
396 static struct GNUNET_CONTAINER_Heap *connections_heap;
399 * If there are at least this many connections, old ones will be removed
401 static unsigned long long max_connections;
404 * This hashmaps saves interesting things about the configured services
406 static struct GNUNET_CONTAINER_MultiHashMap *services;
409 * Array of all open DNS requests from channels.
411 static struct ChannelState *channels[UINT16_MAX + 1];
414 * Handle to the DNS Stub resolver.
416 static struct GNUNET_DNSSTUB_Context *dnsstub;
419 * Handle for ongoing DHT PUT operations to advertise exit service.
421 static struct GNUNET_DHT_PutHandle *dht_put;
426 static struct GNUNET_DHT_Handle *dht;
429 * Task for doing DHT PUTs to advertise exit service.
431 static struct GNUNET_SCHEDULER_Task * dht_task;
434 * Advertisement message we put into the DHT to advertise us
437 static struct GNUNET_DNS_Advertisement dns_advertisement;
440 * Key we store the DNS advertismenet under.
442 static struct GNUNET_HashCode dht_put_key;
445 * Private key for this peer.
447 static struct GNUNET_CRYPTO_EddsaPrivateKey *peer_key;
450 * Are we an IPv4-exit?
452 static int ipv4_exit;
455 * Are we an IPv6-exit?
457 static int ipv6_exit;
460 * Do we support IPv4 at all on the TUN interface?
462 static int ipv4_enabled;
465 * Do we support IPv6 at all on the TUN interface?
467 static int ipv6_enabled;
471 * We got a reply from DNS for a request of a CADET channel. Send it
472 * via the channel (after changing the request ID back).
474 * @param cls the `struct ChannelState`
475 * @param size number of bytes available in @a buf
476 * @param buf where to copy the reply
477 * @return number of bytes written to @a buf
480 transmit_reply_to_cadet (void *cls,
484 struct ChannelState *ts = cls;
488 struct GNUNET_MessageHeader hdr;
489 struct GNUNET_TUN_DnsHeader dns;
491 GNUNET_assert (GNUNET_YES == ts->is_dns);
493 GNUNET_assert (ts->specifics.dns.reply != NULL);
496 ret = sizeof (struct GNUNET_MessageHeader) + ts->specifics.dns.reply_length;
497 GNUNET_assert (ret <= size);
498 hdr.size = htons (ret);
499 hdr.type = htons (GNUNET_MESSAGE_TYPE_VPN_DNS_FROM_INTERNET);
500 GNUNET_memcpy (&dns, ts->specifics.dns.reply, sizeof (dns));
501 dns.id = ts->specifics.dns.original_id;
503 GNUNET_memcpy (&cbuf[off], &hdr, sizeof (hdr));
505 GNUNET_memcpy (&cbuf[off], &dns, sizeof (dns));
507 GNUNET_memcpy (&cbuf[off], &ts->specifics.dns.reply[sizeof (dns)], ts->specifics.dns.reply_length - sizeof (dns));
508 off += ts->specifics.dns.reply_length - sizeof (dns);
509 GNUNET_free (ts->specifics.dns.reply);
510 ts->specifics.dns.reply = NULL;
511 ts->specifics.dns.reply_length = 0;
512 GNUNET_assert (ret == off);
518 * Callback called from DNSSTUB resolver when a resolution
522 * @param rs the socket that received the response
523 * @param dns the response itself
524 * @param r number of bytes in dns
527 process_dns_result (void *cls,
528 struct GNUNET_DNSSTUB_RequestSocket *rs,
529 const struct GNUNET_TUN_DnsHeader *dns,
532 struct ChannelState *ts;
534 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
535 "Processing DNS result from stub resolver\n");
536 GNUNET_assert (NULL == cls);
537 /* Handle case that this is a reply to a request from a CADET DNS channel */
538 ts = channels[dns->id];
540 (ts->specifics.dns.rs != rs) )
542 LOG (GNUNET_ERROR_TYPE_DEBUG,
543 "Got a response from the stub resolver for DNS request received via CADET!\n");
544 channels[dns->id] = NULL;
545 GNUNET_free_non_null (ts->specifics.dns.reply);
546 ts->specifics.dns.reply = GNUNET_malloc (r);
547 ts->specifics.dns.reply_length = r;
548 GNUNET_memcpy (ts->specifics.dns.reply, dns, r);
550 GNUNET_CADET_notify_transmit_ready_cancel (ts->th);
551 ts->th = GNUNET_CADET_notify_transmit_ready (ts->channel,
553 GNUNET_TIME_UNIT_FOREVER_REL,
554 sizeof (struct GNUNET_MessageHeader) + r,
555 &transmit_reply_to_cadet,
561 * Process a request via cadet to perform a DNS query.
563 * @param cls closure, NULL
564 * @param channel connection to the other end
565 * @param channel_ctx pointer to our `struct ChannelState *`
566 * @param message the actual message
568 * @return #GNUNET_OK to keep the connection open,
569 * #GNUNET_SYSERR to close it (signal serious error)
572 receive_dns_request (void *cls GNUNET_UNUSED,
573 struct GNUNET_CADET_Channel *channel,
575 const struct GNUNET_MessageHeader *message)
577 struct ChannelState *ts = *channel_ctx;
578 const struct GNUNET_TUN_DnsHeader *dns;
579 size_t mlen = ntohs (message->size);
580 size_t dlen = mlen - sizeof (struct GNUNET_MessageHeader);
581 char buf[dlen] GNUNET_ALIGN;
582 struct GNUNET_TUN_DnsHeader *dout;
587 return GNUNET_SYSERR;
589 if (GNUNET_NO == ts->is_dns)
592 return GNUNET_SYSERR;
594 if (GNUNET_SYSERR == ts->is_dns)
596 /* channel is DNS from now on */
597 ts->is_dns = GNUNET_YES;
599 if (dlen < sizeof (struct GNUNET_TUN_DnsHeader))
602 return GNUNET_SYSERR;
604 dns = (const struct GNUNET_TUN_DnsHeader *) &message[1];
605 ts->specifics.dns.original_id = dns->id;
606 if (channels[ts->specifics.dns.my_id] == ts)
607 channels[ts->specifics.dns.my_id] = NULL;
608 ts->specifics.dns.my_id = (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
610 channels[ts->specifics.dns.my_id] = ts;
611 GNUNET_memcpy (buf, dns, dlen);
612 dout = (struct GNUNET_TUN_DnsHeader *) buf;
613 dout->id = ts->specifics.dns.my_id;
614 ts->specifics.dns.rs = GNUNET_DNSSTUB_resolve2 (dnsstub,
618 if (NULL == ts->specifics.dns.rs)
619 return GNUNET_SYSERR;
620 GNUNET_CADET_receive_done (channel);
626 * Given IP information about a connection, calculate the respective
627 * hash we would use for the #connections_map.
629 * @param hash resulting hash
630 * @param ri information about the connection
633 hash_redirect_info (struct GNUNET_HashCode *hash,
634 const struct RedirectInformation *ri)
640 sizeof (struct GNUNET_HashCode));
641 /* the GNUnet hashmap only uses the first sizeof(unsigned int) of the hash,
642 so we put the IP address in there (and hope for few collisions) */
644 switch (ri->remote_address.af)
648 &ri->remote_address.address.ipv4,
649 sizeof (struct in_addr));
650 off += sizeof (struct in_addr);
654 &ri->remote_address.address.ipv6,
655 sizeof (struct in6_addr));
656 off += sizeof (struct in_addr);
662 &ri->remote_address.port,
664 off += sizeof (uint16_t);
665 switch (ri->local_address.af)
669 &ri->local_address.address.ipv4,
670 sizeof (struct in_addr));
671 off += sizeof (struct in_addr);
675 &ri->local_address.address.ipv6,
676 sizeof (struct in6_addr));
677 off += sizeof (struct in_addr);
683 &ri->local_address.port,
685 off += sizeof (uint16_t);
687 &ri->remote_address.proto,
689 /* off += sizeof (uint8_t); */
694 * Get our connection tracking state. Warns if it does not exists,
695 * refreshes the timestamp if it does exist.
697 * @param af address family
698 * @param protocol IPPROTO_UDP or IPPROTO_TCP
699 * @param destination_ip target IP
700 * @param destination_port target port
701 * @param local_ip local IP
702 * @param local_port local port
703 * @param state_key set to hash's state if non-NULL
704 * @return NULL if we have no tracking information for this tuple
706 static struct ChannelState *
707 get_redirect_state (int af,
709 const void *destination_ip,
710 uint16_t destination_port,
711 const void *local_ip,
713 struct GNUNET_HashCode *state_key)
715 struct RedirectInformation ri;
716 struct GNUNET_HashCode key;
717 struct ChannelState *state;
719 if ( ( (af == AF_INET) && (protocol == IPPROTO_ICMP) ) ||
720 ( (af == AF_INET6) && (protocol == IPPROTO_ICMPV6) ) )
723 destination_port = 0;
726 ri.remote_address.af = af;
728 ri.remote_address.address.ipv4 = *((struct in_addr*) destination_ip);
730 ri.remote_address.address.ipv6 = * ((struct in6_addr*) destination_ip);
731 ri.remote_address.port = destination_port;
732 ri.remote_address.proto = protocol;
733 ri.local_address.af = af;
735 ri.local_address.address.ipv4 = *((struct in_addr*) local_ip);
737 ri.local_address.address.ipv6 = * ((struct in6_addr*) local_ip);
738 ri.local_address.port = local_port;
739 ri.local_address.proto = protocol;
740 hash_redirect_info (&key,
742 if (NULL != state_key)
744 state = GNUNET_CONTAINER_multihashmap_get (connections_map,
748 /* Mark this connection as freshly used */
749 if (NULL == state_key)
750 GNUNET_CONTAINER_heap_update_cost (connections_heap,
751 state->specifics.tcp_udp.heap_node,
752 GNUNET_TIME_absolute_get ().abs_value_us);
758 * Free memory associated with a service record.
761 * @param key service descriptor
762 * @param value service record to free
766 free_service_record (void *cls,
767 const struct GNUNET_HashCode *key,
770 struct LocalService *service = value;
772 GNUNET_assert (GNUNET_YES ==
773 GNUNET_CONTAINER_multihashmap_remove (services,
776 GNUNET_CADET_close_port (service->port);
777 GNUNET_free_non_null (service->name);
778 GNUNET_free (service);
784 * Callback from CADET for new channels.
787 * @param channel new handle to the channel
788 * @param initiator peer that started the channel
789 * @param port destination port
790 * @param options channel options flags
791 * @return initial channel context for the channel
794 new_service_channel (void *cls,
795 struct GNUNET_CADET_Channel *channel,
796 const struct GNUNET_PeerIdentity *initiator,
797 const struct GNUNET_HashCode *port,
798 enum GNUNET_CADET_ChannelOption options)
800 struct LocalService *ls = cls;
801 struct ChannelState *s = GNUNET_new (struct ChannelState);
803 s->peer = *initiator;
804 GNUNET_STATISTICS_update (stats,
805 gettext_noop ("# Inbound CADET channels created"),
808 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
809 "Received inbound channel from `%s'\n",
810 GNUNET_i2s (initiator));
811 s->channel = channel;
812 s->specifics.tcp_udp.serv = ls;
813 s->specifics.tcp_udp.ri.remote_address = ls->address;
819 * Given a service descriptor and a destination port, find the
820 * respective service entry.
822 * @param proto IPPROTO_TCP or IPPROTO_UDP
823 * @param name name of the service
824 * @param destination_port destination port
825 * @param service service information record to store (service->name will be set).
828 store_service (int proto,
830 uint16_t destination_port,
831 struct LocalService *service)
833 struct GNUNET_HashCode cadet_port;
835 service->name = GNUNET_strdup (name);
836 GNUNET_TUN_service_name_to_hash (name,
837 &service->descriptor);
838 GNUNET_TUN_compute_service_cadet_port (&service->descriptor,
841 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
842 "Opening CADET port %s for SERVICE exit %s on port %u\n",
843 GNUNET_h2s (&cadet_port),
845 (unsigned int) destination_port);
846 service->port = GNUNET_CADET_open_port (cadet_handle,
848 &new_service_channel,
850 service->is_udp = (IPPROTO_UDP == proto);
852 GNUNET_CONTAINER_multihashmap_put (services,
855 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
857 GNUNET_CADET_close_port (service->port);
858 GNUNET_free_non_null (service->name);
859 GNUNET_free (service);
860 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
861 _("Got duplicate service records for `%s:%u'\n"),
863 (unsigned int) destination_port);
869 * CADET is ready to receive a message for the channel. Transmit it.
871 * @param cls the `struct ChannelState`.
872 * @param size number of bytes available in @a buf
873 * @param buf where to copy the message
874 * @return number of bytes copied to @a buf
877 send_to_peer_notify_callback (void *cls,
881 struct ChannelState *s = cls;
882 struct GNUNET_CADET_Channel *channel = s->channel;
883 struct ChannelMessageQueue *tnq;
886 tnq = s->specifics.tcp_udp.head;
891 s->th = GNUNET_CADET_notify_transmit_ready (channel,
892 GNUNET_NO /* corking */,
893 GNUNET_TIME_UNIT_FOREVER_REL,
895 &send_to_peer_notify_callback,
899 GNUNET_assert (size >= tnq->len);
900 GNUNET_memcpy (buf, tnq->payload, tnq->len);
902 GNUNET_CONTAINER_DLL_remove (s->specifics.tcp_udp.head,
903 s->specifics.tcp_udp.tail,
906 if (NULL != (tnq = s->specifics.tcp_udp.head))
907 s->th = GNUNET_CADET_notify_transmit_ready (channel,
908 GNUNET_NO /* corking */,
909 GNUNET_TIME_UNIT_FOREVER_REL,
911 &send_to_peer_notify_callback,
913 GNUNET_STATISTICS_update (stats,
914 gettext_noop ("# Bytes transmitted via cadet channels"),
921 * Send the given packet via the cadet channel.
923 * @param s channel destination
924 * @param tnq message to queue
927 send_packet_to_cadet_channel (struct ChannelState *s,
928 struct ChannelMessageQueue *tnq)
930 struct GNUNET_CADET_Channel *cadet_channel;
932 cadet_channel = s->channel;
933 GNUNET_assert (NULL != s);
934 GNUNET_CONTAINER_DLL_insert_tail (s->specifics.tcp_udp.head,
935 s->specifics.tcp_udp.tail,
938 s->th = GNUNET_CADET_notify_transmit_ready (cadet_channel,
939 GNUNET_NO /* cork */,
940 GNUNET_TIME_UNIT_FOREVER_REL,
942 &send_to_peer_notify_callback,
948 * @brief Handles an ICMP packet received from the helper.
950 * @param icmp A pointer to the Packet
951 * @param pktlen number of bytes in @a icmp
952 * @param af address family (AFINET or AF_INET6)
953 * @param destination_ip destination IP-address of the IP packet (should
954 * be our local address)
955 * @param source_ip original source IP-address of the IP packet (should
956 * be the original destination address)
959 icmp_from_helper (const struct GNUNET_TUN_IcmpHeader *icmp,
962 const void *destination_ip,
963 const void *source_ip)
965 struct ChannelState *state;
966 struct ChannelMessageQueue *tnq;
967 struct GNUNET_EXIT_IcmpToVPNMessage *i2v;
968 const struct GNUNET_TUN_IPv4Header *ipv4;
969 const struct GNUNET_TUN_IPv6Header *ipv6;
970 const struct GNUNET_TUN_UdpHeader *udp;
972 uint16_t source_port;
973 uint16_t destination_port;
977 char sbuf[INET6_ADDRSTRLEN];
978 char dbuf[INET6_ADDRSTRLEN];
979 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
980 "Received ICMP packet going from %s to %s\n",
983 sbuf, sizeof (sbuf)),
986 dbuf, sizeof (dbuf)));
988 if (pktlen < sizeof (struct GNUNET_TUN_IcmpHeader))
995 /* Find out if this is an ICMP packet in response to an existing
996 TCP/UDP packet and if so, figure out ports / protocol of the
997 existing session from the IP data in the ICMP payload */
999 destination_port = 0;
1003 protocol = IPPROTO_ICMP;
1006 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
1007 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
1009 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
1010 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
1011 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
1013 sizeof (struct GNUNET_TUN_IcmpHeader) +
1014 sizeof (struct GNUNET_TUN_IPv4Header) + 8)
1020 ipv4 = (const struct GNUNET_TUN_IPv4Header *) &icmp[1];
1021 protocol = ipv4->protocol;
1022 /* could be TCP or UDP, but both have the ports in the right
1023 place, so that doesn't matter here */
1024 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv4[1];
1025 /* swap ports, as they are from the original message */
1026 destination_port = ntohs (udp->source_port);
1027 source_port = ntohs (udp->destination_port);
1028 /* throw away ICMP payload, won't be useful for the other side anyway */
1029 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
1032 GNUNET_STATISTICS_update (stats,
1033 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
1039 protocol = IPPROTO_ICMPV6;
1042 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
1043 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
1044 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
1045 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
1047 sizeof (struct GNUNET_TUN_IcmpHeader) +
1048 sizeof (struct GNUNET_TUN_IPv6Header) + 8)
1054 ipv6 = (const struct GNUNET_TUN_IPv6Header *) &icmp[1];
1055 protocol = ipv6->next_header;
1056 /* could be TCP or UDP, but both have the ports in the right
1057 place, so that doesn't matter here */
1058 udp = (const struct GNUNET_TUN_UdpHeader *) &ipv6[1];
1059 /* swap ports, as they are from the original message */
1060 destination_port = ntohs (udp->source_port);
1061 source_port = ntohs (udp->destination_port);
1062 /* throw away ICMP payload, won't be useful for the other side anyway */
1063 pktlen = sizeof (struct GNUNET_TUN_IcmpHeader);
1065 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
1066 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
1069 GNUNET_STATISTICS_update (stats,
1070 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
1081 state = get_redirect_state (af,
1089 case IPPROTO_ICMPV6:
1090 state = get_redirect_state (af,
1099 state = get_redirect_state (af,
1108 state = get_redirect_state (af,
1117 GNUNET_STATISTICS_update (stats,
1118 gettext_noop ("# ICMP packets dropped (not allowed)"),
1125 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1126 _("ICMP Packet dropped, have no matching connection information\n"));
1129 mlen = sizeof (struct GNUNET_EXIT_IcmpToVPNMessage) + pktlen - sizeof (struct GNUNET_TUN_IcmpHeader);
1130 tnq = GNUNET_malloc (sizeof (struct ChannelMessageQueue) + mlen);
1131 tnq->payload = &tnq[1];
1133 i2v = (struct GNUNET_EXIT_IcmpToVPNMessage *) &tnq[1];
1134 i2v->header.size = htons ((uint16_t) mlen);
1135 i2v->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_VPN);
1136 i2v->af = htonl (af);
1137 GNUNET_memcpy (&i2v->icmp_header,
1140 send_packet_to_cadet_channel (state, tnq);
1145 * @brief Handles an UDP packet received from the helper.
1147 * @param udp A pointer to the Packet
1148 * @param pktlen number of bytes in 'udp'
1149 * @param af address family (AFINET or AF_INET6)
1150 * @param destination_ip destination IP-address of the IP packet (should
1151 * be our local address)
1152 * @param source_ip original source IP-address of the IP packet (should
1153 * be the original destination address)
1156 udp_from_helper (const struct GNUNET_TUN_UdpHeader *udp,
1159 const void *destination_ip,
1160 const void *source_ip)
1162 struct ChannelState *state;
1163 struct ChannelMessageQueue *tnq;
1164 struct GNUNET_EXIT_UdpReplyMessage *urm;
1168 char sbuf[INET6_ADDRSTRLEN];
1169 char dbuf[INET6_ADDRSTRLEN];
1170 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1171 "Received UDP packet going from %s:%u to %s:%u\n",
1174 sbuf, sizeof (sbuf)),
1175 (unsigned int) ntohs (udp->source_port),
1178 dbuf, sizeof (dbuf)),
1179 (unsigned int) ntohs (udp->destination_port));
1181 if (pktlen < sizeof (struct GNUNET_TUN_UdpHeader))
1187 if (pktlen != ntohs (udp->len))
1193 state = get_redirect_state (af,
1196 ntohs (udp->source_port),
1198 ntohs (udp->destination_port),
1202 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1203 _("UDP Packet dropped, have no matching connection information\n"));
1206 mlen = sizeof (struct GNUNET_EXIT_UdpReplyMessage) + pktlen - sizeof (struct GNUNET_TUN_UdpHeader);
1207 tnq = GNUNET_malloc (sizeof (struct ChannelMessageQueue) + mlen);
1208 tnq->payload = &tnq[1];
1210 urm = (struct GNUNET_EXIT_UdpReplyMessage *) &tnq[1];
1211 urm->header.size = htons ((uint16_t) mlen);
1212 urm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_UDP_REPLY);
1213 urm->source_port = htons (0);
1214 urm->destination_port = htons (0);
1215 GNUNET_memcpy (&urm[1],
1217 pktlen - sizeof (struct GNUNET_TUN_UdpHeader));
1218 send_packet_to_cadet_channel (state, tnq);
1223 * @brief Handles a TCP packet received from the helper.
1225 * @param tcp A pointer to the Packet
1226 * @param pktlen the length of the packet, including its TCP header
1227 * @param af address family (AFINET or AF_INET6)
1228 * @param destination_ip destination IP-address of the IP packet (should
1229 * be our local address)
1230 * @param source_ip original source IP-address of the IP packet (should
1231 * be the original destination address)
1234 tcp_from_helper (const struct GNUNET_TUN_TcpHeader *tcp,
1237 const void *destination_ip,
1238 const void *source_ip)
1240 struct ChannelState *state;
1241 char buf[pktlen] GNUNET_ALIGN;
1242 struct GNUNET_TUN_TcpHeader *mtcp;
1243 struct GNUNET_EXIT_TcpDataMessage *tdm;
1244 struct ChannelMessageQueue *tnq;
1248 char sbuf[INET6_ADDRSTRLEN];
1249 char dbuf[INET6_ADDRSTRLEN];
1250 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1251 "Received TCP packet with %u bytes going from %s:%u to %s:%u\n",
1252 (unsigned int) (pktlen - sizeof (struct GNUNET_TUN_TcpHeader)),
1255 sbuf, sizeof (sbuf)),
1256 (unsigned int) ntohs (tcp->source_port),
1259 dbuf, sizeof (dbuf)),
1260 (unsigned int) ntohs (tcp->destination_port));
1262 if (pktlen < sizeof (struct GNUNET_TUN_TcpHeader))
1268 state = get_redirect_state (af,
1271 ntohs (tcp->source_port),
1273 ntohs (tcp->destination_port),
1277 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1278 _("TCP Packet dropped, have no matching connection information\n"));
1282 /* mug port numbers and crc to avoid information leakage;
1283 sender will need to lookup the correct values anyway */
1284 GNUNET_memcpy (buf, tcp, pktlen);
1285 mtcp = (struct GNUNET_TUN_TcpHeader *) buf;
1286 mtcp->source_port = 0;
1287 mtcp->destination_port = 0;
1290 mlen = sizeof (struct GNUNET_EXIT_TcpDataMessage) + (pktlen - sizeof (struct GNUNET_TUN_TcpHeader));
1291 if (mlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1297 tnq = GNUNET_malloc (sizeof (struct ChannelMessageQueue) + mlen);
1298 tnq->payload = &tnq[1];
1300 tdm = (struct GNUNET_EXIT_TcpDataMessage *) &tnq[1];
1301 tdm->header.size = htons ((uint16_t) mlen);
1302 tdm->header.type = htons (GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_VPN);
1303 tdm->reserved = htonl (0);
1304 GNUNET_memcpy (&tdm->tcp_header,
1307 send_packet_to_cadet_channel (state, tnq);
1312 * Receive packets from the helper-process
1315 * @param client unsued
1316 * @param message message received from helper
1319 message_token (void *cls GNUNET_UNUSED,
1320 void *client GNUNET_UNUSED,
1321 const struct GNUNET_MessageHeader *message)
1323 const struct GNUNET_TUN_Layer2PacketHeader *pkt_tun;
1326 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1327 "Got %u-byte message of type %u from gnunet-helper-exit\n",
1328 ntohs (message->size),
1329 ntohs (message->type));
1330 GNUNET_STATISTICS_update (stats,
1331 gettext_noop ("# Packets received from TUN"),
1333 if (ntohs (message->type) != GNUNET_MESSAGE_TYPE_VPN_HELPER)
1338 size = ntohs (message->size);
1339 if (size < sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader))
1344 GNUNET_STATISTICS_update (stats,
1345 gettext_noop ("# Bytes received from TUN"),
1347 pkt_tun = (const struct GNUNET_TUN_Layer2PacketHeader *) &message[1];
1348 size -= sizeof (struct GNUNET_TUN_Layer2PacketHeader) + sizeof (struct GNUNET_MessageHeader);
1349 switch (ntohs (pkt_tun->proto))
1353 const struct GNUNET_TUN_IPv4Header *pkt4;
1355 if (size < sizeof (struct GNUNET_TUN_IPv4Header))
1357 /* Kernel to blame? */
1361 pkt4 = (const struct GNUNET_TUN_IPv4Header *) &pkt_tun[1];
1362 if (size != ntohs (pkt4->total_length))
1364 /* Kernel to blame? */
1368 if (pkt4->header_length * 4 != sizeof (struct GNUNET_TUN_IPv4Header))
1370 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1371 _("IPv4 packet options received. Ignored.\n"));
1375 size -= sizeof (struct GNUNET_TUN_IPv4Header);
1376 switch (pkt4->protocol)
1379 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt4[1], size,
1381 &pkt4->destination_address,
1382 &pkt4->source_address);
1385 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt4[1], size,
1387 &pkt4->destination_address,
1388 &pkt4->source_address);
1391 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt4[1], size,
1393 &pkt4->destination_address,
1394 &pkt4->source_address);
1397 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1398 _("IPv4 packet with unsupported next header %u received. Ignored.\n"),
1399 (int) pkt4->protocol);
1406 const struct GNUNET_TUN_IPv6Header *pkt6;
1408 if (size < sizeof (struct GNUNET_TUN_IPv6Header))
1410 /* Kernel to blame? */
1414 pkt6 = (struct GNUNET_TUN_IPv6Header *) &pkt_tun[1];
1415 if (size != ntohs (pkt6->payload_length) + sizeof (struct GNUNET_TUN_IPv6Header))
1417 /* Kernel to blame? */
1421 size -= sizeof (struct GNUNET_TUN_IPv6Header);
1422 switch (pkt6->next_header)
1425 udp_from_helper ((const struct GNUNET_TUN_UdpHeader *) &pkt6[1], size,
1427 &pkt6->destination_address,
1428 &pkt6->source_address);
1431 tcp_from_helper ((const struct GNUNET_TUN_TcpHeader *) &pkt6[1], size,
1433 &pkt6->destination_address,
1434 &pkt6->source_address);
1436 case IPPROTO_ICMPV6:
1437 icmp_from_helper ((const struct GNUNET_TUN_IcmpHeader *) &pkt6[1], size,
1439 &pkt6->destination_address,
1440 &pkt6->source_address);
1443 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1444 _("IPv6 packet with unsupported next header %d received. Ignored.\n"),
1451 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1452 _("Packet from unknown protocol %u received. Ignored.\n"),
1453 ntohs (pkt_tun->proto));
1461 * We need to create a (unique) fresh local address (IP+port).
1464 * @param af desired address family
1465 * @param proto desired protocol (IPPROTO_UDP or IPPROTO_TCP)
1466 * @param local_address address to initialize
1469 setup_fresh_address (int af,
1471 struct SocketAddress *local_address)
1473 local_address->af = af;
1474 local_address->proto = (uint8_t) proto;
1475 /* default "local" port range is often 32768--61000,
1476 so we pick a random value in that range */
1477 if ( ( (af == AF_INET) && (proto == IPPROTO_ICMP) ) ||
1478 ( (af == AF_INET6) && (proto == IPPROTO_ICMPV6) ) )
1479 local_address->port = 0;
1482 = (uint16_t) 32768 + GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1488 struct in_addr addr;
1489 struct in_addr mask;
1492 addr = exit_ipv4addr;
1493 mask = exit_ipv4mask;
1494 if (0 == ~mask.s_addr)
1496 /* only one valid IP anyway */
1497 local_address->address.ipv4 = addr;
1500 /* Given 192.168.0.1/255.255.0.0, we want a mask
1501 of '192.168.255.255', thus: */
1502 mask.s_addr = addr.s_addr | ~mask.s_addr;
1503 /* Pick random IPv4 address within the subnet, except 'addr' or 'mask' itself */
1506 rnd.s_addr = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1508 local_address->address.ipv4.s_addr = (addr.s_addr | rnd.s_addr) & mask.s_addr;
1510 while ( (local_address->address.ipv4.s_addr == addr.s_addr) ||
1511 (local_address->address.ipv4.s_addr == mask.s_addr) );
1516 struct in6_addr addr;
1517 struct in6_addr mask;
1518 struct in6_addr rnd;
1521 addr = exit_ipv6addr;
1522 GNUNET_assert (ipv6prefix < 128);
1523 if (ipv6prefix == 127)
1525 /* only one valid IP anyway */
1526 local_address->address.ipv6 = addr;
1529 /* Given ABCD::/96, we want a mask of 'ABCD::FFFF:FFFF,
1532 for (i=127;i>=ipv6prefix;i--)
1533 mask.s6_addr[i / 8] |= (1 << (i % 8));
1535 /* Pick random IPv6 address within the subnet, except 'addr' or 'mask' itself */
1540 rnd.s6_addr[i] = (unsigned char) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
1542 local_address->address.ipv6.s6_addr[i]
1543 = (addr.s6_addr[i] | rnd.s6_addr[i]) & mask.s6_addr[i];
1546 while ( (0 == memcmp (&local_address->address.ipv6,
1548 sizeof (struct in6_addr))) ||
1549 (0 == memcmp (&local_address->address.ipv6,
1551 sizeof (struct in6_addr))) );
1561 * We are starting a fresh connection (TCP or UDP) and need
1562 * to pick a source port and IP address (within the correct
1563 * range and address family) to associate replies with the
1564 * connection / correct cadet channel. This function generates
1565 * a "fresh" source IP and source port number for a connection
1566 * After picking a good source address, this function sets up
1567 * the state in the 'connections_map' and 'connections_heap'
1568 * to allow finding the state when needed later. The function
1569 * also makes sure that we remain within memory limits by
1570 * cleaning up 'old' states.
1572 * @param state skeleton state to setup a record for; should
1573 * 'state->specifics.tcp_udp.ri.remote_address' filled in so that
1574 * this code can determine which AF/protocol is
1575 * going to be used (the 'channel' should also
1576 * already be set); after calling this function,
1577 * heap_node and the local_address will be
1578 * also initialized (heap_node != NULL can be
1579 * used to test if a state has been fully setup).
1582 setup_state_record (struct ChannelState *state)
1584 struct GNUNET_HashCode key;
1585 struct ChannelState *s;
1587 /* generate fresh, unique address */
1590 if (NULL == state->specifics.tcp_udp.serv)
1591 setup_fresh_address (state->specifics.tcp_udp.ri.remote_address.af,
1592 state->specifics.tcp_udp.ri.remote_address.proto,
1593 &state->specifics.tcp_udp.ri.local_address);
1595 setup_fresh_address (state->specifics.tcp_udp.serv->address.af,
1596 state->specifics.tcp_udp.serv->address.proto,
1597 &state->specifics.tcp_udp.ri.local_address);
1599 get_redirect_state (state->specifics.tcp_udp.ri.remote_address.af,
1600 state->specifics.tcp_udp.ri.remote_address.proto,
1601 &state->specifics.tcp_udp.ri.remote_address.address,
1602 state->specifics.tcp_udp.ri.remote_address.port,
1603 &state->specifics.tcp_udp.ri.local_address.address,
1604 state->specifics.tcp_udp.ri.local_address.port,
1607 char buf[INET6_ADDRSTRLEN];
1608 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1609 "Picked local address %s:%u for new connection\n",
1610 inet_ntop (state->specifics.tcp_udp.ri.local_address.af,
1611 &state->specifics.tcp_udp.ri.local_address.address,
1614 (unsigned int) state->specifics.tcp_udp.ri.local_address.port);
1616 state->specifics.tcp_udp.state_key = key;
1617 GNUNET_assert (GNUNET_OK ==
1618 GNUNET_CONTAINER_multihashmap_put (connections_map,
1620 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1621 state->specifics.tcp_udp.heap_node
1622 = GNUNET_CONTAINER_heap_insert (connections_heap,
1624 GNUNET_TIME_absolute_get ().abs_value_us);
1625 while (GNUNET_CONTAINER_heap_get_size (connections_heap) > max_connections)
1627 s = GNUNET_CONTAINER_heap_remove_root (connections_heap);
1628 GNUNET_assert (state != s);
1629 s->specifics.tcp_udp.heap_node = NULL;
1630 GNUNET_CADET_channel_destroy (s->channel);
1631 GNUNET_assert (GNUNET_OK ==
1632 GNUNET_CONTAINER_multihashmap_remove (connections_map,
1633 &s->specifics.tcp_udp.state_key,
1641 * Prepare an IPv4 packet for transmission via the TUN interface.
1642 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1643 * For UDP, the UDP header will be fully created, whereas for TCP
1644 * only the ports and checksum will be filled in. So for TCP,
1645 * a skeleton TCP header must be part of the provided payload.
1647 * @param payload payload of the packet (starting with UDP payload or
1648 * TCP header, depending on protocol)
1649 * @param payload_length number of bytes in @a payload
1650 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1651 * @param tcp_header skeleton of the TCP header, NULL for UDP
1652 * @param src_address source address to use (IP and port)
1653 * @param dst_address destination address to use (IP and port)
1654 * @param pkt4 where to write the assembled packet; must
1655 * contain enough space for the IP header, UDP/TCP header
1659 prepare_ipv4_packet (const void *payload,
1660 size_t payload_length,
1662 const struct GNUNET_TUN_TcpHeader *tcp_header,
1663 const struct SocketAddress *src_address,
1664 const struct SocketAddress *dst_address,
1665 struct GNUNET_TUN_IPv4Header *pkt4)
1669 len = payload_length;
1673 len += sizeof (struct GNUNET_TUN_UdpHeader);
1676 len += sizeof (struct GNUNET_TUN_TcpHeader);
1677 GNUNET_assert (NULL != tcp_header);
1683 if (len + sizeof (struct GNUNET_TUN_IPv4Header) > UINT16_MAX)
1689 GNUNET_TUN_initialize_ipv4_header (pkt4,
1692 &src_address->address.ipv4,
1693 &dst_address->address.ipv4);
1698 struct GNUNET_TUN_UdpHeader *pkt4_udp = (struct GNUNET_TUN_UdpHeader *) &pkt4[1];
1700 pkt4_udp->source_port = htons (src_address->port);
1701 pkt4_udp->destination_port = htons (dst_address->port);
1702 pkt4_udp->len = htons ((uint16_t) payload_length);
1703 GNUNET_TUN_calculate_udp4_checksum (pkt4,
1707 GNUNET_memcpy (&pkt4_udp[1],
1714 struct GNUNET_TUN_TcpHeader *pkt4_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt4[1];
1716 *pkt4_tcp = *tcp_header;
1717 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1718 "Sending TCP packet from port %u to port %u\n",
1721 pkt4_tcp->source_port = htons (src_address->port);
1722 pkt4_tcp->destination_port = htons (dst_address->port);
1723 GNUNET_TUN_calculate_tcp4_checksum (pkt4,
1727 GNUNET_memcpy (&pkt4_tcp[1],
1739 * Prepare an IPv6 packet for transmission via the TUN interface.
1740 * Initializes the IP header and calculates checksums (IP+UDP/TCP).
1741 * For UDP, the UDP header will be fully created, whereas for TCP
1742 * only the ports and checksum will be filled in. So for TCP,
1743 * a skeleton TCP header must be part of the provided payload.
1745 * @param payload payload of the packet (starting with UDP payload or
1746 * TCP header, depending on protocol)
1747 * @param payload_length number of bytes in @a payload
1748 * @param protocol IPPROTO_UDP or IPPROTO_TCP
1749 * @param tcp_header skeleton TCP header data to send, NULL for UDP
1750 * @param src_address source address to use (IP and port)
1751 * @param dst_address destination address to use (IP and port)
1752 * @param pkt6 where to write the assembled packet; must
1753 * contain enough space for the IP header, UDP/TCP header
1757 prepare_ipv6_packet (const void *payload,
1758 size_t payload_length,
1760 const struct GNUNET_TUN_TcpHeader *tcp_header,
1761 const struct SocketAddress *src_address,
1762 const struct SocketAddress *dst_address,
1763 struct GNUNET_TUN_IPv6Header *pkt6)
1767 len = payload_length;
1771 len += sizeof (struct GNUNET_TUN_UdpHeader);
1774 len += sizeof (struct GNUNET_TUN_TcpHeader);
1780 if (len > UINT16_MAX)
1786 GNUNET_TUN_initialize_ipv6_header (pkt6,
1789 &src_address->address.ipv6,
1790 &dst_address->address.ipv6);
1796 struct GNUNET_TUN_UdpHeader *pkt6_udp = (struct GNUNET_TUN_UdpHeader *) &pkt6[1];
1798 pkt6_udp->source_port = htons (src_address->port);
1799 pkt6_udp->destination_port = htons (dst_address->port);
1800 pkt6_udp->len = htons ((uint16_t) payload_length);
1801 GNUNET_TUN_calculate_udp6_checksum (pkt6,
1805 GNUNET_memcpy (&pkt6_udp[1],
1812 struct GNUNET_TUN_TcpHeader *pkt6_tcp = (struct GNUNET_TUN_TcpHeader *) &pkt6[1];
1814 /* GNUNET_memcpy first here as some TCP header fields are initialized this way! */
1815 *pkt6_tcp = *tcp_header;
1816 pkt6_tcp->source_port = htons (src_address->port);
1817 pkt6_tcp->destination_port = htons (dst_address->port);
1818 GNUNET_TUN_calculate_tcp6_checksum (pkt6,
1822 GNUNET_memcpy (&pkt6_tcp[1],
1835 * Send a TCP packet via the TUN interface.
1837 * @param destination_address IP and port to use for the TCP packet's destination
1838 * @param source_address IP and port to use for the TCP packet's source
1839 * @param tcp_header header template to use
1840 * @param payload payload of the TCP packet
1841 * @param payload_length number of bytes in @a payload
1844 send_tcp_packet_via_tun (const struct SocketAddress *destination_address,
1845 const struct SocketAddress *source_address,
1846 const struct GNUNET_TUN_TcpHeader *tcp_header,
1847 const void *payload,
1848 size_t payload_length)
1852 GNUNET_STATISTICS_update (stats,
1853 gettext_noop ("# TCP packets sent via TUN"),
1856 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1857 "Sending packet with %u bytes TCP payload via TUN\n",
1858 (unsigned int) payload_length);
1859 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
1860 switch (source_address->af)
1863 len += sizeof (struct GNUNET_TUN_IPv4Header);
1866 len += sizeof (struct GNUNET_TUN_IPv6Header);
1872 len += sizeof (struct GNUNET_TUN_TcpHeader);
1873 len += payload_length;
1874 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
1880 char buf[len] GNUNET_ALIGN;
1881 struct GNUNET_MessageHeader *hdr;
1882 struct GNUNET_TUN_Layer2PacketHeader *tun;
1884 hdr = (struct GNUNET_MessageHeader *) buf;
1885 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
1886 hdr->size = htons (len);
1887 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
1888 tun->flags = htons (0);
1889 switch (source_address->af)
1893 struct GNUNET_TUN_IPv4Header *ipv4
1894 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
1896 tun->proto = htons (ETH_P_IPV4);
1897 prepare_ipv4_packet (payload,
1902 destination_address,
1908 struct GNUNET_TUN_IPv6Header *ipv6
1909 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
1911 tun->proto = htons (ETH_P_IPV6);
1912 prepare_ipv6_packet (payload,
1917 destination_address,
1925 if (NULL != helper_handle)
1926 (void) GNUNET_HELPER_send (helper_handle,
1927 (const struct GNUNET_MessageHeader*) buf,
1936 * Process a request via cadet to send a request to a TCP service
1937 * offered by this system.
1939 * @param cls closure, NULL
1940 * @param channel connection to the other end
1941 * @param channel_ctx pointer to our `struct ChannelState *`
1942 * @param message the actual message
1943 * @return #GNUNET_OK to keep the connection open,
1944 * #GNUNET_SYSERR to close it (signal serious error)
1947 receive_tcp_service (void *cls,
1948 struct GNUNET_CADET_Channel *channel,
1950 const struct GNUNET_MessageHeader *message)
1952 struct ChannelState *state = *channel_ctx;
1953 const struct GNUNET_EXIT_TcpServiceStartMessage *start;
1954 uint16_t pkt_len = ntohs (message->size);
1958 GNUNET_break_op (0);
1959 return GNUNET_SYSERR;
1961 if (GNUNET_YES == state->is_dns)
1963 GNUNET_break_op (0);
1964 return GNUNET_SYSERR;
1966 if (NULL == state->specifics.tcp_udp.serv)
1968 GNUNET_break_op (0);
1969 return GNUNET_SYSERR;
1971 if (GNUNET_SYSERR == state->is_dns)
1973 /* channel is UDP/TCP from now on */
1974 state->is_dns = GNUNET_NO;
1976 GNUNET_STATISTICS_update (stats,
1977 gettext_noop ("# TCP service creation requests received via cadet"),
1980 GNUNET_STATISTICS_update (stats,
1981 gettext_noop ("# Bytes received from CADET"),
1984 /* check that we got at least a valid header */
1985 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpServiceStartMessage))
1987 GNUNET_break_op (0);
1988 return GNUNET_SYSERR;
1990 start = (const struct GNUNET_EXIT_TcpServiceStartMessage*) message;
1991 pkt_len -= sizeof (struct GNUNET_EXIT_TcpServiceStartMessage);
1992 if (NULL != state->specifics.tcp_udp.heap_node)
1994 GNUNET_break_op (0);
1995 return GNUNET_SYSERR;
1997 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
1999 GNUNET_break_op (0);
2000 return GNUNET_SYSERR;
2002 GNUNET_break_op (ntohl (start->reserved) == 0);
2003 /* setup fresh connection */
2004 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2005 "Received data from %s for forwarding to TCP service %s on port %u\n",
2006 GNUNET_i2s (&state->peer),
2007 GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor),
2008 (unsigned int) ntohs (start->tcp_header.destination_port));
2009 setup_state_record (state);
2010 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2011 &state->specifics.tcp_udp.ri.local_address,
2015 GNUNET_CADET_receive_done (channel);
2021 * Process a request to forward TCP data to the Internet via this peer.
2023 * @param cls closure, NULL
2024 * @param channel connection to the other end
2025 * @param channel_ctx pointer to our `struct ChannelState *`
2026 * @param message the actual message
2027 * @return #GNUNET_OK to keep the connection open,
2028 * #GNUNET_SYSERR to close it (signal serious error)
2031 receive_tcp_remote (void *cls GNUNET_UNUSED,
2032 struct GNUNET_CADET_Channel *channel,
2033 void **channel_ctx GNUNET_UNUSED,
2034 const struct GNUNET_MessageHeader *message)
2036 struct ChannelState *state = *channel_ctx;
2037 const struct GNUNET_EXIT_TcpInternetStartMessage *start;
2038 uint16_t pkt_len = ntohs (message->size);
2039 const struct in_addr *v4;
2040 const struct in6_addr *v6;
2041 const void *payload;
2046 GNUNET_break_op (0);
2047 return GNUNET_SYSERR;
2049 if (GNUNET_YES == state->is_dns)
2051 GNUNET_break_op (0);
2052 return GNUNET_SYSERR;
2054 if (GNUNET_SYSERR == state->is_dns)
2056 /* channel is UDP/TCP from now on */
2057 state->is_dns = GNUNET_NO;
2059 GNUNET_STATISTICS_update (stats,
2060 gettext_noop ("# Bytes received from CADET"),
2061 pkt_len, GNUNET_NO);
2062 GNUNET_STATISTICS_update (stats,
2063 gettext_noop ("# TCP IP-exit creation requests received via cadet"),
2065 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpInternetStartMessage))
2067 GNUNET_break_op (0);
2068 return GNUNET_SYSERR;
2070 start = (const struct GNUNET_EXIT_TcpInternetStartMessage*) message;
2071 pkt_len -= sizeof (struct GNUNET_EXIT_TcpInternetStartMessage);
2072 if ( (NULL != state->specifics.tcp_udp.serv) ||
2073 (NULL != state->specifics.tcp_udp.heap_node) )
2075 GNUNET_break_op (0);
2076 return GNUNET_SYSERR;
2078 if (start->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
2080 GNUNET_break_op (0);
2081 return GNUNET_SYSERR;
2083 af = (int) ntohl (start->af);
2084 state->specifics.tcp_udp.ri.remote_address.af = af;
2088 if (pkt_len < sizeof (struct in_addr))
2090 GNUNET_break_op (0);
2091 return GNUNET_SYSERR;
2095 GNUNET_break_op (0);
2096 return GNUNET_SYSERR;
2098 v4 = (const struct in_addr*) &start[1];
2100 pkt_len -= sizeof (struct in_addr);
2101 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
2104 if (pkt_len < sizeof (struct in6_addr))
2106 GNUNET_break_op (0);
2107 return GNUNET_SYSERR;
2111 GNUNET_break_op (0);
2112 return GNUNET_SYSERR;
2114 v6 = (const struct in6_addr*) &start[1];
2116 pkt_len -= sizeof (struct in6_addr);
2117 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
2120 GNUNET_break_op (0);
2121 return GNUNET_SYSERR;
2124 char buf[INET6_ADDRSTRLEN];
2125 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2126 "Received payload from %s for existing TCP stream to %s:%u\n",
2127 GNUNET_i2s (&state->peer),
2129 &state->specifics.tcp_udp.ri.remote_address.address,
2131 (unsigned int) ntohs (start->tcp_header.destination_port));
2133 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_TCP;
2134 state->specifics.tcp_udp.ri.remote_address.port = ntohs (start->tcp_header.destination_port);
2135 setup_state_record (state);
2136 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2137 &state->specifics.tcp_udp.ri.local_address,
2140 GNUNET_CADET_receive_done (channel);
2146 * Process a request to forward TCP data on an established
2147 * connection via this peer.
2149 * @param cls closure, NULL
2150 * @param channel connection to the other end
2151 * @param channel_ctx pointer to our `struct ChannelState *`
2152 * @param message the actual message
2153 * @return #GNUNET_OK to keep the connection open,
2154 * #GNUNET_SYSERR to close it (signal serious error)
2157 receive_tcp_data (void *cls GNUNET_UNUSED,
2158 struct GNUNET_CADET_Channel *channel,
2159 void **channel_ctx GNUNET_UNUSED,
2160 const struct GNUNET_MessageHeader *message)
2162 struct ChannelState *state = *channel_ctx;
2163 const struct GNUNET_EXIT_TcpDataMessage *data;
2164 uint16_t pkt_len = ntohs (message->size);
2166 GNUNET_STATISTICS_update (stats,
2167 gettext_noop ("# Bytes received from CADET"),
2168 pkt_len, GNUNET_NO);
2169 GNUNET_STATISTICS_update (stats,
2170 gettext_noop ("# TCP data requests received via cadet"),
2172 if (pkt_len < sizeof (struct GNUNET_EXIT_TcpDataMessage))
2174 GNUNET_break_op (0);
2175 return GNUNET_SYSERR;
2177 data = (const struct GNUNET_EXIT_TcpDataMessage*) message;
2178 pkt_len -= sizeof (struct GNUNET_EXIT_TcpDataMessage);
2179 if ( (NULL == state) ||
2180 (NULL == state->specifics.tcp_udp.heap_node) )
2182 /* connection should have been up! */
2183 GNUNET_STATISTICS_update (stats,
2184 gettext_noop ("# TCP DATA requests dropped (no session)"),
2186 GNUNET_break_op (0);
2187 return GNUNET_SYSERR;
2189 if (data->tcp_header.off * 4 < sizeof (struct GNUNET_TUN_TcpHeader))
2191 GNUNET_break_op (0);
2192 return GNUNET_SYSERR;
2194 if (GNUNET_YES == state->is_dns)
2196 GNUNET_break_op (0);
2197 return GNUNET_SYSERR;
2199 if (GNUNET_SYSERR == state->is_dns)
2201 /* channel is UDP/TCP from now on */
2202 state->is_dns = GNUNET_NO;
2205 GNUNET_break_op (ntohl (data->reserved) == 0);
2207 char buf[INET6_ADDRSTRLEN];
2208 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2209 "Received additional %u bytes of data from %s for TCP stream to %s:%u\n",
2211 GNUNET_i2s (&state->peer),
2212 inet_ntop (state->specifics.tcp_udp.ri.remote_address.af,
2213 &state->specifics.tcp_udp.ri.remote_address.address,
2215 (unsigned int) state->specifics.tcp_udp.ri.remote_address.port);
2218 send_tcp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2219 &state->specifics.tcp_udp.ri.local_address,
2222 GNUNET_CADET_receive_done (channel);
2228 * Send an ICMP packet via the TUN interface.
2230 * @param destination_address IP to use for the ICMP packet's destination
2231 * @param source_address IP to use for the ICMP packet's source
2232 * @param icmp_header ICMP header to send
2233 * @param payload payload of the ICMP packet (does NOT include ICMP header)
2234 * @param payload_length number of bytes of data in @a payload
2237 send_icmp_packet_via_tun (const struct SocketAddress *destination_address,
2238 const struct SocketAddress *source_address,
2239 const struct GNUNET_TUN_IcmpHeader *icmp_header,
2240 const void *payload, size_t payload_length)
2243 struct GNUNET_TUN_IcmpHeader *icmp;
2245 GNUNET_STATISTICS_update (stats,
2246 gettext_noop ("# ICMP packets sent via TUN"),
2248 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2249 "Sending packet with %u bytes ICMP payload via TUN\n",
2250 (unsigned int) payload_length);
2251 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
2252 switch (destination_address->af)
2255 len += sizeof (struct GNUNET_TUN_IPv4Header);
2258 len += sizeof (struct GNUNET_TUN_IPv6Header);
2264 len += sizeof (struct GNUNET_TUN_IcmpHeader);
2265 len += payload_length;
2266 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
2272 char buf[len] GNUNET_ALIGN;
2273 struct GNUNET_MessageHeader *hdr;
2274 struct GNUNET_TUN_Layer2PacketHeader *tun;
2276 hdr= (struct GNUNET_MessageHeader *) buf;
2277 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
2278 hdr->size = htons (len);
2279 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
2280 tun->flags = htons (0);
2281 switch (source_address->af)
2285 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
2287 tun->proto = htons (ETH_P_IPV4);
2288 GNUNET_TUN_initialize_ipv4_header (ipv4,
2290 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
2291 &source_address->address.ipv4,
2292 &destination_address->address.ipv4);
2293 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv4[1];
2298 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
2300 tun->proto = htons (ETH_P_IPV6);
2301 GNUNET_TUN_initialize_ipv6_header (ipv6,
2303 sizeof (struct GNUNET_TUN_IcmpHeader) + payload_length,
2304 &source_address->address.ipv6,
2305 &destination_address->address.ipv6);
2306 icmp = (struct GNUNET_TUN_IcmpHeader*) &ipv6[1];
2313 *icmp = *icmp_header;
2314 GNUNET_memcpy (&icmp[1],
2317 GNUNET_TUN_calculate_icmp_checksum (icmp,
2320 if (NULL != helper_handle)
2321 (void) GNUNET_HELPER_send (helper_handle,
2322 (const struct GNUNET_MessageHeader*) buf,
2330 * Synthesize a plausible ICMP payload for an ICMPv4 error
2331 * response on the given channel.
2333 * @param state channel information
2334 * @param ipp IPv6 header to fill in (ICMP payload)
2335 * @param udp "UDP" header to fill in (ICMP payload); might actually
2336 * also be the first 8 bytes of the TCP header
2339 make_up_icmpv4_payload (struct ChannelState *state,
2340 struct GNUNET_TUN_IPv4Header *ipp,
2341 struct GNUNET_TUN_UdpHeader *udp)
2343 GNUNET_TUN_initialize_ipv4_header (ipp,
2344 state->specifics.tcp_udp.ri.remote_address.proto,
2345 sizeof (struct GNUNET_TUN_TcpHeader),
2346 &state->specifics.tcp_udp.ri.remote_address.address.ipv4,
2347 &state->specifics.tcp_udp.ri.local_address.address.ipv4);
2348 udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port);
2349 udp->destination_port = htons (state->specifics.tcp_udp.ri.local_address.port);
2350 udp->len = htons (0);
2351 udp->crc = htons (0);
2356 * Synthesize a plausible ICMP payload for an ICMPv6 error
2357 * response on the given channel.
2359 * @param state channel information
2360 * @param ipp IPv6 header to fill in (ICMP payload)
2361 * @param udp "UDP" header to fill in (ICMP payload); might actually
2362 * also be the first 8 bytes of the TCP header
2365 make_up_icmpv6_payload (struct ChannelState *state,
2366 struct GNUNET_TUN_IPv6Header *ipp,
2367 struct GNUNET_TUN_UdpHeader *udp)
2369 GNUNET_TUN_initialize_ipv6_header (ipp,
2370 state->specifics.tcp_udp.ri.remote_address.proto,
2371 sizeof (struct GNUNET_TUN_TcpHeader),
2372 &state->specifics.tcp_udp.ri.remote_address.address.ipv6,
2373 &state->specifics.tcp_udp.ri.local_address.address.ipv6);
2374 udp->source_port = htons (state->specifics.tcp_udp.ri.remote_address.port);
2375 udp->destination_port = htons (state->specifics.tcp_udp.ri.local_address.port);
2376 udp->len = htons (0);
2377 udp->crc = htons (0);
2382 * Process a request to forward ICMP data to the Internet via this peer.
2384 * @param cls closure, NULL
2385 * @param channel connection to the other end
2386 * @param channel_ctx pointer to our 'struct ChannelState *'
2387 * @param message the actual message
2388 * @return #GNUNET_OK to keep the connection open,
2389 * #GNUNET_SYSERR to close it (signal serious error)
2392 receive_icmp_remote (void *cls,
2393 struct GNUNET_CADET_Channel *channel,
2395 const struct GNUNET_MessageHeader *message)
2397 struct ChannelState *state = *channel_ctx;
2398 const struct GNUNET_EXIT_IcmpInternetMessage *msg;
2399 uint16_t pkt_len = ntohs (message->size);
2400 const struct in_addr *v4;
2401 const struct in6_addr *v6;
2402 const void *payload;
2403 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
2406 if (GNUNET_YES == state->is_dns)
2408 GNUNET_break_op (0);
2409 return GNUNET_SYSERR;
2411 if (GNUNET_SYSERR == state->is_dns)
2413 /* channel is UDP/TCP from now on */
2414 state->is_dns = GNUNET_NO;
2416 GNUNET_STATISTICS_update (stats,
2417 gettext_noop ("# Bytes received from CADET"),
2418 pkt_len, GNUNET_NO);
2419 GNUNET_STATISTICS_update (stats,
2420 gettext_noop ("# ICMP IP-exit requests received via cadet"),
2422 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpInternetMessage))
2424 GNUNET_break_op (0);
2425 return GNUNET_SYSERR;
2427 msg = (const struct GNUNET_EXIT_IcmpInternetMessage*) message;
2428 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpInternetMessage);
2430 af = (int) ntohl (msg->af);
2431 if ( (NULL != state->specifics.tcp_udp.heap_node) &&
2432 (af != state->specifics.tcp_udp.ri.remote_address.af) )
2434 /* other peer switched AF on this channel; not allowed */
2435 GNUNET_break_op (0);
2436 return GNUNET_SYSERR;
2442 if (pkt_len < sizeof (struct in_addr))
2444 GNUNET_break_op (0);
2445 return GNUNET_SYSERR;
2449 GNUNET_break_op (0);
2450 return GNUNET_SYSERR;
2452 v4 = (const struct in_addr*) &msg[1];
2454 pkt_len -= sizeof (struct in_addr);
2455 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
2456 if (NULL == state->specifics.tcp_udp.heap_node)
2458 state->specifics.tcp_udp.ri.remote_address.af = af;
2459 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMP;
2460 setup_state_record (state);
2462 /* check that ICMP type is something we want to support
2463 and possibly make up payload! */
2464 switch (msg->icmp_header.type)
2466 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2467 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2469 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2470 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2471 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2474 GNUNET_break_op (0);
2475 return GNUNET_SYSERR;
2477 /* make up payload */
2479 struct GNUNET_TUN_IPv4Header *ipp = (struct GNUNET_TUN_IPv4Header *) buf;
2480 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2482 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2483 pkt_len = sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2484 make_up_icmpv4_payload (state,
2491 GNUNET_break_op (0);
2492 GNUNET_STATISTICS_update (stats,
2493 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2495 return GNUNET_SYSERR;
2500 if (pkt_len < sizeof (struct in6_addr))
2502 GNUNET_break_op (0);
2503 return GNUNET_SYSERR;
2507 GNUNET_break_op (0);
2508 return GNUNET_SYSERR;
2510 v6 = (const struct in6_addr*) &msg[1];
2512 pkt_len -= sizeof (struct in6_addr);
2513 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
2514 if (NULL == state->specifics.tcp_udp.heap_node)
2516 state->specifics.tcp_udp.ri.remote_address.af = af;
2517 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_ICMPV6;
2518 setup_state_record (state);
2520 /* check that ICMP type is something we want to support
2521 and possibly make up payload! */
2522 switch (msg->icmp_header.type)
2524 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2525 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2527 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2528 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2529 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2530 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2533 GNUNET_break_op (0);
2534 return GNUNET_SYSERR;
2536 /* make up payload */
2538 struct GNUNET_TUN_IPv6Header *ipp = (struct GNUNET_TUN_IPv6Header *) buf;
2539 struct GNUNET_TUN_UdpHeader *udp = (struct GNUNET_TUN_UdpHeader *) &ipp[1];
2541 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2542 pkt_len = sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2543 make_up_icmpv6_payload (state,
2550 GNUNET_break_op (0);
2551 GNUNET_STATISTICS_update (stats,
2552 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2554 return GNUNET_SYSERR;
2560 GNUNET_break_op (0);
2561 return GNUNET_SYSERR;
2565 char buf[INET6_ADDRSTRLEN];
2566 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2567 "Received ICMP data from %s for forwarding to %s\n",
2568 GNUNET_i2s (&state->peer),
2570 &state->specifics.tcp_udp.ri.remote_address.address,
2571 buf, sizeof (buf)));
2573 send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2574 &state->specifics.tcp_udp.ri.local_address,
2577 GNUNET_CADET_receive_done (channel);
2583 * Setup ICMP payload for ICMP error messages. Called
2584 * for both IPv4 and IPv6 addresses.
2586 * @param state context for creating the IP Packet
2587 * @param buf where to create the payload, has at least
2588 * sizeof (struct GNUNET_TUN_IPv6Header) + 8 bytes
2589 * @return number of bytes of payload we created in buf
2592 make_up_icmp_service_payload (struct ChannelState *state,
2595 switch (state->specifics.tcp_udp.serv->address.af)
2599 struct GNUNET_TUN_IPv4Header *ipv4;
2600 struct GNUNET_TUN_UdpHeader *udp;
2602 ipv4 = (struct GNUNET_TUN_IPv4Header *)buf;
2603 udp = (struct GNUNET_TUN_UdpHeader *) &ipv4[1];
2604 make_up_icmpv4_payload (state,
2607 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2608 return sizeof (struct GNUNET_TUN_IPv4Header) + 8;
2613 struct GNUNET_TUN_IPv6Header *ipv6;
2614 struct GNUNET_TUN_UdpHeader *udp;
2616 ipv6 = (struct GNUNET_TUN_IPv6Header *)buf;
2617 udp = (struct GNUNET_TUN_UdpHeader *) &ipv6[1];
2618 make_up_icmpv6_payload (state,
2621 GNUNET_assert (8 == sizeof (struct GNUNET_TUN_UdpHeader));
2622 return sizeof (struct GNUNET_TUN_IPv6Header) + 8;
2633 * Process a request via cadet to send ICMP data to a service
2634 * offered by this system.
2636 * @param cls closure, NULL
2637 * @param channel connection to the other end
2638 * @param channel_ctx pointer to our 'struct ChannelState *'
2639 * @param message the actual message
2640 * @return #GNUNET_OK to keep the connection open,
2641 * #GNUNET_SYSERR to close it (signal serious error)
2644 receive_icmp_service (void *cls,
2645 struct GNUNET_CADET_Channel *channel,
2647 const struct GNUNET_MessageHeader *message)
2649 struct ChannelState *state = *channel_ctx;
2650 const struct GNUNET_EXIT_IcmpServiceMessage *msg;
2651 uint16_t pkt_len = ntohs (message->size);
2652 struct GNUNET_TUN_IcmpHeader icmp;
2653 char buf[sizeof (struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
2654 const void *payload;
2656 if (GNUNET_YES == state->is_dns)
2658 GNUNET_break_op (0);
2659 return GNUNET_SYSERR;
2661 if (NULL == state->specifics.tcp_udp.serv)
2663 GNUNET_break_op (0);
2664 return GNUNET_SYSERR;
2666 GNUNET_STATISTICS_update (stats,
2667 gettext_noop ("# Bytes received from CADET"),
2668 pkt_len, GNUNET_NO);
2669 GNUNET_STATISTICS_update (stats,
2670 gettext_noop ("# ICMP service requests received via cadet"),
2672 /* check that we got at least a valid header */
2673 if (pkt_len < sizeof (struct GNUNET_EXIT_IcmpServiceMessage))
2675 GNUNET_break_op (0);
2676 return GNUNET_SYSERR;
2678 msg = (const struct GNUNET_EXIT_IcmpServiceMessage*) message;
2679 pkt_len -= sizeof (struct GNUNET_EXIT_IcmpServiceMessage);
2680 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2681 "Received data from %s for forwarding to ICMP service %s\n",
2682 GNUNET_i2s (&state->peer),
2683 GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor));
2684 icmp = msg->icmp_header;
2686 state->specifics.tcp_udp.ri.remote_address
2687 = state->specifics.tcp_udp.serv->address;
2688 setup_state_record (state);
2690 /* check that ICMP type is something we want to support,
2691 perform ICMP PT if needed ans possibly make up payload */
2695 switch (msg->icmp_header.type)
2697 case GNUNET_TUN_ICMPTYPE_ECHO_REPLY:
2698 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2699 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REPLY;
2701 case GNUNET_TUN_ICMPTYPE_ECHO_REQUEST:
2702 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2703 icmp.type = GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST;
2705 case GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE:
2706 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2707 icmp.type = GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE;
2710 GNUNET_break_op (0);
2711 return GNUNET_SYSERR;
2714 pkt_len = make_up_icmp_service_payload (state, buf);
2716 case GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED:
2717 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2718 icmp.type = GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED;
2721 GNUNET_break_op (0);
2722 return GNUNET_SYSERR;
2725 pkt_len = make_up_icmp_service_payload (state, buf);
2727 case GNUNET_TUN_ICMPTYPE_SOURCE_QUENCH:
2728 if (state->specifics.tcp_udp.serv->address.af == AF_INET6)
2730 GNUNET_STATISTICS_update (stats,
2731 gettext_noop ("# ICMPv4 packets dropped (impossible PT to v6)"),
2737 GNUNET_break_op (0);
2738 return GNUNET_SYSERR;
2741 pkt_len = make_up_icmp_service_payload (state, buf);
2744 GNUNET_break_op (0);
2745 GNUNET_STATISTICS_update (stats,
2746 gettext_noop ("# ICMPv4 packets dropped (type not allowed)"),
2748 return GNUNET_SYSERR;
2750 /* end of AF_INET */
2753 switch (msg->icmp_header.type)
2755 case GNUNET_TUN_ICMPTYPE6_ECHO_REPLY:
2756 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2757 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REPLY;
2759 case GNUNET_TUN_ICMPTYPE6_ECHO_REQUEST:
2760 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2761 icmp.type = GNUNET_TUN_ICMPTYPE_ECHO_REQUEST;
2763 case GNUNET_TUN_ICMPTYPE6_DESTINATION_UNREACHABLE:
2764 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2765 icmp.type = GNUNET_TUN_ICMPTYPE_DESTINATION_UNREACHABLE;
2768 GNUNET_break_op (0);
2769 return GNUNET_SYSERR;
2772 pkt_len = make_up_icmp_service_payload (state, buf);
2774 case GNUNET_TUN_ICMPTYPE6_TIME_EXCEEDED:
2775 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2776 icmp.type = GNUNET_TUN_ICMPTYPE_TIME_EXCEEDED;
2779 GNUNET_break_op (0);
2780 return GNUNET_SYSERR;
2783 pkt_len = make_up_icmp_service_payload (state, buf);
2785 case GNUNET_TUN_ICMPTYPE6_PACKET_TOO_BIG:
2786 case GNUNET_TUN_ICMPTYPE6_PARAMETER_PROBLEM:
2787 if (state->specifics.tcp_udp.serv->address.af == AF_INET)
2789 GNUNET_STATISTICS_update (stats,
2790 gettext_noop ("# ICMPv6 packets dropped (impossible PT to v4)"),
2796 GNUNET_break_op (0);
2797 return GNUNET_SYSERR;
2800 pkt_len = make_up_icmp_service_payload (state, buf);
2803 GNUNET_break_op (0);
2804 GNUNET_STATISTICS_update (stats,
2805 gettext_noop ("# ICMPv6 packets dropped (type not allowed)"),
2807 return GNUNET_SYSERR;
2809 /* end of AF_INET6 */
2812 GNUNET_break_op (0);
2813 return GNUNET_SYSERR;
2816 send_icmp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
2817 &state->specifics.tcp_udp.ri.local_address,
2820 GNUNET_CADET_receive_done (channel);
2826 * Send a UDP packet via the TUN interface.
2828 * @param destination_address IP and port to use for the UDP packet's destination
2829 * @param source_address IP and port to use for the UDP packet's source
2830 * @param payload payload of the UDP packet (does NOT include UDP header)
2831 * @param payload_length number of bytes of data in @a payload
2834 send_udp_packet_via_tun (const struct SocketAddress *destination_address,
2835 const struct SocketAddress *source_address,
2836 const void *payload, size_t payload_length)
2840 GNUNET_STATISTICS_update (stats,
2841 gettext_noop ("# UDP packets sent via TUN"),
2843 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2844 "Sending packet with %u bytes UDP payload via TUN\n",
2845 (unsigned int) payload_length);
2846 len = sizeof (struct GNUNET_MessageHeader) + sizeof (struct GNUNET_TUN_Layer2PacketHeader);
2847 switch (source_address->af)
2850 len += sizeof (struct GNUNET_TUN_IPv4Header);
2853 len += sizeof (struct GNUNET_TUN_IPv6Header);
2859 len += sizeof (struct GNUNET_TUN_UdpHeader);
2860 len += payload_length;
2861 if (len >= GNUNET_SERVER_MAX_MESSAGE_SIZE)
2867 char buf[len] GNUNET_ALIGN;
2868 struct GNUNET_MessageHeader *hdr;
2869 struct GNUNET_TUN_Layer2PacketHeader *tun;
2871 hdr= (struct GNUNET_MessageHeader *) buf;
2872 hdr->type = htons (GNUNET_MESSAGE_TYPE_VPN_HELPER);
2873 hdr->size = htons (len);
2874 tun = (struct GNUNET_TUN_Layer2PacketHeader*) &hdr[1];
2875 tun->flags = htons (0);
2876 switch (source_address->af)
2880 struct GNUNET_TUN_IPv4Header * ipv4 = (struct GNUNET_TUN_IPv4Header*) &tun[1];
2882 tun->proto = htons (ETH_P_IPV4);
2883 prepare_ipv4_packet (payload,
2888 destination_address,
2894 struct GNUNET_TUN_IPv6Header * ipv6 = (struct GNUNET_TUN_IPv6Header*) &tun[1];
2896 tun->proto = htons (ETH_P_IPV6);
2897 prepare_ipv6_packet (payload,
2902 destination_address,
2910 if (NULL != helper_handle)
2911 (void) GNUNET_HELPER_send (helper_handle,
2912 (const struct GNUNET_MessageHeader*) buf,
2920 * Process a request to forward UDP data to the Internet via this peer.
2922 * @param cls closure, NULL
2923 * @param channel connection to the other end
2924 * @param channel_ctx pointer to our 'struct ChannelState *'
2925 * @param message the actual message
2926 * @return #GNUNET_OK to keep the connection open,
2927 * #GNUNET_SYSERR to close it (signal serious error)
2930 receive_udp_remote (void *cls,
2931 struct GNUNET_CADET_Channel *channel,
2933 const struct GNUNET_MessageHeader *message)
2935 struct ChannelState *state = *channel_ctx;
2936 const struct GNUNET_EXIT_UdpInternetMessage *msg;
2937 uint16_t pkt_len = ntohs (message->size);
2938 const struct in_addr *v4;
2939 const struct in6_addr *v6;
2940 const void *payload;
2943 if (GNUNET_YES == state->is_dns)
2945 GNUNET_break_op (0);
2946 return GNUNET_SYSERR;
2948 if (GNUNET_SYSERR == state->is_dns)
2950 /* channel is UDP/TCP from now on */
2951 state->is_dns = GNUNET_NO;
2953 GNUNET_STATISTICS_update (stats,
2954 gettext_noop ("# Bytes received from CADET"),
2955 pkt_len, GNUNET_NO);
2956 GNUNET_STATISTICS_update (stats,
2957 gettext_noop ("# UDP IP-exit requests received via cadet"),
2959 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpInternetMessage))
2961 GNUNET_break_op (0);
2962 return GNUNET_SYSERR;
2964 msg = (const struct GNUNET_EXIT_UdpInternetMessage*) message;
2965 pkt_len -= sizeof (struct GNUNET_EXIT_UdpInternetMessage);
2966 af = (int) ntohl (msg->af);
2967 state->specifics.tcp_udp.ri.remote_address.af = af;
2971 if (pkt_len < sizeof (struct in_addr))
2973 GNUNET_break_op (0);
2974 return GNUNET_SYSERR;
2978 GNUNET_break_op (0);
2979 return GNUNET_SYSERR;
2981 v4 = (const struct in_addr*) &msg[1];
2983 pkt_len -= sizeof (struct in_addr);
2984 state->specifics.tcp_udp.ri.remote_address.address.ipv4 = *v4;
2987 if (pkt_len < sizeof (struct in6_addr))
2989 GNUNET_break_op (0);
2990 return GNUNET_SYSERR;
2994 GNUNET_break_op (0);
2995 return GNUNET_SYSERR;
2997 v6 = (const struct in6_addr*) &msg[1];
2999 pkt_len -= sizeof (struct in6_addr);
3000 state->specifics.tcp_udp.ri.remote_address.address.ipv6 = *v6;
3003 GNUNET_break_op (0);
3004 return GNUNET_SYSERR;
3007 char buf[INET6_ADDRSTRLEN];
3008 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3009 "Received data from %s for forwarding to UDP %s:%u\n",
3010 GNUNET_i2s (&state->peer),
3012 &state->specifics.tcp_udp.ri.remote_address.address,
3014 (unsigned int) ntohs (msg->destination_port));
3016 state->specifics.tcp_udp.ri.remote_address.proto = IPPROTO_UDP;
3017 state->specifics.tcp_udp.ri.remote_address.port = msg->destination_port;
3018 if (NULL == state->specifics.tcp_udp.heap_node)
3019 setup_state_record (state);
3020 if (0 != ntohs (msg->source_port))
3021 state->specifics.tcp_udp.ri.local_address.port = msg->source_port;
3022 send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
3023 &state->specifics.tcp_udp.ri.local_address,
3025 GNUNET_CADET_receive_done (channel);
3031 * Process a request via cadet to send a request to a UDP service
3032 * offered by this system.
3034 * @param cls closure, NULL
3035 * @param channel connection to the other end
3036 * @param channel_ctx pointer to our 'struct ChannelState *'
3037 * @param message the actual message
3038 * @return #GNUNET_OK to keep the connection open,
3039 * #GNUNET_SYSERR to close it (signal serious error)
3042 receive_udp_service (void *cls,
3043 struct GNUNET_CADET_Channel *channel,
3045 const struct GNUNET_MessageHeader *message)
3047 struct ChannelState *state = *channel_ctx;
3048 const struct GNUNET_EXIT_UdpServiceMessage *msg;
3049 uint16_t pkt_len = ntohs (message->size);
3051 if (NULL == state->specifics.tcp_udp.serv)
3053 GNUNET_break_op (0);
3054 return GNUNET_SYSERR;
3056 GNUNET_STATISTICS_update (stats,
3057 gettext_noop ("# Bytes received from CADET"),
3058 pkt_len, GNUNET_NO);
3059 GNUNET_STATISTICS_update (stats,
3060 gettext_noop ("# UDP service requests received via cadet"),
3062 /* check that we got at least a valid header */
3063 if (pkt_len < sizeof (struct GNUNET_EXIT_UdpServiceMessage))
3065 GNUNET_break_op (0);
3066 return GNUNET_SYSERR;
3068 msg = (const struct GNUNET_EXIT_UdpServiceMessage*) message;
3069 pkt_len -= sizeof (struct GNUNET_EXIT_UdpServiceMessage);
3070 LOG (GNUNET_ERROR_TYPE_DEBUG,
3071 "Received data from %s for forwarding to UDP service %s on port %u\n",
3072 GNUNET_i2s (&state->peer),
3073 GNUNET_h2s (&state->specifics.tcp_udp.serv->descriptor),
3074 (unsigned int) ntohs (msg->destination_port));
3075 setup_state_record (state);
3076 if (0 != ntohs (msg->source_port))
3077 state->specifics.tcp_udp.ri.local_address.port = msg->source_port;
3078 send_udp_packet_via_tun (&state->specifics.tcp_udp.ri.remote_address,
3079 &state->specifics.tcp_udp.ri.local_address,
3082 GNUNET_CADET_receive_done (channel);
3088 * Callback from CADET for new channels.
3090 * @param cls closure
3091 * @param channel new handle to the channel
3092 * @param initiator peer that started the channel
3093 * @param port destination port
3094 * @param options channel options flags
3095 * @return initial channel context for the channel
3098 new_channel (void *cls,
3099 struct GNUNET_CADET_Channel *channel,
3100 const struct GNUNET_PeerIdentity *initiator,
3101 const struct GNUNET_HashCode *port,
3102 enum GNUNET_CADET_ChannelOption options)
3104 struct ChannelState *s = GNUNET_new (struct ChannelState);
3106 s->is_dns = GNUNET_SYSERR;
3107 s->peer = *initiator;
3108 GNUNET_STATISTICS_update (stats,
3109 gettext_noop ("# Inbound CADET channels created"),
3111 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3112 "Received inbound channel from `%s'\n",
3113 GNUNET_i2s (initiator));
3114 s->channel = channel;
3120 * Function called by cadet whenever an inbound channel is destroyed.
3121 * Should clean up any associated state.
3123 * @param cls closure (set from #GNUNET_CADET_connect)
3124 * @param channel connection to the other end (henceforth invalid)
3125 * @param channel_ctx place where local state associated
3126 * with the channel is stored
3129 clean_channel (void *cls,
3130 const struct GNUNET_CADET_Channel *channel,
3133 struct ChannelState *s = channel_ctx;
3134 struct ChannelMessageQueue *tnq;
3136 LOG (GNUNET_ERROR_TYPE_DEBUG,
3137 "Channel destroyed\n");
3138 if (GNUNET_SYSERR == s->is_dns)
3143 if (GNUNET_YES == s->is_dns)
3145 if (channels[s->specifics.dns.my_id] == s)
3146 channels[s->specifics.dns.my_id] = NULL;
3147 GNUNET_free_non_null (s->specifics.dns.reply);
3151 while (NULL != (tnq = s->specifics.tcp_udp.head))
3153 GNUNET_CONTAINER_DLL_remove (s->specifics.tcp_udp.head,
3154 s->specifics.tcp_udp.tail,
3158 if (NULL != s->specifics.tcp_udp.heap_node)
3160 GNUNET_assert (GNUNET_YES ==
3161 GNUNET_CONTAINER_multihashmap_remove (connections_map,
3162 &s->specifics.tcp_udp.state_key,
3164 GNUNET_CONTAINER_heap_remove_node (s->specifics.tcp_udp.heap_node);
3165 s->specifics.tcp_udp.heap_node = NULL;
3170 GNUNET_CADET_notify_transmit_ready_cancel (s->th);
3178 * Function that frees everything from a hashmap
3182 * @param value value to free
3185 free_iterate (void *cls,
3186 const struct GNUNET_HashCode * hash,
3189 GNUNET_free (value);
3195 * Function scheduled as very last function if the service
3196 * disabled itself because the helper is not installed
3197 * properly. Does nothing, except for keeping the
3198 * service process alive by virtue of being scheduled.
3201 * @param tc scheduler context
3204 dummy_task (void *cls)
3206 /* just terminate */
3211 * Function scheduled as very last function, cleans up after us
3220 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3221 "Exit service is shutting down now\n");
3223 if (NULL != helper_handle)
3225 GNUNET_HELPER_stop (helper_handle, GNUNET_NO);
3226 helper_handle = NULL;
3230 GNUNET_REGEX_announce_cancel (regex4);
3235 GNUNET_REGEX_announce_cancel (regex6);
3238 if (NULL != services)
3240 GNUNET_CONTAINER_multihashmap_iterate (services,
3241 &free_service_record,
3243 GNUNET_CONTAINER_multihashmap_destroy (services);
3245 if (NULL != cadet_handle)
3247 GNUNET_CADET_disconnect (cadet_handle);
3248 cadet_handle = NULL;
3250 if (NULL != connections_map)
3252 GNUNET_CONTAINER_multihashmap_iterate (connections_map,
3255 GNUNET_CONTAINER_multihashmap_destroy (connections_map);
3256 connections_map = NULL;
3258 if (NULL != connections_heap)
3260 GNUNET_CONTAINER_heap_destroy (connections_heap);
3261 connections_heap = NULL;
3263 if (NULL != dnsstub)
3265 GNUNET_DNSSTUB_stop (dnsstub);
3268 if (NULL != peer_key)
3270 GNUNET_free (peer_key);
3273 if (NULL != dht_task)
3275 GNUNET_SCHEDULER_cancel (dht_task);
3278 if (NULL != dht_put)
3280 GNUNET_DHT_put_cancel (dht_put);
3285 GNUNET_DHT_disconnect (dht);
3290 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
3294 GNUNET_free_non_null (exit_argv[i]);
3299 * Add services to the service map.
3301 * @param proto IPPROTO_TCP or IPPROTO_UDP
3302 * @param cpy copy of the service descriptor (can be mutilated)
3303 * @param name DNS name of the service
3306 add_services (int proto,
3313 struct LocalService *serv;
3317 slen = strlen (name);
3318 GNUNET_assert (slen >= 8);
3319 n = GNUNET_strndup (name, slen - 8 /* remove .gnunet. */);
3321 for (redirect = strtok (cpy, " ;"); redirect != NULL;
3322 redirect = strtok (NULL, " ;"))
3324 if (NULL == (hostname = strstr (redirect, ":")))
3326 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3327 _("Option `%s' for domain `%s' is not formatted correctly!\n"),
3334 if (NULL == (hostport = strstr (hostname, ":")))
3336 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3337 _("Option `%s' for domain `%s' is not formatted correctly!\n"),
3345 int local_port = atoi (redirect);
3346 int remote_port = atoi (hostport);
3348 if (! ((local_port > 0) && (local_port < 65536)))
3350 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3351 _("`%s' is not a valid port number (for domain `%s')!"),
3356 if (! ((remote_port > 0) && (remote_port < 65536)))
3358 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3359 _("`%s' is not a valid port number (for domain `%s')!"),
3365 serv = GNUNET_new (struct LocalService);
3366 serv->address.proto = proto;
3367 serv->address.port = remote_port;
3368 if (0 == strcmp ("localhost4",
3371 const char *ip4addr = exit_argv[5];
3373 serv->address.af = AF_INET;
3374 GNUNET_assert (1 == inet_pton (AF_INET,
3376 &serv->address.address.ipv4));
3378 else if (0 == strcmp ("localhost6",
3381 const char *ip6addr = exit_argv[3];
3383 serv->address.af = AF_INET6;
3384 GNUNET_assert (1 == inet_pton (AF_INET6,
3386 &serv->address.address.ipv6));
3390 struct addrinfo *res;
3393 ret = getaddrinfo (hostname,
3397 if ( (0 != ret) || (NULL == res) )
3399 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3400 _("No addresses found for hostname `%s' of service `%s'!\n"),
3407 serv->address.af = res->ai_family;
3408 switch (res->ai_family)
3413 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3414 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
3420 serv->address.address.ipv4
3421 = ((struct sockaddr_in *) res->ai_addr)->sin_addr;
3426 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3427 _("Service `%s' configured for IPv4, but IPv4 is disabled!\n"),
3433 serv->address.address.ipv6
3434 = ((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
3438 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
3439 _("No IP addresses found for hostname `%s' of service `%s'!\n"),
3447 store_service (proto,
3457 * Reads the configuration servicecfg and populates udp_services
3460 * @param section name of section in config, equal to hostname
3463 read_service_conf (void *cls,
3464 const char *section)
3468 if ((strlen (section) < 8) ||
3469 (0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
3472 GNUNET_CONFIGURATION_get_value_string (cfg,
3477 add_services (IPPROTO_UDP,
3483 GNUNET_CONFIGURATION_get_value_string (cfg,
3488 add_services (IPPROTO_TCP,
3497 * We are running a DNS exit service, advertise it in the
3498 * DHT. This task is run periodically to do the DHT PUT.
3500 * @param cls closure
3503 do_dht_put (void *cls);
3507 * Function called when the DHT PUT operation is complete.
3508 * Schedules the next PUT.
3510 * @param cls closure, NULL
3511 * @param success #GNUNET_OK if the operation worked (unused)
3514 dht_put_cont (void *cls,
3518 dht_task = GNUNET_SCHEDULER_add_delayed (DHT_PUT_FREQUENCY,
3525 * We are running a DNS exit service, advertise it in the
3526 * DHT. This task is run periodically to do the DHT PUT.
3528 * @param cls closure
3531 do_dht_put (void *cls)
3533 struct GNUNET_TIME_Absolute expiration;
3536 expiration = GNUNET_TIME_absolute_ntoh (dns_advertisement.expiration_time);
3537 if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value_us <
3538 GNUNET_TIME_UNIT_HOURS.rel_value_us)
3540 /* refresh advertisement */
3541 expiration = GNUNET_TIME_relative_to_absolute (DNS_ADVERTISEMENT_TIMEOUT);
3542 dns_advertisement.expiration_time = GNUNET_TIME_absolute_hton (expiration);
3543 GNUNET_assert (GNUNET_OK ==
3544 GNUNET_CRYPTO_eddsa_sign (peer_key,
3545 &dns_advertisement.purpose,
3546 &dns_advertisement.signature));
3548 dht_put = GNUNET_DHT_put (dht,
3550 1 /* replication */,
3552 GNUNET_BLOCK_TYPE_DNS,
3553 sizeof (struct GNUNET_DNS_Advertisement),
3562 * Figure out which IP versions we should support (and which
3563 * are supported by the OS) according to our configuration.
3568 ipv4_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3571 ipv6_exit = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3574 ipv4_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3577 ipv6_enabled = GNUNET_CONFIGURATION_get_value_yesno (cfg,
3580 if ( (ipv4_exit || ipv4_enabled) &&
3581 GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET))
3583 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3584 _("This system does not support IPv4, will disable IPv4 functions despite them being enabled in the configuration\n"));
3585 ipv4_exit = GNUNET_NO;
3586 ipv4_enabled = GNUNET_NO;
3588 if ( (ipv6_exit || ipv6_enabled) &&
3589 GNUNET_OK != GNUNET_NETWORK_test_pf (PF_INET6))
3591 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3592 _("This system does not support IPv6, will disable IPv6 functions despite them being enabled in the configuration\n"));
3593 ipv6_exit = GNUNET_NO;
3594 ipv6_enabled = GNUNET_NO;
3596 if (ipv4_exit && (! ipv4_enabled))
3598 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3599 _("Cannot enable IPv4 exit but disable IPv4 on TUN interface, will use ENABLE_IPv4=YES\n"));
3600 ipv4_enabled = GNUNET_YES;
3602 if (ipv6_exit && (! ipv6_enabled))
3604 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3605 _("Cannot enable IPv6 exit but disable IPv6 on TUN interface, will use ENABLE_IPv6=YES\n"));
3606 ipv6_enabled = GNUNET_YES;
3612 * Helper function to open the CADET port for DNS exits and to
3613 * advertise the DNS exit (if applicable).
3616 advertise_dns_exit ()
3619 struct GNUNET_HashCode port;
3620 struct in_addr dns_exit4;
3621 struct in6_addr dns_exit6;
3624 GNUNET_CONFIGURATION_get_value_yesno (cfg,
3629 GNUNET_CONFIGURATION_get_value_string (cfg,
3633 ( (1 != inet_pton (AF_INET,
3636 (1 != inet_pton (AF_INET6,
3640 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
3643 _("need a valid IPv4 or IPv6 address\n"));
3644 GNUNET_free_non_null (dns_exit);
3648 GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER,
3649 strlen (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER),
3651 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3652 "Opening CADET port %s for DNS exit service\n",
3653 GNUNET_h2s (&port));
3654 GNUNET_CADET_open_port (cadet_handle,
3658 /* advertise exit */
3659 dht = GNUNET_DHT_connect (cfg,
3661 peer_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
3662 GNUNET_CRYPTO_eddsa_key_get_public (peer_key,
3663 &dns_advertisement.peer.public_key);
3664 dns_advertisement.purpose.size = htonl (sizeof (struct GNUNET_DNS_Advertisement) -
3665 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
3666 dns_advertisement.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD);
3667 GNUNET_CRYPTO_hash ("dns",
3670 dht_task = GNUNET_SCHEDULER_add_now (&do_dht_put,
3672 GNUNET_free (dns_exit);
3677 * Initialize #exit_argv.
3679 * @return #GNUNET_OK on success, #GNUNET_SYSERR if we should shutdown
3682 setup_exit_helper_args ()
3691 exit_argv[0] = GNUNET_strdup ("exit-gnunet");
3692 if (GNUNET_SYSERR ==
3693 GNUNET_CONFIGURATION_get_value_string (cfg,
3698 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3701 return GNUNET_SYSERR;
3703 exit_argv[1] = tun_ifname;
3706 if (GNUNET_SYSERR ==
3707 GNUNET_CONFIGURATION_get_value_string (cfg,
3712 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3715 return GNUNET_SYSERR;
3717 exit_argv[2] = exit_ifname;
3721 exit_argv[2] = GNUNET_strdup ("-");
3724 if (GNUNET_YES == ipv6_enabled)
3727 if ( (GNUNET_SYSERR ==
3728 GNUNET_CONFIGURATION_get_value_string (cfg,
3732 (1 != inet_pton (AF_INET6,
3736 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3739 GNUNET_free_non_null (ipv6addr);
3740 return GNUNET_SYSERR;
3742 exit_argv[3] = ipv6addr;
3743 if (GNUNET_SYSERR ==
3744 GNUNET_CONFIGURATION_get_value_string (cfg,
3749 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3752 return GNUNET_SYSERR;
3754 exit_argv[4] = ipv6prefix_s;
3756 GNUNET_CONFIGURATION_get_value_number (cfg,
3760 (ipv6prefix >= 127) )
3762 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
3765 _("Must be a number"));
3766 return GNUNET_SYSERR;
3771 /* IPv6 explicitly disabled */
3772 exit_argv[3] = GNUNET_strdup ("-");
3773 exit_argv[4] = GNUNET_strdup ("-");
3775 if (GNUNET_YES == ipv4_enabled)
3778 if ( (GNUNET_SYSERR ==
3779 GNUNET_CONFIGURATION_get_value_string (cfg,
3783 (1 != inet_pton (AF_INET,
3787 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3790 GNUNET_free_non_null (ipv4addr);
3791 return GNUNET_SYSERR;
3793 exit_argv[5] = ipv4addr;
3795 if ( (GNUNET_SYSERR ==
3796 GNUNET_CONFIGURATION_get_value_string (cfg,
3800 (1 != inet_pton (AF_INET,
3804 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3807 GNUNET_free_non_null (ipv4mask);
3808 return GNUNET_SYSERR;
3810 exit_argv[6] = ipv4mask;
3814 /* IPv4 explicitly disabled */
3815 exit_argv[5] = GNUNET_strdup ("-");
3816 exit_argv[6] = GNUNET_strdup ("-");
3818 exit_argv[7] = NULL;
3824 * @brief Main function that will be run by the scheduler.
3826 * @param cls closure
3827 * @param args remaining command-line arguments
3828 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
3829 * @param cfg_ configuration
3834 const char *cfgfile,
3835 const struct GNUNET_CONFIGURATION_Handle *cfg_)
3837 static struct GNUNET_CADET_MessageHandler handlers[] = {
3838 {&receive_icmp_service, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_SERVICE, 0},
3839 {&receive_icmp_remote, GNUNET_MESSAGE_TYPE_VPN_ICMP_TO_INTERNET, 0},
3840 {&receive_udp_service, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_SERVICE, 0},
3841 {&receive_udp_remote, GNUNET_MESSAGE_TYPE_VPN_UDP_TO_INTERNET, 0},
3842 {&receive_tcp_service, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_SERVICE_START, 0},
3843 {&receive_tcp_remote, GNUNET_MESSAGE_TYPE_VPN_TCP_TO_INTERNET_START, 0},
3844 {&receive_tcp_data, GNUNET_MESSAGE_TYPE_VPN_TCP_DATA_TO_EXIT, 0},
3845 {&receive_dns_request, GNUNET_MESSAGE_TYPE_VPN_DNS_TO_INTERNET, 0},
3848 struct GNUNET_HashCode port;
3852 char *prefixed_regex;
3856 GNUNET_CONFIGURATION_get_value_number (cfg,
3860 max_connections = 1024;
3861 parse_ip_options ();
3862 if ( (ipv4_exit) || (ipv6_exit) )
3864 binary = GNUNET_OS_get_libexec_binary_path ("gnunet-helper-exit");
3866 GNUNET_OS_check_helper_binary (binary,
3868 "-d gnunet-vpn - - - 169.1.3.3.7 255.255.255.0")) //no nat, ipv4 only
3870 GNUNET_free (binary);
3871 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3872 _("`%s' must be installed SUID, EXIT will not work\n"),
3873 "gnunet-helper-exit");
3874 GNUNET_SCHEDULER_add_shutdown (&dummy_task,
3879 GNUNET_free (binary);
3881 if (! (ipv4_enabled || ipv6_enabled))
3883 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3884 _("No useful service enabled. Exiting.\n"));
3885 GNUNET_SCHEDULER_shutdown ();
3889 GNUNET_SCHEDULER_add_shutdown (&cleanup,
3891 stats = GNUNET_STATISTICS_create ("exit",
3893 cadet_handle = GNUNET_CADET_connect (cfg,
3897 if (NULL == cadet_handle)
3899 GNUNET_SCHEDULER_shutdown ();
3902 advertise_dns_exit ();
3904 setup_exit_helper_args ())
3906 GNUNET_SCHEDULER_shutdown ();
3910 services = GNUNET_CONTAINER_multihashmap_create (65536,
3912 connections_map = GNUNET_CONTAINER_multihashmap_create (65536,
3914 connections_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3915 GNUNET_CONFIGURATION_iterate_sections (cfg,
3919 /* Cadet handle acquired, now open ports and announce regular
3920 expressions matching our exit */
3921 if ( (GNUNET_YES == ipv4_enabled) && (GNUNET_YES == ipv4_exit) )
3923 GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV4_GATEWAY,
3924 strlen (GNUNET_APPLICATION_PORT_IPV4_GATEWAY),
3926 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3927 "Opening CADET port %s for IPv4 gateway service\n",
3928 GNUNET_h2s (&port));
3929 GNUNET_CADET_open_port (cadet_handle,
3935 GNUNET_CONFIGURATION_get_value_string (cfg,
3937 "EXIT_RANGE_IPV4_POLICY",
3941 regex = GNUNET_TUN_ipv4policy2regex (policy);
3942 GNUNET_free_non_null (policy);
3945 (void) GNUNET_asprintf (&prefixed_regex,
3947 GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX,
3949 regex4 = GNUNET_REGEX_announce (cfg,
3951 REGEX_REFRESH_FREQUENCY,
3952 REGEX_MAX_PATH_LEN_IPV4);
3953 GNUNET_free (regex);
3954 GNUNET_free (prefixed_regex);
3958 if ( (GNUNET_YES == ipv6_enabled) && (GNUNET_YES == ipv6_exit) )
3960 GNUNET_CRYPTO_hash (GNUNET_APPLICATION_PORT_IPV6_GATEWAY,
3961 strlen (GNUNET_APPLICATION_PORT_IPV6_GATEWAY),
3963 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3964 "Opening CADET port %s for IPv6 gateway service\n",
3965 GNUNET_h2s (&port));
3966 GNUNET_CADET_open_port (cadet_handle,
3972 GNUNET_CONFIGURATION_get_value_string (cfg,
3974 "EXIT_RANGE_IPV6_POLICY",
3978 regex = GNUNET_TUN_ipv6policy2regex (policy);
3979 GNUNET_free_non_null (policy);
3982 (void) GNUNET_asprintf (&prefixed_regex,
3984 GNUNET_APPLICATION_TYPE_EXIT_REGEX_PREFIX,
3986 regex6 = GNUNET_REGEX_announce (cfg,
3988 REGEX_REFRESH_FREQUENCY,
3989 REGEX_MAX_PATH_LEN_IPV6);
3990 GNUNET_free (regex);
3991 GNUNET_free (prefixed_regex);
3994 if ((ipv4_exit) || (ipv6_exit))
3995 helper_handle = GNUNET_HELPER_start (GNUNET_NO,
3996 "gnunet-helper-exit",
4006 * @param argc number of arguments from the command line
4007 * @param argv command line arguments
4008 * @return 0 ok, 1 on error
4014 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
4015 GNUNET_GETOPT_OPTION_END
4019 GNUNET_STRINGS_get_utf8_args (argc,
4025 return (GNUNET_OK ==
4026 GNUNET_PROGRAM_run (argc,
4028 "gnunet-daemon-exit",
4029 gettext_noop ("Daemon to run to provide an IP exit node for the VPN"),
4032 NULL)) ? global_ret : 1;
4036 /* end of gnunet-daemon-exit.c */
projects / oweals / gnunet.git / blob